Re: [SNMP4J] VACM access denied

Thu, 26 Sep 2013 16:36:53 -0700 

Hi Joseph,

As the error message points out, you have to configure the VACM
to allow access to OID 1.3.6.1.4.1.33687.1.2.0.1 for the SNMPv3 user
that is configured to be used when notifications are sent out.

Best regards,
Frank


Am 26.09.2013 13:29, schrieb jlazar:

Hi,
I'm using the following code to setup and then send notifications both to a defined V1 and V3 target. It seems that the V1 notification goes out but for V3 it fails with VACM access denied. Please help me, I'm hopeless. 

    protected void addNotificationTargets(SnmpTargetMIB targetMIB,
            SnmpNotificationMIB notificationMIB) {
        log("Adding notification targets");
        targetMIB.addDefaultTDomains();

        targetMIB.addTargetAddress(new OctetString("notificationV2c"),
                TransportDomains.transportDomainUdpIpv4,
                new OctetString(
                        new UdpAddress("127.0.0.1/162").getValue()),
                200, 1,
                new OctetString("notify"),
                new OctetString("v2c"),
                StorageType.permanent);
        targetMIB.addTargetAddress(new OctetString("notificationV3"),
                TransportDomains.transportDomainUdpIpv4,
                new OctetString(
                        new UdpAddress("127.0.0.1/1162").getValue()),
                200, 1,
                new OctetString("notify"),
                new OctetString("v3notify"),
                StorageType.permanent);

        targetMIB.addTargetParams(new OctetString("v2c"),
                MessageProcessingModel.MPv2c,
                SecurityModel.SECURITY_MODEL_SNMPv2c,
                new OctetString("cpublic"),
                SecurityLevel.AUTH_PRIV,
                StorageType.permanent);
        targetMIB.addTargetParams(new OctetString("v3notify"),
                MessageProcessingModel.MPv3,
                SecurityModel.SECURITY_MODEL_USM,
                new OctetString("v3notify"),
                SecurityLevel.NOAUTH_NOPRIV,
                StorageType.permanent);

        notificationMIB.addNotifyEntry(new OctetString("default"),
                new OctetString("notify"),
                SnmpNotificationMIB.SnmpNotifyTypeEnum.inform,
                StorageType.permanent);
    }

    protected void addViews(VacmMIB vacm) {
        vacm.addGroup(SecurityModel.SECURITY_MODEL_SNMPv1,
                    new OctetString("cpublic"),
                    new OctetString("v1v2group"),
                    StorageType.nonVolatile);

        vacm.addGroup(SecurityModel.SECURITY_MODEL_SNMPv2c,
                new OctetString("cpublic"),
                new OctetString("v1v2group"),
                StorageType.nonVolatile);

        vacm.addGroup(SecurityModel.SECURITY_MODEL_USM,
new OctetString(fSNMPMappings.getUSMUser().getSecutiryName()), 
                new OctetString("v3group"),
                StorageType.nonVolatile);

        vacm.addAccess(new OctetString("v1v2group"),
                new OctetString("public"),
                SecurityModel.SECURITY_MODEL_ANY,
                SecurityLevel.NOAUTH_NOPRIV,
                MutableVACM.VACM_MATCH_EXACT,
                new OctetString("fullReadView"),
                new OctetString("fullWriteView"),
                new OctetString("fullNotifyView"),
                StorageType.nonVolatile);

        int level = SecurityLevel.AUTH_NOPRIV;
        vacm.addAccess(new OctetString("v3group"),
                new OctetString("public"),
                SecurityModel.SECURITY_MODEL_USM,
                level,
                MutableVACM.VACM_MATCH_EXACT,
                new OctetString("fullReadView"),
                new OctetString("fullWriteView"),
                new OctetString("fullNotifyView"),
                StorageType.nonVolatile);
vacm.addViewTreeFamily(new OctetString("fullReadView"), new OID("1.3"), 
                new OctetString(), MutableVACM.VACM_VIEW_INCLUDED,
                StorageType.nonVolatile);
vacm.addViewTreeFamily(new OctetString("fullWriteView"), new OID("1.3"), 
                new OctetString(), MutableVACM.VACM_VIEW_INCLUDED,
                StorageType.nonVolatile);
vacm.addViewTreeFamily(new OctetString("fullNotifyView"), new OID("1.3"), 
                new OctetString(), MutableVACM.VACM_VIEW_INCLUDED,
                StorageType.nonVolatile);
    }

    public void sendNotify(SNMPNotification notify) {
        Event e = notify.getSourceEvent();
        String text = notify.getEventBarText();
        VariableBinding[] payload = new VariableBinding[8];
        MOScalar oid = fNetavisMib.getO2EventName();
        oid.setValue(new OctetString(e.getName()));
        payload[0] = new VariableBinding(oid.getID(), oid.getValue());

        oid = fNetavisMib.getO2EventNumber();
        oid.setValue(new Integer32(e.getOwnID()));
        payload[1] = new VariableBinding(oid.getID(), oid.getValue());

        oid = fNetavisMib.getO2EventStamp();
        oid.setValue(new Integer32((int)(e.getEventStamp() / 1000L)));
        payload[2] = new VariableBinding(oid.getID(), oid.getValue());

        int id = 0;
        String name = "";
        if (e.isCameraSpecific()) {
            id = e.getCameraID();
            name = e.getCameraName();
        }
        oid = fNetavisMib.getO2EventCameraID();
        oid.setValue(new Integer32(id));
        payload[3] = new VariableBinding(oid.getID(), oid.getValue());

