SNMP service for eDirectory is installed when eDirectory is installed. You can modify the default configuration of SNMP services for eDirectory using iManager. For more information, see Dynamic Configuration.
A new object called SNMP Group-Object is added to the directory tree when eDirectory is installed. This object is used to set up and manage the Novell eDirectory SNMP traps. See SNMP Group Object for more information.
If the SNMP service is not installed with eDirectory, the eDirectory install copies only the required SNMP subagent files and does not update the registry.
If you want to use SNMP services on eDirectory at a later point in time, you can install the SNMP service and update the registry using the following command:
rundll32 snmpinst, snmpinst -c createreg
The SNMP server module can be manually loaded and unloaded. By default, the SNMP server module loads automatically on all platforms. However, you can manually load the server module on Windows and UNIX platforms.
To load the SNMP server module, enter the following commands:
To unload the SNMP server module, enter the following commands:
Static configuration is used before bringing up the subagent. You can manually configure it by editing the ndssnmp.cfg file on Windows, Solaris, Linux, AIX, or the dssnmp.cfg file on NetWare. The ndssnmp.cfg file is located in the following directories:
Windows: install_directory\SNMP\
NetWare: sys:\etc\
UNIX: /etc/ndssnmp/
NOTE: If changes are made to the ndssnmp.cfg file, the subagent must be restarted.
You can provide configuration information to the subagent such as the following:
Where status is either on or off. If the status is on, you are prompted to enter the username and password when starting the subagent. If the status is off, then the username and password will be taken from the secure store. Default = Off.
Examples:
INTERACTIVE on
INTERACTIVE off
Where value is the number of interaction table entries. Range = 1 to 10. Default = 4.Examples:INTERACTION 4INTERACTION 2
Where status is either on or off. Default = On.Examples:MONITOR onMONITOR off
Where certificate_file is the exported certificate along with the path. You must enter the path where this exported certificate exists.Examples:SSLKEY /home/guest/snmp-cert.der (UNIX)SSLKEY c:\home\guest\snmp-cert.der (Windows NT and NetWare)
Where hostname is the name of the host where the eDirectory server is installed and configured. Only the locally installed server is supported.This is a required command in the file, otherwise none of the servers are monitored. Default: hostname of the local server.Examples:SERVER myserverSERVER myserver:1524
NOTE: No spaces are allowed before or after ':' as part of the server command.
Dynamic configuration can be done in either of the following ways, anytime after the Directory service is up and running.
A trap configuration command line utility can be used to configure SNMP traps for eDirectory.
The command line configuration utility can be used to:
NOTE: For more details, see Configuring Traps.
Traps can also be configured using Novell iManager. Novell iManager is a browser-based tool used for administering, managing, and configuring eDirectory objects. Novell iManager gives you the ability to assign specific tasks or responsibilities to users and to present the user with only the tools (with the accompanying rights) necessary to perform those sets of tasks.
In Novell iManager, click the Roles and Tasks button .
Click SNMP Management > SNMP Overview.
Click View SNMP Group Objects, then click the name of the SNMP Group object you want to configure.
Specify the configurable parameters in the General/Traps page.
Click Apply, then click OK to save the new configuration settings.
NOTE: For more information, see the Novell iManager online help.
Setting up SNMP services for eDirectory requires the following steps:
On NetWare, the native master agent (snmp.nlm) is installed by default with the operating system.
HINT: NetWare provides the default SNMP master agent. See SNMP Developers Components for more information.
Community Name
Enter inetcfg at the command prompt.
Select the Manage Configuration option.
Select the Configure SNMP parameters option.
Edit the community string accordingly.
Trap Destination
To load the subagent, enter dssnmpsa at the command prompt.
A dialog box is displayed with the Login and Exit options.
Select Login to proceed or Exit to discontinue.
(Conditional) If you selected Login, you are prompted for the login information. Enter the username and password.
Type Y in the Remember Password field to remember the password. When you start the subagent the next time, you are not prompted for the password. Type N to enter the password when the subagent is started the next time.
Press Enter after entering Y or N.
Press the function key F10 to log in to the tree.
Press Enter to continue.
