[SNMP4J] SNMP v3 - with same user name on different devices is not working

Frank Fock fock at agentpp.com
Sat Apr 18 22:30:53 CEST 2015 

Hi Senthil,
It seems that you do not correctly localize the user correctly. The SNMPv3 standard requires the localization. That's how the security works.
Please make also sure that the username is not added non localized to the USM. 
Best regards 
Frank


> Am 18.04.2015 um 22:03 schrieb Senthil Murugan Ramalingam -X (seramali - UNISH CORPORATION at Cisco) <seramali at cisco.com>:
> 
> Usually engined id will be supplied by user through our GUI. But for
> testing this issue, taken engine id from following two devices
> 
> ip :172.21.139.65
> User name: sowra
> Engine ID: 8000000903000019E765D390
> storage-type: nonvolatile     active
> Authentication Protocol: SHA
> Privacy Protocol: AES128
> 
> 
> ip :172.21.139.105
> User name: sowra
> 
> Engine ID: 8000000903000026984FEE81
> storage-type: nonvolatile     active
> Authentication Protocol: MD5
> Privacy Protocol: AES128
> 
> and adding user to USM using following method (run as threads),
> 
> snmp.getUSM().addLocalizedUser(engineID.getBytes(), new
> OctetString(securityName), authenticationProtocol,
> SecurityProtocols.getInstance().passwordToKey(authenticationProtocol,
> authenticationPwd, engineID.getBytes()),privacyProtocol,
> SecurityProtocols.getInstance().passwordToKey(privacyProtocol,
> authenticationProtocol, privacyPwd, engineID.getBytes()));
> 
> But getting following exception
> 
> 
> org.snmp4j.MessageException: Message processing model 3 returned error:
> Unknown security name
>    at 
> org.snmp4j.MessageDispatcherImpl.sendPdu(MessageDispatcherImpl.java:501)
>    at org.snmp4j.Snmp.sendMessage(Snmp.java:1004)
>    at org.snmp4j.Snmp.send(Snmp.java:898)
>    at org.snmp4j.Snmp.send(Snmp.java:878)
>    at org.snmp4j.Snmp.send(Snmp.java:843)
>    at 
> com.cisco.sc.alc.service.SNMPv3Collector.doGet1(SNMPv3Collector.java:256)
>    at com.cisco.sc.alc.service.TestThread.run(TestThread.java:36)
> 
> If I use following method, always one device get successful, other all
> devices getting time out.
> 
> snmp.getUSM().addUser(new OctetString(securityName),new UsmUser(new
> OctetString(securityName),authenticationProtocol,authenticationPwd,privacyP
> rotocol,privacyPwd));
> 
> 
> 
> 
> 
> Can you pls share workable code for the scenario devices having same
> security name that will be executed on threads at a time. Also is it
> mandatory to get engineid if user name is same for all devices? If so why?
> 
> Thanks
> -Senthil
> 
> 
>> On 4/18/15, 2:04 AM, "Frank Fock" <fock at agentpp.com> wrote:
>> 
>> Hi Senthil,
>> 
>> How do you get/determine the engine ID in your functions doGet1 parameter
>> list?
>> It must be different for those two devices and it has to be their
>> authoritative engine ID.
>> 
>> Best regards,
>> Frank
>> 
>> 
>> 
>>> On 17 Apr 2015, at 23:24, Senthil Murugan Ramalingam -X (seramali -
>>> UNISH CORPORATION at Cisco) <seramali at cisco.com> wrote:
>>> 
>>> Hi Frank,
>>> 
>>> I am trying to do SNMP v3  get request to 2 different devices with same
>>> user name , always 1 device get successful, other get time out. I
>>> referred
>>> earlier posts and tried all the solutions like localizing keys , nothing
>>> works. Can you pls help me how to fix this.
>>> 
>>> Here my USM portion of code
>>> 
>>> 
>>> private static USM usm;
>>> 
>>> 
>>> 
>>> static{
>>>        SecurityProtocols securityProtocols = SecurityProtocols.getInstance();
>>>        securityProtocols.addPrivacyProtocol(new PrivAES128());
>>>        securityProtocols.addPrivacyProtocol(new
>>> PrivAES192With3DESKeyExtension());
>>>        securityProtocols.addPrivacyProtocol(new
>>> PrivAES256With3DESKeyExtension());
>>>        securityProtocols.addPrivacyProtocol(new PrivDES());
>>>        securityProtocols.addPrivacyProtocol(new Priv3DES());
>>> 
>>>         usm = new USM(securityProtocols, new
>>> OctetString(MPv3.createLocalEngineID()), 0);
>>>         SecurityModels.getInstance().addSecurityModel(usm);
>>> 
>>> }
>>> 
>>> 
>>> public static String doGet1(String targetAddr,String securityName, OID
>>> authenticationProtocol, String authenticationPassphrase,
>>>          OID privacyProtocol, String privacyPassphrase, String engineID,
>>> String
>>> oid,Logger logger){
>>>        
>>> 
>>>      try{
>>>            usm.addUser(new OctetString(securityName),new UsmUser(new
>>> OctetString(securityName),authenticationProtocol
>>>                    ,authenticationPwd,privacyProtocol,privacyPwd));
>>>           
>>> //            usm.addLocalizedUser(engineid, new OctetString(securityName),
>>> authenticationProtocol,
>>> SecurityProtocols.getInstance().passwordToKey(authenticationProtocol,
>>> authenticationPwd, engineid),
>>> //                    privacyProtocol,
>>> SecurityProtocols.getInstance().passwordToKey(privacyProtocol,
>>> authenticationProtocol, privacyPwd, engineid));
>>> 
>>> //            usm.addLocalizedUser(engineid, new OctetString(securityName),
>>> authenticationProtocol, authenticationPassphrase.getBytes(),
>>> //                    privacyProtocol, privacyPassphrase.getBytes());
>>>            
>>> 
>>> }
>>> 
>>> 
>>> 
>>> 
>>> 
>>> Thanks
>>> -Senthil
>

More information about the SNMP4J mailing list