[2014/11/25 05:18:53] #net-snmp <andrei_> Hello!
[2014/11/25 05:19:45] #net-snmp <andrei_> I've got an issue with net-snmp on a Centos 6.4. if I add a user with
[2014/11/25 05:19:46] #net-snmp <andrei_> net-snmp-create-v3-user -ro -A snmpv3pass -a MD5 -x DES snmpv3user2
[2014/11/25 05:20:19] #net-snmp <andrei_> then do a service snmpd start
[2014/11/25 05:20:47] #net-snmp <andrei_> when I attempt to connect with snmpwalk I get : snmpwalk: Unknown user name
[2014/11/25 05:21:15] #net-snmp <andrei_> everything works fine if I start snmp with snmpd -Lo -c /etc/snmp/snmpd.conf -f &
[2014/11/25 05:21:22] #net-snmp <andrei_> instead of service snmpd start
[2014/11/25 05:22:09] #net-snmp <andrei_> any clue what the issue is ? Thanks! (From what I've seen the lines in the file located at /var/lib/.. are missing
[2014/11/25 06:09:22] #net-snmp <rstory-work> andrei_: is selinux enabled on your system?
[2014/11/25 06:10:25] #net-snmp <andrei_> # sestatus SELinux status: enabled SELinuxfs mount: /selinux Current mode: enforcing Mode from config file: enforcing Policy version: 28 Policy from config file: targeted
[2014/11/25 06:10:32] #net-snmp <andrei_> meh. The answer is yes
[2014/11/25 06:11:21] #net-snmp <rstory-work> check if snmp is getting denials: grep avc /var/log/audit/audit.log | grep snmp
[2014/11/25 06:12:12] #net-snmp <andrei_> nope, no output
[2014/11/25 06:14:04] #net-snmp <andrei_> I've tried editing /etc/init.d/snmpd comment OPTIONS and write a new OPTIONS=" -Lo -c /etc/snmp/snmpd.conf -f" and I get the same effect
[2014/11/25 06:17:35] #net-snmp <rstory-work> do you see a line for snmpv3user2 in /var/lib/net-snmp/snmpd.conf?
[2014/11/25 06:18:16] #net-snmp <andrei_> no
[2014/11/25 06:19:23] #net-snmp <andrei_> for service snmpd start, I don't. for snmpd -Lo -c /etc/snmp/snmpd.conf -f & I do, there's a line containing some hashes
[2014/11/25 06:20:58] #net-snmp <rstory-work> that doesn't make sense. /var/lib/net-snmp/snmpd.conf shouldn't change depending on how you start snmpd. it either has the usmUser line or it doesn't..
[2014/11/25 06:22:07] #net-snmp <rstory-work> any chance you have multiple versions of net-snmp installed? the system/rpm version, and one built from source?
[2014/11/25 06:27:40] #net-snmp <rstory-work> also, you shouldn't use -c without -C, or snmpd.conf will be read twice.
[2014/11/25 06:28:26] #net-snmp <andrei_> usmUser 1 3 0x80001f8880491cff7b7f647454 0x736e6d707633757365723200 0x736e6d707633757365723200 NULL .1.3.6.1.6.3.10.1.1.2 0x98e8cef9b5a31e9de3bc748f7686acf2 .1.3.6.1.6.3.10.1.2.2 0x98e8cef9b5a31e9de3bc748f7686acf2 ""
[2014/11/25 06:28:42] #net-snmp <andrei_> this is in /var/lib/net-snmp/snmpd.conf
[2014/11/25 06:28:56] #net-snmp <andrei_> by running snmpd -Lo -c -C /etc/snmp/snmpd.conf -f &
[2014/11/25 06:29:29] #net-snmp <andrei_> and everything works ok.