The subagent is started.
NOTE: If INTERACTION is set to ON in the sys:\etc\ndssnmp.cfg file, this dialog box is displayed. If INTERACTION is OFF, it is not displayed.
NOTE: The SNMP master agent should be installed before eDirectory is installed. Refer to SNMP Installation on Windows for more details.
In the Microsoft SNMP Properties dialog box, click the Agent tab.
Enter the Contact and Location information.
Click the Traps, then enter the Community Name and Trap destination details.
Enable the Allow Service to Interact with Desktop option.
If it is not enabled, you will be unable to connect to SNMP on Windows.
To start the master agent, do either of the following:
For Windows 2000: Click Start > Settings > Control Panel > Administrative Tools > Services > SNMP > Start.
Net start SNMP
To stop the master agent, do either of the following:
For Windows 2000: Click Start > Settings > Control Panel > Administrative Tools > Services > SNMP > Stop.
Net stop SNMP
Before you load SNMP Package, Solstice Enterprise master agent 1.0.3 should be installed in the system. If it is not installed, you need to download it from the Solstice Enterprise Agents Web site.
In the /etc/snmp/conf/snmpd.conf file, identify a hostname. Add the following trap entry:
trap myserver
Where myserver is the hostname for the trap destination.
In the /etc/snmp/conf/snmpdx.acl file, add the following under the trap parameter section:
trap-community = public
hosts = myserver {
enterprise = "Novell eDirectory"
trap-num = 1-117, 2001, 2002 }
where trap-community is the community name used in traps, myserver is the trap destination host name, Novell eDirectory is the enterprise MIB, and trap-num is the trap range.
IMPORTANT: If any configuration files are changed, the master agent and subagent should be restarted.
To start the master agent, execute the following command:
/usr/lib/snmp/snmpdx -y -c /etc/snmp/conf
On Solaris, the subagent ndssnmpsa is a daemon process.
To configure the subagent, the following configuration files (located in /etc/snmp/conf/) are required:
You cannot invoke the subagent using Master agent resource file. You can invoke subagentsonly after master agent has been invoked.
To start the subagent, execute the following command:
/etc/init.d/ndssnmpsa start
Enter the username and password when prompted. Upon successful authentication, the following message is displayed if INTERACTION = ON in the /etc/ndssnmp/ndssnmp.cfg file:
Do you want to remember password? (Y/N)
Enter Y to remember the password. When you start the subagent the next time, you are not prompted for the password.
Enter N to enter the password when the subagent is started the next time.
On Linux (except SLES 9 32-bit or OES Linux, but including SLES 9 64-bit), net-snmp-5.0.9-4.rh73.i386.rpm should be installed. On SLES 9 32-bit (OES Linux) the default master agent on the system (net-snmp-5.1-80.xx) is used.
The procedure to configure for SLES 9 (OES Linux) and other flavors of Linux vary. For more information, refer to:
To configure the master agent on SLES 9 32-bit or OES Linux, make the changes to your snmpd.conf file as mentioned in .
The snmpd.conf file is located in the /etc/snmp directory on OES Linux or SLES 9 and in the /etc directory on other Linux platforms.
In the snmpd.conf file, enter the hostname
trapsink myserver public
Where, myserver is the hostname for the trap destination.
In the snmpd.conf file, add the following line:
master agentx
Additionally, make the following changes:
If the above content is not present in the snmpd.conf file, add it.
IMPORTANT: If any configuration files are changed, the master agent and subagent should be restarted.
To start the master agent, execute the following command:
/usr/sbin/snmpd -C -c /etc/snmpd.conf
To start the subagent, execute the following command:
/etc/init.d/ndssnmpsa start
Enter the username and password when prompted. Upon successful authentication, the following message is displayed if INTERACTION = ON in the /etc/ndssnmp/ndssnmp.cfg file:
Do you want to remember password? (Y/N)
Enter Y to remember the password. When you start the subagent the next time, you are not prompted for the password.
Enter N to enter the password when the subagent is started the next time.
IMPORTANT: For SLES 9 32-Bit or OES Linux, refer to the Readme for known issues while starting the subagent.
