[SNMP4J] VACM access denied
Frank Fock
fock at agentpp.com
Fri Sep 27 01:35:56 CEST 2013
Hi Joseph,
As the error message points out, you have to configure the VACM
to allow access to OID 1.3.6.1.4.1.33687.1.2.0.1 for the SNMPv3 user
that is configured to be used when notifications are sent out.
Best regards,
Frank
Am 26.09.2013 13:29, schrieb jlazar:
> Hi,
>
> I'm using the following code to setup and then send notifications both
> to a defined V1 and V3 target. It seems that the V1 notification goes
> out but for V3 it fails with VACM access denied. Please help me, I'm
> hopeless.
>
> protected void addNotificationTargets(SnmpTargetMIB targetMIB,
> SnmpNotificationMIB notificationMIB) {
> log("Adding notification targets");
> targetMIB.addDefaultTDomains();
>
> targetMIB.addTargetAddress(new OctetString("notificationV2c"),
> TransportDomains.transportDomainUdpIpv4,
> new OctetString(
> new UdpAddress("127.0.0.1/162").getValue()),
> 200, 1,
> new OctetString("notify"),
> new OctetString("v2c"),
> StorageType.permanent);
> targetMIB.addTargetAddress(new OctetString("notificationV3"),
> TransportDomains.transportDomainUdpIpv4,
> new OctetString(
> new UdpAddress("127.0.0.1/1162").getValue()),
> 200, 1,
> new OctetString("notify"),
> new OctetString("v3notify"),
> StorageType.permanent);
>
> targetMIB.addTargetParams(new OctetString("v2c"),
> MessageProcessingModel.MPv2c,
> SecurityModel.SECURITY_MODEL_SNMPv2c,
> new OctetString("cpublic"),
> SecurityLevel.AUTH_PRIV,
> StorageType.permanent);
> targetMIB.addTargetParams(new OctetString("v3notify"),
> MessageProcessingModel.MPv3,
> SecurityModel.SECURITY_MODEL_USM,
> new OctetString("v3notify"),
> SecurityLevel.NOAUTH_NOPRIV,
> StorageType.permanent);
>
> notificationMIB.addNotifyEntry(new OctetString("default"),
> new OctetString("notify"),
> SnmpNotificationMIB.SnmpNotifyTypeEnum.inform,
> StorageType.permanent);
> }
>
> protected void addViews(VacmMIB vacm) {
> vacm.addGroup(SecurityModel.SECURITY_MODEL_SNMPv1,
> new OctetString("cpublic"),
> new OctetString("v1v2group"),
> StorageType.nonVolatile);
>
> vacm.addGroup(SecurityModel.SECURITY_MODEL_SNMPv2c,
> new OctetString("cpublic"),
> new OctetString("v1v2group"),
> StorageType.nonVolatile);
>
> vacm.addGroup(SecurityModel.SECURITY_MODEL_USM,
> new
> OctetString(fSNMPMappings.getUSMUser().getSecutiryName()),
> new OctetString("v3group"),
> StorageType.nonVolatile);
>
> vacm.addAccess(new OctetString("v1v2group"),
> new OctetString("public"),
> SecurityModel.SECURITY_MODEL_ANY,
> SecurityLevel.NOAUTH_NOPRIV,
> MutableVACM.VACM_MATCH_EXACT,
> new OctetString("fullReadView"),
> new OctetString("fullWriteView"),
> new OctetString("fullNotifyView"),
> StorageType.nonVolatile);
>
> int level = SecurityLevel.AUTH_NOPRIV;
> vacm.addAccess(new OctetString("v3group"),
> new OctetString("public"),
> SecurityModel.SECURITY_MODEL_USM,
> level,
> MutableVACM.VACM_MATCH_EXACT,
> new OctetString("fullReadView"),
> new OctetString("fullWriteView"),
> new OctetString("fullNotifyView"),
> StorageType.nonVolatile);
>
> vacm.addViewTreeFamily(new OctetString("fullReadView"), new
> OID("1.3"),
> new OctetString(), MutableVACM.VACM_VIEW_INCLUDED,
> StorageType.nonVolatile);
> vacm.addViewTreeFamily(new OctetString("fullWriteView"), new
> OID("1.3"),
> new OctetString(), MutableVACM.VACM_VIEW_INCLUDED,
> StorageType.nonVolatile);
> vacm.addViewTreeFamily(new OctetString("fullNotifyView"), new
> OID("1.3"),
> new OctetString(), MutableVACM.VACM_VIEW_INCLUDED,
> StorageType.nonVolatile);
> }
>
> public void sendNotify(SNMPNotification notify) {
> Event e = notify.getSourceEvent();
> String text = notify.getEventBarText();
> VariableBinding[] payload = new VariableBinding[8];
> MOScalar oid = fNetavisMib.getO2EventName();
> oid.setValue(new OctetString(e.getName()));
> payload[0] = new VariableBinding(oid.getID(), oid.getValue());
>
> oid = fNetavisMib.getO2EventNumber();
> oid.setValue(new Integer32(e.getOwnID()));
> payload[1] = new VariableBinding(oid.getID(), oid.getValue());
>
> oid = fNetavisMib.getO2EventStamp();
> oid.setValue(new Integer32((int)(e.getEventStamp() / 1000L)));
> payload[2] = new VariableBinding(oid.getID(), oid.getValue());
>
> int id = 0;
