<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="Generator" CONTENT="MS Exchange Server version 6.5.7653.38">
<TITLE>[erlang-questions] snmp vacm.conf erronous behaviour</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/plain format -->

<P><FONT SIZE=2>hi OTP-team!<BR>
<BR>
erronous behaviour report:<BR>
<BR>
If 'any' is used for the  'SecModel' in the 'vacm.conf' in the 'vacmSecurityToGroup' declaration<BR>
<BR>
the snmp framework returns a error with the reason 'noGroupName'. It seems to be that there's a<BR>
conflict with<BR>
the  'SecName' when the agent is only configured for v1 and v2c and 'any' is used<BR>
as value for 'SecModel'.<BR>
<BR>
EXAMPLE:<BR>
<BR>
[community.conf]<BR>
<BR>
{"1", "public", "secName", "", ""}.<BR>
{"2", "all-rights", "all-rights", "", ""}.<BR>
{"3", "standard trap", "initial", "", ""}.<BR>
<BR>
[vacm.conf]<BR>
<BR>
doesn't work:<BR>
<BR>
{vacmSecurityToGroup, any, "secName", "group1"}.<BR>
{vacmSecurityToGroup, any, "secName", "group2"}.<BR>
{vacmAccess, "group1", "", any, noAuthNoPriv, exact, "sys", "sys", "sys"}.<BR>
{vacmAccess, "group2", "", any, noAuthNoPriv, exact, "sys", "sys", "sys"}.<BR>
{vacmViewTreeFamily, "sys", [1,3,6,1,2,1,1], included, null}.<BR>
<BR>
does work:<BR>
<BR>
{vacmSecurityToGroup, v1, "secName", "group1"}.<BR>
{vacmSecurityToGroup, v2c, "secName", "group1"}.<BR>
{vacmSecurityToGroup, v1, "all-rights", "group2"}. <BR>
{vacmSecurityToGroup, v2c, "all-rights", "group2"}.                   <BR>
{vacmAccess, "group1", "", any, noAuthNoPriv, exact, "sys", "sys", "sys"}.<BR>
{vacmAccess, "group2", "", any, noAuthNoPriv, exact, "sys", "sys", "sys"}.<BR>
{vacmViewTreeFamily, "sys", [1,3,6,1,2,1,1], included, null}.<BR>
<BR>
also:<BR>
<BR>
The documentation under<BR>
<BR>
<A HREF="http://erlang.org/doc/apps/snmp/snmp_agent_config_files.html#vacm">http://erlang.org/doc/apps/snmp/snmp_agent_config_files.html#vacm</A><BR>
<BR>
states that the value for 'ViewIndex' in the 'vacmViewTreeFamily' declaration is an integer.<BR>
<BR>
Is this a documentation error (the 'vacmViewTreeFamily' declaration could never match the 'VIEWs' this way)<BR>
or does the mentioned data-type relate to the internal representation in the db?<BR>
<BR>
EXAMPLE (with an obvious result..):<BR>
<BR>
[vacm.conf]<BR>
<BR>
%% {vacmSecurityToGroup, SecModel, SecurityName, GroupName}.<BR>
%% {vacmAccess, GroupName, Prefix, SecModel, SecLevel, Match, ReadView, WriteView, NotifyView}.<BR>
%% {vacmViewTreeFamily, ViewIndex, ViewSubtree, ViewStatus, ViewMask}.<BR>
<BR>
{vacmSecurityToGroup, v1, "secName", "group_1"}.<BR>
{vacmSecurityToGroup, v2c, "secName", "group_1"}.<BR>
{vacmSecurityToGroup, v1, "all-rights", "group_1"}.<BR>
{vacmSecurityToGroup, v2c, "all-rights", "group_1"}.<BR>
{vacmAccess, "group_1", "", any, noAuthNoPriv, exact, "sys", "sys", "sys"}.        <BR>
{vacmViewTreeFamily, 23, [1,3,6,1,2,1,1], included, null}.<BR>
<BR>
RESULT:<BR>
<BR>
=ERROR REPORT==== 22-Jan-2009::12:09:02 ===<BR>
<BR>
** Configuration error: [VIEW-BASED-ACM-MIB]: reconfigure failed: {failed_check,<BR>
                                                                   "/opt/app/data/snmp/vacm.conf",<BR>
                                                                   25,26,<BR>
                                                                   {invalid_string,<BR>
