Troubleshooting Problems With VACM Tables (Solaris System Management Agent Administration Guide)

Solaris System Management Agent Administration Guide

Troubleshooting Problems With VACM Tables

When creating VACM table entries, ensure that you configure access rights correctly for your users and user groups. Incorrectly configured access rights can lead to access being denied to key users.

Avoid creating large numbers of groups of users. Large numbers of groups can be difficult to administrate. Troubleshooting problems when you have created very large numbers of different user groups can become unmanageable.

When working with VACM tables, return values can include the following messages:

noSuchContext

This value is returned if the System Management Agent does not find the contextName of a particular message in the vacmContextTable. Access is denied. Check the context table entries. Ensure that these entries are correctly configured. Has each user got a context? For more information, see Context Table.

noSuchGroupName

Thisvalue is returned if the msgSecurityModel specifier and associated SecurityName are not found in the vacmSecurityToGroupTable. Access is denied. Check the security to group table entries. Ensure that these entries are correctly configured. Has each user got a group name? Have users been entered into the table correctly? For more information, see Security to Group Table.

notInView

This value is returned if the MIB view does not contain the OID searched for. Access is denied. For more information, see View Tree Family Table.

noAccessEntry

This value is returned if an access right is not found. Access is denied. Have you correctly set up the mask? Although each group can have multiple access rights, only the most secure access right is selected.

Is the vacmAccessContextMatch parameter set to exact? If the vacmAccessContextMatch parameter is set to exact, the contextName must be an exact match. Try setting the vacmAccessContextMatch value to prefix if appropriate. For more information, see Access Table.

Note –

Badly configured VACM tables can subject the network to unauthorized, possibly malicious access. Ensure that you check your VACM table configurations in a test environment before implementing these configurations on your network devices.

For more information on VACM, see RFC 3415 at http://www.ietf.org/rfc/rfc3415.txt.

The MIB definitions for VACM can be found at /etc/sma/snmp/mibs/SNMP-VIEW-BASED-ACM-MIB.txt.