SNMP4J Agent: Set from SNMP gets access denied

Hi,

I have created a sample SNMPAgent using the code below:

{

 package snmp;
 import java.io.File;
 import java.io.IOException;
 import org.snmp4j.TransportMapping;
 import org.snmp4j.agent.BaseAgent;
 import org.snmp4j.agent.CommandProcessor;
 import org.snmp4j.agent.DuplicateRegistrationException;
 import org.snmp4j.agent.MOGroup;
 import org.snmp4j.agent.ManagedObject;
 import org.snmp4j.agent.mo.DefaultMOFactory;
 import org.snmp4j.agent.mo.MOTableRow;
 import org.snmp4j.agent.mo.snmp.RowStatus;
 import org.snmp4j.agent.mo.snmp.SnmpCommunityMIB;
 import org.snmp4j.agent.mo.snmp.SnmpCommunityMIB.SnmpCommunityEntryRow;
 import org.snmp4j.agent.mo.snmp.SnmpNotificationMIB;
 import org.snmp4j.agent.mo.snmp.SnmpTargetMIB;
 import org.snmp4j.agent.mo.snmp.StorageType;
 import org.snmp4j.agent.mo.snmp.VacmMIB;
 import org.snmp4j.agent.security.MutableVACM;
 import org.snmp4j.log.LogFactory;
 import org.snmp4j.mp.MPv3;
 import org.snmp4j.security.SecurityLevel;
 import org.snmp4j.security.SecurityModel;
 import org.snmp4j.security.SecurityProtocols;
 import org.snmp4j.security.USM;
 import org.snmp4j.smi.Address;
 import org.snmp4j.smi.GenericAddress;
 import org.snmp4j.smi.Integer32;
 import org.snmp4j.smi.OID;
 import org.snmp4j.smi.OctetString;
 import org.snmp4j.smi.Variable;
 import org.snmp4j.transport.TransportMappings;

 public class SnmpApp extends BaseAgent 
 {
    private static final String address = "0.0.0.0/2001";

private static SnmpApp m_instance = null;
private boolean bRunning ;
private MYMib mymib ;

public static SnmpApp getInstance()
{
	if (m_instance == null)
		try {
			m_instance = new SnmpApp(address) ;
		} catch (IOException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		}
	
	return m_instance;
}

public SnmpApp(String address) throws IOException {
	
	// These files does not exist and are not used but has to be specified
	// Read snmp4j docs for more info
	super(new File("conf.agent"), new File("bootCounter.agent"),
			new CommandProcessor(
					new OctetString(MPv3.createLocalEngineID())));
	
	
	try {
		mymib = new MYMib(DefaultMOFactory.getInstance());
		mymib .registerMOs(server, null); // Register MY mib
		
	} catch (DuplicateRegistrationException e) {
		// TODO Auto-generated catch block
		e.printStackTrace();
	}
	bRunning = false;
}

/**
 * We let clients of this agent register the MO they
 * need so this method does nothing
 */
@Override
protected void registerManagedObjects() {
}

/**
 * Clients can register the MO they need
 */
public void registerManagedObject(ManagedObject mo) {
	try {
		server.register(mo, null);
	} catch (DuplicateRegistrationException ex) {
		throw new RuntimeException(ex);
	}
}

public void unregisterManagedObject(MOGroup moGroup) {
	moGroup.unregisterMOs(server, getContext(moGroup));
}

/*
 * Empty implementation
 */
@Override
protected void addNotificationTargets(SnmpTargetMIB targetMIB,
		SnmpNotificationMIB notificationMIB) {
}

/**
 * Minimal View based Access Control
 * 
 * http://www.faqs.org/rfcs/rfc2575.html
 */
@Override
protected void addViews(VacmMIB vacm) {

	vacm.addGroup(SecurityModel.SECURITY_MODEL_SNMPv2c, new OctetString(
			"cpublic"), new OctetString("v1v2group"),
			StorageType.nonVolatile);

	vacm.addAccess(new OctetString("v1v2group"), new OctetString("public"),
			SecurityModel.SECURITY_MODEL_SNMPv2c, SecurityLevel.NOAUTH_NOPRIV,
			MutableVACM.VACM_MATCH_EXACT, 
			new OctetString("fullReadView"),
			new OctetString("fullWriteView"), 
			new OctetString("fullNotifyView"), 
			StorageType.nonVolatile);

	vacm.addViewTreeFamily(new OctetString("fullReadView"), new OID("1.3"),
			new OctetString(), VacmMIB.vacmViewIncluded,
			StorageType.nonVolatile);
}

/**
 * User based Security Model, only applicable to
 * SNMP v.3
 * 
 */
protected void addUsmUser(USM usm) {
}

protected void initTransportMappings() throws IOException {
	transportMappings = new TransportMapping[1];
	Address addr = GenericAddress.parse(address);
	TransportMapping tm = TransportMappings.getInstance()
			.createTransportMapping(addr);
	transportMappings[0] = tm;
}




