Can't poll PAM using SNMP v3

Document ID : KB000015938
Last Modified Date : 22/06/2018
Show Technical Document Details
Question:

I am trying to obtain information from the CA PAM MIB using v3. I am running the following query:

snmpwalk -v 3 -u snmppoll -a SHA -A auth1234 -x DES -X priv1234 1.10.30.45 UCD-SNMP-MIB::memory 

But I am always getting:

Error in packet. 
Reason: authorizationError (access denied to that object) 

However, if I use

 snmpwalk -v 2c -c xcdgkpub 1.10.30.45 UCD-SNMP-MIB::memory

This works

What is the correct syntax ?

Answer:

Each user has a name (called a securityName) an authentication type (authProtocol) and a privacy type (privProtocol) as well as associated keys for each of these (authKey and privKey).

Authentication is performed by using a users authKey to sign the message being sent. The authProtocol can be either MD5 or SHA at this time. authKeys (and privKeys) are generated from a passphrase that must be at least 8 characters in length.

Authentication is performed by using a users privKey to encrypt the data portion the message being sent. The privProtocol can only be DES at this time.

Messages can be be sent unauthenticated, authenticated, or authenticated and encrypted by setting the securityLevel to use. In this case, since we want to use both an authkey and a privkey we will specify the security level of the user as requiring authentication and encryption.

In this case we have specified the authorization and encryption but we have not specified the corresponding security level.

So the correct syntax would be:

snmpwalk -v 3 -u snmppoll -l AuthPriv -a SHA -A auth1234 -x AES -X priv1234 1.10.30.45 UCD-SNMP-MIB::memory

Note that the -a specifies the authorization protocol and -x the encryption protocol. SHA works well with AES, whereas -l specifies the security level