RE: net-snmp v5.5 agent authenticationFailure for noAuthNoPriv V3 access
Dave: > Please check the man page description of the "rouser" directive. Let's see: "By default, this [rouser] will provide access to the full OID tree for authenticated (including encrypted) SNMPv3 requests, using the default context. An alternative minimum security level can be specified using noauth (to allow unauthenticated requests), or priv (to enforce use of encryption)." So these rouser statements allow specification of a MINIMUM security level, which defaults to "auth." No problem. I'll leave as-is and won't bother changing anything until someone complains. Not quite sure why they'd want to use noAuthNoPriv anyway, but it's good to test in any case. Thanks, Ron The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting all copies. Thank you. -- This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: net-snmp v5.5 agent authenticationFailure for noAuthNoPriv V3 access
On 19 August 2010 19:14, Ron Rader wrote: > createUser auser > rouser auser > Hmmm... snmpwalk -v 3 using either "auser" or "puser" with the > corresponding credentials works, but using "noauser" bombs through > authorization Error (access denied to that object). Please check the man page description of the "rouser" directive. Dave -- This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Net-SNMP 5.6.rc1 available for testing
I'm happy to announce that we've begun the process for releasing the next major version of Net-SNMP. Net-SNMP 5.6 will have a number of important changes in it, which are outlined below. The following new features are the ones we'd most like feedback and testing on: * SNMP over TLS/DTLS Support: See http://www.net-snmp.org/wiki/index.php/TUT:Using_TLS for how to talk to the test server using TLS/DTLS * New configuration mechanisms: http://www.net-snmp.org/wiki/index.php/Configuration - "include" support - Host-specific configuration files: * The new testing suite that provides new capabilities for extensive unit testing of the APIs and tools. (run "perldoc testing/RUNFULLTESTS" for details) * The new agentxtrap command for sending traps from the command line to all the registered snmpd notification receivers: http://www.net-snmp.org/wiki/index.php/TUT:agentxtrap Net-SNMP pre-releases and release-candidates are available from: https://sourceforge.net/downloads/net-snmp/net-snmp/5.6-pre-releases/ The complete list of NEWS-worthy changes in the 5.6 line: *5.6* all: - Implemented the SNMP over TLS and SNMP over DTLS protocols [RFC-to-be] See http://www.net-snmp.org/wiki/index.php/TUT:Using_TLS - Implemented the "Transport Security Model" [RFC5591] - Generic host-specific configuration .conf files are now read. See the HOST-SPECIFIC FILES section of the snmp.conf manual page and http://www.net-snmp.org/wiki/index.php/Configuration - Include statements can now be used in .conf files. See http://www.net-snmp.org/wiki/index.php/Configuration snmpd: - Fix handling of multiple matching VACM entries. (Use the "best" match, rather than the first one). Reported by Adam Lewis. Note that this could potentially affect the behaviour of existing access control configurations. - Agent will no longer call table handlers if a set request for the handler has invalid indexes - table_data/tdata next handler will not be called during get processing if no valid rows are found for the handler - [PATCH 2952708]: Added Perl implementation of BRIDGE-MIB - moved all functions defined in libnetsnmphelpers to libnetsnmpagent. libnetsnmphelpers is now an empty library. - Implemented the TSM-MIB and the TLSTM-MIB - new API for indicating that persistent store needs to be saved after the current request finishes processing - [PATCH 2931446]: make the load averages writable. apps: - A new tool 'net-snmp-cert' that easily creates and manages X.509 certificates for use with the SNMP over (D)TLS protocols. - Added an 'agentxtrap' command to send notifications via AgentX (See http://www.net-snmp.org/wiki/index.php/TUT:agentxtrap for details) - -T command line flag can be used to pass configuration directly to transports that can accept configuration tokens - A new 'snmptls' command for manipulating the agent's TLS configuration snmplib: - A more modular transport subsystem that allows third party extensions and dependencies for code reuse. - New transport functions: f_config, f_open, f_copy and f_setup_session - Transports can now specify session defaults - E.G. dtlsudp: auto-sets the SNMP version and the security model. - [PATCH 