Novell Home

SNMP support in eDirectory 8.7 for Solaris and Linux  - Frequently Asked Questions

Novell Cool Solutions: Feature
By Arun Kumar

Digg This - Slashdot This

Posted: 28 Oct 2003
 

Update: This article is now available in PDF format.

In this document, some of the information regarding the new SNMP support in eDirectory 8.7 is compiled in the form of  Frequently Asked Questions (FAQ). The FAQ is divided into 6 sections starting with SNMP basics, which gives a brief explanation of some the components and terminology of the SNMP itself so that it can facilitate easy understanding of the further sections. The subsequent sections discuss installation, configuration, Management of eDirectory using SNMP management applications, the eDirectory Management Information Base, traps in that order. Finally the last section lists references of various other Information, management utilities, etc., are listed.

Table of Contents

Recent changes to this document

  1. SNMP basics
  2. 1.1   Where can I find FAQ about SNMP?

    1.2   What are the basic components of  SNMP ? 

    1.3   What are  AgentX and SMUX?

    1.4   What are the ports used by the SNMP agents?

  3. Installation and Configuration
  4. 2.1   What preinstalled software do you require to use SNMP features of eDirectory 8.7?

    2.2   How do I configure the master Agent on Solaris/Linux?

    2.3   How do I configure the subagent on Solaris/Linux?

    2.4   How do I load/unload SNMP server module?

    2.5   I get "error while loading shared libraries: libucdagent-0.4.2.1.so" error during the subagent startup on Linux.

    2.6   I get an "Unable to connect to NCPS-LNX:524, err: 111" error during subagent startup.

    2.7   Why does the change made to the trapsink parameter  not work on Linux?

  5. Administration and Management
  6. 3.1   How do I enable and disable Traps?

    3.2   How do I list all the traps that are ENABLED?

    3.3   How do I list the contents of the eDirectory MIB?

    3.4   I can retrieve all the objects from the MIB, but they are shown as numbers.

    3.5   How do I list the contents of the table in the eDirectory MIB?

    3.6   I get "No entries" error when I try to display the contents of the eDirectory table ndsDbCacheTable.

    3.7   How many traps are generated by the ndssnmpsa subagent?

  7. eDirectory SNMP Management Information Base
  8. 4.1   What is the OID of the eDirectory 8.7 MIB?

    4.2   What are the entities that are managed by the eDirectory SNMP subagent?

    4.3   Where can I find the eDirectory MIB?

  9. Receiving eDirectory generated TRAPS
  10. 5.1   How do I receive traps that are generated by the eDirectory SNMP subagent on Linux?

    5.2   Can I receive SNMP traps on my remote management station?

 

Recent changes to this document

Style Changes

FAQ Changes

14th October 2002   - Initial Creation.

30th October 2002    - Incorporated review comments sent by K.P. Rajesh

20th October 2003    - added changes to traps in eDirectory 8.7.1

New FAQs:
3.7   How many traps are generated by the ndssnmpsa subagent?

1.   SNMP basics

1.1   Where can I find FAQ about SNMP?

There are various places where you can find FAQs about SNMP. On the FAQ,  regarding the net-SNMP implementation on Linux by U C Davis  can be found at http://net-snmp.sourceforge.net/FAQ.html

Another FAQ regarding the Sun implementation of SNMP, the Sun Enterprise Manager can be found at http://www.sun.com/software/entagents/ent_agents_FAQ.xml

1.2   What are the basic components of  SNMP? 

The SNMP based management involves two primary elements - a manager and an agent. The manager monitors and controls network devices by manipulating a collection of objects that represent the network device and its properties. The agent talks directly to the device, communicates the state of the managed objects and forwards events to the manager. The managed objects and events are defined in the Management Information Base so that the manager and the agent understand the structure and syntax of these managed objects.

1.3   What are AgentX and SMUX?

They both are protocols with which the agents communicate. AgentX is the later one and SMUX protocol has been retired.

1.4   What are the ports used by the SNMP agents?

The Master agent listens on the well-known UDP port number 161. The traps generated by the subagents are forwarded to the UDP port number 162.

The sub-agents usually use ephemeral ports which can be configured by using the implementation specific configuration file.

2.   Installation & Configuration

2.1   What preinstalled software do you require to use SNMP features of eDirectory 8.7?

On Solaris, you will need the Solstice Enterprise Manager. The latest version is 1.0.3. It is usually preinstalled as part of the Solaris 5.8. In case it is not installed on your box, you  can download it from  http://www.sun.com/software/entagents/download/.

