Hi Bill, Thanks Bill for looking into it. The version is old, but is there any bug which describes this anomaly ?
Following are the contents of snmpd.conf # # Copy this file to /mpsconfig, and make changes to /mpsconfig/snmpd.conf # Changes in /etc/snmpd.conf will be lost following a reboot. # # The following are example for snmpd.conf. # #SNMP Trap Destination example sysobjectid 1.3.6.1.4.1.5951.6 exactEngineID 0x80001f8880f9e71c18d35dfe5b00000000 rocommunity public 0.0.0.0 rouser temp noAuthNoPriv rouser test noAuthNoPriv view SNMP-View included 1.3.6.1 rouser test authPriv -V SNMP-View rouser second noAuthNoPriv trapsess -v 3 -u test -l authPriv 10.91.31.244:162 trap2sink 10.102.126.217:162 public The below commands are internal to software. We have CLI tool to add snmp users and config. add snmpuser name=test auth_password=testtest privacy_password=testtest auth_protocol=SHA1 privacy_protocol=AES view_name=SNMP-View security_level=authPriv add snmpview name=SNMP-View subtree=1.3.6.1 type=Include Thank you Krishna Vivek From: Bill Fenner <fen...@gmail.com> Sent: 29 April 2019 22:01 To: Krishna Vivek Vitta <krishna.vivekvi...@citrix.com> Cc: net-snmp-users@lists.sourceforge.net Subject: Re: Help required for "snmpwalk: Authentication failure " Hi Krishna, net-snmp 5.5 is 10 years old this year. 5.8 is the current release. That said, it might be possible to help you if you share the actual snmpd.conf files. You mention "add snmptrap dest_server=10.91.31.244 user_name=test dest_port=162 version=v3", but that is not how to configure net-snmp, so I don't know what to think about how that changes the actual configuration. Bill On Wed, Apr 24, 2019 at 7:19 AM Krishna Vivek Vitta <krishna.vivekvi...@citrix.com<mailto:krishna.vivekvi...@citrix.com>> wrote: Any update on the behaviour ? Thank you Krishna Vivek From: Krishna Vivek Vitta Sent: 23 April 2019 11:43 To: net-snmp-users@lists.sourceforge.net<mailto:net-snmp-users@lists.sourceforge.net> Subject: Help required for "snmpwalk: Authentication failure " Hi expert, We have a case where snmpwalk fails after snmpv3 user is added to trap destination. Net-SNMP version being used is 5.5 on FreeBSD setup We start with a configured user for SNMPv3. We used SHA1 and AES for the auth and privacy protocols: add snmpuser name=test auth_password=testtest privacy_password=testtest auth_protocol=SHA1 privacy_protocol=AES view_name=SNMP-View security_level=authPriv add snmpview name=SNMP-View subtree=1.3.6.1 type=Include The above steps: Adds a createUser directive in /var/mps/netsnmp/snmpd.conf and restarts snmpd 1. SNMPD replaces the createUser directive with a usmUser directive in persistent conf All this is normal. The configuration in the persistent snmpd.conf is correct. This is our test entry: bash-3.2# fgrep 0x4e65747363616c657200 /var/mps/netsnmp/snmpd.conf usmUser 1 3 0x80001f88809c0a3f394b485c5600000000 0x4e65747363616c657200 0x4e65747363616c657200 NULL .1.3.6.1.6.3.10.1.1.3 0x06be7a79a8108ccde730455187973c0719b3e460 .1.3.6.1.6.3.10.1.2.4 0x06be7a79a8108ccde730455187973c07 "" bash-3.2# gdb /usr/sbin/snmpd -p `cat /var/run/snmpd.pid` --batch --command=/root/print_users.gdb | awk '/test/,/privKey:/' name: 0x801c6fac0: "test" secName: 0x801c6fad0: "test" authProtocol: .1.3.6.1.6.3.10.1.1.3 << This means SHA1 privProtocol: .1.3.6.1.6.3.10.1.2.4 << This means AES authKey: 0x6be7a79a8108ccd 0xe730455187973c07 0x19b3e46000000000 privKey: 0x6be7a79a8108ccd 0xe730455187973c07 And of course the queries work: vyos@vyos:~$ snmpwalk - -v3 -l authPriv -u Netscaler -a SHA -A 'testtest' -x AES -X 'testtest' 10.91.16.71:161<http://secure-web.cisco.com/1DeWAQy3PpOvyZKTQKl0y9vktN-KUg8jeA8jEq2ZgffI-qSxpcTBB_0HSvLxxp_13uwvBEvQG8UWcOuYctOjMmK--OCCmSkH6cCvXaZh-qMkU97wqGLkJ7PHUvBVZj0hHl4lQwSlHSYOuKbetU-6WzrC7YqkJDubz4NNSC9hIom88WZHQMPriwTuQLyhP11YehxZS__2b2gSbl066_YF16bdWtb0uFenZdyf7D096Td_PC2yJtemzmMx2cFqDfEyLeMAB77cL5CXV7NKZMSZTbQ/http%3A%2F%2F10.91.16.71%3A161> 1.3.6.1.2.1.1.1 SNMPv2-MIB::sysDescr.0 = STRING: FreeBSD nssdx-mgmt 8.4-NETSCALER-12.0 FreeBSD 8.4-NETSCALER-12.0 #0: Wed Sep 12 06:47:55 PDT 2018 root@sjcpbld84-64:/usr/obj/home/build/rs_120_59_5_RTM/usr.src/sys/NSSVM[https://issues.citrite.net/images/icons/mail_small.gif]<mailto:root@sjcpbld84-64:/usr/obj/home/build/rs_120_59_5_RTM/usr.src/sys/NSSVM>amd64 Then I add an snmptrap destination that uses this user: add snmptrap dest_server=10.91.31.244 user_name=test dest_port=162 version=v3 And the queries fail with authentication failure: vyos@vyos:~$ snmpwalk - -v3 -l authPriv -u Netscaler -a SHA -A 'testtest' -x AES -X 'testtest' 10.91.16.71:161<http://secure-web.cisco.com/1DeWAQy3PpOvyZKTQKl0y9vktN-KUg8jeA8jEq2ZgffI-qSxpcTBB_0HSvLxxp_13uwvBEvQG8UWcOuYctOjMmK--OCCmSkH6cCvXaZh-qMkU97wqGLkJ7PHUvBVZj0hHl4lQwSlHSYOuKbetU-6WzrC7YqkJDubz4NNSC9hIom88WZHQMPriwTuQLyhP11YehxZS__2b2gSbl066_YF16bdWtb0uFenZdyf7D096Td_PC2yJtemzmMx2cFqDfEyLeMAB77cL5CXV7NKZMSZTbQ/http%3A%2F%2F10.91.16.71%3A161> 1.3.6.1.2.1.1.1 snmpwalk: Authentication failure (incorrect password, community or key) This time although the configuration is the same, snmpd internally has set the wrong protocols: bash-3.2# fgrep 0x4e65747363616c657200 /var/mps/netsnmp/snmpd.conf usmUser 1 3 0x80001f88809c0a3f394b485c5600000000 0x4e65747363616c657200 0x4e65747363616c657200 NULL .1.3.6.1.6.3.10.1.1.3 0x06be7a79a8108ccde730455187973c0719b3e460 .1.3.6.1.6.3.10.1.2.40x06be7a79a8108ccde730455187973c07 0x bash-3.2# gdb /usr/sbin/snmpd -p `cat /var/run/snmpd.pid` --batch --command=/root/print_users.gdb | awk '/Netscaler/,/privKey:/' name: 0x801c6fac0: "test" secName: 0x801c6fad0: "test" authProtocol: .1.3.6.1.6.3.10.1.1.2 << This means MD5 privProtocol: .1.3.6.1.6.3.10.1.2.2 << This means DES authKey: 0x6be7a79a8108ccd 0xe730455187973c07 0x19b3e46000000000 privKey: 0x6be7a79a8108ccd 0xe730455187973c07 Kindly provide assistance in resolving the case. Thank you Krishna Vivek _______________________________________________ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net<mailto:Net-snmp-users@lists.sourceforge.net> Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
_______________________________________________ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
