SNMP Reason: authorizationError (access denied to that object)

Templates, scripts for templates, scripts and requests for templates.

Moderators: Developers, Moderators

duwijakarta
Cacti User
Posts: 52
Joined: Thu Apr 18, 2024 10:40 pm

SNMP Reason: authorizationError (access denied to that object)

Post by duwijakarta »

hello, please help

Can anyone help with the following case?
when I create a new device on the cacti server it says

xxxx@cacti-explore:~$ snmpwalk -v3 -l authPriv -u xxxx -a MD5 -A 'xxxxx' -x AES -X 'xxxx' 1xx.x.x.x
snmpwalk: Unknown user name

but if I set it with version 2 the results are successful
snmpwalk -c xxxx -v 2c

even though the settings on my switch are for version 3
snmp-server group xxxx v3 auth
snmp-server group xxxx v3 priv
snmp-server community xxxx RO
snmp-server host 1x.x.x version 3 priv xxxx udp-port 161

why does it always say "Unknown user name" when I set snmp version 3?
Are there any settings that need to be added?
Thank You
Last edited by duwijakarta on Tue Jun 18, 2024 1:35 am, edited 1 time in total.
Rno
Cacti Pro User
Posts: 704
Joined: Wed Dec 07, 2011 9:19 am

Re: snmpwalk: Unknown user name

Post by Rno »

Don't cross post

Just 1 post on 1 forum should be fine
Test
Almalinux
php 8.2.14
mariadb 10.6.16
Cacti 1.2.27
Spine 1.2.27
RRD 1.7.2
thold 1.8
monitor 2.5
syslog 3.2
flowview: 3.3
weathermap 1.0 Beta
User avatar
macan
Cacti Guru User
Posts: 1137
Joined: Tue Mar 18, 2008 2:30 am
Location: Czech

Re: snmpwalk: Unknown user name

Post by macan »

is it cisco? You created group but you have to create user in group. It will be something like this:
snmp-server user your_user your_group v3 auth md5 password
Let the Cacti grow!
duwijakarta
Cacti User
Posts: 52
Joined: Thu Apr 18, 2024 10:40 pm

Re: snmpwalk: Unknown user name

Post by duwijakarta »

Rno wrote: Wed Jun 05, 2024 2:02 am Don't cross post

Just 1 post on 1 forum should be fine

Sorry in advance, I made more than 1 post,
for the answer in the previous post, I have snmp, if you use snmpv2 it works but if you use snmpv3 it says Unknown user name, I use a C9300 type switch device
duwijakarta
Cacti User
Posts: 52
Joined: Thu Apr 18, 2024 10:40 pm

Re: snmpwalk: Unknown user name

Post by duwijakarta »

macan wrote: Wed Jun 05, 2024 2:40 am is it cisco? You created group but you have to create user in group. It will be something like this:
snmp-server user your_user your_group v3 auth md5 password
yes, I use Cisco type C9300,
so I need to add cli in switch like this:
example
snmp server user snmpuser groupuser v3 auth md5 xxxxx?
Rno
Cacti Pro User
Posts: 704
Joined: Wed Dec 07, 2011 9:19 am

Re: snmpwalk: Unknown user name

Post by Rno »

That's the command:
snmp-server user <uername> network-admin auth sha <password> priv aes-128 <auth key> localizedV2key

The 'network-admin' is the group you want, you can see them with: show snmp group

And this example is with authpriv mode

I take this config from a C9336 and NXos 10.3.4a
Test
Almalinux
php 8.2.14
mariadb 10.6.16
Cacti 1.2.27
Spine 1.2.27
RRD 1.7.2
thold 1.8
monitor 2.5
syslog 3.2
flowview: 3.3
weathermap 1.0 Beta
duwijakarta
Cacti User
Posts: 52
Joined: Thu Apr 18, 2024 10:40 pm

Re: snmpwalk: Unknown user name

Post by duwijakarta »

Rno wrote: Thu Jun 06, 2024 12:42 am That's the command:
snmp-server user <uername> network-admin auth sha <password> priv aes-128 <auth key> localizedV2key

The 'network-admin' is the group you want, you can see them with: show snmp group

And this example is with authpriv mode

I take this config from a C9336 and NXos 10.3.4a
Thank you for the suggestion, I'll try it, what is the localizedV2key function for?
duwijakarta
Cacti User
Posts: 52
Joined: Thu Apr 18, 2024 10:40 pm

Re: snmpwalk: Unknown user name

Post by duwijakarta »

Rno wrote: Thu Jun 06, 2024 12:42 am That's the command:
snmp-server user <uername> network-admin auth sha <password> priv aes-128 <auth key> localizedV2key

The 'network-admin' is the group you want, you can see them with: show snmp group

And this example is with authpriv mode

I take this config from a C9336 and NXos 10.3.4a

after adding the result is like this, Error in packet.
Reason: authorizationError (access denied to that object)
Rno
Cacti Pro User
Posts: 704
Joined: Wed Dec 07, 2011 9:19 am

Re: snmpwalk: Unknown user name

Post by Rno »

duwijakarta wrote: Mon Jun 10, 2024 12:28 am
Rno wrote: Thu Jun 06, 2024 12:42 am That's the command:
snmp-server user <uername> network-admin auth sha <password> priv aes-128 <auth key> localizedV2key

The 'network-admin' is the group you want, you can see them with: show snmp group

And this example is with authpriv mode

I take this config from a C9336 and NXos 10.3.4a
Thank you for the suggestion, I'll try it, what is the localizedV2key function for?

