On Sun, Oct 28, 2018 at 7:30 PM Bart Van Assche <bvanass...@acm.org> wrote:
> On 10/23/18 6:00 AM, Mark Christiansen wrote: > > Does anybody have ideas of what could be going wrong here? > > > > I built net-SNMP 5.8 for my Windows 10 machine. I set up my snmpd.conf > > file as shown below where I added the same users as I have on my > > Linux machine called aurelius. I get the following responses when I run > > snmpgetnext for the two servers: > > > > C:\Users\markw>snmpgetnext -v 3 -l authPriv -u user3 -a MD5 -A > > user3password -x DES -X user3encryption aurelius .1.3 > > SNMPv2-MIB::sysDescr.0 = STRING: Linux aurelius 3.13.0-40-generic > > #69-Ubuntu SMP Thu Nov 13 17:56:26 UTC 2014 i686 > > > > C:\Users\markw>snmpgetnext -v 3 -l authPriv -u user3 -a MD5 -A > > user3password -x DES -X user3encryption localhost .1.3 > > snmpgetnext: Decryption error > > The behavior of the encryption code should be consistent on Windows and > Linux, at least if both have been compiled with the same encryption > support (OpenSSL or internal). Adding appropriate debug flags at the > agent and client side will probably provide a better insight in what's > going on. Flags that probably will yield interesting information are -d > and -D > > netsnmp_udp_parse_security,netsnmp_udp6_parse_security,netsnmp_unix_parse_security,tls,tsm. > > Thanks, Bart. Okay, I ran the following on my Linux box using net-snmp version 5.7.2 for a baseline of what I can expect to happen. markwc@aurelius ~$ snmpgetnext -v 2c -u user1 -c public localhost .1.3 iso.3.6.1.2.1.1.1.0 = STRING: "Linux aurelius 3.13.0-40-generic #69-Ubuntu SMP Thu Nov 13 17:56:26 UTC 2014 i686" markwc@aurelius ~$ snmpgetnext -v 3 -l auth -u user2 -a MD5 -A user2password localhost .1.3 iso.3.6.1.2.1.1.1.0 = STRING: "Linux aurelius 3.13.0-40-generic #69-Ubuntu SMP Thu Nov 13 17:56:26 UTC 2014 i686" markwc@aurelius ~$ snmpgetnext -v 3 -l authPriv -u user3 -a MD5 -A user3password -x DES -X user3encryption localhost .1.3 iso.3.6.1.2.1.1.1.0 = STRING: "Linux aurelius 3.13.0-40-generic #69-Ubuntu SMP Thu Nov 13 17:56:26 UTC 2014 i686" Then I ran the following on my Windows box with my 5.8 that I built to access my Linux box. C:\Users\markw>snmpgetnext -v 2c -c public -u user1 aurelius .1.3 SNMPv2-MIB::sysDescr.0 = STRING: Linux aurelius 3.13.0-40-generic #69-Ubuntu SMP Thu Nov 13 17:56:26 UTC 2014 i686 C:\Users\markw>snmpgetnext -v 3 -l auth -u user2 -a MD5 -A user2password aurelius .1.3 SNMPv2-MIB::sysDescr.0 = STRING: Linux aurelius 3.13.0-40-generic #69-Ubuntu SMP Thu Nov 13 17:56:26 UTC 2014 i686 C:\Users\markw>snmpgetnext -v 3 -l authPriv -u user3 -a MD5 -A user3password -x DES -X user3encryption aurelius .1.3 SNMPv2-MIB::sysDescr.0 = STRING: Linux aurelius 3.13.0-40-generic #69-Ubuntu SMP Thu Nov 13 17:56:26 UTC 2014 i686 Finally I ran the following on my Windows box to access the local server: C:\Users\markw>snmpgetnext -v 2c -c public -u user1 localhost .1.3 SNMPv2-MIB::sysDescr.0 = STRING: Windows DESKTOP-6FJOPTT 10.0.17134 Windows 10 Enterprise Intel64 Family 6 Model 26 Stepping 4 C:\Users\markw>snmpgetnext -v 3 -l auth -u user2 -a MD5 -A user2password localhost .1.3 SNMPv2-MIB::sysDescr.0 = STRING: Windows DESKTOP-6FJOPTT 10.0.17134 Windows 10 Enterprise Intel64 Family 6 Model 26 Stepping 4 C:\Users\markw>snmpgetnext -v 3 -l authPriv -u user3 -a MD5 -A user3password -x DES -X user3encryption localhost .1.3 snmpgetnext: Decryption error The attached file contains the output of snmpd for the Windows box calls to snmpgetnext using the debug options you gave me. I do not know expected debug outputs. Do we have a guide for that or is there something you can tell me by looking at the output? Also, how can I know for sure if I built it to use OpenSSL? Does the fact that that snmpgetnext works for the version 3 SNMP when talking to the Linux box indicate that? Thanks. Mark.
