<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.6000.16735" name=GENERATOR></HEAD>
<BODY>
<DIV dir=ltr align=left><SPAN class=911585911-09122008><FONT face=Arial
color=#0000ff size=2>I've been using RANCID with the Cisco ACS server for a
while now with no issues after the initial setup for authenticating to my
devices (HP, Cisco, Force 10). I used NDG's and added my RANCID user to
the Domain. Mapped the ACS group to the AD group and Voila!!
</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=911585911-09122008><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=911585911-09122008><FONT face=Arial
color=#0000ff size=2>One problem I have noticed however with Cisco ACS is that
if the user is a member of more than once user group with different types of
authentication (TACACS or RADIUS), one or the other will work but not
both. For example:</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=911585911-09122008><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=911585911-09122008><FONT face=Arial
color=#0000ff size=2>User has access to all network devices using AD account and
TACACS authentication over the ACS.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=911585911-09122008><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=911585911-09122008><FONT face=Arial
color=#0000ff size=2>Same user has VPN access and firewall points RADIUS
authentication to the ACS. </FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=911585911-09122008><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=911585911-09122008><FONT face=Arial
color=#0000ff size=2>It don't work - I have a TAC case open, but no word
yet.</FONT></SPAN></DIV><BR>
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> rancid-discuss-bounces@shrubbery.net
[mailto:rancid-discuss-bounces@shrubbery.net] <B>On Behalf Of </B>Oglum
AVD<BR><B>Sent:</B> Sunday, December 07, 2008 9:07 PM<BR><B>To:</B>
rancid-discuss@shrubbery.net<BR><B>Subject:</B> [rancid] Rancid with Cisco ACS
4.x Issue<BR></FONT><BR></DIV>
<DIV></DIV>
<DIV>I have been running Rancid a while and everything has been great until
recent.<BR>We purchased Cisco ACS 4.x and of-course authentication is going thru
the ACS server. I have been having issue with when Rancid access the
router, nothing displays;<BR> <BR>Example:<BR><A
href="mailto:root@linux804:/var/lib/rancid">root@linux804:/var/lib/rancid</A>#
/var/lib/rancid/bin/clogin -c 'sho clock'
c3560-24-sw1<BR>hsparkeast-c3560-24-sw1<BR>spawn ssh -c 3des -x -l netman
c3560-24-sw1<BR><A href="mailto:netman@c3560-24-sw1's">netman@c3560-24-sw1's</A>
password:<BR><FONT color=#ff0000><STRONG>Error: TIMEOUT
reached<BR></STRONG></FONT><A
href="mailto:root@linux804:/var/lib/rancid">root@linux804:/var/lib/rancid</A>#<BR> <BR>if
I removed the device from ACS and use local account, everything work
great!<BR> <BR>Any help greatly appreciated!</DIV>
<DIV> </DIV>
<DIV>OglumAVD</DIV></BODY></HTML>