Specifies whether the passwords are in encrypted key format
So you don't enter it when you create your user ;)
Maybe it's why the access is refuse !
Sorry for that
Test
Almalinux
php 8.2.14
mariadb 10.6.16
Cacti 1.2.27
Spine 1.2.27
RRD 1.7.2
thold 1.8
monitor 2.5
syslog 3.2
flowview: 3.3
weathermap 1.0 Beta
duwijakarta
Cacti User
Posts: 52
Joined: Thu Apr 18, 2024 10:40 pm

Re: snmpwalk: Unknown user name

Post by duwijakarta »

Rno wrote: Mon Jun 10, 2024 3:19 am
duwijakarta wrote: Mon Jun 10, 2024 12:28 am
Rno wrote: Thu Jun 06, 2024 12:42 am That's the command:
snmp-server user <uername> network-admin auth sha <password> priv aes-128 <auth key> localizedV2key

The 'network-admin' is the group you want, you can see them with: show snmp group

And this example is with authpriv mode

I take this config from a C9336 and NXos 10.3.4a
Thank you for the suggestion, I'll try it, what is the localizedV2key function for?

Specifies whether the passwords are in encrypted key format
So you don't enter it when you create your user ;)
Maybe it's why the access is refuse !
Sorry for that

Yes, for access the key format is encrypted, is there a format that I haven't configured enough?
Rno
Cacti Pro User
Posts: 704
Joined: Wed Dec 07, 2011 9:19 am

Re: snmpwalk: Unknown user name

Post by Rno »

Ok, so authentication is working, I think authorization is based on the group.
What group did you provide ?

My config is the one I provide you, and I don't have any snmp trouble.

Can you give the 'show run | inc SNMP' with the part for user and group, if you have any group.

Can you try a debug snmp ? (it' will give many information, so after one error issue the undebug all)

and see waht it say
Test
Almalinux
php 8.2.14
mariadb 10.6.16
Cacti 1.2.27
Spine 1.2.27
RRD 1.7.2
thold 1.8
monitor 2.5
syslog 3.2
flowview: 3.3
weathermap 1.0 Beta
duwijakarta
Cacti User
Posts: 52
Joined: Thu Apr 18, 2024 10:40 pm

Re: snmpwalk: Unknown user name

Post by duwijakarta »

Rno wrote: Mon Jun 10, 2024 6:05 am Ok, so authentication is working, I think authorization is based on the group.
What group did you provide ?

My config is the one I provide you, and I don't have any snmp trouble.

Can you give the 'show run | inc SNMP' with the part for user and group, if you have any group.

Can you try a debug snmp ? (it' will give many information, so after one error issue the undebug all)

and see waht it say
example
sh snmp user

User name: switchsnmp
storage-type: nonvolatile active
Authentication Protocol: MD5
Privacy Protocol: AES128
Group-name: SnmpSwitch

snmp-server group SnmpSwitch v3 priv
snmp-server host xx.xx.xx.xx version 3 priv switchsnmp udp-port 161

Is the setting correct like this?
Rno
Cacti Pro User
Posts: 704
Joined: Wed Dec 07, 2011 9:19 am

Re: snmpwalk: Unknown user name

Post by Rno »

Hmm I was looking to a wrong IOS. That should have be my first question: what device, what OS.

So can you try something like that:
snmp-server group SnmpSwitch v3 priv read ViewDefault write ViewDefault

If you don't want you SNMP user to be able to write to your switch, jut forget about the 'write ViewDefault '


my config is that:
! necessary to make it work
snmp-server group SnmpSwitch v3 priv read ViewDefault write ViewDefault
! used to pool the MAC adress by vlan
snmp-server group SnmpSwitch v3 priv context vlan- match prefix
! default view, used in the group, define at what level your SNMP polling is possible. mine is ISO (root of the snmp OID)
snmp-server view ViewDefault iso included

!And the username part
snmp-server user <username> <group> v3 auth sha <Password> priv aes 128 <SnmpPassword>
Test
Almalinux
php 8.2.14
mariadb 10.6.16
Cacti 1.2.27
Spine 1.2.27
RRD 1.7.2
thold 1.8
monitor 2.5
syslog 3.2
flowview: 3.3
weathermap 1.0 Beta
duwijakarta
Cacti User
Posts: 52
Joined: Thu Apr 18, 2024 10:40 pm

Re: snmpwalk: Unknown user name

Post by duwijakarta »

Rno wrote: Mon Jun 10, 2024 9:20 am Hmm I was looking to a wrong IOS. That should have be my first question: what device, what OS.

So can you try something like that:
snmp-server group SnmpSwitch v3 priv read ViewDefault write ViewDefault

If you don't want you SNMP user to be able to write to your switch, jut forget about the 'write ViewDefault '


my config is that:
! necessary to make it work
snmp-server group SnmpSwitch v3 priv read ViewDefault write ViewDefault
! used to pool the MAC adress by vlan
snmp-server group SnmpSwitch v3 priv context vlan- match prefix
! default view, used in the group, define at what level your SNMP polling is possible. mine is ISO (root of the snmp OID)
snmp-server view ViewDefault iso included

!And the username part
snmp-server user <username> <group> v3 auth sha <Password> priv aes 128 <SnmpPassword>
For my settings, does it need to be changed to v3 auth sha or stay on md5?
Cisco Catalys 9300L Version 17.6.x
Rno
Cacti Pro User
Posts: 704
Joined: Wed Dec 07, 2011 9:19 am

Re: snmpwalk: Unknown user name

Post by Rno »

No you can keep your settings, my config is an example, and a format that is working.
Test
Almalinux
php 8.2.14
mariadb 10.6.16
Cacti 1.2.27
Spine 1.2.27
RRD 1.7.2
thold 1.8
monitor 2.5
syslog 3.2
flowview: 3.3
weathermap 1.0 Beta
Post Reply

Who is online

Users browsing this forum: No registered users and 2 guests