[2014/11/25 06:29:46] #net-snmp <andrei_> in /etc/init.d/snmpd the binary is called with
[2014/11/25 06:29:48] #net-snmp <andrei_> OPTIONS="-LS0-6d -Lf /dev/null -p /var/run/snmpd.pid "
[2014/11/25 06:30:10] #net-snmp <andrei_> daemon --pidfile=$pidfile $binary $OPTIONS
[2014/11/25 06:30:13] #net-snmp <andrei_> and it doesn't work
[2014/11/25 06:35:44] #net-snmp <rstory-work> add this to the options and restart snmpd via service: -Dusm,read_config:line,read_config:file,read_config:persist
[2014/11/25 06:36:34] #net-snmp <rstory-work> then check /var/log/messages for lines like "read_config:line: /var/lib/net-snmp/snmpd.conf:32 examining: usmUser ..."
[2014/11/25 06:37:20] #net-snmp <andrei_> so options should be
[2014/11/25 06:37:37] #net-snmp <andrei_> OPTIONS="-LS0-6d -Lf /dev/null -p /var/run/snmpd.pid -Dusm,read_config:line,read_config:file,read_config:persist"
[2014/11/25 06:37:39] #net-snmp <andrei_> ?
[2014/11/25 06:38:05] #net-snmp <rstory-work> yes
[2014/11/25 06:40:03] #net-snmp <andrei_> # cat /var/log/messages | grep usmUser <132> 2014 Nov 25 12:21:21 uc-module snmpd[20360]: /var/lib/net-snmp/snmpd.conf: line 32: Warning: Unknown token: usmUser.
[2014/11/25 06:40:34] #net-snmp <rstory-work> well that's definitely a problem!
[2014/11/25 06:42:34] #net-snmp <andrei_> can you access pastebin.com ?
[2014/11/25 06:43:23] #net-snmp <andrei_> there are several lines of output to paste
[2014/11/25 06:43:31] #net-snmp <rstory-work> yes
[2014/11/25 06:43:59] #net-snmp <andrei_> http://pastebin.com/VQQnrBxh
[2014/11/25 06:44:24] #net-snmp <andrei_> also, thanks for taking the time to walk me through this
[2014/11/25 06:46:30] #net-snmp <rstory-work> you're welcome. ok, so when you run snmpd by hand, what's the path to the binary? ('which snmpd') And can you pastebin the output from starting snmpd by hand with the same -D flags you added to OPTIONS?
[2014/11/25 06:47:31] #net-snmp <andrei_> # which snmpd /usr/sbin/snmpd
[2014/11/25 06:49:22] #net-snmp <rstory-work> actually, let's try snmpd by hand without the C/c flags: snmpd -Lo -f -Dusm,read_config:line,read_config:file,read_config:persist
[2014/11/25 06:51:07] #net-snmp <andrei_> http://pastebin.com/nhepJa6f
[2014/11/25 06:51:10] #net-snmp <andrei_> this is the console output
[2014/11/25 06:52:00] #net-snmp <andrei_> and in /var/log/messages
[2014/11/25 06:52:01] #net-snmp <andrei_> <130> 2014 Nov 25 14:50:04 uc-module Critical: Disk quota for backup/restore limit exceeded
[2014/11/25 06:52:02] #net-snmp <andrei_> only this
[2014/11/25 06:53:23] #net-snmp <rstory-work> odd.. ok, add ",read_config:path" to the -D options and run again..
[2014/11/25 06:54:57] #net-snmp <andrei_> registered debug token read_config:path, 1
[2014/11/25 06:55:01] #net-snmp <andrei_> nothing changes, aside of this
[2014/11/25 06:55:05] #net-snmp <andrei_> no message in var/log/messages
[2014/11/25 06:58:52] #net-snmp <rstory-work> that's very odd.. ok, try: snmpd -Lo -f -Dread_config -H 2>&1 | grep path
[2014/11/25 06:59:53] #net-snmp <andrei_> http://pastebin.com/AKERDgH3
[2014/11/25 07:02:05] #net-snmp <rstory-work> ok, great.. so we know /etc/snmp is in the default path, so C/c options shouldn't be needed on the command line..
