SNMP service for eDirectory is installed when eDirectory is installed. You can modify the default configuration of SNMP services for eDirectory using iManager. For more information, see Dynamic Configuration.
A new object called SNMP Group-Object is added to the directory tree when eDirectory is installed. This object is used to set up and manage the NetIQ eDirectory SNMP traps. See SNMP Group Object for more information.
If the SNMP service is not installed with eDirectory, the eDirectory install copies only the required SNMP subagent files and does not update the registry.
If you want to use SNMP services on eDirectory at a later point in time, you can install the SNMP service and update the registry using the following command:
rundll32 snmpinst, snmpinst -c createreg
The SNMP server module can be manually loaded and unloaded. By default, the SNMP server module loads automatically on all platforms. However, you can manually load the server module on Windows and Linux.
To load the SNMP server module, enter the following commands:
Server |
Command |
---|---|
Windows |
In the DHost (NDSCONS) screen, select ndssnmp.dlm > click Start. |
Linux |
In the DHost remote management page, to load the SNMP trap server click on the SNMP Trap Server for NetIQ eDirectory 8.8 action icon to start. or At the prompt, enter the following:
/opt/novell/eDirectory/bin/ndssnmp -l
|
To unload the SNMP server module, enter the following commands:
Server |
Command |
---|---|
Windows |
In the DHost (NDSCONS) screen, select ndssnmp.dlm, then click Stop. |
Linux |
In the DHost remote management page, to unload the SNMP trap server, click the SNMP Trap Server for NetIQ eDirectory 8.8 action icon to stop. or At the prompt, enter the following:
/opt/novell/eDirectory/bin/ndssnmp -u
|
Static configuration is used before bringing up the subagent. You can manually configure it by editing the ndssnmp.cfg file on Windows or Linux. The ndssnmp.cfg file is located in the following directories:
Windows: install_directory\SNMP\
Linux: /etc/opt/novell/eDirectory/conf/ndssnmp/
NOTE:If changes are made to the ndssnmp.cfg file, the subagent must be restarted.
You can provide configuration information to the subagent such as the following:
INTERACTIVE status
Where status is either on or off. If the status is on, you are prompted to enter the user name and password when starting the subagent. If the status is off, then the user name and password will be taken from the secure store. Default = Off.
Examples:
INTERACTIVE on
INTERACTIVE off
INTERACTION value
Where value is the number of interaction table entries. Range = 1 to 10. Default = 4.
Examples:
INTERACTION 4
INTERACTION 2
MONITOR status
Where status is either on or off. Default = On.
Examples:
MONITOR on
MONITOR off
SSLKEY certificate_file
Where certificate_file is the exported certificate along with the path. You must enter the path where this exported certificate exists.
Examples:
SSLKEY /home/guest/snmp-cert.der (Linux)
SSLKEY c:\home\guest\snmp-cert.der (Windows)
NOTE:This option is not supported if there are multiple instances to be monitored that do not accept a common certificate.
SERVER hostname/IP_address:NCP_port
Where hostname is the name of the host where the eDirectory server is installed and configured. Only the locally installed server is supported.This is a required command in the file, otherwise none of the servers are monitored. Default: hostname of the local server.
Examples:
SERVER myserver
SERVER myserver:1524
On Linux, if you have multiple instances of eDirectory, you can include all the eDirectory servers you want to monitor as follows:
SERVER myserver:1524
SERVER myserver:2524
SERVER myserver:6524
NOTE:No spaces are allowed before or after “:” as part of the server command.
Dynamic configuration can be done in either of the following ways, anytime after the Directory service is up and running.
A trap configuration command line utility can be used to configure SNMP traps for eDirectory.
The command line configuration utility can be used to:
Enable or disable traps
Set the trap interval
Enable or disable failure traps
List the enabled, disabled or all traps
NOTE:For more details, see Configuring Traps.
Traps can also be configured using NetIQ iManager. NetIQ iManager is a browser-based tool used for administering, managing, and configuring eDirectory objects. NetIQ iManager gives you the ability to assign specific tasks or responsibilities to users and to present the user with only the tools (with the accompanying rights) necessary to perform those sets of tasks.
In NetIQ iManager, click the Roles and Tasks button .
Click SNMP > SNMP Overview.
Click View SNMP Group objects, then click the name of the SNMP Group object you want to configure.
Specify the configurable parameters in the General/Traps page.
Click Apply, then click OK to save the new configuration settings.
NOTE:For more information, see the NetIQ iManager online help.
This section describes setting up the SNMP services for eDirectory on the following platforms:
Setting up SNMP services for eDirectory requires the following steps:
Configuring the master agent
Starting the master agent
Configuring the subagent
Starting the subagent
NOTE:The SNMP master agent should be installed before eDirectory is installed. Refer to Microsoft SNMP Services for more details.
In the Microsoft SNMP Properties dialog box, click the Agent tab.
Enter the Contact and Location information.
Click the Traps, then enter the Community Name and Trap destination details.
Enter the Community Name, then click Add.
Enter the IP address or hostname of the destination computer that traps are generated for.
Click Add to add the IP address or hostname.
Enable the Allow Service to Interact with Desktop option.
If this option is not enabled, you will be unable to connect to SNMP on Windows.
On Windows platform: Click Start > Settings > Control Panel > Administrative Tools > Services. Then right-click SNMP and select Properties. At the Log On tab, select the Allow Service to Interact with Desktop option.
To start the master agent, do the following:
Click Start > Settings > Control Panel > Administrative Tools > Services > SNMP > Start.
Enter the following at the command prompt:
Net start SNMP
To stop the master agent, do either of the following:
Click Start > Settings > Control Panel > Administrative Tools > Services > SNMP > Stop.
Enter the following at the command prompt:
Net stop SNMP
When the master agent starts on Windows, the subagent also starts.
IMPORTANT:You must install the latest Service Pack after completing the SNMP service installation.
On Linux net-snmp should be installed. By default, it is installed on most Linux systems.
To configure the master agent on Linux, make the changes to your snmpd.conf file as mentioned in snmpd.conf Changes.
The snmpd.conf file is located in the /etc/snmp directory on SLES and in the /etc directory on other Linux platforms.
In the snmpd.conf file, enter the following line:
trapsink myserver public
Where myserver is the hostname for the trap destination.
In the snmpd.conf file, add the following line:
master agentx
Additionally, make the following changes:
Original Content |
Changed Content |
---|---|
com2sec notConfigUser default public |
com2sec demouser default public |
group notConfigGroup v1 notConfigUser |
group demogroup v1 demouser |
view systemview included system |
view all included .1 |
access notConfigGroup "" any noauth exact systemview none none |
access demogroup "" any noauth exact all all all |
If the above content is not present in the snmpd.conf file, add it.
IMPORTANT:If any configuration files are changed, the master agent and subagent should be restarted.
To start the master agent, execute the following command:
/usr/sbin/snmpd -C -c /etc/snmpd.conf
To start the subagent, execute the following command:
/etc/init.d/ndssnmpsa start
Enter the user name and password when prompted. Upon successful authentication, the following message is displayed if INTERACTION = ON in the /etc/opt/novell/eDirectory/conf/ndssnmp/ndssnmp.cfg file:
Do you want to remember password? (Y/N)
Enter Y to remember the password. When you start the subagent the next time, you are not prompted for the password.
Enter N to enter the password when the subagent is started the next time.
NOTE:When the server goes down, the master agent and subagent also go down. Therefore, to start the master agent and the sub-agent during server reboot time, execute the following commands:
chkconfig snmpd on chkconfig ndssnmpsa on
By default, eDirectory does not specify any run levels in the init script of ndssnmpsa. For ndssnmpsa to start automatically when the computer starts, add the run levels for your environment in the /etc/init.d/ndssnmpsa.
To stop the subagent, execute the following command:
/etc/init.d/ndssnmpsa stop