Re: SIGHUP for changing snmpv3 context
Hi Vivek, There are some types of configuration that can only be applied with a restart, because the option to change them has not yet been implemented. There is nothing fundamental that prevents this from being implemented, but it is not a simple fix, which is why it hasn't been done yet. Bill On Tue, Jan 9, 2024 at 1:58 AM Vivek Aditya wrote: > Hi Team, > > I want the snmpv3 context to change without snmpd restart. When I checked > with SIGHUP, looks like adding a new snmpv3 context, SIGHUP works; But > deleting the context and sending a SIGHUP, the context does not get deleted > and still able to perform walk with that context. > > Is there a way to do it or has this issue already been resolved? Any help > would be appreciated > > -- > Warm Regards, > Vivek Aditya > ___ > Net-snmp-coders mailing list > net-snmp-cod...@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/net-snmp-coders > ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
How to install and configure SNMPv3 in RHEL 7, then open UDP port 161 using firewalld
Subject: How to install and configure SNMPv3 in RHEL 7, then open UDP port 161 using firewalld Good day from Singapore, These are my notes on installing and configuring SNMPv3 in RHEL 7 and then opening UDP port 161 using firewalld on 13 Jun 2022 Mon. Step 1 - Checking if SNMP was installed and configured previously == # service snmpd status Redirecting to /bin/systemctl status snmpd.service Unit snmpd.service could not be found. # systemctl status snmpd Unit snmpd.service could not be found # cd /etc/snmp -bash: cd: /etc/snmp: No such file or directory # find / -name snmpd.conf No output Step 2 - Installing net-snmp in RHEL 7 === # yum install net-snmp net-snmp-utils net-snmp-devel -y Step 3 - Creating SNMPv3 User = # systemctl stop snmpd # net-snmp-config --create-snmpv3-user -A [authentication password] -X [encryption password] -a SHA -x AES [username] adding the following line to /var/lib/net-snmp/snmpd.conf: createUser [username] SHA [authentication password] AES [encryption password] adding the following line to /etc/snmp/snmpd.conf: rwuser [username] # systemctl enable snmpd created symlink from /etc/systemd/system/multi-user.target.wants/snmpd.service to /usr/lib/systemd/system/snmpd.service. # systemctl start snmpd Step 4 - Checking if snmpd service is listening === # netstat -anp | grep snmpd tcp 0 0 127.0.0.1:199 0.0.0.0:* LISTEN 26932/snmpd udp 0 0 0.0.0.0:161 0.0.0.0:* 26932/snmpd Step 5 - Checking existing iptables firewall rules == # iptables -S -A IN_public_allow -p udp -m udp --dport 111 -m conntract --ctstate NEW,UNTRACKED -j ACCEPT Step 6 - Opening UDP port 161 using firewalld == # which firewalld /sbin/firewalld # firewall-cmd --state running # firewall-cmd --list-all public (active) target: default icmp-block-inversion: no interfaces: ens192 ens224 ens256 sources: services: dhcpv6-client http ssh ports: 22/tcp 11/tcp 111/tcp 111/udp 971/udp 5901/tcp 5902/tcp 5903/tcp 5904/tcp 5905/tcp 5906/tcp 5907/tcp 5908/tcp protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: # firewall-cmd --list-ports 22/tcp 11/tcp 111/tcp 111/udp 971/udp 5901/tcp 5902/tcp 5903/tcp 5904/tcp 5905/tcp 5906/tcp 5907/tcp 5908/tcp # firewall-cmd --add-port=161/udp success # firewall-cmd --runtime-to-permanent success # firewall-cmd --list-all public (active) target: default icmp-block-inversion: no interfaces: ens192 ens224 ens256 sources: services: dhcpv6-client http ssh ports: 22/tcp 11/tcp 111/tcp 111/udp 971/udp 5901/tcp 5902/tcp 5903/tcp 5904/tcp 5905/tcp 5906/tcp 5907/tcp 5908/tcp 161/udp protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: Step 7 - Add RHEL 7 server as a node in Solarwinds Orion platform == Click "Add Node" Click "Most Devices: SNMP and ICMP" SNMP Version: SNMPv3 SNMP Port: 161 Click "Allow 64 bit counters" SNMPv3 Credentials SNMPv3 Username: [username] SNMPv3 Context: leave empty SNMPv3 Authentication Method: SHA1 Password: [authentication password] Uncheck "Password is a key" SNMPv3 Privacy / Encryption Method: AES128 Password: [encryption password] Uncheck "Password is a key" Click "Test" Result: Test Successful! You can now see the node in Solarwinds Orion web console by clicking Settings > Manage Nodes. Regards, Mr. Turritopsis Dohrnii Teo En Ming Targeted Individual in Singapore 13 Jun 2022 Monday Blogs: https://tdtemcerts.blogspot.com/ https://tdtemcerts.wordpress.com/ ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Dynamically updating SNMPv3 user passwords from .so agent
Hello, I'm developing a system with .so shared library agent. Now there is a need to dynamically update a couple of SNMP v3 user passwords. Is the updating even theoretically possible on a running snmpd with the loaded .iso? The changes should be effective immediately. If it is possible, could someone provide an outline of functions I should be using? Regards, Mr. Janne Paalijarvi ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Source based access control for SNMPv3 users
Hi, I have been trying to implement a configuration where SNMPv3 users can do snmpset only from localhost. I was able to do the same for SNMPv1 and SNMPv2 using com2sec to map the community string and source with a security name. *com2sec LocalUser 127.0.0.1 dummycommunitycom2sec ExternalUser default dummycommunity viewsystemview included .1access LocalGroup "" any noauthexact systemview systemview noneaccess ExternalGroup "" any noauthexact systemview none nonegroup LocalGroup v2c LocalUsergroup ExternalGroup v2c ExternalUser* The only directives I found for configuring user permissions were *rwuser/rouser & authuser *but they didn't have any option to specify the source. So If add a user either the user can read and write from anywhere or the user can only read. But I'm unable to find a configuration which can enable snmpset for localhost and disable the same for all external devices. Just wanted to know if there is such provision for v3 users or not. If yes, then how can I do so? Thanks in advance. Regards, Kartik ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
RE: Problem with SNMPv3 traps with authentication
I have found that there is a problem with msgAuthoritativeEngineBoot and msgAuthoritativeEngineTime parameters. The LogFactory was very helpful. Thanks all for help, Michael ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
RE: Problem with SNMPv3 traps with authentication
But with noAuthNoPriv, the encoded passphrases aren’t being sent, and the receiver is not trying to decode them. When an authPriv trap is received, the trap receiver uses the authoritative engine ID to decode the passphrases and ensure they match the preconfigured USM user’s passphrases, which must have been encoded using the trap sender’s engine ID (which is authoritative). Perhaps snmp4j in your receiver is using its own generated engine ID by default, so you may need to ensure the creation of the USM users on the trap receiver actually used the engine ID of the trap sender (and the correct passphrases, of course). I would also look into whether snmp4j has diagnostic/debug logging that can be enabled while your developing. That might reveal were the problem lies. Brian From: Michał Tarczyński Sent: Wednesday, March 31, 2021 2:44 AM To: 'Frank Fock' Cc: net-snmp-users@lists.sourceforge.net Subject: RE: Problem with SNMPv3 traps with authentication NetApp Security WARNING: This is an external email. Do not click links or open attachments unless you recognize the sender and know the content is safe. Hi Frank, I think it’s not a problem with engine ID because when the noAuthNoPriv SNMPv3 trap is sent then the engine ID is also used and when I set incorrect engine ID then the noAuthNoPriv trap is not received. I have to use trap messages in my project, not INFORM messages. Best regards, Michael From: Frank Fock mailto:f...@agentpp.com>> Sent: Wednesday, March 31, 2021 12:15 AM To: Michał Tarczyński mailto:michal.tarczyn...@radmor.com.pl>> Cc: net-snmp-users@lists.sourceforge.net<mailto:net-snmp-users@lists.sourceforge.net> Subject: Re: Problem with SNMPv3 traps with authentication Hi Michael, I guess you need to check your SNMPv3 engine ID configuration (i.e. use unique SNMPv3 engine IDs for all SNMPv3 entities) when you test using SNMP4J only. In addition, when using the NET-SNMP snmptrap or any other notification sender with the SNMP4J trap listener or any other notification receiver, you need to add the USM auth(No)Priv user with the engine ID of the snmptrap entity to the USM of the SNMP4J notification receiver. This is required, because for SNMPv3 traps/notifications, the notification sender is authoritative. Hope this helps. Best regards, Frank ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
RE: Problem with SNMPv3 traps with authentication
Hi Brian, The engine ID is set in the USM on Java appliaction and in the Wireshark it looks like it is correct and the snmptrapd daemon receives authPriv traps (with defined engine ID) from Java app correctly. I will try to use snmp4j logging to detect the error. Best regards, Michael From: Atkins, Brian Sent: Wednesday, March 31, 2021 2:47 PM To: Michał Tarczyński ; 'Frank Fock' Cc: net-snmp-users@lists.sourceforge.net Subject: RE: Problem with SNMPv3 traps with authentication But with noAuthNoPriv, the encoded passphrases aren’t being sent, and the receiver is not trying to decode them. When an authPriv trap is received, the trap receiver uses the authoritative engine ID to decode the passphrases and ensure they match the preconfigured USM user’s passphrases, which must have been encoded using the trap sender’s engine ID (which is authoritative). Perhaps snmp4j in your receiver is using its own generated engine ID by default, so you may need to ensure the creation of the USM users on the trap receiver actually used the engine ID of the trap sender (and the correct passphrases, of course). I would also look into whether snImp4j has diagnostic/debug logging that can be enabled while your developing. That might reveal were the problem lies. Brian ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
RE: Problem with SNMPv3 traps with authentication
Hi Frank, I think it’s not a problem with engine ID because when the noAuthNoPriv SNMPv3 trap is sent then the engine ID is also used and when I set incorrect engine ID then the noAuthNoPriv trap is not received. I have to use trap messages in my project, not INFORM messages. Best regards, Michael From: Frank Fock Sent: Wednesday, March 31, 2021 12:15 AM To: Michał Tarczyński Cc: net-snmp-users@lists.sourceforge.net Subject: Re: Problem with SNMPv3 traps with authentication Hi Michael, I guess you need to check your SNMPv3 engine ID configuration (i.e. use unique SNMPv3 engine IDs for all SNMPv3 entities) when you test using SNMP4J only. In addition, when using the NET-SNMP snmptrap or any other notification sender with the SNMP4J trap listener or any other notification receiver, you need to add the USM auth(No)Priv user with the engine ID of the snmptrap entity to the USM of the SNMP4J notification receiver. This is required, because for SNMPv3 traps/notifications, the notification sender is authoritative. Hope this helps. Best regards, Frank ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: Problem with SNMPv3 traps with authentication
Hi Michael, I guess you need to check your SNMPv3 engine ID configuration (i.e. use unique SNMPv3 engine IDs for all SNMPv3 entities) when you test using SNMP4J only. In addition, when using the NET-SNMP snmptrap or any other notification sender with the SNMP4J trap listener or any other notification receiver, you need to add the USM auth(No)Priv user with the engine ID of the snmptrap entity to the USM of the SNMP4J notification receiver. This is required, because for SNMPv3 traps/notifications, the notification sender is authoritative. Hope this helps. Best regards, Frank > On 30. Mar 2021, at 11:03, Michał Tarczyński > wrote: > > Hello, > > I have a problem with receiving SNMPv3 authPriv traps on my own Java trap > receiver. > When using snmptrap command on the Linux terminal with authPriv option then > the trap is never received on my Java trap receiver regardless of which > authentication is used: MD5, SHA or SHA-256. Only if there is noAuthNoPriv > used then the trap is received. > In my Java trap receiver the snmp4j library is used. An important note is > that my Java traps receiver receives authPriv trap,regardless of which > authentication is used, only when the trap is sent from my own Java trap > sender with snmp4j (for all authentication protocol). Also snmptrapd daemon > receives authPriv trap which are sent from own Java application with snmp4j. > > I’m using Net-SNMP 5.9 on Linux Mint and „snmp4j-2.7.0”. > > Could someone help me in receiving the authPriv traps on Java application > with snmp4j? > > Best regards, > Michael > > ___ > Net-snmp-users mailing list > Net-snmp-users@lists.sourceforge.net > <mailto:Net-snmp-users@lists.sourceforge.net> > Please see the following page to unsubscribe or change other options: > https://lists.sourceforge.net/lists/listinfo/net-snmp-users > <https://lists.sourceforge.net/lists/listinfo/net-snmp-users> signature.asc Description: Message signed with OpenPGP ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: Problem with SNMPv3 traps with authentication
Michał Tarczyński writes: > I have a problem with receiving SNMPv3 authPriv traps on my own Java > trap receiver. So I don't *know* what your particular problem might be; but I can recommend a few things to look at: 1) try INFORMs instead of TRAPs and see if you get more interesting results. 2) Make sure you understanding SNMPv3 trans with respect to the authoratative engineID to be used -- see the http://www.net-snmp.org/wiki/index.php/TUT:snmptrap_SNMPv3 web page for some long but very important details on the subject. -- Wes Hardaker USC/ISI ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Problem with SNMPv3 traps with authentication
Hello, I have a problem with receiving SNMPv3 authPriv traps on my own Java trap receiver. When using snmptrap command on the Linux terminal with authPriv option then the trap is never received on my Java trap receiver regardless of which authentication is used: MD5, SHA or SHA-256. Only if there is noAuthNoPriv used then the trap is received. In my Java trap receiver the snmp4j library is used. An important note is that my Java traps receiver receives authPriv trap, regardless of which authentication is used, only when the trap is sent from my own Java trap sender with snmp4j (for all authentication protocol). Also snmptrapd daemon receives authPriv trap which are sent from own Java application with snmp4j. I'm using Net-SNMP 5.9 on Linux Mint and "snmp4j-2.7.0". Could someone help me in receiving the authPriv traps on Java application with snmp4j? Best regards, Michael ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
snmpwalk with snmpv3 AES256 encryption authentication
Hello snmp-net, I would like to know how to solve this problem: Once i run snmpwalk through cisco switch with a user configured to use AES257 for authentication i get this error: snmpwalk: USM encryption error Is snmpwalk support snmpv3 with aes256 encryption?(receiving this error with aes256/192 only). My query is: snmpwalk -v3 -l authPriv -u snmpu -x SHA -X Qaz123@! -a AES256 -A Qaz123@! I've tried to use snmpbulwalk, snmpget , snmptest and with all commands i receive the same error message. Only with default aes(128) i receive MiB information from the cisco switch. Thanks, Kolton. ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
RE: Snmpv3 users details are not deleting from /var/net-snmp/snmpd.conf file
Try to call update_config(); instead. From: chandrasekharreddy chinnapareddygari Sent: Saturday, December 12, 2020 10:54 PM To: net-snmp-cod...@lists.sourceforge.net; net-snmp-users@lists.sourceforge.net Subject: Snmpv3 users details are not deleting from /var/net-snmp/snmpd.conf file External email: [net-snmp-users-boun...@lists.sourceforge.net] Hi team, I'm using net-snmp 5.8 version .My requirement is conf files should updtae without restarting snmpd . I'm sending SIGHUP signal to update SNMP data with out restarting snmpd . snmpv3 details are not updating . Please help me how to proceed further. Thanks, Chandra. Get Outlook for Android<https://urldefense.com/v3/__https:/aka.ms/ghei36__;!!PIqRGrUndTen!WFzQEYLtEhekam1LkX9jBJhQSvE8xsdmrbKibf8uIUnDZJnaD2-f9nG1PfGueg$> Please see our privacy statement at https://www.adva.com/en/about-us/legal/privacy-statement for details of how ADVA processes personal information. ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: Snmpv3 users details are not deleting from /var/net-snmp/snmpd.conf file
Thanks Larry Hayes , I too have same question as Joan Landry has Thanks, Chandra Get Outlook for Android<https://aka.ms/ghei36> From: Joan Landry Sent: Monday, 14 December, 2020, 21:26 To: Larry Hayes; chandrasekharreddy chinnapareddygari Cc: net-snmp-cod...@lists.sourceforge.net; net-snmp-users@lists.sourceforge.net Subject: RE: Snmpv3 users details are not deleting from /var/net-snmp/snmpd.conf file Thanks – but my question was regarding actually being the master agent and internally updating the net-snmp library with data received via a CLI. I believe the only way to do this is via the snmpd.conf file. So any info on this would be greatly appreciated. Thanks, From: Larry Hayes Sent: Monday, December 14, 2020 10:48 AM To: chandrasekharreddy chinnapareddygari Cc: net-snmp-cod...@lists.sourceforge.net; net-snmp-users@lists.sourceforge.net Subject: Re: Snmpv3 users details are not deleting from /var/net-snmp/snmpd.conf file External email: [net-snmp-users-boun...@lists.sourceforge.net] I am no expert, but do deal with creating and deleting SNMP v3 users in my job. You may have to use the tool, snmpuser to remove V3 users without restarting the snmpd daemon. >From the man page: " snmpusm is an SNMP application that can be used to do simple maintenance on the users known to an SNMP agent, by manipulating the agent's User-based Security Module (USM) table. The user needs write access to the usmUserTable MIB table. This tool can be used to create, delete, clone, and change the passphrase of users configured on a running SNMP agent." On Sat, Dec 12, 2020 at 9:55 PM chandrasekharreddy chinnapareddygari mailto:chandrasekhar...@hotmail.com>> wrote: Hi team, I'm using net-snmp 5.8 version .My requirement is conf files should updtae without restarting snmpd . I'm sending SIGHUP signal to update SNMP data with out restarting snmpd . snmpv3 details are not updating . Please help me how to proceed further. Thanks, Chandra. Get Outlook for Android<https://urldefense.com/v3/__https:/aka.ms/ghei36__;!!PIqRGrUndTen!UrokTSk2NGdWBofBJMrtgwyJgDXs2KLNFXTPV2uqeTZbuPHnNln2NRUjUybRdg$> ___ Net-snmp-coders mailing list net-snmp-cod...@lists.sourceforge.net<mailto:net-snmp-cod...@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/net-snmp-coders<https://urldefense.com/v3/__https:/lists.sourceforge.net/lists/listinfo/net-snmp-coders__;!!PIqRGrUndTen!UrokTSk2NGdWBofBJMrtgwyJgDXs2KLNFXTPV2uqeTZbuPHnNln2NRV5PZweqA$> Please see our privacy statement at https://www.adva.com/en/about-us/legal/privacy-statement for details of how ADVA processes personal information. ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Snmpv3 users details are not deleting from /var/net-snmp/snmpd.conf file
Hi team, I'm using net-snmp 5.8 version .My requirement is conf files should updtae without restarting snmpd . I'm sending SIGHUP signal to update SNMP data with out restarting snmpd . snmpv3 details are not updating . Please help me how to proceed further. Thanks, Chandra. Get Outlook for Android<https://aka.ms/ghei36> ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: Snmpv3 users details are not deleting from /var/net-snmp/snmpd.conf file
chandrasekharreddy chinnapareddygari writes: > I'm using net-snmp 5.8 version .My requirement is conf files should updtae > without restarting snmpd . > > I'm sending SIGHUP signal to update SNMP data with out restarting snmpd . > snmpv3 details are not updating . > Please help me how to proceed further. I'm confused about how you're going about adding and deleting users? Are you doing it by putting users into a configuration file? If so, which one? Are you doing it using the snmpusm command to create new users? Once they're created, are you editing the files to remove the user or using snmpusm to delete them? -- Wes Hardaker Please mail all replies to net-snmp-cod...@lists.sourceforge.net ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
RE: Snmpv3 users details are not deleting from /var/net-snmp/snmpd.conf file
Thanks – but my question was regarding actually being the master agent and internally updating the net-snmp library with data received via a CLI. I believe the only way to do this is via the snmpd.conf file. So any info on this would be greatly appreciated. Thanks, From: Larry Hayes Sent: Monday, December 14, 2020 10:48 AM To: chandrasekharreddy chinnapareddygari Cc: net-snmp-cod...@lists.sourceforge.net; net-snmp-users@lists.sourceforge.net Subject: Re: Snmpv3 users details are not deleting from /var/net-snmp/snmpd.conf file External email: [net-snmp-users-boun...@lists.sourceforge.net] I am no expert, but do deal with creating and deleting SNMP v3 users in my job. You may have to use the tool, snmpuser to remove V3 users without restarting the snmpd daemon. From the man page: " snmpusm is an SNMP application that can be used to do simple maintenance on the users known to an SNMP agent, by manipulating the agent's User-based Security Module (USM) table. The user needs write access to the usmUserTable MIB table. This tool can be used to create, delete, clone, and change the passphrase of users configured on a running SNMP agent." On Sat, Dec 12, 2020 at 9:55 PM chandrasekharreddy chinnapareddygari mailto:chandrasekhar...@hotmail.com>> wrote: Hi team, I'm using net-snmp 5.8 version .My requirement is conf files should updtae without restarting snmpd . I'm sending SIGHUP signal to update SNMP data with out restarting snmpd . snmpv3 details are not updating . Please help me how to proceed further. Thanks, Chandra. Get Outlook for Android<https://urldefense.com/v3/__https:/aka.ms/ghei36__;!!PIqRGrUndTen!UrokTSk2NGdWBofBJMrtgwyJgDXs2KLNFXTPV2uqeTZbuPHnNln2NRUjUybRdg$> ___ Net-snmp-coders mailing list net-snmp-cod...@lists.sourceforge.net<mailto:net-snmp-cod...@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/net-snmp-coders<https://urldefense.com/v3/__https:/lists.sourceforge.net/lists/listinfo/net-snmp-coders__;!!PIqRGrUndTen!UrokTSk2NGdWBofBJMrtgwyJgDXs2KLNFXTPV2uqeTZbuPHnNln2NRV5PZweqA$> Please see our privacy statement at https://www.adva.com/en/about-us/legal/privacy-statement for details of how ADVA processes personal information. ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: Snmpv3 users details are not deleting from /var/net-snmp/snmpd.conf file
