From jashton at progresstelecom.com Mon Apr 3 18:21:34 2006 From: jashton at progresstelecom.com (Ashton, James P.) Date: Mon, 3 Apr 2006 14:21:34 -0400 Subject: [rancid] Re: cat5 issue in 2.3.2a3 Message-ID: I have run across another switch that's config is not parsing. Older cisco Cat 4003; I have included the *.raw file and the *.new file. James -----Original Message----- From: john heasley [mailto:heas at shrubbery.net] Sent: Wednesday, March 29, 2006 6:58 PM To: Ashton, James P. Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Re: cat5 issue in 2.3.2a3 Tue, Mar 28, 2006 at 08:52:02AM -0500, Ashton, James P.: > More info, > > This seams to be specific to a 2948G > > > > SW version 5.5 (10) > > And > > SW version 5.5 (7) > > > > It only seams to happen on the 2948Gs though. > > I am attempting to poll 3 of them and none will parse. > > All ofhter can5 devices seam to be working. > > > > I have tried the cat5rancid from 2.3.1. It doesn't work on these > switches either. > > James could you give me a copy of the .raw file? > > > > > -----Original Message----- > From: rancid-discuss-bounces at shrubbery.net > [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Ashton, James > P. > Sent: Tuesday, March 28, 2006 8:18 AM > To: rancid-discuss at shrubbery.net > Subject: [rancid] cat5 issue in 2.3.2a3 > > > > Hi all, > > More issues. I seam to be seeing some odd issues with cat5rancid in > 2.3.2a3. > > > > I have set NOPIPE=YES as a test and I seam to be getting a complete > host.raw file. > > > > It seams to be querying the device without any issues but the returned > data doesn't appear to be being parsed. > > > > Any thoughts?? > > > > > > ===== > > When I run cat5rancid -d host it outputs this: > > > > Executing clogin -t 90 -c" a lot of commands" hostname > > Hostname: missed cmd(S): same list of commands > > Hostname: missed cmd(S): same list of commands > > Hostname: end of run not found > > Hostname: end of run not found > > > > > > > > > > James Ashton > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -------------- next part -------------- A non-text attachment was scrubbed... Name: 172.16.27.41.new Type: application/octet-stream Size: 40 bytes Desc: 172.16.27.41.new Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20060403/82cfdba9/attachment.obj -------------- next part -------------- A non-text attachment was scrubbed... Name: 172.16.27.41.raw Type: application/octet-stream Size: 29645 bytes Desc: 172.16.27.41.raw Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20060403/82cfdba9/attachment-0001.obj From Alison.C.Wood at state.or.us Mon Apr 3 20:46:49 2006 From: Alison.C.Wood at state.or.us (Alison C WOOD) Date: Mon, 03 Apr 2006 13:46:49 -0700 Subject: [rancid] Rancid newby - rancid-group Message-ID: I am trying to configure RANCID for the first time... When I type in /usr/local/rancid/bin/rancid-cvs I get the following error: /usr/local/rancid/bin/rancid-cvs: line 59: rancid-group:: coammnd not found. Any help is greatly appreciated! Thanks!! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20060403/9a338da0/attachment.html From heas at shrubbery.net Tue Apr 4 01:24:13 2006 From: heas at shrubbery.net (john heasley) Date: Mon, 3 Apr 2006 18:24:13 -0700 Subject: [rancid] Re: Rancid newby - rancid-group In-Reply-To: References: Message-ID: <20060404012413.GF19124@shrubbery.net> Mon, Apr 03, 2006 at 01:46:49PM -0700, Alison C WOOD: > I am trying to configure RANCID for the first time... > > When I type in /usr/local/rancid/bin/rancid-cvs I get the following > error: > > /usr/local/rancid/bin/rancid-cvs: line 59: rancid-group:: coammnd not > found. Look at your rancid.conf; I suspect you've make an editor error. From heas at shrubbery.net Tue Apr 4 02:01:57 2006 From: heas at shrubbery.net (john heasley) Date: Mon, 3 Apr 2006 19:01:57 -0700 Subject: [rancid] Re: cat5 issue in 2.3.2a3 In-Reply-To: References: Message-ID: <20060404020157.GJ19124@shrubbery.net> Mon, Apr 03, 2006 at 02:21:34PM -0400, Ashton, James P.: > I have run across another switch that's config is not parsing. > > Older cisco Cat 4003; > > I have included the *.raw file and the *.new file. Clogin & rancid require that a) you do not use a "#" in your prompt and b) that a ">" be appended to the prompt on CatOS. From jashton at progresstelecom.com Tue Apr 4 12:03:40 2006 From: jashton at progresstelecom.com (Ashton, James P.) Date: Tue, 4 Apr 2006 08:03:40 -0400 Subject: [rancid] Re: cat5 issue in 2.3.2a3 Message-ID: That did it. The ">". That fixed all of my bad catOS devices. Thank you for the help. James -----Original Message----- From: john heasley [mailto:heas at shrubbery.net] Sent: Monday, April 03, 2006 10:02 PM To: Ashton, James P. Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Re: cat5 issue in 2.3.2a3 Mon, Apr 03, 2006 at 02:21:34PM -0400, Ashton, James P.: > I have run across another switch that's config is not parsing. > > Older cisco Cat 4003; > > I have included the *.raw file and the *.new file. Clogin & rancid require that a) you do not use a "#" in your prompt and b) that a ">" be appended to the prompt on CatOS. From bmurphy at lucent.com Tue Apr 4 22:45:07 2006 From: bmurphy at lucent.com (Murphy, Barry (Barry)) Date: Wed, 5 Apr 2006 08:45:07 +1000 Subject: [rancid] F5 BigIP Message-ID: <3561A7F511A9D41195D900508BAE6168025B095E@nz2001exch001u.anz.lucent.com> Hey guys, I've seen discussion of F5 compatibility on this list back in 2002, just wondering if anyone ever got rancid to work with F5 devices? Cheers Barry From rmordasiewicz at samuelmanutech.com Wed Apr 5 00:01:32 2006 From: rmordasiewicz at samuelmanutech.com (Robin Mordasiewicz) Date: Tue, 4 Apr 2006 20:01:32 -0400 (EDT) Subject: [rancid] Re: F5 BigIP In-Reply-To: <3561A7F511A9D41195D900508BAE6168025B095E@nz2001exch001u.anz.lucent.com> References: <3561A7F511A9D41195D900508BAE6168025B095E@nz2001exch001u.anz.lucent.com> Message-ID: On Wed, 5 Apr 2006, Murphy, Barry (Barry) wrote: > Hey guys, > > I've seen discussion of F5 compatibility on this list back in 2002, just > wondering if anyone ever got rancid to work with F5 devices? oh, that's be sweet how about NetApp compatibility also. From heas at shrubbery.net Wed Apr 5 00:01:23 2006 From: heas at shrubbery.net (john heasley) Date: Tue, 4 Apr 2006 17:01:23 -0700 Subject: [rancid] Re: F5 BigIP In-Reply-To: References: <3561A7F511A9D41195D900508BAE6168025B095E@nz2001exch001u.anz.lucent.com> Message-ID: <20060405000123.GD17224@shrubbery.net> Tue, Apr 04, 2006 at 08:01:32PM -0400, Robin Mordasiewicz: > On Wed, 5 Apr 2006, Murphy, Barry (Barry) wrote: > > > Hey guys, > > > > I've seen discussion of F5 compatibility on this list back in 2002, just > > wondering if anyone ever got rancid to work with F5 devices? > > oh, that's be sweet > how about NetApp compatibility also. Give me remote access to one. From rmordasiewicz at samuelmanutech.com Wed Apr 5 12:43:07 2006 From: rmordasiewicz at samuelmanutech.com (Robin Mordasiewicz) Date: Wed, 5 Apr 2006 08:43:07 -0400 (EDT) Subject: [rancid] Re: F5 BigIP In-Reply-To: <20060405000123.GD17224@shrubbery.net> References: <3561A7F511A9D41195D900508BAE6168025B095E@nz2001exch001u.anz.lucent.com> <20060405000123.GD17224@shrubbery.net> Message-ID: On Tue, 4 Apr 2006, john heasley wrote: > Tue, Apr 04, 2006 at 08:01:32PM -0400, Robin Mordasiewicz: >> On Wed, 5 Apr 2006, Murphy, Barry (Barry) wrote: >> >>> Hey guys, >>> >>> I've seen discussion of F5 compatibility on this list back in 2002, just >>> wondering if anyone ever got rancid to work with F5 devices? >> >> oh, that's be sweet >> how about NetApp compatibility also. > > Give me remote access to one. wish I could. From josh at affiniongroup.com Wed Apr 5 12:49:10 2006 From: josh at affiniongroup.com (Josh Rivel) Date: Wed, 5 Apr 2006 08:49:10 -0400 Subject: [rancid] Re: F5 BigIP In-Reply-To: <20060405000123.GD17224@shrubbery.net> References: <3561A7F511A9D41195D900508BAE6168025B095E@nz2001exch001u.anz.lucent.com> <20060405000123.GD17224@shrubbery.net> Message-ID: <20060405124910.GA12000@affiniongroup.com> john heasley wrote... > Give me remote access to one. Wish I could as well :( -- Josh Rivel UNIX Technical Specialist Technology Engineering and Operations Affinion Group, Global Information Technology Trumbull Connecticut Technology Engineering and Operations Center (203)416-2809 - Office (917)670-6947 - Cell (203)416-7023 - FAX From ash_aaa_rai at yahoo.co.in Tue Apr 11 17:19:55 2006 From: ash_aaa_rai at yahoo.co.in (Ashish Rai) Date: Tue, 11 Apr 2006 18:19:55 +0100 (BST) Subject: [rancid] login problem Message-ID: <20060411171955.33955.qmail@web8804.mail.in.yahoo.com> I'm trying to configure .cloginrc file. my login name rose password rose123 enable passwrd rose4 My routrs hvng following prompts: After telneting say 172.16.1.1 ( Macy ) i get following prompt's : Authority:- (I key in) rose SecureKey:- (I key in) rose123 Macy> (I key in) en SecureKey:- (I key in) rose4 Macy# How to configure .cloginrc file so that i can loginto above router with usr/pass details given above. We have radius confguerd for authentication. Thanks in advance --------------------------------- Jiyo cricket on Yahoo! India cricket Yahoo! Messenger Mobile Stay in touch with your buddies all the time. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20060411/73e9afd0/attachment.html From heas at shrubbery.net Tue Apr 11 18:01:41 2006 From: heas at shrubbery.net (john heasley) Date: Tue, 11 Apr 2006 11:01:41 -0700 Subject: [rancid] Re: login problem In-Reply-To: <20060411171955.33955.qmail@web8804.mail.in.yahoo.com> References: <20060411171955.33955.qmail@web8804.mail.in.yahoo.com> Message-ID: <20060411180141.GU5908@shrubbery.net> Tue, Apr 11, 2006 at 06:19:55PM +0100, Ashish Rai: > I'm trying to configure .cloginrc file. > > my login name rose > password rose123 > enable passwrd rose4 > > My routrs hvng following prompts: > > After telneting say 172.16.1.1 ( Macy ) i get following prompt's : > > Authority:- (I key in) rose > SecureKey:- (I key in) rose123 > Macy> (I key in) en > SecureKey:- (I key in) rose4 > Macy# > > > How to configure .cloginrc file so that i can loginto above router with usr/pass details given above. > > We have radius confguerd for authentication. See the cloginrc(5) manual page. BTW, it is just plain silly to change these prompts. From pbliss at mechno.com Wed Apr 12 12:40:03 2006 From: pbliss at mechno.com (Paul Bliss) Date: Wed, 12 Apr 2006 08:40:03 -0400 (EDT) Subject: [rancid] Cisco 6500 with IOS-Like os Message-ID: Hello group, I'm sorry if this has been done to death, but I've got a Cisco catalyst 6500 that I'm having trouble getting the configs backed up on. It's status is staying "new router" and the logs indicate: "es2: End of run not found" I understand that the prompt has to look a certain way for RANCID to understand where the config starts and ends, but what I don't understand is how I need to change my c config to get the correct prompt convention going. Below is how the "show run" outputs now. es2> (enable) sh run This command shows non-default configurations only. Use 'show config all' to show both default and non-default configurations. ................. ............................ . . . . #module 15 empty ! #module 16 empty end es2> (enable) Thanks so much! Paul From pbliss at mechno.com Wed Apr 12 15:47:49 2006 From: pbliss at mechno.com (Paul Bliss) Date: Wed, 12 Apr 2006 11:47:49 -0400 (EDT) Subject: [rancid] Re: Cisco 6500 with IOS-Like os Message-ID: I had: "es2:cisco:up" I had tried "es2:cat5:up" previously without success, but I suppose i had mitigating issues because I just did a /bin/rancid-run -r es2 and it seemed to work just fine! Thanks so much guys! -Paul On Wed, 12 Apr 2006, Russell Harrison wrote: > For CatOS devices, make sure the device type in your router.db is > "cat5". For example, > > es2:cat5:up > > -RH > > On 4/12/06, Paul Bliss wrote: > > Hello group, > > I'm sorry if this has been done to death, but I've got a Cisco catalyst > > 6500 that I'm having trouble getting the configs backed up on. > > It's status is staying "new router" and the logs indicate: "es2: End of > > run not found" > > > > I understand that the prompt has to look a certain way for RANCID to > > understand where the config starts and ends, but what I don't understand > > is how I need to change my c > > config to get the correct prompt convention going. > > > > Below is how the "show run" outputs now. > > > > > > es2> (enable) sh run > > This command shows non-default configurations only. > > Use 'show config all' to show both default and non-default configurations. > > ................. > > ............................ > > . > > . > > . > > . > > #module 15 empty > > ! > > #module 16 empty > > end > > es2> (enable) > > > > > > Thanks so much! > > Paul > > > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > From andy at shady.org Fri Apr 14 18:27:18 2006 From: andy at shady.org (andy) Date: Fri, 14 Apr 2006 19:27:18 +0100 Subject: [rancid] extreme issues Message-ID: <20060414182718.GE823@shady.org> Hi, Ive been using rancid for quite some time now, and we decided to roll out tac_plus for auth on our extremes. Basically, rancid then stopped working. Ive been using tac_plus for junipers for a while quite successfully. All good. So, basically, I have a user called "look" that i use for rancid. This is the tac_plus conf for the look group: group = tier1 { ## extreme tacacs configuration default service = deny cmd = show { permit configuration permit version permit memory permit switch permit slot permit diag deny .* } cmd = disable { permit clipaging deny .* } ## cli service for junipers service = junos-exec { priv_lvl = 15 local-user-name = tier1 allow-commands = "" allow-configuration = "" deny-commands = "monitor|request|file" deny-configuration = "" } } I was running the ports version of rancd when stuff broke but ive now downloaded the latest version. It still appears fairly broken though with our new config. I know that the prompt changed when we moved from using an admin user to a non-admin user. Is there a fix for the errors below. cheers this is the output when i try to run clogin carp:~$ ./clogin -c "show version;show version" tallaght-switch.internal.nw tallaght-switch.internal.nw spawn ssh -c 3des -x -l look tallaght-switch.internal.nw look at tallaght-switch.internal.nw's password: ExtremeWare Copyright (C) 1996-2003 Extreme Networks. All rights reserved. =============================================================== Press the key at any time for completions. Tallaght Summit 48si::1 > can't read "expect_out(2,string)": no such element in array while executing "set prompt ".? ?$junk\[0-9]+ $expect_out(2,string)"" invoked from within "expect -nobrace -re {[ ]+} { exp_continue; } -re {^(.+:)1 >} { # stoopid extreme cmd-line numbers and # prompt based on state of config changes..." invoked from within "expect { -re "\[\r\n]+" { exp_continue; } -re "^(.+:)1 $prompt" { # stoopid extreme cmd-line numbers and # prompt based on state of config ch..." ("foreach" body line 125) invoked from within "foreach router [lrange $argv $i end] { set router [string tolower $router] send_user "$router\n" # Figure out the prompt. # autoenabl..." (file "./clogin" line 686) carp:~$ ./clogin -autoenable -c "show version;show version" tallaght-switch.internal.nw tallaght-switch.internal.nw spawn ssh -c 3des -x -l andy tallaght-switch.internal.nw andy at tallaght-switch.internal.nw's password: ExtremeWare Copyright (C) 1996-2003 Extreme Networks. All rights reserved. =============================================================== Press the key at any time for completions. Tallaght Summit 48si::1 > ^C^C^Ccarp:~$ ./clogin -noenable -c "show version;show version" tallaght-switch.internal.nw tallaght-switch.internal.nw spawn ssh -c 3des -x -l look tallaght-switch.internal.nw look at tallaght-switch.internal.nw's password: ExtremeWare Copyright (C) 1996-2003 Extreme Networks. All rights reserved. =============================================================== Press the key at any time for completions. Tallaght Summit 48si::1 > can't read "expect_out(2,string)": no such element in array while executing "set prompt ".? ?$junk\[0-9]+ $expect_out(2,string)"" invoked from within "expect -nobrace -re {[ ]+} { exp_continue; } -re {^(.+:)1 >} { # stoopid extreme cmd-line numbers and # prompt based on state of config changes..." invoked from within "expect { -re "\[\r\n]+" { exp_continue; } -re "^(.+:)1 $prompt" { # stoopid extreme cmd-line numbers and # prompt based on state of config ch..." ("foreach" body line 125) invoked from within "foreach router [lrange $argv $i end] { set router [string tolower $router] send_user "$router\n" # Figure out the prompt. # autoenabl..." (file "./clogin" line 686) -- andy andy at shady.org ----------------------------------------------- Never argue with an idiot. They drag you down to their level, then beat you with experience. ----------------------------------------------- ----- End forwarded message ----- -- andy andy at shady.org ----------------------------------------------- Never argue with an idiot. They drag you down to their level, then beat you with experience. ----------------------------------------------- From bigwavedave at gmail.com Mon Apr 17 20:44:34 2006 From: bigwavedave at gmail.com (Big Wave Dave) Date: Mon, 17 Apr 2006 13:44:34 -0700 Subject: [rancid] Re: HP Switches Stacked In-Reply-To: <20060330000513.GC17286@shrubbery.net> References: <8e124f160603270906x7a6bcfb5s646e93f681d3ad24@mail.gmail.com> <20060330000513.GC17286@shrubbery.net> Message-ID: <8e124f160604171344g2cec2137l1cc458fa4b547862@mail.gmail.com> On 3/29/06, john heasley wrote: > > Username: admin > > Password: > > Stack Members > > > > SN MAC Address System Name Device Type Status > > -- ------------- ---------------- --------------- ------------------------- > > 0 000883-059900 DemoSwitch-0 HP 4104GL Commander Up > > 1 000883-08ad60 DemoSwitch-1 HP 2824 Member Up > > > > Enter switch number to connect to or : > > > > Error: TIMEOUT reached > > Does the UI work normally once a stack is chosen? Does it work the same > no matter which member you chose? Sorry for the delay... It just hangs after choosing the switch. Quite annoying.... Dave ---------------------------------------------------------- Are Your Friends Lemmings? -- http://www.lemmingshirts.com From andy at shady.org Wed Apr 19 16:00:44 2006 From: andy at shady.org (andy) Date: Wed, 19 Apr 2006 17:00:44 +0100 Subject: [rancid] Re: extreme issues Message-ID: <20060419160044.GA15903@shady.org> Just to follow up: ----- Forwarded message from andy ----- Date: Mon, 17 Apr 2006 12:44:28 +0100 From: andy To: john heasley Subject: Re: extreme issues I have attached a script output of the entire session. We dont use local users so Ive logged into the switch as an admin user. If you need me to, I can create a local user and dump the output from that session also. cheers On Sun, Apr 16, 2006 at 03:33:48PM +0000, john heasley wrote: > can you show me the prompt/clogin without tacacs? > > Fri, Apr 14, 2006 at 07:04:16PM +0100, andy: > > Hi, > > > > Ive been using rancid for quite some time now, and we decided to roll out tac_plus for auth on our extremes. > > Basically, rancid then stopped working. > > > > Ive been using tac_plus for junipers for a while quite successfully. All good. > > So, basically, I have a user called "look" that i use for rancid. > > > > This is the tac_plus conf for the look group: > > > > group = tier1 > > { > > ## extreme tacacs configuration > > default service = deny > > cmd = show { > > permit configuration > > permit version > > permit memory > > permit switch > > permit slot > > permit diag > > deny .