[mrtg] Re: cfgmaker issue with snmp v3

Daniel J McDonald dan.mcdonald at austinenergy.com
Mon Nov 27 14:37:41 MET 2006


On Sun, 2006-11-26 at 09:19 -0800, Patrick Topping wrote:
> Tobias,
> I have loaded the new cfgmaker and I am now getting further along.  
> Below is the new error:
> 
>  cfgmaker --snmp-options=::1:1::3  --global "HtmlDir: /var/www/mrtg"  
> --global "ImageDir: /var/www/mrtg"  --global "LogDir: /var/lib/mrtg"  
> --global "ThreshDir: /var/lib/mrtg"   --global "Forks: 4"  --global 
> --enablesnmpv3=yes  --global "WorkDir: /home/mrtg" --global "Options[_]: 
> growright,bits"    --output /home/mrtg/cfg/mrtg.cfg 
> --username='username' --authkey='passwd' --authprotocol='md5' 
> --privkey='passwd'  --privprotocol='des' 'hostname'
> 
> --base: SNMP V3 libraries found, SNMP V3 enabled.
> --base: Get Device Info on public@'hostname'::1:1::3
> SNMPopen failed: Invalid privKey format specified at /usr/bin/cfgmaker 
> line 915

authkey and privkey take an hash argument generated by the USM.pm
library.  I use this chunk of perl code to generate the hashes:
if ($$rtr{'options'} =~ /:3$/) {
         use Net::SNMP::Security::USM 2.0.0;
                 my ($usm, $error) = Net::SNMP::Security::USM->new(
                         -authoritative => 1, # Undocumented / unsupported argument
                         -username      => $user,
                         -authprotocol  => 'sha',
                         -authpassword  => $authpass,
                         -engineid      => $engineid,
                         -privprotocol  => 'des',
                         -privpassword  => $privpass,
                 );
         if (!defined($usm)) {
                 _exit($error);
         }
         $authkey=sprintf("0x%s", unpack('H*', $usm->auth_key));
         $privkey=sprintf("0x%s", unpack('H*', $usm->priv_key));
}

You can get the engineid from a cisco router using the "show snmp user"
command.

> SNMPWALK Problem for public@'hostname'::1:1::3:v4only
>  at /usr/bin/cfgmaker line 915
> WARNING: Skipping public@'hostname'::1:1::3 as no info could be retrieved

> Is something not set up properly with Net::SNMP?

No, it's behaving correctly. If you want to use plain-text passwords,
then use the --authpassword and --privpassword keywords instead of their
hashed counterparts.

-- 
Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX
Austin Energy
http://www.austinenergy.com

--
Unsubscribe mailto:mrtg-request at list.ee.ethz.ch?subject=unsubscribe
Archive     http://lists.ee.ethz.ch/mrtg
FAQ         http://faq.mrtg.org    Homepage     http://www.mrtg.org
WebAdmin    http://lists.ee.ethz.ch/lsg2.cgi



More information about the mrtg mailing list