/**
 * Start method invokes some initialization methods needed to
 * start the agent
 * @throws IOException
 */
public void start() throws IOException {

	init();
	bRunning = true;
	
	System.out.println("Started SnmpApp") ;
	
	
	// This method reads some old config from a file and causes
	// unexpected behavior.
	// loadConfig(ImportModes.REPLACE_CREATE); 
	addShutdownHook();
	getServer().addContext(new OctetString("public"));
	finishInit();
	SecurityProtocols.getInstance().addDefaultProtocols();
	run();
	sendColdStartNotification();
}



protected void unregisterManagedObjects() {
	// here we should unregister those objects previously registered...
}

/**
 * The table of community strings configured in the SNMP
 * engine's Local Configuration Datastore (LCD).
 * 
 * We only configure one, "public".
 */
protected void addCommunities(SnmpCommunityMIB communityMIB) {
	Variable[] com2sec = new Variable[] { 
			new OctetString("public"), // community name
			new OctetString("cpublic"), // security name
			getAgent().getContextEngineID(), // local engine ID
			new OctetString("public"), // default context name
			new OctetString(), // transport tag
			new Integer32(StorageType.nonVolatile), // storage type
			new Integer32(RowStatus.active) // row status
	};
	MOTableRow row = communityMIB.getSnmpCommunityEntry().createRow(
			new OctetString("public2public").toSubIndex(true), com2sec);
	communityMIB.getSnmpCommunityEntry().addRow((SnmpCommunityEntryRow) row);
	
	
}

MYMib is generated from AgenPro.

I used IReasoning as a client to attempt to retrieve the Read-Only Scalar values with no issues.
However, when i tried to set the scalar values with read-write access. I get an “Access Denied”.

I tried to set the write community to “public”/“cpublic”. But the result is still access denied.

Hi,

You configured your VACM and SNMP-COMMUNITY-MIB for the context “public” but you registered no ManagedObject under that context. Use

mymib.registerMOs(server, new OctetString("public"));

instead the your registration to the default context and it will work as expected.

Hi,

I have updated the code

mymib.registerMOs(server, new OctetString("public")) ;

The result is still the same.
The error code is (6). “No Access”.

Anything I’ve written wrongly?
Some information of MYMib generated from AgenPro

 protected void createMO(MOFactory moFactory) {
    addTCsToFactory(moFactory);
    wfNetId = 
    moFactory.createScalar(oidWfNetId,
                         moFactory.createAccess(MOAccessImpl.ACCESSIBLE_FOR_READ_ONLY), 
                         new Integer32(1));
 ...
}

public void registerMOs(MOServer server, OctetString context) 
 throws DuplicateRegistrationException 
  {
    // Scalar Objects
    server.register(this.wfNetId, context);
    //--AgentGen BEGIN=_registerMOs
    //--AgentGen END
  }

Thanks for your quick response.

Then please provide the DEBUG log of the agent. That will show why the access is not granted.
There could be another config error or you are using the wrong OID.

Sorry for asking this question. Where is the Debug log?
I am debugging under eclipse. I did not see any exception or logs happening at the agent.

I have written a SNMPManager to test the agent.

There are some errors when SET the oid. But no errors and retrieve the exact value correctly when using GET

responsePDU = RESPONSE[requestID=1615605642, errorStatus=No access(6), errorIndex=1, VBS[1.3.6.1.4.1.1.1.3.0 = 1]]

The OID is correct.
Any configurations I need to make?

See my SnmpManager implementation.
package snmp;

import java.io.IOException;

import org.snmp4j.CommunityTarget;
import org.snmp4j.PDU;
import org.snmp4j.Snmp;
import org.snmp4j.Target;
import org.snmp4j.TransportMapping;
import org.snmp4j.event.ResponseEvent;
import org.snmp4j.mp.SnmpConstants;
import org.snmp4j.smi.Address;
import org.snmp4j.smi.GenericAddress;
import org.snmp4j.smi.OID;
import org.snmp4j.smi.OctetString;
import org.snmp4j.smi.VariableBinding;
import org.snmp4j.transport.DefaultUdpTransportMapping;

public class SNMPManager {

Snmp snmp = null;
String address = null;

/**
* Constructor
* @param add
*/
public SNMPManager(String add)
{
address = add;
}

public static void startClient() {
    /**
    * Port 161 is used for Read and Other operations
    * Port 162 is used for the trap generation
    */
    System.out.println("Starting SNMPManager") ;
    SNMPManager client = new SNMPManager("udp:127.0.0.1/2001");
    try {
        client.start();
        
