[pysnmp-users] Issue with authentication setup

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

All,

I am trying to use the pysnmp to test the SNMP v3 get operation from a CLI

I wrote the snmpv3_get.py as follows:
================
#!/usr/bin/python

from pysnmp.entity.rfc3413.oneliner import cmdgen

import argparse

SNMP_PORT=161
SNMP_READ_COMMUNITY='public'
SNMP_V3_USER='admin'
SNMP_V3_AUTH_KEY='admin123'
SNMP_V3_AUTH_PROTO='sha'
SNMP_V3_PRIV_KEY='admin123'
SNMP_V3_PRIV_PROTO='aes'

AUTH_PROTOCOLS = { 'md5': cmdgen.usmHMACMD5AuthProtocol, 'sha': cmdgen.usmHMACSHAAuthProtocol }
PRIV_PROTOCOLS = { 'des': cmdgen.usmDESPrivProtocol, 'aes': cmdgen.usmAesCfb128Protocol}

def snmpv3_get(ip_addr, oid, **kwargs):
  global SNMP_PORT

  user = kwargs.get('user', SNMP_V3_USER)

  authKey = kwargs.get('authKey', SNMP_V3_AUTH_KEY)
  authProtoStr = kwargs.get('authProtocol', SNMP_V3_AUTH_PROTO)
  authProto = AUTH_PROTOCOLS[authProtoStr]

  privKey = kwargs.get('privKey', SNMP_V3_PRIV_KEY)
  privProtoStr = kwargs.get('privProtocol', SNMP_V3_PRIV_PROTO)
  privProto = PRIV_PROTOCOLS[privProtoStr]

  #print '%s %s %s %s %s' %(user, authKey, authProtoStr, privKey, privProtoStr)
  userData = cmdgen.UsmUserData(user, authKey=authKey, authProtocol=authProto, privKey=privKey, privProtocol=privProto)

  cmdGen = cmdgen.CommandGenerator()
  errorIndication, errorStatus, errorIndex, varBinds = cmdGen.getCmd( userData, cmdgen.UdpTransportTarget((ip_addr, SNMP_PORT)), oid)
  # Check for errors and print out results
  if errorIndication:
    print(errorIndication)
  else:
    if errorStatus:
      print('%s at %s' %(errorStatus.prettyPrint(), errorIndex and varBinds[int(errorIndex)-1] or '?'))
    else:
      for name, val in varBinds:
        print('%s = %s' % (name.prettyPrint(), val.prettyPrint()))

if __name__ == "__main__":
  parser = argparse.ArgumentParser()
  parser.add_argument('--user', '-u', default=SNMP_V3_USER, help='SNMP v3 user')
  parser.add_argument('--authProto', '-A', default=SNMP_V3_AUTH_PROTO, help='Authentication Protocol: md5 or sha, default to sha')
  parser.add_argument('--authKey', '-a', default=SNMP_V3_AUTH_KEY, help='Authentication Password')
  parser.add_argument('--privProto', '-P', default=SNMP_V3_PRIV_PROTO, help='Privacy Protocol: des or aes, default to aes')
  parser.add_argument('--privKey', '-p', default=SNMP_V3_PRIV_KEY, help='Privacy Password')
  parser.add_argument('ip_addr')
  parser.add_argument('oid')

  args = parser.parse_args()

  snmpv3_get(args.ip_addr, args.oid, user=args.user, authProtocol=args.authProto, authKey=args.authKey, privProtocol=args.privProto, privKey=args.privKey)

=======

I have two users defined on the snmp agent, admin (read/write) and user (read only). I can access the agents with both users using iReasoning MIB browser and Perl successfully.

However, with pysnmp, while I can read the sysDesc using admin successfully

======

% snmpv3_get.py -u admin -a admin123 -p admin123 -A sha -P aes 10.200.176.218 .1.3.6.1.2.1.1.1.0
SNMPv2-MIB::sysDescr.0 = Site Monitor Controller
======

But if use the user, I got the following error:
==============
% snmpv3_get.py -u user -a user123 -p user123 -A sha -P aes 10.200.176.218 .1.3.6.1.2.1.1.1.0
Traceback (most recent call last):
  File "./snmpv3_get.py", line 61, in <module>
    snmpv3_get(args.ip_addr, args.oid, user=args.user, authProtocol=args.authProto, authKey=args.authKey, privProtocol=args.privProto, privKey=args.privKey)
  File "./snmpv3_get.py", line 36, in snmpv3_get
    errorIndication, errorStatus, errorIndex, varBinds = cmdGen.getCmd( userData, cmdgen.UdpTransportTarget((ip_addr, SNMP_PORT)), oid)
  File "/usr/local/lib/python2.7/dist-packages/pysnmp/entity/rfc3413/oneliner/cmdgen.py", line 183, in getCmd
    **kwargs):
  File "/usr/local/lib/python2.7/dist-packages/pysnmp/hlapi/asyncore/sync/cmdgen.py", line 111, in getCmd
    lookupMib=options.get('lookupMib', True)))
  File "/usr/local/lib/python2.7/dist-packages/pysnmp/hlapi/asyncore/cmdgen.py", line 124, in getCmd
    addrName, paramsName = lcd.configure(snmpEngine, authData, transportTarget)
  File "/usr/local/lib/python2.7/dist-packages/pysnmp/hlapi/lcd.py", line 60, in configure
    securityName=authData.securityName
  File "/usr/local/lib/python2.7/dist-packages/pysnmp/entity/config.py", line 191, in addV3User
    (pysnmpUsmSecretEntry.name + (4,) + tblIdx2, 'createAndGo'))
  File "/usr/local/lib/python2.7/dist-packages/pysnmp/smi/instrum.py", line 256, in writeVars
    return self.flipFlopFsm(self.fsmWriteVar, varBinds, acInfo)
  File "/usr/local/lib/python2.7/dist-packages/pysnmp/smi/instrum.py", line 239, in flipFlopFsm
    raise origExc
pysnmp.smi.error.WrongValueError: WrongValueError({'msg': WrongValueError(), 'name': (1, 3, 6, 1, 4, 1, 20408, 3, 1, 1, 1, 2, 1, 2, 117, 115, 101, 114), 'idx': 1})
=============

Looks like I get an exception in instrum.py, but I am not sure why.

Your help are greatly appreciated.

Jing Shao
Senior Software Engineer
Lite-On Power System Solutions

Confidential Information:This message is sent to the intended recipient and may contain privileged or confidential information. If you received this transmission in error, please notify the sender with a replying e-mail and delete the message and any attachment.Transmission Caveat and Virus Alert: Internet communications cannot be guaranteed to be timely, secure, error or virus-free. The sender does not accept liability for any errors or omissions.