                                                                    23}}<BR>
<BR>
02.637'751 "."** exception exit: {noproc,<BR>
                       {gen_server,call,<BR>
                           [snmp_master_agent,<BR>
                            {load_mibs,<BR>
                                ["/opt/app/data/snmp/KEYTRONIX-CHRONOS-MIB"]},<BR>
                            infinity]}}<BR>
     in function  gen_server:call/3<BR>
     in call from snmp_handler:start/1<BR>
<BR>
does work:<BR>
<BR>
{vacmSecurityToGroup, v1, "secName", "group_1"}.<BR>
{vacmSecurityToGroup, v2c, "secName", "group_1"}.<BR>
{vacmSecurityToGroup, v1, "all-rights", "group_1"}.<BR>
{vacmSecurityToGroup, v2c, "all-rights", "group_1"}.<BR>
{vacmAccess, "group_1", "", any, noAuthNoPriv, exact, "sys", "sys", "sys"}.<BR>
{vacmViewTreeFamily,"sys", [1,3,6,1,2,1,1], included, null}.<BR>
<BR>
all the best,<BR>
<BR>
Christoph Grasl<BR>
Embedded Software Entwickler<BR>
<BR>
KEYTRONIX<BR>
Gesellschaft für industrielle Elektronik und Informationstechnologie mbH<BR>
<BR>
Ungargasse 64-66/1/109<BR>
A-1030 WIEN<BR>
<BR>
E-Mail: c.grasl@keytronix.com<BR>
Tel.: +43 (1) 718 06 60 - 323<BR>
Mobil: +43 (664) 8556456<BR>
WWW: <A HREF="http://www.keytronix.com">http://www.keytronix.com</A><BR>
<BR>
HG Wien FN 261131t<BR>
<BR>
Confidentiality Notice:<BR>
This message may contain privileged and confidential information. If you think, for any reason, that this message may have been addressed to you in error, you must not disseminate, copy or take any action in reliance on it, and we would ask you to notify us immediately by return email.<BR>
<BR>
<BR>
<BR>
If 'any' is used for the  'SecModel' in the 'vacm.conf' in the 'vacmSecurityToGroup' declaration<BR>
<BR>
the snmp framework returns a error with the reason 'noGroupName'. It seems to be that there's a<BR>
conflict with<BR>
the  'SecName' when the agent is only configured for v1 and v2c and 'any' is used<BR>
as value for 'SecModel'.<BR>
<BR>
<BR>
<BR>
EXAMPLE:<BR>
<BR>
<BR>
<BR>
[community.conf]<BR>
<BR>
<BR>
<BR>
{"1", "public", "secName", "", ""}.<BR>
<BR>
{"2", "all-rights", "all-rights", "", ""}.<BR>
<BR>
{"3", "standard trap", "initial", "", ""}.<BR>
<BR>
<BR>
<BR>
[vacm.conf]<BR>
<BR>
<BR>
<BR>
doesn't work:<BR>
<BR>
<BR>
<BR>
{vacmSecurityToGroup, any, "secName", "group1"}.<BR>
<BR>
{vacmSecurityToGroup, any, "secName", "group2"}.<BR>
<BR>
{vacmAccess, "group1", "", any, noAuthNoPriv, exact, "sys", "sys", "sys"}.<BR>
<BR>
{vacmAccess, "group2", "", any, noAuthNoPriv, exact, "sys", "sys", "sys"}.<BR>
<BR>
{vacmViewTreeFamily, "sys", [1,3,6,1,2,1,1], included, null}.<BR>
<BR>
<BR>
<BR>
does work:<BR>
<BR>
<BR>
<BR>
{vacmSecurityToGroup, v1, "secName", "group1"}.<BR>
<BR>
{vacmSecurityToGroup, v2c, "secName", "group1"}.<BR>
<BR>
{vacmSecurityToGroup, v1, "all-rights", "group2"}. <BR>
<BR>
{vacmSecurityToGroup, v2c, "all-rights", "group2"}.                   <BR>
<BR>
{vacmAccess, "group1", "", any, noAuthNoPriv, exact, "sys", "sys", "sys"}.<BR>
<BR>
{vacmAccess, "group2", "", any, noAuthNoPriv, exact, "sys", "sys", "sys"}.<BR>
<BR>
{vacmViewTreeFamily, "sys", [1,3,6,1,2,1,1], included, null}.<BR>
<BR>
also:<BR>
<BR>
The documentation under<BR>
<BR>