I am no expert, but do deal with creating and deleting SNMP v3 users in my job. You may have to use the tool, snmpuser to remove V3 users without restarting the snmpd daemon. >From the man page: " *snmpusm* is an SNMP application that can be used to do simple maintenance on the users known to an SNMP agent, by manipulating the agent's User-based Security Module (USM) table. The user needs write access to the usmUserTable MIB table. This tool can be used to create, delete, clone, and change the passphrase of users configured on a running SNMP agent." On Sat, Dec 12, 2020 at 9:55 PM chandrasekharreddy chinnapareddygari < chandrasekhar...@hotmail.com> wrote: > Hi team, > I'm using net-snmp 5.8 version .My requirement is conf files should updtae > without restarting snmpd . > > I'm sending SIGHUP signal to update SNMP data with out restarting snmpd . > snmpv3 details are not updating . > Please help me how to proceed further. > > > Thanks, > Chandra. > > > > Get Outlook for Android <https://aka.ms/ghei36> > ___ > Net-snmp-coders mailing list > net-snmp-cod...@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/net-snmp-coders > ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Need help in forwarding SNMPv3 informs with snmptrapd
Hi, I want to forward snmp v3 INFORM from VM-1 to VM-2, here is my configuration on VM-1 and VM-2. I'm generating INFORM on VM1, destination being loopback address. Can someone help me with the configuration? I get "usm: Failed to find engine data." and snmptrad always core-dumps. with this topology snmv3 TRAP works without any issues, it's just v3 informs that are creating trouble. Even v2 INFORM works. VM1: root@Ubuntu3323:~# cat /tmp/snmptrapd.conf authCommunity log,net public snmpTrapdAddr udp:162,udp6:162 forward default 2.2.2.2:162 createUser feroz SHA feroz123 DES feroz123 authUser log,net feroz priv root@Ubuntu3323# *Start snmptrapd on VM1* root@Ubuntu3323:# /usr/sbin/snmptrapd -f -C -c /tmp/snmptrapd.conf -Lo -d -Dusm,snmptrapd,sess_async_send & *Generate link-up notification on VM1.* root@Ubuntu3323:# snmpinform -Ci -v 3 -a SHA -A feroz123 -x DES -X feroz123 -l authPriv -u feroz localhost 0 IF-MIB::linkUp * VM2 :* root@Ubuntu3322:# cat /tmp/snmptrapd.conf createUser feroz SHA feroz123 DES feroz123 authUser log feroz priv root@Ubuntu3322:# *Start snmptrapd as follows on VM2* root@Ubuntu3322:~# /usr/sbin/snmptrapd -f -C -c /tmp/snmptrapd.conf -d -Lo -Dusm,snmptrapd -- Regards, Feroz Ahmed ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: SNMPv3 authPriv informs (trapsess)
Thanks Colin, I'm trying to avoid the clear-text passwords on the trapsess line. For traps, I have: createUser trapUser SHA authPass AES privPass in /var/lib/snmp/snmpd.conf, and trapsess -v3 -u trapUser -l authPriv 192.168.1.215 in /etc/snmp/snmpd.conf. And it works. The traps are properly authenticated and encrypted (I'm testing with wiershark). However, I still can't get the informs to work without clear text passwords on the trapsess. I still need help. On 17-Jul-2020 2:49 PM, Colin Anderson wrote: > > This is what I use. But this is for traps not informs, so yours will > be a different. > > > > rouser scott > > createUser scott MD5 "becky000" DES "molly000" > > trapsess -v 3 -n "" -u scott -a MD5 -A "becky000" -x DES -X "molly000" > -l authPriv 192.168.55.50 > > > > Colin > > > > *From:*John Bize > *Sent:* 17 July 2020 18:44 > *To:* Atkins, Brian ; Colin Anderson > ; net-snmp-users@lists.sourceforge.net > *Subject:* Re: SNMPv3 authPriv informs (trapsess) > > > > Ok, I did it wrong. I'm looking for valid examples. > > For authPriv informs, what do the createUser and trapsess look like? > > For authPriv traps, what do the createUser and trapsess look like? > > > > On 17-Jul-2020 1:40 PM, Atkins, Brian wrote: > > Also, if you use traps, the authoritativeEngineID will be the one > on the agent. That is the default, so there will be no need to > specify a -e argument on the createUser call. > > > > *From:* Atkins, Brian > *Sent:* Friday, July 17, 2020 1:38 PM > *To:* John Bize <mailto:jb...@godswind.org>; > Colin Anderson > <mailto:colin.ander...@speakerbus.com>; > net-snmp-users@lists.sourceforge.net > <mailto:net-snmp-users@lists.sourceforge.net> > *Subject:* RE: SNMPv3 authPriv informs (trapsess) > > > > The authoritativeEngineID is specified on the createUser, not > trapsess. See http://www.net-snmp.org/docs/man/snmpd.conf.html > > > > *From:* John Bize mailto:jb...@godswind.org>> > *Sent:* Friday, July 17, 2020 1:37 PM > *To:* Atkins, Brian <mailto:brian.atk...@netapp.com>>; Colin Anderson > <mailto:colin.ander...@speakerbus.com>>; > net-snmp-users@lists.sourceforge.net > <mailto:net-snmp-users@lists.sourceforge.net> > *Subject:* Re: SNMPv3 authPriv informs (trapsess) > > > > *NetApp Security WARNING*: This is an external email. Do not click > links or open attachments unless you recognize the sender and know > the content is safe. > > > > Ok, > > So it appears that I should add: > > trapsess -e 0x80001F888001331F10B729FA5E -Ci -v3 -u > remoteUser -l authPriv 192.168.1.215 > > to /etc/snmp/snmpd.conf for v3 informs (without the -Ci for v3 > traps), and: > > createUser -e 0x80001F888001331F10B729FA5E remoteUser > SHA "authPass" AES privPass > > in /var/lib/snmp/snmpd.conf where > "0x80001F888001331F10B729FA5E" is the engine-id of the > receiver. > > Does that look right? Will that work correctly? > > > > On 17-Jul-2020 1:06 PM, Atkins, Brian wrote: > > Looking at Colin’s reply, I realize you may need to add the > createUser statements to the /var/lib/snmp/snmpd.conf file > directly, instead of /etc/snmp/snmpd.conf (these are Debian 10 > paths). It will replace them with usmUser statements, so you > shouldn’t need to delete anything. > > > > *From:* John Bize > <mailto:jb...@godswind.org> > *Sent:* Friday, July 17, 2020 1:02 PM > *To:* Colin Anderson > <mailto:colin.ander...@speakerbus.com>; Atkins, Brian > <mailto:brian.atk...@netapp.com>; > net-snmp-users@lists.sourceforge.net > <mailto:net-snmp-users@lists.sourceforge.net> > *Subject:* Re: SNMPv3 authPriv informs (trapsess) > > > > *NetApp Security WARNING*: This is an external email. Do not > click links or open attachments unless you recognize the > sender and know the content is safe. > > > > > Thanks Colin and Brian. > > I will give creating a new snmpd (agent) user with the remote > (manager's) engine-id a try. > > I was using net-snmp-create-v3-user from the libsnmp-dev > package to add users. Unfortunately, it does not suppor
RE: SNMPv3 authPriv informs (trapsess)
You will need to use createUser in your snmpd.conf file with passwords and hash settings. On Debian 10, put then in /etc/snmp/snmpd.conf. The createUser statements will be removed and encoded passwords will be added to /var/lib/snmp/snmpd.conf in usmUser statements. NOTE: since you want to use V3 INFORMs, you’ll need to use the authoritativeEngineID of the inform recipient, not the agent issuing the INFORM, in the createUser statement. See more detail on authoritativeEngineID (one reference is https://kb.vmware.com/s/article/2033344#:~:text=In%20an%20SNMPv3%20transaction%20between,controls%20the%20flow%20of%20information.&text=With%20SNMPv3%20informs%2C%20the%20authoritative,agent's%20engine%20ID%20is%20authoritative.) From: John Bize Sent: Friday, July 17, 2020 10:32 AM To: net-snmp-users@lists.sourceforge.net Subject: Re: SNMPv3 authPriv informs (trapsess) NetApp Security WARNING: This is an external email. Do not click links or open attachments unless you recognize the sender and know the content is safe. Bump please. On 04-Jul-2020 10:11 AM, John Bize wrote: I have an embedded system running Debian 10 with snmpd v5.7.3. I'd like to configure SNMPv3 trapsess to send auth,priv informs. How is this done without putting clear-text passwords into the snmpd.conf file? Thanks. ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
RE: SNMPv3 authPriv informs (trapsess)
Your example is correct, although I would omit the quotes around the passwords. I had trouble with the quotes being encoded as part of the password. The example you have, with the -e option, works for INFORMs, as long as the engineID is that of the receiving SNMP entity. For traps, just omit the -e option (it will default to be the local agent’s engineID). You don’t need to specify -e at all on the trapsess statements; The the engineID used is based on the usmUser specified. If you want to use both traps and informs, you’ll have to create different USM users for them (one with and one without the -e option). From: John Bize Sent: Friday, July 17, 2020 1:44 PM To: Atkins, Brian ; Colin Anderson ; net-snmp-users@lists.sourceforge.net Subject: Re: SNMPv3 authPriv informs (trapsess) NetApp Security WARNING: This is an external email. Do not click links or open attachments unless you recognize the sender and know the content is safe. Ok, I did it wrong. I'm looking for valid examples. For authPriv informs, what do the createUser and trapsess look like? For authPriv traps, what do the createUser and trapsess look like? On 17-Jul-2020 1:40 PM, Atkins, Brian wrote: Also, if you use traps, the authoritativeEngineID will be the one on the agent. That is the default, so there will be no need to specify a -e argument on the createUser call. From: Atkins, Brian Sent: Friday, July 17, 2020 1:38 PM To: John Bize <mailto:jb...@godswind.org>; Colin Anderson <mailto:colin.ander...@speakerbus.com>; net-snmp-users@lists.sourceforge.net<mailto:net-snmp-users@lists.sourceforge.net> Subject: RE: SNMPv3 authPriv informs (trapsess) The authoritativeEngineID is specified on the createUser, not trapsess. See http://www.net-snmp.org/docs/man/snmpd.conf.html From: John Bize mailto:jb...@godswind.org>> Sent: Friday, July 17, 2020 1:37 PM To: Atkins, Brian mailto:brian.atk...@netapp.com>>; Colin Anderson mailto:colin.ander...@speakerbus.com>>; net-snmp-users@lists.sourceforge.net<mailto:net-snmp-users@lists.sourceforge.net> Subject: Re: SNMPv3 authPriv informs (trapsess) NetApp Security WARNING: This is an external email. Do not click links or open attachments unless you recognize the sender and know the content is safe. Ok, So it appears that I should add: trapsess -e 0x80001F888001331F10B729FA5E -Ci -v3 -u remoteUser -l authPriv 192.168.1.215 to /etc/snmp/snmpd.conf for v3 informs (without the -Ci for v3 traps), and: createUser -e 0x80001F888001331F10B729FA5E remoteUser SHA "authPass" AES privPass in /var/lib/snmp/snmpd.conf where "0x80001F888001331F10B729FA5E" is the engine-id of the receiver. Does that look right? Will that work correctly? On 17-Jul-2020 1:06 PM, Atkins, Brian wrote: Looking at Colin’s reply, I realize you may need to add the createUser statements to the /var/lib/snmp/snmpd.conf file directly, instead of /etc/snmp/snmpd.conf (these are Debian 10 paths). It will replace them with usmUser statements, so you shouldn’t need to delete anything. From: John Bize <mailto:jb...@godswind.org> Sent: Friday, July 17, 2020 1:02 PM To: Colin Anderson <mailto:colin.ander...@speakerbus.com>; Atkins, Brian <mailto:brian.atk...@netapp.com>; net-snmp-users@lists.sourceforge.net<mailto:net-snmp-users@lists.sourceforge.net> Subject: Re: SNMPv3 authPriv informs (trapsess) NetApp Security WARNING: This is an external email. Do not click links or open attachments unless you recognize the sender and know the content is safe. Thanks Colin and Brian. I will give creating a new snmpd (agent) user with the remote (manager's) engine-id a try. I was using net-snmp-create-v3-user from the libsnmp-dev package to add users. Unfortunately, it does not support engine-id, so I'll have to forgo that tool for this. Does anyone have an example of what the final trapsess looks like? On 17-Jul-2020 12:47 PM, Colin Anderson wrote: We came across this problem. There are 2 snmpd.conf files. “Your” one, in /usr/share/snmp/ and an autogenerated one in /var/net-snmp/. This autogenerated one stores the keys once they are generated. You can add the passwords to the auto-generated snmpd.conf file. (You can ignore the “Do not edit” warnings.) This file will automatically delete the password entries once the keys have been generated. This is mentioned in the wiki pages somewhere. There are other issues with this file which you may come across. We found that it seems to be written to with the old/existing config as snmpd is closing. So your changes could be overwritten. The file takes some playing with. Or depending how you’ve done it you can delete “your” snmpd.conf file once snmpd has started. We create our snmpd.conf just before we try to open snmpd and so the passwords are only added then. We then delete the file once snmpd is running. H
RE: SNMPv3 authPriv informs (trapsess)
Also, if you use traps, the authoritativeEngineID will be the one on the agent. That is the default, so there will be no need to specify a -e argument on the createUser call. From: Atkins, Brian Sent: Friday, July 17, 2020 1:38 PM To: John Bize ; Colin Anderson ; net-snmp-users@lists.sourceforge.net Subject: RE: SNMPv3 authPriv informs (trapsess) The authoritativeEngineID is specified on the createUser, not trapsess. See http://www.net-snmp.org/docs/man/snmpd.conf.html From: John Bize mailto:jb...@godswind.org>> Sent: Friday, July 17, 2020 1:37 PM To: Atkins, Brian mailto:brian.atk...@netapp.com>>; Colin Anderson mailto:colin.ander...@speakerbus.com>>; net-snmp-users@lists.sourceforge.net<mailto:net-snmp-users@lists.sourceforge.net> Subject: Re: SNMPv3 authPriv informs (trapsess) NetApp Security WARNING: This is an external email. Do not click links or open attachments unless you recognize the sender and know the content is safe. Ok, So it appears that I should add: trapsess -e 0x80001F888001331F10B729FA5E -Ci -v3 -u remoteUser -l authPriv 192.168.1.215 to /etc/snmp/snmpd.conf for v3 informs (without the -Ci for v3 traps), and: createUser -e 0x80001F888001331F10B729FA5E remoteUser SHA "authPass" AES privPass in /var/lib/snmp/snmpd.conf where "0x80001F888001331F10B729FA5E" is the engine-id of the receiver. Does that look right? Will that work correctly? On 17-Jul-2020 1:06 PM, Atkins, Brian wrote: Looking at Colin’s reply, I realize you may need to add the createUser statements to the /var/lib/snmp/snmpd.conf file directly, instead of /etc/snmp/snmpd.conf (these are Debian 10 paths). It will replace them with usmUser statements, so you shouldn’t need to delete anything. From: John Bize <mailto:jb...@godswind.org> Sent: Friday, July 17, 2020 1:02 PM To: Colin Anderson <mailto:colin.ander...@speakerbus.com>; Atkins, Brian <mailto:brian.atk...@netapp.com>; net-snmp-users@lists.sourceforge.net<mailto:net-snmp-users@lists.sourceforge.net> Subject: Re: SNMPv3 authPriv informs (trapsess) NetApp Security WARNING: This is an external email. Do not click links or open attachments unless you recognize the sender and know the content is safe. Thanks Colin and Brian. I will give creating a new snmpd (agent) user with the remote (manager's) engine-id a try. I was using net-snmp-create-v3-user from the libsnmp-dev package to add users. Unfortunately, it does not support engine-id, so I'll have to forgo that tool for this. Does anyone have an example of what the final trapsess looks like? On 17-Jul-2020 12:47 PM, Colin Anderson wrote: We came across this problem. There are 2 snmpd.conf files. “Your” one, in /usr/share/snmp/ and an autogenerated one in /var/net-snmp/. This autogenerated one stores the keys once they are generated. You can add the passwords to the auto-generated snmpd.conf file. (You can ignore the “Do not edit” warnings.) This file will automatically delete the password entries once the keys have been generated. This is mentioned in the wiki pages somewhere. There are other issues with this file which you may come across. We found that it seems to be written to with the old/existing config as snmpd is closing. So your changes could be overwritten. The file takes some playing with. Or depending how you’ve done it you can delete “your” snmpd.conf file once snmpd has started. We create our snmpd.conf just before we try to open snmpd and so the passwords are only added then. We then delete the file once snmpd is running. Hope this helps. Colin From: John Bize <mailto:jb...@godswind.org> Sent: 17 July 2020 15:32 To: net-snmp-users@lists.sourceforge.net<mailto:net-snmp-users@lists.sourceforge.net> Subject: Re: SNMPv3 authPriv informs (trapsess) Bump please. On 04-Jul-2020 10:11 AM, John Bize wrote: I have an embedded system running Debian 10 with snmpd v5.7.3. I'd like to configure SNMPv3 trapsess to send auth,priv informs. How is this done without putting clear-text passwords into the snmpd.conf file? Thanks. [Image removed by sender. Twitter]<https://twitter.com/speakerbus>[Image removed by sender. LinkedIn]<http://www.linkedin.com/company/speakerbus>[Image removed by sender. YouTube]<http://www.youtube.com/user/SpeakerbusTech?feature=watch> ** The contents of this e-mail and any attachments are confidential and are intended solely for the attention and use of the intended recipient. This message should not be copied or forwarded to any other person without the express permission of the sender. If you are not the intended recipient, you are hereby notified that to disclose, copy, distribute or retain this message or any part of it, is strictly unauthorised and forbidden. If you have received this message
RE: SNMPv3 authPriv informs (trapsess)
The authoritativeEngineID is specified on the createUser, not trapsess. See http://www.net-snmp.org/docs/man/snmpd.conf.html From: John Bize Sent: Friday, July 17, 2020 1:37 PM To: Atkins, Brian ; Colin Anderson ; net-snmp-users@lists.sourceforge.net Subject: Re: SNMPv3 authPriv informs (trapsess) NetApp Security WARNING: This is an external email. Do not click links or open attachments unless you recognize the sender and know the content is safe. Ok, So it appears that I should add: trapsess -e 0x80001F888001331F10B729FA5E -Ci -v3 -u remoteUser -l authPriv 192.168.1.215 to /etc/snmp/snmpd.conf for v3 informs (without the -Ci for v3 traps), and: createUser -e 0x80001F888001331F10B729FA5E remoteUser SHA "authPass" AES privPass in /var/lib/snmp/snmpd.conf where "0x80001F888001331F10B729FA5E" is the engine-id of the receiver. Does that look right? Will that work correctly? On 17-Jul-2020 1:06 PM, Atkins, Brian wrote: Looking at Colin’s reply, I realize you may need to add the createUser statements to the /var/lib/snmp/snmpd.conf file directly, instead of /etc/snmp/snmpd.conf (these are Debian 10 paths). It will replace them with usmUser statements, so you shouldn’t need to delete anything. From: John Bize <mailto:jb...@godswind.org> Sent: Friday, July 17, 2020 1:02 PM To: Colin Anderson <mailto:colin.ander...@speakerbus.com>; Atkins, Brian <mailto:brian.atk...@netapp.com>; net-snmp-users@lists.sourceforge.net<mailto:net-snmp-users@lists.sourceforge.net> Subject: Re: SNMPv3 authPriv informs (trapsess) NetApp Security WARNING: This is an external email. Do not click links or open attachments unless you recognize the sender and know the content is safe. Thanks Colin and Brian. I will give creating a new snmpd (agent) user with the remote (manager's) engine-id a try. I was using net-snmp-create-v3-user from the libsnmp-dev package to add users. Unfortunately, it does not support engine-id, so I'll have to forgo that tool for this. Does anyone have an example of what the final trapsess looks like? On 17-Jul-2020 12:47 PM, Colin Anderson wrote: We came across this problem. There are 2 snmpd.conf files. “Your” one, in /usr/share/snmp/ and an autogenerated one in /var/net-snmp/. This autogenerated one stores the keys once they are generated. You can add the passwords to the auto-generated snmpd.conf file. (You can ignore the “Do not edit” warnings.) This file will automatically delete the password entries once the keys have been generated. This is mentioned in the wiki pages somewhere. There are other issues with this file which you may come across. We found that it seems to be written to with the old/existing config as snmpd is closing. So your changes could be overwritten. The file takes some playing with. Or depending how you’ve done it you can delete “your” snmpd.conf file once snmpd has started. We create our snmpd.conf just before we try to open snmpd and so the passwords are only added then. We then delete the file once snmpd is running. Hope this helps. Colin From: John Bize <mailto:jb...@godswind.org> Sent: 17 July 2020 15:32 To: net-snmp-users@lists.sourceforge.net<mailto:net-snmp-users@lists.sourceforge.net> Subject: Re: SNMPv3 authPriv informs (trapsess) Bump please. On 04-Jul-2020 10:11 AM, John Bize wrote: I have an embedded system running Debian 10 with snmpd v5.7.3. I'd like to configure SNMPv3 trapsess to send auth,priv informs. How is this done without putting clear-text passwords into the snmpd.conf file? Thanks. [Image removed by sender. Twitter]<https://twitter.com/speakerbus>[Image removed by sender. LinkedIn]<http://www.linkedin.com/company/speakerbus>[Image removed by sender. YouTube]<http://www.youtube.com/user/SpeakerbusTech?feature=watch> ** The contents of this e-mail and any attachments are confidential and are intended solely for the attention and use of the intended recipient. This message should not be copied or forwarded to any other person without the express permission of the sender. If you are not the intended recipient, you are hereby notified that to disclose, copy, distribute or retain this message or any part of it, is strictly unauthorised and forbidden. If you have received this message in error, please notify the sender by telephone or by reply e-mail, and destroy the original message. Any views or opinions presented are solely those of the author and do not necessarily represent those of Speakerbus unless otherwise specifically stated. We reserve the right to monitor all e-mail messages passing through our network. Speakerbus Group plc - Head Office, Hanover House, Britannia Road, Queens Gate, Waltham Cross, Hertfordshire, EN8 7TF, England.Tel: +44(0)1992 807300 Fax:
