Quantcast

snmp vacm.conf erronous behaviour

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

snmp vacm.conf erronous behaviour

Grasl Christoph
[erlang-questions] snmp vacm.conf erronous behaviour

hi OTP-team!

erronous behaviour report:

If 'any' is used for the  'SecModel' in the 'vacm.conf' in the 'vacmSecurityToGroup' declaration

the snmp framework returns a error with the reason 'noGroupName'. It seems to be that there's a
conflict with
the  'SecName' when the agent is only configured for v1 and v2c and 'any' is used
as value for 'SecModel'.

EXAMPLE:

[community.conf]

{"1", "public", "secName", "", ""}.
{"2", "all-rights", "all-rights", "", ""}.
{"3", "standard trap", "initial", "", ""}.

[vacm.conf]

doesn't work:

{vacmSecurityToGroup, any, "secName", "group1"}.
{vacmSecurityToGroup, any, "secName", "group2"}.
{vacmAccess, "group1", "", any, noAuthNoPriv, exact, "sys", "sys", "sys"}.
{vacmAccess, "group2", "", any, noAuthNoPriv, exact, "sys", "sys", "sys"}.
{vacmViewTreeFamily, "sys", [1,3,6,1,2,1,1], included, null}.

does work:

{vacmSecurityToGroup, v1, "secName", "group1"}.
{vacmSecurityToGroup, v2c, "secName", "group1"}.
{vacmSecurityToGroup, v1, "all-rights", "group2"}. 
{vacmSecurityToGroup, v2c, "all-rights", "group2"}.                   
{vacmAccess, "group1", "", any, noAuthNoPriv, exact, "sys", "sys", "sys"}.
{vacmAccess, "group2", "", any, noAuthNoPriv, exact, "sys", "sys", "sys"}.
{vacmViewTreeFamily, "sys", [1,3,6,1,2,1,1], included, null}.

also:

The documentation under

http://erlang.org/doc/apps/snmp/snmp_agent_config_files.html#vacm

states that the value for 'ViewIndex' in the 'vacmViewTreeFamily' declaration is an integer.

Is this a documentation error (the 'vacmViewTreeFamily' declaration could never match the 'VIEWs' this way)
or does the mentioned data-type relate to the internal representation in the db?

EXAMPLE (with an obvious result..):

[vacm.conf]

%% {vacmSecurityToGroup, SecModel, SecurityName, GroupName}.
%% {vacmAccess, GroupName, Prefix, SecModel, SecLevel, Match, ReadView, WriteView, NotifyView}.
%% {vacmViewTreeFamily, ViewIndex, ViewSubtree, ViewStatus, ViewMask}.

{vacmSecurityToGroup, v1, "secName", "group_1"}.
{vacmSecurityToGroup, v2c, "secName", "group_1"}.
{vacmSecurityToGroup, v1, "all-rights", "group_1"}.
{vacmSecurityToGroup, v2c, "all-rights", "group_1"}.
{vacmAccess, "group_1", "", any, noAuthNoPriv, exact, "sys", "sys", "sys"}.        
{vacmViewTreeFamily, 23, [1,3,6,1,2,1,1], included, null}.

RESULT:

=ERROR REPORT==== 22-Jan-2009::12:09:02 ===

** Configuration error: [VIEW-BASED-ACM-MIB]: reconfigure failed: {failed_check,
                                                                   "/opt/app/data/snmp/vacm.conf",
                                                                   25,26,
                                                                   {invalid_string,
                                                                    23}}

02.637'751 "."** exception exit: {noproc,
                       {gen_server,call,
                           [snmp_master_agent,
                            {load_mibs,
                                ["/opt/app/data/snmp/KEYTRONIX-CHRONOS-MIB"]},
                            infinity]}}
     in function  gen_server:call/3
     in call from snmp_handler:start/1

does work:

{vacmSecurityToGroup, v1, "secName", "group_1"}.
{vacmSecurityToGroup, v2c, "secName", "group_1"}.
{vacmSecurityToGroup, v1, "all-rights", "group_1"}.
{vacmSecurityToGroup, v2c, "all-rights", "group_1"}.
{vacmAccess, "group_1", "", any, noAuthNoPriv, exact, "sys", "sys", "sys"}.
{vacmViewTreeFamily,"sys", [1,3,6,1,2,1,1], included, null}.

all the best,

Christoph Grasl
Embedded Software Entwickler

KEYTRONIX
Gesellschaft für industrielle Elektronik und Informationstechnologie mbH

Ungargasse 64-66/1/109
A-1030 WIEN

E-Mail: [hidden email]
Tel.: +43 (1) 718 06 60 - 323
Mobil: +43 (664) 8556456
WWW: http://www.keytronix.com

HG Wien FN 261131t

Confidentiality Notice:
This message may contain privileged and confidential information. If you think, for any reason, that this message may have been addressed to you in error, you must not disseminate, copy or take any action in reliance on it, and we would ask you to notify us immediately by return email.



