Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.

Dismiss

snmpwalk: Unsupported security level

1,781 views

Skip to first unread message

Syed Ali

unread,

Feb 22, 2003, 1:58:26 PM2/22/03

This is a multi-part message in MIME format.

------_=_NextPart_001_01C2DAA2.6B7E4878
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Hello,

I am trying to get SNMP v3 to work in my environment.
My agent is running on RedHat 7.2 and the version of net-snmp is 5.0.7.

I have created a user in /var/net-snmp/snmpd.conf as follows:
createUser root SHA mypassword DES mypassword

When I start the snmpd daemon as follows /usr/local/sbin/snmpd -c
/var/snmp/snmpd.conf, I see that the agent replaces the createUser
string in /var/net-snmp/snmpd.conf with an encrypted string.
I can use snmpwalk without any problems with v2, because I compiled the
agent with default version being version 2. (./configure
--with-default-snmp-version=3D2)

However, when I try to use v3 as follows:
Snmpwalk -v 3 localhost -u root -x DES -X mypassword -a SHA -A
mypassword -l authPriv

I get the below error message:
snmpwalk: Unsupported security level

My /var/snmp/snmpd.conf file has the following line:
rouser root auth=20

I tried to run the agent in debug mode as follows:
/usr/local/sbin/snmpd -V -d -D -f -c /var/snmp/snmpd.conf=20
trace: netsnmp_ds_set_string(): default_store.c, 146
netsnmp_ds_set_string: Setting LIB:5 =3D "/var/snmp/snmpd.conf"

But when I try to do a snmpwalk using v3 I get no debug output on the
screen. (probably because snmpwalk did not even attempt to try to
contact the agent?)

Here are some things I have tried:
snmpwalk -v 3 localhost -u root -x DES -X mypassword -a SHA -A
mypassword-l noAuthNoPriv
Error in packet.
Reason: authorizationError (access denied to that object)

snmpwalk -v 3 localhost -u root -x DES -X mypassword -a SHA -A
mypassword -l authNoPriv
snmpwalk: Authentication failure (incorrect password, community or key)

Thank you...

------_=_NextPart_001_01C2DAA2.6B7E4878
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
6.0.6249.1">
<TITLE>snmpwalk: Unsupported security level</TITLE>
</HEAD>
<BODY>

Hello,

I am trying to get SNMP v3 to work in =
my environment.

My agent is running on RedHat 7.2 and =
the version of net-snmp is 5.0.7.

I have created a user in =
/var/net-snmp/snmpd.conf as follows:

createUser root SHA mypassword DES =
mypassword

When I start the snmpd daemon as =
follows /usr/local/sbin/snmpd -c /var/snmp/snmpd.conf, I see that the =
agent replaces the createUser string in /var/net-snmp/snmpd.conf with an =
encrypted string.

I can use snmpwalk without any problems =
with v2, because I compiled the agent with default version being version =
2. (./configure --with-default-snmp-version=3D2)

However, when I try to use v3 as =
follows:

Snmpwalk -v 3 localhost -u root -x DES =
-X mypassword -a SHA -A mypassword -l authPriv

I get the below error message:

snmpwalk: Unsupported security =
level

My /var/snmp/snmpd.conf file has the =
following line:

rouser  root auth

I tried to run the agent in debug mode =
as follows:

/usr/local/sbin/snmpd  -V =
-d -D -f -c /var/snmp/snmpd.conf

trace: netsnmp_ds_set_string(): =
default_store.c, 146

netsnmp_ds_set_string: Setting LIB:5 =
=3D "/var/snmp/snmpd.conf"

But when I try to do a snmpwalk using =
v3 I get no debug output on the screen. (probably because snmpwalk did =
not even attempt to try to contact the agent?)

Here are some things I have =
tried:

snmpwalk -v 3 localhost -u root -x DES =
-X mypassword -a SHA -A mypassword-l noAuthNoPriv

Error in packet.

Reason: authorizationError (access =
denied to that object)

snmpwalk -v 3 localhost -u root -x DES =
-X mypassword -a SHA -A mypassword -l authNoPriv

snmpwalk: Authentication failure =
(incorrect password, community or key)

Thank you…

</BODY>
</HTML>
------_=_NextPart_001_01C2DAA2.6B7E4878--

-------------------------------------------------------
This SF.net email is sponsored by: SlickEdit Inc. Develop an edge.
The most comprehensive and flexible code editor you can use.
Code faster. C/C++, C#, Java, HTML, XML, many more. FREE 30-Day Trial.
www.slickedit.com/sourceforge
_______________________________________________
Net-snmp-users mailing list
Net-snm...@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Wes Hardaker

unread,

Feb 24, 2003, 11:26:35 AM2/24/03

>>>>> On Sat, 22 Feb 2003 13:50:30 -0500, "Syed Ali" <sy...@nec-labs.com> said:

Syed> I see that the agent replaces the createUser string in
Syed> /var/net-snmp/snmpd.conf with an encrypted string.

(Just a nit: it's not an encrypted string... It's a localized hash of
the pass phrase you used. It's a "key" actually.)

Syed> I get the below error message:
Syed> snmpwalk: Unsupported security level

When you compiled the sources, it couldn't find the OpenSSL package
and thus you don't have DES support available and thus -l authPriv
won't work. -l authNoPriv will, but you won't get encryption (but you
will get secure authentication).

Syed> Here are some things I have tried:
Syed> snmpwalk -v 3 localhost -u root -x DES -X mypassword -a SHA -A
Syed> mypassword-l noAuthNoPriv
Syed> Error in packet.
Syed> Reason: authorizationError (access denied to that object)

Minimum accept security level: authNoPriv, and yours was "less"

Syed> snmpwalk -v 3 localhost -u root -x DES -X mypassword -a SHA -A
Syed> mypassword -l authNoPriv
Syed> snmpwalk: Authentication failure (incorrect password, community or key)

That, I think, should have worked assuming your passwords were the same.
--
Wes Hardaker
Network Associates Laboratories

-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf

Syed Ali

unread,

Feb 24, 2003, 2:25:38 PM2/24/03

I had set the LD_LIBRARY_PATH and the LD_RUN_PATH to include the SSL
libs before I ran configure.
However, after reading your email I tried the following option with
configure: --with-openssl=3D/usr/local/ssl
Now I get a configure error saying:=20

checking for authentication support... Internal MD5 Support
configure: error: Asked to use OpenSSL but I couldn't find it.

I have installed OpenSSL 0.9.6g and when I do an ls on /usr/local/ssl I
see:

bash-2.03# ls /usr/local/ssl
bin certs doc include lib man
misc openssl.cnf private

bash-2.03# ls /usr/local/ssl/lib
libcrypto.a libcrypto.so.0 libssl.a libssl.so.0
libcrypto.so libcrypto.so.0.9.6 libssl.so
libssl.so.0.9.6
bash-2.03#=20

--=20

Syed Ali

unread,

Feb 24, 2003, 2:28:46 PM2/24/03

I went back to the FAQ and found the below, I guess I had to remove
config.cache.
So now I am past the configure error and am recompiling, let's hope that
works.
(Although my error message was not about failed dependency)

What about a failed dependency on 'libcrypto'? Where can I get that?
--------------------------------------------------------------------

[snip]

If encryption (or SHA1-based authentication) is required, then
this typically requires compiling from source. Under Linux, both
the 'openssl' and 'openssl-devel' RPMs should be installed, and the
'config.cache' file removed before running "configure --with-openssl"
and re-compiling.

Thank you,
Syed Ali
(609) 951-2989

0 new messages