Installing and Configuring SNMP Services for eDirectory

SNMP service for eDirectory is installed when eDirectory is installed. You can modify the default configuration of SNMP services for eDirectory using iManager. For more information, see Dynamic Configuration.

A new object called SNMP Group-Object is added to the directory tree when eDirectory is installed. This object is used to set up and manage the Novell eDirectory SNMP traps. See SNMP Group Object for more information.


Installing SNMP after eDirectory Installation on Windows

If the SNMP service is not installed with eDirectory, the eDirectory install copies only the required SNMP subagent files and does not update the registry.

If you want to use SNMP services on eDirectory at a later point in time, you can install the SNMP service and update the registry using the following command:

rundll32 snmpinst, snmpinst -c createreg


Loading and Unloading the SNMP Server Module

The SNMP server module can be manually loaded and unloaded. By default, the SNMP server module loads automatically on all platforms. However, you can manually load the server module on Windows and UNIX platforms.

To load the SNMP server module, enter the following commands:

Server Command

NetWare

N.A

Windows

In the DHOST (NDSCONS) screen, select Ndssnmp.dlm > click Start.

Linux, Solaris, AIX, and HP-UX

In the DHOST remote management page, to load the SNMP trap server click on the SNMP Trap Server for Novell eDirectory 8.7.3 action icon to start.

or

At the prompt, enter /usr/bin/ndssnmp -l.

To unload the SNMP server module, enter the following commands:

Server Command

NetWare

N.A

Windows

In the DHOST (NDSCONS) screen, select ndssnmp.dlm, then click Stop.

Linux, Solaris, AIX, and HP-UX

In the DHOST remote management page, to unload the SNMP trap server, click the SNMP Trap Server for Novell eDirectory 8.7.3 action icon to stop.

or

At the prompt, enter /usr/bin/ndssnmp -u.


Subagent Configuration


Static Configuration

Static configuration is used before bringing up the subagent. You can manually configure it by editing the ndssnmp.cfg file on Windows, Solaris, Linux, AIX, or the dssnmp.cfg file on NetWare. The ndssnmp.cfg file is located in the following directories:

Windows: install_directory\SNMP\

NetWare: sys:\etc\

UNIX: /etc/ndssnmp/

NOTE:  If changes are made to the ndssnmp.cfg file, the subagent must be restarted.

You can provide configuration information to the subagent such as the following:

  • INTERACTIVE status

    Where status is either on or off. If the status is on, you are prompted to enter the username and password when starting the subagent. If the status is off, then the username and password will be taken from the secure store. Default = Off.

    Examples:

    INTERACTIVE on

    INTERACTIVE off

  • INTERACTION value

    Where value is the number of interaction table entries. Range = 1 to 10. Default = 4.Examples:INTERACTION 4INTERACTION 2

  • MONITOR status

    Where status is either on or off. Default = On.Examples:MONITOR onMONITOR off

  • SSLKEY certificate_file

    Where certificate_file is the exported certificate along with the path. You must enter the path where this exported certificate exists.Examples:SSLKEY /home/guest/snmp-cert.der (UNIX)SSLKEY c:\home\guest\snmp-cert.der (Windows NT and NetWare)

  • SERVER hostname/ipaddr

    Where hostname is the name of the host where the eDirectory server is installed and configured. Only the locally installed server is supported.This is a required command in the file, otherwise none of the servers are monitored. Default: hostname of the local server.Examples:SERVER myserverSERVER myserver:1524

    NOTE:  No spaces are allowed before or after ':' as part of the server command.


Dynamic Configuration

Dynamic configuration can be done in either of the following ways, anytime after the Directory service is up and running.


Command Line

A trap configuration command line utility can be used to configure SNMP traps for eDirectory.

The command line configuration utility can be used to:

  • Enable or disable trapsSet the trap intervalEnable or disable failure trapsList the enabled, disabled or all traps

NOTE:  For more details, see Configuring Traps.


iManager Plug-In

Traps can also be configured using Novell iManager. Novell iManager is a browser-based tool used for administering, managing, and configuring eDirectory objects. Novell iManager gives you the ability to assign specific tasks or responsibilities to users and to present the user with only the tools (with the accompanying rights) necessary to perform those sets of tasks.

  1. In Novell iManager, click the Roles and Tasks button Roles and Tasks button.

  2. Click SNMP Management > SNMP Overview.

  3. Click View SNMP Group Objects, then click the name of the SNMP Group object you want to configure.

  4. Specify the configurable parameters in the General/Traps page.

  5. Click Apply, then click OK to save the new configuration settings.

    NOTE:  For more information, see the Novell iManager online help.


