Privacy enable on SNMPv3 AIX) Post: 302948176

Sponsored Content

Operating Systems AIX Privacy enable on SNMPv3 AIX) Post 302948176 by anrivera140 on Friday 26th of June 2015 12:37:02 PM

06-26-2015

Registered User

Privacy enable on SNMPv3 AIX)

I have SNMPv3 working on our server but when viewed from the security software, it shows no privacy enabled

Code:

AIX 7.1, TL1, snmp.crypto 6.1.2.0 installed, ran snmpv3_ssw -e

Unsure what I have configured wrong.

What is needed to show Privacy in AIX. I looked at a config on a Solaris box that does have it working and it seems like I have things set correctly.

See snips of snmpdv3.conf below:

Code:

USM_USER spkadmin - HMAC-MD5 caXXXXXXXXXXXXXXXXXXXXXXX35 DES e7XXXXXXXXXXXXXXXXX51 N -
 
# VACM_GROUP entries
# Format is:
# groupName securityModel securityName storageType
VACM_GROUP group1 USM spekadmin -
# VACM_VIEW entries
# Defines a particular set of MIB data, called a view, for the
# View-based Access Control Model.
# Format is:
# viewName viewSubtree viewMask viewType storageType
VACM_VIEW group1View interfaces - included -
VACM_VIEW group1View tcp - included -
VACM_VIEW group1View icmp - included -
VACM_VIEW group1View system - included -
VACM_VIEW group1View sysObjectID - excluded -
# VACM_ACCESS entries
VACM_ACCESS group1 - - DES USM group1View - - -
 
#VACM_GROUP group1 SNMPv1 public -
VACM_VIEW defaultView internet - included -
VACM_VIEW defaultView 1.3.6.1.4.1.2.2.1.1.1.0 - included -
VACM_VIEW defaultView 1.3.6.1.4.1.2.6.191.1.6 - included -
# exclude snmpv3 related MIBs from the default view
VACM_VIEW defaultView snmpModules - excluded -
VACM_VIEW defaultView 1.3.6.1.6.3.1.1.4 - included -
VACM_VIEW defaultView 1.3.6.1.6.3.1.1.5 - included -
# exclude aixmibd managed MIBs from the default view
VACM_VIEW defaultView 1.3.6.1.4.1.2.6.191 - included -
#VACM_ACCESS group1 - - noAuthNoPriv SNMPv1 defaultView - defaultView -
#NOTIFY notify1 traptag trap -
#TARGET_ADDRESS Target1 UDP 127.0.0.1 traptag trapparms1 - - -
#TARGET_PARAMETERS trapparms1 SNMPv1 SNMPv1 public noAuthNoPriv -
#COMMUNITY public public noAuthNoPriv 0.0.0.0 0.0.0.0 -
DEFAULT_SECURITY no-access - -
logging file=/tmp/snmpdv3.log enabled
logging size=100000 level=0
smux 1.3.6.1.4.1.2.3.1.2.1.2 gated_password # gated

Thanks.

Last edited by Don Cragun; 06-26-2015 at 05:46 PM.. Reason: Add CODE and ICODE tags.

anrivera140

View Public Profile for anrivera140

Find all posts by anrivera140

8 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

regular user - enable printer - aix unix

how can I let a regular user enable a printer?

2. Infrastructure Monitoring

net-snmp-config --create-snmpv3-user snmpengineID

Solaris 10 -- I created SNMPv3 users with net-snmp-config --create-snmpv3-user command. I am using HP Network Node Manager's SNMPv3 Smart Plugin to serve as the SNMP management server. Some SNMPv3 users were automatically created with the same snmpengineID. This causes NNM's brassagt proxy to...

3. Infrastructure Monitoring

Configuration of snmpv3 in AIX

Hi, I am new to AIX and have been assigned a task to configure the snmp on aix which can talk to our management server. Any help in relation to this will be greatly appriciated. Cheers, Tarun

4. AIX

Enable send email through smtp - exchange on AIX 6.1

Please help, i can not to send email from AIX 6.1 to outside network through STMP - Exchange. Any one can help ?

5. AIX

Enable large filesize option in NFS mount in AIX 4.3

Hi All, I have a NFS mount filesystem, however it is not supporting a creation of filesize greater than 2 GB in it, how can i enable the option (bf = true) in it. The AIX version is 4.3.2 Thanks in Advance!!

6. AIX

How to enable command history in AIX 6

Hi Friends, I am using AIX 6 with ksh shell, i am not able to get the commands histroy which was used earlier by pressing up and down arrow keys. Could you please help me to enable the history for ksh shell in AIX 6 OS. Thanks in Advance. Siva Kumar.

7. AIX

SNMPv3 error - Help please!

Hello everyone: I'm still relatively new to AIX administration and learning every day. I need to configure SNMPv3 in several servers. I tried first on a "test environment" server, no firewalls, and I was successful. Then I moved on to the "production" servers, which are behind firewall and I...

8. AIX

Is it must to enable TCB on AIX LPARs ?

