Article Number
000031165
Applies To
RSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
Platform: Hardware Appliance, Virtual Appliance
Issue
- SNMP receiver is not receiving the Authentication Manager traps, even after checking the configuration on both ends.
- SNMP command line utilities snmpwalk, snmpget and snmptrap return "No Such Object available on this agent at this OID".
- By checking the SNMP configuration file /etc/snmp/snmpd.conf, the proxy line is corrupted as shown below:
am81p:~ # cat /etc/snmp/snmpd.conf
###########################################################################
#
# snmpd.conf
#
# - created by the snmpconf configuration program
#
###########################################################################
createUser snmp_f0cb53ds
rouser snmp_f0cb53ds noauth .1.3.6.1.4.1.2021
iquerySecName snmp_f0cb53ds
agentSecName snmp_f0cb53ds
###########################################################################
agentaddress 161
proxy -v 3 -u rsasnmp -l noAuthNoPriv 127.0.0.1:8002 .1.3.6.1.4.1.2197 proxy -v 3 -u secidnonprod -l
authPriv -a SHA -A 5M%;aPJ8T9proxy -v 3 -u secidnonprod -l authPriv -a SHA -A 5M%;aPJ8T9proxy -v 3 -u
secidnonprod -l authPriv -a SHA -A 5M%;aPJ8T9proxy -v 3 -u secidnonprod -l authPriv -a SHA -A
5M%;aPJ8T9proxy -v 3 -u secidnonprod -l authPriv -a SHA -A 5M%;aPJ8T9proxy -v 3 -u secidnonprod -l
authPriv -a SHA -A 5M%;aPJ8T9proxy -v 3 -u secidnonprod -l authPriv -a SHA -A 5M%;aPJ8T9proxy -v 3
-u secidnonprod -l authPriv -a SHA -A 5M%;aPJ8T9proxy -v 3 -u secidnonprod -l authPriv -a SHA -A
5M%;aPJ8T9proxy -v 3 -u secidnonprod -l authPriv -a SHA -A 5M%;aPJ8T9proxy -v 3 -u secidnonprod -l
authPriv -a SHA -A 5M%;aPJ8T9proxy -v 3 -a SHA -A authPassword -x DES -X privPassword -l authPriv
agentuser 127.0.0.1:8002 .1.3.6.1.4.1.2197DcEYRJGGjKBU;J -x DES -X 5dAADtHLwqUjqW8rxQJR$ 127.0.0.1:8002
.1.3.6.1.4.1.2197DcEYRJGGjKBU;J -x DES -X 5dAADtHLwqUjqW8rxQJR$ 127.0.0.1:8002 .1.3.6.1.4.1.2197DcEYRJGGjKBU;J
-x DES -X 5dAADtHLwqUjqW8rxQJR$ 127.0.0.1:8002 .1.3.6.1.4.1.2197DcEYRJGGjKBU;J -x DES -X 5dAADtHLwqUjqW8rxQJR$
127.0.0.1:8002 .1.3.6.1.4.1.2197DcEYRJGGjKBU;J -x DES -X 5dAADtHLwqUjqW8rxQJR$ 127.0.0.1:8002
.1.3.6.1.4.1.2197DcEYRJGGjKBU;J -x DES -X 5dAADtHLwqUjqW8rxQJR$ 127.0.0.1:8002 .1.3.6.1.4.1.2197DcEYRJGGjKBU;J
-x DES -X 5dAADtHLwqUjqW8rxQJR$ 127.0.0.1:8002 .1.3.6.1.4.1.2197DcEYRJGGjKBU;J -x DES -X 5dAADtHLwqUjqW8rxQJR$
127.0.0.1:8002 .1.3.6.1.4.1.2197DcEYRJGGjKBU;J -x DES -X 5dAADtHLwqUjqW8rxQJR$ 127.0.0.1:8002
.1.3.6.1.4.1.2197DcEYRJGGjKBU;J -x DES -X 5dAADtHLwqUjqW8rxQJR$ 127.0.0.1:8002 .1.3.6.1.4.1.2197DcEYRJGGjKBU;J
-x DES -X 5dAADtHLwqUjqW8rxQJR$ 127.0.0.1:8002 .1.3.6.1.4.1.2197
disk / 1%
load 100.01 100.02 100.03
#monitor -S -r 600 -o dskPath -o dskErrorMsg "disk free space below threshhold" dskErrorFlag != 0
#monitor -S -r 600 -o laNames -o laErrMessage "load above threshhold" laErrorFlag != 0
#monitor -S -r 600 -o memTotalFree -o memTotalReal "total free memory below threshhold" memTotalFree < 1024
#trapsess -v 3 -u remoteuser -a MD5 -A authPassword -x DES -X privPassword -l authPriv 1.2.3.4
- The expected configuration file should look like the below:
am81p:~ # cat /etc/snmp/snmpd.conf
###########################################################################
#
# snmpd.conf
#
# - created by the snmpconf configuration program
#
###########################################################################
createUser snmp_f0cb53ds
rouser snmp_f0cb53ds noauth .1.3.6.1.4.1.2021
iquerySecName snmp_f0cb53ds
agentSecName snmp_f0cb53ds
###########################################################################
agentaddress 162
proxy -v 3 -u snmpuser -l authNoPriv -a MD5 -A deRSAPwd% 127.0.0.1:8002 .1.3.6.1.4.1.2197
disk / 1%
load 100.01 100.02 100.03
#monitor -S -r 600 -o dskPath -o dskErrorMsg "disk free space below threshhold" dskErrorFlag != 0
#monitor -S -r 600 -o laNames -o laErrMessage "load above threshhold" laErrorFlag != 0
#monitor -S -r 600 -o memTotalFree -o memTotalReal "total free memory below threshhold" memTotalFree < 1024
#trapsess -v 3 -u remoteuser -a MD5 -A authPassword -x DES -X privPassword -l authPriv 1.2.3.4
Cause
The use of some characters in the SNMP Authentication Password or Privacy Password corrupt the snmpd.conf file. Below is a list of characters NOT to use in the
Authentication Password or Privacy Password fields:
< > & % `
Resolution
- Open the Security Console > Setup > System Settings > Network Monitoring (SNMP)
- Select the Primary Server > Next
- Reconfigure SNMP using passwords that don't contain the following characters (< > & % `).
- Check the Apply the above settings to the replica instance(s) upon save.
- All snmpd.conf file will be recreated with the correct format
Workaround
Reconfigure SNMP using passwords that don't contain the following characters (< > & % `).