Thanks for the clarification on r[ow]user, r[ow]community, com2sec, group, view, access.
I created the said user using command-line tools if I remember right. BTW I don't have any /var/net-snmp/snmpd.conf file but IIRC this tool temporarily added the adequate line in the file /var/lib/snmp/snmpd.conf, and created the /usr/share/snmp/snmpd.conf file with a single rwuser line Following your last comments, I have 2 questions: - what is noAuthNoPriv to be used for? I thought it would be easier, at least for testing, to use this rather than authNoPriv. - you suggest that I first continue with accessing my MIB by extending the agent before trying to go back to SNMP v3? Daniel -----Message d'origine----- De : dave.shi...@gmail.com [mailto:dave.shi...@gmail.com] De la part de Dave Shield Envoyé : jeudi 7 juin 2012 09:27 À : Chayvialle, Daniel (External) Cc : net-snmp-users@lists.sourceforge.net Objet : Re: Stuck in the way of quering a private MIB (extension using perl) On 6 June 2012 17:04, Chayvialle, Daniel (External) <daniel.chayvialle.exter...@cassidian.com> wrote: > The snmpd.conf I provided consists mostly of what's coming with snmp packages > I guess. Yes - but it's still unnecessarily complicated :-) > As I must in the end use SNMP v3, The important bit there is "in the end". Start with SNMPv1, and work your way up - one step at a time. > I was confused about what to use: > r[ow]user, r[ow]community, com2sec, group, view, access, > or a mixture of some of them but which ones? If you are working with SNMPv1 or SNMPv2c, then use "r[ow]community" If you are working with SNMPv3, then use "r[ow]user" If you need finer control over what a particular user/community can see, then add use of "view" (and the -V option to r[ow]{user,community}" There is generally no need to use the low-level elements (com2sec, group and access), unless you've got very specific requirements. If you're not sure, then don't use them. > I stepped back to SNMP v1 for my tests as I did not want to have too many > possible misunderstandings Good - that's what I'd hoped. > So once /etc/snmp/snmpd.conf is stripped down to a single rocommunity line, I > get: > > % snmpgetnext -v1 -c public localhost ifName ~ > IF-MIB::ifName.1 = STRING: lo > > And I can snmpwalk from netSnmp Good - that's that's what you should be getting. > Now if I add a rouser syncmux to the said snmpd.conf, I get > > % snmpget -v3 -u syncmux -l noAuthNoPriv localhost sysDescr.0 sysUpTime.0 > Error in packet > Reason: authorizationError (access denied to that object) > > which is different from anything I had previously. So I'll look in that > direction. Two things: - remember that you also need to create the user 'syncmux' (typically in the persistent config file /var/net-snmp/snmpd.conf) See README.snmpv3 and the FAQ for details - By default, rouser grants access to authenticated requests (which also covers authenticated-and-encrypted requests). So noAuthNoPriv wouldn't be allowed. Dave ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