2942940]: Add a new function, netsnmp_parse_args, that is like snmp_parse_args but takes an additional bitmask, flags, to affect the behaviour. Also remove the magic handling of some application names. - A new X.509 certificate API for indexing and reading certificates - new experimental row creation API which uses a state machine to try really hard to create a row from a given varbind list - netsnmp_container enhancements: - added a free_item function - added a CONTAINER_FREE_ALL macro/function - added an interface for duplicating a container (CONTAINER_DUP) - added a remove function to container_iterators - added an ability to set options on binary_array containers - new snmp token logOption allows specifying log destinations via configuration conf files - A very significant reduction in compiler warning output - new experimental simple state machine handling API building: - Support for a stream-line stripped down version of internal OpenSSL support using --with-openssl=internal. - Do not require that the UDP transport is included. - Building Net-SNMP with dmalloc support enabled is again possible. mib2c: - mib2c can now optionally run sed on generated code testing: - A brand new test infrastructure supporting multiple test su
Re: net-snmp 5.4.3 - error when executing snmpget.exe
On Thu, Aug 19, 2010 at 3:17 PM, Ravi Chandran wrote: > *[ ... ] > > R6034* > > ** > > *An application has made an attempt to load the C runtime library > incorrectly.* > > *Please contact the application's support team for more information.* > This error message means that neither a manifest has been embedded in the executable nor that a .manifest file was present in the same directory as the executable. What you can do is check in the build directory whether the snmpget.exe.manifest file was preserved during the build, and if so, copy it next to where snmpget.exe has been installed. An even better solution would be to modify the build process such that a manifest is embedded in all .exe and .dll files during the build. Bart. -- This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
RE: net-snmp v5.5 agent authenticationFailure for noAuthNoPriv V3 access
Dave: > What access control settings are you using? trapcommunity public rocommunity "public" trap2sink udp6:[2003:a8::129]:162 trap2sink 192.168.1.129 createUser noauser rouser noauser trapsess -v 3 -u noauser -l noAuthNoPriv udp6:[2003:a8::129]:162 createUser auser rouser auser trapsess -v 3 -u auser -l authNoPriv -a MD5 -A password udp6:[2003:a8::129]:162 createUser puser rouser puser trapsess -v 3 -u puser -l authPriv -a SHA -A password -x AES -X password udp6:[2003:a8::129]:162 createUser noauser rouser noauser trapsess -v 3 -u noauser -l noAuthNoPriv 192.168.1.129 createUser auser rouser auser trapsess -v 3 -u auser -l authNoPriv -a MD5 -A password 192.168.1.129 createUser puser rouser puser trapsess -v 3 -u puser -l authPriv -a SHA -A password -x AES -X password 192.168.1.129 Hmmm... snmpwalk -v 3 using either "auser" or "puser" with the corresponding credentials works, but using "noauser" bombs through authorization Error (access denied to that object). This configuration is generated programmatically, which is why you see things like repeated createUser lines. Hey, all the above traps get to the right place, I reckoned that walks were a bonus! Ron The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting all copies. Thank you. -- This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
RE: Please advise about snmpget over IPv6
Dave: > What are the access control settings in your 'snmpd.conf' file? > Remember that for community-based requests using IPv6 > you need to use "rocommunity6" rather than "rocommunity" Ah HAH! Right you are, Dave! I had no clue about rocommunity6. Added an rocommunity6 "public" line and all is now well. Does that help the original poster? I guess I'll have to figure out a way to integrate rocommunity6 into our application. I'll report it as a bug so it won't get lost. Thanks, Ron The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting all copies. Thank you. -- This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: net-snmp v5.5 agent authenticationFailure for noAuthNoPriv V3 access
On 19 August 2010 17:39, Ron Rader wrote: > While I'm on the subject of weird MIB walk responses... I can't seem > to get V3 access using noAuthNoPriv users. This results in snmpwalk > authorizationErrors and authenticationFailure traps. Is this another > RTFM moment, like the previous "rocommunity6" configuration item? Probably, yes. What access control settings are you using? Dave -- This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