On Linux you will need ucd-snmp-4.2.1-7.rpm which is a U C Davis implementation and  may be available as part of the distribution or can be downloaded from http://net-snmp.sorceforge.net

Additionally on Linux systems you will have to install the ucd-snmp-utils-4.2.1-7.rpm to make use of the SNMP management applications and also for receiving traps.

2.2   How do I configure the master Agent on Solaris/Linux?

Solaris:

 Make the following change to the /etc/snmp/snmpd.conf file:

trap <server-name>

Next do the below mentioned changes in the /etc/snmp/conf/snmpdx.acl file

The master agent is an executable called snmpdx which resides inside the /etc/snmp/conf/snmpd.conf file as

/usr/lib/snmp/snmpdx -y -c  /etc/snmp/conf

Linux::

On Linux the master agent is an executable called snmpd, which is under the /usr/sbin/ directory. It can be started using the startup script as shown in the following command

/etc/rc.d/init.d/snmpd start

The snmp daemon reads a configuration file called snmpd.conf which resides under /etc/snmp/. The minimal changes that you need to do in order to get the master running are:

Change the following lines from

com2sec public default public
group public v1 public
group public v2c public
group public usm public
view all included .1
access public "" any noauth exact all none none

 to

com2sec demouser default public
group demogroup v1 demouser
group public v2c public
group public usm public
view all included .1
access demogroup "" any noauth exact all all all
 

and add the below two lines

trapsink    <hostname>    public

master        agentx

The first change is to the View based Access Control Model. Here you specify who can read the objects in the subagent so on and so forth.

The trapsink parameter allows you to specify the host or the management station that will receive the traps generated from the subagent and the last modification tells that AgentX is the communication protocol that should be used  between the agents.

2.3   How do I configure the subagent on Solaris/Linux?

The eDirectory subagent is a process called ndssnmpsa which resides in the /usr/bin directory. It also has an associated configuration file which the daemon reads when it starts up, called the ndssnmp.cfg. This configuration file can be found in the /etc/ndssnmp directory. The important parameter that needs to be configured if you are running the ndsd daemon on a non standard port, is the SERVER parameter. An example is shown below:

SERVER    lnx-srv:5524

The daemon can be started using the startup scrip /etc//init.d/ndssnmpsa by issuing the start command. On Linux it can also be started  using the command: /etc/rc.d/init.d/ndssnmpsa start

On Solaris the configuration of the subagent is slightly different compared to Linux. To configure you need 2 configuration files ndsmib.reg and ndsmib.acl which are part of the SUBAGENT package.

2.4   How do I load/unload eDirectory SNMP server module?

The eDirectory SNMP server module is loaded automatically at startup. However if you want to unload and reload the server module, use the ndssnmp utility. The -u option is used for unloading while the -l option is used for loading.

If you unload this module you will not receive any traps.

2.5   I get "error while loading shared libraries: libucdagent-0.4.2.1.so" error during the subagent startup on Linux.

This error is due to the fact that the  library files are not properly numbered. The solution to this problem would be to create the following links

ln -s /usr/lib/libucdagent.so.0.4.2 /usr/lib/libucdagent-0.4.2.1.so

ln -s    /usr/lib/libucdagent.so.0.4.2  /usr/lib/libucdagen.0.4.2.1.so
ln -s  /usr/lib/libsnmp.so.0.4.2/usr/lib/libsnmp-0.4.2.1.so

2.6   I get an "Unable to connect to NCPS-LNX:524, err: 111" error during subagent startup.

This is because either the ndsd daemon is down or  listening on a non standard port and by default the ndssnmp.cfg file is configured only with the server name and implicit default port. Check if the daemon is up and running and if it is then check if it is running on an non standard port. Then edit the file and add the port number after the name of the server separated by a colon.

2.7   Why does the change made to the trapsink parameter  not work on Linux?

Any changes made to the configuration files requires you to restart the master and the subagent. Restarting these daemons will allow the changes to the trapsink parameter to take effect.

3.   Administration and Management

3.1   How do I enable and disable Traps?

The command line utility ndssnmpconfig can be used to enable or disable the traps generated by eDirectory. The following interaction shows how to enable the trap number 1, the ndsCreateEntry Trap which gets generated whenever a new object is created in the directory.

