<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]-->
<style>
<!--
/* Font Definitions */
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
        {font-family:NimbusRomNo9T;}
@font-face
        {font-family:"TypoUpright BT";}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
        {mso-style-priority:99;
        mso-style-link:"Balloon Text Char";
        margin:0in;
        margin-bottom:.0001pt;
        font-size:8.0pt;
        font-family:"Tahoma","sans-serif";}
span.EmailStyle18
        {mso-style-type:personal-reply;
        font-family:"Calibri","sans-serif";
        color:#1F497D;}
span.BalloonTextChar
        {mso-style-name:"Balloon Text Char";
        mso-style-priority:99;
        mso-style-link:"Balloon Text";
        font-family:"Tahoma","sans-serif";}
.MsoChpDefault
        {mso-style-type:export-only;
        font-size:10.0pt;}
@page Section1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
        {page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Not exactly sure what you are doing wrong there, but there shouldn't
be any issues using ACS as the tacacs server, provided you are using Tacacs and
not radius for authentication, are you also using authorization? When you log
in manually are you doing it as the rancid user account or a different server
account? I have found if I log in as root and do test connections they always
worked, but not always as rancid. I would go through your logs on ACS
instead of rancid since it looks like your .clogin is correct, with the
exception of the @domain, mine is the same. <o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<div>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><i><span
style='font-size:13.5pt;font-family:NimbusRomNo9T;color:navy'>Thanks</span></i></b><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:navy'><o:p></o:p></span></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:10.0pt;font-family:"Arial","sans-serif";color:navy'>Todd</span><span
style='font-size:13.5pt;font-family:"TypoUpright BT";color:black'><o:p></o:p></span></p>
</div>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>
<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>
rancid-discuss-bounces@shrubbery.net
[mailto:rancid-discuss-bounces@shrubbery.net] <b>On Behalf Of </b>Chris Bell<br>
<b>Sent:</b> Wednesday, December 31, 2008 5:05 AM<br>
<b>To:</b> Oglum AVD; rancid-discuss@shrubbery.net<br>
<b>Subject:</b> [rancid] Re: Rancid with Cisco ACS 4.x Issue<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:blue'>Is your password enclosed in {password} ?</span><o:p></o:p></p>
<p class=MsoNormal> <o:p></o:p></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:blue'>Did you try with IP rather than DNS? </span><o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<div class=MsoNormal align=center style='text-align:center'>
<hr size=2 width="100%" align=center>
</div>
<p class=MsoNormal style='margin-bottom:12.0pt'><b><span style='font-size:10.0pt;
font-family:"Tahoma","sans-serif"'>From:</span></b><span style='font-size:10.0pt;
font-family:"Tahoma","sans-serif"'> rancid-discuss-bounces@shrubbery.net
[mailto:rancid-discuss-bounces@shrubbery.net] <b>On Behalf Of </b>Oglum AVD<br>
<b>Sent:</b> Wednesday, December 31, 2008 1:14 AM<br>
<b>To:</b> rancid-discuss@shrubbery.net<br>
<b>Subject:</b> [rancid] Re: Rancid with Cisco ACS 4.x Issue</span><o:p></o:p></p>
<div>
<p class=MsoNormal>Here's latest update on this;<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal> <o:p></o:p></p>
</div>
<div>
<p class=MsoNormal>/var/lib/rancid/bin/clogin -t -c 'show clock' <a
href="http://test-c3560-48-sw.mydomain.com">test-c3560-48-sw.mydomain.com</a>
log 2>&1 <br>
show clock<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><strong>Error: no password for show clock in /root/.cloginrc.</strong><br>
<a href="http://test-c3560-48-sw.mydomain.com">test-c3560-48-sw.mydomain.com</a><br>
spawn ssh -c 3des -x -l ddnetman <a href="http://test-c3560-48-sw.mydomain.com">test-c3560-48-sw.mydomain.com</a><br>
<strong><span style='color:red'>Error: TIMEOUT reached log</span></strong><b><span
style='color:red'><br>
<strong>Error: no password for log in /root/.cloginrc</strong></span></b><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal> <o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><strong>Password Verification:</strong><br>
nano .cloginrc<br>
add autoenable *.<a href="http://mydomain.com">mydomain.com</a> 1<br>
add user *.<a href="http://mydomain.com">mydomain.com</a> testacc<br>
add password *.<a href="http://mydomain.com">mydomain.com</a> password<br>
add method *.<a href="http://mydomain.com">mydomain.com</a> {ssh}<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal> <o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><strong>Test ssh from this device to switch;</strong><br>
<a href="mailto:root@804">root@804</a>:~# ssh -l testacc <a
href="http://test-c3560-48-sw.mydomain.com">test-c3560-48-sw.mydomain.com</a><br>
<a href="mailto:testacc@test-c3560-48-sw.mydomain.com's">testacc@test-c3560-48-sw.mydomain.com's</a>
password: <br>
<a href="http://test-c3560-48-sw.mydomain.com">test-c3560-48-sw.mydomain.com#</a><strong>show
clock</strong><br>
22:07:13.168 PST Tue Dec 30 2008<br>
<a href="http://test-c3560-48-sw.mydomain.com">test-c3560-48-sw.mydomain.com#</a><br>
it works OK.<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal> <o:p></o:p></p>
</div>
<div>
<p class=MsoNormal>using Cisco ACS 4.x and ACS local account.<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal>Any suggestion?<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><br>
<o:p></o:p></p>
</div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
</body>
</html>