ROOTVG - AIX & POWER Portal

Enabling SNMPV3 on AIX 5.3

Home

Help

Login

Register

	Welcome, Guest. Please login or register.	December 02, 2008, 01:26:35 AM
		Login with username, password and session length

ROOTVG > AIX > Administration > Enabling SNMPV3 on AIX 5.3

Pages: [1] Go Down

« previous next »

Print

	Author	Topic: Enabling SNMPV3 on AIX 5.3 (Read 524 times)
0 Members and 1 Guest are viewing this topic.

pankajwc

Jr. Member

Posts: 7

Re: Enabling SNMPV3 on AIX 5.3

« Reply #8 on: November 27, 2008, 04:56:51 AM »

Thanks Michael,

I am now able to see all the interfaces in Solarwinds....

I simply restored the defaults and then checked for the snmpinfo details on the server prompt and then gradually made changes. once I was able to see the snmpinfo on the server command prompt, rest was easy..

AIX provides most of the feature details only on snmp version 1.

Thanks again.


	Logged

Michael

Administrator
Hero Member

Posts: 530

Re: Enabling SNMPV3 on AIX 5.3

« Reply #7 on: November 23, 2008, 02:38:25 PM »

You have made several changes to the default - adding several entries before the AIX "defaults", and also changed the AIX defaults as well.

I switched the snmpinfo line of below to - included - and stopped seeing the interface info, and after adding the xxx I was able to see the info as part of aixNetwork.

Comment out your modifications, reset - or better, stop, then start (to clear any cached information) the snmpd demons.

This is the only area I made any changes in:

VACM_GROUP group1 SNMPv1 public - VACM_VIEW defaultView internet - included - # exclude snmpv3 related MIBs from the default view # VACM_VIEW defaultView snmpModules - excluded - ## -excluded - is original setting, and seems to be required setting for traditional MIB-2 output ## compare snmpinfo -v -m dump -c public mib-2 ## or snmpinfo -v -m dump -c public interfaces VACM_VIEW defaultView snmpModules - excluded - VACM_VIEW defaultView 1.3.6.1.6.3.1.1.4 - included - VACM_VIEW defaultView 1.3.6.1.6.3.1.1.5 - included - # exclude aixmibd managed MIBs from the default view # VACM_VIEW defaultView 1.3.6.1.4.1.2.6.191 - excluded - ## - excluded - is original setting. - included - adds additional ibm private ## compare snmpinfo -v -m dump -c public ibm - before and after VACM_VIEW defaultView 1.3.6.1.4.1.2.6.191 - included -


	Logged

pankajwc

Jr. Member

Posts: 7

Re: Enabling SNMPV3 on AIX 5.3

« Reply #6 on: November 20, 2008, 01:12:36 PM »

Dear Michael,

Thanks for the help. Please find my complete snmpdv3.conf file for reference. I am able to get the SNMP string validated using the SNMP Software but the software is not able to fine any interfaces, like CPU, Network, memory etc.

Thanks in advance.

# @(#)88 1.6 src/tcpip/etc/snmpdv3.conf, snmp, tcpip530 6/5/04 14:54:22
# IBM_PROLOG_BEGIN_TAG
# This is an automatically generated prolog.
#
# tcpip530 src/tcpip/etc/snmpdv3.conf 1.6
#
# Licensed Materials - Property of IBM
#
# Restricted Materials of IBM
#
# (C) COPYRIGHT International Business Machines Corp. 2002,2004
# All Rights Reserved
#
# US Government Users Restricted Rights - Use, duplication or
# disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
#
# IBM_PROLOG_END_TAG
#----------------------------------------------------------------------------------------------------------------------------------------------------------
# General syntax rules about the snmpdv3.conf file:
# An entry must be contained on one line (i.e., the newline character will
# be treated as the end of an entry)
# All of the entry definitions require that all fields on the entry are
# specified, either with a specific value or a dash (-) to denote the
# default value.
# If an error is detected processing an entry and no appropriate default
# value can be assumed, the entry will be discarded.
# Statements in the file are not order-dependent. However if more than one
# DEFAULT_SECURITY statement is found, the last one in the file is the one
# that is used.
# Comments may be entered in the snmpdv3.conf file, with the following
# restrictions:
# Comments must begin with the pound sign (#) or asterisk (*).
# Comments must begin in column 1; this allows the pound sign and asterisk
# to be used in names of users, views, etc.
#----------------------------------------------------------------------------------------------------------------------------------------------------------