#ndssnmpconfig -h ncps-lnx:5524 -a admin.org -p secret -c "ENABLE 1"
Logged in as .CN=admin.O=org.MORPHIUS-TREE.
Refreshing servers with the latest configuration.
The following traps have been enabled:

Trap No Trap Name
1 ndsCreateEntry

Similarly one can disable the traps by using the DISABLE command.

3.2   How do I list all the traps that are ENABLED?

The above mentioned utility can be used to list the traps that are enabled or disabled. The example shows the command that is used to list all the traps that are enabled currently.

#ndssnmpconfig -h ncps-lnx -a admin.org -p secret -c "LIST ENABLED"

3.3   How Do I list the contents of the eDirectory MIB?

On Linux you can use the snmpwalk application developed by U C Davis to display the contents of the eDirectory MIB. Alternatively you can use any of the MIB browsers to list the contents.

3.4   I can retrieve all the objects from the MIB, but they are shown as numbers.

There are two reasons for this

1. The eDirectory MIB module is not present in the default directory where the application looks for the MIB modules

2. Not all MIB modules are loaded by the applications

In order to resolve the above problem, perform the following operations:

1. cp the edir.mib from the /etc/ndssnmp directory to /usr/share/snmp/ as EDIR-MIB.txt ( this is the standard convension)

2. By default the snmpwalk application does not load all the modules, so include the -m all option/parameter to the snmpwalk command line.

3.5   How do I list the contents of the table in the eDirectory MIB?

Use the snmptable application to list the contents of the table.

snmptable -m all localhost public <table-name>

for example snmptable -m all localhost public ndsDbCacheTable

3.6   I get "No entries" error when I try to display the contents of the eDirectory table ndsDbCacheTable.

Make sure that the ndssnmpsa subagent is running by pgreping for the name of the daemon.

3.7   How many traps are generated by the ndssnmpsa subagent?

There are totally 117  traps that are generated by the ndssnmpsa subagent.

Additionally two traps Server start and stop are also generated when the subagent successfully connects or loses connection with the eDirectory server. Note that these two traps are NOT configurable and they are always generated.

4.   eDirectory SNMP Management Information Base

4.1   What is the OID of the eDirectory 8.7 MIB ?

The OID of the eDirectory MIB is ndsMIB(1.3.6.1.4.1.23.2.98).

4.2   What are the entities that are managed by the eDirectory SNMP subagent?

The eDirectory MIB is divided into 3 categories(4 tables)

i. ndsDatabase Statistics

ndsDbCacheTable (1.3.6.1.4.1.23.2.98.1.2.1.1)

ndsDbConfigTable (1.3.6.1.4.1.23.2.98.1.2.1.2)

ii. ndsProtocolStatistics

ndsProtolfOpsTable(1.3.6.1.4.1.23.2.98.1.2.3.1)

iii. ndsInteraction statistics

ndsServerIntTable1.3.6.1.4.1.23.2.98.1.2.4.1)

The table ndsDbCacheTable contains variables relating to the FLAIM Data Base cache settings. Some of information that this table holds is DIB size, database block cache size and statistics about cache hits and misses.

The table ndsDbConfig contains information about  cache size, block cache percentage and checkpoint interval

The ndsProtolfOpsTable contains information about protocol type, protocol description, number of logins etc.

and finally the ndsServerIntTable holds information about server creation times etc

The MIB also holds the 117 ndsTrap variables which corresponds to the traps that are generated by the ndssnmpsa subagent. These traps are generated when a corresponding event occurs in eDirectory.

4.3   Where can I find the eDirectory MIB?

The eDirectory MIB can be located in the directory /etc/ndssnmp and the file is called edir.mib.

5.   Receiving eDirectory generated TRAPS

5.1   How do I receive traps that are generated by the eDirectory SNMP subagent on Linux?

Starting the snmptrapd which is part of the ucd-snmp rpm will enable you to receive traps generated from the subagents. If the -P option is used while starting the daemon will allow you to receive the trap notifications on STDERR.

5.2   Can I receive SNMP traps on my remote management station?

Yes, you can. You will have to specify this in the snmp.conf file using the trapsink parameter. You can also receive traps on more than one station by simply adding another trapsink parameter with the name or IP address of the second management station


For More Information.

1. eDirectory 8.7 Administration Guide edir87.pdf

2. MG-SOFT Network Management Software - www.mg-soft.si

3. NET-SNMP FAQ - http://net-snmp.sourceforge.net/FAQ.html

4. Solaris Solstice Enterprise Agents - http://www.sun.com/software/entagents/ent_agents_FAQ.xml


This FAQ is created and maintained by avarunkumar@novell.com


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell