[rancid] Re: using rancid with netscreen firewalls

Brock Massel bmassel at descartes.com
Fri Aug 4 18:23:39 UTC 2006 

?

 

I think that nothing special is required. 

 

Use nlogin and nrancid.  Of course the rancid run "does the right thing"
to call these from cron because you used the device type "netscreen" in
router.db.

 

See the transcript of a session below... note my prompt has no magic.
nlogin actually looks for a ">".  And reading the nlogin source, it
ignores all the enable stuff any way (since the netscreen has no such
concept).

 

rancid at YYYYY.ZZZ.XXXX.com[768]$ nlogin 10.9.32.34

10.9.32.34

spawn ssh -c 3des -x -l rancid 10.9.32.34

rancid at 10.9.32.34's password:

Remote Management Console

SSGFW1(M)->

SSGFW1(M)-> exitConnection to 10.9.32.34 closed.

rancid at YYYYY.ZZZ.XXXX.com[769]$

 

nrancid for me also. No changes should be required. I run from
downloaded tarballs.

 

rancid at YYYYY.ZZZ.XXXX.com[785]$ grep 32.34  router.db

10.9.32.34:netscreen:up

 

rancid at YYYYY.ZZZ.XXXX.com[787]$ grep 32.34 .cloginrc

add method 10.9.32.34                   ssh

add cyphertype 10.9.32.34               {3des}

add user 10.9.32.34                             rancid

add password 10.9.32.34                 WASAPASS WASAPASS

 

 

 

________________________________

From: rancid-discuss-bounces at shrubbery.net
[mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Chris Stave
Sent: Friday, August 04, 2006 1:48 PM
To: Chris Gallardo
Cc: rancid-discuss at shrubbery.net
Subject: [rancid] Re: using rancid with netscreen firewalls

 

The easiest way to deal with this would probably be to change the name
of the firewall to include a #, which might work.  I'm not sure if it
will let you, but its worth trying.  You could make it
iub-machine-room#1 or something.  Not the most elegant way to deal with
it, but it might work. 

Chris Stave
CNS, Drew University

On 8/4/06, Chris Gallardo <wcgallar at iupui.edu> wrote:

I have a netscreen firewall that is already in enable mode when you
login.  However the prompt does not contain  '#' sowhen I try nlogin it
returns this error


iub-machine-room:bfw1(M)-> can't read "enable": no such variable 
     while executing
"if { $enable } {
         if {[do_enable $enauser $enapasswd]} {
             if { $do_command || $do_script } {
                 close; wait
                 continue
             } 
         }
     }"
     ("foreach" body line 66)
     invoked from within
"foreach firewall [lrange $argv $i end] {
     set firewall [string tolower $firewall]
     send_user "$firewall\n" 

     set prompt ">"

     # Figure out..."
     (file "/usr/bin/nlogin" line 423)


i tried setting autoenable to 1 in .cloginrc but did nothing to solve
the error above.  I believe the script still checks the command prompt
for the '#' even if autoenable is turned on. 

any suggestions would be greatly appreciated.




--
--

Chris Gallardo
Network Services
278-9067

_______________________________________________
Rancid-discuss mailing list 
Rancid-discuss at shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20060804/771465fe/attachment.html

More information about the Rancid-discuss mailing list