If 'any' is used for the  'SecModel' in the 'vacm.conf' in the 'vacmSecurityToGroup' declaration

the snmp framework returns a error with the reason 'noGroupName'. It seems to be that there's a
conflict with
the  'SecName' when the agent is only configured for v1 and v2c and 'any' is used
as value for 'SecModel'.



EXAMPLE:



[community.conf]



{"1", "public", "secName", "", ""}.

{"2", "all-rights", "all-rights", "", ""}.

{"3", "standard trap", "initial", "", ""}.



[vacm.conf]



doesn't work:



{vacmSecurityToGroup, any, "secName", "group1"}.

{vacmSecurityToGroup, any, "secName", "group2"}.

{vacmAccess, "group1", "", any, noAuthNoPriv, exact, "sys", "sys", "sys"}.

{vacmAccess, "group2", "", any, noAuthNoPriv, exact, "sys", "sys", "sys"}.

{vacmViewTreeFamily, "sys", [1,3,6,1,2,1,1], included, null}.



does work:



{vacmSecurityToGroup, v1, "secName", "group1"}.

{vacmSecurityToGroup, v2c, "secName", "group1"}.

{vacmSecurityToGroup, v1, "all-rights", "group2"}. 

{vacmSecurityToGroup, v2c, "all-rights", "group2"}.                   

{vacmAccess, "group1", "", any, noAuthNoPriv, exact, "sys", "sys", "sys"}.

{vacmAccess, "group2", "", any, noAuthNoPriv, exact, "sys", "sys", "sys"}.

{vacmViewTreeFamily, "sys", [1,3,6,1,2,1,1], included, null}.

also:

The documentation under

http://erlang.org/doc/apps/snmp/snmp_agent_config_files.html#vacm

states that the value for 'ViewIndex' in the 'vacmViewTreeFamily' declaration is an integer.

Is this a documentation error (the 'vacmViewTreeFamily' declaration could never match the 'VIEWs' this way)
or does the mentioned data-type relate to the internal representation in the db?

EXAMPLE (with an obvious result..):



[vacm.conf]


%% {vacmSecurityToGroup, SecModel, SecurityName, GroupName}.
%% {vacmAccess, GroupName, Prefix, SecModel, SecLevel, Match, ReadView, WriteView, NotifyView}.
%% {vacmViewTreeFamily, ViewIndex, ViewSubtree, ViewStatus, ViewMask}.

{vacmSecurityToGroup, v1, "secName", "group_1"}.

{vacmSecurityToGroup, v2c, "secName", "group_1"}.

{vacmSecurityToGroup, v1, "all-rights", "group_1"}.

{vacmSecurityToGroup, v2c, "all-rights", "group_1"}.

{vacmAccess, "group_1", "", any, noAuthNoPriv, exact, "sys", "sys", "sys"}.        

{vacmViewTreeFamily, 23, [1,3,6,1,2,1,1], included, null}.

RESULT:

=ERROR REPORT==== 22-Jan-2009::12:09:02 ===

** Configuration error: [VIEW-BASED-ACM-MIB]: reconfigure failed: {failed_check,

                                                                   "/opt/app/data/snmp/vacm.conf",

                                                                   25,26,

                                                                   {invalid_string,

                                                                    23}}

02.637'751 "."** exception exit: {noproc,

                       {gen_server,call,

                           [snmp_master_agent,

                            {load_mibs,

                                ["/opt/app/data/snmp/KEYTRONIX-CHRONOS-MIB"]},

                            infinity]}}

     in function  gen_server:call/3

     in call from snmp_handler:start/1


does work:

{vacmSecurityToGroup, v1, "secName", "group_1"}.

{vacmSecurityToGroup, v2c, "secName", "group_1"}.

{vacmSecurityToGroup, v1, "all-rights", "group_1"}.

{vacmSecurityToGroup, v2c, "all-rights", "group_1"}.

{vacmAccess, "group_1", "", any, noAuthNoPriv, exact, "sys", "sys", "sys"}.        

{vacmViewTreeFamily,"sys", [1,3,6,1,2,1,1], included, null}.

all the best,

Christoph Grasl
Embedded Software Entwickler

KEYTRONIX
Gesellschaft für industrielle Elektronik und Informationstechnologie mbH

Ungargasse 64-66/1/109
A-1030 WIEN

E-Mail: [hidden email]
Tel.: +43 (1) 718 06 60 - 323
Mobil: +43 (664) 8556456
WWW: http://www.keytronix.com

HG Wien FN 261131t

Confidentiality Notice:
This message may contain privileged and confidential information. If you think, for any reason, that this message may have been addressed to you in error, you must not disseminate, copy or take any action in reliance on it, and we would ask you to notify us immediately by return email.


_______________________________________________
erlang-questions mailing list
[hidden email]
http://www.erlang.org/mailman/listinfo/erlang-questions
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: snmp vacm.conf erronous behaviour

techabc
when I do NOT use v3, How can I config the vacm.conf to enable all mibs? I means disable the view based mib ACM.
Loading...