#----------------------------------------------------------------------------------------------------------------------------------------------------------
# USM_USER entries
# Defines a user for the User-based Security Model (USM).
# Format is:
# userName engineID authProto authKey privProto privKey keyType storageType
#
#----------------------------------------------------------------------------------------------------------------------------------------------------------
USM_USER u1 - HMAC-MD5 e7ec4e8259f3e859efeb2ab8ee8d8791 - - L -
#----------------------------------------------------------------------------------------------------------------------------------------------------------
# VACM_GROUP entries
# Defines a security group (made up of users or communities)
# for the View-based Access Control Model (VACM).
# Format is:
# groupName securityModel securityName storageType
#----------------------------------------------------------------------------------------------------------------------------------------------------------
VACM_GROUP group1 USM u1 -
#----------------------------------------------------------------------------------------------------------------------------------------------------------
# VACM_VIEW entries
# Defines a particular set of MIB data, called a view, for the
# View-based Access Control Model.
# Format is:
# viewName viewSubtree viewMask viewType storageType
#----------------------------------------------------------------------------------------------------------------------------------------------------------
VACM_VIEW group1View interfaces - included -
VACM_VIEW group1View tcp - included -
VACM_VIEW group1View system - included -
VACM_VIEW group1View sysObjectID - included -
#----------------------------------------------------------------------------------------------------------------------------------------------------------
# VACM_ACCESS entries
# Identifies the access permitted to different security groups
# for the View-based Access Control Model.
# Format is:
# groupName contextPrefix contextMatch securityLevel securityModel readView writeView notifyView storageType
#----------------------------------------------------------------------------------------------------------------------------------------------------------
VACM_ACCESS group1 - - AuthNoPriv USM group1View - groupView -
#----------------------------------------------------------------------------------------------------------------------------------------------------------
# NOTIFY entries
# Identifies management targets to receive notifications.
# Format is:
# notifyName tag type storageType
#----------------------------------------------------------------------------------------------------------------------------------------------------------
NOTIFY notify1 traptag trap -
#----------------------------------------------------------------------------------------------------------------------------------------------------------
# TARGET_ADDRESS
# Defines a management application's address and parameters
# to be used in sending notifications.
# Format is:
# targetAddrName tDomain tAddress tagList targetParams timeout retryCount storageType
#----------------------------------------------------------------------------------------------------------------------------------------------------------
TARGET_ADDRESS Target1 UDP 192.168.100.141 traptag trapparms1 - - -
#----------------------------------------------------------------------------------------------------------------------------------------------------------
# TARGET_PARAMETERS
# Defines the message processing and security parameters
# to be used in sending notifications to a particular management target.
# Format is:
# paramsName mpModel securityModel securityName securityLevel storageType
#----------------------------------------------------------------------------------------------------------------------------------------------------------
TARGET_PARAMETERS trapparms1 SNMPv3 USM u1 AuthNoPriv -
#----------------------------------------------------------------------------------------------------------------------------------------------------------
# COMMUNITY
# Defines a community for community-based security.
# Format is:
# communityName securityName securityLevel netAddr netMask storageType
#----------------------------------------------------------------------------------------------------------------------------------------------------------

#----------------------------------------------------------------------------------------------------------------------------------------------------------
# DEFAULT_SECURITY
# Identifies the default security posture to be configured for the SNMP agent;
# additional security definitions defined by the use of the preceding eight entry
# definition types augment any default security configurations defined
# as a result of the DEFAULT_SECURITY statement.
# Format is:
# securityPosture password privacy
#----------------------------------------------------------------------------------------------------------------------------------------------------------

