From john at hypergeek.net Tue Dec 2 23:55:03 2008 From: john at hypergeek.net (John A. Kilpatrick) Date: Tue, 2 Dec 2008 15:55:03 -0800 (PST) Subject: [rancid] Setting up rancid with a corp svn server? Message-ID: My boss wants me to have rancid use our corporate svn server. Shouldn't be a problem right? :) So I went and made /data/rancid as the base dir. I checked out the tree using svn co https://svn.foo.com/svn/is-ops is-ops and got the tree we use. I have the basedir set to /data/rancid and I have CVSROOT set to /data//rancid/is-ops/trunk/doc/network/Configs which is where I'd like the files to go. Then I ran rancid-cvs and got: rancid at ntop /data/rancid $ rancid-cvs svn: Unable to open an ra_local session to URL svn: Unable to open repository 'file:///data/rancid/is-ops/trunk/doc/network/Configs/prod' svn: Unable to open an ra_local session to URL svn: Unable to open repository 'file:///data/rancid/is-ops/trunk/doc/network/Configs/prod' svn: '.' is not a working copy svn: Can't open file '.svn/entries': No such file or directory svn: '/data/rancid/prod/configs' is not a working copy svn: '.' is not a working copy svn: Can't open file '.svn/entries': No such file or directory svn: '/data/rancid/prod' is not a working copy svn: Can't open file '/data/rancid/prod/.svn/entries': No such file or directory svn: Unable to open an ra_local session to URL svn: Unable to open repository 'file:///data/rancid/is-ops/trunk/doc/network/Configs/corp' svn: Unable to open an ra_local session to URL svn: Unable to open repository 'file:///data/rancid/is-ops/trunk/doc/network/Configs/corp' svn: '.' is not a working copy svn: Can't open file '.svn/entries': No such file or directory svn: '/data/rancid/corp/configs' is not a working copy svn: '.' is not a working copy svn: Can't open file '.svn/entries': No such file or directory svn: '/data/rancid/corp' is not a working copy svn: Can't open file '/data/rancid/corp/.svn/entries': No such file or directory I'll be honest, I'm not an svn guru nor am I rancid guru - rancid always falls under the "just works" category for me. If someone can point out what I'm doing wrong I'd appreciate it. Should the CVS basedir be a URL? Thanks, John -- John A. Kilpatrick john at hypergeek.net Email| http://www.hypergeek.net/ john-page at hypergeek.net Text pages| ICQ: 19147504 remember: no obstacles/only challenges From bsrinivasa at gmail.com Wed Dec 3 07:18:49 2008 From: bsrinivasa at gmail.com (Srinivasa Raju) Date: Wed, 3 Dec 2008 12:48:49 +0530 Subject: [rancid] nlogin error Message-ID: <8a58bdad0812022318y16c3a995m39eb31c11795433d@mail.gmail.com> I'm new to Rancid, I'm trying to backup configs of netscreen firewall using Rancid. I'm successful at times but Rancid fails to pick configs on few runs. I see the following error "nlogin error: Error: TIMEOUT reached" Any idea?? Thanks Raju -- "Every man should get married some time; after all, happiness is not the only thing in life!!" -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20081203/a54997f4/attachment.html From nimal at fnbs.net Wed Dec 3 10:07:37 2008 From: nimal at fnbs.net (Nimal David Sirimanne) Date: Wed, 03 Dec 2008 18:07:37 +0800 Subject: [rancid] rancid doesnt log changes and receiving duplicate rancid emails Message-ID: <49365A69.2050404@fnbs.net> Hi there, I recently took over management of network for my company. Now the previous guy had a rancid running, and it was running fine until about end of October. Whatever changes made to the network devices after that, was not captured by rancid, and no email notification. I read through some documentation on rancid, and even tested the rancid to see if there was any problem with it logging on to the devices using the commands "sudo /usr/local/rancid/bin/clogin -f /usr/local/rancid/.cloginrc -u ranciduser x.x.x.x". It worked like a charm...no hiccups. Looking through the system, i noticed that the /var/spool/mqueue and /var/spool/clientmqueue was filled with messages. Sendmail was stuck. Somehow a server restart fixed that...and now i'm receiving rancid emails on an hourly basis. However, the emails i receive are all duplicates. Even if i make a lot of configuration (minor stuff like creating username, removing usernames) but these changes arent reflected in the hourly emails. Even when if i add a new network device, a new CVS entry gets created, but any subsequent change to this network device, does not result in any change to the CVS entry. I'm stumped...any pointers on what i can check? Do let me know if you need more details. Thanks guys! Nimal D. Sirimanne From heas at shrubbery.net Wed Dec 3 20:43:53 2008 From: heas at shrubbery.net (john heasley) Date: Wed, 3 Dec 2008 20:43:53 +0000 Subject: [rancid] Re: control characters appearing and disappearing from saved configs In-Reply-To: <20081122191958.GB474@shrubbery.net> References: <20081122191958.GB474@shrubbery.net> Message-ID: <20081203204353.GT8640@shrubbery.net> Please try ftp://ftp.shrubbery.net/pub/rancid/rancid-2.3.2a9.tar.gz. There are a few new things in there that still need some work (and other not yet committed), but it should fix this problem. Sat, Nov 22, 2008 at 11:19:58AM -0800, john heasley: > I think I've fixed this problem already; I'll give you an image in a later > email. > > Sat, Nov 22, 2008 at 09:20:49AM -0800, Drop Box: > > Hi, > > > > After adding a lot of lines to our HP switch configurations, I'm now seeing > > rancid diffs like the one below one or two dozen times a day, on various > > switches: > > > > ----------------------------------------------------------------------------------------- > > > > - -- configs/switch.example.com. (revision 103454) > > @@ -47,7 +47,7 @@ > > ip address dhcp-bootp > > exit > > ip authorized-managers a.b.c.d 255.0.0.0 > > - ip authorized-managers w.x.y.z 255.255.248.0 > > + ip authorized-managers w.x.y.z 255.255.248.0 > > [...] > > > > ----------------------------------------------------------------------------------------- > > > > - -- configs/switchexample.com. (revision 103525) > > @@ -47,7 +47,7 @@ > > ip address dhcp-bootp > > exit > > ip authorized-managers a.b.c.d 255.0.0.0 > > - ip authorized-managers w.x.y.z 255.255.248.0 > > + ip authorized-managers w.x.y.z 255.255.248.0 > > [...] > > > > ----------------------------------------------------------------------------------------- > > > > The various configs I see this for have slight variations in length, but the > > control character appears and disappears on the same line ("ip > > authorized-managers w.x.y.z 255.255.248.0"), so it's not that the problem > > always appears at line N. I've checked out an "offending" revision and > > verified that the control character is there. I ran hrancid by hand maybe > > 20 times, and the control character showed up twice. > > > > Does anyone have any ideas why this might be happening? I'm using rancid > > 2.3.2a6 with expect 5.42.1. > > > > Thanks. > > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From heas at shrubbery.net Wed Dec 3 23:30:43 2008 From: heas at shrubbery.net (john heasley) Date: Wed, 3 Dec 2008 23:30:43 +0000 Subject: [rancid] Re: Setting up rancid with a corp svn server? In-Reply-To: References: Message-ID: <20081203233043.GJ8640@shrubbery.net> Tue, Dec 02, 2008 at 03:55:03PM -0800, John A. Kilpatrick: > > > My boss wants me to have rancid use our corporate svn server. Shouldn't > be a problem right? :) > > So I went and made /data/rancid as the base dir. I checked out the tree > using svn co https://svn.foo.com/svn/is-ops is-ops and got the tree we > use. > > I have the basedir set to /data/rancid and I have CVSROOT set to > /data//rancid/is-ops/trunk/doc/network/Configs which is where I'd like the > files to go. > > Then I ran rancid-cvs and got: > > rancid at ntop /data/rancid $ rancid-cvs > svn: Unable to open an ra_local session to URL > svn: Unable to open repository > 'file:///data/rancid/is-ops/trunk/doc/network/Configs/prod' > svn: Unable to open an ra_local session to URL > svn: Unable to open repository > 'file:///data/rancid/is-ops/trunk/doc/network/Configs/prod' rancid-cvs assume that CVSROOT (from rancid.conf) is local and is a path not a URL and in some cases svn wants a path and in others a URL. To support this, i think CVSROOT would have to become a url. > svn: '.' is not a working copy > svn: Can't open file '.svn/entries': No such file or directory > svn: '/data/rancid/prod/configs' is not a working copy > svn: '.' is not a working copy > svn: Can't open file '.svn/entries': No such file or directory > svn: '/data/rancid/prod' is not a working copy > svn: Can't open file '/data/rancid/prod/.svn/entries': No such file or > directory > svn: Unable to open an ra_local session to URL > svn: Unable to open repository > 'file:///data/rancid/is-ops/trunk/doc/network/Configs/corp' > svn: Unable to open an ra_local session to URL > svn: Unable to open repository > 'file:///data/rancid/is-ops/trunk/doc/network/Configs/corp' > svn: '.' is not a working copy > svn: Can't open file '.svn/entries': No such file or directory > svn: '/data/rancid/corp/configs' is not a working copy > svn: '.' is not a working copy > svn: Can't open file '.svn/entries': No such file or directory > svn: '/data/rancid/corp' is not a working copy > svn: Can't open file '/data/rancid/corp/.svn/entries': No such file or > directory > > I'll be honest, I'm not an svn guru nor am I rancid guru - rancid always > falls under the "just works" category for me. If someone can point out > what I'm doing wrong I'd appreciate it. Should the CVS basedir be a URL? > > Thanks, > John > > -- > John A. Kilpatrick > john at hypergeek.net Email| http://www.hypergeek.net/ > john-page at hypergeek.net Text pages| ICQ: 19147504 > remember: no obstacles/only challenges > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From peter.serwe at gmail.com Thu Dec 4 00:20:38 2008 From: peter.serwe at gmail.com (Peter Serwe) Date: Wed, 3 Dec 2008 16:20:38 -0800 Subject: [rancid] Re: Setting up rancid with a corp svn server? In-Reply-To: <20081203233043.GJ8640@shrubbery.net> References: <20081203233043.GJ8640@shrubbery.net> Message-ID: Wouldn't you then have to change how rancid-cvs handles that variable? It would seem that you would have to figure out how to tell rancid that the repo was already created and how to reference it. The thing is, you can't write files directly to the remote repo, you have to work off a checked out version of it. Rancid basically does this already, and for all intents and purposes, once the repo(s) are properly created, you should be able to do svn ci all you want in the checked out directory like rancid does already. Maybe there's a way to create the directories local with rancid-cvs and then swap in the remote repo after the fact, by removing the directories, checking out the remote repo into the same directory names, and then run rancid. It would seem like that could work. Peter On Wed, Dec 3, 2008 at 3:30 PM, john heasley wrote: > Tue, Dec 02, 2008 at 03:55:03PM -0800, John A. Kilpatrick: >> >> >> My boss wants me to have rancid use our corporate svn server. Shouldn't >> be a problem right? :) >> >> So I went and made /data/rancid as the base dir. I checked out the tree >> using svn co https://svn.foo.com/svn/is-ops is-ops and got the tree we >> use. >> >> I have the basedir set to /data/rancid and I have CVSROOT set to >> /data//rancid/is-ops/trunk/doc/network/Configs which is where I'd like the >> files to go. >> >> Then I ran rancid-cvs and got: >> >> rancid at ntop /data/rancid $ rancid-cvs >> svn: Unable to open an ra_local session to URL >> svn: Unable to open repository >> 'file:///data/rancid/is-ops/trunk/doc/network/Configs/prod' >> svn: Unable to open an ra_local session to URL >> svn: Unable to open repository >> 'file:///data/rancid/is-ops/trunk/doc/network/Configs/prod' > > rancid-cvs assume that CVSROOT (from rancid.conf) is local and is a > path not a URL and in some cases svn wants a path and in others a > URL. > > To support this, i think CVSROOT would have to become a url. > >> svn: '.' is not a working copy >> svn: Can't open file '.svn/entries': No such file or directory >> svn: '/data/rancid/prod/configs' is not a working copy >> svn: '.' is not a working copy >> svn: Can't open file '.svn/entries': No such file or directory >> svn: '/data/rancid/prod' is not a working copy >> svn: Can't open file '/data/rancid/prod/.svn/entries': No such file or >> directory >> svn: Unable to open an ra_local session to URL >> svn: Unable to open repository >> 'file:///data/rancid/is-ops/trunk/doc/network/Configs/corp' >> svn: Unable to open an ra_local session to URL >> svn: Unable to open repository >> 'file:///data/rancid/is-ops/trunk/doc/network/Configs/corp' >> svn: '.' is not a working copy >> svn: Can't open file '.svn/entries': No such file or directory >> svn: '/data/rancid/corp/configs' is not a working copy >> svn: '.' is not a working copy >> svn: Can't open file '.svn/entries': No such file or directory >> svn: '/data/rancid/corp' is not a working copy >> svn: Can't open file '/data/rancid/corp/.svn/entries': No such file or >> directory >> >> I'll be honest, I'm not an svn guru nor am I rancid guru - rancid always >> falls under the "just works" category for me. If someone can point out >> what I'm doing wrong I'd appreciate it. Should the CVS basedir be a URL? >> >> Thanks, >> John >> >> -- >> John A. Kilpatrick >> john at hypergeek.net Email| http://www.hypergeek.net/ >> john-page at hypergeek.net Text pages| ICQ: 19147504 >> remember: no obstacles/only challenges >> >> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -- ???? From john at hypergeek.net Thu Dec 4 01:47:55 2008 From: john at hypergeek.net (John A. Kilpatrick) Date: Wed, 3 Dec 2008 17:47:55 -0800 (PST) Subject: [rancid] Re: Setting up rancid with a corp svn server? In-Reply-To: <20081203233043.GJ8640@shrubbery.net> References: <20081203233043.GJ8640@shrubbery.net> Message-ID: On Wed, 3 Dec 2008, john heasley wrote: > rancid-cvs assume that CVSROOT (from rancid.conf) is local and is a > path not a URL and in some cases svn wants a path and in others a > URL. > > To support this, i think CVSROOT would have to become a url. Yeah, I may have to hack that manually, given that in racid-cvs, for example, $CVSROOT is prefaces by file:// -- John A. Kilpatrick john at hypergeek.net Email| http://www.hypergeek.net/ john-page at hypergeek.net Text pages| ICQ: 19147504 remember: no obstacles/only challenges From peter.serwe at gmail.com Thu Dec 4 02:01:59 2008 From: peter.serwe at gmail.com (Peter Serwe) Date: Wed, 3 Dec 2008 18:01:59 -0800 Subject: [rancid] Re: Setting up rancid with a corp svn server? In-Reply-To: References: <20081203233043.GJ8640@shrubbery.net> Message-ID: Interesting. So, if it were to be a pretty clean hack, i.e.: Something that could be committed to the source tree, perhaps we should have another variable like CVSMETHOD where we could put in https, ssh, or file and have it populate another variable based on that input. I'm assuming from the earlier part of the thread, you're planning to use https, IIRC. Peter On Wed, Dec 3, 2008 