Re: SNMPv3 authPriv informs (trapsess)
Ok, I did it wrong. I'm looking for valid examples. For authPriv informs, what do the createUser and trapsess look like? For authPriv traps, what do the createUser and trapsess look like? On 17-Jul-2020 1:40 PM, Atkins, Brian wrote: > > Also, if you use traps, the authoritativeEngineID will be the one on > the agent. That is the default, so there will be no need to specify a > -e argument on the createUser call. > > > > *From:* Atkins, Brian > *Sent:* Friday, July 17, 2020 1:38 PM > *To:* John Bize ; Colin Anderson > ; net-snmp-users@lists.sourceforge.net > *Subject:* RE: SNMPv3 authPriv informs (trapsess) > > > > The authoritativeEngineID is specified on the createUser, not > trapsess. See http://www.net-snmp.org/docs/man/snmpd.conf.html > > > > *From:* John Bize mailto:jb...@godswind.org>> > *Sent:* Friday, July 17, 2020 1:37 PM > *To:* Atkins, Brian <mailto:brian.atk...@netapp.com>>; Colin Anderson > <mailto:colin.ander...@speakerbus.com>>; > net-snmp-users@lists.sourceforge.net > <mailto:net-snmp-users@lists.sourceforge.net> > *Subject:* Re: SNMPv3 authPriv informs (trapsess) > > > > *NetApp Security WARNING*: This is an external email. Do not click > links or open attachments unless you recognize the sender and know the > content is safe. > > > > Ok, > > So it appears that I should add: > > trapsess -e 0x80001F888001331F10B729FA5E -Ci -v3 -u > remoteUser -l authPriv 192.168.1.215 > > to /etc/snmp/snmpd.conf for v3 informs (without the -Ci for v3 traps), > and: > > createUser -e 0x80001F888001331F10B729FA5E remoteUser SHA > "authPass" AES privPass > > in /var/lib/snmp/snmpd.conf where > "0x80001F888001331F10B729FA5E" is the engine-id of the receiver. > > Does that look right? Will that work correctly? > > > > On 17-Jul-2020 1:06 PM, Atkins, Brian wrote: > > Looking at Colin’s reply, I realize you may need to add the > createUser statements to the /var/lib/snmp/snmpd.conf file > directly, instead of /etc/snmp/snmpd.conf (these are Debian 10 > paths). It will replace them with usmUser statements, so you > shouldn’t need to delete anything. > > > > *From:* John Bize <mailto:jb...@godswind.org> > *Sent:* Friday, July 17, 2020 1:02 PM > *To:* Colin Anderson > <mailto:colin.ander...@speakerbus.com>; Atkins, Brian > <mailto:brian.atk...@netapp.com>; > net-snmp-users@lists.sourceforge.net > <mailto:net-snmp-users@lists.sourceforge.net> > *Subject:* Re: SNMPv3 authPriv informs (trapsess) > > > > *NetApp Security WARNING*: This is an external email. Do not click > links or open attachments unless you recognize the sender and know > the content is safe. > > > > Thanks Colin and Brian. > > I will give creating a new snmpd (agent) user with the remote > (manager's) engine-id a try. > > I was using net-snmp-create-v3-user from the libsnmp-dev package > to add users. Unfortunately, it does not support engine-id, so > I'll have to forgo that tool for this. > > Does anyone have an example of what the final trapsess looks like? > > > > On 17-Jul-2020 12:47 PM, Colin Anderson wrote: > > We came across this problem. > > > > There are 2 snmpd.conf files. “Your” one, in /usr/share/snmp/ > and an autogenerated one in /var/net-snmp/. This > autogenerated one stores the keys once they are generated. > You can add the passwords to the auto-generated snmpd.conf > file. (You can ignore the “Do not edit” warnings.) This file > will automatically delete the password entries once the keys > have been generated. This is mentioned in the wiki pages > somewhere. > > > > There are other issues with this file which you may come > across. We found that it seems to be written to with the > old/existing config as snmpd is closing. So your changes > could be overwritten. The file takes some playing with. > > > > Or depending how you’ve done it you can delete “your” > snmpd.conf file once snmpd has started. We create our > snmpd.conf just before we try to open snmpd and so the > passwords are only added then. We then delete the file once > snmpd is running. > > > > Hope this helps. > > > > Colin > > > > *From:* John Bize >
Re: SNMPv3 authPriv informs (trapsess)
Ok, So it appears that I should add: trapsess -e 0x80001F888001331F10B729FA5E -Ci -v3 -u remoteUser -l authPriv 192.168.1.215 to /etc/snmp/snmpd.conf for v3 informs (without the -Ci for v3 traps), and: createUser -e 0x80001F888001331F10B729FA5E remoteUser SHA "authPass" AES privPass in /var/lib/snmp/snmpd.conf where "0x80001F888001331F10B729FA5E" is the engine-id of the receiver. Does that look right? Will that work correctly? On 17-Jul-2020 1:06 PM, Atkins, Brian wrote: > > Looking at Colin’s reply, I realize you may need to add the createUser > statements to the /var/lib/snmp/snmpd.conf file directly, instead of > /etc/snmp/snmpd.conf (these are Debian 10 paths). It will replace > them with usmUser statements, so you shouldn’t need to delete anything. > > > > *From:* John Bize > *Sent:* Friday, July 17, 2020 1:02 PM > *To:* Colin Anderson ; Atkins, Brian > ; net-snmp-users@lists.sourceforge.net > *Subject:* Re: SNMPv3 authPriv informs (trapsess) > > > > *NetApp Security WARNING*: This is an external email. Do not click > links or open attachments unless you recognize the sender and know the > content is safe. > > > > Thanks Colin and Brian. > > I will give creating a new snmpd (agent) user with the remote > (manager's) engine-id a try. > > I was using net-snmp-create-v3-user from the libsnmp-dev package to > add users. Unfortunately, it does not support engine-id, so I'll have > to forgo that tool for this. > > Does anyone have an example of what the final trapsess looks like? > > > > On 17-Jul-2020 12:47 PM, Colin Anderson wrote: > > We came across this problem. > > > > There are 2 snmpd.conf files. “Your” one, in /usr/share/snmp/ and > an autogenerated one in /var/net-snmp/. This autogenerated one > stores the keys once they are generated. You can add the > passwords to the auto-generated snmpd.conf file. (You can ignore > the “Do not edit” warnings.) This file will automatically delete > the password entries once the keys have been generated. This is > mentioned in the wiki pages somewhere. > > > > There are other issues with this file which you may come across. > We found that it seems to be written to with the old/existing > config as snmpd is closing. So your changes could be > overwritten. The file takes some playing with. > > > > Or depending how you’ve done it you can delete “your” snmpd.conf > file once snmpd has started. We create our snmpd.conf just before > we try to open snmpd and so the passwords are only added then. We > then delete the file once snmpd is running. > > > > Hope this helps. > > > > Colin > > > > *From:* John Bize <mailto:jb...@godswind.org> > *Sent:* 17 July 2020 15:32 > *To:* net-snmp-users@lists.sourceforge.net > <mailto:net-snmp-users@lists.sourceforge.net> > *Subject:* Re: SNMPv3 authPriv informs (trapsess) > > > > Bump please. > > On 04-Jul-2020 10:11 AM, John Bize wrote: > > I have an embedded system running Debian 10 with snmpd v5.7.3. > > I'd like to configure SNMPv3 trapsess to send auth,priv > informs. How is this done *without putting clear-text > passwords *into the snmpd.conf file? > > Thanks. > > Image removed by sender. Twitter > <https://twitter.com/speakerbus>Image removed by sender. LinkedIn > <http://www.linkedin.com/company/speakerbus>Image removed by > sender. YouTube > <http://www.youtube.com/user/SpeakerbusTech?feature=watch> > > > ** > > The contents of this e-mail and any attachments are confidential > and are intended solely for the attention and use of the intended > recipient. This message should not be copied or forwarded to any > other person without the express permission of the sender. If you > are not the intended recipient, you are hereby notified that to > disclose, copy, distribute or retain this message or any part of > it, is strictly unauthorised and forbidden. If you have received > this message in error, please notify the sender by telephone or by > reply e-mail, and destroy the original message. Any views or > opinions presented are solely those of the author and do not > necessarily represent those of Speaker
RE: SNMPv3 authPriv informs (trapsess)
Looking at Colin’s reply, I realize you may need to add the createUser statements to the /var/lib/snmp/snmpd.conf file directly, instead of /etc/snmp/snmpd.conf (these are Debian 10 paths). It will replace them with usmUser statements, so you shouldn’t need to delete anything. From: John Bize Sent: Friday, July 17, 2020 1:02 PM To: Colin Anderson ; Atkins, Brian ; net-snmp-users@lists.sourceforge.net Subject: Re: SNMPv3 authPriv informs (trapsess) NetApp Security WARNING: This is an external email. Do not click links or open attachments unless you recognize the sender and know the content is safe. Thanks Colin and Brian. I will give creating a new snmpd (agent) user with the remote (manager's) engine-id a try. I was using net-snmp-create-v3-user from the libsnmp-dev package to add users. Unfortunately, it does not support engine-id, so I'll have to forgo that tool for this. Does anyone have an example of what the final trapsess looks like? On 17-Jul-2020 12:47 PM, Colin Anderson wrote: We came across this problem. There are 2 snmpd.conf files. “Your” one, in /usr/share/snmp/ and an autogenerated one in /var/net-snmp/. This autogenerated one stores the keys once they are generated. You can add the passwords to the auto-generated snmpd.conf file. (You can ignore the “Do not edit” warnings.) This file will automatically delete the password entries once the keys have been generated. This is mentioned in the wiki pages somewhere. There are other issues with this file which you may come across. We found that it seems to be written to with the old/existing config as snmpd is closing. So your changes could be overwritten. The file takes some playing with. Or depending how you’ve done it you can delete “your” snmpd.conf file once snmpd has started. We create our snmpd.conf just before we try to open snmpd and so the passwords are only added then. We then delete the file once snmpd is running. Hope this helps. Colin From: John Bize <mailto:jb...@godswind.org> Sent: 17 July 2020 15:32 To: net-snmp-users@lists.sourceforge.net<mailto:net-snmp-users@lists.sourceforge.net> Subject: Re: SNMPv3 authPriv informs (trapsess) Bump please. On 04-Jul-2020 10:11 AM, John Bize wrote: I have an embedded system running Debian 10 with snmpd v5.7.3. I'd like to configure SNMPv3 trapsess to send auth,priv informs. How is this done without putting clear-text passwords into the snmpd.conf file? Thanks. [Image removed by sender. Twitter]<https://twitter.com/speakerbus>[Image removed by sender. LinkedIn]<http://www.linkedin.com/company/speakerbus>[Image removed by sender. YouTube]<http://www.youtube.com/user/SpeakerbusTech?feature=watch> ** The contents of this e-mail and any attachments are confidential and are intended solely for the attention and use of the intended recipient. This message should not be copied or forwarded to any other person without the express permission of the sender. If you are not the intended recipient, you are hereby notified that to disclose, copy, distribute or retain this message or any part of it, is strictly unauthorised and forbidden. If you have received this message in error, please notify the sender by telephone or by reply e-mail, and destroy the original message. Any views or opinions presented are solely those of the author and do not necessarily represent those of Speakerbus unless otherwise specifically stated. We reserve the right to monitor all e-mail messages passing through our network. Speakerbus Group plc - Head Office, Hanover House, Britannia Road, Queens Gate, Waltham Cross, Hertfordshire, EN8 7TF, England.Tel: +44(0)1992 807300 Fax: +44 (0)1992 807301 Company Registration No 3330946 Home Page: http://www.speakerbus.com ** ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: SNMPv3 authPriv informs (trapsess)
Thanks Colin and Brian. I will give creating a new snmpd (agent) user with the remote (manager's) engine-id a try. I was using net-snmp-create-v3-user from the libsnmp-dev package to add users. Unfortunately, it does not support engine-id, so I'll have to forgo that tool for this. Does anyone have an example of what the final trapsess looks like? On 17-Jul-2020 12:47 PM, Colin Anderson wrote: > > We came across this problem. > > > > There are 2 snmpd.conf files. “Your” one, in /usr/share/snmp/ and an > autogenerated one in /var/net-snmp/. This autogenerated one stores > the keys once they are generated. You can add the passwords to the > auto-generated snmpd.conf file. (You can ignore the “Do not edit” > warnings.) This file will automatically delete the password entries > once the keys have been generated. This is mentioned in the wiki > pages somewhere. > > > > There are other issues with this file which you may come across. We > found that it seems to be written to with the old/existing config as > snmpd is closing. So your changes could be overwritten. The file > takes some playing with. > > > > Or depending how you’ve done it you can delete “your” snmpd.conf file > once snmpd has started. We create our snmpd.conf just before we try > to open snmpd and so the passwords are only added then. We then > delete the file once snmpd is running. > > > > Hope this helps. > > > > Colin > > > > *From:*John Bize > *Sent:* 17 July 2020 15:32 > *To:* net-snmp-users@lists.sourceforge.net > *Subject:* Re: SNMPv3 authPriv informs (trapsess) > > > > Bump please. > > On 04-Jul-2020 10:11 AM, John Bize wrote: > > I have an embedded system running Debian 10 with snmpd v5.7.3. > > I'd like to configure SNMPv3 trapsess to send auth,priv informs. > How is this done *without putting clear-text passwords *into the > snmpd.conf file? > > Thanks. > > Twitter <https://twitter.com/speakerbus>LinkedIn > <http://www.linkedin.com/company/speakerbus>YouTube > <http://www.youtube.com/user/SpeakerbusTech?feature=watch> > > ** > > The contents of this e-mail and any attachments are confidential and > are intended solely for the attention and use of the intended > recipient. This message should not be copied or forwarded to any other > person without the express permission of the sender. If you are not > the intended recipient, you are hereby notified that to disclose, > copy, distribute or retain this message or any part of it, is strictly > unauthorised and forbidden. If you have received this message in > error, please notify the sender by telephone or by reply e-mail, and > destroy the original message. Any views or opinions presented are > solely those of the author and do not necessarily represent those of > Speakerbus unless otherwise specifically stated. We reserve the right > to monitor all e-mail messages passing through our network. > > Speakerbus Group plc - Head Office, Hanover House, Britannia Road, > Queens Gate, Waltham Cross, Hertfordshire, EN8 7TF, England.Tel: > +44(0)1992 807300 Fax: +44 (0)1992 807301 Company Registration No > 3330946 Home Page: http://www.speakerbus.com > ** ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: SNMPv3 authPriv informs (trapsess)
Bump please. On 04-Jul-2020 10:11 AM, John Bize wrote: > > I have an embedded system running Debian 10 with snmpd v5.7.3. > > I'd like to configure SNMPv3 trapsess to send auth,priv informs. How > is this done *without putting clear-text passwords *into the > snmpd.conf file? > > Thanks. > ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
snmpv3 does not switch to SHA from MD5
Hello, I set up snmpv3 to use /home/user/.snmp/snmp.conf. My snmpd.conf is located in /test/dir1/. There is the original /etc/snmp/snmpd.conf file too. The initial setup is for MD5/DES. I want to switch to SHA/AES. The steps to change are: 1. service snmpd stop 2. modify /user/.snmp/snmp.conf to use SHA/AES 3. run create user to use SHA/AES 4. service snmpd start ( it uses /etc/snmp/snmpd.conf) This works - I can run "snmpwalk localhost" and the system switched to SHA/AES. When in step 5 I start snmpd with MY OWN snmpd.conf from /test/dir1/ such as "/usr/sbin/snmpd -c /test/dir1/snmpd.conf" , snmpwalk fails. When I revert back to MD5/DES, snmpwalk starts working again. As if it never switched to SHA/AES even though /var/lib/net-snmp/snmpd.conf contains correct SHA/AES OIDs and the user name. So, why does snmpwalk fail when I use my own snmpd.conf, which is in some other directory? Thank you, Vlad ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
SNMPv3 authPriv informs (trapsess)
I have an embedded system running Debian 10 with snmpd v5.7.3. I'd like to configure SNMPv3 trapsess to send auth,priv informs. How is this done *without putting clear-text passwords *into the snmpd.conf file? Thanks. ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
snmpv3 user restricted to a subnet
HI All, Just like we have com2sec restricting a community string to a subnet, do we have a means to restrict a v3 user to a subnet as well ? Thanks, Nitin ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
SNMPv3 restrict source address
Hello, I've been going through the documentation all day and haven't found a definitive answer. Can snmpd be configured to allow only V3 access only from specific IP addresses? I am aware of host.allow/deny and firewalling, but the first doesn't seem secure enough and the second will add latency to routing. My application is a dual homed Linux router, and I'm looking to keep it as secure as possible. Any examples would be appreciated. Thanks, Craig ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: NET-SNMP 5.7.2 - SNMPv3 inform does not work
Hi Matthew, do you have the possibility to catch the messages with tcpdump? If so try to catch it when you send the "snmpinform" and when it comes from Cisco! Any chance you can try with a newer version of snmp (5.7.3 or latest 5.8)? You can also start snmptrapd with "-DALL -d " to get debug messages. It will be a lot of messages so I suggest to log it to file, e.g. "snmtrapd -Lf /tmp/smptrapd.log -DALL -d .." Regards Anders Wallin On Sun, May 5, 2019 at 2:41 PM Mathew wrote: > Hi Team, > > I am trying to get SNMPv3 informs to work with Cisco devices but informs > does not work and SNMPve traps works (createUser -e > myuser SHA AuthPass DES PrivPass in snmptrapd.conf,). > > In snmptrapd.conf, I add the below and restarted as per > http://www.net-snmp.org/wiki/index.php/TUT:snmptrap_SNMPv3; > createUser Uuser SHA AuthPass DES PrivPass > > When I send a test inform with "snmpinform -v 3 -u Uuser -a SHA -A > AuthPass -x DES -X PrivPass42 coldStart.0", I see it > "/var/log/messages" file but When I send the inform from Cisco, it does not > come to /var/log/messages. > The same Cisco device SNMP configuration tested with other freeware SNMP > NMS tools, they work properly with SNMPv3 informs. > > I am not sure I am getting the correct SNMP EngineID from the Linux box > running snmptrapd to configure on Cisco devices. > > Can I please know anyone successfully tested SNMPv3 informs on NET-SNMP > 5.7.2? > If yes, can I please know the working "snmptrapd.conf" and "snmpd.conf" > configuration settings? > > Awaiting reply. > > Thanks > > Mathew > ___ > Net-snmp-users mailing list > Net-snmp-users@lists.sourceforge.net > Please see the following page to unsubscribe or change other options: > https://lists.sourceforge.net/lists/listinfo/net-snmp-users > ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
NET-SNMP 5.7.2 - SNMPv3 inform does not work
Hi Team, I am trying to get SNMPv3 informs to work with Cisco devices but informs does not work and SNMPve traps works (createUser -e myuser SHA AuthPass DES PrivPass in snmptrapd.conf,). In snmptrapd.conf, I add the below and restarted as per http://www.net-snmp.org/wiki/index.php/TUT:snmptrap_SNMPv3; createUser Uuser SHA AuthPass DES PrivPass When I send a test inform with "snmpinform -v 3 -u Uuser -a SHA -A AuthPass -x DES -X PrivPass42 coldStart.0", I see it "/var/log/messages" file but When I send the inform from Cisco, it does not come to /var/log/messages. The same Cisco device SNMP configuration tested with other freeware SNMP NMS tools, they work properly with SNMPv3 informs. I am not sure I am getting the correct SNMP EngineID from the Linux box running snmptrapd to configure on Cisco devices. Can I please know anyone successfully tested SNMPv3 informs on NET-SNMP 5.7.2? If yes, can I please know the working "snmptrapd.conf" and "snmpd.conf" configuration settings? Awaiting reply. Thanks Mathew ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: SNMPv3 docsis setup
In fact I have all I need to generate auth and priv keys. 1. On prov server side must be generated public and private DH keys (openssl can do this) 2. Prov server public key must be passed in SnmpV3MgrPublicNumber to CM. 3. CM calculates own public key and sets it in SNMP-USM-DH-OBJECTS-MIB::usmDHKickstartMyPublic 4. CM calcuatees shared secret, using own priv + pub and server's pub 5. At this step shared secret may be calculated on server side 6. Both CM and server now can calculate auth and priv using hash function, shared secret and salt. See rfc2786 for details As I understand, there is some apps which can calc auth and priv keys. I have not hound free one, but it's easy to create it вт, 26 мар. 2019 г. в 13:30, Вячеслав Баландин : > Hi > > I need to configure snmpv3 on CM. I've added tlv34 in provisioning file: > SnmpV3Kickstart > { > SnmpV3SecurityName "docsisManager"; > SnmpV3MgrPublicNumber 0x12345678; > } > CM receives auth/priv keys. Now I need to see my keys to send snmp > requests to CM. Where can I get them? I have full access to CMTS and prov > server, but I don't know where and what to look. > > To change CM keys with snmpusm I need to have v3 user with known auth/priv > password and enough permissions. But there is no initial users on CM. And > it's OS is not linux-like, so there is no snmp.conf to set initial user > manually. I've read CableLabs docs, but I can't find an explanation how to > get auth/priv keys on prov server/CMTS > > Best regards > Viacheslav > ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
SNMPv3 docsis setup
