Hi Frank, The default configuration covers the whole 1.3 tree with "fullReadView", which is fine enough. If I understand correctly, that makes the whole tree in 1.3 branch accessible for reading ...
=== vacm.addViewTreeFamily(new OctetString("fullReadView"), new OID("1.3"), new OctetString(), VacmMIB.vacmViewIncluded, StorageType.nonVolatile); Now, I added the following statement as well: === vacm.addViewTreeFamily(new OctetString("fullWriteView"), new OID("1.3.6.1.3.22"), new OctetString(), VacmMIB.vacmViewIncluded, StorageType.nonVolatile); which if I understand the syntax correctly, should add the " fullWriteView" access to the whole experimental root that I am using. I am not sure how the debug information helps me in this case, since it points out that "private" context is found (23705 [DefaultUDPTransportMapping_0.0.0.0/161] DEBUG org.snmp4j.agent.mo.snmp.SnmpCommunityMIB - Looking up coexistence info for 'private') and then the request was created successfully. The only line that causes some concerns is the following: 77558 [DefaultUDPTransportMapping_0.0.0.0/161] DEBUG org.snmp4j.agent.request.SnmpRequest - SnmpSubRequests initialized: [org.snmp4j.agent.request.SnmpRequest$SnmpSubRequest[scope=org.snmp4j.agent. DefaultMOContextScope[context=private,lowerBound=1.3.6.1.3.22.2.10.1,lowerIn cluded=true,upperBound=1.3.6.1.3.22.2.10.1,upperIncluded=true],vb=1.3.6.1.3. 22.2.10.1 = 12,status=org.snmp4j.agent.request.RequestStatus@6d7300f9,query=null,index=0 ,targetMO=null]] where the targetMO is marked as null. I also examined how 5 test scalar objects are created 179 [main] INFO org.snmp4j.agent.DefaultMOServer - Registered MO org.snmp4j.agent.mo.MOScalar[oid=1.3.6.1.3.22.1.1.0,access=org.snmp4j.agent. mo.MOAccessImpl@4a05fd83,value=Marek-HP,volatile=false] in default context with scope org.snmp4j.agent.mo.MOScalar[oid=1.3.6.1.3.22.1.1.0,access=org.snmp4j.agent. mo.MOAccessImpl@4a05fd83,value=Marek-HP,volatile=false] 179 [main] INFO org.snmp4j.agent.DefaultMOServer - Registered MO org.snmp4j.agent.mo.MOScalar[oid=1.3.6.1.3.22.1.2.0,access=org.snmp4j.agent. mo.MOAccessImpl@4a05fd83,value=C:\Musicas,volatile=false] in default context with scope org.snmp4j.agent.mo.MOScalar[oid=1.3.6.1.3.22.1.2.0,access=org.snmp4j.agent. mo.MOAccessImpl@4a05fd83,value=C:\Musicas,volatile=false] 180 [main] INFO org.snmp4j.agent.DefaultMOServer - Registered MO org.snmp4j.agent.mo.MOScalar[oid=1.3.6.1.3.22.1.3.0,access=org.snmp4j.agent. mo.MOAccessImpl@4a05fd83,value=MediaMonkey,volatile=false] in default context with scope org.snmp4j.agent.mo.MOScalar[oid=1.3.6.1.3.22.1.3.0,access=org.snmp4j.agent. mo.MOAccessImpl@4a05fd83,value=MediaMonkey,volatile=false] 180 [main] INFO org.snmp4j.agent.DefaultMOServer - Registered MO org.snmp4j.agent.mo.MOScalar[oid=1.3.6.1.3.22.1.4.0,access=org.snmp4j.agent. mo.MOAccessImpl@4a05fd83,value=0,volatile=false] in default context with scope org.snmp4j.agent.mo.MOScalar[oid=1.3.6.1.3.22.1.4.0,access=org.snmp4j.agent. mo.MOAccessImpl@4a05fd83,value=0,volatile=false] 180 [main] INFO org.snmp4j.agent.DefaultMOServer - Registered MO org.snmp4j.agent.mo.MOScalar[oid=1.3.6.1.3.22.1.5.0,access=org.snmp4j.agent. mo.MOAccessImpl@674e5e21,value=15,volatile=false] in default context with scope