But with noAuthNoPriv, the encoded passphrases aren’t being sent, and the 
receiver is not trying to decode them.  When an authPriv trap is received, the 
trap receiver uses the authoritative engine ID to decode the passphrases and 
ensure they match the preconfigured USM user’s passphrases, which must have 
been encoded using the trap sender’s engine ID (which is authoritative).  
Perhaps snmp4j in your receiver is using its own generated engine ID by 
default, so you may need to ensure the creation of the USM users on the trap 
receiver actually used the engine ID of the trap sender (and the correct 
passphrases, of course).

I would also look into whether snmp4j has diagnostic/debug logging that can be 
enabled while your developing.  That might reveal were the problem lies.

Brian

From: Michał Tarczyński <michal.tarczyn...@radmor.com.pl>
Sent: Wednesday, March 31, 2021 2:44 AM
To: 'Frank Fock' <f...@agentpp.com>
Cc: net-snmp-users@lists.sourceforge.net
Subject: RE: Problem with SNMPv3 traps with authentication

NetApp Security WARNING: This is an external email. Do not click links or open 
attachments unless you recognize the sender and know the content is safe.


Hi Frank,

I think it’s not a problem with engine ID because when the noAuthNoPriv SNMPv3 
trap is sent then the engine ID is also used and when I set incorrect engine ID 
then the noAuthNoPriv trap is not received.
I have to use trap messages in my project, not INFORM messages.

Best regards,
Michael

From: Frank Fock <f...@agentpp.com<mailto:f...@agentpp.com>>
Sent: Wednesday, March 31, 2021 12:15 AM
To: Michał Tarczyński 
<michal.tarczyn...@radmor.com.pl<mailto:michal.tarczyn...@radmor.com.pl>>
Cc: 
net-snmp-users@lists.sourceforge.net<mailto:net-snmp-users@lists.sourceforge.net>
Subject: Re: Problem with SNMPv3 traps with authentication

Hi Michael,

I guess you need to check your SNMPv3 engine ID configuration (i.e. use unique 
SNMPv3 engine IDs for all SNMPv3 entities) when you test using SNMP4J only.
In addition, when using the NET-SNMP snmptrap or any other notification sender 
with the SNMP4J trap listener or any other notification receiver, you need to 
add the USM auth(No)Priv user with the engine ID of the snmptrap entity to the 
USM of the SNMP4J notification receiver.

This is required, because for SNMPv3 traps/notifications, the notification 
sender is authoritative.

Hope this helps.

Best regards,
Frank
_______________________________________________
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Reply via email to