From: Patrick G. <pt...@ho...> - 2005-12-27 18:58:15
|
> >Use a net-snmp agent and client for a test. > >Can you actually grab snmp data from the node with snmp V3 ? > >snmpget -v 3 -u opennmsUser -l authNoPriv -a MD5 -A 0p3nNMSv3 "ip of v3 >node" sysUpTime.0 > >or > >snmpget -v 3 -u opennmsUser -l authPriv -a MD5 -A 0p3nNMSv3 -x DES -X >0p3nNMSv3 "ip of v3 node" sysUpTime.0 > > >Do you have an opennms.conf with this in it? > >ADDITIONAL_MANAGER_OPTIONS="-Dorg.opennms.snmp.strategyClass=org.opennms.netmgt.snmp.snmp4j.Snmp4JStrategy" > > > > <definition version="v3" > timeout="5000" > security-name="opennmsUser" > auth-passphrase="0p3nNMSv3"> > <specific>192.168.20.21</specific> > <specific>192.168.20.29</specific> > </definition> > >Command used to create snmp v3 user on net-snmp-5.2.1.2-fc4.1. > >net-snmp-config --create-snmpv3-user -a 0p3nNMSv3 opennmsUser > >Make sure you rescan node, you can tail the capsd file to look for >errors, I also like to crank up collection when testing to a very short >interval for a particular node when testing, you can create a unique >package in colectd-configuration.xml. Than I will tail the collectd log >as well. > > > >Ted Hey Ted, Yep, I can get data back from the target system using v3. I tested it using both authPriv and authNoPriv and get a successful response. I've doublechecked the opennms.conf file and all looks good there. As long as I configure the target system to accept authNoPriv, v3 works fine with OpenNMS. The problem only rises when I try to force privacy on the connection (i.e. authPriv). It is then that things break down. I think I have two separate problems here: 1. Overriding the default passsphrase for encryption - I've tried everything I know to do, but the logs still show the default passphrase. It may be that it is actually changing it correctly, just not logging it right. 2. Forcing OpenNMS to use encryption and authentication for v3 connections - According to the sample snmp-config.xml file, it is possible to set attributes to control the behavior of OpenNMS (NoAuthNoPriv, AuthNoPriv or AuthPriv), but it isn't clear how one goes about doing this. My next stop is the source code itself. I'm hoping that some clues to the solution are contained therein... Patrick |