snmptrapd.conf createuser for ENFSNMPM SNMPv3
search cancel

snmptrapd.conf createuser for ENFSNMPM SNMPv3

book

Article ID: 281470

calendar_today

Updated On:

Products

Automation Point

Issue/Introduction

Trying to set up SNMPv3 from CA ENFSNMP to Automation Point.  Modeling the createUser statement, which is based on the example that arrives with snmptrapd.conf.  ENFSNMP sends traps to Automation Point, but getting authentication failures.

From the SNMPCFG member doc for ENFSNMPM:

c) AUTH_MD5 | AUTH_SHA-1 

   Authentication is optional. If needed, then code either 
   AUTH_MD5 or AUTH_SHA-1 followed by the authentication key "auth_key". 

   For AUTH_MD5 (HMAC using MD5), the auth_key (and if applicable the 
   priv_key) must be 32-hexadecimal characters. 

   For AUTH_SHA-1 (HMAC using SHA-1) the auth_key (and if applicable the 
   priv_key) must be 40-hexadecimal characters. 

   Even though the non-localized key is specified, it is "secret" so 
   consider READ access to this file.

d) PRIV_DES 

   Privacy (encryption/decryption) is optional. If needed then code 
   PRIV_DES followed by the privacy key "priv_key". 

   If specified, then authentication must also be specified. 

   Specify the full length non-localized key. For MD5 it should be 16-bytes which 
   corresponds to 32-hexadecimal characters. For SHA-1 it should be 20-bytes which 
   corresponds to 40-hexadecimal characters. The key will be localized (at run time)
   and then the first 16-bytes (RFC3414) will used as the localized private key. 

   Even though the non-localized key is specified, it is "secret" so 
   consider READ access to this file.

For CA ENFSNMP, creating a 16 character passphrase, translated it to ebcdic hexadecimal, and sent that to Mainframe support for specification in the SNMPCFG member of ENFSNMPM.  In the snmptrapd.conf, specifying the key as text, but it receives an authentication failure error when the trap arrived.  Changing it to the same hex string but still received an authentication failure.  

The engineID and User are good - it can be seen in the packet trace and they are correct.

Environment

Windows AP server

Mainframe z/OS lpar

Resolution

If adding "0x" prefix to the hex key values, it still generated an error:

pv3CNFG: auth_key must be 32 hexadecimal characters                  

readCNFG: parse_record return rc=8 for statement beginning on line 154

CAW1CNFG: read_file returned rc=8                                    

MAIN: read_config return rc=8                     

It also needs to add -m parameter to indicate the value as a master key.  This info can be found in the net-snmp manpages. 

Format:

createUser -e engineid userid MD5 -m 0x.... DES -m 0x....

Powered by Wolken Software