#----------------------------------------------------------------------------------------------------------------------------------------------------------
# logging file=</path/filename> enabled|disabled
# logging size=<limit> level=<debug level>
#
# where </path/filename> specifies the complete path and filename of the
# log file, enabled turns logging on, disabled turns logging off, <limit>
# specifies the maximum size in bytes of the specified logfile, and
# <debug level> specifies the logging level of 0, 1, 2, 3, or 4.
# The size default is 100000, and the level default is 0.
# There can be no white spaces around the "=" in the file, size and level fields.
# There are no restrictions on the order in which the fields are entered in the
# logging entries. A logging entry can contain single or multiple fields.
#----------------------------------------------------------------------------------------------------------------------------------------------------------

#----------------------------------------------------------------------------------------------------------------------------------------------------------
# smux <client OIdentifier> <password> <address> <netmask>
#
# where <client OIdentifier> is the unique object identifer in dotted
# decimal notation of the SMUX peer client. <password> specifies the
# password that snmpd requires from the SMUX peer client to authenticate
# the SMUX association. <address> is either the hostname or IPv4 address
# in dotted notation of the host on which the SMUX peer client is
# executing. <netmask> specifies the network mask. If no password is
# specified, there is no authentication for the SMUX association. The
# default address and netmask are 127.0.0.1 and 255.255.255.255. If
# neither the address nor netmask are specified, the SMUX association
# is limited to the local host. Fields to the right of
# <client OIdentifier> are optional, with the limitation that no fields
# to the left of a specified field are omitted.
#----------------------------------------------------------------------------------------------------------------------------------------------------------

#----------------------------------------------------------------------------------------------------------------------------------------------------------

VACM_GROUP group1 SNMPv1 public -

VACM_VIEW defaultView internet        - included -

# exclude snmpv3 related MIBs from the default view
VACM_VIEW defaultView snmpModules      - included -
VACM_VIEW defaultView 1.3.6.1.6.3.1.1.4 - included -
VACM_VIEW defaultView 1.3.6.1.6.3.1.1.5 - included -

# exclude aixmibd managed MIBs from the default view
#VACM_VIEW defaultView 1.3.6.1.4.1.2.6.191   - included -

VACM_ACCESS group1 - - noAuthNoPriv SNMPv1 defaultView - defaultView -

NOTIFY notify1 traptag trap -

TARGET_ADDRESS Target1 UDP 127.0.0.1 traptag trapparms1 - - -

TARGET_PARAMETERS trapparms1 SNMPv1 SNMPv1 public noAuthNoPriv -

COMMUNITY public public noAuthNoPriv 192.168.100.141 255.255.255.0 -

COMMUNITY public public noAuthNoPriv 127.0.0.1 255.255.255.255 -
DEFAULT_SECURITY no-access - -

logging file=/usr/tmp/snmpdv3.log enabled
logging size=100000 level=0

smux 1.3.6.1.4.1.2.3.1.2.1.2 gated_password # gated

smux 1.3.6.1.4.1.2.3.1.2.3.1.1 muxatmd_password #muxatmd


	Logged

Michael

Administrator
Hero Member

Posts: 530

Re: Enabling SNMPV3 on AIX 5.3

« Reply #5 on: November 19, 2008, 07:46:36 PM »

This is the default configuration. For me it is working fine.

Quote

VACM_GROUP group1 SNMPv1 public -

VACM_VIEW defaultView internet - included -

# exclude snmpv3 related MIBs from the default view
VACM_VIEW defaultView snmpModules - excluded -
VACM_VIEW defaultView 1.3.6.1.6.3.1.1.4 - included -
VACM_VIEW defaultView 1.3.6.1.6.3.1.1.5 - included -

