Im trying to setup mrtg to probe my snmp agent.
The snmp agent has been setup with a v3 user/pass authentication and is working fine.
However, if I try to make a config file for mrtg using the following command:
sudo cfgmaker --global 'WorkDir: /var/www/mrtg' --output /etc/mrtg/mrtg.cfg \
<IPADRESS>:2161::::3 --username=<USER> --authprotocol=md5 --authpassword=<PASSWORD>
I get the following error:
Use of --authpassword requires --contextengineid at /usr/bin/cfgmaker line 1531.
When I generate a file for SNMP v2 (with the communitry string) it goes OK.
How can I obtain the contextengineid of my snmp agent that is needed to make the cfg file?
I have used this successfully on a CentOS 7 server and Fedora 20 workstation:
Locate the context engine ID, location will vary:
grep oldEngineID /var/lib/net-snmp/snmpd.conf
Add the following line to your configmaker source file; 0x is required:
--contextengineid=0x<whatever number you got from number 1>
If this is a switch, router, or Windows box your engine ID location will definitely vary. See the manufacturers operating manuals for this.
You can also query engineID from commandline snmptools:
snmpwalk -v3 -l auth -a md5 -A '' hostname snmpEngineID
Related
I was configuring my SNMP agent on a Linux machine, below is the user-defined settings which I have included in the default snmpd.conf settings.
rwuser bootstrap priv
rwuser prateek priv
createUser bootstrap SHA temp_password AES
I then restarted the SNMP service and then tried to perform SNMP GET on sysDescr OID and was able to perform is successful.
I then tried to same with snmpget CLI command,
snmpget -v 3 -u bootstrap -l authPriv -a SHA -x AES -A temp_password -X temp_password 127.0.0.1:161 1.3.6.1.2.1.1.1.0
but I get the below error.
Timeout: No Response from 127.0.0.1:161
NOTE: SNMP client and agent are running on same host.
Can anyone explain to me why I am unable to perform the same operation which I am able to perform using MIB browser?
The address 127.0.0.1 means you MUST be running the SNMPGET on the same system
as the agent, and you have not proven that.
Also, the error message should be "127.0.0.1:161", so either the edit is mistaken,
or the command is mistaken. Inconsistencies like this usually points to user error.
Im using zabbix 4.0.10 on centos 7 machine and i have an issue with cisco switch,
If i run snmpwalk it works fine from CLI , but as i use a template item it gives errors.
Sometimes i get user\password incorrect
And sometimes i get Timeout to the host ( which is not real as snmpwalk and snmpget continue to work from zabbix server CLI)
What am i missing ? i need to set somthing in the snmpd.conf ?
snmpd.conf:
com2sec notConfigUser default zabbix
group notConfigGroup v1 notConfigUser
group notConfigGroup v2c notConfigUser
view systemview included .1.3.6.1.2.1.1
view systemview included .1.3.6.1.2.1.25.1.1
access notConfigGroup "" any noauth exact systemview none none
rwcommunity zabbix
rwuser zabbix authPriv
dontLogTCPWrappersConnects yes
syslocation Unknown (edit /etc/snmp/snmpd.conf)
syscontact Root <root#localhost> (configure /etc/snmp/snmp.local.conf)
snmpwalk:
snmpwalk -v3 -l authPriv -u zabbix-a SHA -A pass -x AES -X pass 10.0.0.1
(my password contained special chars)
And i have the macros i need in zabbix.
Zabbix 4.x still doesn't support macros with SNMPv3. Zabbix v5.0 would probably be compatible.
You should enter all settings to EACH item of the host manually - through mass update setting. I've got through it already (tried almost everything).
I am running apps on Compute Engine. I run on a Windows box and use Putty to connect to the CE. This pretty much seems to work fine (leaving aside the problems in the Google doc on this).
I have set up another user who I want to enable for SSH (on a Mac) and have her use FileZilla to push files to the CE.
I am trying it out on my own Mac. I set up 2 firewall rules with 2 different priorities for tcp:22 =
myssh Apply to all IP ranges: 0.0.0.0/0 tcp:22 Allow 1000 default
default-allow-ssh Apply to all IP ranges: 0.0.0.0/0 tcp:22 Allow 65534 default
The user has permissions on of the Project of: "Compute Instance Admin(v1)"
On the Mac terminal I do the following:
ssh-keygen -t rsa -f ~/.ssh/userfirstname-ssh-key -C [googleusername.gmail.com]
I go to the GCP CE Meta data (logged in as myself) and then copy the contents of the userfirstname-ssh-key.pub to the Metadata/SSH Keys and save.