Setting Up SNMP Services for eDirectory

Setting up SNMP services for eDirectory requires the following steps:

  1. Configuring the master agent
  2. Starting the master agent
  3. Configuring the subagent
  4. Starting the subagent


NetWare

On NetWare, the native master agent (snmp.nlm) is installed by default with the operating system.

HINT:  NetWare provides the default SNMP master agent. See SNMP Developers Components for more information.


Configuring the Master Agent

Community Name

  1. Enter inetcfg at the command prompt.

  2. Select the Manage Configuration option.

  3. Select the Configure SNMP parameters option.

  4. Edit the community string accordingly.

Trap Destination

  1. Edit the file sys:\etc\traptarg.cfg and specify the IP address or hostname of the destination computer that the traps are sent to.


Starting the Master Agent

The master agent snmp.nlm is started by default.


Loading the Subagent

  1. To load the subagent, enter dssnmpsa at the command prompt.

    A dialog box is displayed with the Login and Exit options.

  2. Select Login to proceed or Exit to discontinue.

  3. (Conditional) If you selected Login, you are prompted for the login information. Enter the username and password.

  4. Type Y in the Remember Password field to remember the password. When you start the subagent the next time, you are not prompted for the password. Type N to enter the password when the subagent is started the next time.

  5. Press Enter after entering Y or N.

  6. Press the function key F10 to log in to the tree.

  7. Press Enter to continue.

  8. The subagent is started.

NOTE:  If INTERACTION is set to ON in the sys:\etc\ndssnmp.cfg file, this dialog box is displayed. If INTERACTION is OFF, it is not displayed.


Windows


Configuring the Master Agent

NOTE:  The SNMP master agent should be installed before eDirectory is installed. Refer to SNMP Installation on Windows for more details.

  1. In the Microsoft SNMP Properties dialog box, click the Agent tab.

  2. Enter the Contact and Location information.

  3. Click the Traps, then enter the Community Name and Trap destination details.

    1. Enter the Community Name, then click Add.

    2. Enter the IP address or hostname of the destination computer that traps are generated for.

    3. Click Add to add the IP address or hostname.

  4. Enable the Allow Service to Interact with Desktop option.

    If it is not enabled, you will be unable to connect to SNMP on Windows.

    • On Windows NT: Click Start > Settings > Control Panel > Services. Then click SNMP > Startup and select the Allow Service to Interact with Desktop option.
    • On Windows 2000: Click Start > Settings > Control Panel > Administrative Tools > Services. Then right-click SNMP and select Properties. At the Log On tab, select the Allow Service to Interact with Desktop option.

Starting the Master Agent

To start the master agent, do either of the following:

  • For Windows NT: Click Start > Settings > Control Panel > Services > SNMP > Start.

    For Windows 2000: Click Start > Settings > Control Panel > Administrative Tools > Services > SNMP > Start.

  • Enter the following at the command prompt:

    Net start SNMP


Stopping the Master Agent

To stop the master agent, do either of the following:

  • For Windows NT: Click Start > Settings > Control Panel > Services > SNMP > Stop.

    For Windows 2000: Click Start > Settings > Control Panel > Administrative Tools > Services > SNMP > Stop.

  • Enter the following at the command prompt:

    Net stop SNMP


Starting the Subagent

When the master agent starts on Windows, the subagent also starts.

IMPORTANT:  The latest updated Service Pack needs to be installed after the installation of the SNMP service.


Solaris


Configuring the Master Agent

Before you load SNMP Package, Solstice Enterprise master agent 1.0.3 should be installed in the system. If it is not installed, you need to download it from the Solstice Enterprise Agents Web site.

  1. In the /etc/snmp/conf/snmpd.conf file, identify a hostname. Add the following trap entry:

    trap myserver

    Where myserver is the hostname for the trap destination.

  2. In the /etc/snmp/conf/snmpdx.acl file, add the following under the trap parameter section:

    trap-community = public
    hosts = myserver {
    enterprise = "Novell eDirectory"
    trap-num = 1-117, 2001, 2002 }

    where trap-community is the community name used in traps, myserver is the trap destination host name, Novell eDirectory is the enterprise MIB, and trap-num is the trap range.

IMPORTANT:  If any configuration files are changed, the master agent and subagent should be restarted.


