Blog |Follow Nick on Twitter| About
 

I think it's safe to say, if you can't get something to work then the manual is rubbish or the user is stupid, with setting up snmp v3 on linux, the user is me, so the fault is probably lies there.

SNMPv3 moves away from the community string idea from older version, and into a username & password combo. The correct tool for creating users is snmpusm, but no matter how many times I read the man page I can't work it out. I get that you copy a user from the initial user, but how do you create the initial user ? If I try on my box I just get an "snmp timeout" error.

I found a work around for my stupidity, on redhat based boxes (RHEL, CENTOS, WHEL, FEDORA) there is a development package to do the job, so to to get the snmp v3 encrypted goodness going run,

yum install net-snmp-utils net-snmp-devel

Yum will pick up the dependencies you need. Now as root, run (make sure snmpd is stopped first)

/usr/bin/net-snmp-config --create-snmpv3-user -a PASSWORD MYUSERNAME

You'll get the following output...

adding the following line to /var/net-snmp/snmpd.conf:
   createUser MYUSERNAME MD5 "PASSWORD" DES
adding the following line to /usr/share/snmp/snmpd.conf:
   rwuser MYUSERNAME

Before testing make sure that UDP 161 is permitted through iptables, and restart snmpd

/etc/init.d/snmpd start

now from another box, you can test, snmpwalk is the command, if it works your screen will fill up with loads of interesting snmp stuff, if it fails you'll get an error. Timeout usually means UDP 161 is blocked or they can't ping each other, and you'll get authentication failure messages if there is a problem with your snmp accounts.

snmpwalk -v 3 -a md5 -A PASSWORD -x des -X PASSWORD -u MYUSERNAME IP.ADD.RE.SS

good luck !

rgds,

Nick

 
Nick Bettison ©