SNMP Agent Access Control Configuration
The management information base (MIB) branch implemented by Server Administrator is identified by the
Object Identifier (OID) 1.3.6.1.4.1.674. Management applications must have access to this branch of the
MIB tree to manage systems running Server Administrator.
For Red Hat Enterprise Linux and VMware ESXi 4.0 operating systems, the default SNMP agent
configuration gives read-only access for the public community only to the MIB-II system branch
(identified by the 1.3.6.1.2.1.1 OID) of the MIB tree. This configuration does not allow management
applications to retrieve or change Server Administrator or other systems management information
outside of the MIB-II system branch.
Server Administrator SNMP Agent Install Actions
If Server Administrator detects the default SNMP configuration during installation, it attempts to modify
the SNMP agent configuration to give read-only access to the entire MIB tree for the public community.
Server Administrator modifies the SNMP agent configuration file /etc/snm, p/snmpd.conf by:
• Creating a vew to the entire MIB tree by adding the following line if it does not exist: view all
included
• Modifying the default access line to give read-only access to the entire MIB tree for the public
community. Server Administrator looks for the following line: access notConfigGroup "" any
noauth exact systemview none none
• If Server Administrator finds the above line, it modifies the line as: access notConfigGroup ""
any noauth exact all none none
NOTE: To ensure that Server Administrator is able to modify the SNMP agent configuration for
providing proper access to systems management data, it is recommended that any other SNMP
agent configuration changes be made after installing Server Administrator.
Server Administrator SNMP communicates with the SNMP agent using the SNMP Multiplexing (SMUX)
protocol. When Server Administrator SNMP connects to the SNMP agent, it sends an object identifier to
the SNMP agent to identify itself as a SMUX peer. Because that object identifier must be configured with
the SNMP agent, Server Administrator adds the following line to the SNMP agent configuration file, /etc/
snmp/snmpd.conf, during installation if it does not exist:
smuxpeer .1.3.6.1.4.1.674.10892.1
Changing The SNMP Community Name
Configuring the SNMP community name determines which systems are able to manage your system
through SNMP. The SNMP community name used by management applications must match an SNMP
community name configured on the system running Server Administrator, so that the management
applications can retrieve management information from Server Administrator.
To change the SNMP community name used for retrieving management information from a system
running Server Administrator:
1. Open the SNMP agent configuration file, /etc/snmp/snmpd.conf.
2. Find the line that reads: com2sec publicsec default public or com2sec notConfigUser
default public.
NOTE: For IPv6, find the line com2sec6 notConfigUser default public. Also, add the
text agentaddress udp6:161 in the file.
3. Edit this line, replacing public with the new SNMP community name. When edited, the new line
should read: com2sec publicsec default community_name or com2sec notConfigUser
default community_name.
21