# exclude aixmibd managed MIBs from the default view
VACM_VIEW defaultView 1.3.6.1.4.1.2.6.191 - excluded -

VACM_ACCESS group1 - - noAuthNoPriv SNMPv1 defaultView - defaultView -

NOTIFY notify1 traptag trap -

TARGET_ADDRESS Target1 UDP 127.0.0.1 traptag trapparms1 - - -

TARGET_PARAMETERS trapparms1 SNMPv1 SNMPv1 public noAuthNoPriv -

COMMUNITY public public noAuthNoPriv 0.0.0.0 0.0.0.0 -

DEFAULT_SECURITY no-access - -

logging file=/usr/tmp/snmpdv3.log enabled
logging size=100000 level=0

smux 1.3.6.1.4.1.2.3.1.2.1.2 gated_password # gated

Quote

michael@x054:[/home/michael]snmpinfo -v -m dump -c public hrProcessorLoad
hrProcessorLoad.1 = 8
michael@x054:[/home/michael]type snmpd
snmpd is /usr/sbin/snmpd
michael@x054:[/home/michael]ls -l /usr/sbin/snmpd
lrwxrwxrwx 1 root system 9 Dec 09 2007 /usr/sbin/snmpd -> snmpdv3ne
michael@x054:[/home/michael]

If I read carefully, you have made some changes to the default config. I would first start with the default config and then test changes. It should "just work".

And don't forget to make sure that any comments are seen as comments. Perhaps your lines beginning with 1. are being seen as syntax errors and snmpd is not even starting? What do your logfiles say?


« Last Edit: November 19, 2008, 07:49:51 PM by Michael »	Logged

pankajwc

Jr. Member

Posts: 7

Re: Enabling SNMPV3 on AIX 5.3

« Reply #4 on: November 18, 2008, 01:59:29 PM »

Dear All,

I am trying to configure SNMPV3 on AIX 5.3

I am not able to see any CPU, Network or Memory related information. Can someone help me. What am I doing wrong? Please find the snmpdv3.conf file below.
***********************************************************

VACM_GROUP group1 SNMPv1 public -

VACM_VIEW defaultView internet - included -

1. exclude snmpv3 related MIBs from the default view

VACM_VIEW defaultView snmpModules - included -
VACM_VIEW defaultView 1.3.6.1.6.3.1.1.4 - included -
VACM_VIEW defaultView 1.3.6.1.6.3.1.1.5 - included -

1. exclude aixmibd managed MIBs from the default view

#VACM_VIEW defaultView 1.3.6.1.4.1.2.6.191 - included -

VACM_ACCESS group1 - - noAuthNoPriv SNMPv1 defaultView - defaultView -

NOTIFY notify1 traptag trap -

TARGET_ADDRESS Target1 UDP 127.0.0.1 traptag trapparms1 - - -

TARGET_PARAMETERS trapparms1 SNMPv1 SNMPv1 public noAuthNoPriv -

COMMUNITY public public noAuthNoPriv 192.168.100.141 255.255.255.0 -

COMMUNITY public public noAuthNoPriv 127.0.0.1 255.255.255.255 -
DEFAULT_SECURITY no-access - -

logging file=/usr/tmp/snmpdv3.log enabled
logging size=100000 level=0

smux 1.3.6.1.4.1.2.3.1.2.1.2 gated_password # gated

smux 1.3.6.1.4.1.2.3.1.2.3.1.1 muxatmd_password #muxatmd
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


	Logged

Michael

Administrator
Hero Member

Posts: 530

Re: Enabling SNMPV3 on AIX 5.3

« Reply #3 on: November 10, 2008, 12:17:33 PM »

What do you want to use it for? That largely determines the additional steps.

And you can activate it via smit using the fastpath:

# smitty otherserv

And then select the snmpd daemon from the list.


	Logged

pankajwc

Jr. Member

Posts: 7

Re: Enabling SNMPV3 on AIX 5.3

« Reply #2 on: November 10, 2008, 09:44:07 AM »

Dear John,

Thanks for the update, but since I am new to AIX could you help me by providing the exact steps/commands required for the SNMPV3.


	Logged

John R Peck

Administrator
Senior Member

Posts: 53

Re: Enabling SNMPV3 on AIX 5.3

« Reply #1 on: November 09, 2008, 04:12:30 PM »

In /etc/rc.tcpip, uncomment the line to start the daemon for next boot (or just running of rc.tcpip):

# Start up the Simple Network Management Protocol (SNMP) daemon
#start /usr/sbin/snmpd "$src_running"

At a minimum, configure the service with /etc/snmpd.conf.