# bsnmpd configuration question - enabling SNMPv3 authentication



## Geekazoid (Mar 29, 2022)

Good Day!  I have an issue which has me stumped.  If I start bsnmpd with only SNMP v1 or v2 configured, it works properly.  I am able to snmpwalk the machine with proper results.

Alas, when I configure /etc/snmpd.config for SNMPv3, my snmpwalk times out.  My eyes are hurting from checking the config and debugging.  :-(

I have worked through these to no avail:


			Call for testers: SNMPv3 support for bsnmpd(1)
		






						bsnmpd(1)
					






					www.freebsd.org
				











						snmp v3 clients for LibreNMS
					

snmp v3 clients for LibreNMS. GitHub Gist: instantly share code, notes, and snippets.




					gist.github.com
				











						freebsd/snmpd.config at master · lattera/freebsd
					

FreeBSD's source with custom patches. Contribute to lattera/freebsd development by creating an account on GitHub.




					github.com
				




From the server I have run:

```
snmpwalk -v 3 -a SHA-256 -A 'bsnmptest' -l authPriv -u bsnmp -x AES -X 'bsnmptest' 127.0.0.1
Timeout: No Response from 127.0.0.1

 bsnmpwalk -A proto=sha -v 3 -d -C context-engine=0x801008108025 -P proto=aes -U name=bsnmp -o verbose
GET SNMPv3 'public' request_id=0 error_status=0 error_index=0
REPORT SNMPv3 '' request_id=0 error_status=0 error_index=0
 [0]: 1.3.6.1.6.3.15.1.1.4.0=COUNTER 0
Engine ID 0x801008108025
Boots : 151             Time : 80
Localized keys for bsnmp
SHA : 0x22981a6e3993165e6a211bd8a981310516333860
AES : 0x22981a6e3993165e6a211bd8a9813105
GETNEXT SNMPv3 'public' request_id=1 error_status=0 error_index=0
 [0]: 1.3.6.1.2.1=NULL
GETNEXT SNMPv3 'public' request_id=2 error_status=0 error_index=0
 [0]: 1.3.6.1.2.1=NULL
GETNEXT SNMPv3 'public' request_id=3 error_status=0 error_index=0
 [0]: 1.3.6.1.2.1=NULL
GETNEXT SNMPv3 'public' request_id=4 error_status=0 error_index=0
 [0]: 1.3.6.1.2.1=NULL
GET SNMPv3 'public' request_id=5 error_status=0 error_index=0
 [0]: 1.3.6.1.2.1=NULL
GET SNMPv3 'public' request_id=6 error_status=0 error_index=0
 [0]: 1.3.6.1.2.1=NULL
GET SNMPv3 'public' request_id=7 error_status=0 error_index=0
 [0]: 1.3.6.1.2.1=NULL
GET SNMPv3 'public' request_id=8 error_status=0 error_index=0
 [0]: 1.3.6.1.2.1=NULL
bsnmpwalk: Snmp dialog: Operation timed out
```