        /**
        * OID - .1.3.6.1.2.1.1.1.0 => SysDec
        * OID - .1.3.6.1.2.1.1.5.0 => SysName
        * => MIB explorer will be usefull here, as discussed in previous article
        */
        String wfSetAsMaster = client.getAsString(new OID(".1.3.6.1.4.1.1.1.3.0"));
        System.out.println(wfSetAsMaster);
        
        client.set(new OID(".1.3.6.1.4.1.1.1.3.0"),"1") ;
    } catch (IOException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    }
    
}

/**
* Start the Snmp session. If you forget the listen() method you will not
* get any answers because the communication is asynchronous
* and the listen() method listens for answers.
* @throws IOException
*/
private void start() throws IOException {
    TransportMapping transport = new DefaultUdpTransportMapping();
    snmp = new Snmp(transport);
    // Do not forget this line!
    transport.listen();
}

/**
* Method which takes a single OID and returns the response from the agent as a String.
* @param oid
* @return
* @throws IOException
*/
public String getAsString(OID oid) throws IOException {
    ResponseEvent event = get(new OID[] { oid });
    return event.getResponse().get(0).getVariable().toString();
}

public ResponseEvent set(OID oid, String val) throws IOException {
    PDU pdu = new PDU();
    VariableBinding varBind = new VariableBinding(oid, new OctetString(val));
    pdu.add(varBind);
    pdu.setType(PDU.SET);
    //pdu.setRequestID(new Integer32(1));
    Target target = getTarget();

    ResponseEvent event = snmp.set(pdu, target);
    if (event != null) {
        System.out.println("\nResponse:\nGot Snmp Set Response from Agent");
        System.out.println("Snmp Set Request = " + event.getRequest().getVariableBindings());
        PDU responsePDU = event.getResponse();
        System.out.println("\nresponsePDU = " + responsePDU);
        if (responsePDU != null) {
            int errorStatus = responsePDU.getErrorStatus();
            int errorIndex = responsePDU.getErrorIndex();
            String errorStatusText = responsePDU.getErrorStatusText();
            System.out.println("\nresponsePDU = " + responsePDU);
            if (errorStatus == PDU.noError) {
                System.out.println("Snmp Set Response = " + responsePDU.getVariableBindings());
            } else {
                System.out.println("errorStatus = " + responsePDU);
                System.out.println("Error: Request Failed");
                System.out.println("Error Status = " + errorStatus);
                System.out.println("Error Index = " + errorIndex);
                System.out.println("Error Status Text = " + errorStatusText);
            }
        }

        return event;
    }
    throw new RuntimeException("SET timed out");
}

/**
* This method is capable of handling multiple OIDs
* @param oids
* @return
* @throws IOException
*/
public ResponseEvent get(OID oids[]) throws IOException {
PDU pdu = new PDU();
for (OID oid : oids) {
pdu.add(new VariableBinding(oid));
}
pdu.setType(PDU.GET);
ResponseEvent event = snmp.send(pdu, getTarget(), null);
if(event != null) {
return event;
}
throw new RuntimeException("GET timed out");
}

/**
* This method returns a Target, which contains information about
* where the data should be fetched and how.
* @return
*/
private Target getTarget() {
Address targetAddress = GenericAddress.parse(address);
CommunityTarget target = new CommunityTarget();
target.setCommunity(new OctetString("public"));
target.setAddress(targetAddress);
target.setRetries(2);
target.setTimeout(1500);
target.setVersion(SnmpConstants.version2c);
return target;
}

}

I am new to SNMP4J.
I am using eclipse and did not see any debug logs at the console generated at the agent side.
May I know what logs are you looking for?

I also wrote a SNMP manager for testing and I got similar access error as well.

responsePDU = RESPONSE[requestID=1615605642, errorStatus=No access(6), errorIndex=1, VBS[1.3.6.1.4.1.1.1.3.0 = 1]]

responsePDU = RESPONSE[requestID=1615605642, errorStatus=No access(6), errorIndex=1, VBS[1.3.6.1.4.1.1.1.3.0 = 1]]
errorStatus = RESPONSE[requestID=1615605642, errorStatus=No access(6), errorIndex=1, VBS[1.3.6.1.4.1.1.1.3.0 = 1]]
Error: Request Failed
Error Status = 6
Error Index = 1
Error Status Text = No access

Can you get any idea?