C:\Users\markw>snmpd -d -Dnetsnmp_udp_parse_security,netsnmp_udp6_parse_security,netsnmp_unix_parse_security,tls,tsm registered debug token netsnmp_udp_parse_security, 1 registered debug token netsnmp_udp6_parse_security, 1 registered debug token netsnmp_unix_parse_security, 1 registered debug token tls, 1 registered debug token tsm, 1 netsnmp_udp_parse_security: <"public", 0.0.0.0/0.0.0.0> => "comm3" netsnmp_udp_parse_security: <"private", 0.0.0.0/0.0.0.0> => "comm4" Turning on AgentX master support. NET-SNMP version 5.8 Received 34 byte packet from UDP: [127.0.0.1]:61065->[127.0.0.1]:161 0000: 30 20 02 01 01 04 06 70 75 62 6C 69 63 A1 13 02 0 .....public¡.. 0016: 02 10 48 02 01 00 02 01 00 30 07 30 05 06 01 2B ..H......0.0...+ 0032: 05 00 .. Sending 135 bytes to UDP: [127.0.0.1]:61065->[127.0.0.1]:161 0000: 30 81 84 02 01 01 04 06 70 75 62 6C 69 63 A2 77 0.,.....public¢w 0016: 02 02 10 48 02 01 00 02 01 00 30 6B 30 69 06 08 ...H......0k0i.. 0032: 2B 06 01 02 01 01 01 00 04 5D 57 69 6E 64 6F 77 +........]Window 0048: 73 20 44 45 53 4B 54 4F 50 2D 36 46 4A 4F 50 54 s DESKTOP-6FJOPT 0064: 54 20 31 30 2E 30 2E 31 37 31 33 34 20 57 69 6E T 10.0.17134 Win 0080: 64 6F 77 73 20 31 30 20 45 6E 74 65 72 70 72 69 dows 10 Enterpri 0096: 73 65 20 49 6E 74 65 6C 36 34 20 46 61 6D 69 6C se Intel64 Famil 0112: 79 20 36 20 4D 6F 64 65 6C 20 32 36 20 53 74 65 y 6 Model 26 Ste 0128: 70 70 69 6E 67 20 34 pping 4 Received 59 byte packet from UDP: [127.0.0.1]:61068->[127.0.0.1]:161 0000: 30 39 02 01 03 30 0E 02 02 3C D9 02 02 05 C0 04 09...0...<U...A. 0016: 01 04 02 01 03 04 10 30 0E 04 00 02 01 00 02 01 .......0........ 0032: 00 04 00 04 00 04 00 30 12 04 00 04 00 A0 0C 02 .......0..... .. 0048: 02 13 6A 02 01 00 02 01 00 30 00 ..j......0. Sending 110 bytes to UDP: [127.0.0.1]:61068->[127.0.0.1]:161 0000: 30 6C 02 01 03 30 0E 02 02 3C D9 02 02 05 C0 04 0l...0...<U...A. 0016: 01 00 02 01 03 04 21 30 1F 04 11 80 00 1F 88 80 ......!0........ 0032: 0C 56 00 00 18 C4 CA 5B 00 00 00 00 02 01 54 02 .V...ÄE[......T. 0048: 01 12 04 00 04 00 04 00 30 34 04 11 80 00 1F 88 ........04...... 0064: 80 0C 56 00 00 18 C4 CA 5B 00 00 00 00 04 00 A8 ..V...ÄE[......" 0080: 1D 02 02 13 6A 02 01 00 02 01 00 30 11 30 0F 06 ....j......0.0.. 0096: 0A 2B 06 01 06 03 0F 01 01 04 00 41 01 01 .+.........A.. Received 117 byte packet from UDP: [127.0.0.1]:61068->[127.0.0.1]:161 0000: 30 73 02 01 03 30 0E 02 02 3C D8 02 02 05 C0 04 0s...0...<O...A. 0016: 01 05 02 01 03 04 32 30 30 04 11 80 00 1F 88 80 ......200....... 0032: 0C 56 00 00 18 C4 CA 5B 00 00 00 00 02 01 54 02 .V...ÄE[......T. 0048: 01 12 04 05 75 73 65 72 32 04 0C 11 1B 20 5A 27 ....user2.... Z' 0064: D6 B6 1B 77 3E 74 73 04 00 30 2A 04 11 80 00 1F Ö.w>ts..0*..... 0080: 88 80 0C 56 00 00 18 C4 CA 5B 00 00 00 00 04 00 ...V...ÄE[...... 0096: A1 13 02 02 13 69 02 01 00 02 01 00 30 07 30 05 ¡....i......0.0. 0112: 06 01 2B 05 00 ..+.. Sending 219 bytes to UDP: [127.0.0.1]:61068->[127.0.0.1]:161 0000: 30 81 D8 02 01 03 30 0E 02 02 3C D8 02 02 05 C0 0.O...0...<O...A 0016: 04 01 01 02 01 03 04 32 30 30 04 11 80 00 1F 88 .......200...... 