* > > } > > cmd = disable { > > permit clipaging > > deny .* > > } > > > > ## cli service for junipers > > service = junos-exec > > { > > priv_lvl = 15 > > local-user-name = tier1 > > allow-commands = "" > > allow-configuration = "" > > deny-commands = "monitor|request|file" > > deny-configuration = "" > > } > > } > > > > I was running the ports version of rancd when stuff broke but ive now downloaded the latest version. > > It still appears fairly broken though with our new config. I know that the prompt changed when we moved from using an > > admin user to a non-admin user. > > > > Is there a fix for the errors below. > > > > cheers > > > > this is the output when i try to run clogin > > > > carp:~$ ./clogin -c "show version;show version" tallaght-switch.internal.nw > > tallaght-switch.internal.nw > > spawn ssh -c 3des -x -l andy tallaght-switch.internal.nw > > andy at tallaght-switch.internal.nw's password: > > > > ExtremeWare > > Copyright (C) 1996-2003 Extreme Networks. All rights reserved. > > =============================================================== > > > > Press the key at any time for completions. > > Tallaght Summit 48si::1 > can't read "expect_out(2,string)": no such element in array > > while executing > > "set prompt ".? ?$junk\[0-9]+ $expect_out(2,string)"" > > invoked from within > > "expect -nobrace -re {[ > > ]+} { exp_continue; } -re {^(.+:)1 >} { # stoopid extreme cmd-line numbers and > > # prompt based on state of config changes..." > > invoked from within > > "expect { > > -re "\[\r\n]+" { exp_continue; } > > -re "^(.+:)1 $prompt" { # stoopid extreme cmd-line numbers and > > # prompt based on state of config ch..." > > ("foreach" body line 125) > > invoked from within > > "foreach router [lrange $argv $i end] { > > set router [string tolower $router] > > send_user "$router\n" > > > > # Figure out the prompt. > > # autoenabl..." > > (file "./clogin" line 686) > > carp:~$ ./clogin -autoenable -c "show version;show version" tallaght-switch.internal.nw > > tallaght-switch.internal.nw > > spawn ssh -c 3des -x -l andy tallaght-switch.internal.nw > > andy at tallaght-switch.internal.nw's password: > > > > ExtremeWare > > Copyright (C) 1996-2003 Extreme Networks. All rights reserved. > > =============================================================== > > > > Press the key at any time for completions. > > Tallaght Summit 48si::1 > > > ^C^C^Ccarp:~$ ./clogin -noenable -c "show version;show version" tallaght-switch.internal.nw > > tallaght-switch.internal.nw > > spawn ssh -c 3des -x -l andy tallaght-switch.internal.nw > > andy at tallaght-switch.internal.nw's password: > > > > ExtremeWare > > Copyright (C) 1996-2003 Extreme Networks. All rights reserved. > > =============================================================== > > > > Press the key at any time for completions. > > Tallaght Summit 48si::1 > can't read "expect_out(2,string)": no such element in array > > while executing > > "set prompt ".? ?$junk\[0-9]+ $expect_out(2,string)"" > > invoked from within > > "expect -nobrace -re {[ > > ]+} { exp_continue; } -re {^(.+:)1 >} { # stoopid extreme cmd-line numbers and > > # prompt based on state of config changes..." > > invoked from within > > "expect { > > -re "\[\r\n]+" { exp_continue; } > > -re "^(.+:)1 $prompt" { # stoopid extreme cmd-line numbers and > > # prompt based on state of config ch..." > > ("foreach" body line 125) > > invoked from within > > "foreach router [lrange $argv $i end] { > > set router [string tolower $router] > > send_user "$router\n" > > > > # Figure out the prompt. > > # autoenabl..." > > (file "./clogin" line 686) > > > > > > -- > > andy andy at shady.org > > ----------------------------------------------- > > Never argue with an idiot. They drag you down > > to their level, then beat you with experience. > > ----------------------------------------------- > -- andy andy at shady.org ----------------------------------------------- Never argue with an idiot. They drag you down to their level, then beat you with experience. ----------------------------------------------- Script started on Mon Apr 17 12:38:37 2006 carp:~#tcshcd /usr/ports/editors/locate vimcd /usr/ports/editors/tcshssh admin at nssc-switch.internal.nw The authenticity of host 'nssc-switch.internal.nw (10.5.16.8)' can't be established. DSA key fingerprint is 63:5d:e7:6a:25:d6:5c:3d:a4:0a:4e:2a:a5:5e:fd:83. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'nssc-switch.internal.nw' (DSA) to the list of known hosts. admin at nssc-switch.internal.nw's password: Permission denied, please try again. admin at nssc-switch.internal.nw's password: Permission denied, please try again. admin at nssc-switch.internal.nw's password: ExtremeWare Copyright (C) 1996-2005 Extreme Networks. All rights reserved. Protected by U.S Patent Nos 6,678,248; 6,104,700; 6,766,482; 6,618,388; 6,034,957 ============================================================================== Press the key at any time for completions. Remember to save your configuration changes. * NSSC::1 # show version System Serial Number: 800099-03-07 05155-01269 CLEI: QC: CP:03 CPU ID: 700070-00-06 05145-00992 CP:03 Image : Extremeware Version 7.4.2.6 [ssh] [base] by Release_Master on 09/13/05 13:23:15 BootROM : 8.2 * NSSC::2 # enab Next possible completions: access-list accounting alt-queue-management application arp-learning autodst bgp bootp bootprelay cli-config-logging cli-prompt-number clipaging cpu-dos-protect dhcp diffserv dlcs dot1p dvmrp eaps edp elrp-client elsm enhanced-dos-protect esrp esrp-aware ext-mcast fdb-scan flooding flow-control flow-redirect flowstats gvrp icmp idletimeouts igmp ignore-bpdu ignore-stp ip-option ip-subnet-lookup iparp ipforwarding