SNMPManager.java

 package snmp;
  
import java.io.IOException;
import org.snmp4j.CommunityTarget;
import org.snmp4j.PDU;
import org.snmp4j.Snmp;
import org.snmp4j.Target;
import org.snmp4j.TransportMapping;
import org.snmp4j.event.ResponseEvent;
import org.snmp4j.mp.SnmpConstants;
import org.snmp4j.smi.Address;
import org.snmp4j.smi.GenericAddress;
import org.snmp4j.smi.OID;
import org.snmp4j.smi.OctetString;
import org.snmp4j.smi.VariableBinding;
import org.snmp4j.transport.DefaultUdpTransportMapping;

public class SNMPManager {

Snmp snmp = null;
String address = null;

/**
* Constructor
* @param add
*/
public SNMPManager(String add)
{
  address = add;
}

public static void startClient() {
   
System.out.println("Starting SNMPManager") ;
SNMPManager client = new SNMPManager("udp:127.0.0.1/2001");
try {
	client.start();
	
	
	String wfSetAsMaster= client.getAsString(new OID(".1.3.6.1.4.1.1.1.3.0"));
	System.out.println(wfSetAsMaster);
	
	client.set(new OID(".1.3.6.1.4.1.1.1.3.0"),"1") ;
} catch (IOException e) {
	// TODO Auto-generated catch block
	e.printStackTrace();
}

}

/**
 * Start the Snmp session. If you forget the listen() method you will not
 * get any answers because the communication is asynchronous
* and the listen() method listens for answers.
* @throws IOException
 */
private void start() throws IOException {
TransportMapping transport = new DefaultUdpTransportMapping();
snmp = new Snmp(transport);
// Do not forget this line!
transport.listen();
}

/**
 * Method which takes a single OID and returns the response from the agent as a String.
 * @param oid
 * @return
 * @throws IOException
*/
public String getAsString(OID oid) throws IOException {
ResponseEvent event = get(new OID[] { oid });
return event.getResponse().get(0).getVariable().toString();
}

public ResponseEvent set(OID oid, String val) throws IOException {
PDU pdu = new PDU();
VariableBinding varBind = new VariableBinding(oid, new OctetString(val));
pdu.add(varBind);
pdu.setType(PDU.SET);
//pdu.setRequestID(new Integer32(1));
Target target = getTarget();

ResponseEvent event = snmp.set(pdu, target);
if (event != null) {
    System.out.println("\nResponse:\nGot Snmp Set Response from Agent");
    System.out.println("Snmp Set Request = " + event.getRequest().getVariableBindings());
    PDU responsePDU = event.getResponse();
    System.out.println("\nresponsePDU = " + responsePDU);
    if (responsePDU != null) {
        int errorStatus = responsePDU.getErrorStatus();
        int errorIndex = responsePDU.getErrorIndex();
        String errorStatusText = responsePDU.getErrorStatusText();
        System.out.println("\nresponsePDU = " + responsePDU);
        if (errorStatus == PDU.noError) {
            System.out.println("Snmp Set Response = " + responsePDU.getVariableBindings());
        } else {
            System.out.println("errorStatus = " + responsePDU);
            System.out.println("Error: Request Failed");
            System.out.println("Error Status = " + errorStatus);
            System.out.println("Error Index = " + errorIndex);
            System.out.println("Error Status Text = " + errorStatusText);
        }
    }

    return event;
}
throw new RuntimeException("SET timed out");
}

/**
* This method is capable of handling multiple OIDs
* @param oids
 * @return
* @throws IOException
*/
public ResponseEvent get(OID oids[]) throws IOException {
PDU pdu = new PDU();
 for (OID oid : oids) {
pdu.add(new VariableBinding(oid));
}
 pdu.setType(PDU.GET);
 ResponseEvent event = snmp.send(pdu, getTarget(), null);
if(event != null) {
  return event;
}
throw new RuntimeException("GET timed out");
}

/**
 * This method returns a Target, which contains information about
 * where the data should be fetched and how.
 * @return
 */
 private Target getTarget() {
  Address targetAddress = GenericAddress.parse(address);
  CommunityTarget target = new CommunityTarget();
  target.setCommunity(new OctetString("public"));
  target.setAddress(targetAddress);
  target.setRetries(2);
  target.setTimeout(1500);
  target.setVersion(SnmpConstants.version2c);
  return target;
 }

}

The printline statement is able to retrieve the result correctly as what I set as default.
String wfSetAsMaster= client.getAsString(new OID(".1.3.6.1.4.1.1.1.3.0"));
System.out.println(wfSetAsMaster);

However, this part:
client.set(new OID(".1.3.6.1.4.1.1.1.3.0"),“1”) ;
generates the access error.

First, please do not put a leading dot in your OIDs. OIDs do not have leading dots. That is a special function of the NET-SNMP tool-suite only and does not work for other tools/APIs (and it is not standard conform).

Second, you can activate logging with:

static {
    LogFactory.setLogFactory(new ConsoleLogFactory());
    ConsoleLogAdapter.setDebugEnabled(true);
}

in the main class of your application.

Thanks a lot for your quick response.

