I am trying to obtain information from the CA PAM MIB using v3. I am running the following query:
snmpwalk -v 3 -u snmppoll -a SHA -A auth1234 -x DES -X priv1234 18.104.22.168 UCD-SNMP-MIB::memory
But I am always getting:
Error in packet.
Reason: authorizationError (access denied to that object)
However, if I use
snmpwalk -v 2c -c xcdgkpub 22.214.171.124 UCD-SNMP-MIB::memory
What is the correct syntax ?
Release: PAMDKT99500-2.8-Privileged Access Manager-NSX API PROXY
Each user has a name (called a securityName) an authentication type (authProtocol) and a privacy type (privProtocol) as well as associated keys for each of these (authKey and privKey).
Authentication is performed by using a users authKey to sign the message being sent. The authProtocol can be either MD5 or SHA at this time. authKeys (and privKeys) are generated from a passphrase that must be at least 8 characters in length.
Authentication is performed by using a users privKey to encrypt the data portion the message being sent. The privProtocol can only be DES at this time.
Messages can be be sent unauthenticated, authenticated, or authenticated and encrypted by setting the securityLevel to use. In this case, since we want to use both an authkey and a privkey we will specify the security level of the user as requiring authentication and encryption.
In this case we have specified the authorization and encryption but we have not specified the corresponding security level.
So the correct syntax would be:
snmpwalk -v 3 -u snmppoll -l AuthPriv -a SHA -A auth1234 -x AES -X priv1234 126.96.36.199 UCD-SNMP-MIB::memory
Note that the -a specifies the authorization protocol and -x the encryption protocol. SHA works well with AES, whereas -l specifies the security level