JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle Solaris Cluster Reference Manual
search filter icon
search icon

Document Information

Preface

Introduction

OSC33 1

OSC33 1cl

claccess(1CL)

cldev(1CL)

cldevice(1CL)

cldevicegroup(1CL)

cldg(1CL)

clinterconnect(1CL)

clintr(1CL)

clmib(1CL)

clnas(1CL)

clnasdevice(1CL)

clnode(1CL)

clq(1CL)

clquorum(1CL)

clreslogicalhostname(1CL)

clresource(1CL)

clresourcegroup(1CL)

clresourcetype(1CL)

clressharedaddress(1CL)

clrg(1CL)

clrs(1CL)

clrslh(1CL)

clrssa(1CL)

clrt(1CL)

clsetup(1CL)

clsnmphost(1CL)

clsnmpmib(1CL)

clsnmpuser(1CL)

clta(1CL)

cltelemetryattribute(1CL)

cluster(1CL)

clvxvm(1CL)

clzc(1CL)

clzonecluster(1CL)

OSC33 1ha

OSC33 1m

OSC33 3ha

OSC33 4

OSC33 5

OSC33 5cl

OSC33 7

OSC33 7p

Index

clsnmpuser

- administer Oracle Solaris Cluster SNMP users

Synopsis

/usr/cluster/bin/clsnmpuser  -V
/usr/cluster/bin/clsnmpuser  [subcommand] -?
/usr/cluster/bin/clsnmpuser  [subcommand] [options]

 -v [operand]
/usr/cluster/bin/clsnmpuser create  -i {- |  clconfigfile}

 [-a authentication] -f passwdfile [-n node[,…]]

 {+ |  user ...}
/usr/cluster/bin/clsnmpuser delete  [-a authentication]

 [-n node[,…] ] {+ |  user ...}
/usr/cluster/bin/clsnmpuser export  [-o  {- |  clconfigfile}]

 [-a authentication] [-n node[,…] ] [ {+ |  user ...}]
/usr/cluster/bin/clsnmpuser list  [-a authentication]

 [-n node[,…] ] {-d |  + |  user ...}
/usr/cluster/bin/clsnmpuser set  [-a authentication]

 [-n node[,…] ] {+ |  user ...}
/usr/cluster/bin/clsnmpuser set-default  {-l seclevel [,…] }

 {+ |  user ...}
/usr/cluster/bin/clsnmpuser show  [-a authentication]

 [-n node[,…] ] [-d |  + |  user ...]

Description

The clsnmpuser command administers the roles of Simple Network Management Protocol (SNMP) users who can administer the control mechanisms on cluster Management Information Bases (MIBs). For more information about cluster MIBs, see the clsnmpmib(1CL) man page. If the cluster contains a MIB that is configured to use SNMP Version 3 (SNMPv3), you must define an SNMP user. SNMP users are not the same users as Solaris OS users, and SNMP users do not need to have the same user names as existing OS users.

This command has no short form.

The general form of this command is as follows:

clsnmpuser [subcommand] [options] [operands]

You can omit subcommand only if options specifies the option -? or -V.

Each option of this command has a long form and a short form. Both forms of each option are provided with the description of the option in the OPTIONS section.

See the Intro(1CL) man page for more information.

You can use this command only in the global zone.

SUBCOMMANDS

The following subcommands are supported:

create

Creates a user and adds the user to the SNMP user configuration on the specified node.

You can use this subcommand only in the global zone.

Use the -n option with this subcommand to specify the cluster node on which to create the SNMP user. If you do not specify the -n option, the user is created and added only to the SNMP configuration on the current node.

To create and add all of the users that are configured in the clconfiguration file, use the -i option and the -n option.

To assign an authentication type to the SNMP user that you are creating, specify the -a option.

You can include the password for the SNMP user by specifying the -f option. The -f option is required if you are using the -i option.

If you specify the -i option, the configuration information from the clconfiguration(5CL) file is used. When you specify the -i option, you can also specify the plus sign (+) operand or a list of users.

Users other than superuser require solaris.cluster.modify role-based access control (RBAC) authorization to use this command. See the rbac(5) man page.

delete

Deletes an SNMPv3 user from the specified node.