at 5:47 PM, John A. Kilpatrick wrote: > On Wed, 3 Dec 2008, john heasley wrote: > >> rancid-cvs assume that CVSROOT (from rancid.conf) is local and is a >> path not a URL and in some cases svn wants a path and in others a >> URL. >> >> To support this, i think CVSROOT would have to become a url. > > Yeah, I may have to hack that manually, given that in racid-cvs, for > example, $CVSROOT is prefaces by file:// > > > -- > John A. Kilpatrick > john at hypergeek.net Email| http://www.hypergeek.net/ > john-page at hypergeek.net Text pages| ICQ: 19147504 > remember: no obstacles/only challenges > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -- ???? From ecables at gmail.com Thu Dec 4 02:10:37 2008 From: ecables at gmail.com (Eric Cables) Date: Wed, 3 Dec 2008 18:10:37 -0800 Subject: [rancid] Re: FreeBSD 7.0 + Expect 5.43.0 -- Do I need to patch expect? In-Reply-To: <492AEE3E.7040501@csub.edu> References: <492AEE3E.7040501@csub.edu> Message-ID: This problem has made a resurgence this week, crashing out every night and sending the CPU on the box that RANCID runs on sky high. I end up killing the hung expect processes manually, but instead of staying constant it appears to be getting worse (dang growing environments). Any suggestions are welcome... -- Eric Cables On Mon, Nov 24, 2008 at 10:11 AM, Russell Jackson wrote: > Eric Cables wrote: > > I've been running into this problem quite frequently, about once a week > or > > so rancid will hang for no apparent reason, and until I kill the process > it > > will remain hung. I've read in the archives that Linux & Solaris have a > > problem with expect that requires a patch, but does this also include > > FreeBSD? > > > > I've been running rancid on FreeBSD 6.2 without issue for some time. I > haven't had any > hangs with respect to expect. I haven't tried it on FreeBSD 7.0 yet. > > > $ uname -a > FreeBSD svn.csub.edu 6.2-RELEASE FreeBSD 6.2-RELEASE #0: Fri Jul 13 > 19:38:42 PDT 2000 > rjackson3 at thor.csub.edu:/usr/obj/usr/src/sys/THOR i386 > > > $ pkg_info | egrep 'tcl|rancid' > expect-nox11-5.44.1.7 A sophisticated scripter based on tcl/tk > rancid-local-2.3.2a7_1 Really Awesome New Cisco confIg Differ > tcl-8.4.19,1 Tool Command Language > > > I'm running a locally patched version of the rancid port to silence cisco > diff noise (STP > costs et al). > > $ diff -ur net-mgmt/rancid-devel local/rancid > Only in local/rancid: .svn > diff -ur net-mgmt/rancid-devel/Makefile local/rancid/Makefile > --- net-mgmt/rancid-devel/Makefile Mon Dec 31 06:28:08 2007 > +++ local/rancid/Makefile Mon Feb 25 15:56:16 2008 > @@ -10,7 +10,6 @@ > PORTREVISION= 1 > CATEGORIES= net-mgmt > MASTER_SITES= ftp://ftp.shrubbery.net/pub/rancid/ > -PKGNAMESUFFIX= -devel > > MAINTAINER= janos.mohacsi at bsd.hu > COMMENT= Really Awesome New Cisco confIg Differ > Only in local/rancid/files: .svn > Only in local/rancid/files: patch-bin::cat5rancid.in > Only in local/rancid/files: patch-bin::clogin.in > Only in local/rancid/files: patch-bin::rancid.in > Only in local/rancid: pkg-message > > > -- > Russell A. Jackson > Network Analyst > California State University, Bakersfield > > The greatest productive force is human selfishness. > -- Robert Heinlein > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20081203/32853498/attachment.html From ecables at gmail.com Thu Dec 4 02:25:41 2008 From: ecables at gmail.com (Eric Cables) Date: Wed, 3 Dec 2008 18:25:41 -0800 Subject: [rancid] Re: FreeBSD 7.0 + Expect 5.43.0 -- Do I need to patch expect? In-Reply-To: References: <492AEE3E.7040501@csub.edu> Message-ID: Would upgrading to tcl8.5 be a potential solution? Reading through the old expect threads it indicated that the problem may be with Tcl itself. Right now the system is running tcl-8.4.19. -- Eric Cables On Wed, Dec 3, 2008 at 6:10 PM, Eric Cables wrote: > This problem has made a resurgence this week, crashing out every night and > sending the CPU on the box that RANCID runs on sky high. I end up killing > the hung expect processes manually, but instead of staying constant it > appears to be getting worse (dang growing environments). > > Any suggestions are welcome... > > -- Eric Cables > > > On Mon, Nov 24, 2008 at 10:11 AM, Russell Jackson wrote: > >> Eric Cables wrote: >> > I've been running into this problem quite frequently, about once a week >> or >> > so rancid will hang for no apparent reason, and until I kill the process >> it >> > will remain hung. I've read in the archives that Linux & Solaris have a >> > problem with expect that requires a patch, but does this also include >> > FreeBSD? >> > >> >> I've been running rancid on FreeBSD 6.2 without issue for some time. I >> haven't had any >> hangs with respect to expect. I haven't tried it on FreeBSD 7.0 yet. >> >> >> $ uname -a >> FreeBSD svn.csub.edu 6.2-RELEASE FreeBSD 6.2-RELEASE #0: Fri Jul 13 >> 19:38:42 PDT 2000 >> rjackson3 at thor.csub.edu:/usr/obj/usr/src/sys/THOR i386 >> >> >> $ pkg_info | egrep 'tcl|rancid' >> expect-nox11-5.44.1.7 A sophisticated scripter based on tcl/tk >> rancid-local-2.3.2a7_1 Really Awesome New Cisco confIg Differ >> tcl-8.4.19,1 Tool Command Language >> >> >> I'm running a locally patched version of the rancid port to silence cisco >> diff noise (STP >> costs et al). >> >> $ diff -ur net-mgmt/rancid-devel local/rancid >> Only in local/rancid: .svn >> diff -ur net-mgmt/rancid-devel/Makefile local/rancid/Makefile >> --- net-mgmt/rancid-devel/Makefile Mon Dec 31 06:28:08 2007 >> +++ local/rancid/Makefile Mon Feb 25 15:56:16 2008 >> @@ -10,7 +10,6 @@ >> PORTREVISION= 1 >> CATEGORIES= net-mgmt >> MASTER_SITES= ftp://ftp.shrubbery.net/pub/rancid/ >> -PKGNAMESUFFIX= -devel >> >> MAINTAINER= janos.mohacsi at bsd.hu >> COMMENT= Really Awesome New Cisco confIg Differ >> Only in local/rancid/files: .svn >> Only in local/rancid/files: patch-bin::cat5rancid.in >> Only in local/rancid/files: patch-bin::clogin.in >> Only in local/rancid/files: patch-bin::rancid.in >> Only in local/rancid: pkg-message >> >> >> -- >> Russell A. Jackson >> Network Analyst >> California State University, Bakersfield >> >> The greatest productive force is human selfishness. >> -- Robert Heinlein >> >> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20081203/4958629d/attachment.html From peter.serwe at gmail.com Thu Dec 4 02:56:01 2008 From: peter.serwe at gmail.com (Peter Serwe) Date: Wed, 3 Dec 2008 18:56:01 -0800 Subject: [rancid] Re: FreeBSD 7.0 + Expect 5.43.0 -- Do I need to patch expect? In-Reply-To: References: <492AEE3E.7040501@csub.edu> Message-ID: I'm using tcl and tk 8.4.19 and the patched version of expect 5.40.1 from shrubbery.net on two different installations. I would recommend rebuilding tcl, tk, expect, and then rancid and I'm relatively certain the behavior will disappear. This is, by the way, on a pair of CentOS 5.2 systems. One of them was 4.7 until a recent drive failure without good backups caused me to rebuild it into a 5.2 box on a new drive and rebuild all of the software on it. Peter On Wed, Dec 3, 2008 at 6:25 PM, Eric Cables wrote: > Would upgrading to tcl8.5 be a potential solution? Reading through the old > expect threads it indicated that the problem may be with Tcl itself. Right > now the system is running tcl-8.4.19. > > -- Eric Cables > > > On Wed, Dec 3, 2008 at 6:10 PM, Eric Cables wrote: >> >> This problem has made a resurgence this week, crashing out every night and >> sending the CPU on the box that RANCID runs on sky high. I end up killing >> the hung expect processes manually, but instead of staying constant it >> appears to be getting worse (dang growing environments). >> >> Any suggestions are welcome... >> >> -- Eric Cables >> >> >> On Mon, Nov 24, 2008 at 10:11 AM, Russell Jackson wrote: >>> >>> Eric Cables wrote: >>> > I've been running into this problem quite frequently, about once a week >>> > or >>> > so rancid will hang for no apparent reason, and until I kill the >>> > process it >>> > will remain hung. I've read in the archives that Linux & Solaris have >>> > a >>> > problem with expect that requires a patch, but does this also include >>> > FreeBSD? >>> > >>> >>> I've been running rancid on FreeBSD 6.2 without issue for some time. I >>> haven't had any >>> hangs with respect to expect. I haven't tried it on FreeBSD 7.0 yet. >>> >>> >>> $ uname -a >>> FreeBSD svn.csub.edu 6.2-RELEASE FreeBSD 6.2-RELEASE #0: Fri Jul 13 >>> 19:38:42 PDT 2000 >>> rjackson3 at thor.csub.edu:/usr/obj/usr/src/sys/THOR i386 >>> >>> >>> $ pkg_info | egrep 'tcl|rancid' >>> expect-nox11-5.44.1.7 A sophisticated scripter based on tcl/tk >>> rancid-local-2.3.2a7_1 Really Awesome New Cisco confIg Differ >>> tcl-8.4.19,1 Tool Command Language >>> >>> >>> I'm running a locally patched version of the rancid port to silence cisco >>> diff noise (STP >>> costs et al). >>> >>> $ diff -ur net-mgmt/rancid-devel local/rancid >>> Only in local/rancid: .svn >>> diff -ur net-mgmt/rancid-devel/Makefile local/rancid/Makefile >>> --- net-mgmt/rancid-devel/Makefile Mon Dec 31 06:28:08 2007 >>> +++ local/rancid/Makefile Mon Feb 25 15:56:16 2008 >>> @@ -10,7 +10,6 @@ >>> PORTREVISION= 1 >>> CATEGORIES= net-mgmt >>> MASTER_SITES= ftp://ftp.shrubbery.net/pub/rancid/ >>> -PKGNAMESUFFIX= -devel >>> >>> MAINTAINER= janos.mohacsi at bsd.hu >>> COMMENT= Really Awesome New Cisco confIg Differ >>> Only in local/rancid/files: .svn >>> Only in local/rancid/files: patch-bin::cat5rancid.in >>> Only in local/rancid/files: patch-bin::clogin.in >>> Only in local/rancid/files: patch-bin::rancid.in >>> Only in local/rancid: pkg-message >>> >>> >>> -- >>> Russell A. Jackson >>> Network Analyst >>> California State University, Bakersfield >>> >>> The greatest productive force is human selfishness. >>> -- Robert Heinlein >>> >>> >>> _______________________________________________ >>> Rancid-discuss mailing list >>> Rancid-discuss at shrubbery.net >>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >> > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -- ???? From ecables at gmail.com Thu Dec 4 03:37:51 2008 From: ecables at gmail.com (Eric Cables) Date: Wed, 3 Dec 2008 19:37:51 -0800 Subject: [rancid] Re: FreeBSD 7.0 + Expect 5.43.0 -- Do I need to patch expect? In-Reply-To: References: <492AEE3E.7040501@csub.edu> Message-ID: Well, I went ahead and rebuilt Tcl and Expect, to their latest available versions, and things appear to be working now. I'm not sure whether it ws Tcl or Expect causing the problems, but the versions I'm running now seem stable (two full rancid-run completions so far). expect-nox11-5.44.1.7 tcl-8.5.4 -- Eric Cables On Wed, Dec 3, 2008 at 6:56 PM, Peter Serwe wrote: > I'm using tcl and tk 8.4.19 and the patched version of expect 5.40.1 > from shrubbery.net > on two different installations. I would recommend rebuilding tcl, tk, > expect, and then rancid > and I'm relatively certain the behavior will disappear. > > This is, by the way, on a pair of CentOS 5.2 systems. One of them was > 4.7 until a recent > drive failure without good backups caused me to rebuild it into a 5.2 > box on a new drive and > rebuild all of the software on it. > > Peter > > On Wed, Dec 3, 2008 at 6:25 PM, Eric Cables wrote: > > Would upgrading to tcl8.5 be a potential solution? Reading through the > old > > expect threads it indicated that the problem may be with Tcl itself. > Right > > now the system is running tcl-8.4.19. > > > > -- Eric Cables > > > > > > On Wed, Dec 3, 2008 at 6:10 PM, Eric Cables wrote: > >> > >> This problem has made a resurgence this week, crashing out every night > and > >> sending the CPU on the box that RANCID runs on sky high. I end up > killing > >> the hung expect processes manually, but instead of staying constant it > >> appears to be getting worse (dang growing environments). > >> > >> Any suggestions are welcome... > >> > >> -- Eric Cables > >> > >> > >> On Mon, Nov 24, 2008 at 10:11 AM, Russell Jackson wrote: > >>> > >>> Eric Cables wrote: > >>> > I've been running into this problem quite frequently, about once a > week > >>> > or > >>> > so rancid will hang for no apparent reason, and until I kill the > >>> > process it > >>> > will remain hung. I've read in the archives that Linux & Solaris > have > >>> > a > >>> > problem with expect that requires a patch, but does this also include > >>> > FreeBSD? > >>> > > >>> > >>> I've been running rancid on FreeBSD 6.2 without issue for some time. I > >>> haven't had any > >>> hangs with respect to expect. I haven't tried it on FreeBSD 7.0 yet. > >>> > >>> > >>> $ uname -a > >>> FreeBSD svn.csub.edu 6.2-RELEASE FreeBSD 6.2-RELEASE #0: Fri Jul 13 > >>> 19:38:42 PDT 2000 > >>> rjackson3 at thor.csub.edu:/usr/obj/usr/src/sys/THOR i386 > >>> > >>> > >>> $ pkg_info | egrep 'tcl|rancid' > >>> expect-nox11-5.44.1.7 A sophisticated scripter based on tcl/tk > >>> rancid-local-2.3.2a7_1 Really Awesome New Cisco confIg Differ > >>> tcl-8.4.19,1 Tool Command Language > >>> > >>> > >>> I'm running a locally patched version of the rancid port to silence > cisco > >>> diff noise (STP > >>> costs et al). > >>> > >>> $ diff -ur net-mgmt/rancid-devel local/rancid > >>> Only in local/rancid: .svn > >>> diff -ur net-mgmt/rancid-devel/Makefile local/rancid/Makefile > >>> --- net-mgmt/rancid-devel/Makefile Mon Dec 31 06:28:08 2007 > >>> +++ local/rancid/Makefile Mon Feb 25 15:56:16 2008 > >>> @@ -10,7 +10,6 @@ > >>> PORTREVISION= 1 > >>> CATEGORIES= net-mgmt > >>> MASTER_SITES= ftp://ftp.shrubbery.net/pub/rancid/ > >>> -PKGNAMESUFFIX= -devel > >>> > >>> MAINTAINER= janos.mohacsi at bsd.hu > >>> COMMENT= Really Awesome New Cisco confIg Differ > >>> Only in local/rancid/files: .svn > >>> Only in local/rancid/files: patch-bin::cat5rancid.in > >>> Only in local/rancid/files: patch-bin::clogin.in > >>> Only in local/rancid/files: patch-bin::rancid.in > >>> Only in local/rancid: pkg-message > >>> > >>> > >>> -- > >>> Russell A. Jackson > >>> Network Analyst > >>> California State University, Bakersfield > >>> > >>> The greatest productive force is human selfishness. > >>> -- Robert Heinlein > >>> > >>> > >>> _______________________________________________ > >>> Rancid-discuss mailing list > >>> Rancid-discuss at shrubbery.net > >>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > >> > > > > > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > > > > -- > ???? > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20081203/e2160357/attachment.html From karsten.heymann at blue-cable.net Thu Dec 4 06:42:46 2008 From: karsten.heymann at blue-cable.net (Karsten Heymann) Date: Thu, 04 Dec 2008 07:42:46 +0100 Subject: [rancid] Re: Setting up rancid with a corp svn server? In-Reply-To: (Peter Serwe's message of "Wed\, 3 Dec 2008 18\:01\:59 -0800") References: <20081203233043.GJ8640@shrubbery.net> Message-ID: <87vdu08mqh.fsf@ara.blue-cable.net> Hi, "Peter Serwe" writes: > So, if it were to be a pretty clean hack, i.e.: Something that could > be committed to the source tree I solved this problem with the following trivial patch to rancid-cvs.in (in debian dpatch format, but should be usable by others too). Feel free to include it into the source tree. The idea is to test if CVSROOT contains the characters ://, and, depending on that, behave differently. hth, Karsten #! /bin/sh /usr/share/dpatch/dpatch-run ## 07_svn_remote.dpatch by ## ## All lines beginning with `## DP:' are a description of the patch. ## DP: Add support for remote subversion repositories @DPATCH@ diff -urNad rancid-2.3.2~a8~/bin/rancid-cvs.in rancid-2.3.2~a8/bin/rancid-cvs.in --- rancid-2.3.2~a8~/bin/rancid-cvs.in 2008-02-08 07:28:29.000000000 +0100 +++ rancid-2.3.2~a8/bin/rancid-cvs.in 2008-09-26 08:51:18.000000000 +0200 @@ -97,7 +97,9 @@ if [ $RCSSYS = cvs ]; then cvs -d $CVSROOT init else - svnadmin create $CVSROOT @SVN_FSTYPE@ + if [[ $(expr match $CVSROOT '.