I am able to generate the logs now

Api Tested
Initialized Salt to 9313f4558f1daef8.
Started SnmpApp
UDP receive buffer size for socket 0.0.0.0/2001 is set to: 65536
Notification 1.3.6.1.6.3.1.1.5.1 reported with [] for context 
Received message from /127.0.0.1/60699 with length 44: 30:2a:02:01:01:04:06:70:75:62:6c:69:63:a0:1d:02:04:02:40:b7:ed:02:01:00:02:01:00:30:0f:30:0d:06:09:2b:06:01:04:01:01:01:03:00:05:00
Fire process PDU event: CommandResponderEvent[securityModel=2, securityLevel=1, maxSizeResponsePDU=65535, pduHandle=PduHandle[37795821], stateReference=StateReference[msgID=0,pduHandle=PduHandle[37795821],securityEngineID=null,securityModel=null,securityName=public,securityLevel=1,contextEngineID=null,contextName=null,retryMsgIDs=null], pdu=GET[requestID=37795821, errorStatus=Success(0), errorIndex=0, VBS[1.3.6.1.4.1.1.1.3.0 = Null]], messageProcessingModel=1, securityName=public, processed=false, peerAddress=127.0.0.1/60699, transportMapping=org.snmp4j.transport.DefaultUdpTransportMapping@17829e4d, tmStateReference=null]
Looking up coexistence info for 'public'
Found coexistence info for 'public'=CoexistenceInfo[securityName=cpublic,contextEngineID=80:00:13:70:01:c0:a8:b8:01:d7:88:57:05,contextName=public,transportTag=]
Address 127.0.0.1/60699 passes filter, because source address filtering is disabled
Found group name 'v1v2group' for secName 'cpublic' and secModel 2
Got views [DefaultMOMutableRow2PC[index=9.118.49.118.50.103.114.111.117.112.6.112.117.98.108.105.99.2.1,values=[1, fullReadView, fullWriteView, fullNotifyView, 3, 1]] for group name 'v1v2group'
Matching against access entry DefaultMOMutableRow2PC[index=9.118.49.118.50.103.114.111.117.112.6.112.117.98.108.105.99.2.1,values=[1, fullReadView, fullWriteView, fullNotifyView, 3, 1] with exactContextMatch=true, prefixMatch=false, matchSecModel=true and matchSecLevel=true
Matching view found for group name 'v1v2group' is 'fullReadView'
Created subrequest 0 with scope org.snmp4j.agent.DefaultMOContextScope[context=public,lowerBound=1.3.6.1.4.1.1.1.3.0,lowerIncluded=true,upperBound=1.3.6.1.4.1.1.1.3.0,upperIncluded=true] from 1.3.6.1.4.1.1.1.3.0 = Null
SnmpSubRequests initialized: [org.snmp4j.agent.request.SnmpRequest$SnmpSubRequest[scope=org.snmp4j.agent.DefaultMOContextScope[context=public,lowerBound=1.3.6.1.4.1.1.1.3.0,lowerIncluded=true,upperBound=1.3.6.1.4.1.1.1.3.0,upperIncluded=true],vb=1.3.6.1.4.1.1.1.3.0 = Null,status=RequestStatus{processed=false, phaseComplete=false, errorStatus=0},query=null,index=0,targetMO=null]]
Access allowed for view 'fullReadView' by subtree 1.3 for OID 1.3.6.1.4.1.1.1.3.0
Sending message to 127.0.0.1/60699 with length 45: 30:2b:02:01:01:04:06:70:75:62:6c:69:63:a2:1e:02:04:02:40:b7:ed:02:01:00:02:01:00:30:10:30:0e:06:09:2b:06:01:04:01:01:01:03:00:02:01:00
Received message from /127.0.0.1/60700 with length 45: 30:2b:02:01:01:04:06:70:75:62:6c:69:63:a3:1e:02:04:02:40:b7:f0:02:01:00:02:01:00:30:10:30:0e:06:09:2b:06:01:04:01:01:01:03:00:02:01:01
Fire process PDU event: CommandResponderEvent[securityModel=2, securityLevel=1, maxSizeResponsePDU=65535, pduHandle=PduHandle[37795824], stateReference=StateReference[msgID=0,pduHandle=PduHandle[37795824],securityEngineID=null,securityModel=null,securityName=public,securityLevel=1,contextEngineID=null,contextName=null,retryMsgIDs=null], pdu=SET[requestID=37795824, errorStatus=Success(0), errorIndex=0, VBS[1.3.6.1.4.1.1.1.3.0 = 1]], messageProcessingModel=1, securityName=public, processed=false, peerAddress=127.0.0.1/60700, transportMapping=org.snmp4j.transport.DefaultUdpTransportMapping@17829e4d, tmStateReference=null]