I have only uncommented lines in snmpd.config in an effort to get authentication working.  Alas, it does not.  A diff from the default /etc/snmpd.config with /etc/snmpd.config after attempting to enable SNMPv3 follows:

```
21,22c21,22
< engine := 0x80:0x10:0x08:0x10:0x80:0x25
< snmpEngineID = $(engine)
---
> # engine := 0x80:0x10:0x08:0x10:0x80:0x25
> # snmpEngineID = $(engine)
71,72c71,72
< user1 := "bsnmp"
< user1passwd := 0x22:0x98:0x1a:0x6e:0x39:0x93:0x16:0x5e:0x6a:0x21:0x1b:0xd8:0xa9:0x81:0x31:0x05:0x16:0x33:0x38:0x60
---
> #user1 := "bsnmp"
> #user1passwd := 0x22:0x98:0x1a:0x6e:0x39:0x93:0x16:0x5e:0x6a:0x21:0x1b:0xd8:0xa9:0x81:0x31:0x05:0x16:0x33:0x38:0x60
181c181
< begemotSnmpdModulePath."usm"  = "/usr/lib/snmp_usm.so"
---
> #begemotSnmpdModulePath."usm" = "/usr/lib/snmp_usm.so"
186c186
< begemotSnmpdModulePath."vacm" = "/usr/lib/snmp_vacm.so"
---
> #begemotSnmpdModulePath."vacm"        = "/usr/lib/snmp_vacm.so"
198c198
< %usm
---
> #%usm
205,210c205,210
< usmUserStatus.$(engine).$(user1) = 5
< usmUserAuthProtocol.$(engine).$(user1) = $(HMACSHAAuthProtocol)
< usmUserAuthKeyChange.$(engine).$(user1) = $(user1passwd)
< usmUserPrivProtocol.$(engine).$(user1) = $(AesCfb128Protocol)
< usmUserPrivKeyChange.$(engine).$(user1) = $(user1passwd)
< usmUserStatus.$(engine).$(user1) = 1
---
> # usmUserStatus.$(engine).$(user1) = 5
> # usmUserAuthProtocol.$(engine).$(user1) = $(HMACSHAAuthProtocol)
> # usmUserAuthKeyChange.$(engine).$(user1) = $(user1passwd)
> # usmUserPrivProtocol.$(engine).$(user1) = $(AesCfb128Protocol)
> # usmUserPrivKeyChange.$(engine).$(user1) = $(user1passwd)
> # usmUserStatus.$(engine).$(user1) = 1
217,220c217,220
< usmUserStatus.$(engine).$(read) = 5
< usmUserAuthProtocol.$(engine).$(read) = $(NoAuthProtocol)
< usmUserPrivProtocol.$(engine).$(read) = $(NoPrivProtocol)
< usmUserStatus.$(engine).$(read) = 1
---
> # usmUserStatus.$(engine).$(read) = 5
> # usmUserAuthProtocol.$(engine).$(read) = $(NoAuthProtocol)
> # usmUserPrivProtocol.$(engine).$(read) = $(NoPrivProtocol)
> # usmUserStatus.$(engine).$(read) = 1
226c226
< %vacm
---
> #%vacm
237,240c237,240
< vacmSecurityToGroupStatus.$(securityModelUSM).$(user1) = 4
< vacmGroupName.$(securityModelUSM).$(user1) = $(write)
< vacmSecurityToGroupStatus.$(securityModelUSM).$(read) = 4
< vacmGroupName.$(securityModelUSM).$(read) = $(write)
---
> # vacmSecurityToGroupStatus.$(securityModelUSM).$(user1) = 4
> # vacmGroupName.$(securityModelUSM).$(user1) = $(write)
> # vacmSecurityToGroupStatus.$(securityModelUSM).$(read) = 4
> # vacmGroupName.$(securityModelUSM).$(read) = $(write)
```

What have I missed?

TIA,
glenn


----------



## Geekazoid (Mar 29, 2022)

Good Day!

Does anyone have a working example snmpd.config for bsnmpd?  I have bsnmpd working for v1 and v2.  Alas, I have been unable to get SNMPv3 working with encryption.  Any recommendations would be greatly appreciated.
I have read through:


			Call for testers: SNMPv3 support for bsnmpd(1)
		






						bsnmpd(1)
					






					www.freebsd.org
				











						freebsd/snmpd.config at master · lattera/freebsd
					

FreeBSD's source with custom patches. Contribute to lattera/freebsd development by creating an account on GitHub.




					github.com
				











						snmp v3 clients for LibreNMS
					

snmp v3 clients for LibreNMS. GitHub Gist: instantly share code, notes, and snippets.




					gist.github.com
				




Thank You!!!
glenn


----------



## covacat (Mar 29, 2022)

```
$bsnmpget  -s 10.1.1.2 sysUpTime.0
Engine ID 0x801008108025
Boots : 284        Time : 1247
Localized keys for bsnmp
SHA : 0x22981a6e3993165e6a211bd8a981310516333860
AES : 0x22981a6e3993165e6a211bd8a9813105

sysUpTime.0 = 124738

$snmpget -l authPriv -u bsnmp -a SHA -3k 0x22981a6e3993165e6a211bd8a981310516333860 -x AES -3K 0x22981a6e3993165e6a211bd8a9813105  10.1.1.2 sysUpTime.0
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (81582) 0:13:35.82
```


----------



## Geekazoid (Mar 29, 2022)

Thank You for sharing covacat!

I tried your commands on my system and received the following:

```
# bsnmpget -s 172.16.249.93 sysUpTime.0
Engine ID 0x801008108025
Boots : 151             Time : 79817
Localized keys for bsnmp
SHA : 0x22981a6e3993165e6a211bd8a981310516333860
AES : 0x22981a6e3993165e6a211bd8a9813105
bsnmpget: Snmp dialog: Operation timed out

# snmpget -l authPriv -u bsnmp -a SHA -3k 0x22981a6e3993165e6a211bd8a981310516333860 -x AES -3K 0x22981a6e3993165e6a211bd8a9813105 172.6.249.93 sysUpTime.0
snmpget: Timeout (Sub-id not found: (top) -> sysUpTime)
```
Both operations timed-out.  I fear I have something misconfigured in my snmpd.config file but am not sure what.?.

Any other ideas?  

glenn


----------



## covacat (Mar 30, 2022)

here is my snmpd.config


			https://termbin.com/g62j


----------