Hi I need to configure snmpv3 on CM. I've added tlv34 in provisioning file: SnmpV3Kickstart { SnmpV3SecurityName "docsisManager"; SnmpV3MgrPublicNumber 0x12345678; } CM receives auth/priv keys. Now I need to see my keys to send snmp requests to CM. Where can I get them? I have full access to CMTS and prov server, but I don't know where and what to look. To change CM keys with snmpusm I need to have v3 user with known auth/priv password and enough permissions. But there is no initial users on CM. And it's OS is not linux-like, so there is no snmp.conf to set initial user manually. I've read CableLabs docs, but I can't find an explanation how to get auth/priv keys on prov server/CMTS Best regards Viacheslav ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: snmptrapd and snmpv3 informs from Junos
; targparms > > set snmp v3 target-parameters targparms parameters > > message-processing-model v3 > > set snmp v3 target-parameters targparms parameters security-model usm > > set snmp v3 target-parameters targparms parameters security-level > > privacy > > set snmp v3 target-parameters targparms parameters security-name > > authpriv2 > > set snmp v3 notify myv3notify type inform > > set snmp v3 notify myv3notify tag macnotify > > set snmp engine-id local 0x8000 > > set snmp view myv3view oid iso include > > set ethernet-switching-options mac-notification > > > > > > Observations: > > > > With this setup, I managed to get three probe failures in 'show snmp > > inform-statistics' after a switch reboot. > > > > root@ex2200c-lab2> show snmp inform-statistics > > Inform Request Statistics: > >Target name: snmptrapd-server Address: 192.168.200.1 > > Sent: 0, Pending: 0 > > Discarded: 1, Timeouts: 0, Probe failures: 3 > > > > > > snmptrapd says: > > - > > registered debug token usm, 1 > > registered debug token engine, 1 > > usmUser: created a new user authpriv2 at 80 00 12 34 > > NET-SNMP version 5.8 > > usm: USM processing begun... > > usm: Unknown Engine ID. > > usm: USM processing has begun (offset 56) > > usm: getting user > > usm: USM processing completed. > > [three more times, 4 packets in total] > > > > > > Not sure if the list allows for attachments? Packet capture attached, > > but I have added the decoded SNMP packet for the first two frames > > below. > > > > As far as I can tell, the probes sent from the Junos end are all > > unencrypted. And not using the configured user or engine ID. > > Is this a correct interpretation of the packet capture? Not expecting > > the list to validate my Junos config, by the way. > > > > There is also the "Data not conforming to RFC3411". Any comment on > > that? > > > > > > Thanks, > > > > > > Dag B > > > > > > Decoded packets: > > - > > Simple Network Management Protocol > > msgVersion: snmpv3 (3) > > msgGlobalData > > msgID: 1610700309 > > msgMaxSize: 65507 > > msgFlags: 04 > > .1.. = Reportable: Set > > ..0. = Encrypted: Not set > > ...0 = Authenticated: Not set > > msgSecurityModel: USM (3) > > msgAuthoritativeEngineID: > > msgAuthoritativeEngineBoots: 0 > > msgAuthoritativeEngineTime: 0 > > msgUserName: > > msgAuthenticationParameters: > > msgPrivacyParameters: > > msgData: plaintext (0) > > plaintext > > contextEngineID: > > contextName: > > data: get-request (0) > > get-request > > request-id: 1679169514 > > error-status: noError (0) > > error-index: 0 > > variable-bindings: 0 items > > > > > > Simple Network Management Protocol > > msgVersion: snmpv3 (3) > > msgGlobalData > > msgID: 1610700309 > > msgMaxSize: 1472 > > msgFlags: 00 > > .0.. = Reportable: Not set > > ..0. = Encrypted: Not set > > ...0 = Authenticated: Not set > > msgSecurityModel: USM (3) > > msgAuthoritativeEngineID: 80001f88807d6dfe468a7d595c > > 1... = Engine ID Conformance: RFC3411 (SNMPv3) > > Engine Enterprise ID: net-snmp (8072) > > Engine ID Format: Reserved/Enterprise-specific (128): > > Net-SNMP > > Random > > Data not conforming to RFC3411 > > [Expert Info (Warning/Protocol): Data not conforming to > > RFC3411] > > [Data not conforming to RFC3411] > > [Severity level: Warning] > > [Group: Protocol] > > msgAuthoritativeEngineBoots: 1 > >
Re: snmptrapd and snmpv3 informs from Junos
200.1 > Sent: 0, Pending: 0 > Discarded: 1, Timeouts: 0, Probe failures: 3 > > > snmptrapd says: > - > registered debug token usm, 1 > registered debug token engine, 1 > usmUser: created a new user authpriv2 at 80 00 12 34 > NET-SNMP version 5.8 > usm: USM processing begun... > usm: Unknown Engine ID. > usm: USM processing has begun (offset 56) > usm: getting user > usm: USM processing completed. > [three more times, 4 packets in total] > > > Not sure if the list allows for attachments? Packet capture attached, > but I have added the decoded SNMP packet for the first two frames > below. > > As far as I can tell, the probes sent from the Junos end are all > unencrypted. And not using the configured user or engine ID. > Is this a correct interpretation of the packet capture? Not expecting > the list to validate my Junos config, by the way. > > There is also the "Data not conforming to RFC3411". Any comment on > that? > > > Thanks, > > > Dag B > > > Decoded packets: > - > Simple Network Management Protocol > msgVersion: snmpv3 (3) > msgGlobalData > msgID: 1610700309 > msgMaxSize: 65507 > msgFlags: 04 > .1.. = Reportable: Set > ..0. = Encrypted: Not set > ...0 = Authenticated: Not set > msgSecurityModel: USM (3) > msgAuthoritativeEngineID: > msgAuthoritativeEngineBoots: 0 > msgAuthoritativeEngineTime: 0 > msgUserName: > msgAuthenticationParameters: > msgPrivacyParameters: > msgData: plaintext (0) > plaintext > contextEngineID: > contextName: > data: get-request (0) > get-request > request-id: 1679169514 > error-status: noError (0) > error-index: 0 > variable-bindings: 0 items > > > Simple Network Management Protocol > msgVersion: snmpv3 (3) > msgGlobalData > msgID: 1610700309 > msgMaxSize: 1472 > msgFlags: 00 > .0.. = Reportable: Not set > ..0. = Encrypted: Not set > ...0 = Authenticated: Not set > msgSecurityModel: USM (3) > msgAuthoritativeEngineID: 80001f88807d6dfe468a7d595c > 1... = Engine ID Conformance: RFC3411 (SNMPv3) > Engine Enterprise ID: net-snmp (8072) > Engine ID Format: Reserved/Enterprise-specific (128): > Net-SNMP > Random > Data not conforming to RFC3411 > [Expert Info (Warning/Protocol): Data not conforming to > RFC3411] > [Data not conforming to RFC3411] > [Severity level: Warning] > [Group: Protocol] > msgAuthoritativeEngineBoots: 1 > msgAuthoritativeEngineTime: 1870 > msgUserName: > msgAuthenticationParameters: > msgPrivacyParameters: > msgData: plaintext (0) > plaintext > contextEngineID: 80001f88807d6dfe468a7d595c > 1... = Engine ID Conformance: RFC3411 (SNMPv3) > Engine Enterprise ID: net-snmp (8072) > Engine ID Format: Reserved/Enterprise-specific > (128): > Net-SNMP Random > Data not conforming to RFC3411 > [Expert Info (Warning/Protocol): Data not > conforming to RFC3411] > [Data not conforming to RFC3411] > [Severity level: Warning] > [Group: Protocol] > contextName: > data: report (8) > report > request-id: 1679169514 > error-status: noError (0) > error-index: 0 > variable-bindings: 1 item > 1.3.6.1.6.3.15.1.1.4.0: 3 > Object Name: 1.3.6.1.6.3.15.1.1.4.0 > (iso.3.6.1.6.3.15.1.1.4.0) > Value (Counter32): 3 > > ___ > Net-snmp-users mailing list > Net-snmp-users@lists.sourceforge.net > <mailto:Net-snmp-users@lists.sourceforge.net> > Please see the following page to unsubscribe or change other options: > https://lists.sourceforge.net/lists/listinfo/net-snmp-users > ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: snmptrapd and snmpv3 informs from Junos
Hi Dag, try to not set the engineID in the snmptrapd.conf and let snmptrapd and Junos negotiate the engineID createUser -e 0x80001234 authpriv2 SHA xyzzy188 AES xazzza18 -> createUser authpriv2 SHA xyzzy188 AES xazzza18 Looking at the pcap file snmptrapd sends the engineid = 80001f88., but Junos does not set it at all engineID= Regards Anders Wallin On Thu, Feb 28, 2019 at 2:02 PM Dag B wrote: > Hi. > > I am trying to convince snmptrapd to receive snmp v3 informs from Junos > (Juniper Networks' BSD-variant on switches and firewalls). The idea was > to use informs rather than traps, so I could : > - have encryption in place. > - avoid having to update the snmptrapd config for every new device > sending v3 traps > > When Junos starts its snmp process, it will send a few probes to > snmptrapd to decide if the receiver is receptive to informs. If not, it > stops sending informs. > > So far, I have not succeeded. snmptrapd appears unhappy, then Junos gets > unhappy, takes the ball and goes home. > I would like to know if my config and my understanding of the > observations are correct. > > Config, observations and sample packet capture follows: > > > > > Config: > - > > snmptrapd.conf: > > createUser -e 0x80001234 authpriv2 SHA xyzzy188 AES xazzza18 > authUser log,execute authpriv2 > > running snmptrapd like this: > -- > snmptrapd -f -C -c /tmp/snmptrapd.conf -Le -Dusm,engine > > > junos config: > - > set snmp v3 usm local-engine user authpriv authentication-sha > authentication-password xyzzy188 > set snmp v3 usm local-engine user authpriv privacy-aes128 > privacy-password xazzza18 > set snmp v3 usm remote-engine 0x80001234 user authpriv2 > authentication-sha authentication-password xyzzy188 > set snmp v3 usm remote-engine 0x80001234 user authpriv2 privacy-aes128 > privacy-password xazzza18 > set snmp v3 vacm security-to-group security-model usm security-name > authpriv group myv3group > set snmp v3 vacm security-to-group security-model usm security-name > authpriv2 group notifygroup > set snmp v3 vacm access group myv3group default-context-prefix > security-model usm security-level authentication read-view myv3view > set snmp v3 vacm access group myv3group default-context-prefix > security-model usm security-level privacy read-view myv3view > set snmp v3 vacm access group notifygroup default-context-prefix > security-model usm security-level authentication notify-view myv3view > set snmp v3 vacm access group notifygroup default-context-prefix > security-model usm security-level privacy notify-view myv3view > set snmp v3 target-address snmptrapd-server address 192.168.200.1 > set snmp v3 target-address snmptrapd-server tag-list macnotify > set snmp v3 target-address snmptrapd-server target-parameters targparms > set snmp v3 target-parameters targparms parameters > message-processing-model v3 > set snmp v3 target-parameters targparms parameters security-model usm > set snmp v3 target-parameters targparms parameters security-level privacy > set snmp v3 target-parameters targparms parameters security-name authpriv2 > set snmp v3 notify myv3notify type inform > set snmp v3 notify myv3notify tag macnotify > set snmp engine-id local 0x8000 > set snmp view myv3view oid iso include > set ethernet-switching-options mac-notification > > > Observations: > > With this setup, I managed to get three probe failures in 'show snmp > inform-statistics' after a switch reboot. > > root@ex2200c-lab2> show snmp inform-statistics > Inform Request Statistics: >Target name: snmptrapd-server Address: 192.168.200.1 > Sent: 0, Pending: 0 > Discarded: 1, Timeouts: 0, Probe failures: 3 > > > snmptrapd says: > - > registered debug token usm, 1 > registered debug token engine, 1 > usmUser: created a new user authpriv2 at 80 00 12 34 > NET-SNMP version 5.8 > usm: USM processing begun... > usm: Unknown Engine ID. > usm: USM processing has begun (offset 56) > usm: getting user > usm: USM processing completed. > [three more times, 4 packets in total] > > > Not sure if the list allows for attachments? Packet capture attached, > but I have added the decoded SNMP packet for the first two frames below. > > As far as I can tell, the probes sent from the Junos end are all > unencrypted. And not using the configured user or engine ID. > Is this a correct interpretation of the packet capture? Not expecting > the list to validate my Junos config, by the way. > > There is also the "Data not conforming to RFC3411". Any comment on that? >
snmptrapd and snmpv3 informs from Junos
Hi. I am trying to convince snmptrapd to receive snmp v3 informs from Junos (Juniper Networks' BSD-variant on switches and firewalls). The idea was to use informs rather than traps, so I could : - have encryption in place. - avoid having to update the snmptrapd config for every new device sending v3 traps When Junos starts its snmp process, it will send a few probes to snmptrapd to decide if the receiver is receptive to informs. If not, it stops sending informs. So far, I have not succeeded. snmptrapd appears unhappy, then Junos gets unhappy, takes the ball and goes home. I would like to know if my config and my understanding of the observations are correct. Config, observations and sample packet capture follows: Config: - snmptrapd.conf: createUser -e 0x80001234 authpriv2 SHA xyzzy188 AES xazzza18 authUser log,execute authpriv2 running snmptrapd like this: -- snmptrapd -f -C -c /tmp/snmptrapd.conf -Le -Dusm,engine junos config: - set snmp v3 usm local-engine user authpriv authentication-sha authentication-password xyzzy188 set snmp v3 usm local-engine user authpriv privacy-aes128 privacy-password xazzza18 set snmp v3 usm remote-engine 0x80001234 user authpriv2 authentication-sha authentication-password xyzzy188 set snmp v3 usm remote-engine 0x80001234 user authpriv2 privacy-aes128 privacy-password xazzza18 set snmp v3 vacm security-to-group security-model usm security-name authpriv group myv3group set snmp v3 vacm security-to-group security-model usm security-name authpriv2 group notifygroup set snmp v3 vacm access group myv3group default-context-prefix security-model usm security-level authentication read-view myv3view set snmp v3 vacm access group myv3group default-context-prefix security-model usm security-level privacy read-view myv3view set snmp v3 vacm access group notifygroup default-context-prefix security-model usm security-level authentication notify-view myv3view set snmp v3 vacm access group notifygroup default-context-prefix security-model usm security-level privacy notify-view myv3view set snmp v3 target-address snmptrapd-server address 192.168.200.1 set snmp v3 target-address snmptrapd-server tag-list macnotify set snmp v3 target-address snmptrapd-server target-parameters targparms set snmp v3 target-parameters targparms parameters message-processing-model v3 set snmp v3 target-parameters targparms parameters security-model usm set snmp v3 target-parameters targparms parameters security-level privacy set snmp v3 target-parameters targparms parameters security-name authpriv2 set snmp v3 notify myv3notify type inform set snmp v3 notify myv3notify tag macnotify set snmp engine-id local 0x8000 set snmp view myv3view oid iso include set ethernet-switching-options mac-notification Observations: With this setup, I managed to get three probe failures in 'show snmp inform-statistics' after a switch reboot. root@ex2200c-lab2> show snmp inform-statistics Inform Request Statistics: Target name: snmptrapd-server Address: 192.168.200.1 Sent: 0, Pending: 0 Discarded: 1, Timeouts: 0, Probe failures: 3 snmptrapd says: - registered debug token usm, 1 registered debug token engine, 1 usmUser: created a new user authpriv2 at 80 00 12 34 NET-SNMP version 5.8 usm: USM processing begun... usm: Unknown Engine ID. usm: USM processing has begun (offset 56) usm: getting user usm: USM processing completed. [three more times, 4 packets in total] Not sure if the list allows for attachments? Packet capture attached, but I have added the decoded SNMP packet for the first two frames below. As far as I can tell, the probes sent from the Junos end are all unencrypted. And not using the configured user or engine ID. Is this a correct interpretation of the packet capture? Not expecting the list to validate my Junos config, by the way. There is also the "Data not conforming to RFC3411". Any comment on that? Thanks, Dag B Decoded packets: - Simple Network Management Protocol msgVersion: snmpv3 (3) msgGlobalData msgID: 1610700309 msgMaxSize: 65507 msgFlags: 04 .1.. = Reportable: Set ..0. = Encrypted: Not set ...0 = Authenticated: Not set msgSecurityModel: USM (3) msgAuthoritativeEngineID: msgAuthoritativeEngineBoots: 0 msgAuthoritativeEngineTime: 0 msgUserName: msgAuthenticationParameters: msgPrivacyParameters: msgData: plaintext (0) plaintext contextEngineID: contextName: data: get-request (0) get-request request-id: 1679169514 error-status: noError (0) error-index: 0 variable-bindings: 0 items Simple Network Manage
SNMPV3 Inform not working on 5.7.3
Hi Team, I'm using netsnmp 5.5 and INFORMS works perfectly fine. When install 5.7.3, i see some issues with Informs. When there is a inform sent from my agent , Manager where 5.7 is installed sends a packet with wrong engineID (looks like some dynamically created engineId) . Bcz of which inform is not receiveied by Manager. While netsnmp 5.5 sends correct engineID of Manager in the ack packet. Is there any known issue ? Is there any fix needs to be added in the agent side ? Thanks, Jayashree ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
configuring snmpv3 for powerpc cross compiler
Hi geeks, I am new this snmp. And I want to compile snmp with v3 under powerpc. I am following the below method. But not able make it for v3. Please tell me what am i missing. Also tell me how can I check v3 or v2 is running on my embedded linux device. (-v and version options shows project release 5.7.3). Is there any issue with the user creation? ./configure --prefix="/home/project/filesystem/rootfs/sbin" \ --host=powerpc-fsl-linux-gnuspe \ --with-cflags="-O2" \ --with-default-snmp-version="3" \ --with-sys-contact="something" \ --with-sys-location="something" \ --with-logfile="/tmp/snmpd.log" \ --with-persistent-directory="/tmp/net-snmp" \ --disable-debugging \ --disable-scripts \ --disable-mibs \ --disable-mib-loading \ --disable-manuals \ --disable-embedded-perl \ --disable-snmptrapd-subagent \ --disable-shared \ --disable-applications \ --with-endianness=big \ --with-security-modules=usm Thank you. ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
snmpv3 createUser with engineid
Hi, Problem: --- snmpd is not considering user provided engined id in createUser directive. Background: -- - I am developing snmp subagent in order to report SNMP v3 traps to remote systems. - Remote systems are not in my control. Once they receive traps, application team can use it as they wish - Now there should be a seamless way to integrate traps into application something like, pre-agreed engineid. I should be able to send traps with pre-agreed engineid, so that application does not have to access actual hw ( why not to access actual hw is explained below in step 5). In some cases, application teams are not provided ssh access to actual hardware. Only webui access, via which they will be able to add / modify snmp v3 users and able to specify trap destination and so on. Working method: -- 1) stop snmpd 2) In /var/net-snmp/snmpd.conf add, createUser admin SHA CHANGEME AES group incremental usm admin view new_view included .1 view new_view excluded .1.3.6.1.2.1.1.1 view new_view excluded .1.3.6.1.2.1.25.4.2.1.2 access incremental "" usm priv exact new_view none none rwuser admin priv master agentx trapsess -v 3 -l authpriv -u admin ip_add_remote_machine 3) restart netsnmp 4) stop snmptrapd 5) whatever engineid is available in snmpd.conf ( login to actual hw and grep for engineid from snmpd.conf), use the same in remote machine snmptrapd.conf disableAuthorization yes createUser -e enginedid_same_as_snmpdconf admin SHA CHANGEME AES CHANGEME 6) restart snmptrapd Now I am able to receive traps on remote machine. Non-working method: -- 1) same as above 2) same as above except createUser -e 0x0102030405060504030201 admin SHA CHANGEME AES 3) restart snmpd snmpd throws error, snmpd: send_trap: USM unknown security name (no such user exists) 4) stop snmptrapd 5) Now no need to grep from snmpd.conf. As engined id is pre-agreed, simply use that disableAuthorization yes createUser -e 0x0102030405060504030201 admin SHA CHANGEME AES CHANGEME 6) restart snmptrapd Not able to receive traps on remote machine My requirement is, user should decide on what engineid to use on both snmpd ( actual hw ) and on snmptrapd ( remote machine ). By configuring this in appropriate configuration files, user should be able to receive traps without any need to access actual hw where traps are being generated. Regards, Mukunth -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
snmpv3 createUser with engineid
Hi, Problem: --- snmpd is not considering user provided engined id in createUser directive. Background: -- - I am developing snmp subagent in order to report SNMP v3 traps to remote systems. - Remote systems are not in my control. Once they receive traps, application team can use it as they wish - Now there should be a seamless way to integrate traps into application something like, pre-agreed engineid. I should be able to send traps with pre-agreed engineid, so that application does not have to access actual hw ( why not to access actual hw is explained below in step 5). In some cases, application teams are not provided ssh access to actual hardware. Only webui access, via which they will be able to add / modify snmp v3 users and able to specify trap destination and so on. Working method: -- 1) stop snmpd 2) In /var/net-snmp/snmpd.conf add, createUser admin SHA CHANGEME AES group incremental usm admin view new_view included .1 view new_view excluded .1.3.6.1.2.1.1.1 view new_view excluded .1.3.6.1.2.1.25.4.2.1.2 access incremental "" usm priv exact new_view none none rwuser admin priv master agentx trapsess -v 3 -l authpriv -u admin ip_add_remote_machine 3) restart netsnmp 4) stop snmptrapd 5) whatever engineid is available in snmpd.conf ( login to actual hw and grep for engineid from snmpd.conf), use the same in remote machine snmptrapd.conf disableAuthorization yes createUser -e enginedid_same_as_snmpdconf admin SHA CHANGEME AES CHANGEME 6) restart snmptrapd Now I am able to receive traps on remote machine. Non-working method: -- 1) same as above 2) same as above except createUser -e 0x0102030405060504030201 admin SHA CHANGEME AES 3) restart snmpd snmpd throws error, snmpd: send_trap: USM unknown security name (no such user exists) 4) stop snmptrapd 5) Now no need to grep from snmpd.conf. As engined id is pre-agreed, simply use that disableAuthorization yes createUser -e 0x0102030405060504030201 admin SHA CHANGEME AES CHANGEME 6) restart snmptrapd Not able to receive traps on remote machine My requirement is, user should decide on what engineid to use on both snmpd ( actual hw ) and on snmptrapd ( remote machine ). By configuring this in appropriate configuration files, user should be able to receive traps without any need to access actual hw where traps are being generated. Regards, Mukunth -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: patches for snmpv3 IP address selection