Starting the Master Agent

To start the master agent, execute the following command:

/usr/lib/snmp/snmpdx -y -c /etc/snmp/conf


Configuring the Subagent

On Solaris, the subagent ndssnmpsa is a daemon process.

To configure the subagent, the following configuration files (located in /etc/snmp/conf/) are required:

  • ndsmib.reg is the registration file for the subagent

  • ndsmib.acl is the configuration file of the SNMP subagent


Starting the Subagent

You cannot invoke the subagent using Master agent resource file. You can invoke subagentsonly after master agent has been invoked.

To start the subagent, execute the following command:

/etc/init.d/ndssnmpsa start

Enter the username and password when prompted. Upon successful authentication, the following message is displayed if INTERACTION = ON in the /etc/ndssnmp/ndssnmp.cfg file:

Do you want to remember password? (Y/N)

Enter Y to remember the password. When you start the subagent the next time, you are not prompted for the password.

Enter N to enter the password when the subagent is started the next time.


Stopping the Subagent

To stop the subagent, execute the following command:

/etc/init.d/ndssnmpsa stop


Linux

On Linux (except SLES 9 32-bit or OES Linux, but including SLES 9 64-bit), net-snmp-5.0.9-4.rh73.i386.rpm should be installed. On SLES 9 32-bit (OES Linux) the default master agent on the system (net-snmp-5.1-80.xx) is used.

The procedure to configure for SLES 9 (OES Linux) and other flavors of Linux vary. For more information, refer to:


Setting up SNMP Services on SLES 9 32-Bit or OES Linux


Configuring the Master Agent

To configure the master agent on SLES 9 32-bit or OES Linux, make the changes to your snmpd.conf file as mentioned in .

The snmpd.conf file is located in the /etc/snmp directory on OES Linux or SLES 9 and in the /etc directory on other Linux platforms.


Snmpd.conf Changes

In the snmpd.conf file, enter the hostname

trapsink myserver public

Where, myserver is the hostname for the trap destination.

In the snmpd.conf file, add the following line:

master agentx

Additionally, make the following changes:

Original Content Changed Content

com2sec notConfigUser default public

com2sec demouser default public

group notConfigGroup v1 notConfigUser

group demogroup v1 demouser

view systemview included system

view all included .1

access notConfigGroup "" any noauth exact systemview none none

access demogroup "" any noauth exact all all all

If the above content is not present in the snmpd.conf file, add it.

IMPORTANT:  If any configuration files are changed, the master agent and subagent should be restarted.


Starting the Master Agent

To start the master agent, execute the following command:

/usr/sbin/snmpd -C -c /etc/snmpd.conf


Starting the Subagent

To start the subagent, execute the following command:

/etc/init.d/ndssnmpsa start

Enter the username and password when prompted. Upon successful authentication, the following message is displayed if INTERACTION = ON in the /etc/ndssnmp/ndssnmp.cfg file:

Do you want to remember password? (Y/N)

Enter Y to remember the password. When you start the subagent the next time, you are not prompted for the password.

Enter N to enter the password when the subagent is started the next time.

IMPORTANT:  For SLES 9 32-Bit or OES Linux, refer to the Readme for known issues while starting the subagent.


Stopping the Subagent

To stop the subagent, execute the following command:

/etc/init.d/ndssnmpsa stop


Setting up SNMP Services on Linux (Other than SLES 9 32-Bit or OES)

This section includes the SLES 9 64-bit configuration.


Configuring the Master Agent

Download net-snmp-5.0.9-4.rh73.i386.rpm from http://sourceforge.net/projects/net-snmp.

The net-snmp-5.0.9-4.rh73.i386.rpm requires rpm-4.0.4-7x.i386.rpm to be installed on the system. You can download this from http://rpmfind.net/linux/RPM/rpm.org/rpm/dist/rpm-4.0.x/rpm-4.0.4-7x.i386.html.

Additionally, you need to make changes to the snmpd.conf file as specified in .


Starting the Master Agent

To start the master agent, firstly install and configure net-snmp-5.0.9-4.rh73.i386.rpm.

You can do so using any of the two options mentioned below. However, we recommend you to use Option 1 as the second option requires you to uninstall the sytem installed SNMP packages and this may need you to uninstall all the dependent rpms too.