*://') -eq 0 ]]; then + svnadmin create $CVSROOT @SVN_FSTYPE@ + fi fi fi @@ -127,10 +129,16 @@ cvs import -m "$GROUP" $GROUP new rancid cd $BASEDIR cvs checkout $GROUP - else + + # local subversion repository: + elif [[ $(expr match $CVSROOT '.*://') -eq 0 ]]; then svn import -m "$GROUP" . file://$CVSROOT/$GROUP cd $BASEDIR svn checkout file://$CVSROOT/$GROUP $GROUP + else # remote subversion repository + svn import -m "$GROUP" . $CVSROOT/$GROUP + cd $BASEDIR + svn checkout $CVSROOT/$GROUP $GROUP fi fi cd $DIR -- Karsten Heymann From tom.duijf at gmail.com Thu Dec 4 07:54:42 2008 From: tom.duijf at gmail.com (Tom Duijf) Date: Thu, 04 Dec 2008 08:54:42 +0100 Subject: [rancid] Re: Setting up rancid with a corp svn server? In-Reply-To: References: Message-ID: <49378CC2.60503@gmail.com> Rancid uses a local svn/cvs repository and and a local working copy/checkout. The trick is to just ignore the local repos and make a working copy from the corporate server yourself using a separate local user so svn can safely store its repos credentials. Svn store their own repos path, the one in the rancid config file is only for initial creation. Install rancid in a normal way, have it set up the local repos and working copy (without switches, just the basic dir layout). Rancid only uses the local repos path when there is no working copy set up. After this, just temp copy the working copy contents (remove the .svn dirs) and check out a new empty dir from our corp repos. I have rancid setup to use a department svn server where we not just store network device configs but also several sets of server configuration, committed by a separate set of scripts. All works like a charm. Kind regards, Tom Duijf John A. Kilpatrick wrote: > My boss wants me to have rancid use our corporate svn server. Shouldn't > be a problem right? :) > > So I went and made /data/rancid as the base dir. I checked out the tree > using svn co https://svn.foo.com/svn/is-ops is-ops and got the tree we > use. > > I have the basedir set to /data/rancid and I have CVSROOT set to > /data//rancid/is-ops/trunk/doc/network/Configs which is where I'd like the > files to go. > > Then I ran rancid-cvs and got: > > rancid at ntop /data/rancid $ rancid-cvs > svn: Unable to open an ra_local session to URL > svn: Unable to open repository > 'file:///data/rancid/is-ops/trunk/doc/network/Configs/prod' > svn: Unable to open an ra_local session to URL > svn: Unable to open repository > 'file:///data/rancid/is-ops/trunk/doc/network/Configs/prod' > svn: '.' is not a working copy > svn: Can't open file '.svn/entries': No such file or directory > svn: '/data/rancid/prod/configs' is not a working copy > svn: '.' is not a working copy > svn: Can't open file '.svn/entries': No such file or directory > svn: '/data/rancid/prod' is not a working copy > svn: Can't open file '/data/rancid/prod/.svn/entries': No such file or > directory > svn: Unable to open an ra_local session to URL > svn: Unable to open repository > 'file:///data/rancid/is-ops/trunk/doc/network/Configs/corp' > svn: Unable to open an ra_local session to URL > svn: Unable to open repository > 'file:///data/rancid/is-ops/trunk/doc/network/Configs/corp' > svn: '.' is not a working copy > svn: Can't open file '.svn/entries': No such file or directory > svn: '/data/rancid/corp/configs' is not a working copy > svn: '.' is not a working copy > svn: Can't open file '.svn/entries': No such file or directory > svn: '/data/rancid/corp' is not a working copy > svn: Can't open file '/data/rancid/corp/.svn/entries': No such file or > directory > > I'll be honest, I'm not an svn guru nor am I rancid guru - rancid always > falls under the "just works" category for me. If someone can point out > what I'm doing wrong I'd appreciate it. Should the CVS basedir be a URL? > > Thanks, > John > > From heas at shrubbery.net Thu Dec 4 19:22:30 2008 From: heas at shrubbery.net (john heasley) Date: Thu, 4 Dec 2008 11:22:30 -0800 Subject: [rancid] Re: Setting up rancid with a corp svn server? In-Reply-To: <87vdu08mqh.fsf@ara.blue-cable.net> References: <20081203233043.GJ8640@shrubbery.net> <87vdu08mqh.fsf@ara.blue-cable.net> Message-ID: <20081204192230.GG15302@shrubbery.net> Thu, Dec 04, 2008 at 07:42:46AM +0100, Karsten Heymann: > Hi, > > "Peter Serwe" writes: > > So, if it were to be a pretty clean hack, i.e.: Something that could > > be committed to the source tree > > I solved this problem with the following trivial patch to > rancid-cvs.in (in debian dpatch format, but should be usable by others > too). Feel free to include it into the source tree. The idea is to > test if CVSROOT contains the characters ://, and, depending on that, > behave differently. > > hth, > Karsten Nice, thats the idea. It'd be less confusing to deal with CVSROOT always being a URL, while also accepting a normal path. > #! /bin/sh /usr/share/dpatch/dpatch-run > ## 07_svn_remote.dpatch by > ## > ## All lines beginning with `## DP:' are a description of the patch. > ## DP: Add support for remote subversion repositories > > @DPATCH@ > diff -urNad rancid-2.3.2~a8~/bin/rancid-cvs.in rancid-2.3.2~a8/bin/rancid-cvs.in > --- rancid-2.3.2~a8~/bin/rancid-cvs.in 2008-02-08 07:28:29.000000000 +0100 > +++ rancid-2.3.2~a8/bin/rancid-cvs.in 2008-09-26 08:51:18.000000000 +0200 > @@ -97,7 +97,9 @@ > if [ $RCSSYS = cvs ]; then > cvs -d $CVSROOT init > else > - svnadmin create $CVSROOT @SVN_FSTYPE@ > + if [[ $(expr match $CVSROOT '.*://') -eq 0 ]]; then > + svnadmin create $CVSROOT @SVN_FSTYPE@ > + fi > fi > fi > > @@ -127,10 +129,16 @@ > cvs import -m "$GROUP" $GROUP new rancid > cd $BASEDIR > cvs checkout $GROUP > - else > + > + # local subversion repository: > + elif [[ $(expr match $CVSROOT '.*://') -eq 0 ]]; then > svn import -m "$GROUP" . file://$CVSROOT/$GROUP > cd $BASEDIR > svn checkout file://$CVSROOT/$GROUP $GROUP > + else # remote subversion repository > + svn import -m "$GROUP" . $CVSROOT/$GROUP > + cd $BASEDIR > + svn checkout $CVSROOT/$GROUP $GROUP > fi > fi > cd $DIR > > -- > Karsten Heymann > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From chris at upnix.com Thu Dec 4 22:00:59 2008 From: chris at upnix.com (Chris Cameron) Date: Thu, 4 Dec 2008 15:00:59 -0700 Subject: [rancid] Repeated change in output Message-ID: <7fd868cc0812041400w78f73ebds7706ca9ddb55606@mail.gmail.com> I have Rancid watching, among other things, a bunch of Cisco 2960G's. Every time Rancid runs, it logs a change in my VLAN list, which is evidently because of line breaks. For example: !VLAN: 1 default active Gi0/33, Gi0/37, Gi0/38, Gi0/45 !VLAN: Gi0/46 vs. !VLAN: 1 default active Gi0/33, Gi0/37, Gi0/38, Gi0/45, Gi0/46 And this alternates every time it runs. During this time, no one is logged into these switches. Does anyone know what's causing this? Thanks, Chris From ecables at gmail.com Thu Dec 4 23:20:02 2008 From: ecables at gmail.com (Eric Cables) Date: Thu, 4 Dec 2008 15:20:02 -0800 Subject: [rancid] Re: Repeated change in output In-Reply-To: <7fd868cc0812041400w78f73ebds7706ca9ddb55606@mail.gmail.com> References: <7fd868cc0812041400w78f73ebds7706ca9ddb55606@mail.gmail.com> Message-ID: I see the same thing occasionally, although I don't know what the fix is. -- Eric Cables On Thu, Dec 4, 2008 at 2:00 PM, Chris Cameron wrote: > I have Rancid watching, among other things, a bunch of Cisco 2960G's. > Every time Rancid runs, it logs a change in my VLAN list, which is > evidently because of line breaks. For example: > > !VLAN: 1 default active Gi0/33, Gi0/37, Gi0/38, Gi0/45 > !VLAN: Gi0/46 > vs. > !VLAN: 1 default active Gi0/33, Gi0/37, Gi0/38, Gi0/45, > Gi0/46 > > And this alternates every time it runs. During this time, no one is > logged into these switches. > > Does anyone know what's causing this? > > > Thanks, > Chris > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20081204/4fbf29b0/attachment.html From dnewman at networktest.com Fri Dec 5 05:25:40 2008 From: dnewman at networktest.com (David Newman) Date: Thu, 04 Dec 2008 21:25:40 -0800 Subject: [rancid] bypassing splash screen on HP ProCurve 3500 Message-ID: <4938BB54.2040004@networktest.com> Running Rancid 2.3.1_3 on FreeBSD 7 from ports, and having difficulty grabbing configs from an HP ProCurve 3500yl switch because of the splash screen the switch displays at login. I've pasted below the switch info from .cloginrc. Is there a workaround to get beyond the switch's initial splash screen? thanks dn # hp3500.inf add user 1.2.3.4 admin add password 1.2.3.4 secret123password add autoenable 1.2.3.4 1 add method 1.2.3.4 ssh From rancid at ale.cx Fri Dec 5 08:07:56 2008 From: rancid at ale.cx (alex) Date: Fri, 5 Dec 2008 08:07:56 +0000 Subject: [rancid] Re: Repeated change in output In-Reply-To: <7fd868cc0812041400w78f73ebds7706ca9ddb55606@mail.gmail.com> References: <7fd868cc0812041400w78f73ebds7706ca9ddb55606@mail.gmail.com> Message-ID: <200812050807.56554.rancid@ale.cx> On Thursday 04 December 2008 22:00:59 Chris Cameron wrote: > !VLAN: 1 default active Gi0/33, Gi0/37, Gi0/38, Gi0/45 > !VLAN: Gi0/46 > vs. > !VLAN: 1 default active Gi0/33, Gi0/37, Gi0/38, Gi0/45, > Gi0/46 > > And this alternates every time it runs. During this time, no one is > logged into these switches. I see similar thing on routers with DNS servers alternating, and on ASAs with the indentation of the inspection config changing. I think this could be considered to be a minor bug on Cisco's part. On the other hand, if whatever part of RANCID does the diff between one config revision and the next had some awareness of what is being diffed, then this could be avoided. This would basically involve implementing a Cisco config parser that can understand every config directive, so don't hold your breath :-) alexd From heas at shrubbery.net Fri Dec 5 17:45:41 2008 From: heas at shrubbery.net (john heasley) Date: Fri, 5 Dec 2008 09:45:41 -0800 Subject: [rancid] Re: bypassing splash screen on HP ProCurve 3500 In-Reply-To: <4938BB54.2040004@networktest.com> References: <4938BB54.2040004@networktest.com> Message-ID: <20081205174541.GF21966@shrubbery.net> Thu, Dec 04, 2008 at 09:25:40PM -0800, David Newman: > Running Rancid 2.3.1_3 on FreeBSD 7 from ports, and having difficulty > grabbing configs from an HP ProCurve 3500yl switch because of the splash > screen the switch displays at login. > > I've pasted below the switch info from .cloginrc. > > Is there a workaround to get beyond the switch's initial splash screen? What is the splash screen? my hp2524 has one, but hrancid passes it just fine. I presume you've defined it as device type 'hp' in router.db. From dnewman at networktest.com Fri Dec 5 19:28:20 2008 From: dnewman at networktest.com (David Newman) Date: Fri, 05 Dec 2008 11:28:20 -0800 Subject: [rancid] Re: bypassing splash screen on HP ProCurve 3500 In-Reply-To: <20081205174541.GF21966@shrubbery.net> References: <4938BB54.2040004@networktest.com> <20081205174541.GF21966@shrubbery.net> Message-ID: <493980D4.503@networktest.com> On 12/5/08 9:45 AM, john heasley wrote: > Thu, Dec 04, 2008 at 09:25:40PM -0800, David Newman: >> Running Rancid 2.3.1_3 on FreeBSD 7 from ports, and having difficulty >> grabbing configs from an HP ProCurve 3500yl switch because of the splash >> screen the switch displays at login. >> >> I've pasted below the switch info from .cloginrc. >> >> Is there a workaround to get beyond the switch's initial splash screen? > > What is the splash screen? my hp2524 has one, but hrancid passes it just > fine. $ ssh -l admin hp3500-1-2-3-4 ProCurve J8693A Switch 3500yl-48G Software revision K.13.25 Copyright (C) 1991-2008 Hewlett-Packard Co. All Rights Reserved. RESTRICTED RIGHTS LEGEND Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subdivision (b) (3) (ii) of the Rights in Technical Data and Computer Software clause at 52.227-7013. HEWLETT-PACKARD COMPANY, 3000 Hanover St., Palo Alto, CA 94303 Press any key to continue > I presume you've defined it as device type 'hp' in router.db. Yes. rancid-run completes, but with a zero-length config file for this switch. Do you have that 'Press any key to continue' bit on your 2524? thanks dn From Larry.Kemp at usmetrotel.com Fri Dec 5 22:44:03 2008 From: Larry.Kemp at usmetrotel.com (Kemp, Larry) Date: Fri, 5 Dec 2008 17:44:03 -0500 Subject: [rancid] RANCID against Adtran IAD 900 In-Reply-To: <200812050807.56554.rancid@ale.cx> References: <7fd868cc0812041400w78f73ebds7706ca9ddb55606@mail.gmail.com> <200812050807.56554.rancid@ale.cx> Message-ID: Hey guys... We have Rancid running great hourly diff-ing and backing up our configs for all our Cisco gear on our entire network. We are really happy with it and happy being part of this group, the Rancid community here has made all the difference to us. So thanks to all of you! We are now trying to get Rancid to work with my Adtran IAD 900's. The internal operating system essentially functions just like a Cisco router. Mr. Ted Cabeen wrote a great script for use on the Adtran IAD 900's too...located here: http://osdir.com/ml/network.rancid/2006-08/msg00025.html. We think rancid-run is executing the lines from the router.db and .cloginrc files because in the /usr/local/rancid/var/networking/configs directory we see a file with the IP-address of my IAD appear and we get the email telling us it was added. However when we look at the file in /usr/local/rancid/var/networking/configs (named after that devices IP-address) that file is empty. The IP is NOT showing up in the routers.down or the routers.failed files. I took Ted Cabeen's script and named it /usr/local/rancid/bin/adrancid, I placed this file "adrancid" in this directory with all the other executables (see this file attached). In the /usr/local/rancid/var/networking/router.db file I have this device listed as: 101.100.110.11:adrancid:up In the /usr/local/rancid/.cloginrc file I have the following commands listed for this device: # Device at IP address 10.100.110.11 add password 10.100.110.11 the-rancid-account's-password our-device's-enable-password add user 10.100.110.11 rancid add userprompt 10.100.11.11 add method 10.100.11.11 {telnet} I am using: - Cent OS version 5.2 - Rancid version 2.3..2a2 - Perl version 5.8.8 - Expect version 5.43.0-5.1.i386 - VI Improved version 7.0.237 I have not been able to find any info on correcting this problem online (where maybe somebody else has run into this too). I am thinking that maybe I need to change something simple in the router.db, .cloginrc or rancid.conf files. If anyone has successfully gotten these