S o n o m a U s e r M a n u a l
52
C H A P T E R S I X
53
S o n o m a U s e r M a n u a l
S I M P L E N E T W O R K M A N A G E M E N T P R O T O C O L ( S N M P )
After editing /etc/snmpd.conf, you must copy it to the /boot/etc directory and reboot the system. It is
very important to retain the access mode for the file (readable only by root), so be sure to use cp -p
when performing the copy. During the boot process, the files contained in the /boot/etc directory are cop-
ied to the working /etc directory on the system RAM disk. In this way the factory defaults are overwritten.
Configuration of SNMPv3
If you are planning to use SNMPv3, you should denitely make use of the two resources mentioned
previously (NET-SNMP website and Essential SNMP) and study them carefully. There are rather
elaborate conguration options available when you are using v3. The instruction presented here will
give you the avor of the conguration but denitely not the full scope of possibilities. To access
your Sonoma via v3 of SNMP, you will have to congure two les:
/etc/snmpd.conf
/boot/net-snmp/snmpd.conf
The rst le contains static conguration parameters that the agent uses to control access and to de-
termine where to send notications/traps. Other aspects of the agent’s operation are also congurable
in this le, but you should not need to modify those. To use the SNMPv3 capabilities of the Sonoma,
you must rst set up user information and access limits for those users in /etc/snmpd.conf. Uncom-
ment and edit these two lines to dene your v3 users and their access parameters:
rwuser root priv .1
rouser ntpuser auth .1.3.6.1.4.1.13827
The rst line denes a SNMPv3 read-write user root whose minimum security level will be authenti-
cated and encrypted for privacy (choices are noauth, auth and priv), and who will have read-write ac-
cess to the entire iso(1) branch of the SMI object tree. The second line denes a SNMPv3 read-only
user ntpuser whose minimum security level will be authenticated but not encrypted, and who will
have read-only access to the entire iso(1).org(3).dod(6).internet(1).private(4).enterprises(1).endRun-
TechnologiesMIB(13827) branch of the SMI object tree. After adding the user lines to /etc/
snmpd.conf, copy it to the /boot/etc directory using cp –p.
The second le is located on the non-volatile FLASH disk and is used by the SNMP agent to store
“persistent data” that may be dynamic in nature. This may include the values of the MIB-II variables
sysLocation, sysContact and sysName as well as any congured SNMPv3 user crypto keys. In order
to use SNMPv3, you must congure user keys in this le for each SNMPv3 user that you have set up
in /etc/snmpd.conf. To do this, you must add lines to /boot/net-snmp/snmpd.conf like these for each
user:
createUser root MD5 endrun_1 DES endrun_1
createUser ntpuser SHA Sonoma_0
The rst line will cause the agent, snmpd to create a user root who may be authenticated via Mes-
sage Digest Algorithm 5 (MD5) with password endrun_1 and may use the Data Encryption Standard
(DES) to encrypt the session data with passphrase endrun_1. The second line will cause a user nt-
IMPORTANT
To Next Page
Loading...
