Re: [SNMP4J] SNMP v3 USM issue
Hi Robert,
If rediscovering the engine ID improves the behavior
(even only for a short time) then you most likely
encountered one of the most frequent SNMPv3
errors: Two SNMPv3 entities with the same
engine ID.
Make sure that the engine IDs in your network
are unique (as the standard requires it). That
will solve the problems.
Best regards,
Frank
Am 20.09.2011 05:12, schrieb Robert Pierce:
Hi,
Thank guys for your help. So I tried getting the authorization ID via the
snmp class, that seemed to help for the most part. However, I'm seeing
something strange on a pair of devices. If I execute the code below, on the
first request the data comes back ok but on all subsequent request one of
the device will always return null. If I run the same code with only one
device, be it either one, everything works ok. I also tried rediscovering
the AuthoritativeEngineID on every request but I did not readd the user.For
whatever reason that seemed to solve the issue. However, it doesnt seem
right that I would have to rediscover on each request? Is there another
setting I'm missing? Has anyone else experienced a similar issue?
Thanks,
Robert
Sample Code:
Snmp snmp = new Snmp(transport);
USM usm = new USM(SecurityProtocols.getInstance(),
new OctetString(MPv3.createLocalEngineID()), 0);
SecurityModels.getInstance().addSecurityModel(usm);
snmp.listen();
ListString ipAddresses = new ArrayListString();
ipAddresses.add(192.168.1.13);
ipAddresses.add(192.168.1.197);
ListUserTarget target = new ArrayListUserTarget();
for (String ipAddress : ipAddresses) {
UserTarget userTarget = new UserTarget();
userTarget.setAddress(GenericAddress.parse(udp:+ipAddress+/161));
userTarget.setSecurityName(new OctetString(authPrivMd5Aes));
userTarget.setVersion(SnmpConstants.version3);
userTarget.setSecurityLevel(SecurityLevel.AUTH_PRIV);
userTarget.setTimeout(1);
userTarget.setRetries(0);
target.add(userTarget);
}
UsmUser user1 = new UsmUser(new OctetString(authPrivMd5Aes),
AuthMD5.ID,
new OctetString(qazxswed),
PrivAES128.ID,
new OctetString(qazxswed));
UsmUser user2 = new UsmUser(new OctetString(authPrivMd5Aes),
AuthMD5.ID,
new OctetString(qazxswed),
PrivAES128.ID,
new OctetString(qazxswed));
byte[] authEngineId0 =
snmp.discoverAuthoritativeEngineID(target.get(0).getAddress(), 5000);
byte[] authEngineId1 =
snmp.discoverAuthoritativeEngineID(target.get(1).getAddress(), 5000);
System.out.println(authEngineId0);
System.out.println(authEngineId1);
snmp.getUSM().addUser(new OctetString(authPrivMd5Aes), new
OctetString(authEngineId0),user1);
snmp.getUSM().addUser(new OctetString(authPrivMd5Aes), new
OctetString(authEngineId1),user2);
for (int j = 0; j 1000; j++) {
for (int i = 0; i ipAddresses.size(); i++) {
//If I rediscover again, the requests works fine but If I
dont one of the device always returns null after the first request
//snmp.discoverAuthoritativeEngineID(target.get(i).getAddress(), 5000);
PDU pdu = new ScopedPDU();
pdu.setNonRepeaters(1);
pdu.setType(PDU.GETBULK);
pdu.add(new VariableBinding(sysUpTime.getOid()));
//one device always returns null. However if run independently
both devices work ok.
event = snmp.getBulk(pdu, target.get(i));
if (event != null) {
if (event.getResponse() != null) {
System.out.println(event.getResponse() + +
event.getResponse().getErrorStatusText());
}
else {
System.out.println(event.getResponse() is null +
event.getError());
}
}
else {
System.out.println(event is null);
}
}
try {
Thread.sleep(5000);
} catch (InterruptedException ex) {
java.util.logging.Logger.getLogger(TestPoller4j2.class.getName()).log(Level.SEVERE,
null, ex);
}
}
System.exit(0);
}
On Mon, Sep 19, 2011 at 9:26 AM, Frank Fockf...@agentpp.com wrote:
Hi,
Of course, you can have two users with different passphrases
but same security name for different targets.
