NoAccess error in snmpset

Asked 13/10, 2009 at 12:33 Answered 30/5, 2022 at 7:24

I have a MIB object with read-write permission. MIB section looks like this:

EnableHalt OBJECT-TYPE
  SYNTAX Integer32
  MAX-ACCESS read-write
  STATUS current
  DESCRIPTION "implemented in NetSnmpcodsMr.c file."
  DEFVAL { 0 }
::= { Scalars 4 }

When I do a set on this object I get:

$ sudo snmpset -v 2c -c public localhost 1.3.6.1.4.1.8072.2.2.4.0 i 1
Error in packet.
Reason: noAccess
Failed object: NET-SNMP-MIB::netSnmp.2.2.4.0

When I do a get:

$ snmpget -v 2c -c public localhost 1.3.6.1.4.1.8072.2.2.4.0
NET-SNMP-MIB::netSnmp.2.2.4.0 = INTEGER: 1

All is fine!

In snmpd.conf I added the line:

rwcommunity public localhost

Still noAccess issue. I'm using net snmp 5.4.2.1 on Ubuntu

What am I doing wrong? Please advice Thanks Gil

Precisian answered 13/10, 2009 at 12:33 Comment(2)

The OID that you've listed is: NET-SNMP-EXAMPLES-MIB::netSnmpExampleTables.4.0 Is this application something that you've written or are currently trying to modify? If it's something home-made or otherwise "unofficial", then I would suspect that the relevant code to allow modification has not been implemented yet. – Saprogenic 3/12, 2013 at 1:40

Are you able to solve this issue? Because I'm stuck right now – Analogue 24/5, 2022 at 7:40

It's nine months since you asked this but in case it's helpful...

Is your community string correct? You specified it as "public", which is the default read-only community string. Perhaps it should be "private" instead, which is the default read-write community string.

Mallarme answered 20/7, 2010 at 15:44 Comment(1)

I tried this but still no success – Analogue 24/5, 2022 at 7:42

Gil,

If that object is read-only, then you probably will receive notWritable instead of noAccess.

http://www.tcpipguide.com/free/t_SNMPVersion2SNMPv2MessageFormats-5.htm

So I think it is still a Net-SNMP configuration issue and you can post to Net-SNMP mail list or check out the archive,

http://www.net-snmp.org/support/contacts.html

Lantz answered 15/10, 2009 at 7:2 Comment(0)

try:

snmpget -v 2c -c public localhost 1.3.6.1.4.1.8072.2.2.4.0 NET-SNMP-MIB::netSnmp.2.2.4.0

Schismatic answered 4/6, 2010 at 20:37 Comment(0)

modify the snmpd.conf file, add below line into the end of file.Provide write permission.

rwcommunity public

Tapley answered 11/1, 2012 at 2:28 Comment(0)

noAccess (as opposed to notWritable) could be caused by your VACM view configuration in snmpd.conf. Look to the com2sec, group, view, and access directives. Respectively, these map a community string and source address/subnet to a security name; add a security name as a member of a VACM group; define an OID subtree as a named view; and finally indicate the access level for a given set of those other parameters along with security model and security level. If gets return noError but sets return noAccess, chances are good that one of these directives has configured your community string or your IP address for read-only access for what would otherwise be a read-write variable.

Hardware answered 7/8, 2017 at 13:22 Comment(0)

I have edited the access control section in snmpd.conf and it working perfectly fine for me,

######################################################################## 
#######
# Access Control
#######################################################################

# YOU SHOULD CHANGE THE "COMMUNITY" TOKEN BELOW TO A NEW KEYWORD ONLY
# KNOWN AT YOUR SITE.  YOU *MUST* CHANGE THE NETWORK TOKEN BELOW TO
# SOMETHING REFLECTING YOUR LOCAL NETWORK ADDRESS SPACE.

# By far, the most common question I get about the agent is "why won't
# it work?", when really it should be "how do I configure the agent to
# allow me to access it?"
#
# By default, the agent responds to the "public" community for read
# only access, if run out of the box without any configuration file in 
# place.  The following examples show you other ways of configuring
# the agent so that you can change the community names, and give
# yourself write access as well.
#
# The following lines change the access permissions of the agent so
# that the COMMUNITY string provides read-only access to your entire
# NETWORK (EG: 10.10.10.0/24), and read/write access to only the
# localhost (127.0.0.1, not its real ipaddress).
#
# For more information, read the FAQ as well as the snmpd.conf(5)
# manual page.

 ####
# First, map the community name (COMMUNITY) into a security name
# (local and mynetwork, depending on where the request is coming
# from):

#       sec.name  source          community
#com2sec paranoid  default         public
#com2sec readonly  default         public
com2sec readwrite default         private

####
# Second, map the security names into group names:

#               sec.model  sec.name
#group MyROSystem v1        paranoid
#group MyROSystem v2c       paranoid
#group MyROSystem usm       paranoid
#group MyROGroup v1         readonly
#group MyROGroup v2c        readonly
#group MyROGroup usm        readonly
group MyRWGroup v1         readwrite
group MyRWGroup v2c        readwrite
group MyRWGroup usm        readwrite

####
# Third, create a view for us to let the groups have rights to:

#           incl/excl subtree                          mask
view all    included  .1                               80
view system included  .iso.org.dod.internet.mgmt.mib-2.system

####
# Finally, grant the 2 groups access to the 1 view with different
# write permissions:

#                context sec.model sec.level match  read   write  notif
#access MyROSystem ""     any       noauth    exact  system none   none
#access MyROGroup ""      any       noauth    exact  all    none   none
access MyRWGroup ""      any       noauth    exact  all    all    none

# ------------------------------------------------------------------

Analogue answered 30/5, 2022 at 7:24 Comment(1)

Can you help with my question: #76339854 – Pippy 26/5, 2023 at 9:16

Recommended topics

Hot tags