ipmcforwarding iproute ipxrip ipxsap irdp isis isq jitter-tolerance jumbo-frame lbdetect learning license lldp log loopback-mode lpm mac-vlan mcast-queue-mgmt mirroring multinetting nat netlogin ospf pim ports qosmonitor radius radius-accounting red rip rmon sflow sharing slb slot smartredundancy snmp sntp-client source-ip-lockdown ssh2 stpd subvlan-proxy-arp sys-health-check syslog system-watchdog tacacs tacacs-accounting tacacs-authorization telnet temperature-logging transceiver-test trusted-mac-address type20 udp-echo-server udp-forwarding vrrp web  * NSSC::2 # enable clip Next possible completions: session  * NSSC::2 # enable clipaging * NSSC::3 # save Do you want to save to the primary configuration database? yes >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>!. Verifying the configuration... Done! Saved to primary configuration database. NSSC::4 # qConnection to nssc-switch.internal.nw closed. Exit 255 carp:~#^Dexit Script done on Mon Apr 17 12:40:04 2006 ----- End forwarded message ----- -- andy andy at shady.org ----------------------------------------------- Never argue with an idiot. They drag you down to their level, then beat you with experience. ----------------------------------------------- From andy at shady.org Wed Apr 19 16:01:07 2006 From: andy at shady.org (andy) Date: Wed, 19 Apr 2006 17:01:07 +0100 Subject: [rancid] Re: extreme issues Message-ID: <20060419160106.GB15903@shady.org> Again follow up to list: ----- Forwarded message from andy ----- Date: Tue, 18 Apr 2006 09:19:53 +0100 From: andy To: john heasley Subject: Re: extreme issues John, with TACACS+ turned on: carp:~$ ./clogin -c "show version" 192.168.203.6 192.168.203.6 spawn telnet 192.168.203.6 Trying 192.168.203.6... Connected to 192.168.203.6. Escape character is '^]'. login: andy password: ExtremeWare Copyright (C) 1996-2005 Extreme Networks. All rights reserved. Protected by U.S Patent Nos 6,678,248; 6,104,700; 6,766,482; 6,618,388; 6,034,957; 6,859,438; 6,912,592; 6,914,905 ================================================================================================================== Press the key at any time for completions. * Pretend_Switch:1 > ^C^C^Ccarp:~$ without TACACS+ with admin user: carp:~$ ./clogin -u admin -p helloworld -c "show version" 192.168.203.6 192.168.203.6 spawn telnet 192.168.203.6 Trying 192.168.203.6... Connected to 192.168.203.6. Escape character is '^]'. login: admin password: ExtremeWare Copyright (C) 1996-2005 Extreme Networks. All rights reserved. Protected by U.S Patent Nos 6,678,248; 6,104,700; 6,766,482; 6,618,388; 6,034,957; 6,859,438; 6,912,592; 6,914,905 ================================================================================================================== Press the key at any time for completions. Remember to save your configuration changes. * Pretend_Switch:1 # * Pretend_Switch:1 # show version System Serial Number: 800099-03-07 05155-02670 CLEI: QC: CP:03 CPU ID: 700070-00-06 05145-00595 CP:03 Image : Extremeware Version 7.5.2.6 [non-ssh] [base] by Build_Master on 02/23/06 04:32:25 BootROM : 8.2 * Pretend_Switch:2 #quit Do you wish to save your configuration changes? (y/n) Connection closed by foreign host. carp:~$ Note that this works perfectly. without TACACS+ with normal user: carp:~$ ./clogin -u look -p helloworld -c "show version" 192.168.203.6 192.168.203.6 spawn telnet 192.168.203.6 Trying 192.168.203.6... Connected to 192.168.203.6. Escape character is '^]'. login: look password: ExtremeWare Copyright (C) 1996-2005 Extreme Networks. All rights reserved. Protected by U.S Patent Nos 6,678,248; 6,104,700; 6,766,482; 6,618,388; 6,034,957; 6,859,438; 6,912,592; 6,914,905 ================================================================================================================== Press the key at any time for completions. * Pretend_Switch:1 > Note that this does not work. The version of clogin im useing is: ^C^C^Ccarp:~$ more ./clogin #! /usr/local/bin/expect -- ## ## $Id: clogin.in,v 1.89 2005/08/14 20:18:19 heas Exp $ I hope this helps. cheers -- andy andy at shady.org ----------------------------------------------- Never argue with an idiot. They drag you down to their level, then beat you with experience. ----------------------------------------------- ----- End forwarded message ----- -- andy andy at shady.org ----------------------------------------------- Never argue with an idiot. They drag you down to their level, then beat you with experience. ----------------------------------------------- From andy at shady.org Wed Apr 19 16:01:26 2006 From: andy at shady.org (andy) Date: Wed, 19 Apr 2006 17:01:26 +0100 Subject: [rancid] Re: extreme issues Message-ID: <20060419160126.GC15903@shady.org> follow up: ----- Forwarded message from andy ----- Date: Tue, 18 Apr 2006 11:02:04 +0100 From: andy To: john heasley Subject: Re: extreme issues Ok, after a little playing Ive found that if you extend the 1,14 regex length a bit this starts to happen: Press the key at any time for completions. * Pretend_Switch:1 > couldn't compile regular expression pattern: quantifier operand invalid while executing "expect -nobrace -re {* Pretend_Switch:1 ([^#>\r\n]+)?[#>](\([^)\r\n]+\))?} {} -re {[ ]+} { exp_continue }" invoked from within "expect { -re $reprompt {} -re "\[\n\r]+" { exp_continue } }" (procedure "run_commands" line 23) invoked from within "run_commands $prompt $command" ("foreach" body line 145) invoked from within "foreach router [lrange $argv $i end] { set router [string tolower $router] send_user "$router\n" # Figure out the prompt. # autoenabl..." (file "./clogin" line 688) I know its just a regex thing but identifying where it is is proving fairly tough. cheers On Sun, Apr 16, 2006 at 03:33:48PM +0000, john heasley wrote: > can you show me the prompt/clogin without tacacs? > > Fri, Apr 14, 2006 at 07:04:16PM +0100, andy: > > Hi, > > > > Ive been using rancid for quite some time now, and we decided to roll out tac_plus for auth on our extremes. > > Basically, rancid then stopped working. > > > > Ive been using tac_plus for junipers for a while quite successfully. All good. > > So, basically, I have a user called "look" that i use for rancid. > > > > This is the tac_plus conf for the look group: > > > > group = tier1 > > { > > ## extreme tacacs configuration > > default service = deny > > cmd = show { > > permit configuration > > permit version > > permit memory > > permit switch > > permit slot > > permit diag > > deny .