SNMP v3 - passwordString is null

Hello folks,

I’m trying to use for the first time the SNMPv3 to collect some info from my NAS. Here my conf:


Thing snmp:target3:QNAP "QNAP" @ "Techroom" [ hostname="192.168.3.3", engineId="xxxxxxxxxxxxxxxxxxxxxxxx", user="test", securityModel="AUTH_NO_PRIV", authPassphrase="pass", authProtocol="SHA" ] {
    Channels:
        Type string : Model [ oid=".1.3.6.1.2.1.47.1.1.1.1.2.1", mode="READ" ]
        Type string : Serial [ oid=".1.3.6.1.2.1.47.1.1.1.1.11.1", mode="READ" ]
        Type string : Firmware [ oid=".1.3.6.1.2.1.1.1.0", mode="READ" ]
        Type string : Upgrade [ oid=".1.3.6.1.4.1.8072.1.2.1.1.4.0.10.1.3.6.1.4.1.55062.1.12.7.127", mode="READ" ]

The log I see:


2024-05-24 17:13:33.691 [ERROR] [core.thing.internal.ThingManagerImpl] - Exception occurred while initializing handler of thing 'snmp:target3:QNAP': Cannot invoke "org.snmp4j.smi.OctetString.getValue()" because "passwordString" is null
java.lang.NullPointerException: Cannot invoke "org.snmp4j.smi.OctetString.getValue()" because "passwordString" is null
        at org.snmp4j.security.AuthGeneric.passwordToKey(AuthGeneric.java:294) ~[?:?]
        at org.snmp4j.security.SecurityProtocols.passwordToKey(SecurityProtocols.java:342) ~[?:?]
        at org.snmp4j.security.USM.addUser(USM.java:902) ~[?:?]
        at org.openhab.binding.snmp.internal.SnmpServiceImpl.addUser(SnmpServiceImpl.java:184) ~[?:?]
        at org.openhab.binding.snmp.internal.SnmpServiceImpl.addUser(SnmpServiceImpl.java:179) ~[?:?]
        at org.openhab.binding.snmp.internal.SnmpTargetHandler.initialize(SnmpTargetHandler.java:213) ~[?:?]
        at jdk.internal.reflect.GeneratedMethodAccessor109.invoke(Unknown Source) ~[?:?]
        at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
        at java.lang.reflect.Method.invoke(Method.java:568) ~[?:?]
        at org.openhab.core.internal.common.AbstractInvocationHandler.invokeDirect(AbstractInvocationHandler.java:147) [bundleFile:?]
        at org.openhab.core.internal.common.Invocation.call(Invocation.java:52) [bundleFile:?]
        at java.util.concurrent.FutureTask.run(FutureTask.java:264) [?:?]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) [?:?]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) [?:?]
        at java.lang.Thread.run(Thread.java:840) [?:?]

what is passwordString?

thanks
Andrea

Looks like a bug.

quick question related to SNMPv3.

what is exactly engineID? is it something we can find doing a snmpwalk of the target host? or what?

engineId is a configuration option of the remote system. You should probably look it up in the system’s configuration.

I’ve found the engineId of this host in his snmp data … but what if, for example for my epson printer, I can’t see this value?

Does it support snmpv3?

1 Like

yes it is … and yes, even with my printer, you can always find the “engineId” with snmpwalk. I can confirm.

As I can confirm that I’ve found (perhaps) the issue.
For a reason I don’t know, some hosts permits the config of SNMPv3 only with the encryption of both auth and data. I’ve tried with my printer, and it works. Auth only doesn’t work.
I’ll check with the QNAP NAS and let you know shortly.

Good to hear. That aside, the binding has an issue with AUTH_NO_PRIV, it is not properly setting the privacy protocol in that case.

quite strange.

I’ve been successful with Epson printer, no with QNAP NAS. Even with AUTH_PRIV, the status of the thing is “unknown” till the timeout. :frowning:

Any suggestion how can troubleshoot this? With snmpwalk it works like a charm

Andrea

it seem the binding has some issues.

also with another host (a rack pdu), SNMPv3 no auth, same message error :frowning:

@J-N-K I saw you are the maintainer of this binding.

When you have time to look at this, I’m fully available for helping with tests. I have a lot of snmpv3 devices that can use for tests, in particular:

  • QNAP NAS (v3 not working - supporting auth SHA and MD5, and priv CBC-DES)
  • APC rack pdu (v3 not working - with bad MD5 implementation, so we can test SNMPv3 with no auth)
  • Epson printer (it works right now, with auth SHA and AES128; context is not supported)

Openhab 4.2.0.M3 here.

Let me know
thanks
Andrea

As I already said: Thereis a bug, the current implementation only works for AUTH_PRIV, not for the others. This should be fixed in the near future when [snmp] Upgrade SNMP4J and fix AUTH_NO_PRIV by J-N-K · Pull Request #16801 · openhab/openhab-addons · GitHub is merged. We should re-test when that is available.

1 Like

thank you so much for you effort.

In facts I have issues with all the securityModel, but let’see if that fix will work for everything :slight_smile:

With AUTH_PRIV the connection with QNAP and APC are not working (timeout). I’ll investigate more.

Quick question: I saw this is now merged, that means it will be available at the next update?

thanks again
Andrea

There needs to be a new snapshot build. These are usually done early in the morning (UTC), so it’ll probably be available tomorrow.

1 Like

AUTH_PRIV is also not working for me (target Synology NAS) when using DES, but AES (AES-128) works fine.

The problemi is QNAP support only CBC-DES and not AES :frowning: any chance the new package (I saw you updated it) will work correctly also with DES?

Please uninstall the binding, download the attached file, remove the .txt extension and drop the file in your addons folder. I have done some other improvement, please try if that works for you.

<removed>

good news :slight_smile:

trying with APC rack pdu (supporting only MD5 and DES):

  • NO_AUTH_NO_PRIV worked first shot
  • AUTH_NO_PRIV timeout, then worked after bundle:restart
  • AUTH_PRIV timeout, then worked after bundle:restart

So it seems now DES works. Trying now with QNAP

QNAP not working :frowning:

  • NO_AUTH_NO_PRIV not working
  • AUTH_NO_PRIV same
  • AUTH_PRIV same

stuck in “UNKNOWN” status. tried with both SHA and MD5

the only difference I can see is the engineId is 34 characters, in case of APC rackPDU or the Epson printer the engineId are both 22 characters

Is there any log on the QNAP why it is not responding?Unfortunately in most cases there is just “no answer” if something is wrong. Did you try the different SHA lengths? Maybe they require one of these.

I have prepared a new version
<removed> which should resolve the issue with restarting the bundle after a config change.