net-snmp v5.5 agent authenticationFailure for noAuthNoPriv V3 access
While I'm on the subject of weird MIB walk responses... I can't seem to get V3 access using noAuthNoPriv users. This results in snmpwalk authorizationErrors and authenticationFailure traps. Is this another RTFM moment, like the previous "rocommunity6" configuration item? Thanks, Ron The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting all copies. Thank you. -- This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: Please advise about snmpget over IPv6
On 19 August 2010 15:45, Ron Rader wrote: > The following command (using net-snmp tools v5.5) allows me to query > net-snmp agents (v5.5) to walk the MIB (using SNMPv3 and IPv6): > > snmpwalk -v 3 -n "" -u auser -l authNoPriv -a MD5 -A password > udp6:[2003:a8::208] system > > However, the same host times out when I try to switch to SNMPv2c: > > snmpwalk -v 2c -c public udp6:[2003:a8::208] system > > That seems strange to me. What are the access control settings in your 'snmpd.conf' file? Remember that for community-based requests using IPv6 you need to use "rocommunity6" rather than "rocommunity" Dave -- This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
RE: Please advise about snmpget over IPv6
> (Now my linux use net-snmp version 5.1.2). That's an old version. My experience is exclusively with net-snmp v5.4.1 and v5.5. > The following is my command to use snmpget over IPv6: snmpget -v 2c -c testcommu UDP6:'[FE80::21A:A2FF:FEFE:B0C0]' sysDescr.0 the result: Timeout: No Response from UDP6:[FE80::21A:A2FF:FEFE:B0C0]. The following command (using net-snmp tools v5.5) allows me to query net-snmp agents (v5.5) to walk the MIB (using SNMPv3 and IPv6): snmpwalk -v 3 -n "" -u auser -l authNoPriv -a MD5 -A password udp6:[2003:a8::208] system SNMPv2-MIB::sysDescr.0 = STRING: Linux cep 2.6.21.7 #1 SMP PREEMPT Tue Aug 17 20:43:05 EDT 2010 mips However, the same host times out when I try to switch to SNMPv2c: snmpwalk -v 2c -c public udp6:[2003:a8::208] system Timeout: No Response from udp6:[2003:a8::208] That seems strange to me. First thing I would change in your snmpget command is to remove the single quotes. Ron The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting all copies. Thank you. -- This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
net-snmp 5.4.3 - error when executing snmpget.exe
Hi, I'm using a Windows XP SP3 and compiled net-snmp 5.4.3 using the build.bat. I have visual studio 2008 installed in my machine. Pasting below the compile options I have used for compiling the code: *** Net-SNMP build and install options == 1. OpenSSL support:enabled 2. Platform SDK support: enabled 3. Install path: c:/usr 4. Install after build:enabled 5. Perl modules: disabled 6. Install perl modules: disabled 7. Quiet build (logged): enabled 8. Debug mode: disabled 9. IPv6 transports (requires SDK): enabled 10. winExtDLL agent (requires SDK): disabled 11. Link type: static 12. Install development files disabled F. Finished - start build Q. Quit - abort build Select option to set / toggle: f *** Compilation was successful and exe's got generated. When I tried to execute the snmpget.exe, I'm getting an exception message as below: --- Microsoft Visual C++ Runtime Library --- Runtime Error! Program: C:\usr\bin\snmpget.exe R6034 An application has made an attempt to load the C runtime library incorrectly. Please contact the application's support team for more information. --- OK --- Even if I compile without openSSL, SDK Support and IPV6 options, I'm encountering the problem. Am I missing any steps here. Thanks in advance. Regards Ravi -- This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
RE: Why the result of "snmpwalk 1.3.6.1.2.1.2.2.1" is terribly slow?
> The OS of my machine is "HP-UX 11.31 ia64 ". > When I tried "snmpwalk" for OID 1.3.6.1.2.1.2.2.1 using HP snmpdm, > I could get the all results and very fast besides. > But when I tried same job using net-snmp, > I couldn't get the all results and very very slow. > And I got the message "Timeout: No Response from myserver" Is your server running both SNMP Research "snmpdm" AND net-snmp "snmpd" agents simultaneously? Ron The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting all copies. Thank you. -- This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Why the result of "snmpwalk 1.3.6.1. 2.1.2.2.1" is terribly slow?
