18.4 Installing and Configuring SNMP Services for eDirectory

SNMP service for eDirectory is installed when eDirectory is installed. You can modify the default configuration of SNMP services for eDirectory using iManager. For more information, see Dynamic Configuration.

A new object called SNMP Group-Object is added to the directory tree when eDirectory is installed. This object is used to set up and manage the NetIQ eDirectory SNMP traps. See SNMP Group Object for more information.

Installing SNMP after eDirectory Installation on Windows

If the SNMP service is not installed with eDirectory, the eDirectory install copies only the required SNMP subagent files and does not update the registry.

If you want to use SNMP services on eDirectory at a later point in time, you can install the SNMP service and update the registry using the following command:

rundll32 snmpinst, snmpinst -c createreg

18.4.1 Loading and Unloading the SNMP Server Module

The SNMP server module can be manually loaded and unloaded. By default, the SNMP server module loads automatically on all platforms. However, you can manually load the server module on Windows and Linux.

To load the SNMP server module, enter the following commands:

Server

Command

Windows

In the DHost (NDSCONS) screen, select ndssnmp.dlm > click Start.

Linux

In the DHost remote management page, to load the SNMP trap server click on the SNMP Trap Server for NetIQ eDirectory action icon to start.

or

At the prompt, enter the following:

                    /opt/novell/eDirectory/bin/ndssnmp -l

To unload the SNMP server module, enter the following commands:

Server

Command

Windows

In the DHost (NDSCONS) screen, select ndssnmp.dlm, then click Stop.

Linux

In the DHost remote management page, to unload the SNMP trap server, click the SNMP Trap Server for NetIQ eDirectory 9.1 action icon to stop.

or

At the prompt, enter the following:

                    /opt/novell/eDirectory/bin/ndssnmp -u

18.4.2 Subagent Configuration

Static Configuration

Static configuration is used before bringing up the subagent. You can manually configure it by editing the ndssnmp.cfg file on Windows or Linux. The ndssnmp.cfg file is located in the following directories:

Windows: install_directory\SNMP\

Linux: /etc/opt/novell/eDirectory/conf/ndssnmp/

NOTE:If changes are made to the ndssnmp.cfg file, the subagent must be restarted.

You can provide configuration information to the subagent such as the following:

  • INTERACTIVE status

    Where status is either on or off. If the status is on, you are prompted to enter the user name and password when starting the subagent. If the status is off, then the user name and password will be taken from the secure store. Default = Off.

    Examples:

    INTERACTIVE on

    INTERACTIVE off

  • INTERACTION value

    Where value is the number of interaction table entries. Range = 1 to 10. Default = 4.

    Examples:

    INTERACTION 4

    INTERACTION 2

  • MONITOR status

    Where status is either on or off. Default = On.

    Examples:

    MONITOR on

    MONITOR off

  • SSLKEY certificate_file

    Where certificate_file is the exported certificate along with the path. You must enter the path where this exported certificate exists.

    Examples:

    SSLKEY /home/guest/snmp-cert.der (Linux)

    SSLKEY c:\home\guest\snmp-cert.der (Windows)

    NOTE:This option is not supported if there are multiple instances to be monitored that do not accept a common certificate.

  • SERVER hostname/IP_address:NCP_port

    Where hostname is the name of the host where the eDirectory server is installed and configured. Only the locally installed server is supported.This is a required command in the file, otherwise none of the servers are monitored. Default: hostname of the local server.

    Examples:

    SERVER myserver

    SERVER myserver:1524

    On Linux, if you have multiple instances of eDirectory, you can include all the eDirectory servers you want to monitor as follows:

    SERVER myserver:1524

    SERVER myserver:2524

    SERVER myserver:6524

    NOTE:No spaces are allowed before or after “:” as part of the server command.

Dynamic Configuration

Dynamic configuration can be done in either of the following ways, anytime after the Directory service is up and running.

Command Line

A trap configuration command line utility can be used to configure SNMP traps for eDirectory.

The command line configuration utility can be used to:

  • Enable or disable traps

  • Set the trap interval

  • Enable or disable failure traps

  • List the enabled, disabled or all traps

NOTE:For more details, see Configuring Traps.

iManager Plug-In

Traps can also be configured using NetIQ iManager. NetIQ iManager is a browser-based tool used for administering, managing, and configuring eDirectory objects. NetIQ iManager gives you the ability to assign specific tasks or responsibilities to users and to present the user with only the tools (with the accompanying rights) necessary to perform those sets of tasks.

