Yep, that did it. Thanks a bunch for your help.
Adi. -----Original Message----- From: Rodrigues, Rui 1. (NSN - PT/Amadora) [mailto:[email protected]] Sent: Tuesday, June 28, 2011 11:56 AM To: Adi Leibovich; [email protected] Subject: RE: [SNMP4J] SNMP4J/NET-SNMP Interoperability issue? Hello, When using wrong credentials, the agent answer is a report and not a get-response. The report comes with the error in the varbind list. In this case 1.3.6.1.6.3.15.1.1.5.0 is UsmStatsWrongDigests. You can have other kind of errors for wrong credentials: oidUsmStatsUnsupportedSecLevels "1.3.6.1.6.3.15.1.1.1.0" -> wrong protocols oidUsmStatsUnknownUserNames "1.3.6.1.6.3.15.1.1.3.0" -> wrong user names oidUsmStatsWrongDigests "1.3.6.1.6.3.15.1.1.5.0" -> wrong password oidUsmStatsDecryptionErrors "1.3.6.1.6.3.15.1.1.6.0" So you need to check if you received a report instead of a response and treat it accordingly. I hope it helps. Regards, RAR -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of ext Adi Leibovich Sent: Tuesday, June 28, 2011 9:50 AM To: [email protected] Subject: [SNMP4J] SNMP4J/NET-SNMP Interoperability issue? Hi Guys, I am using SNMP4J to send out V3 SET PDUs to remote NET-SNMP based agents. The PDU goes out with AuthSHA and PrivAES128. Whenever there is an encryption problem, e.g.: wrong passphrase, wrong encryption method, I get a response PDU with not errors, so my application thinks all went well, despite the SET having failed. I am really not sure whether this is an SNMP4J problem, as wireshark shows (below) that the response PDU coming back from NET-SNMP has no error. =========== Beginning of response PDU from the agent to my application with a wrong privacy passphrase=============================================== No. Time Source Destination Protocol Info 11213 50.968502 192.168.170.2 10.20.15.31 SNMP report 1.3.6.1.6.3.15.1.1.5.0 Frame 11213: 152 bytes on wire (1216 bits), 152 bytes captured (1216 bits) Ethernet II, Src: Cisco_c1:78:4d (00:1d:45:c1:78:4d), Dst: Vmware_9b:15:e6 (00:50:56:9b:15:e6) Internet Protocol, Src: 192.168.170.2 (192.168.170.2), Dst: 10.20.15.31 (10.20.15.31) User Datagram Protocol, Src Port: snmp (161), Dst Port: 62964 (62964) Simple Network Management Protocol msgVersion: snmpv3 (3) msgGlobalData msgID: 593963951 msgMaxSize: 65507 msgFlags: 00 .... .0.. = Reportable: Not set .... ..0. = Encrypted: Not set .... ...0 = Authenticated: Not set msgSecurityModel: USM (3) msgAuthoritativeEngineID: 800084a303001348006c03 1... .... = Engine ID Conformance: RFC3411 (SNMPv3) Engine Enterprise ID: Better Place (33955) Engine ID Format: MAC address (3) Engine ID Data: MAC address: ArtilaEl_00:6c:03 (00:13:48:00:6c:03) msgAuthoritativeEngineBoots: 1 msgAuthoritativeEngineTime: 67045 msgUserName: MrBetter msgAuthenticationParameters: <MISSING> msgPrivacyParameters: <MISSING> msgData: plaintext (0) plaintext contextEngineID: 800084a303001348006c03 1... .... = Engine ID Conformance: RFC3411 (SNMPv3) Engine Enterprise ID: Better Place (33955) Engine ID Format: MAC address (3) Engine ID Data: MAC address: ArtilaEl_00:6c:03 (00:13:48:00:6c:03) contextName: <MISSING> data: report (8) report request-id: 0 error-status: noError (0) error-index: 0 variable-bindings: 1 item 1.3.6.1.6.3.15.1.1.5.0: Object Name: 1.3.6.1.6.3.15.1.1.5.0 (iso.3.6.1.6.3.15.1.1.5.0) ================== END of response PDU from the agent to my application with a wrong privacy passphrase================================================== ================== Beginning of response PDU from the agent to my application with a working passphrase================================================== No. Time Source Destination Protocol Info 497744 2212.114608 192.168.170.2 10.20.15.31 SNMP report 1.3.6.1.6.3.15.1.1.2.0 Frame 497744: 163 bytes on wire (1304 bits), 163 bytes captured (1304 bits) Ethernet II, Src: Cisco_c1:78:4d (00:1d:45:c1:78:4d), Dst: Vmware_9b:15:e6 (00:50:56:9b:15:e6) Internet Protocol, Src: 192.168.170.2 (192.168.170.2), Dst: 10.20.15.31 (10.20.15.31) User Datagram Protocol, Src Port: snmp (161), Dst Port: 59523 (59523) Simple Network Management Protocol msgVersion: snmpv3 (3) msgGlobalData msgID: 294083199 msgMaxSize: 65507 msgFlags: 01 .... .0.. = Reportable: Not set .... ..0. = Encrypted: Not set .... ...1 = Authenticated: Set msgSecurityModel: USM (3) msgAuthoritativeEngineID: 800084a303001348006c03 1... .... = Engine ID Conformance: RFC3411 (SNMPv3) Engine Enterprise ID: Better Place (33955) Engine ID Format: MAC address (3) Engine ID Data: MAC address: ArtilaEl_00:6c:03 (00:13:48:00:6c:03) msgAuthoritativeEngineBoots: 1 msgAuthoritativeEngineTime: 1833 msgUserName: MrErKrlr msgAuthenticationParameters: b17c228272f3b49ede4400b2 [Authentication: OK] [Expert Info (Chat/Checksum): SNMP Authentication OK] msgPrivacyParameters: <MISSING> msgData: plaintext (0) plaintext contextEngineID: 800084a303001348006c03 1... .... = Engine ID Conformance: RFC3411 (SNMPv3) Engine Enterprise ID: Better Place (33955) Engine ID Format: MAC address (3) Engine ID Data: MAC address: ArtilaEl_00:6c:03 (00:13:48:00:6c:03) contextName: <MISSING> data: report (8) report request-id: 0 error-status: noError (0) error-index: 0 variable-bindings: 1 item 1.3.6.1.6.3.15.1.1.2.0: Object Name: 1.3.6.1.6.3.15.1.1.2.0 (iso.3.6.1.6.3.15.1.1.2.0) ============ End of response PDU from the agent to my application with a working passphrase================================================== As you can see, both PDUs have no errors. Could you tell me what you think? Is this a NET-SNMP issue? Thanks! Adi Adi Leibowitz |Products Manager - Software Group, Matrix IT [email protected] | M: +972(0)544959876 | T: +972(0)99598738 _______________________________________________ SNMP4J mailing list [email protected] http://lists.agentpp.org/mailman/listinfo/snmp4j This mail was received and tested using PineApp HZ _______________________________________________ SNMP4J mailing list [email protected] http://lists.agentpp.org/mailman/listinfo/snmp4j
