I am wondering if I am missing something with v3 trap/informs in 5.3.1
and 5.4. In particular, is there a security name collision between the
local snmpd and the remote snmptrapd?
If I want to configure snmpd to send informs with security I use a
trapsess configuration command like this:
trapsess -v 3 -u jeff -l authPriv -C i localhost:9162
I have read that the engineID should be automatically discovered but in
my case I have to also specify the engineID of the trapd host with a -e
option to get me something more like:
trapsess -e 0x80001f880431 -v 3 -u jeff -l authPriv -C i
localhost:9162
It may be this engineID configuration that is causing me issues.
I have now established the security name "jeff" for informs but I see no
means to associate authentication and security passwords with the
security name "jeff" unless I also do a createUser for "jeff" in the
snmpd.conf file on the local host as well as in the snmptrapd.conf file
on the remote host. Failure to use a createUser in snmpd.conf results
in the following errors when snmpd tries to send a trap:
../test> snmpd -Le -C -c snmpd.conf -Dusm -f -m all
registered debug token usm, 1
...
usm: USM processing has begun (offset 94)
usm: getting user jeff
usm: match on user jeff
usm: Can't set DES-CBC salt.
snmpd: send_trap: USM generic error
NET-SNMP version 5.4
Further testing has led me to believe that the "DES-CBC salt" error is
directly related to the authentication and privacy keys being unknown to
snmpd. When I add a createUser for "jeff" to the snmpd.conf file I can
get the traps to work BUT.... I also need to define the createUser with
the engineID of the trapd host. If I do all this, then I can get a trap
from snmpd to the trapd host but now I can't use a snmpd user with the
same security name because the engineID will be wrong.
Did I miss something or is it true that there is a collision of security
names in the USM table in which localized snmpd security names are
shared with remote trapd security names?
Jeff
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Net-snmp-users mailing list
[email protected]
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
