Welcome, Guest. Please login or register.

Author Topic: SNMP v3 with Authentication but no Encryption  (Read 2642 times)

ackrst

  • Guest
SNMP v3 with Authentication but no Encryption
« on: August 21, 2012, 09:19:25 PM »
Hi,

I have several problems using NEDI with SNMP v3, as you see in the subject, I try to use SNMP v3 with Authentication and no privacy.

The discovery of the device is OK, but after that, I cannot get the uptime or the status of an interface (up/down).

To solve this I have changed the libsnmp.php script, this script contains the following test  'elseif ($ver == 3 and $aprot)' to check if it is SNMP v3 and if authentication protocol is used, but it does not work. It seems that $aprot is not defined so, I change the test to 'elseif ($ver == 3 and $comms[$cm]['aprot'])'.

After that it still not works. It seems that snmp3_get needs all the arguments to work even for the privacy protocol ('DES' or 'AES') and the encryption key. If all the arguments are not provide, I get the following error ' PHP Warning:  snmp3_get() expects at least 8 parameters, 6 given'. So, I changed the line " return snmp3_get($ip, $cm, 'authNoPriv', $comms[$cm]['aprot'], $comms[$cm]['apass'], ".$oid", $t, $r);" to "return snmp3_get($ip, $cm, 'authNoPriv', $comms[$cm]['aprot'], $comms[$cm]['apass'], 'DES', '', ".$oid", $t, $r);".

After these changes, it works.

I did the same modification for 'walk' and 'set' function.

I still have a problem with 'rt_traffic.php' which provides the 'realtime' usage of an interface. The problem is that it does not provide all the necessary arguments for a snmp v3 connection.

As I am not a php developer, my question is : 'are the modifications done, the right ones or is there another way to have a full SNMP v3 functionality (discovery, uptime, realtime,...)? '

Thank you

ACKRST 

rickli

  • Administrator
  • Hero Member
  • *****
  • Posts: 2786
    • View Profile
    • NeDi
Re: SNMP v3 with Authentication but no Encryption
« Reply #1 on: August 21, 2012, 10:45:44 PM »
Thanks for looking into this. I admit snmpv3 hasn't been tested lately as I don't really use it in my lab. I'll put it on the todo list...
Please consider Other-Invoices on your NeDi installation for an annual contribution, tx!
-Remo

ackrst

  • Guest
Re: SNMP v3 with Authentication but no Encryption
« Reply #2 on: August 21, 2012, 10:51:55 PM »
Hi rickli,

Thank you for the quick response!!

Can you put me on the way to solve the rt-traffic.php ? It seems that when the rt-traffic.php call the function 'get' which is in the 'libsnmp.php' page the global variable '$comms' is not initialized.

Can you tell me how the '$comms' global variable is passed to libsnmp.php ? (I see that rt-traffic.php include libmisc.php).

Thank you

ACKRST

rickli

  • Administrator
  • Hero Member
  • *****
  • Posts: 2786
    • View Profile
    • NeDi
Re: SNMP v3 with Authentication but no Encryption
« Reply #3 on: August 21, 2012, 11:28:59 PM »
Should be in ReadConf(), but I didn't include it in the realtime graphs for better performance. Good idea with v3 though  :)

Try adding something like this after including limbic.php in rt-traffic.php:
$nedipath  = preg_replace( "/^(\/.+)\/ht\w+\/.+.php/","$1",$_SERVER['SCRIPT_FILENAME']);   # Guess NeDi path for nedi.conf
ReadConf('');

BTW, good catch with $aprot, will fix it immediately,tx! While you're at it, I need to test monitoring uptime with v3 as well (in moni.pl) as I noticed some errors...
« Last Edit: August 21, 2012, 11:36:39 PM by rickli »
Please consider Other-Invoices on your NeDi installation for an annual contribution, tx!
-Remo

ackrst

  • Guest
Re: SNMP v3 with Authentication but no Encryption
« Reply #4 on: August 22, 2012, 09:14:19 AM »
Hi rickli,

Thank you very much, now the rt graph works in snmpv3.

ACKRST