As you correctly assumed, you must then use the addUser
methods and provide the authoritative engine ID each
the respective target.
I guess here is the cause of the error, because you
called UserTarget.getAuthoritativeEngineID().
That method returns an empty engine ID by default.
To discover the engine ID of a target, you would have
to use Snmp.discoverAuthoritativeEngineID(..).
Best regards,
Frank
Re: [SNMP4J] SNMP v3 USM issue
Hi, I believe USM table model will keep lastly updated password for the same user and it is not possible to have one user with two different passwords Always one USER one PWD(recently updated). Regards, Velu. On Mon, Sep 19, 2011 at 4:03 PM, Robert Pierce rpie...@actionpacked.comwrote: Hi, I'm encountering an issue with V3 and the USM. I'm trying to request information from two different devices via snmpv3 but they have the same user name but different passwords. When I try the following approach, one returns the values ok but the other device returns an authentication error. UsmUser user1 = new UsmUser(new OctetString(authPrivMd5Des), AuthMD5.ID, new OctetString(qazwsxed), PrivDES.ID, new OctetString(qazwsxed)); UsmUser user2 = new UsmUser(new OctetString(authPrivMd5Des), AuthMD5.ID, new OctetString(dewsxzaq), PrivDES.ID, new OctetString(dewsxzaq)); snmp.getUSM().addUser(new OctetString(authPrivMd5Des),user1); snmp.getUSM().addUser(new OctetString(authPrivMd5Des),user2); .. event = snmp.getBulk(pdu, target1); event = snmp.getBulk(pdu, target2); I also tried setting the engine ID but that resulted in the same thing, one was ok but the other had an authentication error. byte[] authEngineId1 = target1..getAuthoritativeEngineID(); byte[] authEngineId2 = target2..getAuthoritativeEngineID(); snmp.getUSM().addUser(new OctetString(authPrivMd5Des), new OctetString(authEngineId1),user1); snmp.getUSM().addUser(new OctetString(authPrivMd5Des), new OctetString(authEngineId2),user2); Am I doing something wrong or is this a limitation of the api? Also is there an easy way to check if the response is an error and not valid data. For example, the following response is returning an authentication failure. REPORT[reqestID=2147483647, errorStatus=0, errorIndex=0, VBS[1.3.6.1.6.3.15.1.1.5.0 = 31]] Should I be checking the returned oid with what I requested? Is there a utility that maps the oid to the appropriate error type? Thank you in advance. Robert ___ SNMP4J mailing list SNMP4J@agentpp.org http://lists.agentpp.org/mailman/listinfo/snmp4j ___ SNMP4J mailing list SNMP4J@agentpp.org http://lists.agentpp.org/mailman/listinfo/snmp4j
Re: [SNMP4J] SNMP v3 USM issue
Hi,
Thank guys for your help. So I tried getting the authorization ID via the
snmp class, that seemed to help for the most part. However, I'm seeing
something strange on a pair of devices. If I execute the code below, on the
first request the data comes back ok but on all subsequent request one of
the device will always return null. If I run the same code with only one
device, be it either one, everything works ok. I also tried rediscovering
the AuthoritativeEngineID on every request but I did not readd the user.For
whatever reason that seemed to solve the issue. However, it doesnt seem
right that I would have to rediscover on each request? Is there another
setting I'm missing? Has anyone else experienced a similar issue?
