Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

[SNMP] Re: USM error?

430 views
Skip to first unread message

Ashley M. Kirchner

unread,
Sep 9, 2002, 11:17:38 AM9/9/02
to
Wes Hardaker wrote:

> Probably because you didn't originally configure that user for encryption
> support

Not using pre-built binaries. That user was created by following the README file.
Which I thought included encryption, otherwise how could the example work? So what the heck
am I missing?

--
W | I haven't lost my mind; it's backed up on tape somewhere.
+--------------------------------------------------------------------
Ashley M. Kirchner <mailto:ash...@pcraft.com> . 303.442.6410 x130
IT Director / SysAdmin / WebSmith . 800.441.3873 x130
Photo Craft Laboratories, Inc. . 3550 Arapahoe Ave. #6
http://www.pcraft.com ..... . . . Boulder, CO 80303, U.S.A.

-------------------------------------------------------
This sf.net email is sponsored by: OSDN - Tired of that same old
cell phone? Get a new here for FREE!
https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
_______________________________________________
Net-snmp-users mailing list
Net-snm...@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Wes Hardaker

unread,
Sep 9, 2002, 1:30:49 PM9/9/02
to
>>>>> On Mon, 09 Sep 2002 09:06:38 -0600, "Ashley M. Kirchner" <ash...@pcraft.com> said:

>> Probably because you didn't originally configure that user for encryption
>> support

Ashley> Not using pre-built binaries. That user was created by
Ashley> following the README file. Which I thought included
Ashley> encryption, otherwise how could the example work? So what the
Ashley> heck am I missing?

Well, you gave two lines: one using only authentication and one with
both authentication and encryption.

Try the following: add "-Dusm" to both the command line arguments of
the snmpd program and the snmpget application and see if it gives you
some extra information.

--
Wes Hardaker
Network Associates Laboratories

Ashley M. Kirchner

unread,
Sep 9, 2002, 1:46:04 PM9/9/02
to
Wes Hardaker wrote:

> Try the following: add "-Dusm" to both the command line arguments of
> the snmpd program and the snmpget application and see if it gives you
> some extra information.

Myaha!

snmpget -Dusm -v 3 -u kirash -l authPriv -a MD5 -A <passwd> localhost sysUpTime.0
usm: getting user
usm: USM processing has begun (offset 22)
usm: getting user
usm: Failed to find engine data.
usm: USM processing completed.
usm: USM processing begun...
usm: USM processing completed.
usm: USM processing has begun (offset 49)
usm: getting user kirash
usm: Can't set DES-CBC salt.
snmpget: USM generic error

--
W | I haven't lost my mind; it's backed up on tape somewhere.
+--------------------------------------------------------------------
Ashley M. Kirchner <mailto:ash...@pcraft.com> . 303.442.6410 x130
IT Director / SysAdmin / WebSmith . 800.441.3873 x130
Photo Craft Laboratories, Inc. . 3550 Arapahoe Ave. #6
http://www.pcraft.com ..... . . . Boulder, CO 80303, U.S.A.

-------------------------------------------------------

Wes Hardaker

unread,
Sep 9, 2002, 4:07:53 PM9/9/02
to
>>>>> On Mon, 09 Sep 2002 11:39:05 -0600, "Ashley M. Kirchner" <ash...@pcraft.com> said:

Ashley> snmpget -Dusm -v 3 -u kirash -l authPriv -a MD5 -A <passwd>
Ashley> localhost sysUpTime.0

Try:
snmpget -Dusm -v 3 -u kirash -l authPriv -a MD5 -A <passwd> -x DES -X <passwd> localhost sysUpTime.0

--
Wes Hardaker
Network Associates Laboratories

Ashley M. Kirchner

unread,
Sep 9, 2002, 6:26:48 PM9/9/02
to
Wes Hardaker wrote:

> snmpget -Dusm -v 3 -u kirash -l authPriv -a MD5 -A <passwd> -x DES -X <passwd> localhost sysUpTime.0

Okay, that worked, however the result I got back is identical to authNoPriv... What'd I miss (aside
from typing more)?

--
W | I haven't lost my mind; it's backed up on tape somewhere.
+--------------------------------------------------------------------
Ashley M. Kirchner <mailto:ash...@pcraft.com> . 303.442.6410 x130
IT Director / SysAdmin / WebSmith . 800.441.3873 x130
Photo Craft Laboratories, Inc. . 3550 Arapahoe Ave. #6
http://www.pcraft.com ..... . . . Boulder, CO 80303, U.S.A.

-------------------------------------------------------

Wes Hardaker

unread,
Sep 9, 2002, 7:23:05 PM9/9/02
to
>>>>> On Mon, 09 Sep 2002 16:19:09 -0600, "Ashley M. Kirchner" <ash...@pcraft.com> said:

>> snmpget -Dusm -v 3 -u kirash -l authPriv -a MD5 -A <passwd> -x DES -X <passwd> localhost sysUpTime.0

Ashley> Okay, that worked, however the result I got back is identical
Ashley> to authNoPriv... What'd I miss (aside from typing more)?

Would you expect a different result? The only difference is that it
was encrypted or not. (run with -d and you'll see the packets, and
the -l authPriv version will be encrypted [query sysContact.0 instead
of sysUpTime.0 for see packets with text instead which will look "more
encrypted" since you won't be able to see the sysContact.0 string
value easily with authPriv ])

--
Wes Hardaker
Network Associates Laboratories

0 new messages