SNMP not using community string in snmpd.conf

1

I'm trying to simply set up SNMP on a Red Hat system. I can walk the MIB tree just fine using the following command (from a different server): snmpwalk -v2c -c public HOST IP

However, when I try to set the community string in /etc/snmp/snmpd.conf, it doesn't walk the MIB tree. I have a feeling it's something simple, but for the life of me, I can't figure out why it's not working with the unique string I'm putting in. I do restart snmpd after editing the snmpd.conf file as well, so I'm not exactly sure what I'm doing wrong here.

The original config file is still there, all I added were the following lines (iglass is the string I want to use):

# First, map the community name "public" into a "security name"

#       sec.name  source          community
com2sec notConfigUser  default       iglass
rocommunity iglass

John

Posted 2014-10-28T12:01:17.223

Reputation: 11

Answers

0

I have never seen the rocommunity option.

By the looks of the config you pasted, you have edited the default snmpd.conf, so, changing public to iglass should suffice.

On the other hand I'd advise to use v3 instead of v2c, that's full of vulnerabilities.

Also, with v3 the config files get edited automatically. Example:

net-snmp-config --create-snmpv3-user -ro -a SHA -A (key-here) -x AES -X (2nd key here) (user here)

Then, after restarting snmpd, you walk the tree like this:

snmpwalk localhost -v3 -a SHA -A (key-here) -x AES -X (2nd key here) -l authPriv -u (user here)

Bruno9779

Posted 2014-10-28T12:01:17.223

Reputation: 1 225

0

I have a very similar issue, but I'm using a sub-agent. I found your question trying to answer my problem but I believe my answer is the same for your answer.

I was having an issue where I was trying to configure a sub-agent and it was not returning the oid from an snmpwalk. If I changed rocommunity to, in your example, iglass2 then it would work but only the sub-agent would return data.

I found that com2sec and rocommunity cannot overlap. If you simply comment out com2sec and use rocommunity, and optionally rwcommunity, set to what you need your configuration may work properly.

I hope this answers your question.

Vex Mage

Posted 2014-10-28T12:01:17.223

Reputation: 1

Asked: 2014-10-28T12:01:17.223

Viewed: 1 783 times

Active: 2016-09-18T01:39:34.577