SNMP support in eDirectory 8.7 for Solaris and Linux - Frequently Asked Questions
Novell Cool Solutions: Feature
By Arun Kumar
Digg This -
Posted: 28 Oct 2003
Update: This article is now available in PDF format.
In this document, some of the information regarding the new SNMP support in eDirectory 8.7 is compiled in the form of Frequently Asked Questions (FAQ). The FAQ is divided into 6 sections starting with SNMP basics, which gives a brief explanation of some the components and terminology of the SNMP itself so that it can facilitate easy understanding of the further sections. The subsequent sections discuss installation, configuration, Management of eDirectory using SNMP management applications, the eDirectory Management Information Base, traps in that order. Finally the last section lists references of various other Information, management utilities, etc., are listed.
Table of Contents
- SNMP basics
- Installation and Configuration
- Administration and Management
- eDirectory SNMP Management Information Base
- Receiving eDirectory generated TRAPS
|Recent changes to this document|
14th October 2002 - Initial Creation.
30th October 2002 - Incorporated review comments sent by K.P. Rajesh
20th October 2003 - added changes to traps in eDirectory 8.7.1
3.7 How many traps are generated by the ndssnmpsa subagent?
|1. SNMP basics|
There are various places where you can find FAQs about SNMP. On the FAQ, regarding the net-SNMP implementation on Linux by U C Davis can be found at http://net-snmp.sourceforge.net/FAQ.html
Another FAQ regarding the Sun implementation of SNMP, the Sun Enterprise Manager can be found at http://www.sun.com/software/entagents/ent_agents_FAQ.xml
The SNMP based management involves two primary elements - a manager and an agent. The manager monitors and controls network devices by manipulating a collection of objects that represent the network device and its properties. The agent talks directly to the device, communicates the state of the managed objects and forwards events to the manager. The managed objects and events are defined in the Management Information Base so that the manager and the agent understand the structure and syntax of these managed objects.
They both are protocols with which the agents communicate. AgentX is the later one and SMUX protocol has been retired.
The Master agent listens on the well-known UDP port number 161. The traps generated by the subagents are forwarded to the UDP port number 162.
The sub-agents usually use ephemeral ports which can be configured by using the implementation specific configuration file.
|2. Installation & Configuration|
On Solaris, you will need the Solstice Enterprise Manager. The latest version is 1.0.3. It is usually preinstalled as part of the Solaris 5.8. In case it is not installed on your box, you can download it from http://www.sun.com/software/entagents/download/.
On Linux you will need ucd-snmp-4.2.1-7.rpm which is a U C Davis implementation and may be available as part of the distribution or can be downloaded from http://net-snmp.sorceforge.net
Additionally on Linux systems you will have to install the ucd-snmp-utils-4.2.1-7.rpm to make use of the SNMP management applications and also for receiving traps.
Make the following change to the /etc/snmp/snmpd.conf file:
Next do the below mentioned changes in the /etc/snmp/conf/snmpdx.acl file
The master agent is an executable called snmpdx which resides inside the /etc/snmp/conf/snmpd.conf file as
/usr/lib/snmp/snmpdx -y -c /etc/snmp/conf
On Linux the master agent is an executable called snmpd, which is under the /usr/sbin/ directory. It can be started using the startup script as shown in the following command
The snmp daemon reads a configuration file called snmpd.conf which resides under /etc/snmp/. The minimal changes that you need to do in order to get the master running are:
Change the following lines from
com2sec public default public
group public v1 public
group public v2c public
group public usm public
view all included .1
access public "" any noauth exact all none none
com2sec demouser default public
group demogroup v1 demouser
group public v2c public
group public usm public
view all included .1
access demogroup "" any noauth exact all all all
and add the below two lines
trapsink <hostname> public
The first change is to the View based Access Control Model. Here you specify who can read the objects in the subagent so on and so forth.
The trapsink parameter allows you to specify the host or the management station that will receive the traps generated from the subagent and the last modification tells that AgentX is the communication protocol that should be used between the agents.
The eDirectory subagent is a process called ndssnmpsa which resides in the /usr/bin directory. It also has an associated configuration file which the daemon reads when it starts up, called the ndssnmp.cfg. This configuration file can be found in the /etc/ndssnmp directory. The important parameter that needs to be configured if you are running the ndsd daemon on a non standard port, is the SERVER parameter. An example is shown below:
The daemon can be started using the startup scrip /etc//init.d/ndssnmpsa by issuing the start command. On Linux it can also be started using the command: /etc/rc.d/init.d/ndssnmpsa start
On Solaris the configuration of the subagent is slightly different compared to Linux. To configure you need 2 configuration files ndsmib.reg and ndsmib.acl which are part of the SUBAGENT package.