To stop the subagent, execute the following command:
/etc/init.d/ndssnmpsa stop
This section includes the SLES 9 64-bit configuration.
Download net-snmp-5.0.9-4.rh73.i386.rpm from http://sourceforge.net/projects/net-snmp.
The net-snmp-5.0.9-4.rh73.i386.rpm requires rpm-4.0.4-7x.i386.rpm to be installed on the system. You can download this from http://rpmfind.net/linux/RPM/rpm.org/rpm/dist/rpm-4.0.x/rpm-4.0.4-7x.i386.html.
Additionally, you need to make changes to the snmpd.conf file as specified in .
To start the master agent, firstly install and configure net-snmp-5.0.9-4.rh73.i386.rpm.
You can do so using any of the two options mentioned below. However, we recommend you to use Option 1 as the second option requires you to uninstall the sytem installed SNMP packages and this may need you to uninstall all the dependent rpms too.
Install net-snmp-5.0.9-4.rh73.i386.rpm and rpm-4.0.4-7x.i386.rpm on to a custom location for example, /home/ndssnmp.
Install net-snmp-5.0.9-4.rh73.i386.rpm as follows:
# cd /home/ndssnmp
# rpm2cpio net-snmp-5.0.9-4.rh73.i386.rpm | cpio -ivd
Install rpm-4.0.4-7x.i386.rpm (this is dependent rpm which snmpd requires)
# cd /home/ndssnmp
# rpm2cpio rpm-4.0.4-7x.i386.rpm | cpio -ivd
Export LD_LIBRARY_PATH as follows:
# export LD_LIBRARY_PATH=/home/ndssnmp/usr/lib
Start the master agent as follows:
# /home/ndssnmp/usr/sbin/snmpd -C -c snmpd.conf
For example, if your snmpd.conf file is present in the /etc directory, the command would be similar to the following:
# /home/ndssnmp/usr/sbin/snmpd -C -c /etc/snmpd.conf
NOTE: Ensure that the snmpd.conf file has the relevant information required for ndssnmpsa to start. Refer to Setting up SNMP Services on SLES 9 32-Bit or OES Linux for more information.
(Conditional) While starting master agent you may encounter the following error:
snmpd: error while loading shared libraries: libcrypto.so.2: cannot open shared object file: No such file or directory
You will get this error if libcrypto.so.2 not being installed on your system.
For this you have to make an explicit link to system installed crypto library as mentioned below:
# cd /usr/lib
Additionally, add any one of the following based on your Linux version:
(Conditional) While starting master agent on SLES 9 64-bit, you may encounter the following error:
error while loading shared libraries:
libdb.so.2: cannot open shared object file: No such file or directory
You will get this error if libdb.so.2 not being installed on your system.
For this you have to make an explicit link to system installed db library as mentioned below (using libdb.so.3 as an example):
# cd /usr/lib
# ln -s libdb.so.3 libdb.so.2
(Conditional) If the SNMP master agent is already configured on a default port #161 then start the master agent on different port as:
# /home/ndssnmp/usr/sbin/snmpd -C -c /etc/snmpd.conf 1161
Uninstall system installed snmp package
If the SNMP package is already installed and the version is anything other than net-snmp-5.0.9-4.rh73.i386.rpm, then uninstall the SNMP package and install net-snmp-5.0.9-4.rh73.i386.rpm.
NOTE: If any dependent RPM is required, then download those and install them as well.
Start the master agent as follows:
/usr/sbin/snmpd -C -c /etc/snmpd.conf
To start the subagent, execute the following command:
/etc/init.d/ndssnmpsa start
Enter the username and password when prompted. Upon successful authentication, the following message is displayed if INTERACTION = ON in the /etc/ndssnmp/ndssnmp.cfg file:
Do you want to remember password? (Y/N)
Enter Y to remember the password. When you start the subagent the next time, you are not prompted for the password.
Enter N to enter the password when the subagent is started the next time.
To stop the subagent, execute the following command:
/etc/init.d/ndssnmpsa stop
In the /etc/snmpd.conf file, add the following trap destination entry:
trap community myserver view_name trap_mask
where
For example: 1.3.6.1.4.1.23.2.98. This is an optional parameter. If this is not included, the view defaults to the entire MIB tree.
