I dont know snmpb, and it is seems non-trivial to install.
Have you tried with the Net-SNMP tools?
Besides the createUser to create the uer, you need an access and view
entry to define how it is used. How did you configure that?
/Niels
Den 26-01-2024 kl. 11:10 skrev Vincent Gilson via Net-snmp-coders:
Hello !
I’m working on a net-snmp agent integrated into an industrial embedded
system (ARM-based).
The agent is working perfectly for v1 and v2c, and also with v3 and
‘AuthNoPriv’ mode. I’m doing my tests with SnmpB software as a client.
But SHA and DES/AES is not working :
_My snmpd.conf :_
# Listening connections :
agentAddress udp:161
#
# User list :
createUser myuser MD5 authpass
rouser myuser
createUser vincent SHA authpass DES privauthpass
rwuser vincent priv
GET an integer with SNMPv3 is working for user “myuser” (configured
with ‘authNoPriv’ and empty context info in SnmpB) , but that is not
working for user “vincent" (configured with ‘authPriv’ in SnmpB) :
embedded agent returns me the security level is not supported (oid
1.3.6.1.6.3.15.1.1.1.0, see wireshark trace below) . Same problem
occurs with AES.
Why is it not supported ?
I tried different combinations with ‘createUser’ adding ‘priv’ on it,
or add it at the end of ‘rwuser’
I didn’t see something relevant into the snmpd.log, so I guess the
openssl is correctly loaded.
I don’t know what I’m missing. Could you help me please ?
Many thanks !
Vincent.
----->>>
_Some useful resources :_
_My install switches :_
./configure --prefix=$(INSTALL_PREFIX) --host=$(HOST) \
--disable-applications --enable-debugging --disable-embedded-perl
--without-perl-modules \
--enable-reentrant \
--with-cc=$(CC) --with-linkcc=$(CC) --with-ar=$(AR)
--with-ldflags="$(LDFLAGS)" --with-cflags="$(CFLAGS_EXT)" \
--with-openssl=$(LIB_DIRS) \
--without-rpm \
--with-logfile="/tmp/var/snmpd.log" \
--with-default-snmp-version="3" \
--with-transports="UDP,TCP,DTLSUDP,TLSTCP"
--with-security-modules="usm,tsm" \
--with-sys-contact="vincent.gil...@ovarro.com" \
--with-sys-location="Ovarro" \
--with-persistent-directory="/var/net-snmp" \
--enable-shared=yes --enable-static=no --enable-tagCC-libtool
_Wireshark capture (request of SnmpB, followed by answer from embedded
net-snmp agent) :_
No. Time Source Destination Protocol Length Info
4488 49.862297 10.65.84.14 172.25.110.169 SNMP
183 encryptedPDU: privKey Unknown
Frame 4488: 183 bytes on wire (1464 bits), 183 bytes captured (1464
bits) on interface \Device\NPF_{71745524-1B4D-4E06-8D78-0E258F5FBAED},
id 0
Ethernet II, Src: Cisco_3c:7a:00 (00:05:9a:3c:7a:00), Dst:
CIMSYS_33:44:55 (00:11:22:33:44:55)
Internet Protocol Version 4, Src: 10.65.84.14, Dst: 172.25.110.169
User Datagram Protocol, Src Port: 49987, Dst Port: 161
Simple Network Management Protocol
msgVersion: snmpv3 (3)
msgGlobalData
msgID: 1572876
msgMaxSize: 4096
msgFlags: 07
.... .1.. = Reportable: Set
.... ..1. = Encrypted: Set
.... ...1 = Authenticated: Set
msgSecurityModel: USM (3)
msgAuthoritativeEngineID: 80001f88801cfa42209b6fa665
1... .... = Engine ID Conformance: RFC3411 (SNMPv3)
Engine Enterprise ID: net-snmp (8072)
Engine ID Format: Reserved/Enterprise-specific (128): Net-SNMP Random
Engine ID Data: 1cfa4220
Engine ID Data: Creation Time: Jan 16, 2024 12:59:23 Paris, Madrid
msgAuthoritativeEngineBoots: 17
msgAuthoritativeEngineTime: 67315
msgUserName: vincent
msgAuthenticationParameters: 90d824057790ccf09d9cdf94
msgPrivacyParameters: 000000110000904f
msgData: encryptedPDU (1)
encryptedPDU:
6ca45160f625888a5d5578eab7db81b466dc8d98901c8a706eee1031ca939c6e1a825c7f…
No. Time Source Destination Protocol Length Info
4496 49.945101 172.25.110.169 10.65.84.14 SNMP
154 report 1.3.6.1.6.3.15.1.1.1.0
Frame 4496: 154 bytes on wire (1232 bits), 154 bytes captured (1232
bits) on interface \Device\NPF_{71745524-1B4D-4E06-8D78-0E258F5FBAED},
id 0
Ethernet II, Src: CIMSYS_33:44:55 (00:11:22:33:44:55), Dst:
Cisco_3c:7a:00 (00:05:9a:3c:7a:00)
Internet Protocol Version 4, Src: 172.25.110.169, Dst: 10.65.84.14
User Datagram Protocol, Src Port: 161, Dst Port: 49987
Simple Network Management Protocol
msgVersion: snmpv3 (3)
msgGlobalData
msgID: 1572876
msgMaxSize: 65507
msgFlags: 00
.... .0.. = Reportable: Not set
.... ..0. = Encrypted: Not set
.... ...0 = Authenticated: Not set
msgSecurityModel: USM (3)
msgAuthoritativeEngineID: 80001f88801cfa42209b6fa665
1... .... = Engine ID Conformance: RFC3411 (SNMPv3)
Engine Enterprise ID: net-snmp (8072)
Engine ID Format: Reserved/Enterprise-specific (128): Net-SNMP Random
Engine ID Data: 1cfa4220
Engine ID Data: Creation Time: Jan 16, 2024 12:59:23 Paris, Madrid
msgAuthoritativeEngineBoots: 17
msgAuthoritativeEngineTime: 67315
msgUserName: vincent
msgAuthenticationParameters: <MISSING>
msgPrivacyParameters: <MISSING>
msgData: plaintext (0)
plaintext
contextEngineID: 80001f88801cfa42209b6fa665
1... .... = Engine ID Conformance: RFC3411 (SNMPv3)
Engine Enterprise ID: net-snmp (8072)
Engine ID Format: Reserved/Enterprise-specific (128): Net-SNMP Random
Engine ID Data: 1cfa4220
Engine ID Data: Creation Time: Jan 16, 2024 12:59:23 Paris, Madrid
contextName:
data: report (8)
report
request-id: 0
error-status: noError (0)
error-index: 0
variable-bindings: 1 item
1.3.6.1.6.3.15.1.1.1.0: 10
Object Name: 1.3.6.1.6.3.15.1.1.1.0 (iso.3.6.1.6.3.15.1.1.1.0)
Value (Counter32): 10
_______________________________________________
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
--
Niels Baggesen -- @home -- Århus -- Denmark --ni...@baggesen.net
The purpose of computing is insight, not numbers -- R W Hamming
--
Niels Baggesen -- @home -- Århus -- Denmark --ni...@baggesen.net
The purpose of computing is insight, not numbers -- R W Hamming
_______________________________________________
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