* > > } > > cmd = disable { > > permit clipaging > > deny .* > > } > > > > ## cli service for junipers > > service = junos-exec > > { > > priv_lvl = 15 > > local-user-name = tier1 > > allow-commands = "" > > allow-configuration = "" > > deny-commands = "monitor|request|file" > > deny-configuration = "" > > } > > } > > > > I was running the ports version of rancd when stuff broke but ive now downloaded the latest version. > > It still appears fairly broken though with our new config. I know that the prompt changed when we moved from using an > > admin user to a non-admin user. > > > > Is there a fix for the errors below. > > > > cheers > > > > this is the output when i try to run clogin > > > > carp:~$ ./clogin -c "show version;show version" tallaght-switch.internal.nw > > tallaght-switch.internal.nw > > spawn ssh -c 3des -x -l andy tallaght-switch.internal.nw > > andy at tallaght-switch.internal.nw's password: > > > > ExtremeWare > > Copyright (C) 1996-2003 Extreme Networks. All rights reserved. > > =============================================================== > > > > Press the key at any time for completions. > > Tallaght Summit 48si::1 > can't read "expect_out(2,string)": no such element in array > > while executing > > "set prompt ".? ?$junk\[0-9]+ $expect_out(2,string)"" > > invoked from within > > "expect -nobrace -re {[ > > ]+} { exp_continue; } -re {^(.+:)1 >} { # stoopid extreme cmd-line numbers and > > # prompt based on state of config changes..." > > invoked from within > > "expect { > > -re "\[\r\n]+" { exp_continue; } > > -re "^(.+:)1 $prompt" { # stoopid extreme cmd-line numbers and > > # prompt based on state of config ch..." > > ("foreach" body line 125) > > invoked from within > > "foreach router [lrange $argv $i end] { > > set router [string tolower $router] > > send_user "$router\n" > > > > # Figure out the prompt. > > # autoenabl..." > > (file "./clogin" line 686) > > carp:~$ ./clogin -autoenable -c "show version;show version" tallaght-switch.internal.nw > > tallaght-switch.internal.nw > > spawn ssh -c 3des -x -l andy tallaght-switch.internal.nw > > andy at tallaght-switch.internal.nw's password: > > > > ExtremeWare > > Copyright (C) 1996-2003 Extreme Networks. All rights reserved. > > =============================================================== > > > > Press the key at any time for completions. > > Tallaght Summit 48si::1 > > > ^C^C^Ccarp:~$ ./clogin -noenable -c "show version;show version" tallaght-switch.internal.nw > > tallaght-switch.internal.nw > > spawn ssh -c 3des -x -l andy tallaght-switch.internal.nw > > andy at tallaght-switch.internal.nw's password: > > > > ExtremeWare > > Copyright (C) 1996-2003 Extreme Networks. All rights reserved. > > =============================================================== > > > > Press the key at any time for completions. > > Tallaght Summit 48si::1 > can't read "expect_out(2,string)": no such element in array > > while executing > > "set prompt ".? ?$junk\[0-9]+ $expect_out(2,string)"" > > invoked from within > > "expect -nobrace -re {[ > > ]+} { exp_continue; } -re {^(.+:)1 >} { # stoopid extreme cmd-line numbers and > > # prompt based on state of config changes..." > > invoked from within > > "expect { > > -re "\[\r\n]+" { exp_continue; } > > -re "^(.+:)1 $prompt" { # stoopid extreme cmd-line numbers and > > # prompt based on state of config ch..." > > ("foreach" body line 125) > > invoked from within > > "foreach router [lrange $argv $i end] { > > set router [string tolower $router] > > send_user "$router\n" > > > > # Figure out the prompt. > > # autoenabl..." > > (file "./clogin" line 686) > > > > > > -- > > andy andy at shady.org > > ----------------------------------------------- > > Never argue with an idiot. They drag you down > > to their level, then beat you with experience. > > ----------------------------------------------- > -- andy andy at shady.org ----------------------------------------------- Never argue with an idiot. They drag you down to their level, then beat you with experience. ----------------------------------------------- ----- End forwarded message ----- -- andy andy at shady.org ----------------------------------------------- Never argue with an idiot. They drag you down to their level, then beat you with experience. ----------------------------------------------- From andy at shady.org Wed Apr 19 16:02:04 2006 From: andy at shady.org (andy) Date: Wed, 19 Apr 2006 17:02:04 +0100 Subject: [rancid] Re: extreme issues Message-ID: <20060419160204.GD15903@shady.org> Follow up to list: ----- Forwarded message from andy ----- Date: Tue, 18 Apr 2006 20:52:32 +0100 From: andy To: john heasley Subject: Re: extreme issues Do you have enough info to look into this issue? I can provide more if needed, Ive looked into it fairly closely now and I have to admit, without going right through the code, I would not be able to solve the issue. I did some testing today however, and it seems the issue exists with a "user" account and no tacacs. I could only get clogin to work with the "admin" user using both versions 7.4 and the new 7.5. cheers On Sun, Apr 16, 2006 at 03:33:48PM +0000, john heasley wrote: > can you show me the prompt/clogin without tacacs? > > Fri, Apr 14, 2006 at 07:04:16PM +0100, andy: > > Hi, > > > > Ive been using rancid for quite some time now, and we decided to roll out tac_plus for auth on our extremes. > > Basically, rancid then stopped working. > > > > Ive been using tac_plus for junipers for a while quite successfully. All good. > > So, basically, I have a user called "look" that i use for rancid. > > > > This is the tac_plus conf for the look group: > > > > group = tier1 > > { > > ## extreme tacacs configuration > > default service = deny > > cmd = show { > > permit configuration > > permit version > > permit memory > > permit switch > > permit slot > > permit diag > > deny .* > > } > > cmd = disable { > > permit clipaging > > deny .