SNMP v3 - passwordString is null

ariela · May 24, 2024, 3:28pm

Hello folks,

I’m trying to use for the first time the SNMPv3 to collect some info from my NAS. Here my conf:


Thing snmp:target3:QNAP "QNAP" @ "Techroom" [ hostname="192.168.3.3", engineId="xxxxxxxxxxxxxxxxxxxxxxxx", user="test", securityModel="AUTH_NO_PRIV", authPassphrase="pass", authProtocol="SHA" ] {
    Channels:
        Type string : Model [ oid=".1.3.6.1.2.1.47.1.1.1.1.2.1", mode="READ" ]
        Type string : Serial [ oid=".1.3.6.1.2.1.47.1.1.1.1.11.1", mode="READ" ]
        Type string : Firmware [ oid=".1.3.6.1.2.1.1.1.0", mode="READ" ]
        Type string : Upgrade [ oid=".1.3.6.1.4.1.8072.1.2.1.1.4.0.10.1.3.6.1.4.1.55062.1.12.7.127", mode="READ" ]

The log I see:


2024-05-24 17:13:33.691 [ERROR] [core.thing.internal.ThingManagerImpl] - Exception occurred while initializing handler of thing 'snmp:target3:QNAP': Cannot invoke "org.snmp4j.smi.OctetString.getValue()" because "passwordString" is null
java.lang.NullPointerException: Cannot invoke "org.snmp4j.smi.OctetString.getValue()" because "passwordString" is null
        at org.snmp4j.security.AuthGeneric.passwordToKey(AuthGeneric.java:294) ~[?:?]
        at org.snmp4j.security.SecurityProtocols.passwordToKey(SecurityProtocols.java:342) ~[?:?]
        at org.snmp4j.security.USM.addUser(USM.java:902) ~[?:?]
        at org.openhab.binding.snmp.internal.SnmpServiceImpl.addUser(SnmpServiceImpl.java:184) ~[?:?]
        at org.openhab.binding.snmp.internal.SnmpServiceImpl.addUser(SnmpServiceImpl.java:179) ~[?:?]
        at org.openhab.binding.snmp.internal.SnmpTargetHandler.initialize(SnmpTargetHandler.java:213) ~[?:?]
        at jdk.internal.reflect.GeneratedMethodAccessor109.invoke(Unknown Source) ~[?:?]
        at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
        at java.lang.reflect.Method.invoke(Method.java:568) ~[?:?]
        at org.openhab.core.internal.common.AbstractInvocationHandler.invokeDirect(AbstractInvocationHandler.java:147) [bundleFile:?]
        at org.openhab.core.internal.common.Invocation.call(Invocation.java:52) [bundleFile:?]
        at java.util.concurrent.FutureTask.run(FutureTask.java:264) [?:?]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) [?:?]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) [?:?]
        at java.lang.Thread.run(Thread.java:840) [?:?]

what is passwordString?

thanks
Andrea

J-N-K · May 24, 2024, 3:43pm

Looks like a bug.

ariela · May 24, 2024, 4:09pm

quick question related to SNMPv3.

what is exactly engineID? is it something we can find doing a snmpwalk of the target host? or what?

J-N-K · May 24, 2024, 4:16pm

engineId is a configuration option of the remote system. You should probably look it up in the system’s configuration.

ariela · May 24, 2024, 4:26pm

I’ve found the engineId of this host in his snmp data … but what if, for example for my epson printer, I can’t see this value?

J-N-K · May 24, 2024, 4:29pm

Does it support snmpv3?

ariela · May 24, 2024, 4:37pm

yes it is … and yes, even with my printer, you can always find the “engineId” with snmpwalk. I can confirm.

As I can confirm that I’ve found (perhaps) the issue.
For a reason I don’t know, some hosts permits the config of SNMPv3 only with the encryption of both auth and data. I’ve tried with my printer, and it works. Auth only doesn’t work.
I’ll check with the QNAP NAS and let you know shortly.

J-N-K · May 24, 2024, 4:42pm

Good to hear. That aside, the binding has an issue with AUTH_NO_PRIV, it is not properly setting the privacy protocol in that case.

ariela · May 24, 2024, 5:14pm

quite strange.

I’ve been successful with Epson printer, no with QNAP NAS. Even with AUTH_PRIV, the status of the thing is “unknown” till the timeout.

Any suggestion how can troubleshoot this? With snmpwalk it works like a charm

Andrea

ariela · May 24, 2024, 7:21pm

it seem the binding has some issues.

also with another host (a rack pdu), SNMPv3 no auth, same message error

ariela · May 24, 2024, 7:34pm

@J-N-K I saw you are the maintainer of this binding.

When you have time to look at this, I’m fully available for helping with tests. I have a lot of snmpv3 devices that can use for tests, in particular:

QNAP NAS (v3 not working - supporting auth SHA and MD5, and priv CBC-DES)
APC rack pdu (v3 not working - with bad MD5 implementation, so we can test SNMPv3 with no auth)
Epson printer (it works right now, with auth SHA and AES128; context is not supported)

Openhab 4.2.0.M3 here.

Let me know
thanks
Andrea

J-N-K · May 25, 2024, 8:03am

As I already said: Thereis a bug, the current implementation only works for AUTH_PRIV, not for the others. This should be fixed in the near future when [snmp] Upgrade SNMP4J and fix AUTH_NO_PRIV by J-N-K · Pull Request #16801 · openhab/openhab-addons · GitHub is merged. We should re-test when that is available.

ariela · May 25, 2024, 8:26am

thank you so much for you effort.

In facts I have issues with all the securityModel, but let’see if that fix will work for everything

With AUTH_PRIV the connection with QNAP and APC are not working (timeout). I’ll investigate more.

Quick question: I saw this is now merged, that means it will be available at the next update?

thanks again
Andrea

J-N-K · May 25, 2024, 8:41am

There needs to be a new snapshot build. These are usually done early in the morning (UTC), so it’ll probably be available tomorrow.

J-N-K · May 25, 2024, 9:18am

AUTH_PRIV is also not working for me (target Synology NAS) when using DES, but AES (AES-128) works fine.

ariela · May 25, 2024, 9:27am

The problemi is QNAP support only CBC-DES and not AES any chance the new package (I saw you updated it) will work correctly also with DES?

J-N-K · May 25, 2024, 11:18am

Please uninstall the binding, download the attached file, remove the .txt extension and drop the file in your addons folder. I have done some other improvement, please try if that works for you.

ariela · May 25, 2024, 12:00pm

good news

trying with APC rack pdu (supporting only MD5 and DES):

NO_AUTH_NO_PRIV worked first shot
AUTH_NO_PRIV timeout, then worked after bundle:restart
AUTH_PRIV timeout, then worked after bundle:restart

So it seems now DES works. Trying now with QNAP

ariela · May 25, 2024, 12:19pm

QNAP not working

NO_AUTH_NO_PRIV not working
AUTH_NO_PRIV same
AUTH_PRIV same

stuck in “UNKNOWN” status. tried with both SHA and MD5

the only difference I can see is the engineId is 34 characters, in case of APC rackPDU or the Epson printer the engineId are both 22 characters

J-N-K · May 25, 2024, 2:53pm

Is there any log on the QNAP why it is not responding?Unfortunately in most cases there is just “no answer” if something is wrong. Did you try the different SHA lengths? Maybe they require one of these.

I have prepared a new version
<removed> which should resolve the issue with restarting the bundle after a config change.