RE: MIB output given even if snmpv3 user configured with diff privileges

Wed, 10 Feb 2010 05:25:38 -0800 

Hi Dave,
 
Thanks for you suggestion.
 
I understand it is much simpler to use "rouser", but my requirement is that I 
should be able to define views and be able to associate a user to a particular 
view.
For example, a view "testView" may include everything and exclude a particulat 
set of tables/MIB, so my user should have access to that view. And I need to 
have several users with different auth/priv privileges.
I also need to have support for V1 and V2.
 
How should I configure for such a case.
 
Kindly suggest.
 
Thanks & Regards,
Kapil.

________________________________

From: dave.shi...@googlemail.com on behalf of Dave Shield
Sent: Wed 2/10/2010 2:07 PM
To: Srikapilan Gandhi (WT01 - Telecom Equipment)
Cc: net-snmp-coders@lists.sourceforge.net
Subject: Re: MIB output given even if snmpv3 user configured with diff 
privileges



On 10 February 2010 07:34,  <srikapilan.gan...@wipro.com> wrote:
> group operator usm user1
> rouser user1

You are mixing two styles of access control.

Either use "rouser" *OR* use "view/group/access"
Do NOT try to mix the two - particularly with the same username.


> But, my query for any of my MIB is yeilding output even if I use "-l
> noAuthNoPriv" for user1

Correct.
That's what you configured using the line:

   access operator "" any noauth exact _all_ _none_ _all_

(since "user1" is part of the group "operator").
Note the token "noauth" in this line.



> The above query should not yeild output as "user1" is configured as
> anthNoPriv.

Wrong - see above.


> I need VACM and my agent should support all SNMP V1,V2 and V3.

I'd strongly suggest that you stick to the
   "r[ow]{user,community}" directives throughout.
They are much simpler than the group/access approach,
and you're much less likely to make this sort of configuration error.

Dave



------------------------------------------------------------------------------
SOLARIS 10 is the OS for Data Centers - provides features such as DTrace,
Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW
http://p.sf.net/sfu/solaris-dev2dev
_______________________________________________
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

Reply via email to