SNMPv3 : AES problem

[goliath84]

Hello,

I have a problem on Cacti with the AES encryption.
I install Net-SNMP (version 5.4.1) on my Debian and I configure it with SNMPv3.
Next, I install Nagios which works well with SNMPv3 queries.
Then, I install Cacti to get graphs but I have a problem when I add a device.
I configure the SNMP options with my SNMPv3 user (MD5/AES) and Cacti answer: « SNMP Error ».
Thinking that error comes from my SNMPv3 configuration, I create a user with authentication only (MD5).
Then, no error on Cacti and I have got my graphs.
So I put the privacy protocol DES with an other user to test if that works and after configuring my user with DES in SNMP options on Cacti that works too. Strange?!?
Let’s go to test again with a new SNMPv3 user with MD5/AES.
And when I configure Cacti with this new user : “SNMP Error”.
I look for this error on Internet and Cacti forums but I don’t find answers about my problem.
If somebody has met this problem, can you tell me how to resolve it.

Thanks

[TheWitness]

Try the following: edit global.php and look for "function_exists". You may find more references than one to it.

When you find the one referring to a SNMP function, change the value to FALSE. Make sure you have you have your Net-SNMP binaries in the path and see if the problem goes away.

Keep us posted. Also, if the UI works, don't assume spine does.

Thanks,

TheWitness

[goliath84]

Try the following: edit global.php and look for "function_exists". You may find more references than one to it.

When you find the one referring to a SNMP function, change the value to FALSE. Make sure you have you have your Net-SNMP binaries in the path and see if the problem goes away.

Keep us posted. Also, if the UI works, don't assume spine does.

Thanks,

TheWitness

Thanks for your help.
So I try what you say, changing the constant :

$config["php_snmp_support"] = FALSE; /* function_exists("snmpget");*/

After Apache restarting, I configure Cacti again but I always have the same problem.
A little difference because after few minutes(may be the cron internal), the status of my SNMPv3 host which was "Unknow", goes to "OK" but I don't know why.
So thinking my problem resolved, I try to get some graphs but nothing appears although with my SNMPv1,I have got SNMP data.

I look the log file of Cacti then I can see some errors like :

04/28/2008 03:35:31 PM - POLLER: Poller[0] WARNING: Poller[0] Host[7] SNMP Time was not numeric

04/28/2008 03:35:31 PM - CMDPHP: Poller[0] Host[7] DS[42] WARNING: Result from SNMP not valid. Partial Result:

04/28/2008 03:35:31 PM - CMDPHP: Poller[0] ERROR: A DB Exec Failed!, Error:'1062', SQL:"insert into ...

Is it due to with SNMPv3 which doesn't work, a problem which comes from my configuration or an other problem?

[TheWitness]

From here, we would have to work online. This may be hard as I am in the US.

TheWitness

[gandalf]

Is the "context" empty or does it equal ""? The screenshot shows a very strange setting of ""
Reinhard

[goliath84]

I set it to "".
You can see my snmpd.conf :

...

rwuser loulou
group groupv3 usm loulou
view all included .iso 80
access groupv3 "" usm auth exact all all all

I test with the context field empty but I have got the same problem.
I test the snmpget command too that works perfectly!

snmpget -v 3 -u loulou -l authPriv -a MD5 -A ********* -x AES -X ******** localhost .1.3.6.1.2.1.25.1.5.0
HOST-RESOURCES-MIB::hrSystemNumUsers.0 = Gauge32: 1.

Actually, I'm looking some files to see where that can be come from.
But I'm open to all suggestions!

[TheWitness]

Good catch, it should be left "blank".

TheWitness

[goliath84]

Hello,
I found a issue of my problem,after some days of searching!
First, I saw that my problem is not a unique case because some people have met the same problem but this one is not due to Cacti but PHP!
I explain:

Like I said in my previous post, SNMPv3 works on Cacti when you use DES and doesn't work with AES.
After looking on PHP code, I found that error was coming from snmp.php file, specially in the function snmp_get_method.
This function is set to use SNMP_METHOD_PHP.
So I forced it to use SNMP_METHOD_BINARY and then SNMPv3 with AES works perfectly!!
But don't forget to verify your binary path, because I spend a lot of hours to see that my binary path was not good!

So this error comes from PHP and not Cacti to if you use AES, you will need to force SNMP_METHOD_BINARY.
That's rejoin an other post :SNMPv3 Issue

PS: the context field must be empty

[gandalf]

Thank you for your information. Which PHP version are you running?
Reinhard

[goliath84]

I have got PHP5.

Olympe:~# php5 -v
PHP 5.2.5-0.dotdeb.2 with Suhosin-Patch 0.9.6.2 (cli) (built: Dec 10 2007 08:44:45)
Copyright (c) 1997-2007 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies

[ktdreyer]

Does this mean that AES support is broken for php-snmp? (I'm using PHP 5.1.6, and I experience problem too)

[goliath84]

Yes, but I think it could be fixed.
I 'm not an expert in PHP; it's only a mistake in the development of the function snmp_method_php.

[trantuan]

goliath84,

After all these years, I'm still running into the same problem. Can you tell me where the "snmp.php" file is located? I am running RedHat Fedora (don't have the version/release handy at this time).

php 5.1.6-27.e15_5.3
php-snmp 5.1.6-27.e15_5.3
net-snmp 5.3.2.2-14.e15_7.1

My help posting: http://forums.cacti.net/viewtopic.php?f=21&t=44036

Thanks

[trantuan]

[SOLVED]

snmp.php is located at "/usr/share/cacti/lib". I modified the snmp.php file and changed all "SNMP_METHOD_PHP" to "SNMP_METHOD_BINARY" under the function "snmp_get_method". There may have been a pretty way of doing it, but this was the quickest for me. Hopefully, nothing else is using the snmp.php within the CACTI library.

[gandalf]

Deinstalling php-snmp should yield the same result
R.