You are not logged in.
I am trying to setup a Linux Relay server (ArchLinux 4.1.4)(net-snmp 5.7.3) which is meant to forward incoming SNMP traps to Windows Server 2012 R2. These traps are generated by other devices within a network. Windows Server has a monitoring agent System Centre Operations Manager (SCOM) which handles any incoming traps.
I have achieved relay with simple v1 packets. I am able to send them to Linux and automatically forward to Windows. I've watched incoming packets and all seemed good. Issue appears to be happening when v3 packets come to play. I went through manual and many forums. So far nobody posted fix for this version, they all seem to be outdated and no directories specified for older versions are present on my machine.
So my problem with SNMPv3 is that authentication doesn't take place. But let me introduce you to it step by step.
I have setup account on SCOM to support SNMPv3, I have got SNMP monitors in place and I tried to perform device discovery. Apparently it is partially successful. SCOM has discovered Linux device but didn't receive SNMP response.
Once I try to perform device rediscovery SCOM sends ping request, Linux answers. Then SCOM sends SNMPv3 encryptedPDU packet and Linux replies with REPORT 1.3.6.1.6.3.15.1.1.1.0 which is usmStatsUnsupportedSecLevels(0) What I noticed is that this packet arrives with no credentials...
Wireshark output:
(...)
msgFlags: 00
.... .0.. = Reportable: Not set
.... ..0. = Encrypted: Not set
.... ...0 = Authenticated: Not set
(...)
msgAuthenticationParameters: <MISSING>
msgPrivacyParameters: <MISSING>
I tried to send SNMPv3 packets manually with snmpwalk/get commands with same result.My understanding is that SNMP doesn't know where to take those credentials from. Yet once I execute command as
snmptrap 192.168.1.128 161 .1
Then Linux forwards packets as encryptedPDU. This is strange and I really don't know where I have gone wrong. Below I have listed my config files.
Note:Linux server has only Syslog-ng and net-snmp on it. IPtables are disabled.
##############################
#snmpd.conf
##############################
#unrelevant lines from origianl conf havent been included
com2sec local 192.168.1.128/32 snmphost
com2sec local 192.168.1.0/24 snmphost
# context sec.model sec.level match read write notif
access testgroup "" any auth exact all all all
group testgroup usm snmphost
#view all included .1 80
createUser testuser SHA xxxxxxxx AES
rouser testuser auth
EngineIDType 3
master agentx
agentXSocket /var/agentx/master
agentaddress upd:161
##############################
#snmp.conf
##############################
defaultport 161
defVersion 3
defSecurityName testuser
defSecurityLevel authPriv
defAuthType SHA
defAuthPassphrase xxxxxxxx
defPrivType AES
defPrivPassphrase xxxxxxxx
defcontext ""
##############################
#snmpdtrapd.conf
##############################
authuser log,execute,net testuser priv
forward default 192.168.1.128 161
There is status:
snmpd.service - Simple Network Management Protocol Daemon
Loaded: loaded (/usr/lib/systemd/system/snmpd.service; enable; vendor preset: disabled)
Active: active(running) since Thu 2015-08-13 13:41:09 UTC 7min ago
Process: 448 ExecStart=/usr/bin/snmpd -p /run/snmpd.pid (code=exited, status=0/SUCCESS)
Main PID: 450 (snmpd)
CGroup: /system.slice/snmpd.service
450 /usr/bin/snmpd -p /run/snpmd.pid
systemd[1]: Stopped Simple Network Management Protocol (SNMP) Daemon
systemd[1]: Starting Simple Network Management Protocol (SNMP) Daemon
systemd[1]: snmpd/service: PID file /run/snmpd.pid not readable(yet?) after start: No such file or directory
systemd[1]: Stopped Simple Network Management Protocol (SNMP) Daemon
Thats all of my current findings. There is no other failures. It seems as it should work... If I come across anything new I will definitely include it.
EDIT: This is madness! I had old server based on Ubuntu 13.10 (which I feel like changing) and you will never guess what happend. Config have worked! SCOM has sent packets Ubuntu has responded and SNMPv3 packets has been exchanged and device saved...
I suspect that it has something to do with a file which contains SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -g snmp -I -smux -p /var/run/snmpd.pid' on Ubuntu it is /etc/init.d/snmpd Does someone have any idea where could it be on Arch??
I dont think this tread is closed as Arch is still not functional and it will not let me sleep until is resolved. Also other Arch users should have proper solution for v3 packets as there is nothing out there...
Last edited by TheLS (2015-08-13 16:02:24)
Offline
Yo,
I just tried to setup an snmp service and I think It's the arch version of the snmp v3 which is broken cause even the simplest configs from the arch wiki won't work, for me it just give this output when I trie to log in
Error in packet.
Reason: authorizationError (access denied to that object)Last edited by justAGuy (2015-08-23 10:30:13)
Offline