Adtran IAD 900's to work with Rancid, we sure could use some minor guidance on what config you are using or how you solved this if you ran into it too. Thank you! Respectfully, Larry Kemp Bonita Springs FL USA -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20081205/ef40371d/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: adrancid Type: application/octet-stream Size: 14217 bytes Desc: adrancid Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20081205/ef40371d/attachment.obj From mashcraft at omniture.com Fri Dec 5 23:40:03 2008 From: mashcraft at omniture.com (Mike Ashcraft) Date: Fri, 05 Dec 2008 16:40:03 -0700 Subject: [rancid] Re: RANCID against Adtran IAD 900 In-Reply-To: References: <7fd868cc0812041400w78f73ebds7706ca9ddb55606@mail.gmail.com> <200812050807.56554.rancid@ale.cx> Message-ID: <4939BBD3.2080506@omniture.com> Larry, Check your logs for "unknown router manufacturer" You did not indicate that you had added an entry for router type adrancid in /usr/local/rancid/bin/rancid-fe something like: elsif ($vendor =~ /^adrancid$/i) { exec('adrancid', $router); } Mike Kemp, Larry wrote: > > Hey guys... > > We have Rancid running great hourly diff-ing and backing up our > configs for all our Cisco gear on our entire network. We are really > happy with it and happy being part of this group, the Rancid community > here has made all the difference to us. So thanks to all of you! > > We are now trying to get Rancid to work with my Adtran IAD 900's. The > internal operating system essentially functions just like a Cisco > router. Mr. Ted Cabeen wrote a great script for use on the Adtran IAD > 900's too?located here: > http://osdir.com/ml/network.rancid/2006-08/msg00025.html. > > We think rancid-run is executing the lines from the router.db and > .cloginrc files because in the > /usr/local/rancid/var/networking/configs directory we see a file with > the IP-address of my IAD appear and we get the email telling us it was > added. However when we look at the file in > /usr/local/rancid/var/networking/configs (named after that devices > IP-address) that file is empty. The IP is NOT showing up in the > routers.down or the routers.failed files. > > I took Ted Cabeen?s script and named it > /usr/local/rancid/bin/adrancid, I placed this file ?adrancid? in this > directory with all the other executables (/see this file attached/). > > In the /usr/local/rancid/var/networking/router.db file I have this > device listed as: > > 101.100.110.11:adrancid:up > > In the /usr/local/rancid/.cloginrc file I have the following commands > listed for this device: > > # Device at IP address 10.100.110.11 > > add password 10.100.110.11 /the-rancid-account?s-password/ > /our-device?s-enable-password/ > > add user 10.100.110.11 rancid > > add userprompt 10.100.11.11 > > add method 10.100.11.11 {telnet} > > I am using: > > - Cent OS version 5.2 > > - Rancid version 2.3..2a2 > > - Perl version 5.8.8 > > - Expect version 5.43.0-5.1.i386 > > - VI Improved version 7.0.237 > > I have not been able to find any info on correcting this problem > online (where maybe somebody else has run into this too). I am > thinking that maybe I need to change something simple in the > /router.db/, /.cloginrc/ or rancid.conf files. If anyone has > successfully gotten these Adtran IAD 900?s to work with Rancid, we > sure could use some minor guidance on what config you are using or how > you solved this if you ran into it too. > > Thank you! > > Respectfully, > > Larry Kemp > > Bonita Springs FL USA > > ------------------------------------------------------------------------ > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From peter.serwe at gmail.com Sat Dec 6 01:22:05 2008 From: peter.serwe at gmail.com (Peter Serwe) Date: Fri, 5 Dec 2008 17:22:05 -0800 Subject: [rancid] Re: RANCID against Adtran IAD 900 In-Reply-To: <4939BBD3.2080506@omniture.com> References: <7fd868cc0812041400w78f73ebds7706ca9ddb55606@mail.gmail.com> <200812050807.56554.rancid@ale.cx> <4939BBD3.2080506@omniture.com> Message-ID: Oh wow.. I never even knew someone had written an adtran specific rancid script. I have been looking for this for months, using the standard cisco device type. John - what are the chances we can get this stuff included in the next alpha? I have failed every time I tried to integrate one. Also, I use these Adtran devices extensively, and I have two in a lab environment I could provide access to for script development. One is a Netvanta 6355 and the other is a Total Access 908e. Both use AOS and should be completely interoperable for Rancid. The lab is booked at the moment doing interop testing with a class 5 telco switch, but should free up relatively shortly. Peter On Fri, Dec 5, 2008 at 3:40 PM, Mike Ashcraft wrote: > Larry, > > Check your logs for "unknown router manufacturer" > > You did not indicate that you had added an entry for router type > adrancid in /usr/local/rancid/bin/rancid-fe > > something like: > > elsif ($vendor =~ /^adrancid$/i) { exec('adrancid', $router); } > > > Mike > > Kemp, Larry wrote: >> >> Hey guys... >> >> We have Rancid running great hourly diff-ing and backing up our >> configs for all our Cisco gear on our entire network. We are really >> happy with it and happy being part of this group, the Rancid community >> here has made all the difference to us. So thanks to all of you! >> >> We are now trying to get Rancid to work with my Adtran IAD 900's. The >> internal operating system essentially functions just like a Cisco >> router. Mr. Ted Cabeen wrote a great script for use on the Adtran IAD >> 900's too?located here: >> http://osdir.com/ml/network.rancid/2006-08/msg00025.html. >> >> We think rancid-run is executing the lines from the router.db and >> .cloginrc files because in the >> /usr/local/rancid/var/networking/configs directory we see a file with >> the IP-address of my IAD appear and we get the email telling us it was >> added. However when we look at the file in >> /usr/local/rancid/var/networking/configs (named after that devices >> IP-address) that file is empty. The IP is NOT showing up in the >> routers.down or the routers.failed files. >> >> I took Ted Cabeen's script and named it >> /usr/local/rancid/bin/adrancid, I placed this file "adrancid" in this >> directory with all the other executables (/see this file attached/). >> >> In the /usr/local/rancid/var/networking/router.db file I have this >> device listed as: >> >> 101.100.110.11:adrancid:up >> >> In the /usr/local/rancid/.cloginrc file I have the following commands >> listed for this device: >> >> # Device at IP address 10.100.110.11 >> >> add password 10.100.110.11 /the-rancid-account's-password/ >> /our-device's-enable-password/ >> >> add user 10.100.110.11 rancid >> >> add userprompt 10.100.11.11 >> >> add method 10.100.11.11 {telnet} >> >> I am using: >> >> - Cent OS version 5.2 >> >> - Rancid version 2.3..2a2 >> >> - Perl version 5.8.8 >> >> - Expect version 5.43.0-5.1.i386 >> >> - VI Improved version 7.0.237 >> >> I have not been able to find any info on correcting this problem >> online (where maybe somebody else has run into this too). I am >> thinking that maybe I need to change something simple in the >> /router.db/, /.cloginrc/ or rancid.conf files. If anyone has >> successfully gotten these Adtran IAD 900's to work with Rancid, we >> sure could use some minor guidance on what config you are using or how >> you solved this if you ran into it too. >> >> Thank you! >> >> Respectfully, >> >> Larry Kemp >> >> Bonita Springs FL USA >> >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -- ???? From wrjacqmein at gmail.com Sat Dec 6 13:25:04 2008 From: wrjacqmein at gmail.com (Bill Jacqmein) Date: Sat, 6 Dec 2008 08:25:04 -0500 Subject: [rancid] Re: Fortigate and Cisco VPN Concentrator Backup In-Reply-To: <8423e7bb0811251230r3f5d6d78hf7c0779c9148e90a@mail.gmail.com> References: <135765.66047.qm@web51408.mail.re2.yahoo.com> <8423e7bb0811251230r3f5d6d78hf7c0779c9148e90a@mail.gmail.com> Message-ID: <3c9a5bae0812060525s4ef36a82r4165d10b7950dc94@mail.gmail.com> .clogin additions add user add userpassword add method scp 3rd line was the one I was missing and getting an error about no method provide. To test the plugin ./vpn3k -ftest.test setup wrancid copy code for wrancid from below http://www.shrubbery.net/pipermail/rancid-discuss/2005-November/001276.html The only thing I havent been able to get working is the update for rancid-fe for 2.3.2a7 On Tue, Nov 25, 2008 at 3:30 PM, Lance Vermilion wrote: > See this post for the vpn 3000 concentrator > > http://www.shrubbery.net/pipermail/rancid-discuss/2006-October/001784.html > > On Tue, Nov 25, 2008 at 12:06 AM, Salim Surani > wrote: >> Hi, >> >> Has anyone managed to use Rancid to backup Cisco VPN Concentrator and >> Fortigate configurations. Please guide with step by step instructions use >> Rancid to backup these devices. >> >> Thank you and Regards >> Salim >> >> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >> > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > From jethro.binks at strath.ac.uk Sat Dec 6 17:36:45 2008 From: jethro.binks at strath.ac.uk (Jethro R Binks) Date: Sat, 6 Dec 2008 17:36:45 +0000 (GMT) Subject: [rancid] Re: Fortigate and Cisco VPN Concentrator Backup In-Reply-To: <3c9a5bae0812060525s4ef36a82r4165d10b7950dc94@mail.gmail.com> References: <135765.66047.qm@web51408.mail.re2.yahoo.com> <8423e7bb0811251230r3f5d6d78hf7c0779c9148e90a@mail.gmail.com> <3c9a5bae0812060525s4ef36a82r4165d10b7950dc94@mail.gmail.com> Message-ID: On Sat, 6 Dec 2008, Bill Jacqmein wrote: > The only thing I havent been able to get working is the update for > rancid-fe for 2.3.2a7 For the benefit of the list: http://sites.google.com/site/jrbinks/code/rancid/wraprancid Feedback welcome. Jethro. -- . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks Computing Officer, IT Services, University Of Strathclyde, Glasgow, UK From hurgh at hurgh.org Sun Dec 7 23:49:06 2008 From: hurgh at hurgh.org (Hurgh) Date: Mon, 8 Dec 2008 10:49:06 +1100 Subject: [rancid] Need a little help with Auto Enable Message-ID: <992d2c7c0812071549t2725cad0n510fb25dfb33f395@mail.gmail.com> Hi all, I am trying to login to a Cisco router that has AutoEnable setup (enter user and pass, and you are enabled). I have the following in my .clogin file: --------------------------------------------------------------------------------- add user 172.30.26.16 myusername add password 172.30.26.16 {mypassword} add autoenable 172.30.26.16 1 --------------------------------------------------------------------------------- The User and Pass have been swapped out, but I have confirmed the ones I am using are correct (can manually telnet to the device using the user and pass to login correctly). I have confirmed that the router supplies the correct "Username" and "Password" prompts. The following is the error I get when I run: rancid 172.30.26.16 -------------------------------------------------------------------------------- ./rancid 172.30.26.16 write(spawn_id=1): broken pipe while executing "send_user -- "$expect_out(buffer)"" invoked from within "expect -nobrace -re+ { exp_continue } -re {^[^ *]*spgvsour01c([^#>\r\n]+)?[#>](\([^)\r\n]+\))?} { send_user -- "$expect_out(buffer)" } -re {..." invoked from within "expect { -re "\b+" { exp_continue } -re "^\[^\n\r *]*$reprompt" { send_user -- "$expect_out(buffer)" } -re "^\[^\n\r]*$reprompt." { send..." invoked from within "if [ string match "*\;*" "$command" ] { set commands [split $command \;] set num_commands [llength $commands] # the pager can not be turned off on ..." (procedure "run_commands" line 34) invoked from within "run_commands $prompt $command" ("foreach" body line 150) invoked from within "foreach router [lrange $argv $i end] { set router [string tolower $router] # attempt at platform switching. set platform "" send_user ..." (file "/home/rancid/bin/clogin" line 712) 172.30.26.16: missed cmd(s): admin show diag,dir /all slavedisk2:,dir /all sec-slot2:,show diag,dir /all disk1:,dir /all sec-nvram:,dir /all disk2:,dir /all sec-bootflash:,show spe version,dir /all slaveslot2:,dir /all disk0:,dir /all slaveslot0:,dir /all sec-slot1:,dir /all harddiska:,dir /all slavenvram:,dir /all sec-disk2:,dir /all slavesup-bootflash:,dir /all sec-disk0:,dir /all harddiskb:,show inventory raw,dir /all slavedisk1:,show module,show controllers,show diagbus,dir /all slavedisk0:,show debug,dir /all bootflash:,dir /all sec-slot0:,dir /all sec-disk1:,write term,show vtp status,dir /all sup-bootflash:,dir /all slot2:,dir /all harddisk:,dir /all slot0:,dir /all sup-microcode:,show vlan,dir /all slavebootflash:,show controllers cbus,dir /all slaveslot1:,show vlan-switch,show running-config,show c7200,dir /all slot1: 172.30.26.16: End of run not found ! -------------------------------------------------------------------------------- I have done some searching etc, but can not find what the problem may be. >From reading through the errors, it seems that it is not able to enter the user or password, but I dont know why. Here is the output from a manual telnet to the device: -------------------------------------------------------------------------------- telnet 172.30.26.16 Trying 172.30.26.16... Connected to 172.30.26.16 (172.30.26.16). Escape character is '^]'. *********************************************************************** * Access to this computer system is limited to authorised users only. * * Unauthorised users may be subject to prosecution under the Crimes * * Act or State legislation * * * * Please note, ALL CUSTOMER DETAILS are confidential and must * * not be disclosed. * *********************************************************************** User Access Verification (ISP V1) Username: myusername Password: Signon successful. spgvsour01c28# -------------------------------------------------------------------------------- Again, username has been modified for privacy. If anyone can shed some light on what the issue may be, or point me in a direction that may enable me to trouble shoot a bit more, that would be much appreciated. Regards -Hurgh- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20081208/aeddf5f7/attachment.html From bsrinivasa at gmail.com Mon Dec 8 05:08:20 2008 From: bsrinivasa at gmail.com (Srinivasa Raju) Date: Mon, 8 Dec 2008 10:38:20 +0530 Subject: [rancid] Re: Need a little help with Auto Enable In-Reply-To: <992d2c7c0812071549t2725cad0n510fb25dfb33f395@mail.gmail.com> References: <992d2c7c0812071549t2725cad0n510fb25dfb33f395@mail.gmail.com> Message-ID: <8a58bdad0812072108g26f203ffv9f93c2cccb677326@mail.gmail.com> You can try this, this might fix the issue Edit rancid On Mon, Dec 8, 2008 at 5:19 AM, Hurgh wrote: > Hi all, > > I am trying to login to a Cisco router that has AutoEnable setup (enter > user and pass, and you are enabled). > > I have the following in my .clogin file: > > > --------------------------------------------------------------------------------- > add user 172.30.26.16 myusername > add password 172.30.26.16 {mypassword} > add autoenable 172.30.26.16 1 > > --------------------------------------------------------------------------------- > > The User and Pass have been swapped out, but I have confirmed the ones I am > using are correct (can manually telnet to the device using the user and pass > to login correctly). > > I have confirmed that the router supplies the correct "Username" and > "Password" prompts. > > The following is the error I get when I run: > > rancid 172.30.26.16 > > > -------------------------------------------------------------------------------- > ./rancid 172.30.26.16 > write(spawn_id=1): broken pipe > while executing > "send_user -- "$expect_out(buffer)"" > invoked from within > "expect -nobrace -re+ { exp_continue } -re {^[^ > *]*spgvsour01c([^#>\r\n]+)?