Looking up coexistence info for 'public'
Found coexistence info for 'public'=CoexistenceInfo[securityName=cpublic,contextEngineID=80:00:13:70:01:c0:a8:b8:01:d7:88:57:05,contextName=public,transportTag=]
Address 127.0.0.1/60700 passes filter, because source address filtering is disabled
Found group name 'v1v2group' for secName 'cpublic' and secModel 2
Got views [DefaultMOMutableRow2PC[index=9.118.49.118.50.103.114.111.117.112.6.112.117.98.108.105.99.2.1,values=[1, fullReadView, fullWriteView, fullNotifyView, 3, 1]] for group name 'v1v2group'
Matching against access entry DefaultMOMutableRow2PC[index=9.118.49.118.50.103.114.111.117.112.6.112.117.98.108.105.99.2.1,values=[1, fullReadView, fullWriteView, fullNotifyView, 3, 1] with exactContextMatch=true, prefixMatch=false, matchSecModel=true and matchSecLevel=true
Matching view found for group name 'v1v2group' is 'fullWriteView'
Created subrequest 0 with scope org.snmp4j.agent.DefaultMOContextScope[context=public,lowerBound=1.3.6.1.4.1.1.1.3.0,lowerIncluded=true,upperBound=1.3.6.1.4.1.1.1.3.0,upperIncluded=true] from 1.3.6.1.4.1.1.1.3.0 = 1
SnmpSubRequests initialized: [org.snmp4j.agent.request.SnmpRequest$SnmpSubRequest[scope=org.snmp4j.agent.DefaultMOContextScope[context=public,lowerBound=1.3.6.1.4.1.1.1.3.0,lowerIncluded=true,upperBound=1.3.6.1.4.1.1.1.3.0,upperIncluded=true],vb=1.3.6.1.4.1.1.1.3.0 = 1,status=RequestStatus{processed=false, phaseComplete=false, errorStatus=0},query=null,index=0,targetMO=null]]
No view tree family entry for view 'fullWriteView'
No view tree family entry for view 'fullWriteView'
java.lang.Exception: Error 'No access' generated at: 1.3.6.1.4.1.1.1.3.0 = 1
    at org.snmp4j.agent.request.SnmpRequest$SnmpSubRequest.requestStatusChanged(SnmpRequest.java:627)
    at org.snmp4j.agent.request.RequestStatus.fireRequestStatusChanged(RequestStatus.java:89)
    at org.snmp4j.agent.request.RequestStatus.setErrorStatus(RequestStatus.java:52)
    at org.snmp4j.agent.CommandProcessor$SetHandler.prepare(CommandProcessor.java:819)
    at org.snmp4j.agent.CommandProcessor$SetHandler.processPdu(CommandProcessor.java:869)
    at org.snmp4j.agent.CommandProcessor$SetHandler.processPdu(CommandProcessor.java:786)
    at org.snmp4j.agent.CommandProcessor.processRequest(CommandProcessor.java:428)
    at org.snmp4j.agent.CommandProcessor.processRequest(CommandProcessor.java:384)
    at org.snmp4j.agent.CommandProcessor.dispatchCommand(CommandProcessor.java:340)
    at org.snmp4j.agent.CommandProcessor$Command.run(CommandProcessor.java:566)
    at org.snmp4j.agent.CommandProcessor.processPdu(CommandProcessor.java:163)
    at org.snmp4j.MessageDispatcherImpl.fireProcessPdu(MessageDispatcherImpl.java:694)
    at org.snmp4j.MessageDispatcherImpl.dispatchMessage(MessageDispatcherImpl.java:310)
    at org.snmp4j.MessageDispatcherImpl.processMessage(MessageDispatcherImpl.java:390)
    at org.snmp4j.MessageDispatcherImpl.processMessage(MessageDispatcherImpl.java:350)
    at org.snmp4j.transport.AbstractTransportMapping.fireProcessMessage(AbstractTransportMapping.java:76)
    at org.snmp4j.transport.DefaultUdpTransportMapping$ListenThread.run(DefaultUdpTransportMapping.java:430)
    at java.base/java.lang.Thread.run(Unknown Source)
Sending message to 127.0.0.1/60700 with length 45: 30:2b:02:01:01:04:06:70:75:62:6c:69:63:a2:1e:02:04:02:40:b7:f0:02:01:06:02:01:01:30:10:30:0e:06:09:2b:06:01:04:01:01:01:03:00:02:01:01

