HPE Community
Operating System - HP-UX
1833696 Members
3536 Online
110062 Solutions
New Discussion

Re: snmp and ping

 
Michael_33
Regular Advisor

‎03-13-2002 11:20 PM

‎03-13-2002 11:20 PM

snmp and ping

Hi all,

1. www user can not ping, I got this error message:

"ping: socket: Permission denied"
but root can ping.

2. I also got this error when I config MRTG.

"SNMP error:
no response received"

0 Kudos
Reply
16 REPLIES 16
S.K. Chan
Honored Contributor

‎03-13-2002 11:37 PM

‎03-13-2002 11:37 PM

Re: snmp and ping

1) Check ownership and permission of /usr/sbin/ping. It should be ..
-r-sr-xr-x bin bin .... ping

2) Is SNMP enabled on your machine ?
# ps -ef|grep snmp
to check ..
0 Kudos
Reply
Michael_33
Regular Advisor

‎03-13-2002 11:54 PM

‎03-13-2002 11:54 PM

Re: snmp and ping

thanks, the permission of
ping is correct,
and I do #ps -ef|grep snmp
it returns:
root 421 1 Mar 6 /usr/sbin/snmpdm

Any idea?
0 Kudos
Reply
S.K. Chan
Honored Contributor

‎03-14-2002 12:04 AM

‎03-14-2002 12:04 AM

Re: snmp and ping

I'm sorry , the permission should be ..
-r-sr-xr-x 1 root bin 24576 Nov 14 2000 /usr/sbin/ping
Change the ownership to root and normal user should be ableto ping again.

As for the snmp q... I need to find out what exactly you did with MRTG, I believe this is a 3rd party monitoring tool ?
0 Kudos
Reply
Michael_33
Regular Advisor

‎03-14-2002 12:17 AM

‎03-14-2002 12:17 AM

Re: snmp and ping

the permission of ping is
the same as yours. but www
still can not ping.

I got snmp error when I run cfgmaker

cfgmaker --global "WorkDir: /home/www/sng" --global "Options[_]: growright,bits" --ifref=ip abc@116.com > mrtg.cfg

0 Kudos
Reply
S.K. Chan
Honored Contributor

‎03-14-2002 12:47 AM

‎03-14-2002 12:47 AM

Re: snmp and ping

I'm not sure then about your 'ping' problem. For the snmp problem, I can only think of one thing, since you did not use any option in cfgmaker that specify the community name, I think it's going to assume it's "public". So you got to make sure that your box has community name "public" which I think it is already unless someone change it.
# more /etc/snmpd.conf
to confirm this. BTW also look through this document for details on "cfgmaker" command.

http://people.ee.ethz.ch/~oetiker/webtools/mrtg/cfgmaker.html
0 Kudos
Reply
Printaporn_1
Esteemed Contributor

‎03-14-2002 01:08 AM

‎03-14-2002 01:08 AM

Re: snmp and ping

Hi,

DO you start troubleshoot by try ping and do snmpget (by MRTG) to another snmp client.
look like it's problem with client not properly configure with snmp.
enjoy any little thing in my life
0 Kudos
Reply
Michael_33
Regular Advisor

‎03-14-2002 01:09 AM

‎03-14-2002 01:09 AM

Re: snmp and ping

good idea, I will see the /etc/snmpd.conf, need
I run /etc/inetd -c ?
0 Kudos
Reply
Michael_33
Regular Advisor

‎03-14-2002 01:22 AM

‎03-14-2002 01:22 AM

Re: snmp and ping

how to use snmpget to test?
thanks!
0 Kudos
Reply
Steven Sim Kok Leong
Honored Contributor

‎03-14-2002 04:31 AM

‎03-14-2002 04:31 AM

Re: snmp and ping

Hi,

For ping check the permissions of the directory /var/spool/sockets. Make sure that it is rwx to all ie. rwxrwxrwx.

# ll -d /var/spool/sockets

For the no response, make sure that the server is running the snmp daemon. You can verify on the server side by executing:

# netstat -f inet|grep -e 161 -e snmp

Hope this helps. Regards.

Steven Sim Kok Leong
0 Kudos
Reply
Michael_33
Regular Advisor

‎03-14-2002 05:14 PM

‎03-14-2002 05:14 PM

Re: snmp and ping

Thanks Steven!
The permission of /var/spool/socket is correct, but when I run
netstat -f inetd|grep -e 161
-e snmp, it returned " inetd:
unknown address family"

Any ideas?
0 Kudos
Reply
S.K. Chan
Honored Contributor

‎03-14-2002 06:14 PM

‎03-14-2002 06:14 PM

Re: snmp and ping

To answer your previous question, you need not run inetd after (if any) changes were made to /etc/snmpd.conf. Just have to restart snmpd. The " netstat -f .. " command, it should be inet not inetd.
0 Kudos
Reply
Michael_33
Regular Advisor

‎03-14-2002 06:58 PM

‎03-14-2002 06:58 PM

Re: snmp and ping

thanks, I do netstat -f inet|grep -e 161 -e snmp,
nothing returned.

I think something wrong with
/etc/snmpd.conf, I don't know
how to set "get-community-name"
0 Kudos
Reply
Ron Kinner
Honored Contributor

‎03-14-2002 07:56 PM

‎03-14-2002 07:56 PM

Re: snmp and ping

Are you trying to use MRTG to monitor another device or your own computer?

The device you are monitoring has to be expecting an SNMP query (running SNMPD in UNIX land) AND it has to have the same read only (RO) community string. The default is usually "public" but for security reasons you really ought to change it.

If you have any firewalls they will need to be opened to let it through.

To use cfgmaker:

cfgmaker --global "WorkDir: /home/mrtg" public@router.place.xyz > mrtg.cfg

You can leave off the --global "workdir: /home/mrtg" and just add that later in the mrtg.cfg file. Can also just put in the a.b.c.d address instead of the name.

The fact that you are getting no snmp response means that the device either does not do SNMP or the community string is not "public".

Doing

netstat -a |grep 161

on the target box should show if it is going to respond.

If you have a Window box you can get a freeware program getif which will "walk" the snmp tree of a device. I'm sure there is some equivalent for UNIX.

Ron
0 Kudos
Reply
Michael_33
Regular Advisor

‎03-15-2002 12:51 AM

‎03-15-2002 12:51 AM

Re: snmp and ping

how to set "get-community-name" ?
0 Kudos
Reply
Steven Sim Kok Leong
Honored Contributor

‎03-15-2002 12:55 AM

‎03-15-2002 12:55 AM

Re: snmp and ping

Hi,

In your /etc/snmpd.conf of the server you are polling, specify:

get-community-name whatever_you_want

This name must be the same as the community name you specified in your mrtg.cfg. It is used in snmpget to query the OID value of your server.

Note however that it is not advisable for you to use "public" as community string as it is widely known and if your snmpd has not been patched and not restricted to specific source addresses, it will be susceptible to DoS attacks.

For security reasons, use a community string that is not easily guessable.

Hope this helps. Regards.

Steven Sim Kok Leong
0 Kudos
Reply
Steven Sim Kok Leong
Honored Contributor

‎03-15-2002 12:57 AM

‎03-15-2002 12:57 AM

Re: snmp and ping

Hi,

Btw, you will need the colon:

get-community-name: whatever_you_want

Hope this helps. Regards.

Steven Sim Kok Leong



0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.