        oid = fNetavisMib.getO2EventCameraName();
        oid.setValue(new OctetString(name));
        payload[4] = new VariableBinding(oid.getID(), oid.getValue());

        id = 0;
        name = "";
        if (e.isUserSpecific()) {
            id = e.getUserID();
            name = e.gimmeUserName();
        }
        oid = fNetavisMib.getO2EventUserID();
        oid.setValue(new Integer32(id));
        payload[5] = new VariableBinding(oid.getID(), oid.getValue());

        oid = fNetavisMib.getO2EventUserName();
        oid.setValue(new OctetString(name));
        payload[6] = new VariableBinding(oid.getID(), oid.getValue());

        oid = fNetavisMib.getO2EventDescription();
        oid.setValue(new OctetString(text));
        payload[7] = new VariableBinding(oid.getID(), oid.getValue());

        fNetavisMib.o2Event(agent.getNotificationOriginator(),
                new OctetString("public"), payload);
        log("TRAP has been sent for event: '" + text + "'");
    }

  // Notifications
  public void o2Event(NotificationOriginator notificationOriginator,
OctetString context, VariableBinding[] vbs) { 
    if (vbs.length < 8) {
throw new IllegalArgumentException("Too few notification objects: "+ 
                                         vbs.length+"<8");
    }
    if (!(vbs[0].getOid().startsWith(oidTrapVarO2EventName))) {
throw new IllegalArgumentException("Variable 0 has wrong OID: "+vbs[0].getOid()+ " does not start with "+oidTrapVarO2EventName); 
    }
    if (!(vbs[1].getOid().startsWith(oidTrapVarO2EventNumber))) {
throw new IllegalArgumentException("Variable 1 has wrong OID: "+vbs[1].getOid()+ " does not start with "+oidTrapVarO2EventNumber); 
    }
    if (!(vbs[2].getOid().startsWith(oidTrapVarO2EventStamp))) {
throw new IllegalArgumentException("Variable 2 has wrong OID: "+vbs[2].getOid()+ " does not start with "+oidTrapVarO2EventStamp); 
    }
    if (!(vbs[3].getOid().startsWith(oidTrapVarO2EventCameraID))) {
throw new IllegalArgumentException("Variable 3 has wrong OID: "+vbs[3].getOid()+ " does not start with "+oidTrapVarO2EventCameraID); 
    }
    if (!(vbs[4].getOid().startsWith(oidTrapVarO2EventCameraName))) {
throw new IllegalArgumentException("Variable 4 has wrong OID: "+vbs[4].getOid()+ " does not start with "+oidTrapVarO2EventCameraName); 
    }
    if (!(vbs[5].getOid().startsWith(oidTrapVarO2EventUserID))) {
throw new IllegalArgumentException("Variable 5 has wrong OID: "+vbs[5].getOid()+ " does not start with "+oidTrapVarO2EventUserID); 
    }
    if (!(vbs[6].getOid().startsWith(oidTrapVarO2EventUserName))) {
throw new IllegalArgumentException("Variable 6 has wrong OID: "+vbs[6].getOid()+ " does not start with "+oidTrapVarO2EventUserName); 
    }
    if (!(vbs[7].getOid().startsWith(oidTrapVarO2EventDescription))) {
throw new IllegalArgumentException("Variable 7 has wrong OID: "+vbs[7].getOid()+ " does not start with "+oidTrapVarO2EventDescription); 
    }
    notificationOriginator.notify(context, oidO2Event, vbs);
  }


Output after an event:
INFO: Sent notification INFORM[requestID=995562723, errorStatus=Success(0), errorIndex=0, VBS[1.3.6.1.2.1.1.3.0 = 0:02:08.39; 1.3.6.1.6.3.1.1.4.1.0 = 1.3.6.1.4.1.33687.1.2.0.1; 1.3.6.1.4.1.33687.1.1.3.1.0 = UserLoggedIn; 1.3.6.1.4.1.33687.1.1.3.2.0 = 28175745; 1.3.6.1.4.1.33687.1.1.3.3.0 = 1379312532; 1.3.6.1.4.1.33687.1.1.3.4.0 = 0; 1.3.6.1.4.1.33687.1.1.3.5.0 = ; 1.3.6.1.4.1.33687.1.1.3.6.0 = 1; 1.3.6.1.4.1.33687.1.1.3.7.0 = ; 1.3.6.1.4.1.33687.1.1.3.9.0 = User [email protected] logged in]] to CommunityTarget[address=127.0.0.1/162, version=1, timeout=2000, retries=1, community=cpublic] 
Sep 16, 2013 8:22:17 AM org.snmp4j.log.JavaLogAdapter log
WARNING: Access denied by VACM for 1.3.6.1.4.1.33687.1.2.0.1

Thanks for any help.

Joseph
_______________________________________________
SNMP4J mailing list
[email protected]
http://lists.agentpp.org/mailman/listinfo/snmp4j


--
---
AGENT++
Maximilian-Kolbe-Str. 10
73257 Koengen, Germany
https://agentpp.com
Phone: +49 7024 8688230
Fax:   +49 7024 8688231

_______________________________________________
SNMP4J mailing list
[email protected]
http://lists.agentpp.org/mailman/listinfo/snmp4j

Reply via email to