Re: Problem with snmptrap

Andrei Pisau Wed, 30 Nov 2005 02:12:06 -0800

On Tue, 2005-11-29 at 10:27 -0800, Wes Hardaker wrote:
> >>>>> On Tue, 29 Nov 2005 09:39:37 -0800, Wes Hardaker <[EMAIL PROTECTED]> 
> >>>>> said:
> 
> Andrei> snmptrap  -Ddumph_send,dumpv_send,usm -e 0xbd224466-v 3 -u root -a MD5
> Andrei> -A authpass -l authPriv -x DES -X privpass localhost 42 coldStart.0
> 
> Wes> 1) that engineid is not a legal one...  Not that it should matter much
> Wes> for our tools, as we're fairly liberal in what we accept.  However,
> Wes> for others it might cause them to fail.
>


OK. For this moment I am trying to make it work on local host, but still
I don't get this correspondence user <=> engine ID. 0xbd224466 might not
be a valid value, but still is accepted.

> Wes> 2) The engineID *MUST* match the engineID of the trap receiver.  It
> Wes> can't be arbitrary.  do a "grep oldEngineID
> Wes> /var/net-snmp/snmptrapd.conf" and use the engineID from that line
> Wes> for *both* the createUser line and the snmptrap line.
> 
> whoops.  #2 is a lie.  It should only match for an INFORM....  my bad.
> 
> As long as the createuser line matches the -e switch, it should work...
> 
> -- 
> Wes Hardaker
> Sparta, Inc.
> 

Let me put it this way. I do the followings:
1. stop snmptrapd
2. edit /var/net-snmp/snmptrapd.conf to have
createUser -e myengineID username MD5 authpass DES privpass

myengineID = 0xbd224466 , I tried values even bigger, but still had the
same result
3. start snmptrapd
4. snmpinform or snmptrap for this user doesn't work, I try this with
the cmd:
 snmp{trap|inform} -e myengineID -v 3  -u username -a MD5 -A authpass -l
authPriv -x DES -X privpass localhost 42 coldStart.0

=> 
snmptrap: USM unknown security name (no such user exists) (Sub-id not
found: (top) -> coldStart)

As I see this steps are also in the tutorial from the site.
I have observed that if I do a createuser without -e, snmpinform
succeds, but snmptrap does not. The debug shows me that snmpinform or
snmptrap -Ci do a GET message before, snmptrap does only TRAP2 message,
and I fails to verify the user.

Can anybody explain me what I misunderstood here?
I can't make it work together, the username and the engineID.

Thanks!

signature.asc
Description: This is a digitally signed message part

-- 
This message was scanned for spam and viruses by BitDefender.
For more information please visit http://www.bitdefender.com/

Re: Problem with snmptrap

Reply via email to