You can use this subcommand only in the global zone.

When you use the delete subcommand and specify only a user name, the subcommand removes all instances of the user. To delete users by authentication type, use the -a option. If you do not use the -n option, the user is deleted from only the current node.

Users other than superuser require solaris.cluster.modify RBAC authorization to use this subcommand. See the rbac(5) man page.

export

Exports the SNMP user information from the specified node.

You can use this subcommand only in the global zone.

If you do not use the -n option, the SNMP user information is exported only from the current node. For the format of the output from the export subcommand, see the clconfiguration(5CL) man page. By default, all output is sent to standard output. Use the -o option followed by a file name to redirect the output to the file.

You can use the -a option to provide output only for those users with a specific authentication type. If you specify one or more users as operands, the output is restricted to only the information about those users.

Users other than superuser require solaris.cluster.read RBAC authorization to use this subcommand. See the rbac(5) man page.

list

Prints a list of SNMPv3 users that are configured on the specified node.

You can use this subcommand only in the global zone.

By default, the list subcommand displays all SNMPv3 users on the specified node. To display only the default SNMP user, specify the -d option with no operands. To restrict the output to a specified authentication type, use the -a option.

Users other than superuser require solaris.cluster.read RBAC authorization to use this subcommand. See the rbac(5) man page.

set

Changes the configuration of a user on the specified node.

You can use this subcommand only in the global zone.

If you do not specify the -n option, the configuration of a user is modified only on the current node.

Users other than superuser require solaris.cluster.modify RBAC auhorization to use this subcommand. See the rbac(5) man page.

set-default

Specifies the name of the default SNMP user and the security level that is used when a MIB sends a trap notification.

You can use this subcommand only in the global zone.

You use the -l option to specify the security level.

If the MIB is configured to use SNMPv3, you must specify a specific user name and security level with which to authenticate the traps. If a configuration has more than one user, you must specify the default user that the MIB will use when it sends the trap notifications.

If the configuration contains only one user, that user automatically becomes the default SNMP user. If the default SNMP user is deleted, another existing user, if any, becomes the default.

Users other than superuser require solaris.cluster.modify RBAC auhorization to use this subcommand. See the rbac(5) man page.

show

Prints information about the users on the specified node.

You can use this subcommand only in the global zone.

By default, the show subcommand displays information about all users on the node. To display information about only the default SNMP user, specify the -d option and do not provide an operand. To limit the output to specific authentication types, use the -a option. If you do not use the -n option, the command displays only user information from the current node.

Users other than superuser require solaris.cluster.read RBAC authorization to use this subcommand. See the rbac(5) man page.

Options

The following options are supported:

-?
--help

Prints help information.

You can specify this option with or without a subcommand.

  • If you use this option without a subcommand, the list of available subcommands is displayed.

  • If you use this option with a subcommand, the usage options for that subcommand are displayed.

When this option is used, no other processing is performed.

-a authentication
--authentication authentication

Specifies the authentication protocol that is used to authorize the user. The value of the authentication protocol can be SHA or MD5.

-d
--default

Specify the default SNMP user that is used when a MIB sends a trap notification.

-f passwdfile
--file passwdfile

Specifies a file that contains one or more SNMP user passwords. If you do not specify this option when you create a new user, the command prompts for a password. This option is valid only with the create subcommand.

User passwords must be specified on separate lines in the following format:

user:password

Passwords cannot contain the following characters or a space:

  • ; (semicolon)

  • : (colon)

  • \ (backslash)

  • \n (newline)

-i {- | clconfigfile}
--input {- | clconfigfile-}

Specifies configuration information that is to be used to validate or modify the SNMP hosts configuration. This information must conform to the format that is defined in the clconfiguration(5CL) man page. This information can be contained in a file or supplied through standard input. To specify standard input, specify the minus sign (-) instead of a file name.

-l seclevel
--securitylevel seclevel

Specifies the user's security level. You specify one of the following values for seclevel:

  • noAuthNoPriv

  • AuthNoPriv

  • authPriv

For more information about SNMP security levels, see the snmpcmd(1M) man page.

