Re: [SNMP4J] SNMP v3 USM issue

Mon, 19 Sep 2011 12:27:27 -0700 

Hi,

Of course, you can have two users with different passphrases
but same security name for different targets.
As you correctly assumed, you must then use the addUser
methods and provide the authoritative engine ID each
the respective target.

I guess here is the cause of the error, because you
called UserTarget.getAuthoritativeEngineID().
That method returns an empty engine ID by default.
To discover the engine ID of a target, you would have
to use Snmp.discoverAuthoritativeEngineID(..).

Best regards,
Frank

Am 19.09.2011 12:33, schrieb Robert Pierce:
> Hi,
> I'm encountering an issue with V3 and the USM. I'm trying to request
> information from two different devices via snmpv3 but they have the same
> user name but different passwords.
>
> When I try the following approach, one returns the values ok but the other
> device returns an authentication error.
>
>     UsmUser user1 = new UsmUser(new OctetString("authPrivMd5Des"),
>              AuthMD5.ID,
>              new OctetString("qazwsxed"),
>              PrivDES.ID,
>              new OctetString("qazwsxed"));
>
>      UsmUser user2 = new UsmUser(new OctetString("authPrivMd5Des"),
>              AuthMD5.ID,
>              new OctetString("dewsxzaq"),
>              PrivDES.ID,
>              new OctetString("dewsxzaq"));
>
>      snmp.getUSM().addUser(new OctetString("authPrivMd5Des"),user1);
>      snmp.getUSM().addUser(new OctetString("authPrivMd5Des"),user2);
>     ......
>     event = snmp.getBulk(pdu, target1);
>     event = snmp.getBulk(pdu, target2);
>
>
> I also tried setting the engine ID but that resulted in the same thing, one
> was ok but the other had an authentication error.
>
>      byte[] authEngineId1 = target1..getAuthoritativeEngineID();
>      byte[] authEngineId2 = target2..getAuthoritativeEngineID();
>
>      snmp.getUSM().addUser(new OctetString("authPrivMd5Des"), new
> OctetString(authEngineId1),user1);
>      snmp.getUSM().addUser(new OctetString("authPrivMd5Des"), new
> OctetString(authEngineId2),user2);
>
>
> Am I doing something wrong or is this a limitation of the api?
>
> Also is there an easy way to check if the response is an error and not valid
> data. For example, the following response is returning an authentication
> failure.
> REPORT[reqestID=2147483647, errorStatus=0, errorIndex=0,
> VBS[1.3.6.1.6.3.15.1.1.5.0 = 31]]
> Should I be checking the returned oid with what I requested? Is there a
> utility that maps the oid to the appropriate error type?
>
>
> Thank you in advance.
>
> Robert
> _______________________________________________
> SNMP4J mailing list
> SNMP4J@agentpp.org
> http://lists.agentpp.org/mailman/listinfo/snmp4j

_______________________________________________
SNMP4J mailing list
SNMP4J@agentpp.org
http://lists.agentpp.org/mailman/listinfo/snmp4j

Reply via email to