That’s the hint and code is right, there is no tree family view with that name in your code.

Thanks!
Added the following code as what you mentioned and it works!!

vacm.addViewTreeFamily(new OctetString("fullWriteView"), new OID("1.3"),
			new OctetString(), VacmMIB.vacmViewIncluded,
			StorageType.nonVolatile);

Thanks a lot! The support for SNMP4J is really good.

Hallo, I have a similar problem. I’m trying to simulate a v3 agent and have the problem that after creating a user for access, I get a response from “SNMPWalk” that the user has no authorization for the MIBs.

UsmUser user = new UsmUser(new OctetString("cmc_user"),
                        AuthMD5.ID, new OctetString("cmc_user"),
                        PrivDES.ID, new OctetString("cmc_user"));

This is the log I get after trying to do a WALK:

2022-07-19 12:28:35.872 DefaultUDPTransportMapping_127.0.0.1/161 DEBUG Received message from /127.0.0.1/61237 with length 61: 30:3b:02:01:03:30:0f:02:03:00:d9:d2:02:02:05:dc:04:01:04:02:01:03:04:10:30:0e:04:00:02:01:00:02:01:00:04:00:04:00:04:00:30:13:04:00:04:00:a5:0d:02:03:00:d9:d2:02:01:00:02:01:14:30:00
2022-07-19 12:28:35.874 DefaultUDPTransportMapping_127.0.0.1/161 DEBUG SNMPv3 header decoded: msgId=55762, msgMaxSize=1500, msgFlags=04, secModel=3
2022-07-19 12:28:35.875 DefaultUDPTransportMapping_127.0.0.1/161 DEBUG RFC3414 §3.2.3 Unknown engine ID: ''
2022-07-19 12:28:35.875 DefaultUDPTransportMapping_127.0.0.1/161 DEBUG Adding cache entry: StateReference[msgID=55762,pduHandle=PduHandle[265432836],securityEngineID=,securityModel=org.snmp4j.security.USM@31c88ec8,securityName=,securityLevel=1,contextEngineID=,contextName=,retryMsgIDs=null]
2022-07-19 12:28:35.876 DefaultUDPTransportMapping_127.0.0.1/161 DEBUG Removed cache entry: StateReference[msgID=55762,pduHandle=null,securityEngineID=,securityModel=org.snmp4j.security.USM@31c88ec8,securityName=,securityLevel=1,contextEngineID=,contextName=,retryMsgIDs=null]
2022-07-19 12:28:35.876 DefaultUDPTransportMapping_127.0.0.1/161 DEBUG RFC3414 §3.1.4.b Outgoing message is not encrypted
2022-07-19 12:28:35.876 DefaultUDPTransportMapping_127.0.0.1/161 DEBUG Sending message to 127.0.0.1/61237 from 127.0.0.1/161 with length 103: 30:65:02:01:03:30:10:02:03:00:d9:d2:02:03:00:ff:ff:04:01:00:02:01:03:04:1d:30:1b:04:0d:80:00:13:70:01:0a:c8:38:3d:46:a0:e5:9d:02:01:00:02:01:00:04:00:04:00:04:00:30:2f:04:0d:80:00:13:70:01:0a:c8:38:3d:46:a0:e5:9d:04:00:a8:1c:02:01:00:02:01:00:02:01:00:30:11:30:0f:06:0a:2b:06:01:06:03:0f:01:01:04:00:41:01:01
2022-07-19 12:28:35.876 DefaultUDPTransportMapping_127.0.0.1/161 DEBUG Sending packet to 127.0.0.1/61237
2022-07-19 12:28:35.880 DefaultUDPTransportMapping_127.0.0.1/161 INFO Dispatching message canceled due to security issue: statusInfo=1.3.6.1.6.3.15.1.1.4.0 = 1, status=1410,tmStateReference=TransportStateReference[transport=org.snmp4j.transport.DefaultUdpTransportMapping@754ba872, address=127.0.0.1/161, securityName=null, requestedSecurityLevel=undefined, transportSecurityLevel=undefined, sameSecurity=false, sessionID=java.net.DatagramSocket@1e24396f, target=null]

After some desperate attempts I added these code snippets:

agent.getUsm().addUser(user.getSecurityName(), null, user);
                agent.getUsm().addUsmUserEntry(new UsmUserEntry(user.getSecurityName(), user));

                agent.getVacmMIB().addGroup(SecurityModel.SECURITY_MODEL_USM, new OctetString("cpublic"), new OctetString("v3group"), StorageType.nonVolatile);
                agent.getVacmMIB().addAccess(new OctetString("v3group"), new OctetString("public"), SecurityModel.SECURITY_MODEL_ANY, SecurityLevel.AUTH_PRIV,
                        MutableVACM.VACM_MATCH_EXACT, new OctetString("fullReadView"), new OctetString("fullWriteView"),
                        new OctetString("fullNotifyView"), StorageType.nonVolatile);
                agent.getVacmMIB().addViewTreeFamily(new OctetString("fullReadView"), new OID("1.3"), new OctetString(),
                        VacmMIB.vacmViewIncluded, StorageType.nonVolatile);

I don’t know if it’s correct. In my opinion, something like the connection between the user and the group is missing, but I’m not sure how.
The Log is Still the same.

You need to map security name to VACM group. Most likely the mapping with „cpublic“ is wrong (belongs to an example where community based “users“ are mapped to v3.

So you mean i need to change the Security Name from “cpublic” to my users SecurityName?
Sorry SNMP is new to me and i have no other Informations on WEB for Examples with the newest Version.

 UsmUser user = new UsmUser(new OctetString("cmc_user"),
                        AuthMD5.ID, new OctetString("cmc_user"),
                        PrivDES.ID, new OctetString("cmc_user"));
                agent.getUsm().addUser(user.getSecurityName(), null, user);
                agent.getUsm().addUsmUserEntry(new UsmUserEntry(user.getSecurityName(), user));

                agent.getVacmMIB().addGroup(SecurityModel.SECURITY_MODEL_USM,user.getSecurityName(), new OctetString("v3group"), StorageType.nonVolatile);
                agent.getVacmMIB().addAccess(new OctetString("v3group"), new OctetString("public"), SecurityModel.SECURITY_MODEL_ANY, SecurityLevel.AUTH_PRIV,
                        MutableVACM.VACM_MATCH_EXACT, new OctetString("fullReadView"), new OctetString("fullWriteView"),
                        new OctetString("fullNotifyView"), StorageType.nonVolatile);
                agent.getVacmMIB().addViewTreeFamily(new OctetString("fullReadView"), new OID("1.3"), new OctetString(),
                        VacmMIB.vacmViewIncluded, StorageType.nonVolatile);

Thats the Log after the Change:

2022-07-21 09:19:04.964 DefaultUDPTransportMapping_127.0.0.1/161 DEBUG Received message from /127.0.0.1/57519 with length 61: 30:3b:02:01:03:30:0f:02:03:00:be:ac:02:02:05:dc:04:01:04:02:01:03:04:10:30:0e:04:00:02:01:00:02:01:00:04:00:04:00:04:00:30:13:04:00:04:00:a5:0d:02:03:00:be:ac:02:01:00:02:01:14:30:00
2022-07-21 09:19:04.966 DefaultUDPTransportMapping_127.0.0.1/161 DEBUG SNMPv3 header decoded: msgId=48812, msgMaxSize=1500, msgFlags=04, secModel=3
2022-07-21 09:19:04.967 DefaultUDPTransportMapping_127.0.0.1/161 DEBUG RFC3414 §3.2.3 Unknown engine ID: ''
2022-07-21 09:19:04.967 DefaultUDPTransportMapping_127.0.0.1/161 DEBUG Adding cache entry: StateReference[msgID=48812,pduHandle=PduHandle[367063099],securityEngineID=,securityModel=org.snmp4j.security.USM@31c88ec8,securityName=,securityLevel=1,contextEngineID=,contextName=,retryMsgIDs=null]
2022-07-21 09:19:04.968 DefaultUDPTransportMapping_127.0.0.1/161 DEBUG Removed cache entry: StateReference[msgID=48812,pduHandle=null,securityEngineID=,securityModel=org.snmp4j.security.USM@31c88ec8,securityName=,securityLevel=1,contextEngineID=,contextName=,retryMsgIDs=null]
2022-07-21 09:19:04.968 DefaultUDPTransportMapping_127.0.0.1/161 DEBUG RFC3414 §3.1.4.b Outgoing message is not encrypted
2022-07-21 09:19:04.968 DefaultUDPTransportMapping_127.0.0.1/161 DEBUG Sending message to 127.0.0.1/57519 from 127.0.0.1/161 with length 103: 30:65:02:01:03:30:10:02:03:00:be:ac:02:03:00:ff:ff:04:01:00:02:01:03:04:1d:30:1b:04:0d:80:00:13:70:01:0a:c8:38:3d:46:a0:e5:9d:02:01:00:02:01:00:04:00:04:00:04:00:30:2f:04:0d:80:00:13:70:01:0a:c8:38:3d:46:a0:e5:9d:04:00:a8:1c:02:01:00:02:01:00:02:01:00:30:11:30:0f:06:0a:2b:06:01:06:03:0f:01:01:04:00:41:01:01
2022-07-21 09:19:04.968 DefaultUDPTransportMapping_127.0.0.1/161 DEBUG Sending packet to 127.0.0.1/57519
2022-07-21 09:19:04.973 DefaultUDPTransportMapping_127.0.0.1/161 INFO Dispatching message canceled due to security issue: statusInfo=1.3.6.1.6.3.15.1.1.4.0 = 1, status=1410,tmStateReference=TransportStateReference[transport=org.snmp4j.transport.DefaultUdpTransportMapping@754ba872, address=127.0.0.1/161, securityName=null, requestedSecurityLevel=undefined, transportSecurityLevel=undefined, sameSecurity=false, sessionID=java.net.DatagramSocket@1e24396f, target=null]

This error is caused by an unknown engine ID (usmStatsUnknownEngineIDs) - it is not related to the VACM. You need to check the USM configuration.