[#>](\([^)\r\n]+\))?} { send_user -- > "$expect_out(buffer)" > } -re {..." > invoked from within > "expect { > -re "\b+" { exp_continue } > -re "^\[^\n\r *]*$reprompt" { send_user -- > "$expect_out(buffer)" > } > -re "^\[^\n\r]*$reprompt." { send..." > invoked from within > "if [ string match "*\;*" "$command" ] { > set commands [split $command \;] > set num_commands [llength $commands] > # the pager can not be turned off on ..." > (procedure "run_commands" line 34) > invoked from within > "run_commands $prompt $command" > ("foreach" body line 150) > invoked from within > "foreach router [lrange $argv $i end] { > set router [string tolower $router] > # attempt at platform switching. > set platform "" > send_user ..." > (file "/home/rancid/bin/clogin" line 712) > 172.30.26.16: missed cmd(s): admin show diag,dir /all slavedisk2:,dir /all > sec-slot2:,show diag,dir /all disk1:,dir /all sec-nvram:,dir /all disk2:,dir > /all sec-bootflash:,show spe version,dir /all slaveslot2:,dir /all > disk0:,dir /all slaveslot0:,dir /all sec-slot1:,dir /all harddiska:,dir /all > slavenvram:,dir /all sec-disk2:,dir /all slavesup-bootflash:,dir /all > sec-disk0:,dir /all harddiskb:,show inventory raw,dir /all slavedisk1:,show > module,show controllers,show diagbus,dir /all slavedisk0:,show debug,dir > /all bootflash:,dir /all sec-slot0:,dir /all sec-disk1:,write term,show vtp > status,dir /all sup-bootflash:,dir /all slot2:,dir /all harddisk:,dir /all > slot0:,dir /all sup-microcode:,show vlan,dir /all slavebootflash:,show > controllers cbus,dir /all slaveslot1:,show vlan-switch,show > running-config,show c7200,dir /all slot1: > 172.30.26.16: End of run not found > ! > > -------------------------------------------------------------------------------- > > I have done some searching etc, but can not find what the problem may be. > > From reading through the errors, it seems that it is not able to enter the > user or password, but I dont know why. > > Here is the output from a manual telnet to the device: > > > -------------------------------------------------------------------------------- > telnet 172.30.26.16 > Trying 172.30.26.16... > Connected to 172.30.26.16 (172.30.26.16). > Escape character is '^]'. > > *********************************************************************** > * Access to this computer system is limited to authorised users only. * > * Unauthorised users may be subject to prosecution under the Crimes * > * Act or State legislation * > * * > * Please note, ALL CUSTOMER DETAILS are confidential and must * > * not be disclosed. * > *********************************************************************** > > > > > User Access Verification (ISP V1) > > Username: myusername > Password: > Signon successful. > > spgvsour01c28# > > -------------------------------------------------------------------------------- > > Again, username has been modified for privacy. > > If anyone can shed some light on what the issue may be, or point me in a > direction that may enable me to trouble shoot a bit more, that would be much > appreciated. > > Regards > > -Hurgh- > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -- "Every man should get married some time; after all, happiness is not the only thing in life!!" -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20081208/763e8c3c/attachment.html From bsrinivasa at gmail.com Mon Dec 8 05:08:00 2008 From: bsrinivasa at gmail.com (Srinivasa Raju) Date: Mon, 8 Dec 2008 10:38:00 +0530 Subject: [rancid] Re: Need a little help with Auto Enable In-Reply-To: <992d2c7c0812071549t2725cad0n510fb25dfb33f395@mail.gmail.com> References: <992d2c7c0812071549t2725cad0n510fb25dfb33f395@mail.gmail.com> Message-ID: <8a58bdad0812072108w5e74df24p15d65bbc79e5d963@mail.gmail.com> You can try this, this might fix the issue Edit /bin/rancid Give absolute path where ever you see in the script is invoking 'clogin' For ex: - open(INPUT,"clogin -t $timeo -c \"$cisco_cmds\" $host wrote: > Hi all, > > I am trying to login to a Cisco router that has AutoEnable setup (enter > user and pass, and you are enabled). > > I have the following in my .clogin file: > > > --------------------------------------------------------------------------------- > add user 172.30.26.16 myusername > add password 172.30.26.16 {mypassword} > add autoenable 172.30.26.16 1 > > --------------------------------------------------------------------------------- > > The User and Pass have been swapped out, but I have confirmed the ones I am > using are correct (can manually telnet to the device using the user and pass > to login correctly). > > I have confirmed that the router supplies the correct "Username" and > "Password" prompts. > > The following is the error I get when I run: > > rancid 172.30.26.16 > > > -------------------------------------------------------------------------------- > ./rancid 172.30.26.16 > write(spawn_id=1): broken pipe > while executing > "send_user -- "$expect_out(buffer)"" > invoked from within > "expect -nobrace -re+ { exp_continue } -re {^[^ > *]*spgvsour01c([^#>\r\n]+)?[#>](\([^)\r\n]+\))?} { send_user -- > "$expect_out(buffer)" > } -re {..." > invoked from within > "expect { > -re "\b+" { exp_continue } > -re "^\[^\n\r *]*$reprompt" { send_user -- > "$expect_out(buffer)" > } > -re "^\[^\n\r]*$reprompt." { send..." > invoked from within > "if [ string match "*\;*" "$command" ] { > set commands [split $command \;] > set num_commands [llength $commands] > # the pager can not be turned off on ..." > (procedure "run_commands" line 34) > invoked from within > "run_commands $prompt $command" > ("foreach" body line 150) > invoked from within > "foreach router [lrange $argv $i end] { > set router [string tolower $router] > # attempt at platform switching. > set platform "" > send_user ..." > (file "/home/rancid/bin/clogin" line 712) > 172.30.26.16: missed cmd(s): admin show diag,dir /all slavedisk2:,dir /all > sec-slot2:,show diag,dir /all disk1:,dir /all sec-nvram:,dir /all disk2:,dir > /all sec-bootflash:,show spe version,dir /all slaveslot2:,dir /all > disk0:,dir /all slaveslot0:,dir /all sec-slot1:,dir /all harddiska:,dir /all > slavenvram:,dir /all sec-disk2:,dir /all slavesup-bootflash:,dir /all > sec-disk0:,dir /all harddiskb:,show inventory raw,dir /all slavedisk1:,show > module,show controllers,show diagbus,dir /all slavedisk0:,show debug,dir > /all bootflash:,dir /all sec-slot0:,dir /all sec-disk1:,write term,show vtp > status,dir /all sup-bootflash:,dir /all slot2:,dir /all harddisk:,dir /all > slot0:,dir /all sup-microcode:,show vlan,dir /all slavebootflash:,show > controllers cbus,dir /all slaveslot1:,show vlan-switch,show > running-config,show c7200,dir /all slot1: > 172.30.26.16: End of run not found > ! > > -------------------------------------------------------------------------------- > > I have done some searching etc, but can not find what the problem may be. > > From reading through the errors, it seems that it is not able to enter the > user or password, but I dont know why. > > Here is the output from a manual telnet to the device: > > > -------------------------------------------------------------------------------- > telnet 172.30.26.16 > Trying 172.30.26.16... > Connected to 172.30.26.16 (172.30.26.16). > Escape character is '^]'. > > *********************************************************************** > * Access to this computer system is limited to authorised users only. * > * Unauthorised users may be subject to prosecution under the Crimes * > * Act or State legislation * > * * > * Please note, ALL CUSTOMER DETAILS are confidential and must * > * not be disclosed. * > *********************************************************************** > > > > > User Access Verification (ISP V1) > > Username: myusername > Password: > Signon successful. > > spgvsour01c28# > > -------------------------------------------------------------------------------- > > Again, username has been modified for privacy. > > If anyone can shed some light on what the issue may be, or point me in a > direction that may enable me to trouble shoot a bit more, that would be much > appreciated. > > Regards > > -Hurgh- > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -- "Every man should get married some time; after all, happiness is not the only thing in life!!" -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20081208/f9ec695e/attachment.html From oglumavd at gmail.com Mon Dec 8 02:06:55 2008 From: oglumavd at gmail.com (Oglum AVD) Date: Sun, 7 Dec 2008 18:06:55 -0800 Subject: [rancid] Rancid with Cisco ACS 4.x Issue Message-ID: I have been running Rancid a while and everything has been great until recent. We purchased Cisco ACS 4.x and of-course authentication is going thru the ACS server. I have been having issue with when Rancid access the router, nothing displays; Example: root at linux804:/var/lib/rancid# /var/lib/rancid/bin/clogin -c 'sho clock' c3560-24-sw1 hsparkeast-c3560-24-sw1 spawn ssh -c 3des -x -l netman c3560-24-sw1 netman at c3560-24-sw1's password: *Error: TIMEOUT reached *root at linux804:/var/lib/rancid# if I removed the device from ACS and use local account, everything work great! Any help greatly appreciated! OglumAVD -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20081207/37475eb2/attachment.html From smunzani at comcast.net Mon Dec 8 19:37:51 2008 From: smunzani at comcast.net (Sam Munzani) Date: Mon, 08 Dec 2008 13:37:51 -0600 Subject: [rancid] Re: Rancid with Cisco ACS 4.x Issue In-Reply-To: References: Message-ID: <493D778F.3000402@comcast.net> If you figure out please post the solution. I have same exact issue with Radius services for over an year now and haven't figured out a solution yet. Thanks, Sam > I have been running Rancid a while and everything has been great until > recent. > We purchased Cisco ACS 4.x and of-course authentication is going thru > the ACS server. I have been having issue with when Rancid access the > router, nothing displays; > > Example: > root at linux804:/var/lib/rancid # > /var/lib/rancid/bin/clogin -c 'sho clock' c3560-24-sw1 > hsparkeast-c3560-24-sw1 > spawn ssh -c 3des -x -l netman c3560-24-sw1 > netman at c3560-24-sw1's password: > *Error: TIMEOUT reached > *root at linux804:/var/lib/rancid # > > if I removed the device from ACS and use local account, everything > work great! > > Any help greatly appreciated! > > OglumAVD > ------------------------------------------------------------------------ > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20081208/669da3e1/attachment.html From heas at shrubbery.net Mon Dec 8 19:39:25 2008 From: heas at shrubbery.net (john heasley) Date: Mon, 8 Dec 2008 11:39:25 -0800 Subject: [rancid] Re: Need a little help with Auto Enable In-Reply-To: <8a58bdad0812072108w5e74df24p15d65bbc79e5d963@mail.gmail.com> References: <992d2c7c0812071549t2725cad0n510fb25dfb33f395@mail.gmail.com> <8a58bdad0812072108w5e74df24p15d65bbc79e5d963@mail.gmail.com> Message-ID: <20081208193925.GE7726@shrubbery.net> Mon, Dec 08, 2008 at 10:38:00AM +0530, Srinivasa Raju: > You can try this, this might fix the issue > Edit /bin/rancid > > Give absolute path where ever you see in the script is invoking 'clogin' > > For ex: > - open(INPUT,"clogin -t $timeo -c \"$cisco_cmds\" $host die "clogin failed for $host: $!\n"; > + open(INPUT,"/usr/local/rancid/bin/clogin -t $timeo -c \"$cisco_cmds\" > $host References: <992d2c7c0812071549t2725cad0n510fb25dfb33f395@mail.gmail.com> Message-ID: <20081208194133.GF7726@shrubbery.net> Mon, Dec 08, 2008 at 10:49:06AM +1100, Hurgh: > Hi all, > > I am trying to login to a Cisco router that has AutoEnable setup (enter user > and pass, and you are enabled). > > I have the following in my .clogin file: > > --------------------------------------------------------------------------------- > add user 172.30.26.16 myusername > add password 172.30.26.16 {mypassword} > add autoenable 172.30.26.16 1 > --------------------------------------------------------------------------------- > > The User and Pass have been swapped out, but I have confirmed the ones I am > using are correct (can manually telnet to the device using the user and pass > to login correctly). > > I have confirmed that the router supplies the correct "Username" and > "Password" prompts. > > The following is the error I get when I run: > > rancid 172.30.26.16 > > -------------------------------------------------------------------------------- > ./rancid 172.30.26.16 > write(spawn_id=1): broken pipe > while executing > "send_user -- "$expect_out(buffer)"" > invoked from within > "expect -nobrace -re+ { exp_continue } -re {^[^ > *]*spgvsour01c([^#>\r\n]+)?[#>](\([^)\r\n]+\))?