* > > } > > > > ## cli service for junipers > > service = junos-exec > > { > > priv_lvl = 15 > > local-user-name = tier1 > > allow-commands = "" > > allow-configuration = "" > > deny-commands = "monitor|request|file" > > deny-configuration = "" > > } > > } > > > > I was running the ports version of rancd when stuff broke but ive now downloaded the latest version. > > It still appears fairly broken though with our new config. I know that the prompt changed when we moved from using an > > admin user to a non-admin user. > > > > Is there a fix for the errors below. > > > > cheers > > > > this is the output when i try to run clogin > > > > carp:~$ ./clogin -c "show version;show version" tallaght-switch.internal.nw > > tallaght-switch.internal.nw > > spawn ssh -c 3des -x -l andy tallaght-switch.internal.nw > > andy at tallaght-switch.internal.nw's password: > > > > ExtremeWare > > Copyright (C) 1996-2003 Extreme Networks. All rights reserved. > > =============================================================== > > > > Press the key at any time for completions. > > Tallaght Summit 48si::1 > can't read "expect_out(2,string)": no such element in array > > while executing > > "set prompt ".? ?$junk\[0-9]+ $expect_out(2,string)"" > > invoked from within > > "expect -nobrace -re {[ > > ]+} { exp_continue; } -re {^(.+:)1 >} { # stoopid extreme cmd-line numbers and > > # prompt based on state of config changes..." > > invoked from within > > "expect { > > -re "\[\r\n]+" { exp_continue; } > > -re "^(.+:)1 $prompt" { # stoopid extreme cmd-line numbers and > > # prompt based on state of config ch..." > > ("foreach" body line 125) > > invoked from within > > "foreach router [lrange $argv $i end] { > > set router [string tolower $router] > > send_user "$router\n" > > > > # Figure out the prompt. > > # autoenabl..." > > (file "./clogin" line 686) > > carp:~$ ./clogin -autoenable -c "show version;show version" tallaght-switch.internal.nw > > tallaght-switch.internal.nw > > spawn ssh -c 3des -x -l andy tallaght-switch.internal.nw > > andy at tallaght-switch.internal.nw's password: > > > > ExtremeWare > > Copyright (C) 1996-2003 Extreme Networks. All rights reserved. > > =============================================================== > > > > Press the key at any time for completions. > > Tallaght Summit 48si::1 > > > ^C^C^Ccarp:~$ ./clogin -noenable -c "show version;show version" tallaght-switch.internal.nw > > tallaght-switch.internal.nw > > spawn ssh -c 3des -x -l andy tallaght-switch.internal.nw > > andy at tallaght-switch.internal.nw's password: > > > > ExtremeWare > > Copyright (C) 1996-2003 Extreme Networks. All rights reserved. > > =============================================================== > > > > Press the key at any time for completions. > > Tallaght Summit 48si::1 > can't read "expect_out(2,string)": no such element in array > > while executing > > "set prompt ".? ?$junk\[0-9]+ $expect_out(2,string)"" > > invoked from within > > "expect -nobrace -re {[ > > ]+} { exp_continue; } -re {^(.+:)1 >} { # stoopid extreme cmd-line numbers and > > # prompt based on state of config changes..." > > invoked from within > > "expect { > > -re "\[\r\n]+" { exp_continue; } > > -re "^(.+:)1 $prompt" { # stoopid extreme cmd-line numbers and > > # prompt based on state of config ch..." > > ("foreach" body line 125) > > invoked from within > > "foreach router [lrange $argv $i end] { > > set router [string tolower $router] > > send_user "$router\n" > > > > # Figure out the prompt. > > # autoenabl..." > > (file "./clogin" line 686) > > > > > > -- > > andy andy at shady.org > > ----------------------------------------------- > > Never argue with an idiot. They drag you down > > to their level, then beat you with experience. > > ----------------------------------------------- > -- andy andy at shady.org ----------------------------------------------- Never argue with an idiot. They drag you down to their level, then beat you with experience. ----------------------------------------------- ----- End forwarded message ----- -- andy andy at shady.org ----------------------------------------------- Never argue with an idiot. They drag you down to their level, then beat you with experience. ----------------------------------------------- From listuser at numbnuts.net Fri Apr 21 17:46:46 2006 From: listuser at numbnuts.net (listuser at numbnuts.net) Date: Fri, 21 Apr 2006 12:46:46 -0500 (CDT) Subject: [rancid] Arris Cadant C3 CMTS Message-ID: What are the odds of getting a patch to add support for the Arris C3? The CLI is very IOS-like. I just added one of our C3s to my RANCID setup and it's generating "End of run not found" errors. Arris doesn't include an "end" to their running-config. Neither does our Motorola BSR 1000 CMTS. I'd love to get support for both of these units. I understand the need to match a string to determine that the running-config has been printed out completely. Wouldn't it be possible to also wait for the prompt to be printed out. For example DEVICE-PROMPT# sh run blah blah ... blah blah DEVICE-PROMPT# Is there any downside to matching "^DEVICE-PROMPT#" instead of "end"? If there's anything I can do to aide in the support for either of these products please let me know and I'll do what I can. Thanks, Justin -- BEGIN-ANTISPAM-VOTING-LINKS ------------------------------------------------------ Teach CanIt if this mail (ID 281822) is spam: Spam: http://canit.linuxnuts.net/b.php?c=s&i=281822&m=828d23459d3f Not spam: http://canit.linuxnuts.net/b.php?c=n&i=281822&m=828d23459d3f Forget vote: http://canit.linuxnuts.net/b.php?c=f&i=281822&m=828d23459d3f ------------------------------------------------------ END-ANTISPAM-VOTING-LINKS From listuser at numbnuts.net Fri Apr 21 20:07:55 2006 From: listuser at numbnuts.net (listuser at numbnuts.net) Date: Fri, 21 Apr 2006 15:07:55 -0500 (CDT) Subject: [rancid] Re: extreme issues In-Reply-To: <20060414182718.GE823@shady.org> Message-ID: On Fri, 14 Apr 2006, andy wrote: > Tallaght Summit 48si::1 > can't read "expect_out(2,string)": no such element in array Maybe it's just me, but I'd say that the colons in the hostname are jacking things up. Is there any compelling reason to keep these in the hostname? Justin -- BEGIN-ANTISPAM-VOTING-LINKS ------------------------------------------------------ Teach CanIt if this mail (ID 281858) is spam: Spam: http://canit.linuxnuts.net/b.php?c=s&i=281858&m=bab48f3cf8ed Not spam: http://canit.linuxnuts.net/b.php?c=n&i=281858&m=bab48f3cf8ed Forget vote: http://canit.linuxnuts.net/b.php?c=f&i=281858&m=bab48f3cf8ed ------------------------------------------------------ END-ANTISPAM-VOTING-LINKS From mnichols at wayport.net