Configuring SNMPv3 Security On Windows Server 2003

In this article we set up SNMP using the Net-SNMP package. We showed how to set up user security for GNU/Linux on our Centos 4 box in this article. The procedure is a little different for Windows, because the net-snmp-config command is not available. The userid and passphrase need to be in the snmpd.conf file:

C:\usr\etc\snmp>type snmpd.conf
createUser netadmin MD5 "netadminpassword" DES
rouser netadmin

Make sure you restart the Net-SNMP Agent service after these changes. This will set up a read only user netadmin that will authenticate with the passphrase netadminpassword using MD5/DES for encryption. Note that the password is available in plain text in the file, unlike with the GNU/Linux configuration; however, the traffic is still encrypted. From our GNU/Linux client, we can determine the default gateway:

[root@srv-5 ~]# snmpget -v 3 -u netadmin -l authNoPriv -a MD5 -A 
netadminpassword RFC1213-MIB::ipRouteNextHop.
RFC1213-MIB::ipRouteNextHop. = IpAddress:
[root@srv-5 ~]# 

If we enter the wrong password we are denied:

[root@srv-5 ~]# snmpget -v 3 -u netadmin -l authNoPriv -a MD5 -A 
netadmnpassword RFC1213-MIB::ipRouteNextHop.
snmpget: Authentication failure (incorrect password, community or key)
[root@srv-5 ~]#

As when we queried a GNU/Linux box, if we store the authentication information in ~/.ssnmp/snmp.conf, the query is easier:

[root@srv-5 ~]# cat ~/.snmp/snmp.conf
defSecurityName netadmin
defContext ""
defAuthType MD5
defSecurityLevel authNoPriv
defAuthPassphrase netadminpassword
defVersion 3
[root@srv-5 ~]# snmpget RFC1213-MIB::ipRouteNextHop.
RFC1213-MIB::ipRouteNextHop. = IpAddress:
[root@srv-5 ~]#