} { send_user -- ^^^^^^^^^^^ it looks like its already logged in and seen the prompt and has begun to run commands. its more likely that the device disconnected prematurely, but why I do not know. Follow the cloginrc/clogin testing in the FAQ. > "$expect_out(buffer)" > } -re {..." > invoked from within > "expect { > -re "\b+" { exp_continue } > -re "^\[^\n\r *]*$reprompt" { send_user -- > "$expect_out(buffer)" > } > -re "^\[^\n\r]*$reprompt." { send..." > invoked from within > "if [ string match "*\;*" "$command" ] { > set commands [split $command \;] > set num_commands [llength $commands] > # the pager can not be turned off on ..." > (procedure "run_commands" line 34) > invoked from within > "run_commands $prompt $command" > ("foreach" body line 150) > invoked from within > "foreach router [lrange $argv $i end] { > set router [string tolower $router] > # attempt at platform switching. > set platform "" > send_user ..." > (file "/home/rancid/bin/clogin" line 712) > 172.30.26.16: missed cmd(s): admin show diag,dir /all slavedisk2:,dir /all > sec-slot2:,show diag,dir /all disk1:,dir /all sec-nvram:,dir /all disk2:,dir > /all sec-bootflash:,show spe version,dir /all slaveslot2:,dir /all > disk0:,dir /all slaveslot0:,dir /all sec-slot1:,dir /all harddiska:,dir /all > slavenvram:,dir /all sec-disk2:,dir /all slavesup-bootflash:,dir /all > sec-disk0:,dir /all harddiskb:,show inventory raw,dir /all slavedisk1:,show > module,show controllers,show diagbus,dir /all slavedisk0:,show debug,dir > /all bootflash:,dir /all sec-slot0:,dir /all sec-disk1:,write term,show vtp > status,dir /all sup-bootflash:,dir /all slot2:,dir /all harddisk:,dir /all > slot0:,dir /all sup-microcode:,show vlan,dir /all slavebootflash:,show > controllers cbus,dir /all slaveslot1:,show vlan-switch,show > running-config,show c7200,dir /all slot1: > 172.30.26.16: End of run not found > ! > -------------------------------------------------------------------------------- > > I have done some searching etc, but can not find what the problem may be. > > >From reading through the errors, it seems that it is not able to enter the > user or password, but I dont know why. > > Here is the output from a manual telnet to the device: > > -------------------------------------------------------------------------------- > telnet 172.30.26.16 > Trying 172.30.26.16... > Connected to 172.30.26.16 (172.30.26.16). > Escape character is '^]'. > > *********************************************************************** > * Access to this computer system is limited to authorised users only. * > * Unauthorised users may be subject to prosecution under the Crimes * > * Act or State legislation * > * * > * Please note, ALL CUSTOMER DETAILS are confidential and must * > * not be disclosed. * > *********************************************************************** > > > > > User Access Verification (ISP V1) > > Username: myusername > Password: > Signon successful. > > spgvsour01c28# > -------------------------------------------------------------------------------- > > Again, username has been modified for privacy. > > If anyone can shed some light on what the issue may be, or point me in a > direction that may enable me to trouble shoot a bit more, that would be much > appreciated. > > Regards > > -Hurgh- > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From heas at shrubbery.net Mon Dec 8 20:45:34 2008 From: heas at shrubbery.net (john heasley) Date: Mon, 8 Dec 2008 12:45:34 -0800 Subject: [rancid] Re: Rancid with Cisco ACS 4.x Issue In-Reply-To: <493D778F.3000402@comcast.net> References: <493D778F.3000402@comcast.net> Message-ID: <20081208204534.GS7726@shrubbery.net> Mon, Dec 08, 2008 at 01:37:51PM -0600, Sam Munzani: > If you figure out please post the solution. I have same exact issue with > Radius services for over an year now and haven't figured out a solution yet. > > Thanks, > Sam > >I have been running Rancid a while and everything has been great until > >recent. > >We purchased Cisco ACS 4.x and of-course authentication is going thru > >the ACS server. I have been having issue with when Rancid access the > >router, nothing displays; > > > >Example: > >root at linux804:/var/lib/rancid # > >/var/lib/rancid/bin/clogin -c 'sho clock' c3560-24-sw1 > >hsparkeast-c3560-24-sw1 > >spawn ssh -c 3des -x -l netman c3560-24-sw1 > >netman at c3560-24-sw1's password: > >*Error: TIMEOUT reached > >*root at linux804:/var/lib/rancid # that shouldnt be a problem. I cant see the problem in the code. First ensure that you're using the most recent clogin and I presume you've not set passprompt in .cloginrc; if that does not work, run clogin -d -c 'show clock' c3560-24-sw1 > log 2>&1 that'l produce a lot of debugging information, but should indicate the problem. > > > >if I removed the device from ACS and use local account, everything > >work great! > > > >Any help greatly appreciated! > > > >OglumAVD > >------------------------------------------------------------------------ > > > >_______________________________________________ > >Rancid-discuss mailing list > >Rancid-discuss at shrubbery.net > >http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From hurgh at hurgh.org Mon Dec 8 22:09:25 2008 From: hurgh at hurgh.org (Hurgh) Date: Tue, 9 Dec 2008 09:09:25 +1100 Subject: [rancid] Re: Need a little help with Auto Enable In-Reply-To: <20081208194133.GF7726@shrubbery.net> References: <992d2c7c0812071549t2725cad0n510fb25dfb33f395@mail.gmail.com> <20081208194133.GF7726@shrubbery.net> Message-ID: <9367ee820812081409v2aa21712y2c8baa9e03c05165@mail.gmail.com> Hi All, With a little bit of reading and some rancid -d action, I have discovered the problem. -- snip -- HIT COMMAND:spgvsour01c28#show variables boot In ShowBoot: spgvsour01c28#show variables boot HIT COMMAND:spgvsour01c28#show flash In ShowFlash: spgvsour01c28#show flash HIT COMMAND:spgvsour01c28#dir /all nvram: In DirSlotN: spgvsour01c28#dir /all nvram: write(spawn_id=1): broken pipe while executing "send_user -- "$expect_out(buffer)"" invoked from within "expect -nobrace -re+ { exp_continue } -re {^[^ *]*spgvsour01c([^#>\r\n]+)?[#>](\([^)\r\n]+\))?} { send_user -- "$expect_out(buffer)" } -re {..." invoked from within "expect { -- snip -- It seems that the username I am using to login to the router does not have access to run some of the required commands. Dose anyone know how to stop Rancid running specific commands for specific hosts? or is it a manual hack job to fix it? Thanks On Tue, Dec 9, 2008 at 6:41 AM, john heasley wrote: > Mon, Dec 08, 2008 at 10:49:06AM +1100, Hurgh: > > Hi all, > > > > I am trying to login to a Cisco router that has AutoEnable setup (enter > user > > and pass, and you are enabled). > > > > I have the following in my .clogin file: > > > > > --------------------------------------------------------------------------------- > > add user 172.30.26.16 myusername > > add password 172.30.26.16 {mypassword} > > add autoenable 172.30.26.16 1 > > > --------------------------------------------------------------------------------- > > > > The User and Pass have been swapped out, but I have confirmed the ones I > am > > using are correct (can manually telnet to the device using the user and > pass > > to login correctly). > > > > I have confirmed that the router supplies the correct "Username" and > > "Password" prompts. > > > > The following is the error I get when I run: > > > > rancid 172.30.26.16 > > > > > -------------------------------------------------------------------------------- > > ./rancid 172.30.26.16 > > write(spawn_id=1): broken pipe > > while executing > > "send_user -- "$expect_out(buffer)"" > > invoked from within > > "expect -nobrace -re+ { exp_continue } -re {^[^ > > *]*spgvsour01c([^#>\r\n]+)?[#>](\([^)\r\n]+\))?} { send_user -- > ^^^^^^^^^^^ > it looks like its already logged in and seen the prompt and has begun > to run commands. its more likely that the device disconnected prematurely, > but why I do not know. Follow the cloginrc/clogin testing in the FAQ. > > > "$expect_out(buffer)" > > } -re {..." > > invoked from within > > "expect { > > -re "\b+" { exp_continue } > > -re "^\[^\n\r *]*$reprompt" { send_user -- > > "$expect_out(buffer)" > > } > > -re "^\[^\n\r]*$reprompt." { send..." > > invoked from within > > "if [ string match "*\;*" "$command" ] { > > set commands [split $command \;] > > set num_commands [llength $commands] > > # the pager can not be turned off on ..." > > (procedure "run_commands" line 34) > > invoked from within > > "run_commands $prompt $command" > > ("foreach" body line 150) > > invoked from within > > "foreach router [lrange $argv $i end] { > > set router [string tolower $router] > > # attempt at platform switching. > > set platform "" > > send_user ..." > > (file "/home/rancid/bin/clogin" line 712) > > 172.30.26.16: missed cmd(s): admin show diag,dir /all slavedisk2:,dir > /all > > sec-slot2:,show diag,dir /all disk1:,dir /all sec-nvram:,dir /all > disk2:,dir > > /all sec-bootflash:,show spe version,dir /all slaveslot2:,dir /all > > disk0:,dir /all slaveslot0:,dir /all sec-slot1:,dir /all harddiska:,dir > /all > > slavenvram:,dir /all sec-disk2:,dir /all slavesup-bootflash:,dir /all > > sec-disk0:,dir /all harddiskb:,show inventory raw,dir /all > slavedisk1:,show > > module,show controllers,show diagbus,dir /all slavedisk0:,show debug,dir > > /all bootflash:,dir /all sec-slot0:,dir /all sec-disk1:,write term,show > vtp > > status,dir /all sup-bootflash:,dir /all slot2:,dir /all harddisk:,dir > /all > > slot0:,dir /all sup-microcode:,show vlan,dir /all slavebootflash:,show > > controllers cbus,dir /all slaveslot1:,show vlan-switch,show > > running-config,show c7200,dir /all slot1: > > 172.30.26.16: End of run not found > > ! > > > -------------------------------------------------------------------------------- > > > > I have done some searching etc, but can not find what the problem may be. > > > > >From reading through the errors, it seems that it is not able to enter > the > > user or password, but I dont know why. > > > > Here is the output from a manual telnet to the device: > > > > > -------------------------------------------------------------------------------- > > telnet 172.30.26.16 > > Trying 172.30.26.16... > > Connected to 172.30.26.16 (172.30.26.16). > > Escape character is '^]'. > > > > > *********************************************************************** > > * Access to this computer system is limited to authorised users only. > * > > * Unauthorised users may be subject to prosecution under the Crimes > * > > * Act or State legislation > * > > * > * > > * Please note, ALL CUSTOMER DETAILS are confidential and must > * > > * not be disclosed. > * > > > *********************************************************************** > > > > > > > > > > User Access Verification (ISP V1) > > > > Username: myusername > > Password: > > Signon successful. > > > > spgvsour01c28# > > > -------------------------------------------------------------------------------- > > > > Again, username has been modified for privacy. > > > > If anyone can shed some light on what the issue may be, or point me in a > > direction that may enable me to trouble shoot a bit more, that would be > much > > appreciated. > > > > Regards > > > > -Hurgh- > > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20081209/4d198b38/attachment.html From CBell at thig.com Tue Dec 9 12:04:42 2008 From: CBell at thig.com (Chris Bell) Date: Tue, 9 Dec 2008 07:04:42 -0500 Subject: [rancid] Re: Rancid with Cisco ACS 4.x Issue In-Reply-To: Message-ID: I've been using RANCID with the Cisco ACS server for a while now with no issues after the initial setup for authenticating to my devices (HP, Cisco, Force 10). I used NDG's and added my RANCID user to the Domain. Mapped the ACS group to the AD group and Voila!! One problem I have noticed however with Cisco ACS is that if the user is a member of more than once user group with different types of authentication (TACACS or RADIUS), one or the other will work but not both. For example: User has access to all network devices using AD account and TACACS authentication over the ACS. Same user has VPN access and firewall points RADIUS authentication to the ACS. It don't work - I have a TAC case open, but no word yet. ________________________________ From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Oglum AVD Sent: Sunday, December 07, 2008 9:07 PM To: rancid-discuss at shrubbery.net Subject: [rancid] Rancid with Cisco ACS 4.x Issue I have been running Rancid a while and everything has been great until recent. We purchased Cisco ACS 4.x and of-course authentication is going thru the ACS server. I have been having issue with when Rancid access the router, nothing displays; Example: root at linux804:/var/lib/rancid# /var/lib/rancid/bin/clogin -c 'sho clock' c3560-24-sw1 hsparkeast-c3560-24-sw1 spawn ssh -c 3des -x -l netman c3560-24-sw1 netman at c3560-24-sw1's password: Error: TIMEOUT reached root at linux804:/var/lib/rancid# if I removed the device from ACS and use local account, everything work great! Any help greatly appreciated! OglumAVD -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20081209/0d48f0d1/attachment.html From rancid at gheek.net Tue Dec 9 15:17:25 2008 From: rancid at gheek.net (Lance Vermilion) Date: Tue, 9 Dec 2008 08:17:25 -0700 Subject: [rancid] Re: Need a little help with Auto Enable In-Reply-To: <9367ee820812081409v2aa21712y2c8baa9e03c05165@mail.gmail.com> References: <992d2c7c0812071549t2725cad0n510fb25dfb33f395@mail.gmail.com> <20081208194133.GF7726@shrubbery.net> <9367ee820812081409v2aa21712y2c8baa9e03c05165@mail.gmail.com> Message-ID: <8423e7bb0812090717q4457963fme7cf3811c15dea7b@mail.gmail.com> Edit them out from the commandtable in /bin/rancid You just need to put a # in front of the command you don't want to run. On Mon, Dec 8, 2008 at 3:09 PM, Hurgh wrote: > Hi All, > > With a little bit of reading and some rancid -d action, I have discovered > the problem. > > -- snip -- > HIT COMMAND:spgvsour01c28#show variables boot > In ShowBoot: spgvsour01c28#show variables boot > HIT COMMAND:spgvsour01c28#show flash > In ShowFlash: spgvsour01c28#show flash > HIT COMMAND:spgvsour01c28#dir /all nvram: > In DirSlotN: spgvsour01c28#dir /all nvram: > write(spawn_id=1): broken pipe > while executing > "send_user -- "$expect_out(buffer)"" > invoked from within > "expect -nobrace -re+ { exp_continue } -re {^[^ > *]*spgvsour01c([^#>\r\n]+)?[#>](\([^)\r\n]+\))?} { send_user -- > "$expect_out(buffer)" > } -re {..." > invoked from within > "expect { > -- snip -- > > It seems that the username I am using to login to the router does not have > access to run some of the required commands. > > Dose anyone know how to stop Rancid running specific commands for specific > hosts? or is it a manual hack job to fix it? > > Thanks > > > > On Tue, Dec 9, 2008 at 6:41 AM, john heasley wrote: >> >> Mon, Dec 08, 2008 at 10:49:06AM +1100, Hurgh: >> > Hi all, >> > >> > I am trying to login to a Cisco router that has AutoEnable setup (enter >> > user >> > and pass, and you are enabled). >> > >> > I have the following in my .clogin file: >> > >> > >> > --------------------------------------------------------------------------------- >> > add user 172.30.26.16 myusername >> > add password 172.30.26.16 {mypassword} >> > add autoenable 172.30.26.16 1 >> > >> > --------------------------------------------------------------------------------- >> > >> > The User and Pass have been swapped out, but I have confirmed the ones I >> > am >> > using are correct (can manually telnet to the device using the user and >> > pass >> > to login correctly). >> > >> > I have confirmed that the router supplies the correct "Username" and >> > "Password" prompts. >> > >> > The following is the error I get when I run: >> > >> > rancid 172.30.26.16 >> > >> > >> > -------------------------------------------------------------------------------- >> > ./rancid 172.30.26.16 >> > write(spawn_id=1): broken pipe >> > while executing >> > "send_user -- "$expect_out(buffer)"" >> > invoked from within >> > "expect -nobrace -re+ { exp_continue } -re {^[^ >> > *]*spgvsour01c([^#>\r\n]+)?[#>](\([^)\r\n]+\))?