> String name = "";
> if (e.isCameraSpecific()) {
> id = e.getCameraID();
> name = e.getCameraName();
> }
> oid = fNetavisMib.getO2EventCameraID();
> oid.setValue(new Integer32(id));
> payload[3] = new VariableBinding(oid.getID(), oid.getValue());
>
> oid = fNetavisMib.getO2EventCameraName();
> oid.setValue(new OctetString(name));
> payload[4] = new VariableBinding(oid.getID(), oid.getValue());
>
> id = 0;
> name = "";
> if (e.isUserSpecific()) {
> id = e.getUserID();
> name = e.gimmeUserName();
> }
> oid = fNetavisMib.getO2EventUserID();
> oid.setValue(new Integer32(id));
> payload[5] = new VariableBinding(oid.getID(), oid.getValue());
>
> oid = fNetavisMib.getO2EventUserName();
> oid.setValue(new OctetString(name));
> payload[6] = new VariableBinding(oid.getID(), oid.getValue());
>
> oid = fNetavisMib.getO2EventDescription();
> oid.setValue(new OctetString(text));
> payload[7] = new VariableBinding(oid.getID(), oid.getValue());
>
> fNetavisMib.o2Event(agent.getNotificationOriginator(),
> new OctetString("public"), payload);
> log("TRAP has been sent for event: '" + text + "'");
> }
>
> // Notifications
> public void o2Event(NotificationOriginator notificationOriginator,
> OctetString context, VariableBinding[]
> vbs) {
> if (vbs.length < 8) {
> throw new IllegalArgumentException("Too few notification
> objects: "+
> vbs.length+"<8");
> }
> if (!(vbs[0].getOid().startsWith(oidTrapVarO2EventName))) {
> throw new IllegalArgumentException("Variable 0 has wrong OID:
> "+vbs[0].getOid()+
> " does not start with
> "+oidTrapVarO2EventName);
> }
> if (!(vbs[1].getOid().startsWith(oidTrapVarO2EventNumber))) {
> throw new IllegalArgumentException("Variable 1 has wrong OID:
> "+vbs[1].getOid()+
> " does not start with
> "+oidTrapVarO2EventNumber);
> }
> if (!(vbs[2].getOid().startsWith(oidTrapVarO2EventStamp))) {
> throw new IllegalArgumentException("Variable 2 has wrong OID:
> "+vbs[2].getOid()+
> " does not start with
> "+oidTrapVarO2EventStamp);
> }
> if (!(vbs[3].getOid().startsWith(oidTrapVarO2EventCameraID))) {
> throw new IllegalArgumentException("Variable 3 has wrong OID:
> "+vbs[3].getOid()+
> " does not start with
> "+oidTrapVarO2EventCameraID);
> }
> if (!(vbs[4].getOid().startsWith(oidTrapVarO2EventCameraName))) {
> throw new IllegalArgumentException("Variable 4 has wrong OID:
> "+vbs[4].getOid()+
> " does not start with
> "+oidTrapVarO2EventCameraName);
> }
> if (!(vbs[5].getOid().startsWith(oidTrapVarO2EventUserID))) {
> throw new IllegalArgumentException("Variable 5 has wrong OID:
> "+vbs[5].getOid()+
> " does not start with
> "+oidTrapVarO2EventUserID);
> }
> if (!(vbs[6].getOid().startsWith(oidTrapVarO2EventUserName))) {
> throw new IllegalArgumentException("Variable 6 has wrong OID:
> "+vbs[6].getOid()+
> " does not start with
> "+oidTrapVarO2EventUserName);
> }
> if (!(vbs[7].getOid().startsWith(oidTrapVarO2EventDescription))) {
> throw new IllegalArgumentException("Variable 7 has wrong OID:
> "+vbs[7].getOid()+
> " does not start with
> "+oidTrapVarO2EventDescription);
> }
> notificationOriginator.notify(context, oidO2Event, vbs);
> }
>
>
> Output after an event:
>
> INFO: Sent notification INFORM[requestID=995562723,
> errorStatus=Success(0), errorIndex=0, VBS[1.3.6.1.2.1.1.3.0 =
> 0:02:08.39; 1.3.6.1.6.3.1.1.4.1.0 = 1.3.6.1.4.1.33687.1.2.0.1;
> 1.3.6.1.4.1.33687.1.1.3.1.0 = UserLoggedIn;
> 1.3.6.1.4.1.33687.1.1.3.2.0 = 28175745; 1.3.6.1.4.1.33687.1.1.3.3.0 =
> 1379312532; 1.3.6.1.4.1.33687.1.1.3.4.0 = 0;
> 1.3.6.1.4.1.33687.1.1.3.5.0 = ; 1.3.6.1.4.1.33687.1.1.3.6.0 = 1;
> 1.3.6.1.4.1.33687.1.1.3.7.0 = ; 1.3.6.1.4.1.33687.1.1.3.9.0 = User
> admin at 192.168.7.161 logged in]] to
> CommunityTarget[address=127.0.0.1/162, version=1, timeout=2000,
> retries=1, community=cpublic]
> Sep 16, 2013 8:22:17 AM org.snmp4j.log.JavaLogAdapter log
> WARNING: Access denied by VACM for 1.3.6.1.4.1.33687.1.2.0.1
>
> Thanks for any help.
>
> Joseph
> _______________________________________________
> SNMP4J mailing list
> SNMP4J at agentpp.org
> http://lists.agentpp.org/mailman/listinfo/snmp4j
--
---
AGENT++
Maximilian-Kolbe-Str. 10
73257 Koengen, Germany
https://agentpp.com
Phone: +49 7024 8688230
Fax: +49 7024 8688231
More information about the SNMP4J
mailing list