snmpwalk: Unknown user name (SNMP v3)

Question

I'm trying to run SNMP version 3 but I'm getting this error:

snmpwalk: Unknown user name (SNMP v3)

This is the command I'm using

sudo snmpwalk -v3 -u bob -l AuthPriv -a SHA -A bobpassword -x AES -X bobpassword 127.0.0.1

I've created the user bob with this command:

net-snmp-create-v3-user

I created the user bob with the password bobpassword. For some reason it tells me that the user is unknown. Any ideas? Thanks

Answer 1

i find this path.

firsly stop snmtp:

systemctl stop snmpd

after that create user:

net-snmp-config --create-snmpv3-user -ro -A {WRITE SHA PASSWORD} -X {WRITE AES PASSWORD} -a SHA -x AES {WRITE USER NAME}

lastly start snmpd service:

systemctl restart snmpd

For control:

snmp-walk -v3 -u {WRITE SNMP USER NAME} -l authPriv -a SHA -A {WRITE SHA PASSWORD} -x AES -X {WRITE AES PASSWORD} {DESTINATION IP}

Not: I use SHA and AES encryption. You can use different encryption methots.

Answer 2

Short Answer:

As I suspected, special characters in the passwords were generating the error- which itself was a red-herring; it was nothing at all to do with an "unknown user". The user was not the issue, but rather the password associated with it was borking things...

Note: You have to stop the SNMPD service before executing the net-snmp-create-v3-user command:

systemctl stop snmpd.service

And of course restart it after creating the user.

What DIDN'T Work:

Passwords using special characters- even when encased by single quotes- will generate the error "snmpwalk: Unknown user name":

sudo net-snmp-create-v3-user -ro -A 'y2VP^^>c3Q]-|"g' -a SHA -X '8:c4ii@!><?::}' -x AES snmpadmin

What DID Work:

Just replace "AlphaNumericUsingCase" below with passwords that use letters with upper & lower case and numbers:

sudo net-snmp-create-v3-user -ro -A 'AlphaNumericUsingCase' -a SHA -X 'AlphaNumericUsingCase' -x AES snmpadmin

From my reading, it also appears that passwords must be a minimum of at least (8) characters in length.

Conclusion:

Usually encasing special characters in single quotes should result in them being interpreted as literals, but this clearly was not happening.

I suspect some special characters will work in the passwords, but that will have to be determined with a bit of trial-n-error. In any event, you should be blocking access to UDP/161 & UDP/162 in your gateway firewall.