Re: [SNMP4J] snmp4j TestAgent example v3 trap configuration faulty ?
Thanks for clarification ! br, Ulrich Gesendet: Donnerstag, 12. Juli 2018 um 08:25 Uhr Von: "Frank Fock" An: "ulrich berl" Cc: snmp4j@agentpp.org Betreff: Re: [SNMP4J] snmp4j TestAgent example v3 trap configuration faulty ? Hi Ulrich, I was intended to test/illustrate how VACM security works for notifications and traps. Many users are not aware that SNMP4J-Agent checks the access rights for outgoing variable bindings of a trap. The AgenPro configuration template does not contain this (intended) inconsistency. Nevertheless, even this template is not a ready to use configuration for a production deployment, because it uses standard passwords and may not match your security requirements, because SNMPv1 and v2c are enabled by default. Best regards, Frank > On 11. Jul 2018, at 14:54, ulrich berl wrote: > > Hi! > > I try to receive the v3 trap coldStartNotification from TestAgent sample. > > Using the TestAgent from test folder (2.6.3) i get the known vacm access > denied error: > > Found group name 'v3group' for secName 'v3notify' and secModel 3 > Access denied by VACM for 1.3.6.1.6.3.1.1.5.1 > > After inspecting the code i can see, that > > TargetParams for "v3notify" are set to NOAUTH_NOPRIV but VACM for "v3group" > is set to AUTH_PRIV. > User "v3notify" has no AUTH/PRIV params configured. > > Working configurations: > > setting group of v3notify to v3restricted (this group has NOAUTH_NOPRIV and > allows reading 1.3.6.1.6.3.1.1.5.1) > > or > > for TargetParams of "v3notify" setting SecurityLevel to AUTH_PRIV and secName > to "SHADES", so outgoing message will be encrypted > (the usm user has to be configured in the manager application) > > Was this intentionally configured or i miss something ? > > br, Ulrich > ___ > SNMP4J mailing list > SNMP4J@agentpp.org > https://oosnmp.net/mailman/listinfo/snmp4j ___ SNMP4J mailing list SNMP4J@agentpp.org https://oosnmp.net/mailman/listinfo/snmp4j
Re: [SNMP4J] snmp4j TestAgent example v3 trap configuration faulty ?
Hi Ulrich, I was intended to test/illustrate how VACM security works for notifications and traps. Many users are not aware that SNMP4J-Agent checks the access rights for outgoing variable bindings of a trap. The AgenPro configuration template does not contain this (intended) inconsistency. Nevertheless, even this template is not a ready to use configuration for a production deployment, because it uses standard passwords and may not match your security requirements, because SNMPv1 and v2c are enabled by default. Best regards, Frank > On 11. Jul 2018, at 14:54, ulrich berl wrote: > > Hi! > > I try to receive the v3 trap coldStartNotification from TestAgent sample. > > Using the TestAgent from test folder (2.6.3) i get the known vacm access > denied error: > > Found group name 'v3group' for secName 'v3notify' and secModel 3 > Access denied by VACM for 1.3.6.1.6.3.1.1.5.1 > > After inspecting the code i can see, that > > TargetParams for "v3notify" are set to NOAUTH_NOPRIV but VACM for "v3group" > is set to AUTH_PRIV. > User "v3notify" has no AUTH/PRIV params configured. > > Working configurations: > > setting group of v3notify to v3restricted (this group has NOAUTH_NOPRIV and > allows reading 1.3.6.1.6.3.1.1.5.1) > > or > > for TargetParams of "v3notify" setting SecurityLevel to AUTH_PRIV and secName > to "SHADES", so outgoing message will be encrypted > (the usm user has to be configured in the manager application) > > Was this intentionally configured or i miss something ? > > br, Ulrich > ___ > SNMP4J mailing list > SNMP4J@agentpp.org > https://oosnmp.net/mailman/listinfo/snmp4j ___ SNMP4J mailing list SNMP4J@agentpp.org https://oosnmp.net/mailman/listinfo/snmp4j
[SNMP4J] snmp4j TestAgent example v3 trap configuration faulty ?
Hi! I try to receive the v3 trap coldStartNotification from TestAgent sample. Using the TestAgent from test folder (2.6.3) i get the known vacm access denied error: Found group name 'v3group' for secName 'v3notify' and secModel 3 Access denied by VACM for 1.3.6.1.6.3.1.1.5.1 After inspecting the code i can see, that TargetParams for "v3notify" are set to NOAUTH_NOPRIV but VACM for "v3group" is set to AUTH_PRIV. User "v3notify" has no AUTH/PRIV params configured. Working configurations: setting group of v3notify to v3restricted (this group has NOAUTH_NOPRIV and allows reading 1.3.6.1.6.3.1.1.5.1) or for TargetParams of "v3notify" setting SecurityLevel to AUTH_PRIV and secName to "SHADES", so outgoing message will be encrypted (the usm user has to be configured in the manager application) Was this intentionally configured or i miss something ? br, Ulrich ___ SNMP4J mailing list SNMP4J@agentpp.org https://oosnmp.net/mailman/listinfo/snmp4j