Option 1

  1. Install net-snmp-5.0.9-4.rh73.i386.rpm and rpm-4.0.4-7x.i386.rpm on to a custom location for example, /home/ndssnmp.

    Install net-snmp-5.0.9-4.rh73.i386.rpm as follows:

    # cd /home/ndssnmp 
    # rpm2cpio net-snmp-5.0.9-4.rh73.i386.rpm | cpio -ivd

  2. Install rpm-4.0.4-7x.i386.rpm (this is dependent rpm which snmpd requires)

    # cd /home/ndssnmp 
    # rpm2cpio  rpm-4.0.4-7x.i386.rpm | cpio -ivd

  3. Export LD_LIBRARY_PATH as follows:

    # export LD_LIBRARY_PATH=/home/ndssnmp/usr/lib

  4. Start the master agent as follows:

    # /home/ndssnmp/usr/sbin/snmpd -C -c snmpd.conf

    For example, if your snmpd.conf file is present in the /etc directory, the command would be similar to the following:

    # /home/ndssnmp/usr/sbin/snmpd -C -c /etc/snmpd.conf

    NOTE:  Ensure that the snmpd.conf file has the relevant information required for ndssnmpsa to start. Refer to Setting up SNMP Services on SLES 9 32-Bit or OES Linux for more information.

  5. (Conditional) While starting master agent you may encounter the following error:

    snmpd: error while loading shared libraries: libcrypto.so.2: cannot open shared object file: No such file or directory

    You will get this error if libcrypto.so.2 not being installed on your system.

    For this you have to make an explicit link to system installed crypto library as mentioned below:

    # cd /usr/lib

    Additionally, add any one of the following based on your Linux version:

    • For Red Hat Advanced Server 3.0: 

      # ln -s libcrypto.so libcrypto.so.2

    • For SUSE Linux Enterprise Server 8: 

      # ln -s libcrypto.so.0.9.6 libcrypto.so.2

  6. (Conditional) While starting master agent on SLES 9 64-bit, you may encounter the following error:

    error while loading shared libraries: 
    libdb.so.2: cannot open shared object file: No such file or directory

    You will get this error if libdb.so.2 not being installed on your system.

    For this you have to make an explicit link to system installed db library as mentioned below (using libdb.so.3 as an example):

    # cd /usr/lib 
    # ln -s libdb.so.3 libdb.so.2

  7. (Conditional) If the SNMP master agent is already configured on a default port #161 then start the master agent on different port as:

    # /home/ndssnmp/usr/sbin/snmpd -C -c /etc/snmpd.conf 1161


Option 2

  1. Uninstall system installed snmp package

  2. If the SNMP package is already installed and the version is anything other than net-snmp-5.0.9-4.rh73.i386.rpm, then uninstall the SNMP package and install net-snmp-5.0.9-4.rh73.i386.rpm.

    NOTE:  If any dependent RPM is required, then download those and install them as well.

  3. Start the master agent as follows:

    /usr/sbin/snmpd -C -c /etc/snmpd.conf


Starting the Subagent

To start the subagent, execute the following command:

/etc/init.d/ndssnmpsa start

Enter the username and password when prompted. Upon successful authentication, the following message is displayed if INTERACTION = ON in the /etc/ndssnmp/ndssnmp.cfg file:

Do you want to remember password? (Y/N)

Enter Y to remember the password. When you start the subagent the next time, you are not prompted for the password.

Enter N to enter the password when the subagent is started the next time.


Stopping the Subagent

To stop the subagent, execute the following command:

/etc/init.d/ndssnmpsa stop


AIX


Configuring the Master Agent

In the /etc/snmpd.conf file, add the following trap destination entry:

trap community myserver view_name trap_mask

where

  • community is the community name that will be encoded in the trap packet
  • myserver is the hostname for trap destination
  • view_name is the unique object identifier in dotted numeric notation

    For example: 1.3.6.1.4.1.23.2.98. This is an optional parameter. If this is not included, the view defaults to the entire MIB tree.

  • trap_mask is in the hexadecimal format

    The bits from left to right stand for coldStart trap, warmStart trap, linkDown trap, linkUp trap, authenticationFailure trap, egpNeighborLoss trap, and enterpriseSpecific trap. In the example, the value "98" on the right does not have any meaning. The value "1" enables the corresponding trap to be sent. Otherwise, the trap is blocked.

Example:

fe block no traps (1111 1110)

7e block coldStart trap (0111 1110)

be block warmStart trap (1011 1110)

3e block coldStart trap and warmStart trap (0011 1110)


Starting the Master Agent

To start the master, execute the following command:

/usr/sbin/snmpd


Starting the Subagent

To start the subagent, execute the following command:

/etc/ndssnmpsa start

Enter the username and password when prompted. Upon successful authentication, the following message is displayed if INTERACTION= ON in the /etc/ndssnmp/ndssnmp.cfg file:

Do you want to remember password? (Y/N)

Enter Y to remember the password. When you start the subagent the next time, you are not prompted for the password.

Enter N to enter the password when the subagent is started the next time.


Stopping the Subagent

To stop the subagent, execute the following command:

/etc/ndssnmpsa stop


HP-UX

On HP-UX, the native master agent is EMANATE SNMP master agent. Configuring the master agent on HP-UX involves proxy SNMP agent configuration. The Proxy agent configuration is done through Native Adapter Agent (NAA). This NAA allows third-party SNMP agents to work with the HP-UX SNMP master agent (snmpdm). The third-party SNMP agent in our case is NET-SNMP master agent. The NET-SNMP master agent must listen on the same non-standard UDP port that NAA has been configured.

For details refer to section Starting/Configuring the Native Agent Adapter (NAA) and Starting/Configuring the NET-SNMP Master Agent.

The following figure illustrates the flow of data between the eDirectory SNMP subagent, NET-SNMP master agent, NAA agent, the HP-UX EMANATE master agent, and the SNMP console.

Figure 52
SNMP Data Flow

Starting the HP-UX SNMP Master Agent

To start the HP-UX SNMP master agent, execute the following command:

/etc/snmpd

or

/usr/sbin/snmpdm

NOTE:  To stop the HP-UX SNMP master agent, enter /etc/snmpd -k


Starting/Configuring the Native Agent Adapter (NAA)

Before starting the NAA agent (naaagt), export the following environment variables:

  • HP_NAA_CNF - the NAA configuration file
  • HP_NAA_PORT - a non-standard UDP port that the net-snmp master agent listens to
  • HP_NAA_GET_COMMUNITY - the community name to be used in the SNMP requests forwarded from NAA to the net-snmp master agent

For example:

export HP_NAA_CNF=/etc/ndssnmp/ndssnmpNAA.cfg 
export HP_NAA_PORT=8161 ## Specify any non-standard UDP port
export HP_NAA_GET_COMMUNITY=public

For details on the NAA agent, refer to the naaagt man page.

Enter the following command to start the NAA agent:

/usr/sbin/naaagt

NOTE:  Root access is required to start the NAA agent.


Starting/Configuring the NET-SNMP Master Agent

Before configuring the NET-SNMP master agent, you need to first download and install it.

  1. Download the NET-SNMP version 5.0.8 tar file (net-snmp-5.0.8-HP-UX_B.11.00_9000_712.tar.gz) from SorceForge.net.

  2. Install NET-SNMP version 5.0.8 binaries by untaring the above mentioned tar file.

    After untaring the tar file, NET-SNMP version 5.0.8 binaries are installed to current_working_directory/usr/local.

To configure the NET-SNMP master agent:

  • In the /etc/ndssnmp/snmpd-net-snmp.conf file, enter the hostname

    trapsink myserver public

    where myserver is the hostname for the trap destination.

  • In the /etc/ndssnmp/snmpd-net-snmp.conf file, add the following line if it is not already added:

    master agentx

NOTE:  Because the NET-SNMP-5.0.8 binary download does not come with a sample master agent configuration file, the NET-SNMP sample master agent configuration file is bundled with the eDirectory SNMP component. After eDirectory is installed, you can get the sample NET-SNMP configuration file (snmpd-net-snmp.conf file) from the /etc/ndssnmp directory.

To start NET-SNMP-5.0.8 Master Agent, use the following syntax:

installed_NET-SNMP_directory/usr/local/sbin/snmpd -C -c /etc/ndssnmp/snmpd-net-snmp.conf 8161

IMPORTANT:  If any configuration files are changed, the master agent and subagent should be restarted.


Starting the Subagent

To start the subagent, execute the following command:

/sbin/init.d/ndssnmpsa start

Enter the username and password when prompted. Upon successful authentication, the following message is displayed if INTERACTION = ON in the /etc/ndssnmp/ndssnmp.cfg file:

Do you want to remember password? (Y/N)

Enter Y to remember the password. When you start the subagent the next time, you are not prompted for the password.

Enter N to enter the password when the subagent is started the next time.


Stopping the Subagent

To stop the subagent, execute the following command:

/sbin/init.d/ndssnmpsa stop