[SNMP4J] Access denied when sending out a notification
Jozsef Lazar
jlazar at netavis.hu
Thu Jul 16 09:26:08 CEST 2009
Frank Fock wrote:
> Hi Joszef,
>
> You need to configure the VACM to provide access
> for your notification OID (and included vb OIDs).
I guess I make it correctly. The code what I'm using is as follows:
public class Agent extends BaseAgent {
...
protected void addUsmUser(USM usm) {
UsmUser user = new UsmUser(new OctetString("SHA"),
AuthSHA.ID,
new OctetString("password"),
null,
null);
usm.addUser(user.getSecurityName(), usm.getLocalEngineID(), user);
}
protected void addViews(VacmMIB vacm) {
vacm.addGroup(SecurityModel.SECURITY_MODEL_SNMPv1,
new OctetString("cpublic"),
new OctetString("v1v2group"),
StorageType.nonVolatile);
vacm.addGroup(SecurityModel.SECURITY_MODEL_SNMPv2c,
new OctetString("cpublic"),
new OctetString("v1v2group"),
StorageType.nonVolatile);
vacm.addGroup(SecurityModel.SECURITY_MODEL_USM,
new OctetString("SHA"),
new OctetString("v3group"),
StorageType.nonVolatile);
vacm.addAccess(new OctetString("v1v2group"), new
OctetString("public"),
SecurityModel.SECURITY_MODEL_ANY,
SecurityLevel.NOAUTH_NOPRIV,
MutableVACM.VACM_MATCH_EXACT,
new OctetString("fullReadView"),
new OctetString("fullWriteView"),
new OctetString("fullNotifyView"),
StorageType.nonVolatile);
vacm.addAccess(new OctetString("v3group"), new OctetString(),
SecurityModel.SECURITY_MODEL_USM,
SecurityLevel.AUTH_NOPRIV,
MutableVACM.VACM_MATCH_EXACT,
new OctetString("fullReadView"),
new OctetString("fullWriteView"),
new OctetString("fullNotifyView"),
StorageType.nonVolatile);
vacm.addViewTreeFamily(new OctetString("fullReadView"), new
OID("1.3"),
new OctetString(), MutableVACM.VACM_VIEW_INCLUDED,
StorageType.nonVolatile);
vacm.addViewTreeFamily(new OctetString("fullWriteView"), new
OID("1.3"),
new OctetString(), MutableVACM.VACM_VIEW_INCLUDED,
StorageType.nonVolatile);
vacm.addViewTreeFamily(new OctetString("fullNotifyView"), new
OID("1.3"),
new OctetString(), MutableVACM.VACM_VIEW_INCLUDED,
StorageType.nonVolatile);
}
protected void addCommunities(SnmpCommunityMIB communityMIB) {
Variable[] com2sec = new Variable[] {
new OctetString("public"), // community name
new OctetString("cpublic"), // security name
getAgent().getContextEngineID(), // local engine ID
new OctetString("public"), // default
context name
new OctetString(), // transport tag
new Integer32(StorageType.nonVolatile), // storage type
new Integer32(RowStatus.active) // row status
};
MOTableRow row = communityMIB.getSnmpCommunityEntry().createRow(
new OctetString("public2public").toSubIndex(true),
com2sec);
communityMIB.getSnmpCommunityEntry().addRow(row);
}
public void sendNotify() {
VariableBinding[] payload = new VariableBinding[1];
payload[0] = new VariableBinding(fNetavisMib.getO2VPName().getID(),
fNetavisMib.getO2VPName().getValue());
fNetavisMib.o2EventO2Started(agent.getNotificationOriginator(),
new OctetString(), payload);
log("Notif has been sent");
}
...
}
Please correct me if I'm wrong but I think the addViewTreeFamily gives
full read/write/notify rights everything under '1.3' (including my own
MIB). So the 'Access denied' should not come. What do I do (understand)
wrong?
-- joseph
>
> Best regards,
> Frank
>
> Jozsef Lazar wrote:
>> Hi,
>>
>> I'm using the modified version of the TestAgent.java code with my own
>> test scalars and stuff. As soon as I try to send out a notification I
>> receive the following:
>>
>> INFO: Notification 1.3.6.1.4.1.33687.1.2.0.1 issued with
>> [1.3.6.1.4.1.33687.1.1.2.2.0 = bubu]
>> 2009.07.15. 16:54:24 org.snmp4j.log.JavaLogAdapter log
>> WARNING: Access denied by VACM for 1.3.6.1.4.1.33687.1.2.0.1
>> 2009.07.15. 16:54:24 org.snmp4j.log.JavaLogAdapter log
>> WARNING: Access denied by VACM for 1.3.6.1.4.1.33687.1.2.0.1
>>
>> Any useful ideas? Thanks in advance.
>>
>> -- joseph
>> _______________________________________________
>> SNMP4J mailing list
>> SNMP4J at agentpp.org
>> http://lists.agentpp.org/mailman/listinfo/snmp4j
>
More information about the SNMP4J
mailing list