I provide a feed back concerning the feature "ip filtering" that I have tested on package "net-snmp-5.8.rc4": It seems to work correctly. For example if you want your snmp daemon to only reply address "192.168.1.100" just add the following line in the configuration. sourceFilterType whitelist sourceFilterAddress 192.168.1.100 Regards, Damien Garcia 2018-07-17 16:52 GMT+02:00 Damien Garcia : > Very interesting, I will try the feature in a few days and I will provide > a feedback ... > Thanks a lot Robert ! > > 2018-07-17 14:34 GMT+02:00 Robert Story : > >> On Fri, 13 Jul 2018 18:57:22 +0200 Damien wrote: >> DGVNSU> Looking at the mailing list, I have found lots of post >> DGVNSU> concerning "snmpv3 IP address selection". >> DGVNSU> In a post entitled "Support for Ciso ACLs", it seems that >> DGVNSU> some people have ever implemented patches allowing the >> DGVNSU> "snmpv3 IP address selection". see following link for >> DGVNSU> details: >> DGVNSU> https://sourceforge.net/p/net-snmp/mailman/message/16290798/ >> DGVNSU> >> DGVNSU> Does anyone have a reference of this kind of patches (even >> DGVNSU> if only available for an old version of the package or not >> DGVNSU> official) ? >> >> Actually, I was wrong when I told that no work had been done on >> this. It's not specific to version 3, but the upcoming 5.8 release >> does have support for source address filtering for packets. I'd >> forgotten about some patches submitted to the project which addded >> this functionality. >> >>sourceFilterType none|whitelist|blacklist >> specifies whether or not addresses added with >> sourceFilterAddress >> are whitelisted or blacklisted. The default is none, >> indicating >> that incoming packets will not be checked agains the filter >> list. >> >>sourceFilterAddress ADDRESS >> specifies an address to be added to the source address >> filter >> list. sourceFilterType configuration determines whether or >> not >> addresses are whitelisted or blacklisted. >> >> Robert >> > > -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: patches for snmpv3 IP address selection
Very interesting, I will try the feature in a few days and I will provide a feedback ... Thanks a lot Robert ! 2018-07-17 14:34 GMT+02:00 Robert Story : > On Fri, 13 Jul 2018 18:57:22 +0200 Damien wrote: > DGVNSU> Looking at the mailing list, I have found lots of post > DGVNSU> concerning "snmpv3 IP address selection". > DGVNSU> In a post entitled "Support for Ciso ACLs", it seems that > DGVNSU> some people have ever implemented patches allowing the > DGVNSU> "snmpv3 IP address selection". see following link for > DGVNSU> details: > DGVNSU> https://sourceforge.net/p/net-snmp/mailman/message/16290798/ > DGVNSU> > DGVNSU> Does anyone have a reference of this kind of patches (even > DGVNSU> if only available for an old version of the package or not > DGVNSU> official) ? > > Actually, I was wrong when I told that no work had been done on > this. It's not specific to version 3, but the upcoming 5.8 release > does have support for source address filtering for packets. I'd > forgotten about some patches submitted to the project which addded > this functionality. > >sourceFilterType none|whitelist|blacklist > specifies whether or not addresses added with > sourceFilterAddress > are whitelisted or blacklisted. The default is none, > indicating > that incoming packets will not be checked agains the filter > list. > >sourceFilterAddress ADDRESS > specifies an address to be added to the source address > filter > list. sourceFilterType configuration determines whether or > not > addresses are whitelisted or blacklisted. > > Robert > -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: patches for snmpv3 IP address selection
On Fri, 13 Jul 2018 18:57:22 +0200 Damien wrote: DGVNSU> Looking at the mailing list, I have found lots of post DGVNSU> concerning "snmpv3 IP address selection". DGVNSU> In a post entitled "Support for Ciso ACLs", it seems that DGVNSU> some people have ever implemented patches allowing the DGVNSU> "snmpv3 IP address selection". see following link for DGVNSU> details: DGVNSU> https://sourceforge.net/p/net-snmp/mailman/message/16290798/ DGVNSU> DGVNSU> Does anyone have a reference of this kind of patches (even DGVNSU> if only available for an old version of the package or not DGVNSU> official) ? Actually, I was wrong when I told that no work had been done on this. It's not specific to version 3, but the upcoming 5.8 release does have support for source address filtering for packets. I'd forgotten about some patches submitted to the project which addded this functionality. sourceFilterType none|whitelist|blacklist specifies whether or not addresses added with sourceFilterAddress are whitelisted or blacklisted. The default is none, indicating that incoming packets will not be checked agains the filter list. sourceFilterAddress ADDRESS specifies an address to be added to the source address filter list. sourceFilterType configuration determines whether or not addresses are whitelisted or blacklisted. Robert -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
patches for snmpv3 IP address selection
Hello, Looking at the mailing list, I have found lots of post concerning "snmpv3 IP address selection". In a post entitled "Support for Ciso ACLs", it seems that some people have ever implemented patches allowing the "snmpv3 IP address selection". see following link for details: https://sourceforge.net/p/net-snmp/mailman/message/16290798/ Does anyone have a reference of this kind of patches (even if only available for an old version of the package or not official) ? Best Regards, Damien GARCIA -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: source ip filtering for snmpv3 user
Thanks a lot Robert for your answer ! 2018-07-10 23:19 GMT+02:00 Robert Story : > On Tue, 10 Jul 2018 19:59:33 +0200 Damien wrote: > DGVNSU> "Is it possible to use source IP filtering for groups of > DGVNSU> SNMPv3 users?" > DGVNSU> > DGVNSU> This question has been posted to this mailing list in 2012 > DGVNSU> and the answer was: > DGVNSU> > DGVNSU> "No - not within the standard SNMP framework. > DGVNSU> You'd have to implement an extension to handle mapping a > DGVNSU> given username/source combination into a securityName (and > DGVNSU> reject others), rather than relying on the default identity > DGVNSU> mapping." > DGVNSU> > DGVNSU> for more details see : > DGVNSU> https://sourceforge.net/p/net-snmp/mailman/message/28743325/ > DGVNSU> > DGVNSU> Can someone confirm that it is still not possible in 2018 > DGVNSU> with the latest packages (net-snmp-5.7.3 or > DGVNSU> net-snmp-5.8.rc4) ? > > There has been no change. Source IP filtering can be done via your > firewall or with tcpwrapper support. > > Robert > -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: source ip filtering for snmpv3 user
On Tue, 10 Jul 2018 19:59:33 +0200 Damien wrote: DGVNSU> "Is it possible to use source IP filtering for groups of DGVNSU> SNMPv3 users?" DGVNSU> DGVNSU> This question has been posted to this mailing list in 2012 DGVNSU> and the answer was: DGVNSU> DGVNSU> "No - not within the standard SNMP framework. DGVNSU> You'd have to implement an extension to handle mapping a DGVNSU> given username/source combination into a securityName (and DGVNSU> reject others), rather than relying on the default identity DGVNSU> mapping." DGVNSU> DGVNSU> for more details see : DGVNSU> https://sourceforge.net/p/net-snmp/mailman/message/28743325/ DGVNSU> DGVNSU> Can someone confirm that it is still not possible in 2018 DGVNSU> with the latest packages (net-snmp-5.7.3 or DGVNSU> net-snmp-5.8.rc4) ? There has been no change. Source IP filtering can be done via your firewall or with tcpwrapper support. Robert -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
source ip filtering for snmpv3 user
Hello, "Is it possible to use source IP filtering for groups of SNMPv3 users?" This question has been posted to this mailing list in 2012 and the answer was: "No - not within the standard SNMP framework. You'd have to implement an extension to handle mapping a given username/source combination into a securityName (and reject others), rather than relying on the default identity mapping." for more details see : https://sourceforge.net/p/net-snmp/mailman/message/28743325/ Can someone confirm that it is still not possible in 2018 with the latest packages (net-snmp-5.7.3 or net-snmp-5.8.rc4) ? Best Regards, Damien GARCIA -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Trying to have the same SNMPv3 user and password over hundreds of hosts
Hello, I´m using Puppet to manage configuration across al the systems we have in our company, and as long as we do have a SNMP Module for Puppet, it is not compatible with Slackware 14.1, where we do need to configure SNMPv3. Using SNMP v1 or v2 would allow me to have the same configuration file pushed to all the hosts and all of then would indeed respnd to the same comunity name and views, etc. Unfortunally, due to the way SNMPv3 hands the users, I was not able to find a way to get the data from "/var/lib/net-snmp/snmpd.conf" to work when copied to another machine. Is there any way to have a single configuration file (inclusing username and pass) that could be shared among all the computers using v3? I trying setting the EngineID to the same on 2 machines, but this did not worked either. Thanks in advance! Josef -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: SNMPv3 access with wrong password
On 11/9/17, Bernd Eilers wrote: > > On 11/09/2017 09:39 AM, Andrejs Bogdanovs wrote: >> Why have requests succeeded in case of "" and ""? > > Because the generated MD5 Key is the same in this case. > Thank you, Bernd! I looked in the RFC and understood the reason behind this problem. The code snippet in RFC cleared my doubts. > > Kind regards, > Bernd Eilers > Wish you to have a nice day! Best wishes, Andrejs Bogdanovs -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
SNMPv3 access with wrong password
Greetings, net-snmp folks! Sorry, if this has been discussed before or is mentioned in the docs - haven't found info about this issue (only about the minimal length of the passwords). I installed net-snmp 5.7.3 on Ubuntu Linux 16.04.3 LTS (x86_64). I created SNMPv3 user using net-snmp-config: net-snmp-config --create-snmpv3-user -a "a" myuser3 I tried to access sysDescr OID: Valid password: snmpwalk -v 3 -u myuser3 -l authNoPriv -a MD5 -A "a" -mALL -M /home/user/net-snmp/mibs localhost sysDescr SNMPv2-MIB::sysDescr.0 = STRING: Linux ubuntu-pc 4.4.0-72-generic #93-Ubuntu SMP Fri Mar 31 14:07:41 UTC 2017 x86_64 Invalid ones: snmpwalk -v 3 -u myuser3 -l authNoPriv -a MD5 -A "" -mALL -M /home/user/net-snmp/mibs localhost sysDescr SNMPv2-MIB::sysDescr.0 = STRING: Linux ubuntu-pc 4.4.0-72-generic #93-Ubuntu SMP Fri Mar 31 14:07:41 UTC 2017 x86_64 snmpwalk -v 3 -u myuser3 -l authNoPriv -a MD5 -A "aaadddaa" -mALL -M /home/user/net-snmp/mibs localhost sysDescr snmpwalk: Authentication failure (incorrect password, community or key) (Sub-id not found: (top) -> sysDescr) snmpwalk -v 3 -u myuser3 -l authNoPriv -a MD5 -A "" -mALL -M /home/user/net-snmp/mibs localhost sysDescr SNMPv2-MIB::sysDescr.0 = STRING: Linux ubuntu-pc 4.4.0-72-generic #93-Ubuntu SMP Fri Mar 31 14:07:41 UTC 2017 x86_64 Why have requests succeeded in case of "" and ""? After that I created another user "myuser2" with password "" and checked /var/lib/snmp/snmpd.conf usmUser 1 3 0x80001f88801017fc5c779da558 "myuser2" "myuser2" NULL .1.3.6.1.6.3.10.1.1.2 0x706e8678f90dd89addf77ed13b2e7093 .1.3.6.1.6.3.10.1.2.2 0x706e8678f90dd89addf77ed13b2e7093 0x usmUser 1 3 0x80001f88801017fc5c779da558 "myuser3" "myuser3" NULL .1.3.6.1.6.3.10.1.1.2 0x706e8678f90dd89addf77ed13b2e7093 .1.3.6.1.6.3.10.1.2.2 0x706e8678f90dd89addf77ed13b2e7093 0x Seems, that their hashes are same. Is it as intended? Thank you for your help! Best wishes, Andrejs -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: SNMPv3 access with wrong password
On 11/09/2017 09:39 AM, Andrejs Bogdanovs wrote: Greetings, net-snmp folks! Hi there! Sorry, if this has been discussed before or is mentioned in the docs - haven't found info about this issue (only about the minimal length of the passwords). I installed net-snmp 5.7.3 on Ubuntu Linux 16.04.3 LTS (x86_64). I created SNMPv3 user using net-snmp-config: net-snmp-config --create-snmpv3-user -a "a" myuser3 I tried to access sysDescr OID: Valid password: snmpwalk -v 3 -u myuser3 -l authNoPriv -a MD5 -A "a" -mALL -M /home/user/net-snmp/mibs localhost sysDescr SNMPv2-MIB::sysDescr.0 = STRING: Linux ubuntu-pc 4.4.0-72-generic #93-Ubuntu SMP Fri Mar 31 14:07:41 UTC 2017 x86_64 Invalid ones: snmpwalk -v 3 -u myuser3 -l authNoPriv -a MD5 -A "" -mALL -M /home/user/net-snmp/mibs localhost sysDescr SNMPv2-MIB::sysDescr.0 = STRING: Linux ubuntu-pc 4.4.0-72-generic #93-Ubuntu SMP Fri Mar 31 14:07:41 UTC 2017 x86_64 snmpwalk -v 3 -u myuser3 -l authNoPriv -a MD5 -A "aaadddaa" -mALL -M /home/user/net-snmp/mibs localhost sysDescr snmpwalk: Authentication failure (incorrect password, community or key) (Sub-id not found: (top) -> sysDescr) snmpwalk -v 3 -u myuser3 -l authNoPriv -a MD5 -A "" -mALL -M /home/user/net-snmp/mibs localhost sysDescr SNMPv2-MIB::sysDescr.0 = STRING: Linux ubuntu-pc 4.4.0-72-generic #93-Ubuntu SMP Fri Mar 31 14:07:41 UTC 2017 x86_64 Why have requests succeeded in case of "" and ""? Because the generated MD5 Key is the same in this case. A look into the sample implementation of the key generation algorithm in Appendix A.2.1 of RFC3414 reveals why. https://tools.ietf.org/html/rfc3414#appendix-A.2.1 The key generation loops through 1 MB of data of the password chars wrapping at the beginning when it reaches the end. If we use "" and "" the data being looped through is the same. After that I created another user "myuser2" with password "" and checked /var/lib/snmp/snmpd.conf usmUser 1 3 0x80001f88801017fc5c779da558 "myuser2" "myuser2" NULL .1.3.6.1.6.3.10.1.1.2 0x706e8678f90dd89addf77ed13b2e7093 .1.3.6.1.6.3.10.1.2.2 0x706e8678f90dd89addf77ed13b2e7093 0x usmUser 1 3 0x80001f88801017fc5c779da558 "myuser3" "myuser3" NULL .1.3.6.1.6.3.10.1.1.2 0x706e8678f90dd89addf77ed13b2e7093 .1.3.6.1.6.3.10.1.2.2 0x706e8678f90dd89addf77ed13b2e7093 0x Seems, that their hashes are same. Is it as intended? Yes I think it is intended. See RFC3414 - User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3) Thank you for your help! Best wishes, Andrejs -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users Kind regards, Bernd Eilers -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
SNMPv3 access with wrong password
Greetings, net-snmp folks! Sorry, if this has been discussed before or is mentioned in the docs - haven't found info about this issue (only about the minimal length of the passwords). I installed net-snmp 5.7.3 on Ubuntu Linux 16.04.3 LTS (x86_64). I created SNMPv3 user using net-snmp-config: net-snmp-config --create-snmpv3-user -a "a" myuser3 I tried to access sysDescr OID: Valid password: snmpwalk -v 3 -u myuser3 -l authNoPriv -a MD5 -A "a" -mALL -M /home/user/net-snmp/mibs localhost sysDescr SNMPv2-MIB::sysDescr.0 = STRING: Linux ubuntu-pc 4.4.0-72-generic #93-Ubuntu SMP Fri Mar 31 14:07:41 UTC 2017 x86_64 Invalid ones: snmpwalk -v 3 -u myuser3 -l authNoPriv -a MD5 -A "" -mALL -M /home/user/net-snmp/mibs localhost sysDescr SNMPv2-MIB::sysDescr.0 = STRING: Linux ubuntu-pc 4.4.0-72-generic #93-Ubuntu SMP Fri Mar 31 14:07:41 UTC 2017 x86_64 snmpwalk -v 3 -u myuser3 -l authNoPriv -a MD5 -A "aaadddaa" -mALL -M /home/user/net-snmp/mibs localhost sysDescr snmpwalk: Authentication failure (incorrect password, community or key) (Sub-id not found: (top) -> sysDescr) snmpwalk -v 3 -u myuser3 -l authNoPriv -a MD5 -A "" -mALL -M /home/user/net-snmp/mibs localhost sysDescr SNMPv2-MIB::sysDescr.0 = STRING: Linux ubuntu-pc 4.4.0-72-generic #93-Ubuntu SMP Fri Mar 31 14:07:41 UTC 2017 x86_64 Why have requests succeeded in case of "" and ""? After that I created another user "myuser2" with password "" and checked /var/lib/snmp/snmpd.conf usmUser 1 3 0x80001f88801017fc5c779da558 "myuser2" "myuser2" NULL .1.3.6.1.6.3.10.1.1.2 0x706e8678f90dd89addf77ed13b2e7093 .1.3.6.1.6.3.10.1.2.2 0x706e8678f90dd89addf77ed13b2e7093 0x usmUser 1 3 0x80001f88801017fc5c779da558 "myuser3" "myuser3" NULL .1.3.6.1.6.3.10.1.1.2 0x706e8678f90dd89addf77ed13b2e7093 .1.3.6.1.6.3.10.1.2.2 0x706e8678f90dd89addf77ed13b2e7093 0x Seems, that their hashes are same. Is it as intended? Thank you for your help! Best wishes, Andrejs -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Help compiling Kerberos Security for SNMPv3
Hi Guys :D So, I'm trying to compile KSM for SNMPv3 but I'm stuck in some configurations, I guess. I'm using Centos7 and kerberos v5 on my machine and net-snmp-5.7.3.tar.gz (there's no .rpm for that version and the ksm of 5.7.2 seems to be broken). I used ./configure --with-security-modules="ksm" -with-cflags="-I/usr/include" --with-ldflags="-L/usr/lib64 -lkrb5 -lk5crypto -lcom_err" and the configure-summary is like this: >SNMP Versions Supported:1 2c 3 >Building for: linux >Net-SNMP Version: 5.7.3 >Network transport support: Callback Unix Alias TCP UDP IPv4Base SocketBase TCPBase >UDPIPv4Base UDPBase >SNMPv3 Security Modules: ksm usm >Agent MIB code:default_modules => snmpv3mibs mibII ucd_snmp notification notification-log-mib target agent_mibs agentx disman/event disman/schedule utilities host >MYSQL Trap Logging: unavailable >Embedded Perl support: disabled >SNMP Perl modules: building -- not embeddable >SNMP Python modules:disabled >Crypto support from:internal >Authentication support: MD5 SHA1 >Encryption support: DES AES >Local DNSSEC validation:disabled Can anyone tell me if it's okay or not and if kerberos security model is finished? Thanks, Matheus Abbade. -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
ksm in SNMPv3 problems
Hi guys, I'm trying to use KSM in SNMPv3, but I experienced some errors and I'm wondering why. I'm using a CentOS7 system and MIT Krb5, using: ./configure --with-security-modules="ksm" --with-cflags="-I usr/include/krb5" \ --with-ldflags="-L usr/lib64 -lkrb5 -lk5crypto -lcom_err" I can aparently compile snmp with ksm, but when I try the "make" command I'm experiencing the following errors snmpksm.c: In function 'ksm_rgenerate_out_msg': snmpksm.c:490:25: error: 'params' undeclared (first use in this function) colon = strrchr(params->session->peername, ':'); ^ snmpksm.c:490:25: note: each undeclared identifier is reported only once for each function it appears in snmpksm.c:690:13: error: 'krb5_enctype_array' undeclared (first use in this function) krb5_enctype_array[subkey->enctype]->system->block_length; ^ snmpksm.c: In function 'ksm_process_in_msg': snmpksm.c:1681:13: error: 'krb5_enctype_array' undeclared (first use in this function) krb5_enctype_array[subkey->enctype]->system->block_length; ^ make[1]: *** [snmpksm.lo] Error 1 make[1]: Leaving directory `/root/rpmbuild/BUILD/net-snmp-5.7.2/snmplib' make: *** [subdirs] Error 1 error: Bad exit status from /var/tmp/rpm-tmp.2aIPJu (%build) RPM build errors: Bad exit status from /var/tmp/rpm-tmp.2aIPJu (%build) Besides this errors, I'm wondering why the compiler keeps looking for old MIT crypto even with Kerberos v5. checking for security modules to use... ksm usm checking for krb5-config... /bin/krb5-config checking for krb5... checking for krb5_init_context in -lkrb5... yes yes checking for heimdal... no checking to see which crypto API we need to use... checking for krb5_c_encrypt... yes (cached) old MIT crypto API How can I change this configuration? Finally, I also wanna know if there are any new documentation for the ksm in snmp besides README.krb5 Thanks for the help =) Matheus Alves. -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: Need Help on Snmpv3 AES issue
If you are using "net-snmp-create-v3-user", then no. That would be a good feature request to file at https://sourceforge.net/p/net-snmp/feature-requests/new/ Bill On Wed, Jun 28, 2017 at 3:52 AM, Suhasini Katuri wrote: > Hi Bill, > > I've tried by adding rwuser sukaturi priv manually to > /usr/local/share/snmp/snmpd.conf, it is giving me expected results. > Is there anyway (command) to get priv along with rwuser in > /usr/local/share/snmp/snmpd.conf without editing it mannually. > > > Thanks, > Suhasini. > > On Tue, Jun 27, 2017 at 8:32 PM, Bill Fenner wrote: > >> On Tue, Jun 27, 2017 at 1:50 AM, Suhasini Katuri < >> katuri.suhas...@gmail.com> wrote: >> >>> Hi All, >>> >>> I've confgured a snmpv3 user with authentication of SHA and encryption >>> of AES and i tried to snmget on mib object of type sysuptime. As follows, >>> >>> i'm using centos and net-snmp version is 5.7.3, >>> >>> [root@centOs67-9 ~]# snmpd -v >>> >>> >>> >>> NET-SNMP version: 5.7.3 >>> >>> Web: http://www.net-snmp.org/ >>> >>> Email: net-snmp-cod...@lists.sourceforge.net >>> >>> >>> 1. Stop snmpd process >>> >>> >>> 2. Create snmpv3 user as follows >>> >>> [root@centOs67-9 ~]# net-snmp-config --create-snmpv3-user -a SHA -A >>> "my_password" -x AES -x "my_passwordx" sukaturi >>> >>> adding the following line to /var/net-snmp/snmpd.conf: >>> >>>createUser sukaturi SHA "my_password" AES my_passwordx >>> >>> adding the following line to /usr/local/share/snmp/snmpd.conf: >>> >>>rwuser sukaturi >>> >>> 3. Start snmpd process >>> >>> i.e [root@centOs67-9 ~]# /usr/local/sbin/snmpd >>> >>> >>> >>> Snmpd.conf consists of : >>> >>> /var/net-snmp/snmpd.conf: >>> >>> >>> >>> usmUser 1 3 0x80001f88804bacd0564aa31659 "sukaturi" "sukaturi" >>> NULL .1.3.6.1.6.3.10.1.1.3 0x6a54643582b22e968088bf569181292a6d166a7a >>> .1.3.6.1.6.3.10.1.2.4 0xbae320f7db964cdc9fa9b82589b2cde8 "" >>> >>> >>> >>> Snmpget Operations: >>> >>> - >>> >>> 1. User: sukaturi >>> >>> Type : authpriv >>> >>> >>> [root@centOs67-9 ~]# snmpget -v 3 -u sukaturi -l authPriv -a SHA -A >>> my_password -x AES -X my_passwordx localhost sysUpTime.0 >>> >>> DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (55730) 0:09:17.30 >>> >>> >>> >>> I've created snmpv3 user with auth and priv but when i tried to do >>> snmpget with authnopriv, it is accepting and giving results as follows, >>> but it generally need to throw a error like unsupported security level. >>> >>> >>> 2. User: sukaturi >>> >>> Type:authnopriv >>> >>> >>> [root@centOs67-9 ~]# snmpget -v 3 -u sukaturi -l authNoPriv -a SHA -A >>> my_password localhost sysUpTime.0 >>> >>> DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (57122) 0:09:31.22 >>> >>> [root@centOs67-9 ~]# >>> >>> This is existing with netsnmp versions of 5.7.2 and 5.7.3. >>> >>> does anybody know filed a bug for it?. I've searched in netsnmp.org >>> haven't find bug related to it. >>> >>> Can you guys please mention patch for it if bug is already filed for it. >>> Please can you guys mention the bug name for it. >>> >>> >> The documentation for the "rwuser" configuration option says that this is >> the behavior that it configures, so I would not call this a bug. If you >> want to force privacy, try "rwuser sukaturi priv". >> >> Bill >> >> > > > > -- > Thanks & Regards, > > suhasini katuri > -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: Need Help on Snmpv3 AES issue