-n node[,…]
--node[s] node-[…]

Specifies a node or a list of nodes. You can specify each node as a node name or as a node ID.

All forms of this command accept this option.

-o {- | clconfigfile}
--output {- | clconfigfile-}

Writes the cluster SNMP host configuration information in the format that is described by the clconfiguration(5CL) man page. This information can be written to a file or to standard output.

To write to standard output, specify the minus sign (-) instead of a file name. If you specify standard output, all other standard output for the command is suppressed.

-V
--version

Prints the version of the command.

Do not specify this option with subcommands, operands, or other options because they are ignored. The -V option displays only the version of the command. No other operations are performed.

-v
--verbose

Prints verbose messages and information.

You can specify this option with any form of the command, although some subcommands might not produce expanded output. For example, the export subcommand does not produce expanded output if you specify the verbose option.

Operands

The following operands are supported:

+

Specifies all SNMP users.

user

Specifies the name of the SNMP user.

Exit Status

If the command is successful for all specified operands, it returns zero (CL_NOERR). If an error occurs for an operand, the command processes the next operand in the operand list. The returned exit code always reflects the error that occurred first.

This command returns the following exit status codes:

0 CL_NOERR

No error

The command that you issued completed successfully.

1 CL_ENOMEM

Not enough swap space

A cluster node ran out of swap memory or ran out of other operating system resources.

3 CL_EINVAL

Invalid argument

You typed the command incorrectly, or the syntax of the cluster configuration information that you supplied with the -i option was incorrect.

6 CL_EACCESS

Permission denied

The object that you specified is inaccessible. You might need superuser or RBAC access to issue the command. See the su(1M) and rbac(5) man pages for more information.

18 CL_EINTERNAL

Internal error was encountered

An internal error indicates a software defect or other defect.

35 CL_EIO

I/O error

A physical input/output error has occurred.

36 CL_ENOENT

No such object

The object that you specified cannot be found for one of the following reasons:

  • The object does not exist.

  • A directory in the path to the configuration file that you attempted to create with the -o option does not exist.

  • The configuration file that you attempted to access with the -i option contains errors.

Examples

Example 1 Creating an SNMPv3 User

The following command creates a new user newuser1 and adds the user to the configuration on the current node. The authentication type is SHA.

# clsnmpuser create -a SHA newuser1

Enter password for user 'newuser1':

This example requires that you enter a password for the user to be created. To automate this process, use the -f option.

Example 2 Listing Users

The following command lists all users with an authentication type of MD5.

# clsnmpuser list -a MD5 +

user1

mySNMPusername

The plus sign (+) is optional, as it is the default.

Example 3 Showing Users

The following command displays the user information for all users on the current node.

# clsnmpuser show



--- SNMP User Configuration on phys-schost-1 ---



SNMP User Name:                                 newuser1

  Authentication Protocol:                         SHA

  Default User:                                    Yes

  Default Security Level:                          authPriv

Example 4 Changing a User's Authentication Protocol and Status

The following command modifies the authentication protocol and default user status of the user newuser1.

# clsnmpuser set -a MD5 newuser1

Example 5 Deleting SNMP Users

The following command deletes all SNMP users.

# clsnmpuser delete +

The plus sign (+) is used in this example to specify all users.

Attributes

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE
ATTRIBUTE VALUE
Availability
SUNWscu
Interface Stability
Evolving

See Also

clsnmphost(1CL), clsnmpmib(1CL), cluster(1CL), Intro(1CL), sceventmib(1M), snmpcmd(1M), su(1M), scha_calls(3HA), attributes(5), rbac(5), clconfiguration(5CL)

Notes

The superuser can run all forms of this command.

All users can run this command with the -? (help) or -V (version) option.

To run the clsnmpmib command with other subcommands, users other than superuser require RBAC authorizations. See the following table.

Subcommand
RBAC Authorization
create
solaris.cluster.modify
delete
solaris.cluster.modify
export
solaris.cluster.read
list
solaris.cluster.read
set
solaris.cluster.modify
set-default
solaris.cluster.modify
show
solaris.cluster.read