<A HREF="http://erlang.org/doc/apps/snmp/snmp_agent_config_files.html#vacm">http://erlang.org/doc/apps/snmp/snmp_agent_config_files.html#vacm</A><BR>
<BR>
states that the value for 'ViewIndex' in the 'vacmViewTreeFamily' declaration is an integer.<BR>
<BR>
Is this a documentation error (the 'vacmViewTreeFamily' declaration could never match the 'VIEWs' this way)<BR>
or does the mentioned data-type relate to the internal representation in the db?<BR>
<BR>
EXAMPLE (with an obvious result..):<BR>
<BR>
<BR>
<BR>
[vacm.conf]<BR>
<BR>
<BR>
%% {vacmSecurityToGroup, SecModel, SecurityName, GroupName}.<BR>
%% {vacmAccess, GroupName, Prefix, SecModel, SecLevel, Match, ReadView, WriteView, NotifyView}.<BR>
%% {vacmViewTreeFamily, ViewIndex, ViewSubtree, ViewStatus, ViewMask}.<BR>
<BR>
{vacmSecurityToGroup, v1, "secName", "group_1"}.<BR>
<BR>
{vacmSecurityToGroup, v2c, "secName", "group_1"}.<BR>
<BR>
{vacmSecurityToGroup, v1, "all-rights", "group_1"}.<BR>
<BR>
{vacmSecurityToGroup, v2c, "all-rights", "group_1"}.<BR>
<BR>
{vacmAccess, "group_1", "", any, noAuthNoPriv, exact, "sys", "sys", "sys"}.        <BR>
<BR>
{vacmViewTreeFamily, 23, [1,3,6,1,2,1,1], included, null}.<BR>
<BR>
RESULT:<BR>
<BR>
=ERROR REPORT==== 22-Jan-2009::12:09:02 ===<BR>
<BR>
** Configuration error: [VIEW-BASED-ACM-MIB]: reconfigure failed: {failed_check,<BR>
<BR>
                                                                   "/opt/app/data/snmp/vacm.conf",<BR>
<BR>
                                                                   25,26,<BR>
<BR>
                                                                   {invalid_string,<BR>
<BR>
                                                                    23}}<BR>
<BR>
02.637'751 "."** exception exit: {noproc,<BR>
<BR>
                       {gen_server,call,<BR>
<BR>
                           [snmp_master_agent,<BR>
<BR>
                            {load_mibs,<BR>
<BR>
                                ["/opt/app/data/snmp/KEYTRONIX-CHRONOS-MIB"]},<BR>
<BR>
                            infinity]}}<BR>
<BR>
     in function  gen_server:call/3<BR>
<BR>
     in call from snmp_handler:start/1<BR>
<BR>
<BR>
does work:<BR>
<BR>
{vacmSecurityToGroup, v1, "secName", "group_1"}.<BR>
<BR>
{vacmSecurityToGroup, v2c, "secName", "group_1"}.<BR>
<BR>
{vacmSecurityToGroup, v1, "all-rights", "group_1"}.<BR>
<BR>
{vacmSecurityToGroup, v2c, "all-rights", "group_1"}.<BR>
<BR>
{vacmAccess, "group_1", "", any, noAuthNoPriv, exact, "sys", "sys", "sys"}.        <BR>
<BR>
{vacmViewTreeFamily,"sys", [1,3,6,1,2,1,1], included, null}.<BR>
<BR>
all the best,<BR>
<BR>
Christoph Grasl<BR>
Embedded Software Entwickler<BR>
<BR>
KEYTRONIX<BR>
Gesellschaft für industrielle Elektronik und Informationstechnologie mbH<BR>
<BR>
Ungargasse 64-66/1/109<BR>
A-1030 WIEN<BR>
<BR>
E-Mail: c.grasl@keytronix.com<BR>
Tel.: +43 (1) 718 06 60 - 323<BR>
Mobil: +43 (664) 8556456<BR>
WWW: <A HREF="http://www.keytronix.com">http://www.keytronix.com</A><BR>
<BR>
HG Wien FN 261131t<BR>
<BR>
Confidentiality Notice:<BR>
This message may contain privileged and confidential information. If you think, for any reason, that this message may have been addressed to you in error, you must not disseminate, copy or take any action in reliance on it, and we would ask you to notify us immediately by return email.<BR>
<BR>
</FONT>
</P>

</BODY>
</HTML>