[2014/11/25 07:03:34] #net-snmp <rstory-work> but this doesn't help explain the odd error when trying to start without them..
[2014/11/25 07:04:19] #net-snmp <rstory-work> lets try: snmpd -Lo -f -Dread_config
[2014/11/25 07:05:32] #net-snmp <andrei_> http://pastebin.com/jT2UwNuw
[2014/11/25 07:06:31] #net-snmp <rstory-work> hmm... read_config: /etc/snmp/snmpd.conf: No such file or directory
[2014/11/25 07:06:52] #net-snmp <rstory-work> ls -lZ /etc/snmp/snmpd.conf
[2014/11/25 07:07:56] #net-snmp <andrei_> there's no file there, indeed
[2014/11/25 07:08:53] #net-snmp <rstory-work> curiouser and curiouser..
[2014/11/25 07:08:55] #net-snmp <andrei_> but I don't know why, it was there when I ran the command
[2014/11/25 07:23:38] #net-snmp <rstory-work> any chance you have a backup?
[2014/11/25 07:23:51] #net-snmp <andrei_> yes
[2014/11/25 07:24:33] #net-snmp <rstory-work> ok, restore that, make sure it has "rouser snmpv3user2" in it, and try the simple command line again: snmpd -Lo -f -Dread_config
[2014/11/25 07:26:10] #net-snmp <andrei_> as a side note, now I can connect to my snmp
[2014/11/25 07:26:16] #net-snmp <andrei_> (remotely)
[2014/11/25 07:26:37] #net-snmp <rstory-work> great! now stop it, set OPTIONS to "-LS0-6d -Lf /dev/null -p /var/run/snmpd.pid -Dusm,read_config" and service start snmpd, and see if it still works..
[2014/11/25 07:27:01] #net-snmp <rstory-work> if not, pastebin the debug stuff from /var/log/messages
[2014/11/25 07:29:07] #net-snmp <andrei_> it doesn't
[2014/11/25 07:29:51] #net-snmp <andrei_> http://pastebin.com/QvySW3MF
[2014/11/25 07:29:55] #net-snmp <andrei_> and this is the debug info
[2014/11/25 07:33:26] #net-snmp <andrei_> would it help you to print the whole conf file?
[2014/11/25 07:41:34] #net-snmp <andrei_> I'm sorry, I have to leave in a few minutes
[2014/11/25 07:41:53] #net-snmp <andrei_> (and lose console access)
[2014/11/25 07:43:02] #net-snmp <andrei_> thanks for your help so far! I'll investigate tommorrow as well
[2014/11/25 22:21:09] #net-snmp <andrei_> hello! yesterday, rstory-work was helping me with an net-snmp issue where the user "dissapeared"/did not exist if I started with service snmpd start, instead of manually
[2014/11/25 22:21:26] #net-snmp <andrei_> the follow-up is that it works ok to start with snmpd -Lo -f
[2014/11/25 22:21:33] #net-snmp <andrei_> but not with service snmpd start, and I have no idea why
[2014/11/25 22:48:20] #net-snmp <andrei_> apparently I found the issue, and corrected it in terms of behaviour
[2014/11/25 22:48:47] #net-snmp <andrei_> when I echoed $OPTIONS in /etc/init.d/snmpd I got -Ls0-6d -Lf /dev/null -p /var/run/snmpd.pid -Iproxy,vacm_conf,ipAddressPrefixTable,ipv4InterfaceTable,ifXTable,ipv6InterfaceTable,ipAddressTable,ipIfStatsTable,interface,ifTable
[2014/11/25 22:49:03] #net-snmp <andrei_> I changed OPTIONS name to OPTION and now the output is only -Ls0-6d -Lf /dev/null -p /var/run/snmpd.pid
[2014/11/25 22:49:05] #net-snmp <andrei_> and it works just fine
[2014/11/25 22:59:16] #net-snmp <andrei_> I found the cause. the service script is importing both the OPTIONS var from /etc/sysconfig/snmpd and it declares a local one as well