[erlang-questions] snmp vacm.conf erronous behaviour
Grasl Christoph
C.Grasl@REDACTED
Thu Jan 22 12:24:45 CET 2009
hi OTP-team!
erronous behaviour report:
If 'any' is used for the 'SecModel' in the 'vacm.conf' in the 'vacmSecurityToGroup' declaration
the snmp framework returns a error with the reason 'noGroupName'. It seems to be that there's a
conflict with
the 'SecName' when the agent is only configured for v1 and v2c and 'any' is used
as value for 'SecModel'.
EXAMPLE:
[community.conf]
{"1", "public", "secName", "", ""}.
{"2", "all-rights", "all-rights", "", ""}.
{"3", "standard trap", "initial", "", ""}.
[vacm.conf]
doesn't work:
{vacmSecurityToGroup, any, "secName", "group1"}.
{vacmSecurityToGroup, any, "secName", "group2"}.
{vacmAccess, "group1", "", any, noAuthNoPriv, exact, "sys", "sys", "sys"}.
{vacmAccess, "group2", "", any, noAuthNoPriv, exact, "sys", "sys", "sys"}.
{vacmViewTreeFamily, "sys", [1,3,6,1,2,1,1], included, null}.
does work:
{vacmSecurityToGroup, v1, "secName", "group1"}.
{vacmSecurityToGroup, v2c, "secName", "group1"}.
{vacmSecurityToGroup, v1, "all-rights", "group2"}.
{vacmSecurityToGroup, v2c, "all-rights", "group2"}.
{vacmAccess, "group1", "", any, noAuthNoPriv, exact, "sys", "sys", "sys"}.
{vacmAccess, "group2", "", any, noAuthNoPriv, exact, "sys", "sys", "sys"}.
{vacmViewTreeFamily, "sys", [1,3,6,1,2,1,1], included, null}.
also:
The documentation under
http://erlang.org/doc/apps/snmp/snmp_agent_config_files.html#vacm
states that the value for 'ViewIndex' in the 'vacmViewTreeFamily' declaration is an integer.
Is this a documentation error (the 'vacmViewTreeFamily' declaration could never match the 'VIEWs' this way)
or does the mentioned data-type relate to the internal representation in the db?
EXAMPLE (with an obvious result..):
[vacm.conf]
%% {vacmSecurityToGroup, SecModel, SecurityName, GroupName}.
%% {vacmAccess, GroupName, Prefix, SecModel, SecLevel, Match, ReadView, WriteView, NotifyView}.
%% {vacmViewTreeFamily, ViewIndex, ViewSubtree, ViewStatus, ViewMask}.
{vacmSecurityToGroup, v1, "secName", "group_1"}.
{vacmSecurityToGroup, v2c, "secName", "group_1"}.
{vacmSecurityToGroup, v1, "all-rights", "group_1"}.
{vacmSecurityToGroup, v2c, "all-rights", "group_1"}.
{vacmAccess, "group_1", "", any, noAuthNoPriv, exact, "sys", "sys", "sys"}.
{vacmViewTreeFamily, 23, [1,3,6,1,2,1,1], included, null}.
RESULT:
=ERROR REPORT==== 22-Jan-2009::12:09:02 ===
** Configuration error: [VIEW-BASED-ACM-MIB]: reconfigure failed: {failed_check,
"/opt/app/data/snmp/vacm.conf",
25,26,
{invalid_string,
23}}
02.637'751 "."** exception exit: {noproc,
{gen_server,call,
[snmp_master_agent,
{load_mibs,
["/opt/app/data/snmp/KEYTRONIX-CHRONOS-MIB"]},
infinity]}}
in function gen_server:call/3
in call from snmp_handler:start/1
does work:
{vacmSecurityToGroup, v1, "secName", "group_1"}.
{vacmSecurityToGroup, v2c, "secName", "group_1"}.
{vacmSecurityToGroup, v1, "all-rights", "group_1"}.
{vacmSecurityToGroup, v2c, "all-rights", "group_1"}.
{vacmAccess, "group_1", "", any, noAuthNoPriv, exact, "sys", "sys", "sys"}.
{vacmViewTreeFamily,"sys", [1,3,6,1,2,1,1], included, null}.
all the best,
Christoph Grasl
Embedded Software Entwickler
KEYTRONIX
Gesellschaft für industrielle Elektronik und Informationstechnologie mbH
Ungargasse 64-66/1/109
A-1030 WIEN
E-Mail: c.grasl@REDACTED
Tel.: +43 (1) 718 06 60 - 323
Mobil: +43 (664) 8556456
WWW: http://www.keytronix.com
HG Wien FN 261131t
Confidentiality Notice:
This message may contain privileged and confidential information. If you think, for any reason, that this message may have been addressed to you in error, you must not disseminate, copy or take any action in reliance on it, and we would ask you to notify us immediately by return email.
