[AGENT++] Error returned in the SNMPV3 PDU
Shrikanth D
shrikanthd23 at yahoo.com
Mon Dec 1 13:01:14 CET 2003
Hi,
This is the behaviour that I observed when the security levels at the two entities are different.
MgrSecLev AgentSecLev AuthParams Result
--------- ----------- ---------- --------------------------
AuthPriv AuthNoPriv Anything REPORT_MSG
(Invalid/Valid) (Unsupported Security Level Counter)
AuthNoPriv AuthPriv Invalid REPORT MSG
(WrongDigest Counter)
-do- -do- Valid Snmp.get() returns error code 16
(Authorization error)
There is no consistency in the responses.
For example, in the last case, perhaps there is no case of authorization
failure, just the security level is wrong, but a Authorization error is
returned.
Is the above behaviour correct?
Why isn't the security level checked right at the beginning and the error returned immediately.
Could you kindly explain this?
Thanks and regards,
Shrikanth
Frank Fock wrote:
Hi,I just want to add to Jochen's response, that the SNMP_ERROR_AUTH_ERRis returned by AGENT++ when the VACM denies access to a particular objectinstance.Regards,Frank FockJochen Katz wrote:> Hi,>>> I have a doubt about the manner in which the error is returned when a >> snmpV3 call is made.>> >> Say for example if the manager issues a request to a agent with an >> incorrect security level,>> ^^^^^^^^^^^^^^^^^^^^^^^^>> what exactly are you doing? Send an authPriv request using an user > that is only configured for authNoPriv at the agent? In this case you > should either receive a report with the "unsupported securityLevel" > counter or the local error code 1403 (also unsupported securityLevel) > while trying to encode the request.>> > sometimes the error>>> SNMP_ERROR_AUTH_ERR 16 //!< Authentication failure>> >> is returned by the call itself (by the snmp.get() method).>>> I don't think, that this error is returned without contacting the > agent, as SNMP_ERROR_AUTH_ERR
is not used directly within snmp++.>>> But certain other times for the same error, the call is a success, >> but the PDU type is REPORT_MSG and the error has to be obtained by >> examining the Oid.>>>> Can you please explain what decides this behaviour.>>> Possibly two different agents?>> Regards,> Jochen
---------------------------------
Do you Yahoo!?
Free Pop-Up Blocker - Get it now
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.agentpp.org/pipermail/agentpp/attachments/20031201/b242e54f/attachment.htm
More information about the AGENTPP
mailing list