org.snmp4j.agent.mo.MOScalar[oid=1.3.6.1.3.22.1.5.0,access=org.snmp4j.agent. mo.MOAccessImpl@674e5e21,value=15,volatile=false] Objects with OID = 1.3.6.1.3.22.1.1.0, 1.3.6.1.3.22.1.2.0, 1.3.6.1.3.22.1.3.0, and 1.3.6.1.3.22.1.4.0 are created as read-only, and 1.3.6.1.3.22.1.5.0 is created as read-write, and that is visible in the difference in the access=org.snmp4j.agent.mo.MOAccessImpl@ statements. However, how to combine that together, is not clear to me ... sorry Marek -----Original Message----- From: snmp4j-boun...@agentpp.org [mailto:snmp4j-boun...@agentpp.org] On Behalf Of Frank Fock Sent: Tuesday, 02 April, 2013 8:50 PM To: snmp4j@agentpp.org Subject: Re: [SNMP4J] SET access to created managed objects Hi Marek, You have to setup the VACM properly in order to allow access to the OID/subtree you are requesting. The default VACM configuration does not include the "experimental" sub-tree IMHO. The log output gives you more detailed hints. Best regards, Frank Am 02.04.2013 11:13, schrieb Marek Hajduczenia: > Dear colleagues, > > > > I create a very simple scalar in my agent: > > > > OID oidTest = new OID("1.3.6.1.3.22.1.5.0"); > > MOScalar sysScalarTest = new MOScalar(oidTest, > MOAccessImpl.ACCESS_READ_WRITE, new Integer32(15)); > > server.registerManagedObject(sysScalarTest); > > > > and then would like to change its value remotely using the MIB > browser. What I get back on the debug in Eclipse is the "Error 'Authorization error' > generated at: 1.3.6.1.3.22.1.5.0 = 123" preceded by debug information > about the message exchange and status exchange between agent and MIB browser. > Everything seems fine, i.e., "private" community is found, request > with the private scope was created and proper object was found. > However, when time to change came around, no change was done. > > > > =========================================================== > > > > 20353 [DefaultUDPTransportMapping_127.0.0.1/2001] DEBUG > org.snmp4j.transport.DefaultUdpTransportMapping - Received message > from > localhost/127.0.0.1/56019 with length 45: > 30:2b:02:01:01:04:07:70:72:69:76:61:74:65:a3:1d:02:04:5a:ad:24:55:02:0 > 1:00:0 2:01:00:30:0f:30:0d:06:08:2b:06:01:03:16:01:05:00:02:01:7b > > 20354 [DefaultUDPTransportMapping_127.0.0.1/2001] DEBUG > org.snmp4j.Snmp - Fire process PDU event: > CommandResponderEvent[securityModel=2, > securityLevel=1, maxSizeResponsePDU=65535, > pduHandle=PduHandle[1521296469], > stateReference=StateReference[msgID=0,pduHandle=PduHandle[1521296469], > securi > tyEngineID=null,securityModel=null,securityName=private,securityLevel= > 1,cont extEngineID=null,contextName=null,retryMsgIDs=null], > pdu=SET[requestID=1521296469, errorStatus=Success(0), errorIndex=0, > VBS[1.3.6.1.3.22.1.5.0 = 123]], messageProcessingModel=1, > securityName=private, processed=false, peerAddress=127.0.0.1/56019, > transportMapping=org.snmp4j.transport.DefaultUdpTransportMapping@36c8e > 545, > tmStateReference=null] > > 20354 [DefaultUDPTransportMapping_127.0.0.1/2001] DEBUG > org.snmp4j.agent.mo.snmp.SnmpCommunityMIB - Looking up coexistence > info for 'private' > > 20355 [DefaultUDPTransportMapping_127.0.0.1/2001] DEBUG > org.snmp4j.agent.mo.snmp.SnmpCommunityMIB - Found coexistence info > for > 'private'=CoexistenceInfo[securityName=cprivate,contextEngineID=80:00:13:70: > 01:c0:a8:01:04,contextName=private,transportTag=] > > 20356 [DefaultUDPTransportMapping_127.0.0.1/2001] DEBUG > org.snmp4j.agent.mo.snmp.SnmpCommunityMIB - Address 127.0.0.1/56019 > passes filter, because source address filtering is disabled > > 20356 [DefaultUDPTransportMapping_127.0.0.1/2001] DEBUG > org.snmp4j.agent.request.SnmpRequest - Created subrequest 0 with > scope org.snmp4j.agent.DefaultMOContextScope[context=private,lowerBound=1.3.6.1.3. > 22.1.5.0,lowerIncluded=true,upperBound=1.3.6.1.3.22.1.5.0,upperInclude > d=true > ] from 1.3.6.1.3.22.1.5.0 = 123 > > 20356 [DefaultUDPTransportMapping_127.0.0.1/2001] DEBUG > org.snmp4j.agent.request.SnmpRequest - SnmpSubRequests initialized: > [org.snmp4j.agent.request.SnmpRequest$SnmpSubRequest[scope=org.snmp4j.agent. > DefaultMOContextScope[context=private,lowerBound=1.3.6.1.3.22.1.5.0,lo > werInc > luded=true,upperBound=1.3.6.1.3.22.1.5.0,upperIncluded=true],vb=1.3.6. > 1.3.22 > .1.5.0 = > 123,status=org.snmp4j.agent.request.RequestStatus@6ceac619,query=null, > index= > 0,targetMO=null]] > > 20358 [DefaultUDPTransportMapping_127.0.0.1/2001] DEBUG > org.snmp4j.transport.DefaultUdpTransportMapping - Sending message to > 127.0.0.1/56019 with length 45: > 30:2b:02:01:01:04:07:70:72:69:76:61:74:65:a2:1d:02:04:5a:ad:24:55:02:0 > 1:10:0 2:01:01:30:0f:30:0d:06:08:2b:06:01:03:16:01:05:00:02:01:7b > > java.lang.Exception: Error 'Authorization error' generated at: > 1.3.6.1.3.22.1.5.0 = 123 > > at > org.snmp4j.agent.request.SnmpRequest$SnmpSubRequest.requestStatusChang > ed(Snm > pRequest.java:617) > > at > org.snmp4j.agent.request.RequestStatus.fireRequestStatusChanged(Reques > tStatu > s.java:89) > > at > org.snmp4j.agent.request.RequestStatus.setErrorStatus(RequestStatus.ja > va:52) > > at > org.snmp4j.agent.CommandProcessor.setAuthorizationError(CommandProcess > or.jav > a:499) > > at > org.snmp4j.agent.CommandProcessor.processRequest(CommandProcessor.java > :378) > > at > org.snmp4j.agent.CommandProcessor.dispatchCommand(CommandProcessor.jav > a:339) > > at > org.snmp4j.agent.CommandProcessor$Command.run(CommandProcessor.java:55 > 9) > > at > org.snmp4j.agent.CommandProcessor.processPdu(CommandProcessor.java:162 > ) > > at > org.snmp4j.MessageDispatcherImpl.fireProcessPdu(MessageDispatcherImpl. > java:6 > 64) > > at > org.snmp4j.MessageDispatcherImpl.dispatchMessage(MessageDispatcherImpl.java: > 297) > > at > org.snmp4j.MessageDispatcherImpl.processMessage(MessageDispatcherImpl. > java:3 > 68) > > at > org.snmp4j.MessageDispatcherImpl.processMessage(MessageDispatcherImpl. > java:3 > 28) > > at > org.snmp4j.transport.AbstractTransportMapping.fireProcessMessage(Abstr > actTra > nsportMapping.java:76) > > at > org.snmp4j.transport.DefaultUdpTransportMapping$ListenThread.run(Defau > ltUdpT > ransportMapping.java:378) > > at java.lang.Thread.run(Unknown Source) > > > > =========================================================== > > > > Definition of the "public" and "private" communities are as follows: > > > > protected void addCommunities(SnmpCommunityMIB > communityMIB) > > > { > > Variable[] com2sec1 = new Variable[] > > { > > new > OctetString("public"), > > new > OctetString("cpublic"), // security name > > > getAgent().getContextEngineID(), // local engine ID > > new > OctetString("public"), // default context name > > new OctetString(), // > transport tag > > new > Integer32(StorageType.nonVolatile), // storage type > > new > Integer32(RowStatus.active) // row status > > }; > > > > Variable[] com2sec2 = new Variable[] > > { > > new > OctetString("private"), > > new > OctetString("cprivate"), // security name > > > getAgent().getContextEngineID(), // local engine ID > > new > OctetString("private"), // default context name > > new OctetString(), // > transport tag > > new > Integer32(StorageType.nonVolatile), // storage type > > new > Integer32(RowStatus.active) // row status > > }; > > > > MOTableRow row2 = > communityMIB.getSnmpCommunityEntry().createRow(new > OctetString("private").toSubIndex(true), com2sec2); > > MOTableRow row1 = > communityMIB.getSnmpCommunityEntry().createRow(new > OctetString("public").toSubIndex(true), com2sec1); > > > communityMIB.getSnmpCommunityEntry().addRow(row2); > > > communityMIB.getSnmpCommunityEntry().addRow(row1); > > > > } > > > > and > > > > /** > > * Adds initial VACM configuration. > > */ > > @Override > > protected void addViews(VacmMIB vacm) > > { > > > vacm.addGroup(SecurityModel.SECURITY_MODEL_SNMPv2c, new > OctetString("cpublic"), new OctetString("v1v2group"), > StorageType.nonVolatile); > > > vacm.addGroup(SecurityModel.SECURITY_MODEL_SNMPv2c, new > OctetString("cprivate"), new OctetString("v1v2group"), > StorageType.nonVolatile); > > > > vacm.addAccess(new > OctetString("v1v2group"), new OctetString("public"), > SecurityModel.SECURITY_MODEL_ANY, SecurityLevel.NOAUTH_NOPRIV, > MutableVACM.VACM_MATCH_EXACT, new OctetString("fullReadView"), new > OctetString("fullWriteView"), new OctetString("fullNotifyView"), > StorageType.nonVolatile); > > vacm.addAccess(new > OctetString("v1v2group"), new OctetString("private"), > SecurityModel.SECURITY_MODEL_SNMPv2c, > SecurityLevel.NOAUTH_NOPRIV, MutableVACM.VACM_MATCH_EXACT, new > OctetString("fullReadView"), new OctetString("fullWriteView"), new > OctetString("fullNotifyView"), StorageType.nonVolatile); > > > > // vacm.addViewTreeFamily(new > OctetString("fullReadView"), new OID("1.3"), new OctetString(), > VacmMIB.vacmViewIncluded, StorageType.nonVolatile); > > vacm.addViewTreeFamily(new > OctetString("fullWriteView"), new OID("1.3.6.1.3.22.2.10"), new > OctetString(), VacmMIB.vacmViewIncluded, StorageType.nonVolatile); > > } > > > > I think all the areas where changes were needed, were added. The only > suspicion that I have is that the default context for all newly > created objects may be set to "public" rather than "private" and I > have no clue right now where to change it and how to do it. > > > > Any suggestions / hints? > > > > Thank you in advance > > > > Marek > > _______________________________________________ > SNMP4J mailing list > SNMP4J@agentpp.org > http://lists.agentpp.org/mailman/listinfo/snmp4j -- --- AGENT++ Maximilian-Kolbe-Str. 10 73257 Koengen, Germany https://agentpp.com Phone: +49 7024 8688230 Fax: +49 7024 8688231 _______________________________________________ SNMP4J mailing list SNMP4J@agentpp.org http://lists.agentpp.org/mailman/listinfo/snmp4j _______________________________________________ SNMP4J mailing list SNMP4J@agentpp.org http://lists.agentpp.org/mailman/listinfo/snmp4j