Discussion:
net-snmp-5.4.1 win32 binaries with SHA and AES
Brendan Simon
2007-10-18 09:05:57 UTC
Permalink
I'm trying to do an snmpget with v3, authNoPriv and SHA auth protocol
with the 5.4.1 win32 binaries.
I get usm authentication errors (incorrect password or key). It works
fine from a Debian installation of 5.4.1.

I've installed the net-snmp-5.4.1 windows binaries, and the
Win32-OpenSSL 0.9.8e package.

Is there something special I have to do to get this to work ???

Also, I note the net-snmp windows package does not have AES enabled.
Ideally what I would like is some pre-compiled packages for net-snmp
that will give me SHA and AES and Diffie-Hellman capabilities.
Do these packages exist such that I can just install and run the command
line tools without having to compile anything ???

Thanks, Brendan.
Dave Shield
2007-10-18 09:24:45 UTC
Permalink
Post by Brendan Simon
I'm trying to do an snmpget with v3, authNoPriv and SHA auth protocol
with the 5.4.1 win32 binaries.
Which set of win32 binaries?
net-snmp-5.4.1-3.win32.exe or net-snmp-5.4.1-ssl-3.win32.exe ?

The first set uses the internal authentication routines (i.e. DES only).
The second set uses OpenSSL to provide SHA authentication
(and encrypted requests).


Dave
Brendan Simon
2007-10-18 10:48:12 UTC
Permalink
Post by Dave Shield
Post by Brendan Simon
I'm trying to do an snmpget with v3, authNoPriv and SHA auth protocol
with the 5.4.1 win32 binaries.
Which set of win32 binaries?
net-snmp-5.4.1-3.win32.exe or net-snmp-5.4.1-ssl-3.win32.exe ?
The first set uses the internal authentication routines (i.e. DES only).
The second set uses OpenSSL to provide SHA authentication
(and encrypted requests).
Thanks for the pointer. I haven't noticed the -ssl packages before. I
either missed them or they are reasonably new. I will give them a go.

Also what is the difference between the -1, -2 and -3 packages on the
download site?

net-snmp-5.4.1-2.win32.exe
net-snmp-5.4.1-3.win32.exe
net-snmp-5.4.1-ssl-2.win32.exe
net-snmp-5.4.1-ssl-3.win32.exe


I'm assuming the -3 is the most recent and/or best version to use.

Thanks, Brendan.
Dave Shield
2007-10-18 11:08:30 UTC
Permalink
Post by Brendan Simon
Also what is the difference between the -1, -2 and -3 packages on the
download site?
I'm assuming the -3 is the most recent and/or best version to use.
<grin>
Oh, I do like it when people answer their own questions.
It makes my job so much simpler.....

Yes - the "version-N" notation is a very common way of distinguishing
between updates of the same basic version. Always go for the highest
-N that you can see.

Dave
Thomas Anders
2007-10-18 12:13:51 UTC
Permalink
Post by Dave Shield
Which set of win32 binaries?
net-snmp-5.4.1-3.win32.exe or net-snmp-5.4.1-ssl-3.win32.exe ?
The first set uses the internal authentication routines (i.e. DES only).
Just for additional clarification: this should read MD5 instead of DES.
Post by Dave Shield
The second set uses OpenSSL to provide SHA authentication
(and encrypted requests).
Also, in case you have the earlier -1 version
(net-snmp-5.4.1-ssl-1.win32.exe), it didn't come with AES support by
mistake. An upgrade to net-snmp-5.4.1-3.win32.exe fixes this issue.


+Thomas
--
Thomas Anders (thomas.anders at blue-cable.de)
Loading...