Hi Bill, I've tried by adding rwuser sukaturi priv manually to /usr/local/share/snmp/snmpd.conf, it is giving me expected results. Is there anyway (command) to get priv along with rwuser in /usr/local/share/snmp/snmpd.conf without editing it mannually. Thanks, Suhasini. On Tue, Jun 27, 2017 at 8:32 PM, Bill Fenner wrote: > On Tue, Jun 27, 2017 at 1:50 AM, Suhasini Katuri < > katuri.suhas...@gmail.com> wrote: > >> Hi All, >> >> I've confgured a snmpv3 user with authentication of SHA and encryption of >> AES and i tried to snmget on mib object of type sysuptime. As follows, >> >> i'm using centos and net-snmp version is 5.7.3, >> >> [root@centOs67-9 ~]# snmpd -v >> >> >> >> NET-SNMP version: 5.7.3 >> >> Web: http://www.net-snmp.org/ >> >> Email: net-snmp-cod...@lists.sourceforge.net >> >> >> 1. Stop snmpd process >> >> >> 2. Create snmpv3 user as follows >> >> [root@centOs67-9 ~]# net-snmp-config --create-snmpv3-user -a SHA -A >> "my_password" -x AES -x "my_passwordx" sukaturi >> >> adding the following line to /var/net-snmp/snmpd.conf: >> >>createUser sukaturi SHA "my_password" AES my_passwordx >> >> adding the following line to /usr/local/share/snmp/snmpd.conf: >> >>rwuser sukaturi >> >> 3. Start snmpd process >> >> i.e [root@centOs67-9 ~]# /usr/local/sbin/snmpd >> >> >> >> Snmpd.conf consists of : >> >> /var/net-snmp/snmpd.conf: >> >> >> >> usmUser 1 3 0x80001f88804bacd0564aa31659 "sukaturi" "sukaturi" >> NULL .1.3.6.1.6.3.10.1.1.3 0x6a54643582b22e968088bf569181292a6d166a7a >> .1.3.6.1.6.3.10.1.2.4 0xbae320f7db964cdc9fa9b82589b2cde8 "" >> >> >> >> Snmpget Operations: >> >> - >> >> 1. User: sukaturi >> >> Type : authpriv >> >> >> [root@centOs67-9 ~]# snmpget -v 3 -u sukaturi -l authPriv -a SHA -A >> my_password -x AES -X my_passwordx localhost sysUpTime.0 >> >> DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (55730) 0:09:17.30 >> >> >> >> I've created snmpv3 user with auth and priv but when i tried to do >> snmpget with authnopriv, it is accepting and giving results as follows, >> but it generally need to throw a error like unsupported security level. >> >> >> 2. User: sukaturi >> >> Type:authnopriv >> >> >> [root@centOs67-9 ~]# snmpget -v 3 -u sukaturi -l authNoPriv -a SHA -A >> my_password localhost sysUpTime.0 >> >> DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (57122) 0:09:31.22 >> >> [root@centOs67-9 ~]# >> >> This is existing with netsnmp versions of 5.7.2 and 5.7.3. >> >> does anybody know filed a bug for it?. I've searched in netsnmp.org >> haven't find bug related to it. >> >> Can you guys please mention patch for it if bug is already filed for it. >> Please can you guys mention the bug name for it. >> >> > The documentation for the "rwuser" configuration option says that this is > the behavior that it configures, so I would not call this a bug. If you > want to force privacy, try "rwuser sukaturi priv". > > Bill > > -- Thanks & Regards, suhasini katuri -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: Need Help on Snmpv3 AES issue
On Tue, Jun 27, 2017 at 1:50 AM, Suhasini Katuri wrote: > Hi All, > > I've confgured a snmpv3 user with authentication of SHA and encryption of > AES and i tried to snmget on mib object of type sysuptime. As follows, > > i'm using centos and net-snmp version is 5.7.3, > > [root@centOs67-9 ~]# snmpd -v > > > > NET-SNMP version: 5.7.3 > > Web: http://www.net-snmp.org/ > > Email: net-snmp-cod...@lists.sourceforge.net > > > 1. Stop snmpd process > > > 2. Create snmpv3 user as follows > > [root@centOs67-9 ~]# net-snmp-config --create-snmpv3-user -a SHA -A > "my_password" -x AES -x "my_passwordx" sukaturi > > adding the following line to /var/net-snmp/snmpd.conf: > >createUser sukaturi SHA "my_password" AES my_passwordx > > adding the following line to /usr/local/share/snmp/snmpd.conf: > >rwuser sukaturi > > 3. Start snmpd process > > i.e [root@centOs67-9 ~]# /usr/local/sbin/snmpd > > > > Snmpd.conf consists of : > > /var/net-snmp/snmpd.conf: > > > > usmUser 1 3 0x80001f88804bacd0564aa31659 "sukaturi" "sukaturi" > NULL .1.3.6.1.6.3.10.1.1.3 0x6a54643582b22e968088bf569181292a6d166a7a > .1.3.6.1.6.3.10.1.2.4 0xbae320f7db964cdc9fa9b82589b2cde8 "" > > > > Snmpget Operations: > > - > > 1. User: sukaturi > > Type : authpriv > > > [root@centOs67-9 ~]# snmpget -v 3 -u sukaturi -l authPriv -a SHA -A > my_password -x AES -X my_passwordx localhost sysUpTime.0 > > DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (55730) 0:09:17.30 > > > > I've created snmpv3 user with auth and priv but when i tried to do snmpget > with authnopriv, it is accepting and giving results as follows, but it > generally need to throw a error like unsupported security level. > > > 2. User: sukaturi > > Type:authnopriv > > > [root@centOs67-9 ~]# snmpget -v 3 -u sukaturi -l authNoPriv -a SHA -A > my_password localhost sysUpTime.0 > > DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (57122) 0:09:31.22 > > [root@centOs67-9 ~]# > > This is existing with netsnmp versions of 5.7.2 and 5.7.3. > > does anybody know filed a bug for it?. I've searched in netsnmp.org > haven't find bug related to it. > > Can you guys please mention patch for it if bug is already filed for it. > Please can you guys mention the bug name for it. > > The documentation for the "rwuser" configuration option says that this is the behavior that it configures, so I would not call this a bug. If you want to force privacy, try "rwuser sukaturi priv". Bill -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: Need Help on Snmpv3 AES issue
Hi Pushpa, Thanks for information. By looking at your mail, i got that for older branches it is working fine.Latest branches are failing. Does this fix integrate in future releases?. Can you please share exact version of net-snmp has a fix for it. Thanks, Suhasini. On Tue, Jun 27, 2017 at 4:22 PM, Pushpa Thimmaiah < pushpa.thimma...@gmail.com> wrote: > Hi, > > I faced same behaviour too with latest(27/june/2017) net-snmp-5.7.3.tar.gz > > --- > *net-snmp-5.7.3* > > :~$ snmpwalk -v 3 -n "" -u initial -a MD5 -A "auth_pass" -x DES -X > "priv_pass" -l authPriv 192.168.122.85 iso.3.6.1.2.1.1.3.0 > iso.3.6.1.2.1.1.3.0 = Timeticks: (104392) 0:17:23.92 > > :~$ snmpwalk -v 3 -n "" -u initial -a MD5 -A "auth_pass" -x DES -X > "priv_pass" -l authNoPriv 192.168.122.85 iso.3.6.1.2.1.1.3.0 > iso.3.6.1.2.1.1.3.0 = Timeticks: (105137) 0:17:31.37 > > :~$ snmpwalk -v 3 -n "" -u initial -a MD5 -A "auth_pass" -l authNoPriv > 192.168.122.85 iso.3.6.1.2.1.1.3.0iso.3.6.1.2.1.1.3.0 = Timeticks: > (105747) 0:17:37.47 > > > > *net-snmp-5.4.x* > > :~$ snmpwalk -v 3 -n "" -u initial -a MD5 -A "auth_pass" -x DES -X > "priv_pass" -l authNoPriv 10.208.207.112 iso.3.6.1.2.1.1.3.0 > Error in packet. > Reason: authorizationError (access denied to that object) > ~$ snmpwalk -v 3 -n "" -u initial -a MD5 -A "auth_pass" -x DES -X > "priv_pass" -l authPriv 10.208.207.112 iso.3.6.1.2.1.1.3.0 > iso.3.6.1.2.1.1.3.0 = Timeticks: (42528) 0:07:05.28 > ---- > - > > > Thanks, > Pushpa.T > > > On Tue, Jun 27, 2017 at 11:20 AM, Suhasini Katuri < > katuri.suhas...@gmail.com> wrote: > >> Hi All, >> >> I've confgured a snmpv3 user with authentication of SHA and encryption of >> AES and i tried to snmget on mib object of type sysuptime. As follows, >> >> i'm using centos and net-snmp version is 5.7.3, >> >> [root@centOs67-9 ~]# snmpd -v >> >> >> >> NET-SNMP version: 5.7.3 >> >> Web: http://www.net-snmp.org/ >> >> Email: net-snmp-cod...@lists.sourceforge.net >> >> >> 1. Stop snmpd process >> >> >> 2. Create snmpv3 user as follows >> >> [root@centOs67-9 ~]# net-snmp-config --create-snmpv3-user -a SHA -A >> "my_password" -x AES -x "my_passwordx" sukaturi >> >> adding the following line to /var/net-snmp/snmpd.conf: >> >>createUser sukaturi SHA "my_password" AES my_passwordx >> >> adding the following line to /usr/local/share/snmp/snmpd.conf: >> >>rwuser sukaturi >> >> 3. Start snmpd process >> >> i.e [root@centOs67-9 ~]# /usr/local/sbin/snmpd >> >> >> >> Snmpd.conf consists of : >> >> /var/net-snmp/snmpd.conf: >> >> >> >> usmUser 1 3 0x80001f88804bacd0564aa31659 "sukaturi" "sukaturi" >> NULL .1.3.6.1.6.3.10.1.1.3 0x6a54643582b22e968088bf569181292a6d166a7a >> .1.3.6.1.6.3.10.1.2.4 0xbae320f7db964cdc9fa9b82589b2cde8 "" >> >> >> >> Snmpget Operations: >> >> - >> >> 1. User: sukaturi >> >> Type : authpriv >> >> >> [root@centOs67-9 ~]# snmpget -v 3 -u sukaturi -l authPriv -a SHA -A >> my_password -x AES -X my_passwordx localhost sysUpTime.0 >> >> DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (55730) 0:09:17.30 >> >> >> >> I've created snmpv3 user with auth and priv but when i tried to do >> snmpget with authnopriv, it is accepting and giving results as follows, >> but it generally need to throw a error like unsupported security level. >> >> >> 2. User: sukaturi >> >> Type:authnopriv >> >> >> [root@centOs67-9 ~]# snmpget -v 3 -u sukaturi -l authNoPriv -a SHA -A >> my_password localhost sysUpTime.0 >> >> DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (57122) 0:09:31.22 >> >> [root@centOs67-9 ~]# >> >> This is existing with netsnmp versions of 5.7.2 and 5.7.3. >> >> does anybody know filed a bug for it?. I've searched in netsnmp.org >> haven't find bug related to it. >> >> Can you guys please mention patch for it if bug is already filed for it. >> Please can you guys mention the bug name for it. >> >> -- >> Thanks & Regards, >> >> suhasini katuri >> > > -- Thanks & Regards, suhasini katuri -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: Need Help on Snmpv3 AES issue
Hi Pushpa, Does anybody filed a bug for it in latest net-snmp version. If you know about that can you share those details. Thanks , Suhasini. On Tue, Jun 27, 2017 at 4:22 PM, Pushpa Thimmaiah < pushpa.thimma...@gmail.com> wrote: > Hi, > > I faced same behaviour too with latest(27/june/2017) net-snmp-5.7.3.tar.gz > > --- > *net-snmp-5.7.3* > > :~$ snmpwalk -v 3 -n "" -u initial -a MD5 -A "auth_pass" -x DES -X > "priv_pass" -l authPriv 192.168.122.85 iso.3.6.1.2.1.1.3.0 > iso.3.6.1.2.1.1.3.0 = Timeticks: (104392) 0:17:23.92 > > :~$ snmpwalk -v 3 -n "" -u initial -a MD5 -A "auth_pass" -x DES -X > "priv_pass" -l authNoPriv 192.168.122.85 iso.3.6.1.2.1.1.3.0 > iso.3.6.1.2.1.1.3.0 = Timeticks: (105137) 0:17:31.37 > > :~$ snmpwalk -v 3 -n "" -u initial -a MD5 -A "auth_pass" -l authNoPriv > 192.168.122.85 iso.3.6.1.2.1.1.3.0iso.3.6.1.2.1.1.3.0 = Timeticks: > (105747) 0:17:37.47 > > > > *net-snmp-5.4.x* > > :~$ snmpwalk -v 3 -n "" -u initial -a MD5 -A "auth_pass" -x DES -X > "priv_pass" -l authNoPriv 10.208.207.112 iso.3.6.1.2.1.1.3.0 > Error in packet. > Reason: authorizationError (access denied to that object) > ~$ snmpwalk -v 3 -n "" -u initial -a MD5 -A "auth_pass" -x DES -X > "priv_pass" -l authPriv 10.208.207.112 iso.3.6.1.2.1.1.3.0 > iso.3.6.1.2.1.1.3.0 = Timeticks: (42528) 0:07:05.28 > ---- > - > > > Thanks, > Pushpa.T > > > On Tue, Jun 27, 2017 at 11:20 AM, Suhasini Katuri < > katuri.suhas...@gmail.com> wrote: > >> Hi All, >> >> I've confgured a snmpv3 user with authentication of SHA and encryption of >> AES and i tried to snmget on mib object of type sysuptime. As follows, >> >> i'm using centos and net-snmp version is 5.7.3, >> >> [root@centOs67-9 ~]# snmpd -v >> >> >> >> NET-SNMP version: 5.7.3 >> >> Web: http://www.net-snmp.org/ >> >> Email: net-snmp-cod...@lists.sourceforge.net >> >> >> 1. Stop snmpd process >> >> >> 2. Create snmpv3 user as follows >> >> [root@centOs67-9 ~]# net-snmp-config --create-snmpv3-user -a SHA -A >> "my_password" -x AES -x "my_passwordx" sukaturi >> >> adding the following line to /var/net-snmp/snmpd.conf: >> >>createUser sukaturi SHA "my_password" AES my_passwordx >> >> adding the following line to /usr/local/share/snmp/snmpd.conf: >> >>rwuser sukaturi >> >> 3. Start snmpd process >> >> i.e [root@centOs67-9 ~]# /usr/local/sbin/snmpd >> >> >> >> Snmpd.conf consists of : >> >> /var/net-snmp/snmpd.conf: >> >> >> >> usmUser 1 3 0x80001f88804bacd0564aa31659 "sukaturi" "sukaturi" >> NULL .1.3.6.1.6.3.10.1.1.3 0x6a54643582b22e968088bf569181292a6d166a7a >> .1.3.6.1.6.3.10.1.2.4 0xbae320f7db964cdc9fa9b82589b2cde8 "" >> >> >> >> Snmpget Operations: >> >> - >> >> 1. User: sukaturi >> >> Type : authpriv >> >> >> [root@centOs67-9 ~]# snmpget -v 3 -u sukaturi -l authPriv -a SHA -A >> my_password -x AES -X my_passwordx localhost sysUpTime.0 >> >> DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (55730) 0:09:17.30 >> >> >> >> I've created snmpv3 user with auth and priv but when i tried to do >> snmpget with authnopriv, it is accepting and giving results as follows, >> but it generally need to throw a error like unsupported security level. >> >> >> 2. User: sukaturi >> >> Type:authnopriv >> >> >> [root@centOs67-9 ~]# snmpget -v 3 -u sukaturi -l authNoPriv -a SHA -A >> my_password localhost sysUpTime.0 >> >> DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (57122) 0:09:31.22 >> >> [root@centOs67-9 ~]# >> >> This is existing with netsnmp versions of 5.7.2 and 5.7.3. >> >> does anybody know filed a bug for it?. I've searched in netsnmp.org >> haven't find bug related to it. >> >> Can you guys please mention patch for it if bug is already filed for it. >> Please can you guys mention the bug name for it. >> >> -- >> Thanks & Regards, >> >> suhasini katuri >> > > -- Thanks & Regards, suhasini katuri -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: Need Help on Snmpv3 AES issue
Hi, I faced same behaviour too with latest(27/june/2017) net-snmp-5.7.3.tar.gz --- *net-snmp-5.7.3* :~$ snmpwalk -v 3 -n "" -u initial -a MD5 -A "auth_pass" -x DES -X "priv_pass" -l authPriv 192.168.122.85 iso.3.6.1.2.1.1.3.0 iso.3.6.1.2.1.1.3.0 = Timeticks: (104392) 0:17:23.92 :~$ snmpwalk -v 3 -n "" -u initial -a MD5 -A "auth_pass" -x DES -X "priv_pass" -l authNoPriv 192.168.122.85 iso.3.6.1.2.1.1.3.0 iso.3.6.1.2.1.1.3.0 = Timeticks: (105137) 0:17:31.37 :~$ snmpwalk -v 3 -n "" -u initial -a MD5 -A "auth_pass" -l authNoPriv 192.168.122.85 iso.3.6.1.2.1.1.3.0iso.3.6.1.2.1.1.3.0 = Timeticks: (105747) 0:17:37.47 *net-snmp-5.4.x* :~$ snmpwalk -v 3 -n "" -u initial -a MD5 -A "auth_pass" -x DES -X "priv_pass" -l authNoPriv 10.208.207.112 iso.3.6.1.2.1.1.3.0 Error in packet. Reason: authorizationError (access denied to that object) ~$ snmpwalk -v 3 -n "" -u initial -a MD5 -A "auth_pass" -x DES -X "priv_pass" -l authPriv 10.208.207.112 iso.3.6.1.2.1.1.3.0 iso.3.6.1.2.1.1.3.0 = Timeticks: (42528) 0:07:05.28 ----- Thanks, Pushpa.T On Tue, Jun 27, 2017 at 11:20 AM, Suhasini Katuri wrote: > Hi All, > > I've confgured a snmpv3 user with authentication of SHA and encryption of > AES and i tried to snmget on mib object of type sysuptime. As follows, > > i'm using centos and net-snmp version is 5.7.3, > > [root@centOs67-9 ~]# snmpd -v > > > > NET-SNMP version: 5.7.3 > > Web: http://www.net-snmp.org/ > > Email: net-snmp-cod...@lists.sourceforge.net > > > 1. Stop snmpd process > > > 2. Create snmpv3 user as follows > > [root@centOs67-9 ~]# net-snmp-config --create-snmpv3-user -a SHA -A > "my_password" -x AES -x "my_passwordx" sukaturi > > adding the following line to /var/net-snmp/snmpd.conf: > >createUser sukaturi SHA "my_password" AES my_passwordx > > adding the following line to /usr/local/share/snmp/snmpd.conf: > >rwuser sukaturi > > 3. Start snmpd process > > i.e [root@centOs67-9 ~]# /usr/local/sbin/snmpd > > > > Snmpd.conf consists of : > > /var/net-snmp/snmpd.conf: > > > > usmUser 1 3 0x80001f88804bacd0564aa31659 "sukaturi" "sukaturi" > NULL .1.3.6.1.6.3.10.1.1.3 0x6a54643582b22e968088bf569181292a6d166a7a > .1.3.6.1.6.3.10.1.2.4 0xbae320f7db964cdc9fa9b82589b2cde8 "" > > > > Snmpget Operations: > > - > > 1. User: sukaturi > > Type : authpriv > > > [root@centOs67-9 ~]# snmpget -v 3 -u sukaturi -l authPriv -a SHA -A > my_password -x AES -X my_passwordx localhost sysUpTime.0 > > DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (55730) 0:09:17.30 > > > > I've created snmpv3 user with auth and priv but when i tried to do snmpget > with authnopriv, it is accepting and giving results as follows, but it > generally need to throw a error like unsupported security level. > > > 2. User: sukaturi > > Type:authnopriv > > > [root@centOs67-9 ~]# snmpget -v 3 -u sukaturi -l authNoPriv -a SHA -A > my_password localhost sysUpTime.0 > > DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (57122) 0:09:31.22 > > [root@centOs67-9 ~]# > > This is existing with netsnmp versions of 5.7.2 and 5.7.3. > > does anybody know filed a bug for it?. I've searched in netsnmp.org > haven't find bug related to it. > > Can you guys please mention patch for it if bug is already filed for it. > Please can you guys mention the bug name for it. > > -- > Thanks & Regards, > > suhasini katuri > -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Need Help on Snmpv3 AES issue
Hi All, I've confgured a snmpv3 user with authentication of SHA and encryption of AES and i tried to snmget on mib object of type sysuptime. As follows, i'm using centos and net-snmp version is 5.7.3, [root@centOs67-9 ~]# snmpd -v NET-SNMP version: 5.7.3 Web: http://www.net-snmp.org/ Email: net-snmp-cod...@lists.sourceforge.net 1. Stop snmpd process 2. Create snmpv3 user as follows [root@centOs67-9 ~]# net-snmp-config --create-snmpv3-user -a SHA -A "my_password" -x AES -x "my_passwordx" sukaturi adding the following line to /var/net-snmp/snmpd.conf: createUser sukaturi SHA "my_password" AES my_passwordx adding the following line to /usr/local/share/snmp/snmpd.conf: rwuser sukaturi 3. Start snmpd process i.e [root@centOs67-9 ~]# /usr/local/sbin/snmpd Snmpd.conf consists of : /var/net-snmp/snmpd.conf: usmUser 1 3 0x80001f88804bacd0564aa31659 "sukaturi" "sukaturi" NULL .1.3.6.1.6.3.10.1.1.3 0x6a54643582b22e968088bf569181292a6d166a7a .1.3.6.1.6.3.10.1.2.4 0xbae320f7db964cdc9fa9b82589b2cde8 "" Snmpget Operations: - 1. User: sukaturi Type : authpriv [root@centOs67-9 ~]# snmpget -v 3 -u sukaturi -l authPriv -a SHA -A my_password -x AES -X my_passwordx localhost sysUpTime.0 DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (55730) 0:09:17.30 I've created snmpv3 user with auth and priv but when i tried to do snmpget with authnopriv, it is accepting and giving results as follows, but it generally need to throw a error like unsupported security level. 2. User: sukaturi Type:authnopriv [root@centOs67-9 ~]# snmpget -v 3 -u sukaturi -l authNoPriv -a SHA -A my_password localhost sysUpTime.0 DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (57122) 0:09:31.22 [root@centOs67-9 ~]# This is existing with netsnmp versions of 5.7.2 and 5.7.3. does anybody know filed a bug for it?. I've searched in netsnmp.org haven't find bug related to it. Can you guys please mention patch for it if bug is already filed for it. Please can you guys mention the bug name for it. -- Thanks & Regards, suhasini katuri -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: SNMPv3 Debian Question
I meant for snmpv2 On Wed, Jun 7, 2017 at 3:40 AM, Wes Hardaker wrote: > Pranesh Kulkarni writes: > > > [root@localhost ~]# snmpset -c private localhost sysContact.0 s > "adminstrator" > > SNMPv2-MIB::sysContact.0 = STRING: adminstrator > > Wait if that works (and please tell me "private" is not your real > community string), then you probably need to set up authorization > properly and your SNMPv3 user doesn't have write access to the object. > Se the VACM section of the snmpd.conf manual and/or change the rouser > line to rwuser for your v3 user. > -- > Wes Hardaker > USC/ISI > -- Thanks, Pranesh -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: SNMPv3 Debian Question
Pranesh Kulkarni writes: > [root@localhost ~]# snmpset -c private localhost sysContact.0 s "adminstrator" > SNMPv2-MIB::sysContact.0 = STRING: adminstrator Wait if that works (and please tell me "private" is not your real community string), then you probably need to set up authorization properly and your SNMPv3 user doesn't have write access to the object. Se the VACM section of the snmpd.conf manual and/or change the rouser line to rwuser for your v3 user. -- Wes Hardaker USC/ISI -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: SNMPv3 Debian Question
Pranesh Kulkarni writes: > syscontact admin It *can't* be configured in snmpd.conf. If it is the agent will treat it as a read-only object because it can't save the state to it's own dynamic configuration storage. You need to remove the reference to it in the snmpd.conf file if you want to update it via snmpset. -- Wes Hardaker USC/ISI -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: SNMPv3 Debian Question