Tue Apr 18 18:25:04 2006 From: mnichols at wayport.net (Matt Nichols) Date: Tue, 18 Apr 2006 13:25:04 -0500 Subject: [rancid] RANCID with Cisco ASA's Message-ID: <52AD365BD79BA048B359E3F4411D45150D848E48@exchange01.wayad.corp.wayport.net> Hello, Has anyone had any luck using RANCID to collect configs from Cisco ASA firewalls? If so, what does your RANCID config look like? -Matt -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20060418/163cf7a7/attachment.html From mnichols at wayport.net Thu Apr 27 17:58:04 2006 From: mnichols at wayport.net (Matt Nichols) Date: Thu, 27 Apr 2006 12:58:04 -0500 Subject: [rancid] Re: RANCID with Cisco ASA's Message-ID: <52AD365BD79BA048B359E3F4411D45150D84986E@exchange01.wayad.corp.wayport.net> Hi Jeff, What does your config look like to collect from your ASA's? Are you using a type of cisco or cat5? I have tried the type of cisco and cat5. When looking at the logs for the ASA's rancid is reporting "End of run not found". I am successfully collecting from a barrage of other cisco equipment without error using the "cisco" type and default configs. (7206 routers, 3750 layer2/3 stacks, 2950/2970 switches, 3560 POE switches, etc.) The only thing that is different about the way I'm trying to collect from our ASA's is the rancid tacacs user isn't auto enabled when it logs into the ASA's, so rancid must enter an enable password, this is actually working fine, I have autoenable set to 0 for the ASA's in .cloginrc. If I run a clogin against any of the ASA's with "write term" or "show version" it completes without error, I see it login via ssh, enable, run the command, and exit. I tried substituting the command "write term" with "show conf" in the rancid script but that didn't change anything. I suspect the rancid script needs the "write term" command since that's the only command that shows an ": end" at the end of the config on a PIX/ASA and there seems to be something hard coded in the rancid script to look for that. Any tips would be greatly appreciated. -Matt -----Original Message----- From: Jeff Wolfe [mailto:wolfe at ems.psu.edu] Sent: Thursday, April 27, 2006 12:46 PM To: Matt Nichols Subject: Re: [rancid] RANCID with Cisco ASA's Matt Nichols wrote: > Hello, > > > > Has anyone had any luck using RANCID to collect configs from Cisco ASA > firewalls? If so, what does your RANCID config look like? We subbed an ASA in for a PIX 525 and I didn't change anything at all on my rancid config. The PIX config worked just fine for us. -JEff From srau at rauhaus.org Thu Apr 27 19:47:36 2006 From: srau at rauhaus.org (Stafford A. Rau) Date: Thu, 27 Apr 2006 12:47:36 -0700 Subject: [rancid] Re: RANCID with Cisco ASA's In-Reply-To: <52AD365BD79BA048B359E3F4411D45150D848E48@exchange01.wayad.corp.wayport.net> References: <52AD365BD79BA048B359E3F4411D45150D848E48@exchange01.wayad.corp.wayport.net> Message-ID: <20060427194736.GA17990@rauhaus.org> * Matt Nichols [060427 10:40]: > > Has anyone had any luck using RANCID to collect configs from Cisco ASA > firewalls? If so, what does your RANCID config look like? Yes. rancid2 at production:~/var/it$ grep asa router.db idcasa-01:cisco:up idcasa-02:cisco:up Really didn't do anything special for them, just pointed rancid at them like any other Cisco device. --Stafford From affanzbasalamah at gmail.com Fri Apr 28 17:45:28 2006 From: affanzbasalamah at gmail.com (Affan Basalamah) Date: Sat, 29 Apr 2006 00:45:28 +0700 Subject: [rancid] cloginrc for username and enable Message-ID: Hi all, I have configured our cisco router/switch to use tac+ auth, but I want to also enable it to be rancid-ed. I have added rancid special user (with show-only permissions) and password in tac_plus.conf. Enable password still exist in router/switch, which is different than rancid password. I want to know what will cloginrc config would be for this configuration, since I see in 'man cloginrc' that 'add user' and 'add password' stanza doesn't include enable password. In a nutshell : - special rancid user & password - enable secret password in router Regards, -affan From rancid at gheek.net Fri Apr 28 19:40:39 2006 From: rancid at gheek.net (Lance Vermilion) Date: Fri, 28 Apr 2006 12:40:39 -0700 Subject: [rancid] Re: cloginrc for username and enable In-Reply-To: References: Message-ID: <20060428194039.GA82725@viol8tr.com> Affan, Here is the format. # add password # # add user # The default user is $USER (i.e.: the user running clogin). # # add userprompt # What the router prints to prompt for the username. # Default: {"(Username|login|user name):"} # # add userpassword # The password for user if different than the password set # using 'add password'. # # add passprompt # What the router prints to prompt for the password. # Default: {"(\[Pp]assword|passwd):"} # # add method {ssh} [...] # Defines, in order, which connection method(s) to use for a device # from the set {ssh,telnet,rsh}. e.g.: add method * {ssh} {telnet} {rsh} # will attempt ssh connection first. if ssh fails with connection # refused (i.e.: not due to authentication failure), then try telnet, # then rsh. # Default: {telnet} {ssh} # # add noenable # equivalent of -noenable on the cmd line to not enable at login. # # add enableprompt # What the router prints to prompt for the enable password. # Default: {"\[Pp]assword:"} # # add enauser # This is only needed if enable asks for a username and this # username is different from what user is set to. # # add autoenable <1/0> # This is used if you are automatically enabled by the login process. # # add cyphertype # Default is 3des. # # add identity # Default is your default ssh identity. -- -Lance On Sat, Apr 29, 2006 at 12:45:28AM +0700, Affan Basalamah wrote: > Hi all, > > I have configured our cisco router/switch to use tac+ auth, but I want > to also enable it to be rancid-ed. I have added rancid special user > (with show-only permissions) and password in tac_plus.conf. Enable > password still exist in router/switch, which is different than rancid > password. > > I want to know what will cloginrc config would be for this > configuration, since I see in 'man cloginrc' that 'add user' and 'add > password' stanza doesn't include enable password. > > In a nutshell : > - special rancid user & password > - enable secret password in router > > Regards, > > -affan > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss