[SNMP4J] Agent fails to send V3 "inform" notification
Mark Gorokhov
mark.gorokhov at comtechmobile.com
Wed Apr 11 22:59:25 CEST 2007
(1) Works for me for INFORM, but breaks SET/GET with error -1406 "invalid engine ID".
I added
usm.addUser(user.getSecurityName(), null, user);
instead of
usm.addUser(user.getSecurityName(), engineID, user);
QUESTION: The workaround is to create two users with two separate vacm groups: (A) for read/write and (B) for notify. Is this a hack or correct approach?
(2) I'd like not to use this tight coupling Agent-to-MIBExplorer.
Mark G
-----Original Message-----
From: Frank Fock [mailto:fock at agentpp.com]
Sent: Wednesday, April 11, 2007 2:28 AM
To: Mark Gorokhov
Cc: snmp4j at agentpp.org
Subject: Re: [SNMP4J] Agent fails to send V3 "inform" notification
Hi Mark,
the authoritative engine for INFORM requests is the message
receiver rather than the message sender as for SNMPv3
notifications. It seems that user "abc" needs to be added
to the USM of the agent in one of the following ways:
(1) Add the user without specifying a authoritative engine ID
with it (non-localized-user). This user will then work with
engine ID discovery for any target.
(2) Add the user with specifying the authoritative engine ID
of MIB Explorer when adding the user with
http://www.snmp4j.org/doc/org/snmp4j/security/USM.html#addUser(org.snmp4j.smi.OctetString,
org.snmp4j.smi.OctetString, org.snmp4j.security.UsmUser)
By adding a localized user, a user name/password pair(s)
can be used for a single target and different passwords for
the same user name could be used for a different target then.
Hope this helps.
Best regards,
Frank
Mark Gorokhov wrote:
> My TestAgent has EngineID="80:00:6c:ae:01:0a:05:00:8a"
> MIB Explorer has EngineID="80:00:13:70:01:0a:05:00:8a"
>
> I'm sending "inform" notification from my TestAgent. Debug confirms that VACM access is allowed. Then log is as follows (formatted):
>
> ==================================================
> RFC3414 §3.1.4.b Outgoing message is not encrypted
> Adding cache entry: StateReference[...]
> Running pending sync request with handle ...
> Sending message to 127.0.0.1/165 with length 61: ...
> Received message from /127.0.0.1/165 with length 87: ...
> SNMPv3 header decoded: ...
> Accepting zero length security name
> Removed cache entry: StateReference[...]
> RFC3412 §7.2.10 - Received PDU (msgID=442508714) is
> a response or an internal class message.
> PduHandle.transactionID = 44522832
> MPv3 finished
> Searching pending request with handlePduHandle[44522832]
> Send new request after report.
> (A-line)Context engine ID of scoped PDU is empty!
> Setting it to authoritative engine ID:
> 80:00:13:70:01:0a:05:00:8a
> (B-line)getUser(engineID=80:00:13:70:01:0a:05:00:8a,
> securityName=abc)
> (C-line)USM.getUser - User 'abc' unknown
> (D-line)Security name not found for engineID=
> 80:00:13:70:01:0a:05:00:8a, securityName=abc
> ==================================================
>
> Investigation.
>
> D-line: Reported engineID is MIB Explorer's engineID and not TestAgent's engineID. That's why security name is not found. MIB Explorer's engineID is not known in TestAgent for security name "abc". UsmUserTable has user "abc" with associated TestAgent's engineID. This problem is logged in B-line and C-line.
>
> A-line: Why context engine ID of scoped PDU is empty? Is this a root of the problem?
>
> What am I missing to setup V3 "inform" notification?
>
> Thanks,
> Mark G.
More information about the SNMP4J
mailing list