Getting SNMP Running on Linux with eDirectory 8.7.3

Novell Cool Solutions: Tip

Digg This - Slashdot This

Posted: 14 Jul 2004

Note: This article, contributed by reader Roberto Zini, is one way to set up an eDirectory subagent for SNMP. Let us know if you have found another method!

eDirectory for both SUSE Linux 9.0 Professional and SUSE Linux Enterprise Server 8.2 comes with a version of the "ucdsnmp" package. However, this ucdsnmp version is incompatible with eDirectory 8.7.3, so the attempt to run the eDirectory agent fails.

Here's a procedure you can use to get SNMP running with eDirectory, both on SUSE Linux 9.0 Professional and SUSE Linux Enterprise Server 8.2. Thanks to reader Roberto Zini for the tip!

	Procedure

1 Remove the ucdsnmp package with the "rpm -e ucdsnmp --nodeps" command.

If you want, you can make a backup copy of the package, just in case you want to reinstall it without the RPM file (eg, "rpm -q ucdsnmp -l | cpio -ovB > /tmp/ucdsnmp.tar").

2 Get the 4.2.3-1 package, available from http://net-snmp.sourceforge.net.

3 Make the following symlinks under /usr/lib:

libcrypto.so.2 -> libcrypto.so.0
libpopt.so.0 -> libpopt.so.1

4 Install the following RPMs using the "rpm -hiv <name> --nodeps" command (use "--nodeps" if there are errors about missing deps):

ucd-snmp-4.2.3-1.i386.rpm
ucd-snmp-utils-4.2.3-1.i386.rpm

5 Make the following symlinks:

libucdagent.0.4.2.1.so -> libucdagent.0.4.2.3.so
libucdmibs-0.4.2.1.so -> libucdmibs.0.4.2.3.so
libsnmp-0.4.2.1.so -> libsnmp-0.4.2.3.so

6 Move the startup script under /etc/init.d (under the name of snmpd).

By default, the 4.2.3-1 package puts the startup script under /etc/rc.d/init.d

7 Edit the script as follows:

#!/bin/bash

# ucd-snmp init file for snmpd
#
# chkconfig: - 50 50
# description: Simple Network Management Protocol (SNMP) Daemon
#
# processname: /usr/sbin/snmpd
# config: /etc/snmp/snmpd.conf
# config: /usr/share/snmp/snmpd.conf
# pidfile: /var/run/snmpd

# source function library
. /etc/rc.status

OPTIONS="-l /var/log/snmpd.log -P /var/run/snmpd -a -c /etc/snmp/snmpd.conf"
RETVAL=0
prog="snmpd"

start() {
    echo -n $"Starting $prog: "
        /usr/sbin/snmpd $OPTIONS
    RETVAL=$?
    echo
    touch /var/lock/subsys/snmpd
    return $RETVAL
}

stop() {
    echo -n $"Stopping $prog: "
    killproc /usr/sbin/snmpd
    RETVAL=$?
    echo
    rm -f /var/lock/subsys/snmpd
    return $RETVAL
}

reload(){
    stop
    start
}

restart(){
    stop
    start
}

condrestart(){
[ -e /var/lock/subsys/snmpd ] && restart
return 0
}

case "$1" in
    start)
        start
        ;;
    stop)
        stop
        ;;
    restart)
        restart
            ;;
    reload)
        reload
            ;;
    condrestart)
        condrestart
        ;;
    status)
            status snmpd
            ;;
    *)
        echo $"Usage: $0 {start|stop|status|restart|condrestart|reload}"
        RETVAL=1
esac

exit $RETVAL

Notice the use of the "-c" switch as to tell the daemon to read the following config file:

/etc/snmp/snmpd.conf

8 Use or adapt the following /etc/snmp/snmpd.conf file:

syslocation Server Room
syscontact Sysadmin (root@localhost)
rocommunity public 127.0.0.1

#eDir SNMP
trapsink 127.0.0.1 public
master agentx
com2sec demouser default public
group demogroup v1 demouser
view all included .1
access demogroup "" any noauth exact all all all

The above allows an RO access from localhost to every MIBS handled. If you need a tight security level, edit the file according to your needs.

9 Find the MIB file made for eDirectory, under /etc/ndssnmp, and move it under

/usr/share/snmp/mibs/EDIR-MIB.txt

10 Modify the .index file in that folder by adding the following line:

EDIRECTORY-MIB EDIR-MIB.txt

11 Set the MIBS env variable to "ALL" by using

export MIBS=ALL

12 You should be able to restrict the number of MIBS files loaded at runtime by the snmp tools, so adjust it according to your needs.

13 Execute the /etc/init.d/snmpd start; to see if everything works fine, by running following:

snmpwalk localhost public system

You could also omit the "system" parameter; if everything works as expected, the screen should be filled up with tons of SNMP info (MIBS=ALL) about your system (localhost).
As instructed by the eDir admin guide, execute the following:

/etc/init.d/ndssnmpsa start

14 Give the FDN of the "admin" user (including the context, eg "admin.Admins") and the password; I also told the program to remember the password as to not reenter it during the startup of the OS.

	Stats and Traps

1 To see the eDir stats, issue the following command:

snmpwalk localhost public novell

2 To tell eDirectory which events should generate a TRAP, you can use the "ndssnmpconfig" command with the following syntax:

ndssnmpconfig -a <userFDN> -p <password> -c <command>

where <command> ca be LIST ENABLED, ENABLE, FAILURE ...

3 To test this, you can manually execute the "snmptrapd" daemon (eg, "snmptrapd -P") and tell eDirectory to trigger a TRAP for every login to the directory server (ID=50):

ndssnmpconfig -a -p -c "ENABLE 50"

4 Use "ndslogin " to test it and the snmptrapd happily reported the event on stdout.

You can use the -F "format string" switch for snmptrapd as to have the output formatted according to your needs, as in the following excerpt:

snmptrapd -P -F "%02.2h:%02.2j TRAP %w.%q (%W) da %A\n"

where

%02.2h (hours)
%02.2j (minutes)
%w.%q (trap type.subtype)
%W (TRAP description)
%A (name/IP of the agent)

You can also use the "tkmib" Perl/Tk script to browse the MIBS; if you install the 4.2.3-1 version of ucdsnmp, the following symlink is required:

ln -s libsnmp.so.0 libsnmp.0.4.2.6.so

Like what you see?
Sign up for our weekly newsletter.