Then net-snmp agent will not the set the values which has been sent by "set" commands if the object value is configured in snmpd.conf file. following series of command to show it. cat /etc/snmp/snmpd.conf syscontact admin . [root@localhost ~]# snmpget -c public localhost sysContact.0 SNMPv2-MIB::sysContact.0 = STRING: admin after commenting the line syscontact restart the snmpd server [root@localhost ~]# systemctl restart snmpd [root@localhost ~]# snmpget -c public localhost sysContact.0 SNMPv2-MIB::sysContact.0 = STRING: root@localhost root@localhost is the default one set the syscontat string [root@localhost ~]# snmpset -c private localhost sysContact.0 s "adminstrator" SNMPv2-MIB::sysContact.0 = STRING: adminstrator [root@localhost ~]# snmpget -c public localhost sysContact.0 SNMPv2-MIB::sysContact.0 = STRING: adminstrator On Tue, May 30, 2017 at 2:56 PM, Pushpa Thimmaiah < pushpa.thimma...@gmail.com> wrote: > Hi Jayashankar, > > Yes. It should. However, I havenot verified. > > Thanks, > Pushpa.T > > On Sat, May 27, 2017 at 11:14 AM, jayshankar nair < > jayshankar.n...@gmail.com> wrote: > >> Hi Pushpa, >> >> I was wondering whether commenting sysContact.0 in snmpd.conf file will >> make it writeable again. Hence snmpset will execute successfully. >> >> Please let me know. >> >> Thanks, >> Jayshankar >> >> On Thu, May 25, 2017 at 1:33 PM, Pushpa Thimmaiah < >> pushpa.thimma...@gmail.com> wrote: >> >>> Hi Jayshankar, >>> >>> Because system.sysContact.0 is read-only. snmpd.conf on your device >>> could have directive 'sysContact'. >>> snmpd.conf manpage says that specifying sysContact directives in >>> snmpd.conf makes the corresponding object read-only, and attempts to SET >>> it will result in a *notWritable* error response. >>> >>> Thanks, >>> Pushpa.T >>> >>> On Wed, May 24, 2017 at 10:55 AM, jayshankar nair < >>> jayshankar.n...@gmail.com> wrote: >>> >>>> Hi, >>>> >>>> I am testing snmpset with snmpv3 rwuser myuser2. I am getting the below >>>> errors. >>>> >>>> snmpset -v 3 -u myuser2 -l authNoPriv -a MD5 -A my_password >>>> localhost system.sysContact.0 s d...@noc.rut‐gers.edu >>>> Error in packet. >>>> Reason: notWritable (That object does not support modification) >>>> Failed object: SNMPv2-MIB::sysContact.0 >>>> >>>> snmpget works fine. >>>> SNMPv2-MIB::sysContact.0 = STRING: Alice. >>>> >>>> >>>> >>>> >>>> Thanks, >>>> Jayshankar >>>> >>>> On Wed, May 24, 2017 at 4:08 AM, Wes Hardaker < >>>> harda...@users.sourceforge.net> wrote: >>>> >>>>> "Jan-Philipp Schollbach" writes: >>>>> >>>>> > I configured by snmpd an v3 User with the command --> >>>>> > sudo net-snmp-create-v3-user -ro -A -a SHA -X -x >>>>> AES trap >>>>> >>>>> Was the snmpd agent running when you ran that command? It actually >>>>> can't be. To add new users via the CLI, you need to stop the agent, >>>>> run >>>>> the command, and then restart it. >>>>> >>>>> (once you have an initial user configured, you can use snmpusm command >>>>> to add new users to a live agent) >>>>> -- >>>>> Wes Hardaker >>>>> USC/ISI >>>>> >>>>> >>>>> -- >>>>> Check out the vibrant tech community on one of the world's most >>>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >>>>> ___ >>>>> Net-snmp-users mailing list >>>>> Net-snmp-users@lists.sourceforge.net >>>>> Please see the following page to unsubscribe or change other options: >>>>> https://lists.sourceforge.net/lists/listinfo/net-snmp-users >>>>> >>>> >>>> >>>> >>>> -- >>>> Check out the vibrant tech community on one of the world's most >>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >>>> ___ >>
Re: SNMPv3 Debian Question
Hi Jayashankar, Yes. It should. However, I havenot verified. Thanks, Pushpa.T On Sat, May 27, 2017 at 11:14 AM, jayshankar nair wrote: > Hi Pushpa, > > I was wondering whether commenting sysContact.0 in snmpd.conf file will > make it writeable again. Hence snmpset will execute successfully. > > Please let me know. > > Thanks, > Jayshankar > > On Thu, May 25, 2017 at 1:33 PM, Pushpa Thimmaiah < > pushpa.thimma...@gmail.com> wrote: > >> Hi Jayshankar, >> >> Because system.sysContact.0 is read-only. snmpd.conf on your device >> could have directive 'sysContact'. >> snmpd.conf manpage says that specifying sysContact directives in >> snmpd.conf makes the corresponding object read-only, and attempts to SET >> it will result in a *notWritable* error response. >> >> Thanks, >> Pushpa.T >> >> On Wed, May 24, 2017 at 10:55 AM, jayshankar nair < >> jayshankar.n...@gmail.com> wrote: >> >>> Hi, >>> >>> I am testing snmpset with snmpv3 rwuser myuser2. I am getting the below >>> errors. >>> >>> snmpset -v 3 -u myuser2 -l authNoPriv -a MD5 -A my_password localhost >>> system.sysContact.0 s d...@noc.rut‐gers.edu >>> Error in packet. >>> Reason: notWritable (That object does not support modification) >>> Failed object: SNMPv2-MIB::sysContact.0 >>> >>> snmpget works fine. >>> SNMPv2-MIB::sysContact.0 = STRING: Alice. >>> >>> >>> >>> >>> Thanks, >>> Jayshankar >>> >>> On Wed, May 24, 2017 at 4:08 AM, Wes Hardaker < >>> harda...@users.sourceforge.net> wrote: >>> >>>> "Jan-Philipp Schollbach" writes: >>>> >>>> > I configured by snmpd an v3 User with the command --> >>>> > sudo net-snmp-create-v3-user -ro -A -a SHA -X -x >>>> AES trap >>>> >>>> Was the snmpd agent running when you ran that command? It actually >>>> can't be. To add new users via the CLI, you need to stop the agent, run >>>> the command, and then restart it. >>>> >>>> (once you have an initial user configured, you can use snmpusm command >>>> to add new users to a live agent) >>>> -- >>>> Wes Hardaker >>>> USC/ISI >>>> >>>> >>>> -- >>>> Check out the vibrant tech community on one of the world's most >>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >>>> ___ >>>> Net-snmp-users mailing list >>>> Net-snmp-users@lists.sourceforge.net >>>> Please see the following page to unsubscribe or change other options: >>>> https://lists.sourceforge.net/lists/listinfo/net-snmp-users >>>> >>> >>> >>> >>> -- >>> Check out the vibrant tech community on one of the world's most >>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >>> ___ >>> Net-snmp-users mailing list >>> Net-snmp-users@lists.sourceforge.net >>> Please see the following page to unsubscribe or change other options: >>> https://lists.sourceforge.net/lists/listinfo/net-snmp-users >>> >>> >> > -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: SNMPv3 Debian Question
Hi Pushpa, I was wondering whether commenting sysContact.0 in snmpd.conf file will make it writeable again. Hence snmpset will execute successfully. Please let me know. Thanks, Jayshankar On Thu, May 25, 2017 at 1:33 PM, Pushpa Thimmaiah < pushpa.thimma...@gmail.com> wrote: > Hi Jayshankar, > > Because system.sysContact.0 is read-only. snmpd.conf on your device > could have directive 'sysContact'. > snmpd.conf manpage says that specifying sysContact directives in > snmpd.conf makes the corresponding object read-only, and attempts to SET > it will result in a *notWritable* error response. > > Thanks, > Pushpa.T > > On Wed, May 24, 2017 at 10:55 AM, jayshankar nair < > jayshankar.n...@gmail.com> wrote: > >> Hi, >> >> I am testing snmpset with snmpv3 rwuser myuser2. I am getting the below >> errors. >> >> snmpset -v 3 -u myuser2 -l authNoPriv -a MD5 -A my_password localhost >> system.sysContact.0 s d...@noc.rut‐gers.edu >> Error in packet. >> Reason: notWritable (That object does not support modification) >> Failed object: SNMPv2-MIB::sysContact.0 >> >> snmpget works fine. >> SNMPv2-MIB::sysContact.0 = STRING: Alice. >> >> >> >> >> Thanks, >> Jayshankar >> >> On Wed, May 24, 2017 at 4:08 AM, Wes Hardaker < >> harda...@users.sourceforge.net> wrote: >> >>> "Jan-Philipp Schollbach" writes: >>> >>> > I configured by snmpd an v3 User with the command --> >>> > sudo net-snmp-create-v3-user -ro -A -a SHA -X -x AES >>> trap >>> >>> Was the snmpd agent running when you ran that command? It actually >>> can't be. To add new users via the CLI, you need to stop the agent, run >>> the command, and then restart it. >>> >>> (once you have an initial user configured, you can use snmpusm command >>> to add new users to a live agent) >>> -- >>> Wes Hardaker >>> USC/ISI >>> >>> >>> -- >>> Check out the vibrant tech community on one of the world's most >>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >>> ___ >>> Net-snmp-users mailing list >>> Net-snmp-users@lists.sourceforge.net >>> Please see the following page to unsubscribe or change other options: >>> https://lists.sourceforge.net/lists/listinfo/net-snmp-users >>> >> >> >> >> -- >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> ___ >> Net-snmp-users mailing list >> Net-snmp-users@lists.sourceforge.net >> Please see the following page to unsubscribe or change other options: >> https://lists.sourceforge.net/lists/listinfo/net-snmp-users >> >> > -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: SNMPv3 Debian Question
Hi Jayshankar, Because system.sysContact.0 is read-only. snmpd.conf on your device could have directive 'sysContact'. snmpd.conf manpage says that specifying sysContact directives in snmpd.conf makes the corresponding object read-only, and attempts to SET it will result in a *notWritable* error response. Thanks, Pushpa.T On Wed, May 24, 2017 at 10:55 AM, jayshankar nair wrote: > Hi, > > I am testing snmpset with snmpv3 rwuser myuser2. I am getting the below > errors. > > snmpset -v 3 -u myuser2 -l authNoPriv -a MD5 -A my_password localhost > system.sysContact.0 s d...@noc.rut‐gers.edu > Error in packet. > Reason: notWritable (That object does not support modification) > Failed object: SNMPv2-MIB::sysContact.0 > > snmpget works fine. > SNMPv2-MIB::sysContact.0 = STRING: Alice. > > > > > Thanks, > Jayshankar > > On Wed, May 24, 2017 at 4:08 AM, Wes Hardaker net> wrote: > >> "Jan-Philipp Schollbach" writes: >> >> > I configured by snmpd an v3 User with the command --> >> > sudo net-snmp-create-v3-user -ro -A -a SHA -X -x AES >> trap >> >> Was the snmpd agent running when you ran that command? It actually >> can't be. To add new users via the CLI, you need to stop the agent, run >> the command, and then restart it. >> >> (once you have an initial user configured, you can use snmpusm command >> to add new users to a live agent) >> -- >> Wes Hardaker >> USC/ISI >> >> >> -- >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> ___ >> Net-snmp-users mailing list >> Net-snmp-users@lists.sourceforge.net >> Please see the following page to unsubscribe or change other options: >> https://lists.sourceforge.net/lists/listinfo/net-snmp-users >> > > > > -- > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > ___ > Net-snmp-users mailing list > Net-snmp-users@lists.sourceforge.net > Please see the following page to unsubscribe or change other options: > https://lists.sourceforge.net/lists/listinfo/net-snmp-users > > -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: SNMPv3 Debian Question
Hi, I am testing snmpset with snmpv3 rwuser myuser2. I am getting the below errors. snmpset -v 3 -u myuser2 -l authNoPriv -a MD5 -A my_password localhost system.sysContact.0 s d...@noc.rut‐gers.edu Error in packet. Reason: notWritable (That object does not support modification) Failed object: SNMPv2-MIB::sysContact.0 snmpget works fine. SNMPv2-MIB::sysContact.0 = STRING: Alice. Thanks, Jayshankar On Wed, May 24, 2017 at 4:08 AM, Wes Hardaker < harda...@users.sourceforge.net> wrote: > "Jan-Philipp Schollbach" writes: > > > I configured by snmpd an v3 User with the command --> > > sudo net-snmp-create-v3-user -ro -A -a SHA -X -x AES > trap > > Was the snmpd agent running when you ran that command? It actually > can't be. To add new users via the CLI, you need to stop the agent, run > the command, and then restart it. > > (once you have an initial user configured, you can use snmpusm command > to add new users to a live agent) > -- > Wes Hardaker > USC/ISI > > > -- > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > ___ > Net-snmp-users mailing list > Net-snmp-users@lists.sourceforge.net > Please see the following page to unsubscribe or change other options: > https://lists.sourceforge.net/lists/listinfo/net-snmp-users > -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: SNMPv3 Debian Question
"Jan-Philipp Schollbach" writes: > I configured by snmpd an v3 User with the command --> > sudo net-snmp-create-v3-user -ro -A -a SHA -X -x AES > trap Was the snmpd agent running when you ran that command? It actually can't be. To add new users via the CLI, you need to stop the agent, run the command, and then restart it. (once you have an initial user configured, you can use snmpusm command to add new users to a live agent) -- Wes Hardaker USC/ISI -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
SNMPv3 Debian Question
Hi I configured by snmpd an v3 User with the command --> sudo net-snmp-create-v3-user -ro -A -a SHA -X -x AES trap After this i tried to pull local some snmpdata with snmpv3, but it always response timeout. --> snmpwalk -v3 -l authPriv -u trap -a SHA -A "" -x AES -X "" 127.0.0.1 And SNMPv2 and v1 worked before i created this user and no it isnt working. Im using Ubuntu 14.04 Thanks for your time and support -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Can I send SNMPv3 traps with an SNMPv2-SMI MIB?
My MIB is defined like : --- ... IMPORTS NOTIFICATION-GROUP, OBJECT-GROUP FROM SNMPv2-CONF MODULE-IDENTITY, NOTIFICATION-TYPE, OBJECT-IDENTITY, OBJECT-TYPE, enterprises FROM SNMPv2-SMI . --- So, I can use same MIB for sending SNMP traps using version SNMPv3? Or do I need separate MIB for v3 request? Regards, Sumit -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: snmpv3 trapsess
Hi, I am able to send snmpv3 traps out using trapsee trapsess -v 3 -e engineid_agent -u test124 -l authPriv -a MD5 -A mypassword -x DES -X mypassword 172.16.1.149:162 But snmptrapd running on 172.16.1.149 shows error ASN.1 parse error in message Please let me know if any configuration is missing Thanks, Pushpa On Tue, Oct 4, 2016 at 11:10 AM, Pushpa Thimmaiah < pushpa.thimma...@gmail.com> wrote: > Hi, > > I have added trapsess entry as follows in snmpd.conf (snmpAgent, > 192.168.1.44) > > trapsess -v 3 -u test113 -e engineID_snmpAgent -l authPriv -a MD5 -A > 0x4b45e9b6bf9adc21cd91e99fe70755cb -x AES -X 0x4b45e9b 192.168.1.41 > 1.Copied keys from /var/net-snmp/snmpd.conf . Is it correct? > 2. Do I have to use remote engineID instead of snmpd-engineID? > > > and createUser entry in snmptrap.conf (192.168.1.41) . > > createUser -e engineID_snmpAgent test113 MD5 mypassword AES mypassword > authUser log test113 > > But, snmpAgent not sending snmpv3 traps i.e coldtrap, shutdowntrap to > 192.168.1.41. Please let me know if I am missing any configuration > > > Thanks & Regards, > Pushpa > > > > > -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
snmpv3 trapsess
Hi, I have added trapsess entry as follows in snmpd.conf (snmpAgent, 192.168.1.44) trapsess -v 3 -u test113 -e engineID_snmpAgent -l authPriv -a MD5 -A 0x4b45e9b6bf9adc21cd91e99fe70755cb -x AES -X 0x4b45e9b 192.168.1.41 1.Copied keys from /var/net-snmp/snmpd.conf . Is it correct? 2. Do I have to use remote engineID instead of snmpd-engineID? and createUser entry in snmptrap.conf (192.168.1.41) . createUser -e engineID_snmpAgent test113 MD5 mypassword AES mypassword authUser log test113 But, snmpAgent not sending snmpv3 traps i.e coldtrap, shutdowntrap to 192.168.1.41. Please let me know if I am missing any configuration Thanks & Regards, Pushpa -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Trying to receive snmpv3 traps in my c++ application
Hi All, I'm trying to add the support to receive snmpv3 traps in my c++ application code(which is using net-snmp library). I'm not using snmptrapd. As of now its able to receive SNMPv2 traps and I'm able to process them. But when I am sending v3 traps to my application, its throwing SNMPERR_USM_UNKNOWNSECURITYNAME(-43) error while parsing(see below). netsnmp_pdu *trappdu = snmp_pdu_create(SNMP_MSG_TRAP2); if(trappdu != NULL) { int errorNumber = snmp_parse(0, &session, trappdu,(u_char*)snmpPacket->data, (size_t)snmpPacket->dataLength); } while googling, I found some posts which mention that you need to create user in snmptrapd.conf file. But in my case I'm not at all using snmptrapd, then what is the use of adding it in conf file. In that case how to process v3 traps. Are there any net-snmp APIs to create v3 user on receiver side? What do I need to do to process them in my code? Any help will be appreciated. Thanks, Jaspal -- ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
SNMPv3 support for IPV6
Hi, I am using SNMP package to create SNMPv3 session. But I am not sure how to pass transport information as UDP6 as I think default behavior is UDP. As far as I know that when use `Net::SNMP` to create session then we have "domain" parameter to classify between ipv4 and ipv6 address . But the same is not applicable to `SNMP::Session`. Can you please let me know how to pass transport information? new SNMP::Session(DestHost => $self->{'ip'}, version => 3, RemotePort => $self->{'port'}, SecEngineId => ‘0x233356', SecName => $hashVal{'userName'}, AuthProto => $authProto, AuthPass => $hashVal{'authPW'}, PrivProto => $privProto, PrivPass => $hashVal{'privPW'}, SecLevel => $hashVal{‘secLevel’'); My second question is whether Net::SNMP package support SNMPv3 support fully ? Can I create session and send trap ? Please help answering these questions . Thanks! -- What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. http://sdm.link/zohodev2dev___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: Net::snmp error when using snmpV3 with APC UPS network card
On Sat, 11 Jun 2016, Theodore Wynnychenko wrote: > > I have set up net-snmp and this is working. I also have set up snmp on > several > pieces of hardware that include snmp capabilities. As a matter of principle, > I > have enabled snmpV3 where available. > > But, while I have had no problems with snmpV3 using net-snmp, for one class of > hardware (old APC UPS Network Management cards - Model AP9617 circa 2007), I > have no trouble getting snmp data using snmpV3 with net-snmp, but snmpV3 fails > with Perl's Net::snmp (although snmpV1 works). > > So, MRTG uses Perl and Net::smnp to collect data. There is a utility called > cfgmaker included. Be avare that Net::smnp is NOT part of Net-snmp nor using Net-snmp. The perl module using Net-snmp is called SNMP and part of Net-snmp dist. I am not using MRTG or Net::snmp. Dont know which version of Net::snmp you are using. Changes are rather old, so I hope you use latest and greatest. https://metacpan.org/changes/distribution/Net-SNMP /hjj -- What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Net::snmp error when using snmpV3 with APC UPS network card
Hello I am not a Perl programmer (or anything like one), and (honestly) am not completely sure this is where I should post my observation/question; but, I think the perl net::snmp module is where the problem lies, so I decided to try here first. In any case, I have recently decided to get snmp working on my network to be used with icinga2 for monitoring. To that end, I was going to use MRTG (via the check_mrtgtraf monitoring plugin for nagios/icinga) to watch network interface usage. I have set up net-snmp and this is working. I also have set up snmp on several pieces of hardware that include snmp capabilities. As a matter of principle, I have enabled snmpV3 where available. But, while I have had no problems with snmpV3 using net-snmp, for one class of hardware (old APC UPS Network Management cards - Model AP9617 circa 2007), I have no trouble getting snmp data using snmpV3 with net-snmp, but snmpV3 fails with Perl's Net::snmp (although snmpV1 works). So, MRTG uses Perl and Net::smnp to collect data. There is a utility called cfgmaker included. First, as an example, with a non-problem piece of hardware (an old HP LaserJet printer): Using net-smnp tools: # snmpwalk -v 3 -a MD5 -A -u -x DES -X -l authPriv -n Jetdirect 10.0.128.250 SNMPv2-MIB::sysDescr.0 = STRING: HP ETHERNET MULTI-ENVIRONMENT,ROM C.25.80,JETDIRECT,JD115,EEPROM V.28.06,CIDATE 04/27/2004 SNMPv2-MIB::sysObjectID.0 = OID: SNMPv2-SMI::enterprises.11.2.3.9.1 SNMPv2-MIB::sysUpTime.0 = Timeticks: (240889502) 27 days, 21:08:15.02 SNMPv2-MIB::sysContact.0 = STRING: SNMPv2-MIB::sysName.0 = STRING: SNMPv2-MIB::sysLocation.0 = STRING: SNMPv2-MIB::sysServices.0 = INTEGER: 64 ETC If I use MRTG's cfgmaker: # /usr/local/bin/cfgmaker --ifref=eth --enablesnmpv3 --username --authpassword --authprotocol md5 --privprotocol des --privpassword --contextengineid 0x000b00110abb64570001 --contextname Jetdirect 10.0.128.250:3 --base: SNMP V3 libraries found, SNMP V3 enabled. --base: Get Device Info on public@10.0.128.250:3 --base: Vendor Id: hp --base: Populating confcache --base: Get Interface Info --base: Walking ifIndex --snpd: public@10.0.128.250:3 -> 1 -> ifIndex = 1 --snpd: public@10.0.128.250:3 -> 2 -> ifIndex = 2 ETC If I try to use snmpv3 with the APC hardware, net-snmp works: # snmpwalk -v 3 -a MD5 -A -u -x DES -X -l authPriv 10.0.128.182 SNMPv2-MIB::sysDescr.0 = STRING: APC Web/SNMP Management Card (MB:v3.9.2 PF:v3.7.3 PN:apc_hw02_aos_373.bin AF1:v3.7.2 AN1:apc_hw02_sumx_372.bin MN:AP9617 HR:5 SN: JA0143000596 MD:10/24/2001) (Embedded PowerNet SNMP Agent SW v2.2 compatible) SNMPv2-MIB::sysObjectID.0 = OID: SNMPv2-SMI::enterprises.318.1.3.2.8 SNMPv2-MIB::sysUpTime.0 = Timeticks: (19348130) 2 days, 5:44:41.30 SNMPv2-MIB::sysContact.0 = STRING: SNMPv2-MIB::sysName.0 = STRING: SNMPv2-MIB::sysLocation.0 = STRING: SNMPv2-MIB::sysServices.0 = INTEGER: 72 SNMPv2-MIB::sysORLastChange.0 = Timeticks: (0) 0:00:00.00 SNMPv2-MIB::sysORID.1 = OID: SNMPv2-MIB::snmpMIB SNMPv2-MIB::sysORID.2 = OID: SNMPv2-SMI::snmpModules.10.3.1.1 SNMPv2-MIB::sysORID.3 = OID: SNMPv2-SMI::snmpModules.11.3.1.1 SNMPv2-MIB::sysORID.4 = OID: SNMPv2-SMI::snmpModules.15.2.1.1 SNMPv2-MIB::sysORID.5 = OID: SNMPv2-SMI::snmpModules.16.2.1.1 SNMPv2-MIB::sysORDescr.1 = STRING: The MIB Module from SNMPv2 entities SNMPv2-MIB::sysORDescr.2 = STRING: SNMP Management Architecture MIB SNMPv2-MIB::sysORDescr.3 = STRING: Message Processing and Dispatching MIB SNMPv2-MIB::sysORDescr.4 = STRING: USM User MIB SNMPv2-MIB::sysORDescr.5 = STRING: VACM MIB SNMPv2-MIB::sysORUpTime.1 = Timeticks: (0) 0:00:00.00 SNMPv2-MIB::sysORUpTime.2 = Timeticks: (0) 0:00:00.00 SNMPv2-MIB::sysORUpTime.3 = Timeticks: (0) 0:00:00.00 SNMPv2-MIB::sysORUpTime.4 = Timeticks: (0) 0:00:00.00 SNMPv2-MIB::sysORUpTime.5 = Timeticks: (0) 0:00:00.00 ETC... Also, I can connect to the hardware with snmpV1 via cfgmaker and Net::snmp: # cfgmaker --ifref=eth public@10.0.128.182 --base: Get Device Info on public@10.0.128.182: --base: Vendor Id: Unknown Vendor - 1.3.6.1.4.1.318.1.3.2.8 --base: Populating confcache --base: Get Interface Info --base: Walking ifIndex --snpd: valinor@10.0.128.182: -> 1 -> ifIndex = 1 --snpd: valinor@10.0.128.182: -> 2 -> ifIndex = 2 ...ETC... But, with cfgmaker and smnpV3, I see: # /usr/local/bin/cfgmaker --ifref=eth --enablesnmpv3 --username --authpassword --authprotocol md5 --privprotocol des --privpassword --contextengineid 0x813E0300C0B764D02C 10.0.128.182:3 --base: SNMP V3 libraries found, SNMP V3 enabled. --base: Get Device Info on public@10.0.128.182:3 Use of uninitialized value in pattern match (m//) at /usr/local/libdata/perl5/site_perl/Net/SNMP.pm line 2620. SNMPopen failed: Time synchronization failed during discovery at /usr/local/libdata/perl5/site_perl/Net_SNMP_util.pm line 1580. Net_SNMP_util::snmpopen("public\@10.0.128.182:3:v4only", 0, ARRAY(0x1e348
Re: SNMPv3 on Windows servers and Win 7 - which is the right latest bundle?
