Re: [nv-l] A Authentication Failure Incorrect Community Name
2006-03-09 14:36:48
My humble salutations to James... Larry
James Shanks <jshanks AT us.ibm DOT com> wrote: Larry, you missed the point of what I said. Your original note indicated to me that you weren't sure what boxes were sending you these traps or why, or whether they were legitimate or not. Well, I don't know why they are begin generated, but I did give you some suggestions about how to find out the origin of them. If I misunderstood what you were saying, then I apologize. But what you should do to resolve this situation is up to you.
You can turn off traps if you want to, but that just masks the problem doesn't it? If you can demandpoll the machines and get correct SNMP responses from NetView then the daemons should all be using the correct community name. But you could always stop all the daemons, clear
the xnmsnmpconf cache, and restart everything, or just reboot, to force everything back to square one. You don't have an MLM anywhere that needs to be updated, do you? If all else fails, I would go to one of the problem servers and see whether you could get a log or a trace from there of who is sending the bad query. iptrace, snoop, ethereal, whatever is appropriate to the OS there would show who is sending the bad queries.
I'm not defending the NetView migration process, nor claiming that something didn't go wrong with it somewhere. I'm only suggesting how you might get to the bottom of it.
James Shanks Level 3 Support for Tivoli NetView for UNIX and Windows Tivoli Software / IBM Software Group
Larry Fagan o.com> !
To Sent by: nv-l AT lists.us.ibm DOT com owner-nv-l@lists. cc us.ibm.com Subject Re: [nv-l] A Authentication Failure 03/06/2006 05:05 Incorrect Community Name PM Please respond to nv-l AT lists.us DOT ibm .com !
James, Yes, traps are coming in with hostname and community string also.. i have them coming in from bunch of servers.. so should i go to each box and turn off SNMP trap destination? This was not the case before migration.. these traps were not coming in before.. any help is appreciated.. larry
James Shanks wrote: If you turn on the trapd trace, it will give you the IP address from which the trap was received. If you enable the hex dump option on trapd it will also dump the trap in hex, making it easier to find in the trace. Also, most authentication failure traps do not contain the failing community name, the standard one has no variables at all, so you should be able to look in trapd.conf and see what enterprise is sending it. !
Perhaps
these things will give you some clues.
James Shanks Level 3 Support for Tivoli NetView for UNIX and Windows Tivoli Software / IBM Software Group
Yahoo! Mail Bring photos to life! New PhotoMail makes sharing a breeze.
Brings words and photos together (easily) with
PhotoMail - it's free and works with Yahoo! Mail.
|
|
|