} { send_user -- >> ^^^^^^^^^^^ >> it looks like its already logged in and seen the prompt and has begun >> to run commands. its more likely that the device disconnected >> prematurely, >> but why I do not know. Follow the cloginrc/clogin testing in the FAQ. >> >> > "$expect_out(buffer)" >> > } -re {..." >> > invoked from within >> > "expect { >> > -re "\b+" { exp_continue } >> > -re "^\[^\n\r *]*$reprompt" { send_user -- >> > "$expect_out(buffer)" >> > } >> > -re "^\[^\n\r]*$reprompt." { send..." >> > invoked from within >> > "if [ string match "*\;*" "$command" ] { >> > set commands [split $command \;] >> > set num_commands [llength $commands] >> > # the pager can not be turned off on ..." >> > (procedure "run_commands" line 34) >> > invoked from within >> > "run_commands $prompt $command" >> > ("foreach" body line 150) >> > invoked from within >> > "foreach router [lrange $argv $i end] { >> > set router [string tolower $router] >> > # attempt at platform switching. >> > set platform "" >> > send_user ..." >> > (file "/home/rancid/bin/clogin" line 712) >> > 172.30.26.16: missed cmd(s): admin show diag,dir /all slavedisk2:,dir >> > /all >> > sec-slot2:,show diag,dir /all disk1:,dir /all sec-nvram:,dir /all >> > disk2:,dir >> > /all sec-bootflash:,show spe version,dir /all slaveslot2:,dir /all >> > disk0:,dir /all slaveslot0:,dir /all sec-slot1:,dir /all harddiska:,dir >> > /all >> > slavenvram:,dir /all sec-disk2:,dir /all slavesup-bootflash:,dir /all >> > sec-disk0:,dir /all harddiskb:,show inventory raw,dir /all >> > slavedisk1:,show >> > module,show controllers,show diagbus,dir /all slavedisk0:,show debug,dir >> > /all bootflash:,dir /all sec-slot0:,dir /all sec-disk1:,write term,show >> > vtp >> > status,dir /all sup-bootflash:,dir /all slot2:,dir /all harddisk:,dir >> > /all >> > slot0:,dir /all sup-microcode:,show vlan,dir /all slavebootflash:,show >> > controllers cbus,dir /all slaveslot1:,show vlan-switch,show >> > running-config,show c7200,dir /all slot1: >> > 172.30.26.16: End of run not found >> > ! >> > >> > -------------------------------------------------------------------------------- >> > >> > I have done some searching etc, but can not find what the problem may >> > be. >> > >> > >From reading through the errors, it seems that it is not able to enter >> > the >> > user or password, but I dont know why. >> > >> > Here is the output from a manual telnet to the device: >> > >> > >> > -------------------------------------------------------------------------------- >> > telnet 172.30.26.16 >> > Trying 172.30.26.16... >> > Connected to 172.30.26.16 (172.30.26.16). >> > Escape character is '^]'. >> > >> > >> > *********************************************************************** >> > * Access to this computer system is limited to authorised users >> > only. * >> > * Unauthorised users may be subject to prosecution under the Crimes >> > * >> > * Act or State legislation >> > * >> > * >> > * >> > * Please note, ALL CUSTOMER DETAILS are confidential and must >> > * >> > * not be disclosed. >> > * >> > >> > *********************************************************************** >> > >> > >> > >> > >> > User Access Verification (ISP V1) >> > >> > Username: myusername >> > Password: >> > Signon successful. >> > >> > spgvsour01c28# >> > >> > -------------------------------------------------------------------------------- >> > >> > Again, username has been modified for privacy. >> > >> > If anyone can shed some light on what the issue may be, or point me in a >> > direction that may enable me to trouble shoot a bit more, that would be >> > much >> > appreciated. >> > >> > Regards >> > >> > -Hurgh- >> >> > _______________________________________________ >> > Rancid-discuss mailing list >> > Rancid-discuss at shrubbery.net >> > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > From dnewman at networktest.com Tue Dec 9 15:50:49 2008 From: dnewman at networktest.com (David Newman) Date: Tue, 09 Dec 2008 07:50:49 -0800 Subject: [rancid] Re: bypassing splash screen on HP ProCurve 3500 In-Reply-To: <493980D4.503@networktest.com> References: <4938BB54.2040004@networktest.com> <20081205174541.GF21966@shrubbery.net> <493980D4.503@networktest.com> Message-ID: <493E93D9.2040109@networktest.com> On 12/5/08 11:28 AM, David Newman wrote: > On 12/5/08 9:45 AM, john heasley wrote: >> Thu, Dec 04, 2008 at 09:25:40PM -0800, David Newman: >>> Running Rancid 2.3.1_3 on FreeBSD 7 from ports, and having difficulty >>> grabbing configs from an HP ProCurve 3500yl switch because of the splash >>> screen the switch displays at login. >>> >>> I've pasted below the switch info from .cloginrc. >>> >>> Is there a workaround to get beyond the switch's initial splash screen? >> What is the splash screen? my hp2524 has one, but hrancid passes it just >> fine. > Still stuck on this. Running "clogin -c 'show run' 1.2.3.4" hangs at the splash screen (output below). Thanks in advance for any clues on getting beyond that point. dn $ clogin -c 'show run' 1.2.3.4 ProCurve J8693A Switch 3500yl-48G Software revision K.13.25 Copyright (C) 1991-2008 Hewlett-Packard Co. All Rights Reserved. RESTRICTED RIGHTS LEGEND Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subdivision (b) (3) (ii) of the Rights in Technical Data and Computer Software clause at 52.227-7013. HEWLETT-PACKARD COMPANY, 3000 Hanover St., Palo Alto, CA 94303 Press any key to continue From victor at impulse.net Tue Dec 9 16:41:13 2008 From: victor at impulse.net (Victor Breen) Date: Tue, 9 Dec 2008 08:41:13 -0800 (PST) Subject: [rancid] Re: Need a little help with Auto Enable In-Reply-To: <705021992.2984261228839807416.JavaMail.root@lavender.impulse.net> Message-ID: <145683670.2986561228840873169.JavaMail.root@lavender.impulse.net> Another option aside from limiting the commands issued by rancid is you also could give your username the same privileges as you would have being fully "enabled" so you won't hit a roadblock during rancid-run. This is pretty safe if you have a good set of ACLs to firewall ssh from the world keeping the bad guys out and your rancid logins unrestricted. The other side of the coin is you have to protect your username's password just as rigidly as the enable password since it can potentially do just as much damage in the wrong hands. Ex: username privilege 15 secret P.S. I also recommend using "service password-encryption" and adding "transport input ssh" on your vtys if you have a crypto version of IOS ;-) -- Victor Breen victor at impulse.net ----- Original Message ----- From: "Lance Vermilion" To: rancid-discuss at shrubbery.net Sent: Tuesday, December 9, 2008 7:17:25 AM GMT -08:00 US/Canada Pacific Subject: [rancid] Re: Need a little help with Auto Enable Edit them out from the commandtable in /bin/rancid You just need to put a # in front of the command you don't want to run. On Mon, Dec 8, 2008 at 3:09 PM, Hurgh wrote: > Hi All, > > With a little bit of reading and some rancid -d action, I have discovered > the problem. > > -- snip -- > HIT COMMAND:spgvsour01c28#show variables boot > In ShowBoot: spgvsour01c28#show variables boot > HIT COMMAND:spgvsour01c28#show flash > In ShowFlash: spgvsour01c28#show flash > HIT COMMAND:spgvsour01c28#dir /all nvram: > In DirSlotN: spgvsour01c28#dir /all nvram: > write(spawn_id=1): broken pipe > while executing > "send_user -- "$expect_out(buffer)"" > invoked from within > "expect -nobrace -re+ { exp_continue } -re {^[^ > *]*spgvsour01c([^#>\r\n]+)?[#>](\([^)\r\n]+\))?} { send_user -- > "$expect_out(buffer)" > } -re {..." > invoked from within > "expect { > -- snip -- > > It seems that the username I am using to login to the router does not have > access to run some of the required commands. > > Dose anyone know how to stop Rancid running specific commands for specific > hosts? or is it a manual hack job to fix it? > > Thanks > > > > On Tue, Dec 9, 2008 at 6:41 AM, john heasley wrote: >> >> Mon, Dec 08, 2008 at 10:49:06AM +1100, Hurgh: >> > Hi all, >> > >> > I am trying to login to a Cisco router that has AutoEnable setup (enter >> > user >> > and pass, and you are enabled). >> > >> > I have the following in my .clogin file: >> > >> > >> > --------------------------------------------------------------------------------- >> > add user 172.30.26.16 myusername >> > add password 172.30.26.16 {mypassword} >> > add autoenable 172.30.26.16 1 >> > >> > --------------------------------------------------------------------------------- >> > >> > The User and Pass have been swapped out, but I have confirmed the ones I >> > am >> > using are correct (can manually telnet to the device using the user and >> > pass >> > to login correctly). >> > >> > I have confirmed that the router supplies the correct "Username" and >> > "Password" prompts. >> > >> > The following is the error I get when I run: >> > >> > rancid 172.30.26.16 >> > >> > >> > -------------------------------------------------------------------------------- >> > ./rancid 172.30.26.16 >> > write(spawn_id=1): broken pipe >> > while executing >> > "send_user -- "$expect_out(buffer)"" >> > invoked from within >> > "expect -nobrace -re+ { exp_continue } -re {^[^ >> > *]*spgvsour01c([^#>\r\n]+)?[#>](\([^)\r\n]+\))?} { send_user -- >> ^^^^^^^^^^^ >> it looks like its already logged in and seen the prompt and has begun >> to run commands. its more likely that the device disconnected >> prematurely, >> but why I do not know. Follow the cloginrc/clogin testing in the FAQ. >> >> > "$expect_out(buffer)" >> > } -re {..." >> > invoked from within >> > "expect { >> > -re "\b+" { exp_continue } >> > -re "^\[^\n\r *]*$reprompt" { send_user -- >> > "$expect_out(buffer)" >> > } >> > -re "^\[^\n\r]*$reprompt." { send..." >> > invoked from within >> > "if [ string match "*\;*" "$command" ] { >> > set commands [split $command \;] >> > set num_commands [llength $commands] >> > # the pager can not be turned off on ..." >> > (procedure "run_commands" line 34) >> > invoked from within >> > "run_commands $prompt $command" >> > ("foreach" body line 150) >> > invoked from within >> > "foreach router [lrange $argv $i end] { >> > set router [string tolower $router] >> > # attempt at platform switching. >> > set platform "" >> > send_user ..." >> > (file "/home/rancid/bin/clogin" line 712) >> > 172.30.26.16: missed cmd(s): admin show diag,dir /all slavedisk2:,dir >> > /all >> > sec-slot2:,show diag,dir /all disk1:,dir /all sec-nvram:,dir /all >> > disk2:,dir >> > /all sec-bootflash:,show spe version,dir /all slaveslot2:,dir /all >> > disk0:,dir /all slaveslot0:,dir /all sec-slot1:,dir /all harddiska:,dir >> > /all >> > slavenvram:,dir /all sec-disk2:,dir /all slavesup-bootflash:,dir /all >> > sec-disk0:,dir /all harddiskb:,show inventory raw,dir /all >> > slavedisk1:,show >> > module,show controllers,show diagbus,dir /all slavedisk0:,show debug,dir >> > /all bootflash:,dir /all sec-slot0:,dir /all sec-disk1:,write term,show >> > vtp >> > status,dir /all sup-bootflash:,dir /all slot2:,dir /all harddisk:,dir >> > /all >> > slot0:,dir /all sup-microcode:,show vlan,dir /all slavebootflash:,show >> > controllers cbus,dir /all slaveslot1:,show vlan-switch,show >> > running-config,show c7200,dir /all slot1: >> > 172.30.26.16: End of run not found >> > ! >> > >> > -------------------------------------------------------------------------------- >> > >> > I have done some searching etc, but can not find what the problem may >> > be. >> > >> > >From reading through the errors, it seems that it is not able to enter >> > the >> > user or password, but I dont know why. >> > >> > Here is the output from a manual telnet to the device: >> > >> > >> > -------------------------------------------------------------------------------- >> > telnet 172.30.26.16 >> > Trying 172.30.26.16... >> > Connected to 172.30.26.16 (172.30.26.16). >> > Escape character is '^]'. >> > >> > >> > *********************************************************************** >> > * Access to this computer system is limited to authorised users >> > only. * >> > * Unauthorised users may be subject to prosecution under the Crimes >> > * >> > * Act or State legislation >> > * >> > * >> > * >> > * Please note, ALL CUSTOMER DETAILS are confidential and must >> > * >> > * not be disclosed. >> > * >> > >> > *********************************************************************** >> > >> > >> > >> > >> > User Access Verification (ISP V1) >> > >> > Username: myusername >> > Password: >> > Signon successful. >> > >> > spgvsour01c28# >> > >> > -------------------------------------------------------------------------------- >> > >> > Again, username has been modified for privacy. >> > >> > If anyone can shed some light on what the issue may be, or point me in a >> > direction that may enable me to trouble shoot a bit more, that would be >> > much >> > appreciated. >> > >> > Regards >> > >> > -Hurgh- >> >> > _______________________________________________ >> > Rancid-discuss mailing list >> > Rancid-discuss at shrubbery.net >> > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From sreekanth.krishna at gmail.com Tue Dec 9 14:46:10 2008 From: sreekanth.krishna at gmail.com (Sreekanth K) Date: Tue, 9 Dec 2008 20:16:10 +0530 Subject: [rancid] CatOS config backup issue with RANCID 2.3.2a9 Message-ID: <32c3e1da0812090646g33c2c95aqe0b150c5b81afa5d@mail.gmail.com> I have moved to 2.3.2a9 recently and have stumbled up on an issue with all the devices running CatOS. The rancid-run script enables the user to login to the userexec mode and then to the privilege mode but later it does not execute any command!!! and gets timed out. I have tested clogin script, which works fine and takes me to the privilege mode after giving all credentials - vty username/password and enable password. This is the log which i receive from the log file. clogin error: Error: TIMEOUT reached I went through the old messages in the forum but they all point to "autoenable" which is not my case since RANCID does login to the device. I verified the same with my ACS logs. Have any of you faced a similar problem ? Can someone help me with a fix for this ? Regards//Sreekanth -- Best Regards K Sreekanth 09941914363 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20081209/c590212d/attachment.html From peter.serwe at gmail.com Tue Dec 9 20:23:29 2008 From: peter.serwe at gmail.com (Peter Serwe) Date: Tue, 9 Dec 2008 15:23:29 -0500 Subject: [rancid] Re: Need a little help with Auto Enable In-Reply-To: <145683670.2986561228840873169.JavaMail.root@lavender.impulse.net> References: <705021992.2984261228839807416.JavaMail.root@lavender.impulse.net> <145683670.2986561228840873169.JavaMail.root@lavender.impulse.net> Message-ID: An alternative to worrying about keeping the passwords on the routers is to set up tacacs+ and AAA authentication. Peter On Tue, Dec 9, 2008 at 11:41 AM, Victor Breen wrote: > Another option aside from limiting the commands issued by rancid is you also could give your username the same privileges as you would have being fully "enabled" so you won't hit a roadblock during rancid-run. This is pretty safe if you have a good set of ACLs to firewall ssh from the world keeping the bad guys out and your rancid logins unrestricted. The other side of the coin is you have to protect your username's password just as rigidly as the enable password since it can potentially do just as much damage in the wrong hands. > > Ex: > username privilege 15 secret > > P.S. I also recommend using "service password-encryption" and adding "transport input ssh" on your vtys if you have a crypto version of IOS ;-) > > -- > Victor Breen > victor at impulse.net > > > > > ----- Original Message ----- > From: "Lance Vermilion" > To: rancid-discuss at shrubbery.net > Sent: Tuesday, December 9, 2008 7:17:25 AM GMT -08:00 US/Canada Pacific > Subject: [rancid] Re: Need a little help with Auto Enable > > Edit them out from the commandtable in /bin/rancid > > You just need to put a # in front of the command you don't want to run. > > On Mon, Dec 8, 2008 at 3:09 PM, Hurgh wrote: >> Hi All, >> >> With a little bit of reading and some rancid -d action, I have discovered >> the problem. >> >> -- snip -- >> HIT COMMAND:spgvsour01c28#show variables boot >> In ShowBoot: spgvsour01c28#show variables boot >> HIT COMMAND:spgvsour01c28#show flash >> In ShowFlash: spgvsour01c28#show flash >> HIT COMMAND:spgvsour01c28#dir /all nvram: >> In DirSlotN: spgvsour01c28#dir /all nvram: >> write(spawn_id=1): broken pipe >> while executing >> "send_user -- "$expect_out(buffer)"" >> invoked from within >> "expect -nobrace -re+ { exp_continue } -re {^[^ >> *]*spgvsour01c([^#>\r\n]+)?