Dear. Everyone! The OS of my machine is "HP-UX 11.31 ia64 ". When I tried "snmpwalk" for OID 1.3.6.1.2.1.2.2.1 using HP snmpdm, I could get the all results and very fast besides. = #snmpdm SNMP Research SNMP Agent Resident Module Version 15.3.1.0 Copyright 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001 SNMP Research, Inc. #mib2agt #snmpwalk -v 2c -c mycomm myserver 1.3.6.1.2.1.2.2.1 IF-MIB::ifIndex.1 = INTEGER: 1 IF-MIB::ifIndex.2 = INTEGER: 2 IF-MIB::ifIndex.3 = INTEGER: 3 IF-MIB::ifIndex.4 = INTEGER: 4 IF-MIB::ifIndex.5 = INTEGER: 5 IF-MIB::ifIndex.6 = INTEGER: 6 IF-MIB::ifIndex.7 = INTEGER: 7 IF-MIB::ifIndex.8 = INTEGER: 8 IF-MIB::ifIndex.9 = INTEGER: 9 . IF-MIB::ifSpecific.54 = OID: SNMPv2-SMI::transmission.7 IF-MIB::ifSpecific.55 = OID: SNMPv2-SMI::transmission.7 IF-MIB::ifSpecific.56 = OID: SNMPv2-SMI::transmission.7 IF-MIB::ifSpecific.57 = OID: SNMPv2-SMI::transmission.7 = But when I tried same job using net-snmp, I couldn't get the all results and very very slow. And I got the message "Timeout: No Response from myserver" = # ps -ef|grep snmpd root 12723 4411 0 08:16:23 pts/tb 0:00 grep snmpd root 27404 1 0 06:34:02 ? 2:31 /opt/iexpress/net-snmp/sbin/snmpd -c /opt/iexpress/net-snmp/etc/snmpd.conf # cat /opt/iexpress/net-snmp/etc/snmpd.conf com2sec mycomm 192.168.1.0/24 mycomm group monitor v2c mycomm group monitor v1 mycomm view all included .1 access monitor "" any noauth prefix all none none # snmpwalk -v 2c -c mycomm myserver 1.3.6.1.2.1.2.2.1 IF-MIB::ifIndex.1 = INTEGER: 1 IF-MIB::ifIndex.2 = INTEGER: 2 IF-MIB::ifIndex.3 = INTEGER: 3 IF-MIB::ifIndex.4 = INTEGER: 4 IF-MIB::ifIndex.5 = INTEGER: 5 IF-MIB::ifIndex.6 = INTEGER: 6 IF-MIB::ifIndex.7 = INTEGER: 7 IF-MIB::ifIndex.8 = INTEGER: 8 IF-MIB::ifIndex.9 = INTEGER: 9 ... IF-MIB::ifIndex.46 = INTEGER: 46 Timeout: No Response from myserver = Why couldn't I get right results? I have to use net-snmp because there are some private OID for my NMS system. (e.g. extend .1.3.6.1.4.1.xxx.xx.1.1 ioDeviceName /myprogram/myfunction1 arg) Please help me to use net-snmp well. Thanks in advance. nabongwon님의 블로그 안녕하세요. -- This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
wrong hrSystemDate?
hello out there - please do not hesitate to give rtfm pointers, or direction to better suited mailing lists. :-) i recently changed a few machines from slackware <=13.0 to 13.1 (32bit). this implied an upgrade to net-snmp 5.5. if the host concerned is in a non utc timezone (here: CEST), the displacement field in 1.3.6.1.2.1.25.1.2.0 (ie the last three bytes) is wrong, indicating a wrong timezone. if i 'downgrade' to net-snmp 5.4.2.1, everything is working as expected. what am i possibly doing wrong? thanks and regards, christian -- phone +41 61 463 02 25 gsm+41 79 522 50 09 email christian.laubsc...@sisyphus.ch Please avoid sending me Microsoft Office attachments. http://www.gnu.org/philosophy/no-word-attachments.html -- This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Please advise about snmpget over IPv6
Hi All, I'm newer for using SNMP. I've a question in net-snmp about command snmpget over ipv6 (Now my linux use net-snmp version 5.1.2). I tried to use snmpget over IPv6 to get value from switch but I did not work ( I can ping to switch over IPv6). The following is my command to use snmpget over IPv6: snmpget -v 2c -c testcommu UDP6:'[FE80::21A:A2FF:FEFE:B0C0]' sysDescr.0 the result: Timeout: No Response from UDP6:[FE80::21A:A2FF:FEFE:B0C0]. I'm not sure. I should configure something in host to support "snmpget" over IPv6. Could you please advise me about this. Thanks & Best Regards, Prasert. -- This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users