If 'any' is used for the 'SecModel' in the 'vacm.conf' in the 'vacmSecurityToGroup' declaration
the snmp framework returns a error with the reason 'noGroupName'. It seems to be that there's a
conflict with
the 'SecName' when the agent is only configured for v1 and v2c and 'any' is used
as value for 'SecModel'.
EXAMPLE:
[community.conf]
{"1", "public", "secName", "", ""}.
{"2", "all-rights", "all-rights", "", ""}.
{"3", "standard trap", "initial", "", ""}.
[vacm.conf]
doesn't work:
{vacmSecurityToGroup, any, "secName", "group1"}.
{vacmSecurityToGroup, any, "secName", "group2"}.
{vacmAccess, "group1", "", any, noAuthNoPriv, exact, "sys", "sys", "sys"}.
{vacmAccess, "group2", "", any, noAuthNoPriv, exact, "sys", "sys", "sys"}.
{vacmViewTreeFamily, "sys", [1,3,6,1,2,1,1], included, null}.
does work:
{vacmSecurityToGroup, v1, "secName", "group1"}.
{vacmSecurityToGroup, v2c, "secName", "group1"}.
{vacmSecurityToGroup, v1, "all-rights", "group2"}.
{vacmSecurityToGroup, v2c, "all-rights", "group2"}.
{vacmAccess, "group1", "", any, noAuthNoPriv, exact, "sys", "sys", "sys"}.
{vacmAccess, "group2", "", any, noAuthNoPriv, exact, "sys", "sys", "sys"}.
{vacmViewTreeFamily, "sys", [1,3,6,1,2,1,1], included, null}.
also:
The documentation under
http://erlang.org/doc/apps/snmp/snmp_agent_config_files.html#vacm
states that the value for 'ViewIndex' in the 'vacmViewTreeFamily' declaration is an integer.
Is this a documentation error (the 'vacmViewTreeFamily' declaration could never match the 'VIEWs' this way)
or does the mentioned data-type relate to the internal representation in the db?
EXAMPLE (with an obvious result..):
[vacm.conf]
%% {vacmSecurityToGroup, SecModel, SecurityName, GroupName}.
%% {vacmAccess, GroupName, Prefix, SecModel, SecLevel, Match, ReadView, WriteView, NotifyView}.
%% {vacmViewTreeFamily, ViewIndex, ViewSubtree, ViewStatus, ViewMask}.
{vacmSecurityToGroup, v1, "secName", "group_1"}.
{vacmSecurityToGroup, v2c, "secName", "group_1"}.
{vacmSecurityToGroup, v1, "all-rights", "group_1"}.
{vacmSecurityToGroup, v2c, "all-rights", "group_1"}.
{vacmAccess, "group_1", "", any, noAuthNoPriv, exact, "sys", "sys", "sys"}.
{vacmViewTreeFamily, 23, [1,3,6,1,2,1,1], included, null}.
RESULT:
=ERROR REPORT==== 22-Jan-2009::12:09:02 ===
** Configuration error: [VIEW-BASED-ACM-MIB]: reconfigure failed: {failed_check,
"/opt/app/data/snmp/vacm.conf",
25,26,
{invalid_string,
23}}
02.637'751 "."** exception exit: {noproc,
{gen_server,call,
[snmp_master_agent,
{load_mibs,
["/opt/app/data/snmp/KEYTRONIX-CHRONOS-MIB"]},
infinity]}}
in function gen_server:call/3
in call from snmp_handler:start/1
does work:
{vacmSecurityToGroup, v1, "secName", "group_1"}.
{vacmSecurityToGroup, v2c, "secName", "group_1"}.
{vacmSecurityToGroup, v1, "all-rights", "group_1"}.
{vacmSecurityToGroup, v2c, "all-rights", "group_1"}.
{vacmAccess, "group_1", "", any, noAuthNoPriv, exact, "sys", "sys", "sys"}.
{vacmViewTreeFamily,"sys", [1,3,6,1,2,1,1], included, null}.
all the best,
Christoph Grasl
Embedded Software Entwickler
KEYTRONIX
Gesellschaft für industrielle Elektronik und Informationstechnologie mbH
Ungargasse 64-66/1/109
A-1030 WIEN
E-Mail: c.grasl@REDACTED
Tel.: +43 (1) 718 06 60 - 323
Mobil: +43 (664) 8556456
WWW: http://www.keytronix.com
HG Wien FN 261131t
Confidentiality Notice:
This message may contain privileged and confidential information. If you think, for any reason, that this message may have been addressed to you in error, you must not disseminate, copy or take any action in reliance on it, and we would ask you to notify us immediately by return email.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20090122/8bdf9329/attachment.htm>
More information about the erlang-questions
mailing list