0032: 80 0C 56 00 00 18 C4 CA 5B 00 00 00 00 02 01 54 ..V...ÄE[......T 0048: 02 01 12 04 05 75 73 65 72 32 04 0C 2F 1C 9A D0 .....user2../.sD 0064: C9 02 F5 43 68 46 B4 5A 04 00 30 81 8E 04 11 80 É.oChF'Z..0.Z... 0080: 00 1F 88 80 0C 56 00 00 18 C4 CA 5B 00 00 00 00 .....V...ÄE[.... 0096: 04 00 A2 77 02 02 13 69 02 01 00 02 01 00 30 6B ..¢w...i......0k 0112: 30 69 06 08 2B 06 01 02 01 01 01 00 04 5D 57 69 0i..+........]Wi 0128: 6E 64 6F 77 73 20 44 45 53 4B 54 4F 50 2D 36 46 ndows DESKTOP-6F 0144: 4A 4F 50 54 54 20 31 30 2E 30 2E 31 37 31 33 34 JOPTT 10.0.17134 0160: 20 57 69 6E 64 6F 77 73 20 31 30 20 45 6E 74 65 Windows 10 Ente 0176: 72 70 72 69 73 65 20 49 6E 74 65 6C 36 34 20 46 rprise Intel64 F 0192: 61 6D 69 6C 79 20 36 20 4D 6F 64 65 6C 20 32 36 amily 6 Model 26 0208: 20 53 74 65 70 70 69 6E 67 20 34 Stepping 4 Received 59 byte packet from UDP: [127.0.0.1]:50250->[127.0.0.1]:161 0000: 30 39 02 01 03 30 0E 02 02 67 97 02 02 05 C0 04 09...0...g-...A. 0016: 01 04 02 01 03 04 10 30 0E 04 00 02 01 00 02 01 .......0........ 0032: 00 04 00 04 00 04 00 30 12 04 00 04 00 A0 0C 02 .......0..... .. 0048: 02 62 7A 02 01 00 02 01 00 30 00 .bz......0. Sending 110 bytes to UDP: [127.0.0.1]:50250->[127.0.0.1]:161 0000: 30 6C 02 01 03 30 0E 02 02 67 97 02 02 05 C0 04 0l...0...g-...A. 0016: 01 00 02 01 03 04 21 30 1F 04 11 80 00 1F 88 80 ......!0........ 0032: 0C 56 00 00 18 C4 CA 5B 00 00 00 00 02 01 54 02 .V...ÄE[......T. 0048: 01 1D 04 00 04 00 04 00 30 34 04 11 80 00 1F 88 ........04...... 0064: 80 0C 56 00 00 18 C4 CA 5B 00 00 00 00 04 00 A8 ..V...ÄE[......" 0080: 1D 02 02 62 7A 02 01 00 02 01 00 30 11 30 0F 06 ...bz......0.0.. 0096: 0A 2B 06 01 06 03 0F 01 01 04 00 41 01 02 .+.........A.. Received 132 byte packet from UDP: [127.0.0.1]:50250->[127.0.0.1]:161 0000: 30 81 81 02 01 03 30 0E 02 02 67 96 02 02 05 C0 0.....0...g-...A 0016: 04 01 07 02 01 03 04 3A 30 38 04 11 80 00 1F 88 .......:08...... 0032: 80 0C 56 00 00 18 C4 CA 5B 00 00 00 00 02 01 54 ..V...ÄE[......T 0048: 02 01 1D 04 05 75 73 65 72 33 04 0C DD E7 1A FA .....user3..Yç.ú 0064: A7 F9 75 85 25 2E E2 56 04 08 00 00 00 01 DB E2 ùu.%.âV......Uâ 0080: 9D 63 04 30 07 94 28 0C 93 B3 DE 00 2D 73 59 A3 .c.0."(."3_.-sY£ 0096: A1 16 F8 11 23 99 70 CD 0C BB 66 6A B9 21 28 2D ¡.o.#.pI.»fj1!(- 0112: BC 35 E2 F0 B5 35 64 EF 29 75 35 D7 FD 86 29 96 ¼5âdµ5dï)u5xy+)- 0128: 42 75 B6 C2 BuA Sending 114 bytes to UDP: [127.0.0.1]:50250->[127.0.0.1]:161 0000: 30 70 02 01 03 30 0E 02 02 67 96 02 02 05 C0 04 0p...0...g-...A. 0016: 01 00 02 01 03 04 26 30 24 04 11 80 00 1F 88 80 ......&0$....... 0032: 0C 56 00 00 18 C4 CA 5B 00 00 00 00 02 01 54 02 .V...ÄE[......T. 0048: 01 1D 04 05 75 73 65 72 33 04 00 04 00 30 33 04 ....user3....03. 0064: 11 80 00 1F 88 80 0C 56 00 00 18 C4 CA 5B 00 00 .......V...ÄE[.. 0080: 00 00 04 00 A8 1C 02 01 00 02 01 00 02 01 00 30 ...."..........0 0096: 11 30 0F 06 0A 2B 06 01 06 03 0F 01 01 06 00 41 .0...+.........A 0112: 01 01 ..
_______________________________________________ Net-snmp-coders mailing list Net-snmp-coders@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/net-snmp-coders