Re: [SNMP4J] SNMP v3 USM issue
Hi Robert, If rediscovering the engine ID improves the behavior (even only for a short time) then you most likely encountered one of the most frequent SNMPv3 errors: Two SNMPv3 entities with the same engine ID. Make sure that the engine IDs in your network are unique (as the standard requires it). That will solve the problems. Best regards, Frank Am 20.09.2011 05:12, schrieb Robert Pierce: Hi, Thank guys for your help. So I tried getting the authorization ID via the snmp class, that seemed to help for the most part. However, I'm seeing something strange on a pair of devices. If I execute the code below, on the first request the data comes back ok but on all subsequent request one of the device will always return null. If I run the same code with only one device, be it either one, everything works ok. I also tried rediscovering the AuthoritativeEngineID on every request but I did not readd the user.For whatever reason that seemed to solve the issue. However, it doesnt seem right that I would have to rediscover on each request? Is there another setting I'm missing? Has anyone else experienced a similar issue? Thanks, Robert Sample Code: Snmp snmp = new Snmp(transport); USM usm = new USM(SecurityProtocols.getInstance(), new OctetString(MPv3.createLocalEngineID()), 0); SecurityModels.getInstance().addSecurityModel(usm); snmp.listen(); ListString ipAddresses = new ArrayListString(); ipAddresses.add(192.168.1.13); ipAddresses.add(192.168.1.197); ListUserTarget target = new ArrayListUserTarget(); for (String ipAddress : ipAddresses) { UserTarget userTarget = new UserTarget(); userTarget.setAddress(GenericAddress.parse(udp:+ipAddress+/161)); userTarget.setSecurityName(new OctetString(authPrivMd5Aes)); userTarget.setVersion(SnmpConstants.version3); userTarget.setSecurityLevel(SecurityLevel.AUTH_PRIV); userTarget.setTimeout(1); userTarget.setRetries(0); target.add(userTarget); } UsmUser user1 = new UsmUser(new OctetString(authPrivMd5Aes), AuthMD5.ID, new OctetString(qazxswed), PrivAES128.ID, new OctetString(qazxswed)); UsmUser user2 = new UsmUser(new OctetString(authPrivMd5Aes), AuthMD5.ID, new OctetString(qazxswed), PrivAES128.ID, new OctetString(qazxswed)); byte[] authEngineId0 = snmp.discoverAuthoritativeEngineID(target.get(0).getAddress(), 5000); byte[] authEngineId1 = snmp.discoverAuthoritativeEngineID(target.get(1).getAddress(), 5000); System.out.println(authEngineId0); System.out.println(authEngineId1); snmp.getUSM().addUser(new OctetString(authPrivMd5Aes), new OctetString(authEngineId0),user1); snmp.getUSM().addUser(new OctetString(authPrivMd5Aes), new OctetString(authEngineId1),user2); for (int j = 0; j 1000; j++) { for (int i = 0; i ipAddresses.size(); i++) { //If I rediscover again, the requests works fine but If I dont one of the device always returns null after the first request //snmp.discoverAuthoritativeEngineID(target.get(i).getAddress(), 5000); PDU pdu = new ScopedPDU(); pdu.setNonRepeaters(1); pdu.setType(PDU.GETBULK); pdu.add(new VariableBinding(sysUpTime.getOid())); //one device always returns null. However if run independently both devices work ok. event = snmp.getBulk(pdu, target.get(i)); if (event != null) { if (event.getResponse() != null) { System.out.println(event.getResponse() + + event.getResponse().getErrorStatusText()); } else { System.out.println(event.getResponse() is null + event.getError()); } } else { System.out.println(event is null); } } try { Thread.sleep(5000); } catch (InterruptedException ex) { java.util.logging.Logger.getLogger(TestPoller4j2.class.getName()).log(Level.SEVERE, null, ex); } } System.exit(0); } On Mon, Sep 19, 2011 at 9:26 AM, Frank Fockf...@agentpp.com wrote: Hi, Of course, you can have two users with different passphrases but same security name for different targets. As you correctly assumed, you must then use the addUser methods and provide the authoritative engine ID each the respective target. I guess here is the cause of the error, because you called UserTarget.getAuthoritativeEngineID(). That method returns an empty engine ID by default. To discover the engine ID of a target, you would have to use Snmp.discoverAuthoritativeEngineID(..). Best regards, Frank
Re: [SNMP4J] SNMP v3 USM issue
Hi, I believe USM table model will keep lastly updated password for the same user and it is not possible to have one user with two different passwords Always one USER one PWD(recently updated). Regards, Velu. On Mon, Sep 19, 2011 at 4:03 PM, Robert Pierce rpie...@actionpacked.comwrote: Hi, I'm encountering an issue with V3 and the USM. I'm trying to request information from two different devices via snmpv3 but they have the same user name but different passwords. When I try the following approach, one returns the values ok but the other device returns an authentication error. UsmUser user1 = new UsmUser(new OctetString(authPrivMd5Des), AuthMD5.ID, new OctetString(qazwsxed), PrivDES.ID, new OctetString(qazwsxed)); UsmUser user2 = new UsmUser(new OctetString(authPrivMd5Des), AuthMD5.ID, new OctetString(dewsxzaq), PrivDES.ID, new OctetString(dewsxzaq)); snmp.getUSM().addUser(new OctetString(authPrivMd5Des),user1); snmp.getUSM().addUser(new OctetString(authPrivMd5Des),user2); .. event = snmp.getBulk(pdu, target1); event = snmp.getBulk(pdu, target2); I also tried setting the engine