如何配置 snmpd.conf 文件使 SET 命令在 net-snmp 中起作用?

How to configure snmpd.conf file to make work SET command in net-snmp?

我已经配置了snmpd.conf如下

com2sec AllUser default public
group AllGroup v2c AllUser
view AllView included .1
access AllGroup "" any noauth exact AllView none none

mibs +GET-PDU-INFO-MIB
mibs +NOTIFICATION-TEST-MIB

rocommunity private localhost
rwcommunity private localhost

pass .1.3.6.1.4.1.53864.1 /bin/sh /etc/snmp/pduMIBScript.sh

有路径

/etc/snmp/snmpd.conf

所以之后我尝试发送以下命令

  1. 获取下一个
  2. 获取
  3. 批量获取
  4. 步行
  5. 设置

在尝试了上述所有命令后,我观察到的一件事是,除“设置”命令外,所有命令都运行良好。

为了调试这个问题,我首先确认我试图设置的变量在 MIB 文件中具有读写访问权限。我使用的 MIB 文件如下

GET-PDU-INFO-MIB DEFINITIONS ::= BEGIN

IMPORTS
MODULE-IDENTITY, OBJECT-TYPE, enterprises FROM SNMPv2-SMI
;

pduInfo MODULE-IDENTITY
LAST-UPDATED "202005100000Z"
ORGANIZATION "XYZ"
CONTACT-INFO
     "postal:   admin @ admin"
DESCRIPTION
    "This Mib module defines objects for signal statistics"
REVISION     "202005100000Z"
DESCRIPTION
    "Corrected notification example definitions"
REVISION     "200202060000Z"
DESCRIPTION
    "First draft"
::= { enterprises 53864 }

--
-- top level structure
--
pduVar       OBJECT IDENTIFIER ::= { pduInfo 1 }

--
-- Example scalars
--

gpsVar1 OBJECT-TYPE
   SYNTAX      OCTET STRING
   MAX-ACCESS  read-write
   STATUS      current
   DESCRIPTION
      "the latest value of signal"
   DEFVAL { "hello" }
   ::= { pduVar 1 }
   
   END

从 MIB 浏览器发送“SET”命令后,出现以下错误

“SET 命令问题”的原因是什么。谁能帮我理解这背后的问题?

经过大量搜索,终于找到了解决方案。现在我编辑了 snmpd.conf 如下,

######################################################################## 
#######
# Access Control
#######################################################################

# YOU SHOULD CHANGE THE "COMMUNITY" TOKEN BELOW TO A NEW KEYWORD ONLY
# KNOWN AT YOUR SITE.  YOU *MUST* CHANGE THE NETWORK TOKEN BELOW TO
# SOMETHING REFLECTING YOUR LOCAL NETWORK ADDRESS SPACE.

# By far, the most common question I get about the agent is "why won't
# it work?", when really it should be "how do I configure the agent to
# allow me to access it?"
#
# By default, the agent responds to the "public" community for read
# only access, if run out of the box without any configuration file in 
# place.  The following examples show you other ways of configuring
# the agent so that you can change the community names, and give
# yourself write access as well.
#
# The following lines change the access permissions of the agent so
# that the COMMUNITY string provides read-only access to your entire
# NETWORK (EG: 10.10.10.0/24), and read/write access to only the
# localhost (127.0.0.1, not its real ipaddress).
#
# For more information, read the FAQ as well as the snmpd.conf(5)
# manual page.

####
# First, map the community name (COMMUNITY) into a security name
# (local and mynetwork, depending on where the request is coming
# from):

#       sec.name  source          community
#com2sec paranoid  default         public
#com2sec readonly  default         public
com2sec readwrite default         private

####
# Second, map the security names into group names:

#               sec.model  sec.name
#group MyROSystem v1        paranoid
#group MyROSystem v2c       paranoid
#group MyROSystem usm       paranoid
#group MyROGroup v1         readonly
#group MyROGroup v2c        readonly
#group MyROGroup usm        readonly
group MyRWGroup v1         readwrite
group MyRWGroup v2c        readwrite
group MyRWGroup usm        readwrite

####
# Third, create a view for us to let the groups have rights to:

#           incl/excl subtree                          mask
view all    included  .1                               80
view system included  .iso.org.dod.internet.mgmt.mib-2.system

####
# Finally, grant the 2 groups access to the 1 view with different
# write permissions:

#                context sec.model sec.level match  read   write  notif
#access MyROSystem ""     any       noauth    exact  system none   none
#access MyROGroup ""      any       noauth    exact  all    none   none
access MyRWGroup ""      any       noauth    exact  all    all    none

# ------------------------------------------------------------------