Re: [NV-L] FixPack 5
2007-03-08 15:03:34
hostmibd, aixmibd, and muxatmd processes
using different community name that the snmpd's read community name. Check
the /usr/tmp/snmpd.log for SNMP requests for the MIB 1.3.6.1.4.1.2.2.1.1.1.0
with community public coming from 127.0.0.1. You may need to set the snmpd
logging level to 3 and refresh snmpd. Check the snmpd.conf file for details.
In AIX v5.1 (and higher, there seems
to have been a set of daemons introduced that send traps to 127.0.0.1:
-
aixmibd
-
hostmibd
-
muxatmd
-
snmpmibd
These daemons can be disabled by commenting
their start command within the /etc/rc.tcpip file.
Each of these SNMP sub-agents use "public"
as the default community name when they generate traps. If you system is
configured with a read community name other than public, then your system
will generate authentication traps and most likely forward these traps
to your NetView Server (which may be on the same box). To configure your
system to start these processes with the same community name as your system
(assuming its read community name is not "public"), perform the
following steps:
1) Stop each of the sub-agents:
stopsrc
-s aixmibd
stopsrc
-s hostmibd
stopsrc
-s muxatmd
stopsrc
-s snmpmibd
2) Edit the "/etc/rc.tcpip"
file as follows:
Change the following lines:
start
/usr/sbin/hostmibd "$src_running"
start
/usr/sbin/aixmibd "$src_running"
start
/usr/sbin/muxatmd "$src_running"
start
/usr/sbin/snmpmibd "$src_running"
to
start
/usr/sbin/hostmibd "$src_running" "-c <new_community_name>"
start
/usr/sbin/aixmibd "$src_running" "-c <new_community_name>"
start
/usr/sbin/muxatmd "$src_running" "-c <new_community_name>"
start
/usr/sbin/snmpmibd "$src_running" "-c <new_community_name>"
where <new_community_name> matches
the community name set on the following example in your /etc/snmpd.conf:
community
nonpublic
4) Restart the processes by sourcing
the rc.tcpip file ( . /etc/rc.tcpip) or using the startsrc command as follows:
startsrc
-s hostmibd -a "-c <new_community_name>"
startsrc
-s aixmibd -a "-c <new_community_name>"
startsrc
-s muxatmd -a "-c <new_community_name>"
startsrc
-s snmpmibd -a "-c <new_community_name>"
Gareth
REAMD AT nationwide DOT com
Sent by: nv-l-bounces AT lists.ca.ibm DOT com
03/08/2007 01:34 PM
Please respond to
Tivoli NetView Discussions <nv-l AT lists.ca.ibm DOT com> |
|
To
| Tivoli NetView Discussions <nv-l AT lists.ca.ibm DOT com>
|
cc
| Tivoli NetView Discussions <nv-l AT lists.ca.ibm DOT com>,
nv-l-bounces AT lists.ca.ibm DOT com
|
Subject
| Re: [NV-L] FixPack 5 |
|
Thanks Leslie,
Yes,
this trap is for the server itself, Yes, the OS default is SNMPv3 and I
did have to switch it SNMPv1 in order to netmon to start. No the
snmpd.conf community string and Global Default is not public but they are
the same. I did stop the dpid2 agent like you said but the trap continued.
Im going to set my logging level in snmpd.conf like you suggested to see
what I can find.
Thanks, Dave
Leslie Clark
<lclark AT us.ibm DOT com>
Sent by: nv-l-bounces AT lists.ca.ibm DOT com
03/08/2007 10:54 AM
Please respond to Tivoli NetView Discussions <nv-l AT lists.ca.ibm DOT com>
|
From
| Leslie Clark <lclark AT us.ibm DOT com>
|
To
| Tivoli NetView Discussions <nv-l AT lists.ca.ibm DOT com>
|
cc
|
|
Subject
| Re: [NV-L] FixPack 5 |
|
Is that trap from the box itself, or from something on the network? Hard
to tell, but if you increase the logging level in snmpd.conf you can at
least see what community string it is complaining about.
Between AIX 5.1 adn 5.3, the default SNMP on the OS changed from SNMPv1
to SNMPv3, but netview would not start at all if that were the problem.
So presumaby the upgrade recognized that you were running v1 and left it
that way.
The most likely thing, I think, since you say that the community in /etc/snmpd.conf
is the same as the global default, but you DON't say that it is public,
is that your default is not public and the dpid2 agent is trying to start.
There thing that starts that up assumes a default of public. You can just
disable the startup of that agent and see if it goes away.
>From my notes.....
The hostmibd daemon is an snmp subagent (a smux agent) on AIX which supplies
the answers to SNMP queries of variables defined in the MIB II Hosts mib
section - system information about disk, memory, cpu, etc. This daemon
requires dpid2 to be up first, to handle communication between hostmibd
and snmpd. If dpid2 is not up, hostmibd keeps trying forever. The hostmibd
daemon uses an SNMP query to find out what port to talk to dpid2 on. It
uses the community string of 'public' to make this query unless a different
one is specified in its startup in /etc/rc.tcpip.
End notes...
Cordially,
Leslie A. Clark
IT Services Specialist, Network Mgmt
Information Technology Services Americas
IBM Global Services
(248) 552-4968 Voicemail, Fax, Pager
REAMD AT nationwide DOT com
Sent by: nv-l-bounces AT lists.ca.ibm DOT com
03/08/2007 10:12 AM
Please respond to
Tivoli NetView Discussions <nv-l AT lists.ca.ibm DOT com> |
|
To
| Tivoli NetView Discussions
<nv-l AT lists.ca.ibm DOT com>
|
cc
|
|
Subject
| [NV-L] FixPack 5 |
|
Hi All,
I recently upgraded from AIX 5.1 to 5300.5 and then
applied the FixPack5. Netview seems to be up and running fine, but
I am now receiving:
1173366569 4 Thu Mar 08 10:09:29 2007 NV-HOSTNAME
A IBM Incorrect Community Name (authenticationFailure
Trap).
The community name in /etc/snmpd.conf is the same as the Global Default
and I am able to snmpwalk the server. Any Idea's
Thanks, Dave_______________________________________________
NV-L mailing list
NV-L AT lists.ca.ibm DOT com
Unsubscribe:NV-L-leave AT lists.ca.ibm DOT com
http://lists.ca.ibm.com/mailman/listinfo/nv-l (Browser access limited to
internal IBM'ers only)
_______________________________________________
NV-L mailing list
NV-L AT lists.ca.ibm DOT com
Unsubscribe:NV-L-leave AT lists.ca.ibm DOT com
http://lists.ca.ibm.com/mailman/listinfo/nv-l (Browser access limited to
internal IBM'ers only)
_______________________________________________
NV-L mailing list
NV-L AT lists.ca.ibm DOT com
Unsubscribe:NV-L-leave AT lists.ca.ibm DOT com
http://lists.ca.ibm.com/mailman/listinfo/nv-l (Browser access limited to
internal IBM'ers only)
_______________________________________________
NV-L mailing list
NV-L AT lists.ca.ibm DOT com
Unsubscribe:NV-L-leave AT lists.ca.ibm DOT com
http://lists.ca.ibm.com/mailman/listinfo/nv-l (Browser access limited to
internal IBM'ers only)
|
|
|