Hi Ulrich, I was intended to test/illustrate how VACM security works for notifications and traps. Many users are not aware that SNMP4J-Agent checks the access rights for outgoing variable bindings of a trap.
The AgenPro configuration template does not contain this (intended) inconsistency. Nevertheless, even this template is not a ready to use configuration for a production deployment, because it uses standard passwords and may not match your security requirements, because SNMPv1 and v2c are enabled by default. Best regards, Frank > On 11. Jul 2018, at 14:54, ulrich berl <ulrich.b...@gmx.net> wrote: > > Hi! > > I try to receive the v3 trap coldStartNotification from TestAgent sample. > > Using the TestAgent from test folder (2.6.3) i get the known vacm access > denied error: > > Found group name 'v3group' for secName 'v3notify' and secModel 3 > Access denied by VACM for 1.3.6.1.6.3.1.1.5.1 > > After inspecting the code i can see, that > > TargetParams for "v3notify" are set to NOAUTH_NOPRIV but VACM for "v3group" > is set to AUTH_PRIV. > User "v3notify" has no AUTH/PRIV params configured. > > Working configurations: > > setting group of v3notify to v3restricted (this group has NOAUTH_NOPRIV and > allows reading 1.3.6.1.6.3.1.1.5.1) > > or > > for TargetParams of "v3notify" setting SecurityLevel to AUTH_PRIV and secName > to "SHADES", so outgoing message will be encrypted > (the usm user has to be configured in the manager application) > > Was this intentionally configured or i miss something ? > > br, Ulrich > _______________________________________________ > SNMP4J mailing list > SNMP4J@agentpp.org > https://oosnmp.net/mailman/listinfo/snmp4j _______________________________________________ SNMP4J mailing list SNMP4J@agentpp.org https://oosnmp.net/mailman/listinfo/snmp4j
