Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000037224 - Bad security model error in the net-snmpd.log file for the RSA Authentication Manager 8.x hardware appliance

Document created by RSA Customer Support

on Jun 5, 2019

Version 1Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000037224
Applies To	RSA Product Set: SecurID RSA Product/Service Type: Authentication Manager RSA Version/Condition: 8.1SP1, 8.2, 8.3
Issue	After enabling SNMP via the Security Console (Setup > System Settings > Network Monitoring > Network Monitoring using SNMP v3) on an RSA Authentication Manager hardware appliance, the /var/log/net-snmpd.log file displays the following bad security model error: ... /etc/snmp/snmpd.conf: line 30: Error: bad security model, should be: v1, v2c or usm or a registered security plugin name net-snmp: 1 error(s) in config file(s) NET-SNMP version 5.4.2.1 [smux_accept] accepted fd 14 from 127.0.0.1:42560 accepted smux peer: oid SNMPv2-SMI::enterprises.674.10892.1, descr Systems Management SNMP MIB Plug-in Manager Got trap from peer on fd 14 ... This error is occurs only on the RSA Authentication Manager hardware appliance. Therefore, if you use virtual appliances, you do not run into this error.
Cause	The error happens because by default the access directive entry in /etc/snmp/snmpd.conf has a misconfigured setting. Although a context parameter for the access directive includes a space between double quotes (shown below in bold), the parameter should not include the space: ... # Allow Systems Management Data Engine SNMP to connect to snmpd using SMUX smuxpeer .1.3.6.1.4.1.674.10892.1 view all included .1 access notConfigGroup " " any noauth exact all none none ...
Workaround	To workaround the issue, remove the space from the access directive. Launch an SSH client, such as PuTTY. Login to the primary Authentication Manager server as rsaadmin and enter the operating system password. Note that during Quick Setup another user name may have been selected. Use that user name to login. Navigate to /etc/snmp: cd /etc/snmp Copy the original /etc/snmp/snmpd.conf: cp snmpd.conf snmpd.conf.bak Open /etc/snmp/snmpd.conf as root using a text editor /etc/snmp> sudo vi /etc/snmp/snmpd.conf rsaadmin's password: <enter operating system password> Scroll the the access notConfigGroup line. Delete the space between the double quotes. Before: access notConfigGroup " " any noauth exact all none none After: access notConfigGroup "" any noauth exact all none none Save and close /etc/snmp/snmpd.conf. Restart the snmpd service as root. /sbin/service snmpd restart After that, /var/log/net-snmpd.log does not record the bad security model error: Received TERM or STOP signal... shutting down... NET-SNMP version 5.4.2.1

Attachments

Outcomes

0 Comments

Recommended Content