The bits from left to right stand for coldStart trap, warmStart trap, linkDown trap, linkUp trap, authenticationFailure trap, egpNeighborLoss trap, and enterpriseSpecific trap. In the example, the value "98" on the right does not have any meaning. The value "1" enables the corresponding trap to be sent. Otherwise, the trap is blocked.
Example:
fe block no traps (1111 1110)
7e block coldStart trap (0111 1110)
be block warmStart trap (1011 1110)
3e block coldStart trap and warmStart trap (0011 1110)
To start the subagent, execute the following command:
/etc/ndssnmpsa start
Enter the username and password when prompted. Upon successful authentication, the following message is displayed if INTERACTION= ON in the /etc/ndssnmp/ndssnmp.cfg file:
Do you want to remember password? (Y/N)
Enter Y to remember the password. When you start the subagent the next time, you are not prompted for the password.
Enter N to enter the password when the subagent is started the next time.
On HP-UX, the native master agent is EMANATE SNMP master agent. Configuring the master agent on HP-UX involves proxy SNMP agent configuration. The Proxy agent configuration is done through Native Adapter Agent (NAA). This NAA allows third-party SNMP agents to work with the HP-UX SNMP master agent (snmpdm). The third-party SNMP agent in our case is NET-SNMP master agent. The NET-SNMP master agent must listen on the same non-standard UDP port that NAA has been configured.
For details refer to section Starting/Configuring the Native Agent Adapter (NAA) and Starting/Configuring the NET-SNMP Master Agent.
The following figure illustrates the flow of data between the eDirectory SNMP subagent, NET-SNMP master agent, NAA agent, the HP-UX EMANATE master agent, and the SNMP console.
Figure 52To start the HP-UX SNMP master agent, execute the following command:
/etc/snmpd
or
/usr/sbin/snmpdm
NOTE: To stop the HP-UX SNMP master agent, enter /etc/snmpd -k
Before starting the NAA agent (naaagt), export the following environment variables:
For example:
export HP_NAA_CNF=/etc/ndssnmp/ndssnmpNAA.cfg
export HP_NAA_PORT=8161 ## Specify any non-standard UDP port
export HP_NAA_GET_COMMUNITY=public
For details on the NAA agent, refer to the naaagt man page.
Enter the following command to start the NAA agent:
/usr/sbin/naaagt
NOTE: Root access is required to start the NAA agent.
Before configuring the NET-SNMP master agent, you need to first download and install it.
Download the NET-SNMP version 5.0.8 tar file (net-snmp-5.0.8-HP-UX_B.11.00_9000_712.tar.gz) from SorceForge.net.
Install NET-SNMP version 5.0.8 binaries by untaring the above mentioned tar file.
After untaring the tar file, NET-SNMP version 5.0.8 binaries are installed to current_working_directory/usr/local.
To configure the NET-SNMP master agent:
trapsink myserver public
where myserver is the hostname for the trap destination.
master agentx
NOTE: Because the NET-SNMP-5.0.8 binary download does not come with a sample master agent configuration file, the NET-SNMP sample master agent configuration file is bundled with the eDirectory SNMP component. After eDirectory is installed, you can get the sample NET-SNMP configuration file (snmpd-net-snmp.conf file) from the /etc/ndssnmp directory.
To start NET-SNMP-5.0.8 Master Agent, use the following syntax:
installed_NET-SNMP_directory/usr/local/sbin/snmpd -C -c /etc/ndssnmp/snmpd-net-snmp.conf 8161
IMPORTANT: If any configuration files are changed, the master agent and subagent should be restarted.
To start the subagent, execute the following command:
/sbin/init.d/ndssnmpsa start
Enter the username and password when prompted. Upon successful authentication, the following message is displayed if INTERACTION = ON in the /etc/ndssnmp/ndssnmp.cfg file:
Do you want to remember password? (Y/N)
Enter Y to remember the password. When you start the subagent the next time, you are not prompted for the password.
Enter N to enter the password when the subagent is started the next time.