I guess that the only way is to compile net-snmp with openssl support by myself... Alessandro 2016-05-26 11:13 GMT+02:00 alessandro macuz : > Hi all, > > I'm struggling in getting SNMP executable work on Windows servers and Win > 7. > > I'm a bit confused at where to find the right net-snmp executables and the > right openssl installation. > > I tried many combination of net-snmp and openssl (below 1.0.0) and the > result is exception while running or "snmp-get stopped working". > Here I read that net-snmp executables are only built against OpenSSL > version 0.9.8r but I don't seem to find that particular version. > > Could anybody point me (in terms of links) at the latest executables for > Windows and OpenSSL that will work together, please? > > I cannot use anything else than SNMPv3 and now it's week that I'm working > on it with a bit of frustration. If only I could run it on Linux but... > unfortnately I cannot :( The environments dictates to use Windows products. > > Thanks a lot in advance, > > Alex > -- Mobile security can be enabling, not merely restricting. Employees who bring their own devices (BYOD) to work are irked by the imposition of MDM restrictions. Mobile Device Manager Plus allows you to control only the apps on BYO-devices by containerizing them, leaving personal data untouched! https://ad.doubleclick.net/ddm/clk/304595813;131938128;j___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
SNMPv3 on Windows servers and Win 7 - which is the right latest bundle?
Hi all, I'm struggling in getting SNMP executable work on Windows servers and Win 7. I'm a bit confused at where to find the right net-snmp executables and the right openssl installation. I tried many combination of net-snmp and openssl (below 1.0.0) and the result is exception while running or "snmp-get stopped working". Here I read that net-snmp executables are only built against OpenSSL version 0.9.8r but I don't seem to find that particular version. Could anybody point me (in terms of links) at the latest executables for Windows and OpenSSL that will work together, please? I cannot use anything else than SNMPv3 and now it's week that I'm working on it with a bit of frustration. If only I could run it on Linux but... unfortnately I cannot :( The environments dictates to use Windows products. Thanks a lot in advance, Alex -- Mobile security can be enabling, not merely restricting. Employees who bring their own devices (BYOD) to work are irked by the imposition of MDM restrictions. Mobile Device Manager Plus allows you to control only the apps on BYO-devices by containerizing them, leaving personal data untouched! https://ad.doubleclick.net/ddm/clk/304595813;131938128;j___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: Creating snmpv3 user without conf files
Hi All, Could you please help me to resolve this? Thanks and Regards, Jobin Joseph On Tue, May 17, 2016 at 11:56 AM, Jobin Joseph wrote: > Hi All, > > I am using netsnmp 5.7.3 version. > > When trying to create snmpv3 users from an application using the callback > functions usm_parse_create_usmUser with the token and the string directly. > > Using usm_parse_create_usmUser with -e option everything works fine. > usm_parse_create_usmUser("createUser" , "-e 0x8011050 jobin MD5 passowrd > DES password"); > > But when using usm_parse_create_usmUser without -e option, the engine ID > should be generated using snmpv3_generate_engineID which does not work. > usm_parse_create_usmUser("createUser" , "jobin MD5 passowrd DES > password"); > > Debugging further on this, i found that the engine ID returned is 0 and > hence the user is not created. > > Could you please let us know whether this is the correct procedure and how > to proceed here. > Thanks in advance for all your help. > > Thanks and Regards, > Jobin Joseph > -- Mobile security can be enabling, not merely restricting. Employees who bring their own devices (BYOD) to work are irked by the imposition of MDM restrictions. Mobile Device Manager Plus allows you to control only the apps on BYO-devices by containerizing them, leaving personal data untouched! https://ad.doubleclick.net/ddm/clk/304595813;131938128;j___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Creating snmpv3 user without conf files
Hi All, I am using netsnmp 5.7.3 version. When trying to create snmpv3 users from an application using the callback functions usm_parse_create_usmUser with the token and the string directly. Using usm_parse_create_usmUser with -e option everything works fine. usm_parse_create_usmUser("createUser" , "-e 0x8011050 jobin MD5 passowrd DES password"); But when using usm_parse_create_usmUser without -e option, the engine ID should be generated using snmpv3_generate_engineID which does not work. usm_parse_create_usmUser("createUser" , "jobin MD5 passowrd DES password"); Debugging further on this, i found that the engine ID returned is 0 and hence the user is not created. Could you please let us know whether this is the correct procedure and how to proceed here. Thanks in advance for all your help. Thanks and Regards, Jobin Joseph -- Mobile security can be enabling, not merely restricting. Employees who bring their own devices (BYOD) to work are irked by the imposition of MDM restrictions. Mobile Device Manager Plus allows you to control only the apps on BYO-devices by containerizing them, leaving personal data untouched! https://ad.doubleclick.net/ddm/clk/304595813;131938128;j___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: SNMPv3 user will be set to NONVOLATILE and couldn't be deleted
Zhouhuai Shen writes: > When I have created a snmpv3 user, looks like the user's type was set > to NONVOLATILE. As a result of this, the next snmpd restart will save > this user to a non-volatile config file -- snmpd.conf. This user will > be persistent forever. Does anyone know why and how I can delete the > user if I have to? Yep, perform an SNMP set the usmUserStatus column for that user to 6 (destroy). -- Wes Hardaker Parsons -- Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
SNMPv3 user will be set to NONVOLATILE and couldn't be deleted
Hi, When I have created a snmpv3 user, looks like the user's type was set to NONVOLATILE. As a result of this, the next snmpd restart will save this user to a non-volatile config file -- snmpd.conf. This user will be persistent forever. Does anyone know why and how I can delete the user if I have to? Thanks, Henry -- Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
help on setup of snmpv3 / dtls?
Hi --- setting up v3 using TSM, and having a bit of a hard time with tutorial and other doc material. I'm unclear about the mapping of username (such as the CN from the client cert) and the security name, and when I try the tutorial examples, I get "-T is no longer used, use TRANSPORT:HOST" when trying the snmpget command. A bit lost - any pointers to current and definitive examples, or clarification of these couple of issues? Thanks in advance, -gwcmcsa -sw dev -- Transform Data into Opportunity. Accelerate data analysis in your applications with Intel Data Analytics Acceleration Library. Click to learn more. http://pubads.g.doubleclick.net/gampad/clk?id=278785351&iu=/4140___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Need info regarding Context string support in SNMPv3 client version net-snmp-5.6.1.1
Hi, We are using SNMPv3 MIB Browser and SNMPv3 Client version net-snmp-5.6.1.1 I have configured same context string field in both SNMPv3 Manager and Client. In request packet from Manager to Client, contextName value shown is same as configured, but in response packet from Client to Manager, the contextName value is shown as Can anyone please let me know whether there is support for context string in SNMPv3 client version net-snmp-5.6.1.1 Regards Abdul Moiz -- ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Need info regarding Context string support in SNMPv3 client version net-snmp-5.6.1.1
Hi, We are using SNMPv3 MIB Browser and SNMPv3 Client version net-snmp-5.6.1.1 I have configured same context string field in both SNMPv3 Manager and Client. In request packet from Manager to Client, contextName value shown is same as configured, but in response packet from Client to Manager, the contextName value is shown as Can anyone please let me know whether there is support for context string in SNMPv3 client version net-snmp-5.6.1.1 RegardsAbdul Moiz-- Go from Idea to Many App Stores Faster with Intel(R) XDK Give your users amazing mobile app experiences with Intel(R) XDK. Use one codebase in this all-in-one HTML5 development environment. Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs. http://pubads.g.doubleclick.net/gampad/clk?id=254741551&iu=/4140___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: Forward SNMPv3 traps from snmptrapd to snmpc
instead of 127.0.0.1 give actual IP address On Thu, Sep 3, 2015 at 12:11 PM, Sanjay Singh wrote: > How can i forward the Traps received by SNMPTRAPd to SNMPc (Castle Rock > Manager) Both are running on the same machine (Windows 7) > > My entry for snmptrapd.conf is: > > authUser log,execute,net myuser > forward default 127.0.0.1 > > I am sending the trap like: > > snmptrap -Ddumph_send,dumpv_send,usm -v 3 -e > 0x80001f888098520003ce755 -u myuser -a MD5 -A mypassword1 -x DES -X > mypassword2 -l authPriv 127.0.0.1 '' localhost 42 coldStart.0 > > I do receive the trap in snmptrapd log (eventlog): 2015-09-03 00:47:02 > My-PC [UDP: [192.168.0.102]:57409->[0.0.0.0]]: > DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (42) 0:00:00.42 > SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-MIB::coldStart.0 > > But I didn't receive any trap in SNMPc although i am using the forward > directive in the snmpdtrapd.conf file > > > -- > Monitor Your Dynamic Infrastructure at Any Scale With Datadog! > Get real-time metrics from all of your servers, apps and tools > in one place. > SourceForge users - Click here to start your Free Trial of Datadog now! > http://pubads.g.doubleclick.net/gampad/clk?id=241902991&iu=/4140 > ___ > Net-snmp-users mailing list > Net-snmp-users@lists.sourceforge.net > Please see the following page to unsubscribe or change other options: > https://lists.sourceforge.net/lists/listinfo/net-snmp-users > > -- Thanks, Pranesh -- ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: Forward SNMPv3 traps from snmptrapd to snmpc
Hi Sanjay Singh, Try with adding port number where SNMPc listening to . 'forward default localhost:portnumber' Eg: forward default 127.0.0.1:4477 On Mon, Oct 5, 2015 at 4:56 PM, Pushpa Thimmaiah wrote: > Hi Sanjay Singh, > > > Try with adding port number like 'forward default localhost:portnumber' > Eg: forward default 127.0.0.1:4477 > > > > On Thu, Sep 3, 2015 at 12:11 PM, Sanjay Singh > wrote: > >> How can i forward the Traps received by SNMPTRAPd to SNMPc (Castle Rock >> Manager) Both are running on the same machine (Windows 7) >> >> My entry for snmptrapd.conf is: >> >> authUser log,execute,net myuser >> forward default 127.0.0.1 >> >> I am sending the trap like: >> >> snmptrap -Ddumph_send,dumpv_send,usm -v 3 -e >> 0x80001f888098520003ce755 -u myuser -a MD5 -A mypassword1 -x DES -X >> mypassword2 -l authPriv 127.0.0.1 '' localhost 42 coldStart.0 >> >> I do receive the trap in snmptrapd log (eventlog): 2015-09-03 00:47:02 >> My-PC [UDP: [192.168.0.102]:57409->[0.0.0.0]]: >> DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (42) 0:00:00.42 >> SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-MIB::coldStart.0 >> >> But I didn't receive any trap in SNMPc although i am using the forward >> directive in the snmpdtrapd.conf file >> >> >> -- >> Monitor Your Dynamic Infrastructure at Any Scale With Datadog! >> Get real-time metrics from all of your servers, apps and tools >> in one place. >> SourceForge users - Click here to start your Free Trial of Datadog now! >> http://pubads.g.doubleclick.net/gampad/clk?id=241902991&iu=/4140 >> ___ >> Net-snmp-users mailing list >> Net-snmp-users@lists.sourceforge.net >> Please see the following page to unsubscribe or change other options: >> https://lists.sourceforge.net/lists/listinfo/net-snmp-users >> >> > -- ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: Forward SNMPv3 traps from snmptrapd to snmpc
Hi Sanjay Singh, Try with adding port number like 'forward default localhost:portnumber' Eg: forward default 127.0.0.1:4477 On Thu, Sep 3, 2015 at 12:11 PM, Sanjay Singh wrote: > How can i forward the Traps received by SNMPTRAPd to SNMPc (Castle Rock > Manager) Both are running on the same machine (Windows 7) > > My entry for snmptrapd.conf is: > > authUser log,execute,net myuser > forward default 127.0.0.1 > > I am sending the trap like: > > snmptrap -Ddumph_send,dumpv_send,usm -v 3 -e > 0x80001f888098520003ce755 -u myuser -a MD5 -A mypassword1 -x DES -X > mypassword2 -l authPriv 127.0.0.1 '' localhost 42 coldStart.0 > > I do receive the trap in snmptrapd log (eventlog): 2015-09-03 00:47:02 > My-PC [UDP: [192.168.0.102]:57409->[0.0.0.0]]: > DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (42) 0:00:00.42 > SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-MIB::coldStart.0 > > But I didn't receive any trap in SNMPc although i am using the forward > directive in the snmpdtrapd.conf file > > > -- > Monitor Your Dynamic Infrastructure at Any Scale With Datadog! > Get real-time metrics from all of your servers, apps and tools > in one place. > SourceForge users - Click here to start your Free Trial of Datadog now! > http://pubads.g.doubleclick.net/gampad/clk?id=241902991&iu=/4140 > ___ > Net-snmp-users mailing list > Net-snmp-users@lists.sourceforge.net > Please see the following page to unsubscribe or change other options: > https://lists.sourceforge.net/lists/listinfo/net-snmp-users > > -- ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: SNMPv3 SHA support
Hi Wes, Thanks for reply, I get the SHA working on my setup. Actually I was using -3M and -3m for auth and priv pass. These were working only for MD5 and DES/AES protocol but not for SHA. Then I change the option from -3M to -m and -3m to -m and now all the combination of auth and priv pass are working. Thanks Vijendra. On 29/09/15 5:34 am, "Wes Hardaker" wrote: >"Vijendra Agarwal (vijagarw)" writes: > >> Can anybody please let me know If I need to configure/check anything >> else to make SHA protocol works? > >Did you set up access control rights too? >-- >Wes Hardaker >Parsons -- ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
SNMPv3 SHA support
Hi All, I am configuring my system for SNMPv3 support. I created the user with authProto as SHA and privProto as AES. The user get created successfully. When I am sending snmpwalk request with the above configured protocols I am getting output as "No Such Object available on this agent at this OID" If I configure the system to use MD5 and AES and send the same snmpwalk request then I am getting the output correctly. On my system openssl is already installed. I check with -Dusm flag as well. I am getting below logs in that usm: USM processing begun... usm: match on user nit usm: Verification succeeded. usm: USM processing completed. usm: USM processing has begun (offset 49) usm: Encryption successful. usm: USM processing completed. SNMPv2-SMI::enterprises. = No Such Object available on this agent at this OID Can anybody please let me know If I need to configure/check anything else to make SHA protocol works? Thanks Vijendra. -- ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Forward SNMPv3 traps from snmptrapd to snmpc
How can i forward the Traps received by SNMPTRAPd to SNMPc (Castle Rock Manager) Both are running on the same machine (Windows 7) My entry for snmptrapd.conf is: authUser log,execute,net myuser forward default 127.0.0.1 I am sending the trap like: snmptrap -Ddumph_send,dumpv_send,usm -v 3 -e 0x80001f888098520003ce755 -u myuser -a MD5 -A mypassword1 -x DES -X mypassword2 -l authPriv 127.0.0.1 '' localhost 42 coldStart.0 I do receive the trap in snmptrapd log (eventlog): 2015-09-03 00:47:02 My-PC [UDP: [192.168.0.102]:57409->[0.0.0.0]]: DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (42) 0:00:00.42 SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-MIB::coldStart.0 But I didn't receive any trap in SNMPc although i am using the forward directive in the snmpdtrapd.conf file -- Monitor Your Dynamic Infrastructure at Any Scale With Datadog! Get real-time metrics from all of your servers, apps and tools in one place. SourceForge users - Click here to start your Free Trial of Datadog now! http://pubads.g.doubleclick.net/gampad/clk?id=241902991&iu=/4140___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
SNMPv3 and Extension Agent
Hi All, We currently have a Windows Extension Agent Dll which uses the Windows SNMP service. It all work in SNMP version 1. We need to migrate to SNMP v3 now. As Window SNMP Service doesn't support Version 3, I am planning to use Net-SNMP. My need some help: 1. Will Net-SNMP(version 3) be able to work with our Extension Agent as is? or Extension Agent will also require some changes as was running with version1 previously? 2. Where can I find the Latest 64 bit installer for windows for Net-SNMP? 3. Any guide or pointer on configuring Net-SNMP for version 3 on windows? Any help will be much appreciated as this is my first exposure to Net-SNMP. Thanks, Sanjay Singh -- ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
SNMPv3 SSH - failed rfc5343 contextEngineID probing
Hello I am trying SNMPv3 SSH transport accordind this tutorial http://www.net-snmp.org/wiki/index.php/SSH Unfortunately I got this error: failed rfc5343 contextEngineID probing Does anybody know, what I missed? What is wrong? /opt/shared/adl-net-snmp/bin/snmpstatus -m all -M mibs -r1 -Dssh,tsm,trans ssh:localhost:22 registered debug token ssh, 1 registered debug token tsm, 1 registered debug token trans, 1 tsm: registering ourselves tsm: returned 0 ssh/config: parsing socket info: 664 kantort games ssh/config: socket permissions: 664 (436) ssh/config: socket owner: kantort (5932) ssh/config: socket group: games (20) ssh: Fingerprint: d83dc61281c7fa8958d7a6ca821524d1 Authentication methods: publickey,gssapi-keyex,gssapi-with-mic,password Authentication by public key succeeded. Opened connection. tsm: TSM: Reached our session initialization callback tsm: Starting TSM processing tsm: TSM processing completed. transport:send: 70 bytes to SSH: [127.0.0.1]:22 ssh: at the top of ssh_recv ssh: t=0x10beb20 ssh: addr_pair=0x10c1110 ssh: t=0x10beb20, addr_pair=0x10c1110, channel=0x10d4200 ssh: recv fd 3 got 0 bytes ssh: close fd 3 failed rfc5343 contextEngineID probing snmpstatus: Session abort failure Thanks Tomas This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you for understanding. -- Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users