But with noAuthNoPriv, the encoded passphrases aren’t being sent, and the receiver is not trying to decode them. When an authPriv trap is received, the trap receiver uses the authoritative engine ID to decode the passphrases and ensure they match the preconfigured USM user’s passphrases, which must have been encoded using the trap sender’s engine ID (which is authoritative). Perhaps snmp4j in your receiver is using its own generated engine ID by default, so you may need to ensure the creation of the USM users on the trap receiver actually used the engine ID of the trap sender (and the correct passphrases, of course).
I would also look into whether snmp4j has diagnostic/debug logging that can be enabled while your developing. That might reveal were the problem lies. Brian From: Michał Tarczyński <michal.tarczyn...@radmor.com.pl> Sent: Wednesday, March 31, 2021 2:44 AM To: 'Frank Fock' <f...@agentpp.com> Cc: net-snmp-users@lists.sourceforge.net Subject: RE: Problem with SNMPv3 traps with authentication NetApp Security WARNING: This is an external email. Do not click links or open attachments unless you recognize the sender and know the content is safe. Hi Frank, I think it’s not a problem with engine ID because when the noAuthNoPriv SNMPv3 trap is sent then the engine ID is also used and when I set incorrect engine ID then the noAuthNoPriv trap is not received. I have to use trap messages in my project, not INFORM messages. Best regards, Michael From: Frank Fock <f...@agentpp.com<mailto:f...@agentpp.com>> Sent: Wednesday, March 31, 2021 12:15 AM To: Michał Tarczyński <michal.tarczyn...@radmor.com.pl<mailto:michal.tarczyn...@radmor.com.pl>> Cc: net-snmp-users@lists.sourceforge.net<mailto:net-snmp-users@lists.sourceforge.net> Subject: Re: Problem with SNMPv3 traps with authentication Hi Michael, I guess you need to check your SNMPv3 engine ID configuration (i.e. use unique SNMPv3 engine IDs for all SNMPv3 entities) when you test using SNMP4J only. In addition, when using the NET-SNMP snmptrap or any other notification sender with the SNMP4J trap listener or any other notification receiver, you need to add the USM auth(No)Priv user with the engine ID of the snmptrap entity to the USM of the SNMP4J notification receiver. This is required, because for SNMPv3 traps/notifications, the notification sender is authoritative. Hope this helps. Best regards, Frank
_______________________________________________ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
