« Back
You are in : Recent Topics » OEMs & Developers » SNMP API » v3 security parameters -- error checking
gary.marc.levin

v3 security parameters -- error checking
by 
gary.marc.levin
 on 12-Jun-2009 11:11 AM.
  in  OEMs & Developers 
» SNMP API

The javadoc for SnmpServer.create_v3_tables() states:
Method to create new users and add them to the userTable in USMUserTable. Returns 1 if userTable is successfully created, negative value otherwise. The following error codes can be set ErrorCodes DISCOVERY_FAILED, TIME_SYNC_FAILED, WRONG_DIGEST_ERR, DECRYPT_ERROR_ERR, UKNOWN_ENGINEID_ERR, UKNOWN_USERNAMES_ERR,UNSUPP_SECLEVEL_ERR, WRONG_PRIVPASSWORD.


Where are these values set?  How would I access them? I would like to report the cause of the problem to make it easier for the user to find and fix the problem.
  • No status
Guest

Re: v3 security parameters -- error checking

by 
Guest
 on 16-Jun-2009 09:26 PM
Hi,

The method SnmpServer.create_v3_tables() will set the error code internally.
If you are using SnmpRequestServer.create_v3_tables() or SnmpTarget.create_v3_tables(), you can use SnmpRequestServer.getErrorCode() or SnmpTarget.getErrorCode() respectively to get the error code constant.
These error code constants are defined in the class ErrorMessages.

Thanks,
Amarnath

gary.marc.levin

Re: v3 security parameters -- error checking

by 
gary.marc.levin
 on 25-Jun-2009 07:01 AM
Thanks, but only some of the errors seem to be recognized.  An unknown Principal or an incorrect AuthPassword will result in a useful error message.  A bad PrivPassword does not result in an error and when you do a get just results in a timeout.  Sample results:

Result is the value returned by create_v3_table.  Error code = #:string, using the methods you mentioned.

* bad principal: result=-2  errorCode=46:usmStatsUnknownUserNames
* bad context: result=1  errorCode=-1:No Error code registered
* bad authProtocol (MDX5) : result=1  errorCode=-1:No Error code registered
* wrong authProtocol(SHA): result=-2  errorCode=48:usmStatsWrongDigests
* bad authPassword: result=-2  errorCode=48:usmStatsWrongDigests
* bad privPassword: result=1  errorCode=-1:No Error code registered

Most of the errors are not reported.


amarnatht

Re: Re: v3 security parameters -- error checking

by 
amarnatht
 on 22-Jul-2009 07:04 AM

Hi,

The method SnmpServer.create_v3_tables() creates and adds USM user entries to USMUserTable.
As a part of adding users to the USMUserTable, it will perform Discovery and TimeSynchronization.

These processes do not use contextName, as there is no management information in this V3 handshake.

Also privPassword is not generally used in V3 handshake, and will not be validated, by default, in create_v3_tables().

As a part of create_v3_tables(), the userName of a NO_AUTH_NO_PRIV user or the privPassword of an AUTH_PRIV user can be validated using the method SnmpServer.validateUser(boolean) prior to calling create_v3_tables().

From the third case you stated, I understood that bad authProtocol(MDX5) means an authProtocol that is not supported by the SNMP API. In this case, default authProtocol will be set.

Any SNMP request timing out in case of bad privPassword could be an issue with the authoritative SNMP engine (agent in your case). The authoritative SNMP engine should report the non-authoritative SNMP engine with usmStatsDecryptionErrors OID in such case.

Hope this is clear.

Regards,
Amarnath

 Back
 Top
Post Actions
Statistics
  • 3
     Replies
  • 366
     Views
  • 0
     Followers
Tags for the post
No tags available for this topic.
© 2009 Corp. All rights reserved. Trademarks | Privacy Policy | Site Map | Contact Us | Careers

Edit Link Delete Link

Edit Link Delete Link

LoadingImage