Hi net-snmp-coders, I've been working on updating the net-snmp version of software we use on Centos 7 to net-snmp 5.9. This is being required because of a vulnerability that is know in the NIST vulnerability database. We develop our own MIB groups in C and compile them in to source code repos that we pull for the site. Everything has worked great for -v2c. We are now trying to get this implemented for -v3 and running into major issues. I believe this is a configuration issues because running the following command on "net-snmp-config --create-snmpv3-user -a MD5 -A myuser12345 myuser" from this guide<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.thegeekdiary.com%2Fcentos-rhel-6-install-and-configure-snmpv3%2F&data=04%7C01%7Cjcook%40envistacom.com%7C38ac1d1419234f50efe508d8c6c52549%7C8d7424e25e1b48f699abe818cd9f5507%7C1%7C0%7C637477897349851608%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=fH18R0pTYx5XrXTYoeCPOEdGF6brGEwSk5I0JGTprew%3D&reserved=0>. This creates everything here.
[root@localhost]# net-snmp-config --create-snmpv3-user -a MD5 -A my_password myuser adding the following line to /var/net-snmp/snmpd.conf: createUser myuser MD5 "my_password" DES "" adding the following line to /snmp/snmpd.conf: rwuser myuser This appears to be where the issue happen. When I start our compiled snmpd binary it seems to overwrite /var/net-snmp/snmpd.conf every time. Therefore I can never create our initial snmpv3 users and every time I run a snmpwalk I get. [evcLinuxAdmin@localhost ~]$ snmpwalk -v3 -u myuser -l authNoPriv -a MD5 -A my_ password localhost snmpwalk: Unknown user name I've stepped back and stripped all our C mib-group code from the build to keep it all repo only code. I did this to ensure it's not us. Running into the same issue there I dropped back to run on the yum installed net-snmp version that is know to our yum repo created the user again following the guide from above. [user@localhost ~]$ /usr/sbin/snmpd --version NET-SNMP version: 5.7.2 Web: http://www.net-snmp.org/ Email: net-snmp-coders@lists.sourceforge.net<mailto:net-snmp-coders@lists.sourceforge.net> [root]# net-snmp-config --create-snmpv3-user -a MD5 -A my_password myuser adding the following line to /var/net-snmp/snmpd.conf: createUser myuser MD5 "my_password" DES "" adding the following line to /snmp/snmpd.conf: rwuser myuser Then I started the snmp service [---@localhost ~]$ service snmpd start Redirecting to /bin/systemctl start snmpd.service ==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units === Authentication is required to manage system services or units. Authenticating as: Password: ==== AUTHENTICATION COMPLETE === [---@localhost ~]$ Now that the system is running my snmpwalk command works for -v3 snmpwalk -v3 -u myuser -l authNoPriv -a MD5 -A my_password localhost I was also able to use the snmpusm command to create additional users. When using this on the 5.9 repo all I get is user not found. Jumping back to the 5.9 binary build I know the following sudo snmpd -Dread_config -H 2>&1 | grep Read | sort -u [sudo] password for evcLinuxAdmin: read_config:file: Reading configuration /etc/snmp/snmpd.conf (0) read_config:file: Reading configuration /etc/snmp/snmpd.conf (1) -------> This file has my rwuser myuser read_config:file: Reading configuration /var/lib/net-snmp/snmpd.conf (0) read_config:file: Reading configuration /var/lib/net-snmp/snmpd.conf (1) -> I manually added the create user info to this file for myuser and it doesn't seem to be picking it up. [evcLinuxAdmin@localhost ~]$ snmpd -Dread_config -H 2>&1 | grep config:path | sort -u read_config:path: config path used for agentx:/usr/local/etc/snmp:/usr/local/share/snmp:/usr/local/lib/snmp:/home/evcLinuxAdmin/.snmp (persistent path:/var/net-snmp) read_config:path: config path used for agentx:/var/net-snmp (persistent path:/var/net-snmp) --> This is where everything was originally created but deleted when snmpd starts. read_config:path: config path used for snmpd:/usr/local/etc/snmp:/usr/local/share/snmp:/usr/local/lib/snmp:/home/evcLinuxAdmin/.snmp (persistent path:/var/net-snmp) read_config:path: config path used for snmpd:/var/net-snmp (persistent path:/var/net-snmp) read_config:path: config path used for snmp:/usr/local/etc/snmp:/usr/local/share/snmp:/usr/local/lib/snmp:/home/evcLinuxAdmin/.snmp (persistent path:/var/net-snmp) read_config:path: config path used for snmp:/var/net-snmp (persistent path:/var/net-snmp) At this point I think it's a configuration parameter but I don't see anything that would effect or cause this behavior. I didn't see anything in the change log to suggest 5.9 was changed from 5.7. Any help you can provide would be helpful as this is needed to meet a customer deliverable. Perhaps there is a clear document out there because I have been all over the net-snmp provided documents and nothing was found to solve my problem. Thanks Justin Justin Cook Software Technical Engineering Manager [cid:image001.png@01D6F884.FA255350] Envistacom, LLC C: 301.712.5481 jc...@envistacom.com<mailto:jc...@envistacom.com> www.envistacom.com<https://www.envistacom.com/> --- CONFIDENTIALITY NOTICE: This email and any attachments are for the exclusive and confidential use of the intended recipient. If you are not the intended recipient, please do not read, distribute or take action in reliance upon this message. If you have received this in error, please notify us immediately by return email and promptly delete this message and its attachments from your computer system.
_______________________________________________ Net-snmp-coders mailing list Net-snmp-coders@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
