usmAddUserName v usmAddUser
Frank Fock
Frank.Fock____t-online.de
Mon Sep 23 20:48:08 CEST 2002
Hi Doc,
It is indeed very simple :-) When you are using
usm->add_localized_user(..)
you must provide *keys* not passwords. "meauth"
is obviously not a MD5 hash with a length of 64 bytes!
Please localize the passwords with the remote engine ID
(MD5 hash password+engineID+padding) with apPasswordToKeyMD5
first.
Hope this helps (finally ;-)
Best regards,
Frank
D. R. Evans wrote:
> On 21 Sep 2002 at 13:10, Frank Fock wrote:
>
>
>>Hi,
>>
>>Please take a look at the latest SNMP++, which is version 3.2.1b.
>
>
> Hmmm.... I am now using the new code, but getting the same result. This
> almost certainly means that I'm doing something really stupid, so now I'm
> floundering through the logs trying to figure out what could possibly be
> going wrong in what should be a simple Inform/Response exchange.
>
> In both snmpInform.cpp and receive_trap.cpp I have simply added:
>
> usm->add_localized_user((unsigned char*)<other side's engineid>,
> strlen(<other side's engineid>),
> (unsigned char*)"meauthnopriv", strlen("meauthnopriv"),
> (unsigned char*)"meauthnopriv", strlen("meauthnopriv"),
> SNMPv3_usmHMACMD5AuthProtocol, (unsigned char*)"meauth",
> strlen("meauth"),
> SNMPv3_usmNoPrivProtocol, (unsigned char*)"",
> strlen(""));
>
> So this should mean (I think) that both sides know how to send messages for
> the user on the other side.
>
> I have full logging enabled on both processes.
>
> When I send the following Inform:
>
> snmpInform 127.0.0.1 -v3 -p10162 -sl2 -md5 -snmeauthnopriv
>
> the following appears close to the end of the snmpInform log:
>
> mp finished (OK)
> receive_snmp_response: engine_id (receive_trap), security_name
> (meauthnopriv), security_model (3), security_level (1)
> addtoengineidtable: (127.0.0.1/10162)
> receive_snmp_response requestID = 10971, returning SUCCESS.
> received oid: 1.3.6.1.6.3.15.1.1.3.0 with value: 2
> SNMPv3: USM: Unknown SecurityName
>
> -----
>
> The snmpBuild function on the snmpInform returns the non-error response,
> and the snmpInform process happily sends the Inform.
>
> The first sign that there is an error in the receive_trap log is:
>
> usmAddUser: Adding user (meauthnopriv) engine_id (InformSender).
> ++ SNMP++: data received from 127.0.0.1/1783.
> 30 82 00 42 02 01 03 30 82 00 0F 02 03 19 00 00
> 02 02 10 00 04 01 04 02 01 03 04 12 30 82 00 0E
> 04 00 02 01 00 02 01 00 04 00 04 00 04 00 30 82
> 00 14 04 00 04 00 A6 0E 02 02 59 B1 02 01 00 02
> 01 00 30 82 00 00
> mp is parsing incoming message:
> Parsing length = 42
> Parsing version = 0x3
> Parsing globalDataLength = 0xf
> Parsing msgID = 0x190000
> Parsing msgMaxSize = 0x1000
> Parsing msgFlags = 0x4
> Parsing msgSecurityModel = 0x3
> Parsing msgSecurityParameters with length = 0x12
> Parsing msgdata with length = 0x18
> Parsing securityParametersLength = 0xe
> Parsing securityEngineID, length = 0x0
> Parsing engineBoots = 0x0
> Parsing engineTime = 0x0
> Parsing usmUserName, length = 0x0
> Parsing msgAuthenticationParameters, length = 0x0
> Parsing msgPrivacyParameters, length = 0x0
> USM: EngineID unknown
> mp: error while executing USM::process_msg
> ErrorCode is -1406
>
> This looks really bad.
>
> Can anyone enlighten me as to what's going wrong? (I expect that it's
> something very simple, but I sure don't understand what the problem is.)
>
> Doc Evans
>
>
More information about the AGENTPP
mailing list