On 6 June 2012 17:04, Chayvialle, Daniel (External)
<daniel.chayvialle.exter...@cassidian.com> wrote:
> The snmpd.conf I provided consists mostly of what's coming with snmp packages
> I guess.
Yes - but it's still unnecessarily complicated :-)
> As I must in the end use SNMP v3,
The important bit there is "in the end".
Start with SNMPv1, and work your way up - one step at a time.
> I was confused about what to use:
> r[ow]user, r[ow]community, com2sec, group, view, access,
> or a mixture of some of them but which ones?
If you are working with SNMPv1 or SNMPv2c, then use "r[ow]community"
If you are working with SNMPv3, then use "r[ow]user"
If you need finer control over what a particular user/community can see,
then add use of "view" (and the -V option to r[ow]{user,community}"
There is generally no need to use the low-level elements
(com2sec, group and access), unless you've got very specific requirements.
If you're not sure, then don't use them.
> I stepped back to SNMP v1 for my tests as I did not want to have too many
> possible misunderstandings
Good - that's what I'd hoped.
> So once /etc/snmp/snmpd.conf is stripped down to a single rocommunity line, I
> get:
>
> % snmpgetnext -v1 -c public localhost ifName ~
> IF-MIB::ifName.1 = STRING: lo
>
> And I can snmpwalk from netSnmp
Good - that's that's what you should be getting.
> Now if I add a rouser syncmux to the said snmpd.conf, I get
>
> % snmpget -v3 -u syncmux -l noAuthNoPriv localhost sysDescr.0 sysUpTime.0
> Error in packet
> Reason: authorizationError (access denied to that object)
>
> which is different from anything I had previously. So I'll look in that
> direction.
Two things:
- remember that you also need to create the user 'syncmux'
(typically in the persistent config file /var/net-snmp/snmpd.conf)
See README.snmpv3 and the FAQ for details
- By default, rouser grants access to authenticated requests (which also
covers authenticated-and-encrypted requests). So noAuthNoPriv
wouldn't be allowed.
Dave
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