After GCP gives the ok on the key being added I enter the following in the Mac terminal:
ssh -i [userfirstname]-ssh-key [googleusername.gmail.com]#gcp-external-ip
Depending on i-don't-know-what, sometimes it says "Permission denied (public key)", "Operation timed out"
I've repeated this a few times and just tried to telnet in to the gcp-external-ip and get "Operation timed out" telnet: Unable to connect to remote host.
At a complete loss. Please help.
You could (and should) use the gcloud command line tools. Then it is easiest to simple copy the correct gcloud command from the Web Console. There is a little drop-down menu next to 'SSH' for each of your instances.
I need to run curl commands from a Windows server to an API on a Linux box. When I am on my workstation I just run a kinit and give my user name and pwd for the Kerberos realm.
I have automated scripts in which I need to run a kinit before running the Powershell script. I do not want any manual intervention. I am trying to create a keytab file with my Kerberos account but it is not working -
I am receiving the error message "No key table entry found for user#domain.net while getting initial credentials.
I really don't understand much about Kerberos, and whether the process cares that I am on a Windows server tryng to use a keytab file for this purpose.
Can someone help? I have been going a bit nuts with this...
Thanks for any help!
Look into your keytab if the principal there is the one you are going to use. klist -k -t <keytab>
You are obviously doing wrong. You have to obtain a curl binary for Windows which says with curl --version:
curl 7.46.0 ...
Protocols: http https ...
Features: SSPI Kerberos SPNEGO ...
That's it. Enable SPNEGO auth with curl --negotiate -u : <URL> and you are done. No keytab necessary on Windows.
I was setup squirrel mail in centos 6.4
and, i was installed imap(dovecot), squirrelmail, sendmail completely.
and open, port 110, 143, 25.
and, setting a squirrelmail about imap (through ./conf.pl)
and, i accessed a squirrel mail cite. ( domain/src/configtest.php).
... you can read below text.
SquirrelMail configtest
This script will try to check some aspects of your SquirrelMail configuration
and point you to errors whereever it can find them. You need to go run conf.pl
in the config/ directory first before you run this script.
SquirrelMail version:1.4.22-3.el6
Config file version:1.4.0
Config file last modified:22 June 2013 00:53:13
Checking PHP configuration...
PHP version 5.3.3 OK.
Running as N/A(N/A) / N/A(N/A)
display_errors:
error_reporting: 22527
variables_order OK: GPCS.
PHP extensions OK. Dynamic loading is disabled.
Checking paths...
Data dir OK.
Attachment dir OK.
Plugins OK.
Themes OK.
Default language OK.
Base URL detected as: http://mtest.gbs-korea.com/src (location base autodetected)
Checking outgoing mail service....
sendmail OK
Checking IMAP service....
IMAP server ready (* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN] Dovecot ready.)
Capabilities: * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN
Checking internationalization (i18n) settings...
gettext - Gettext functions are available. On some systems you must have appropriate system locales compiled.
mbstring - Mbstring functions are available.
recode - Recode functions are unavailable.
iconv - Iconv functions are available.
timezone - Webmail users can change their time zone settings.
Checking database functions...
not using database functionality.
Congratulations, your SquirrelMail setup looks fine to me!
Login now
...
but, i can't access my account because below message.
ERROR:
ERROR: Connection dropped by IMAP server.
....
how to solve it problem?
To resolve such an issue:
Edit the file /etc/dovecot/dovecot.conf and add the following line in the IMAP section:
protocol imap {
mail_location = mbox:~/mail:INBOX=/var/mail/%u
}
Restart dovecot:
/etc/init.d/dovecot restart
That’s it.
For Centos 6.6 and Centos 7
nano /etc/postfix/main.cf
change parameter to :
home_mailbox = mail/
nano /etc/dovecot/conf.d/10-mail.conf
set parameter to:
mail_location = maildir:~/mail
sudo service postfix restart
sudo service dovecot restart
Did you tried telnet to the server to port 143
try "telnet hostname _or_IP 143"
Make sure that the entered E-mail account mailbox is exists in the server. Also make sure that the its MX is local domain if the domain points to the server in which you have installed squirrel mail. In case if its using remote MX then you need to use a domain that is having MX on the current server.
dig +trace domain_name MX will show you the domain's MX record.
mailbox needs to exist, e.g. do it like this:
-first install mailx
-then issue following command (replace 'mail#example.org' with the email-address you use to log in to squirrelmail)
# mailx mail#example.org
-then type subject of your choice and hit enter
-then type text of your choice and hit enter
-finally hit ctrl+d
now it should be possible to log in