On Tue, Apr 30, 2019 at 12:17 AM Krishna Vivek Vitta < krishna.vivekvi...@citrix.com> wrote:
> Hi Bill, > > > > Thanks Bill for looking into it. The version is old, but is there any bug > which describes this anomaly ? > I don't know. > Following are the contents of snmpd.conf > > > > *#* > > *# Copy this file to /mpsconfig, and make changes to /mpsconfig/snmpd.conf* > > *# Changes in /etc/snmpd.conf will be lost following a reboot.* > > *#* > > *# The following are example for snmpd.conf.* > > *#* > > *#SNMP Trap Destination example* > > *sysobjectid 1.3.6.1.4.1.5951.6* > > *exactEngineID 0x80001f8880f9e71c18d35dfe5b00000000* > > *rocommunity public 0.0.0.0* > > *rouser temp noAuthNoPriv* > > *rouser test noAuthNoPriv* > > *view SNMP-View included 1.3.6.1* > > *rouser test authPriv -V SNMP-View* > > *rouser second noAuthNoPriv* > > > > *trapsess -v 3 -u test -l authPriv 10.91.31.244:162 > <http://10.91.31.244:162>* > > > > *trap2sink 10.102.126.217:162 <http://10.102.126.217:162> public* > > > > The below commands are internal to software. We have CLI tool to add snmp > users and config. > > add snmpuser name=test auth_password=testtest privacy_password=testtest > auth_protocol=SHA1 privacy_protocol=AES view_name=SNMP-View > security_level=authPriv > > add snmpview name=SNMP-View subtree=1.3.6.1 type=Include > My point is, without knowing in what way this changes the configuration, there is no way to help you. Perhaps your command "add snmptrap dest_server=10.91.31.244 user_name=test dest_port=162 version=v3" is changing something about the user, and that is why you have authentication troubles after that. What does that command do? How does it change the state of snmpd? Bill > > *From:* Bill Fenner <fen...@gmail.com> > *Sent:* 29 April 2019 22:01 > *To:* Krishna Vivek Vitta <krishna.vivekvi...@citrix.com> > *Cc:* net-snmp-users@lists.sourceforge.net > *Subject:* Re: Help required for "snmpwalk: Authentication failure " > > > > Hi Krishna, > > > > net-snmp 5.5 is 10 years old this year. 5.8 is the current release. > > > > That said, it might be possible to help you if you share the actual > snmpd.conf files. You mention "add snmptrap dest_server=10.91.31.244 > user_name=test dest_port=162 version=v3", but that is not how to configure > net-snmp, so I don't know what to think about how that changes the actual > configuration. > > > > Bill > > > > > > On Wed, Apr 24, 2019 at 7:19 AM Krishna Vivek Vitta < > krishna.vivekvi...@citrix.com> wrote: > > Any update on the behaviour ? > > > > > > Thank you > > Krishna Vivek > > > > *From:* Krishna Vivek Vitta > *Sent:* 23 April 2019 11:43 > *To:* net-snmp-users@lists.sourceforge.net > *Subject:* Help required for "snmpwalk: Authentication failure " > > > > Hi expert, > > > > We have a case where snmpwalk fails after snmpv3 user is added to trap > destination. Net-SNMP version being used is 5.5 on FreeBSD setup > > > > We start with a configured user for SNMPv3. We used SHA1 and AES for the > auth and privacy protocols: > > add snmpuser name=test auth_password=testtest privacy_password=testtest > auth_protocol=SHA1 privacy_protocol=AES view_name=SNMP-View > security_level=authPriv > > add snmpview name=SNMP-View subtree=1.3.6.1 type=Include > > > > The above steps: > > Adds a createUser directive in /var/mps/netsnmp/snmpd.conf and restarts > snmpd > > 1. SNMPD replaces the createUser directive with a usmUser directive > in persistent conf > > > > All this is normal. The configuration in the persistent snmpd.conf is > correct. This is our test entry: > > > > bash-3.2# fgrep 0x4e65747363616c657200 /var/mps/netsnmp/snmpd.conf > > usmUser 1 3 0x80001f88809c0a3f394b485c5600000000 0x4e65747363616c657200 > 0x4e65747363616c657200 NULL .1.3.6.1.6.3.10.1.1.3 > 0x06be7a79a8108ccde730455187973c0719b3e460 .1.3.6.1.6.3.10.1.2.4 > 0x06be7a79a8108ccde730455187973c07 "" > > > > bash-3.2# gdb /usr/sbin/snmpd -p `cat /var/run/snmpd.pid` --batch > --command=/root/print_users.gdb | awk '/test/,/privKey:/' > > name: 0x801c6fac0: "test" > > secName: 0x801c6fad0: "test" > > *authProtocol: .1.3.6.1.6.3.10.1.1.3 << This means SHA1* > > *privProtocol: .1.3.6.1.6.3.10.1.2.4 << This means AES* > > authKey: 0x6be7a79a8108ccd 0xe730455187973c07 0x19b3e46000000000 > > privKey: 0x6be7a79a8108ccd 0xe730455187973c07 > > > > And of course the queries work: > > > > vyos@vyos:~$ snmpwalk - -v3 -l authPriv -u Netscaler -a SHA -A 'testtest' > -x AES -X 'testtest' 10.91.16.71:161 > <http://secure-web.cisco.com/1DeWAQy3PpOvyZKTQKl0y9vktN-KUg8jeA8jEq2ZgffI-qSxpcTBB_0HSvLxxp_13uwvBEvQG8UWcOuYctOjMmK--OCCmSkH6cCvXaZh-qMkU97wqGLkJ7PHUvBVZj0hHl4lQwSlHSYOuKbetU-6WzrC7YqkJDubz4NNSC9hIom88WZHQMPriwTuQLyhP11YehxZS__2b2gSbl066_YF16bdWtb0uFenZdyf7D096Td_PC2yJtemzmMx2cFqDfEyLeMAB77cL5CXV7NKZMSZTbQ/http%3A%2F%2F10.91.16.71%3A161> > 1.3.6.1.2.1.1.1 > > SNMPv2-MIB::sysDescr.0 = STRING: FreeBSD nssdx-mgmt 8.4-NETSCALER-12.0 > FreeBSD 8.4-NETSCALER-12.0 #0: Wed Sep 12 06:47:55 PDT 2018 > root@sjcpbld84-64:/usr/obj/home/build/rs_120_59_5_RTM/usr.src/sys/NSSVM[image: > https://issues.citrite.net/images/icons/mail_small.gif] > <root@sjcpbld84-64:/usr/obj/home/build/rs_120_59_5_RTM/usr.src/sys/NSSVM> > amd64 > > > > Then I add an snmptrap destination that uses this user: > > > > add snmptrap dest_server=10.91.31.244 user_name=test dest_port=162 > version=v3 > > And the queries fail with authentication failure: > > vyos@vyos:~$ snmpwalk - -v3 -l authPriv -u Netscaler -a SHA -A > 'testtest' -x AES -X 'testtest' 10.91.16.71:161 > <http://secure-web.cisco.com/1DeWAQy3PpOvyZKTQKl0y9vktN-KUg8jeA8jEq2ZgffI-qSxpcTBB_0HSvLxxp_13uwvBEvQG8UWcOuYctOjMmK--OCCmSkH6cCvXaZh-qMkU97wqGLkJ7PHUvBVZj0hHl4lQwSlHSYOuKbetU-6WzrC7YqkJDubz4NNSC9hIom88WZHQMPriwTuQLyhP11YehxZS__2b2gSbl066_YF16bdWtb0uFenZdyf7D096Td_PC2yJtemzmMx2cFqDfEyLeMAB77cL5CXV7NKZMSZTbQ/http%3A%2F%2F10.91.16.71%3A161> > 1.3.6.1.2.1.1.1 > > snmpwalk: Authentication failure (incorrect password, community or key) > > > > This time although the configuration is the same, snmpd internally has set > the wrong protocols: > > > > bash-3.2# fgrep 0x4e65747363616c657200 /var/mps/netsnmp/snmpd.conf > > usmUser 1 3 0x80001f88809c0a3f394b485c5600000000 0x4e65747363616c657200 > 0x4e65747363616c657200 NULL *.1.3.6.1.6.3.10.1.1.3* > 0x06be7a79a8108ccde730455187973c0719b3e460 > *.1.3.6.1.6.3.10.1.2.4*0x06be7a79a8108ccde730455187973c07 > 0x > > bash-3.2# gdb /usr/sbin/snmpd -p `cat /var/run/snmpd.pid` --batch > --command=/root/print_users.gdb | awk '/Netscaler/,/privKey:/' > > name: 0x801c6fac0: "test" > > secName: 0x801c6fad0: "test" > > *authProtocol: .1.3.6.1.6.3.10.1.1.2 << This means MD5* > > *privProtocol: .1.3.6.1.6.3.10.1.2.2 << This means DES* > > authKey: 0x6be7a79a8108ccd 0xe730455187973c07 0x19b3e46000000000 > > privKey: 0x6be7a79a8108ccd 0xe730455187973c07 > > > > > > Kindly provide assistance in resolving the case. > > > > Thank you > > Krishna Vivek > > > > _______________________________________________ > Net-snmp-users mailing list > Net-snmp-users@lists.sourceforge.net > Please see the following page to unsubscribe or change other options: > https://lists.sourceforge.net/lists/listinfo/net-snmp-users > >
_______________________________________________ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