The eDirectory SNMP server module is loaded automatically at startup. However if you want to unload and reload the server module, use the ndssnmp utility. The -u option is used for unloading while the -l option is used for loading.
If you unload this module you will not receive any traps.
This error is due to the fact that the library files are not properly numbered. The solution to this problem would be to create the following links
ln -s /usr/lib/libucdagent.so.0.4.2 /usr/lib/libucdagent-0.4.2.1.so
ln -s /usr/lib/libucdagent.so.0.4.2 /usr/lib/libucdagen.0.4.2.1.so
ln -s /usr/lib/libsnmp.so.0.4.2/usr/lib/libsnmp-0.4.2.1.so
This is because either the ndsd daemon is down or listening on a non standard port and by default the ndssnmp.cfg file is configured only with the server name and implicit default port. Check if the daemon is up and running and if it is then check if it is running on an non standard port. Then edit the file and add the port number after the name of the server separated by a colon.
|3. Administration and Management|
The command line utility ndssnmpconfig can be used to enable or disable the traps generated by eDirectory. The following interaction shows how to enable the trap number 1, the ndsCreateEntry Trap which gets generated whenever a new object is created in the directory.
#ndssnmpconfig -h ncps-lnx:5524 -a admin.org -p secret -c "ENABLE 1"
Logged in as .CN=admin.O=org.MORPHIUS-TREE.
Refreshing servers with the latest configuration.
The following traps have been enabled:
Trap No Trap Name
Similarly one can disable the traps by using the DISABLE command.
The above mentioned utility can be used to list the traps that are enabled or disabled. The example shows the command that is used to list all the traps that are enabled currently.
#ndssnmpconfig -h ncps-lnx -a admin.org -p secret -c "LIST ENABLED"
On Linux you can use the snmpwalk application developed by U C Davis to display the contents of the eDirectory MIB. Alternatively you can use any of the MIB browsers to list the contents.
There are two reasons for this
1. The eDirectory MIB module is not present in the default directory where the application looks for the MIB modules
2. Not all MIB modules are loaded by the applications
In order to resolve the above problem, perform the following operations:
1. cp the edir.mib from the /etc/ndssnmp directory to /usr/share/snmp/ as
EDIR-MIB.txt ( this is the standard convension)
2. By default the snmpwalk application does not load all the modules, so include the -m all option/parameter to the snmpwalk command line.
Use the snmptable application to list the contents of the table.
snmptable -m all localhost public <table-name>
for example snmptable -m all localhost public ndsDbCacheTable
Make sure that the ndssnmpsa subagent is running by pgreping for the name of the daemon.
3.7 How many traps are generated by the ndssnmpsa
There are totally 117 traps that are generated by the ndssnmpsa subagent.
Additionally two traps Server start and stop are also generated when the subagent successfully connects or loses connection with the eDirectory server. Note that these two traps are NOT configurable and they are always generated.
|4. eDirectory SNMP Management Information Base|
The OID of the eDirectory MIB is ndsMIB(184.108.40.206.220.127.116.11.98).
The eDirectory MIB is divided into 3 categories(4 tables)
i. ndsDatabase Statistics
iii. ndsInteraction statistics
The table ndsDbCacheTable contains variables relating to the FLAIM Data Base cache settings. Some of information that this table holds is DIB size, database block cache size and statistics about cache hits and misses.
The table ndsDbConfig contains information about cache size, block cache percentage and checkpoint interval
The ndsProtolfOpsTable contains information about protocol type, protocol description, number of logins etc.
and finally the ndsServerIntTable holds information about server creation times etc
The MIB also holds the 117 ndsTrap variables which corresponds to the traps that are generated by the ndssnmpsa subagent. These traps are generated when a corresponding event occurs in eDirectory.
The eDirectory MIB can be located in the directory /etc/ndssnmp and the file is called edir.mib.
|5. Receiving eDirectory generated TRAPS|
Starting the snmptrapd which is part of the ucd-snmp rpm will enable you to receive traps generated from the subagents. If the -P option is used while starting the daemon will allow you to receive the trap notifications on STDERR.
Yes, you can. You will have to specify this in the snmp.conf file using the trapsink parameter. You can also receive traps on more than one station by simply adding another trapsink parameter with the name or IP address of the second management station
For More Information.
1. eDirectory 8.7 Administration Guide edir87.pdf
2. MG-SOFT Network Management Software - www.mg-soft.si
3. NET-SNMP FAQ - http://net-snmp.sourceforge.net/FAQ.html
4. Solaris Solstice Enterprise Agents - http://www.sun.com/software/entagents/ent_agents_FAQ.xml
This FAQ is created and maintained by email@example.com
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com