Re: [nv-l] A Authentication Failure Incorrect Community Name

[Larry Fagan <larrytechie@yahoo.com>]

My humble salutations to James...
  Larry

James Shanks <jshanks@us.ibm.com> wrote:

Larry, you missed the point of what I said. Your original note indicated
to me that you weren't sure what boxes were sending you these traps or why,
or whether they were legitimate or not. Well, I don't know why they are
begin generated, but I did give you some suggestions about how to find out
the origin of them. If I misunderstood what you were saying, then I
apologize. But what you should do to resolve this situation is up to you.

You can turn off traps if you want to, but that just masks the problem
doesn't it? If you can demandpoll the machines and get correct SNMP
responses from NetView then the daemons should all be using the correct
community name. But you could always stop all the daemons, clear the
xnmsnmpconf cache, and restart everything, or just reboot, to force
everything back to square one. You don't have an MLM anywhere that needs
to be updated, do you? If all else fails, I would go to one of the problem
servers and see whether you could get a log or a trace from there of who is
sending the bad query. iptrace, snoop, ethereal, whatever is appropriate
to the OS there would show who is sending the bad queries.

I'm not defending the NetView migration process, nor claiming that
something didn't go wrong with it somewhere. I'm only suggesting how you
might get to the bottom of it.

James Shanks
Level 3 Support for Tivoli NetView for UNIX and Windows
Tivoli Software / IBM Software Group



Larry Fagan

o.com> ! To
Sent by: nv-l@lists.us.ibm.com
owner-nv-l@lists. cc
us.ibm.com
Subject
Re: [nv-l] A Authentication Failure
03/06/2006 05:05 Incorrect Community Name
PM


Please respond to
nv-l@lists.us.ibm
.com !






James,
Yes, traps are coming in with hostname and community string also.. i have
them coming in from bunch of servers.. so should i go to each box and turn
off SNMP trap destination? This was not the case before migration.. these
traps were not coming in before..
any help is appreciated..
larry


James Shanks wrote:
If you turn on the trapd trace, it will give you the IP address from which
the trap was received. If you enable the hex dump option on trapd it will
also dump the trap in hex, making it easier to find in the trace. Also,
most authentication failure traps do not contain the failing community
name, the standard one has no variables at all, so you should be able to
look in trapd.conf and see what enterprise is sending it. ! Perhaps these
things will give you some clues.

James Shanks
Level 3 Support for Tivoli NetView for UNIX and Windows
Tivoli Software / IBM Software Group




Yahoo! Mail
Bring photos to life! New PhotoMail makes sharing a breeze.

---

Brings words and photos together (easily) with
 
PhotoMail  - it's free and works with Yahoo! Mail.