ID but that resulted in the same thing, one was ok but the other had an authentication error. byte[] authEngineId1 = target1..getAuthoritativeEngineID(); byte[] authEngineId2 = target2..getAuthoritativeEngineID(); snmp.getUSM().addUser(new OctetString(authPrivMd5Des), new OctetString(authEngineId1),user1); snmp.getUSM().addUser(new OctetString(authPrivMd5Des), new OctetString(authEngineId2),user2); Am I doing something wrong or is this a limitation of the api? Also is there an easy way to check if the response is an error and not valid data. For example, the following response is returning an authentication failure. REPORT[reqestID=2147483647, errorStatus=0, errorIndex=0, VBS[1.3.6.1.6.3.15.1.1.5.0 = 31]] Should I be checking the returned oid with what I requested? Is there a utility that maps the oid to the appropriate error type? Thank you in advance. Robert ___ SNMP4J mailing list SNMP4J@agentpp.org http://lists.agentpp.org/mailman/listinfo/snmp4j ___ SNMP4J mailing list SNMP4J@agentpp.org http://lists.agentpp.org/mailman/listinfo/snmp4j
Re: [SNMP4J] SNMP v3 USM issue
Hi, Thank guys for your help. So I tried getting the authorization ID via the snmp class, that seemed to help for the most part. However, I'm seeing something strange on a pair of devices. If I execute the code below, on the first request the data comes back ok but on all subsequent request one of the device will always return null. If I run the same code with only one device, be it either one, everything works ok. I also tried rediscovering the AuthoritativeEngineID on every request but I did not readd the user.For whatever reason that seemed to solve the issue. However, it doesnt seem right that I would have to rediscover on each request? Is there another setting I'm missing? Has anyone else experienced a similar issue? Thanks, Robert Sample Code: Snmp snmp = new Snmp(transport); USM usm = new USM(SecurityProtocols.getInstance(), new OctetString(MPv3.createLocalEngineID()), 0); SecurityModels.getInstance().addSecurityModel(usm); snmp.listen(); ListString ipAddresses = new ArrayListString(); ipAddresses.add(192.168.1.13); ipAddresses.add(192.168.1.197); ListUserTarget target = new ArrayListUserTarget(); for (String ipAddress : ipAddresses) { UserTarget userTarget = new UserTarget(); userTarget.setAddress(GenericAddress.parse(udp:+ipAddress+/161)); userTarget.setSecurityName(new OctetString(authPrivMd5Aes)); userTarget.setVersion(SnmpConstants.version3); userTarget.setSecurityLevel(SecurityLevel.AUTH_PRIV); userTarget.setTimeout(1); userTarget.setRetries(0); target.add(userTarget); } UsmUser user1 = new UsmUser(new OctetString(authPrivMd5Aes), AuthMD5.ID, new OctetString(qazxswed), PrivAES128.ID, new OctetString(qazxswed)); UsmUser user2 = new UsmUser(new OctetString(authPrivMd5Aes), AuthMD5.ID, new OctetString(qazxswed), PrivAES128.ID, new OctetString(qazxswed)); byte[] authEngineId0 = snmp.discoverAuthoritativeEngineID(target.get(0).getAddress(), 5000); byte[] authEngineId1 = snmp.discoverAuthoritativeEngineID(target.get(1).getAddress(), 5000); System.out.println(authEngineId0); System.out.println(authEngineId1); snmp.getUSM().addUser(new OctetString(authPrivMd5Aes), new OctetString(authEngineId0),user1); snmp.getUSM().addUser(new OctetString(authPrivMd5Aes), new OctetString(authEngineId1),user2); for (int j = 0; j 1000; j++) { for (int i = 0; i ipAddresses.size(); i++) { //If I rediscover again, the requests works fine but If I dont one of the device always returns null after the first request //snmp.discoverAuthoritativeEngineID(target.get(i).getAddress(), 5000); PDU pdu = new ScopedPDU(); pdu.setNonRepeaters(1); pdu.setType(PDU.GETBULK); pdu.add(new VariableBinding(sysUpTime.getOid())); //one device always returns null. However if run independently both devices work ok. event = snmp.getBulk(pdu, target.get(i)); if (event != null) { if (event.getResponse() != null) { System.out.println(event.getResponse() + + event.getResponse().getErrorStatusText()); } else { System.out.println(event.getResponse() is null + event.getError()); } } else { System.out.println(event is null); } } try { Thread.sleep(5000); } catch (InterruptedException ex) { java.util.logging.Logger.getLogger(TestPoller4j2.class.getName()).log(Level.SEVERE, null, ex); } } System.exit(0); } On Mon, Sep 19, 2011 at 9:26 AM, Frank Fock f...@agentpp.com wrote: Hi, Of course, you can have two users with different passphrases but same security name for different targets. As you correctly assumed, you must then use the addUser methods and provide the authoritative engine ID each the respective target. I guess here is the cause of the error, because you called UserTarget.getAuthoritativeEngineID(). That method returns an empty engine ID by default. To discover the engine ID of a target, you would have to use Snmp.discoverAuthoritativeEngineID(..). Best regards, Frank Am 19.09.2011 12:33, schrieb Robert Pierce: Hi, I'm encountering an issue with V3 and the USM. I'm trying to request information from two different devices via snmpv3 but they have the same user name but different passwords. When I try the following approach, one returns the values ok but the other device returns an authentication error. UsmUser user1 = new UsmUser(new OctetString(authPrivMd5Des), AuthMD5.ID, new OctetString(qazwsxed), PrivDES.ID, new