Hi Dave, I was trying to redirct the ifTable, ifXtable and system group to my subagentx instead of having SNMPD to process these MIB variables. My mistake was using the wrong token "system" instead of "system_mib". Thanks for pointing it out. Is there any documentation on this somewhere?
When using the "system_mib" token all work fine. Never the less, I notice that when calling the SNMPD with -I flag with 'whatever' it causes the SNMPD to turn off authentication check. Meaning when running snmp like this /usr/sbin/snmpd -T 120 -Ln -I kuku , Every community for get or set will work. Is it supposed to be like this? Thanks again, Dudi. -----Original Message----- From: dave.shi...@gmail.com [mailto:dave.shi...@gmail.com] On Behalf Of Dave Shield Sent: Tuesday, January 01, 2013 2:50 PM To: Dudi Bickel Cc: net-snmp-users@lists.sourceforge.net Subject: Re: SNMPD ignores community string in set/get requests On 31 December 2012 12:34, Dudi Bickel <du...@ceragon.com> wrote: > While trying to redirect the MIB-II system group to my subagent to handle > instead of SNMPD handle, the SNMPD ignore ANY check of the community string > on any request (meaning any string in the community will be answered). > > The redirection is done either by the -I-system flag or by using configure > flag --with-out-mib-modules="mibII" while compiling net-snmp. The "mibII" grouping contains rather more than just the system group. In particular, it also pulls in the VACM code, which is what takes care of access control checks. If this is omitted, then yes - the agent is likely to accept any community string without any checks. I don't really understand why "-I-system" would turn off authentication, though - it shouldn't have any effect whatsoever! (It's not even the correct token for disabling the code that implements the system group, which is registered using "system_mib") What exactly are you trying to do? Dave This email message and any attachments are intended solely for the use of the addressees hereof. This message and any attachments may contain information that is confidential, privileged and exempt from disclosure under applicable law. If you are not the intended recipient of this message, you are prohibited from reading, disclosing, reproducing, distributing, disseminating or otherwise using this transmission. If you have received this message in error, please promptly notify the sender at Ceragon by reply E-mail and immediately delete this message from your system. ------------------------------------------------------------------------------ Master Java SE, Java EE, Eclipse, Spring, Hibernate, JavaScript, jQuery and much more. Keep your Java skills current with LearnJavaNow - 200+ hours of step-by-step video tutorials by Java experts. SALE $49.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122612 _______________________________________________ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