Hi, I've verified my AIX 7.1 LPAR , and TCB is disabled by default. #odmget -q attribute=TCB_STATE PdAt PdAt: uniquetype = "" attribute = "TCB_STATE" deflt = "tcb_disabled" values = "" width = "" type = "" generic = "" ...

LEARN ABOUT REDHAT

snmp.conf

SNMP.CONF(5)							     Net-SNMP							      SNMP.CONF(5)

NAME

       /usr/share/snmp/snmp.conf - configuration file for the Net-SNMP applications.
       ~/.snmp/snmp.conf - personal configuration file.

DESCRIPTION

       snmp.conf  is  the  configuration file which define how the Net-SNMP applications operate.  Tokens that can be put in them are described in
       the DIRECTIVES section below.

PLEASE READ FIRST

       Make sure you make these files readable only by the user if you are storing sensitive information in them like passphrases!

       First, make sure you have read the snmp_config(5) manual page that describes how the Net-SNMP configuration files operate, where  they  are
       located and how they all work together.

DIRECTIVES

       mibdirs (mib-dirs|+mib-dirs)
	      Look  for textual MIBs to parse in the list of ':' separated directories.  If the directive value starts with a '+' it prepends this
	      list to the front of the default directory list compiled into the application.  Note that this value can be overridden by  the  MIB-
	      DIRS environment variable.

       mibs (mib-tokens|+mib-tokens)
	      Specifies  a  ':'  separated  list of MIB tokens that represent textual MIB files that should be found and parsed.  If the directive
	      value starts with a '+' it prepends this list to the front of the default MIB token list compiled into the application.  The special
	      keyword  of  "ALL" forces all MIBs files found to be read. Note that the value specified here can be overridden by the MIBS environ-
	      ment variable.

       mibfile file
	      Specifies a textual MIB file to read and parse, in addition to the list read from the MIBs token.  Note  that  the  value  specified
	      here can be overridden by the MIBFILES environment variable.

       defaultPort port
	      The default port number that all SNMP applications and daemons should use.

       defVersion (v1|v2c|v3)
	      The default SNMP version to use.

       defCommunity string
	      The default SNMPv1 and SNMPv2c community string to use.

       defSecurityName string
	      The default SNMPv3 USM security name you want to use for SNMPv3 requests.

       defContext string
	      The default SNMPv3 context name you want to use.

       defPassphrase string

       defAuthPassphrase string

       defPrivPassphrase string
	      The  default  SNMPv3 USM passphrase(s) to use.  defPassphrase will be used for both authentication and privacy pass phrases if it is
	      specified.

       defAuthType MD5|SHA
	      The SNMPv3 USM authentication type to use.

       defPrivType DES
	      The SNMPv3 USM privacy type to use.  Currently, DES is the only possible value.

       defSecurityLevel noAuthNoPriv|authNoPriv|authPriv
	      The SNMPv3 default security level to use.

       showMibErrors (1|yes|true|0|no|false)
	      Whether or not to display textual MIB parsing errors when commands are run.

       strictCommentTerm (1|yes|true|0|no|false)
	      Whether or not MIBs that are parsed should be strict about comment termination.  "--" terminates a comment if this  is  true.   Many
	      MIBs have broken comments in them, hence this option.

       mibAllowUnderline (1|yes|true|0|no|false)
	      Allow underline characters in MIBs (illegal).

       mibWarningLevel integerValue
	      The minimum warning level of the warnings printed by the MIB parser.

       logTimestamp (1|yes|true|0|no|false)
	      Whether  the  commands should log timestamps with their error/message logging or not.  Note that output will not look as pretty with
	      timestamps if the source code that is doing the logging does incremental logging of messages that are not line buffered before being
	      passed to the logging routines.

       printNumericEnums (1|yes|true|0|no|false)
	      Equivalent to -Oe.

       printNumericOids (1|yes|true|0|no|false)
	      Equivalent to -On.

       dontBreakdownOids (1|yes|true|0|no|false)
	      Equivalent to -Ob.

       escapeQuotes (1|yes|true|0|no|false)
	      Equivalent to -OE.

       quickPrinting (1|yes|true|0|no|false)
	      Equivalent to -Oq.

       printHexText (1|yes|true|0|no|false)
	      Equivalent to -OT.

       suffixPrinting (0|1|2)
	      If the value is 1, its equivalent to -Os and if the value is 2 it's equivalent to -OS.

       extendedIndex (1|yes|true|0|no|false)
	      Equivalent to -OX.

       noRangeCheck (1|yes|true|0|no|false)
	      Disables the validation of values that is done by snmpset before issuing the request to the agent.

       dumpPacket (1|yes|true|0|no|false)
	      Whether the commands should dump packets by default.

       doDebugging (1|0)
	      Turns on debugging for all applications run if set to 1.

       debugTokens TOKEN[,TOKEN...]
	      The debugging tokens that should be printed.  See the snmpcmd(1) manual page for debugging usage details.

SEE ALSO

       snmp_config(5), read_config(3), snmpcmd(1).

4th Berkeley Distribution					    08 Feb 2002 						      SNMP.CONF(5)