[rancid] Re: using rancid with netscreen firewalls

Brock Massel bmassel at descartes.com
Fri Aug 4 18:23:39 UTC 2006



I think that nothing special is required. 


Use nlogin and nrancid.  Of course the rancid run "does the right thing"
to call these from cron because you used the device type "netscreen" in


See the transcript of a session below... note my prompt has no magic.
nlogin actually looks for a ">".  And reading the nlogin source, it
ignores all the enable stuff any way (since the netscreen has no such


rancid at YYYYY.ZZZ.XXXX.com[768]$ nlogin

spawn ssh -c 3des -x -l rancid

rancid at's password:

Remote Management Console


SSGFW1(M)-> exitConnection to closed.

rancid at YYYYY.ZZZ.XXXX.com[769]$


nrancid for me also. No changes should be required. I run from
downloaded tarballs.


rancid at YYYYY.ZZZ.XXXX.com[785]$ grep 32.34  router.db


rancid at YYYYY.ZZZ.XXXX.com[787]$ grep 32.34 .cloginrc

add method                   ssh

add cyphertype               {3des}

add user                             rancid

add password                 WASAPASS WASAPASS





From: rancid-discuss-bounces at shrubbery.net
[mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Chris Stave
Sent: Friday, August 04, 2006 1:48 PM
To: Chris Gallardo
Cc: rancid-discuss at shrubbery.net
Subject: [rancid] Re: using rancid with netscreen firewalls


The easiest way to deal with this would probably be to change the name
of the firewall to include a #, which might work.  I'm not sure if it
will let you, but its worth trying.  You could make it
iub-machine-room#1 or something.  Not the most elegant way to deal with
it, but it might work. 

Chris Stave
CNS, Drew University

On 8/4/06, Chris Gallardo <wcgallar at iupui.edu> wrote:

I have a netscreen firewall that is already in enable mode when you
login.  However the prompt does not contain  '#' sowhen I try nlogin it
returns this error

iub-machine-room:bfw1(M)-> can't read "enable": no such variable 
     while executing
"if { $enable } {
         if {[do_enable $enauser $enapasswd]} {
             if { $do_command || $do_script } {
                 close; wait
     ("foreach" body line 66)
     invoked from within
"foreach firewall [lrange $argv $i end] {
     set firewall [string tolower $firewall]
     send_user "$firewall\n" 

     set prompt ">"

     # Figure out..."
     (file "/usr/bin/nlogin" line 423)

i tried setting autoenable to 1 in .cloginrc but did nothing to solve
the error above.  I believe the script still checks the command prompt
for the '#' even if autoenable is turned on. 

any suggestions would be greatly appreciated.


Chris Gallardo
Network Services

Rancid-discuss mailing list 
Rancid-discuss at shrubbery.net


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20060804/771465fe/attachment.html 

More information about the Rancid-discuss mailing list