  1. In NetIQ iManager, click the Roles and Tasks button Roles and Tasks button.

  2. Click SNMP > SNMP Overview.

  3. Click View SNMP Group objects, then click the name of the SNMP Group object you want to configure.

  4. Specify the configurable parameters in the General/Traps page.

  5. Click Apply, then click OK to save the new configuration settings.

    NOTE:For more information, see the NetIQ iManager online help.

18.4.3 Setting Up SNMP Services for eDirectory

This section describes setting up the SNMP services for eDirectory on the following platforms:

Setting up SNMP services for eDirectory requires the following steps:

  1. Configuring the master agent

  2. Starting the master agent

  3. Configuring the subagent

  4. Starting the subagent

Windows

Configuring the Master Agent

NOTE:The SNMP master agent should be installed before eDirectory is installed. Refer to Microsoft SNMP Services for more details.

  1. In the Microsoft SNMP Properties dialog box, click the Agent tab.

  2. Enter the Contact and Location information.

  3. Click the Traps, then enter the Community Name and Trap destination details.

    1. Enter the Community Name, then click Add.

    2. Enter the IP address or hostname of the destination computer that traps are generated for.

    3. Click Add to add the IP address or hostname.

  4. Enable the Allow Service to Interact with Desktop option.

    If this option is not enabled, you will be unable to connect to SNMP on Windows.

    On Windows platform: Click Start > Settings > Control Panel > Administrative Tools > Services. Then right-click SNMP and select Properties. At the Log On tab, select the Allow Service to Interact with Desktop option.

Starting the Master Agent

  1. To start the master agent, do the following:

    Click Start > Settings > Control Panel > Administrative Tools > Services > SNMP > Start.

  2. Enter the following at the command prompt:

    Net start SNMP

Stopping the Master Agent

To stop the master agent, do either of the following:

  1. Click Start > Settings > Control Panel > Administrative Tools > Services > SNMP > Stop.

  2. Enter the following at the command prompt:

    Net stop SNMP

Starting the Subagent

When the master agent starts on Windows, the subagent also starts.

IMPORTANT:The latest updated Service Pack needs to be installed after the installation of the SNMP service.

Linux

On Linux net-snmp should be installed. By default, it is installed on most Linux systems.

Setting up SNMP Services on Linux

Configuring the Master Agent

To configure the master agent on Linux, make the changes to your snmpd.conf file as mentioned in snmpd.conf Changes.

The snmpd.conf file is located in the /etc/snmp directory on SLES and in the /etc directory on other Linux platforms.

snmpd.conf Changes

In the snmpd.conf file, enter the following line:

trapsink myserver public

Where myserver is the hostname for the trap destination.

In the snmpd.conf file, add the following line:

master agentx

Additionally, make the following changes:

Original Content

Changed Content

com2sec notConfigUser default public

com2sec demouser default public

group notConfigGroup v1 notConfigUser

group demogroup v1 demouser

view systemview included system

view all included .1

access notConfigGroup "" any noauth exact systemview none none

access demogroup "" any noauth exact all all all

If the above content is not present in the snmpd.conf file, add it.

IMPORTANT:If any configuration files are changed, the master agent and subagent should be restarted.

Starting the Master Agent

To start the master agent, execute the following command:

/usr/sbin/snmpd -C -c /etc/snmpd.conf

NOTE:Run /etc/init.d/snmpd start command to start the master agent on SLES 12 and above.

Starting the Subagent

To start the subagent, execute the following command:

/etc/init.d/ndssnmpsa start

Enter the user name and password when prompted. Upon successful authentication, the following message is displayed if INTERACTION = ON in the /etc/opt/novell/eDirectory/conf/ndssnmp/ndssnmp.cfg file:

Do you want to remember password? (Y/N)

Enter Y to remember the password. When you start the subagent the next time, you are not prompted for the password.

Enter N to enter the password when the subagent is started the next time.

NOTE:When the server goes down, the master agent and subagent also go down. Therefore, to start the master agent and the sub-agent during server reboot time, execute the following commands:

chkconfig snmpd on
chkconfig ndssnmpsa on

Stopping the Subagent

To stop the subagent, execute the following command:

/etc/init.d/ndssnmpsa stop