Thanks,
Robert
Sample Code:
Snmp snmp = new Snmp(transport);
USM usm = new USM(SecurityProtocols.getInstance(),
new OctetString(MPv3.createLocalEngineID()), 0);
SecurityModels.getInstance().addSecurityModel(usm);
snmp.listen();
ListString ipAddresses = new ArrayListString();
ipAddresses.add(192.168.1.13);
ipAddresses.add(192.168.1.197);
ListUserTarget target = new ArrayListUserTarget();
for (String ipAddress : ipAddresses) {
UserTarget userTarget = new UserTarget();
userTarget.setAddress(GenericAddress.parse(udp:+ipAddress+/161));
userTarget.setSecurityName(new OctetString(authPrivMd5Aes));
userTarget.setVersion(SnmpConstants.version3);
userTarget.setSecurityLevel(SecurityLevel.AUTH_PRIV);
userTarget.setTimeout(1);
userTarget.setRetries(0);
target.add(userTarget);
}
UsmUser user1 = new UsmUser(new OctetString(authPrivMd5Aes),
AuthMD5.ID,
new OctetString(qazxswed),
PrivAES128.ID,
new OctetString(qazxswed));
UsmUser user2 = new UsmUser(new OctetString(authPrivMd5Aes),
AuthMD5.ID,
new OctetString(qazxswed),
PrivAES128.ID,
new OctetString(qazxswed));
byte[] authEngineId0 =
snmp.discoverAuthoritativeEngineID(target.get(0).getAddress(), 5000);
byte[] authEngineId1 =
snmp.discoverAuthoritativeEngineID(target.get(1).getAddress(), 5000);
System.out.println(authEngineId0);
System.out.println(authEngineId1);
snmp.getUSM().addUser(new OctetString(authPrivMd5Aes), new
OctetString(authEngineId0),user1);
snmp.getUSM().addUser(new OctetString(authPrivMd5Aes), new
OctetString(authEngineId1),user2);
for (int j = 0; j 1000; j++) {
for (int i = 0; i ipAddresses.size(); i++) {
//If I rediscover again, the requests works fine but If I
dont one of the device always returns null after the first request
//snmp.discoverAuthoritativeEngineID(target.get(i).getAddress(), 5000);
PDU pdu = new ScopedPDU();
pdu.setNonRepeaters(1);
pdu.setType(PDU.GETBULK);
pdu.add(new VariableBinding(sysUpTime.getOid()));
//one device always returns null. However if run independently
both devices work ok.
event = snmp.getBulk(pdu, target.get(i));
if (event != null) {
if (event.getResponse() != null) {
System.out.println(event.getResponse() + +
event.getResponse().getErrorStatusText());
}
else {
System.out.println(event.getResponse() is null +
event.getError());
}
}
else {
System.out.println(event is null);
}
}
try {
Thread.sleep(5000);
} catch (InterruptedException ex) {
java.util.logging.Logger.getLogger(TestPoller4j2.class.getName()).log(Level.SEVERE,
null, ex);
}
}
System.exit(0);
}
On Mon, Sep 19, 2011 at 9:26 AM, Frank Fock f...@agentpp.com wrote:
Hi,
Of course, you can have two users with different passphrases
but same security name for different targets.
As you correctly assumed, you must then use the addUser
methods and provide the authoritative engine ID each
the respective target.
I guess here is the cause of the error, because you
called UserTarget.getAuthoritativeEngineID().
That method returns an empty engine ID by default.
To discover the engine ID of a target, you would have
to use Snmp.discoverAuthoritativeEngineID(..).
Best regards,
Frank
Am 19.09.2011 12:33, schrieb Robert Pierce:
Hi,
I'm encountering an issue with V3 and the USM. I'm trying to request
information from two different devices via snmpv3 but they have the same
user name but different passwords.
When I try the following approach, one returns the values ok but the
other
device returns an authentication error.
UsmUser user1 = new UsmUser(new OctetString(authPrivMd5Des),
AuthMD5.ID,
new OctetString(qazwsxed),
PrivDES.ID,
new
