Hi there,
I've been using net-snmp v5.4.1 for many years to provide snmpd to an embedded
PowerPC product. I've recently upgraded the compiler, glibc and net-snmp
packages and the existing configuration that once worked no longer does. I'm
hoping someone can help me discover what's gone wrong!
I am using snmpb as a client to verify functionality, using this I see traps
being sent from the device but it's not possible to get or walk any part of the
tree. Whenever I attempt to do this I get the authentication failed trap. If I
replace the configuration with something *much* simpler, i.e. it just contains
rocommunity prodname I have no problems, so it strikes me that I have an issue
of some kind with the VACM configuration. I'm only using snmp v1 & 2 and the
only purpose of using the VACM configuration is to restrict access to most of
the possible tree. I see no errors in the log file.
Configured as:
./configure --host=${TOOLCHAIN_NAME} --prefix=/usr --disable-nls
--with-default-snmp-version="2" --with-sys-contact="root@localhost"
--with-sys-location="Unknown" --with-logfile="/var/log/snmpd.log"
--with-persistent-directory="/home/private/snmp" --disable-embedded-perl
--disable-perl-cc-checks --without-perl-modules --with-endianness=big
--with-mibdirs="/usr/share/snmp/mibs:/home/mibs"
With the following packages:
GCC v4.7.2
EGLIBC v2.17
net-snmp v5.7.3/v5.7.2.1
snmpd.conf:
###############################################################################
#
# prodname SNMPD configuration
#
###############################################################################
###############################################################################
# Dynamically loaded modules
###############################################################################
dlmod prodnameAgentPlugin /usr/lib/snmp/prodnameAgentPlugin.so
###############################################################################
# Access Control for the community "prodname"
###############################################################################
#
# We define two security names that map onto the "prodname" community
# local - For the local machine
# network - For anything from the network
# sec.name source community
com2sec local 127.0.0.1/32 prodname
com2sec network 0.0.0.0/32 prodname
#
# We map both security names onto the 'prodnameGroup'
#
group prodnameGroup v1 local
group prodnameGroup v2c local
group prodnameGroup usm local
group prodnameGroup v1 network
group prodnameGroup v2c network
group prodnameGroup usm network
#
# Define a new view for the prodname and define what we can view
#
# incl/excl subtree mask
view isread included .iso.org.dod.internet.mgmt.mib-2.system
view isread included .iso.org.dod.internet.mgmt.mib-2.interfaces
view isread included .iso.org.dod.internet.mgmt.mib-2.at
view isread included .iso.org.dod.internet.mgmt.mib-2.ip
view isread included .iso.org.dod.internet.mgmt.mib-2.icmp
view isread included .iso.org.dod.internet.mgmt.mib-2.tcp
view isread included .iso.org.dod.internet.mgmt.mib-2.udp
view isread included .iso.org.dod.internet.mgmt.mib-2.snmp
view isread included .iso.org.dod.internet.mgmt.mib-2.host
view isread included .iso.org.dod.internet.mgmt.mib-2.ifMIB
view isread included
.iso.org.dod.internet.private.enterprises.companyname.prodname
view iswrite included
.iso.org.dod.internet.private.enterprises.companyname.prodname
#
# Grant the group access to the view
#
# context sec.model sec.level match read write
notif
access prodnameGroup "" any noauth exact isread iswrite none
###############################################################################
# System contact information
###############################################################################
sysContact = Company <supp...@company.com>
sysLocation = Not Specified
###############################################################################
# Trap Settings
###############################################################################
authtrapenable 1
trapcommunity prodname
trapsink 127.0.0.1
trapsink 10.96.96.2
DISCLAIMER:
Privileged and/or Confidential information may be contained in this
message. If you are not the addressee of this message, you may not
copy, use or deliver this message to anyone. In such event, you
should destroy the message and kindly notify the sender by reply
e-mail. It is understood that opinions or conclusions that do not
relate to the official business of the company are neither given
nor endorsed by the company.
Thank You.
------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