[#>](\([^)\r\n]+\))?} { send_user -- >> "$expect_out(buffer)" >> } -re {..." >> invoked from within >> "expect { >> -- snip -- >> >> It seems that the username I am using to login to the router does not have >> access to run some of the required commands. >> >> Dose anyone know how to stop Rancid running specific commands for specific >> hosts? or is it a manual hack job to fix it? >> >> Thanks >> >> >> >> On Tue, Dec 9, 2008 at 6:41 AM, john heasley wrote: >>> >>> Mon, Dec 08, 2008 at 10:49:06AM +1100, Hurgh: >>> > Hi all, >>> > >>> > I am trying to login to a Cisco router that has AutoEnable setup (enter >>> > user >>> > and pass, and you are enabled). >>> > >>> > I have the following in my .clogin file: >>> > >>> > >>> > --------------------------------------------------------------------------------- >>> > add user 172.30.26.16 myusername >>> > add password 172.30.26.16 {mypassword} >>> > add autoenable 172.30.26.16 1 >>> > >>> > --------------------------------------------------------------------------------- >>> > >>> > The User and Pass have been swapped out, but I have confirmed the ones I >>> > am >>> > using are correct (can manually telnet to the device using the user and >>> > pass >>> > to login correctly). >>> > >>> > I have confirmed that the router supplies the correct "Username" and >>> > "Password" prompts. >>> > >>> > The following is the error I get when I run: >>> > >>> > rancid 172.30.26.16 >>> > >>> > >>> > -------------------------------------------------------------------------------- >>> > ./rancid 172.30.26.16 >>> > write(spawn_id=1): broken pipe >>> > while executing >>> > "send_user -- "$expect_out(buffer)"" >>> > invoked from within >>> > "expect -nobrace -re+ { exp_continue } -re {^[^ >>> > *]*spgvsour01c([^#>\r\n]+)?[#>](\([^)\r\n]+\))?} { send_user -- >>> ^^^^^^^^^^^ >>> it looks like its already logged in and seen the prompt and has begun >>> to run commands. its more likely that the device disconnected >>> prematurely, >>> but why I do not know. Follow the cloginrc/clogin testing in the FAQ. >>> >>> > "$expect_out(buffer)" >>> > } -re {..." >>> > invoked from within >>> > "expect { >>> > -re "\b+" { exp_continue } >>> > -re "^\[^\n\r *]*$reprompt" { send_user -- >>> > "$expect_out(buffer)" >>> > } >>> > -re "^\[^\n\r]*$reprompt." { send..." >>> > invoked from within >>> > "if [ string match "*\;*" "$command" ] { >>> > set commands [split $command \;] >>> > set num_commands [llength $commands] >>> > # the pager can not be turned off on ..." >>> > (procedure "run_commands" line 34) >>> > invoked from within >>> > "run_commands $prompt $command" >>> > ("foreach" body line 150) >>> > invoked from within >>> > "foreach router [lrange $argv $i end] { >>> > set router [string tolower $router] >>> > # attempt at platform switching. >>> > set platform "" >>> > send_user ..." >>> > (file "/home/rancid/bin/clogin" line 712) >>> > 172.30.26.16: missed cmd(s): admin show diag,dir /all slavedisk2:,dir >>> > /all >>> > sec-slot2:,show diag,dir /all disk1:,dir /all sec-nvram:,dir /all >>> > disk2:,dir >>> > /all sec-bootflash:,show spe version,dir /all slaveslot2:,dir /all >>> > disk0:,dir /all slaveslot0:,dir /all sec-slot1:,dir /all harddiska:,dir >>> > /all >>> > slavenvram:,dir /all sec-disk2:,dir /all slavesup-bootflash:,dir /all >>> > sec-disk0:,dir /all harddiskb:,show inventory raw,dir /all >>> > slavedisk1:,show >>> > module,show controllers,show diagbus,dir /all slavedisk0:,show debug,dir >>> > /all bootflash:,dir /all sec-slot0:,dir /all sec-disk1:,write term,show >>> > vtp >>> > status,dir /all sup-bootflash:,dir /all slot2:,dir /all harddisk:,dir >>> > /all >>> > slot0:,dir /all sup-microcode:,show vlan,dir /all slavebootflash:,show >>> > controllers cbus,dir /all slaveslot1:,show vlan-switch,show >>> > running-config,show c7200,dir /all slot1: >>> > 172.30.26.16: End of run not found >>> > ! >>> > >>> > -------------------------------------------------------------------------------- >>> > >>> > I have done some searching etc, but can not find what the problem may >>> > be. >>> > >>> > >From reading through the errors, it seems that it is not able to enter >>> > the >>> > user or password, but I dont know why. >>> > >>> > Here is the output from a manual telnet to the device: >>> > >>> > >>> > -------------------------------------------------------------------------------- >>> > telnet 172.30.26.16 >>> > Trying 172.30.26.16... >>> > Connected to 172.30.26.16 (172.30.26.16). >>> > Escape character is '^]'. >>> > >>> > >>> > *********************************************************************** >>> > * Access to this computer system is limited to authorised users >>> > only. * >>> > * Unauthorised users may be subject to prosecution under the Crimes >>> > * >>> > * Act or State legislation >>> > * >>> > * >>> > * >>> > * Please note, ALL CUSTOMER DETAILS are confidential and must >>> > * >>> > * not be disclosed. >>> > * >>> > >>> > *********************************************************************** >>> > >>> > >>> > >>> > >>> > User Access Verification (ISP V1) >>> > >>> > Username: myusername >>> > Password: >>> > Signon successful. >>> > >>> > spgvsour01c28# >>> > >>> > -------------------------------------------------------------------------------- >>> > >>> > Again, username has been modified for privacy. >>> > >>> > If anyone can shed some light on what the issue may be, or point me in a >>> > direction that may enable me to trouble shoot a bit more, that would be >>> > much >>> > appreciated. >>> > >>> > Regards >>> > >>> > -Hurgh- >>> >>> > _______________________________________________ >>> > Rancid-discuss mailing list >>> > Rancid-discuss at shrubbery.net >>> > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >> >> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >> > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -- ???? From arne.svennevik at met.no Wed Dec 10 11:30:38 2008 From: arne.svennevik at met.no (Arne Svennevik) Date: Wed, 10 Dec 2008 12:30:38 +0100 Subject: [rancid] Re: bypassing splash screen on HP ProCurve 3500 In-Reply-To: <493E93D9.2040109@networktest.com> References: <4938BB54.2040004@networktest.com> <20081205174541.GF21966@shrubbery.net> <493980D4.503@networktest.com> <493E93D9.2040109@networktest.com> Message-ID: <004301c95aba$bcdeba60$369c2f20$@svennevik@met.no> First, I'd try with hlogin instead of clogin (since it's a HP). We have several types of HP switches, all with the mentioned splash screen, and rancid pulls configs just fine. We use 'hp' as device type in router.db and the following authentication info: add password xx.xx.xx.xx {password} add method xx.xx.xx.xx telnet add autoenable xx.xx.xx.xx 1 Regards, Arne Svennevik -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of David Newman Sent: Tuesday, December 09, 2008 4:51 PM To: rancid-discuss at shrubbery.net Subject: [rancid] Re: bypassing splash screen on HP ProCurve 3500 On 12/5/08 11:28 AM, David Newman wrote: > On 12/5/08 9:45 AM, john heasley wrote: >> Thu, Dec 04, 2008 at 09:25:40PM -0800, David Newman: >>> Running Rancid 2.3.1_3 on FreeBSD 7 from ports, and having difficulty >>> grabbing configs from an HP ProCurve 3500yl switch because of the splash >>> screen the switch displays at login. >>> >>> I've pasted below the switch info from .cloginrc. >>> >>> Is there a workaround to get beyond the switch's initial splash screen? >> What is the splash screen? my hp2524 has one, but hrancid passes it just >> fine. > Still stuck on this. Running "clogin -c 'show run' 1.2.3.4" hangs at the splash screen (output below). Thanks in advance for any clues on getting beyond that point. dn $ clogin -c 'show run' 1.2.3.4 ProCurve J8693A Switch 3500yl-48G Software revision K.13.25 Copyright (C) 1991-2008 Hewlett-Packard Co. All Rights Reserved. RESTRICTED RIGHTS LEGEND Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subdivision (b) (3) (ii) of the Rights in Technical Data and Computer Software clause at 52.227-7013. HEWLETT-PACKARD COMPANY, 3000 Hanover St., Palo Alto, CA 94303 Press any key to continue _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From Larry.Kemp at usmetrotel.com Wed Dec 10 14:08:49 2008 From: Larry.Kemp at usmetrotel.com (Kemp, Larry) Date: Wed, 10 Dec 2008 09:08:49 -0500 Subject: [rancid] Using Rancid For Adtran: OptiMX/OptiSMX, Fujitsu: Flashwave4500/7420, & Allied Telesis: CV5000. In-Reply-To: <004301c95aba$bcdeba60$369c2f20$@svennevik@met.no> References: <4938BB54.2040004@networktest.com> <20081205174541.GF21966@shrubbery.net> <493980D4.503@networktest.com> <493E93D9.2040109@networktest.com> <004301c95aba$bcdeba60$369c2f20$@svennevik@met.no> Message-ID: Rancid Community, I thought I would open this up to rancid-discuss before opening a tickets with Adtran, Fujitsu and Allied Telesis. We have the following equipment: 1. Adtran: a. OPTI-MX b. OPTI-SMX c. TA3000 d. 2. Fujitsu: a. Flashwave 4500 b. 7420 3. Allied Telesis a. CV5000 Each time a user makes any change to the config, each device is set to FTP or TFTP a .BIN file to the FTP/TFTP server we previously setup. I would instead love to be able to use Rancid to go and grab these "devicename-or-ip-address.BIN" files from these networking devices. I would also like to see the conf diffs reported to us via email same way we currently enjoy seeing for all of our Cisco gear (which always still tickles me). I have Rancid currently running every 6 hours logging into every Cisco devices we have and would like to use Rancid for everything. This may not even be a possibility but I thought I would toss it out to the group before making inquiries to the manufacturers. Each would love to see you their proprietary element manager and a per-device-licensing scheme I am sure; but there will be none of that. :) Our Rancid System Rancid: 2.3.2a2 OS: Cent OS 5.2 Perl: 5.8.8 Expect: 5.43.0 Thanks in advance if anyone has any experience or better yet success in trying to do this with these specific devices! And thanks for all the great support so far too!!! Larry Kemp Network Engineer Bonita Springs FL USA -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20081210/7bd465e8/attachment.html From dnewman at networktest.com Wed Dec 10 19:15:00 2008 From: dnewman at networktest.com (David Newman) Date: Wed, 10 Dec 2008 11:15:00 -0800 Subject: [rancid] Re: bypassing splash screen on HP ProCurve 3500 In-Reply-To: <004301c95aba$bcdeba60$369c2f20$@svennevik@met.no> References: <4938BB54.2040004@networktest.com> <20081205174541.GF21966@shrubbery.net> <493980D4.503@networktest.com> <493E93D9.2040109@networktest.com> <004301c95aba$bcdeba60$369c2f20$@svennevik@met.no> Message-ID: <49401534.1020007@networktest.com> On 12/10/08 3:30 AM, Arne Svennevik wrote: > First, I'd try with hlogin instead of clogin (since it's a HP). We have > several types of HP switches, all with the mentioned splash screen, and > rancid pulls configs just fine. We use 'hp' as device type in router.db and > the following authentication info: > add password xx.xx.xx.xx {password} > add method xx.xx.xx.xx telnet > add autoenable xx.xx.xx.xx 1 Thanks. You're using telnet, and I had ssh. Just tried with telnet re-enabled on the switch and that works, including getting past the splash screen. hlogin isn't working with ssh, though: $ /usr/local/libexec/rancid/hlogin 1.2.3.4 spawn hpuifilter -- 'ssh -c 3des -x -l admin' 1.2.3.4 Error: Couldn't login But manually executing 'ssh -c 3des -x -l admin 1.2.3.4' works OK. Rancid and ssh work with Cisco boxes here; am I missing something in the ssh setup for hp? Also, FWIW the rancid logs report a clogin error for the HP switch: 1.2.3.4 clogin error: Error: Couldn't login even though it's defined as an HP box in router.db: 1.2.3.4:hp:up What am I missing? thanks dn From arla at rn.dk Wed Dec 10 20:03:10 2008 From: arla at rn.dk (Arne Larsen / Region Nordjylland) Date: Wed, 10 Dec 2008 21:03:10 +0100 Subject: [rancid] rancid don't create configurations files Message-ID: <8D68760F464FFD40A01BF2FB374E4A28C6F7784143@SRVEXC02.aas.its.nja.dk> Hi all Can someone help me out. I've install rancid on a Centos5, and configured it as I belive it should, but I don't get any configurations into the file structure. If I run .cloginrc -c " sh run " and pipe it into a file I get the configuration of the router. If I run rancid-run, and at the same time do a tcpdump then I can see the connect to the router from rancid and also a lot off packets being transferred from the router to rancid. But I never get a list of configurations files. I don't get a log file in /var/log either. What can I be missing here. I run rancid-run as rancid user. Here is the extensions of the created file.: -rw-r----- 1 rancid rancid 0 Dec 10 20:49 testsw1 /Arne From bwindle at fint.org Thu Dec 11 21:21:08 2008 From: bwindle at fint.org (Burton Windle) Date: Thu, 11 Dec 2008 16:21:08 -0500 (EST) Subject: [rancid] best way to remove part of a command's output Message-ID: I've got a few Dell 6248 switches which, as part of the 'show system' command, display both their uptime and the temperature of the units. Both of these are problems, as they cause frequent hourly diffs to be emailed out. I've removed the uptime, as that was all on one line with a unique prefix, but I'm unsure what the best way to remove the temperature. I'd really like to include the output of 'show system', as it has some data (fan status, mostly) I'd like to keep. I guess I could just remove any line with 'OK' in it, but I'd like to know more experienced rancid'ers would solve this. Raw output is: WH-ClientSW-1#show system System Description: Dell Ethernet Switch System Up Time (days, hour:min:sec): 4, 9:45:22 System Contact: System Name: WH-ClientSW-1 System Location: Warehouse Server room Burned In MAC Address: 001E.C984.FAE6 System Object ID: 1.3.6.1.4.1.674.10875.3011 Machine Type: Dell 48 Port Gigabit Ethernet Temperature Sensors: Unit Temperature (Celsius) Status ---- --------------------- ------ 1 35 OK 2 36 OK 3 36 OK Fans: Unit Description Status ---- ----------- ------ 1 Fan 1 OK 1 Fan 2 OK 1 Fan 3 OK 1 Fan 4 OK 2 Fan 1 OK 2 Fan 2 OK 2 Fan 3 OK 2 Fan 4 OK 3 Fan 1 OK 3 Fan 2 OK 3 Fan 3 OK 3 Fan 4 OK Power Supplies: Unit Description Status Source ---- ----------- ----------- ------ 1 Main OK AC 1 Secondary Failure DC 2 Main OK AC 2 Secondary Failure DC 3 Main OK AC 3 Secondary Failure DC -- Burton Windle bwindle at fint.org From heas at shrubbery.net Thu Dec 11 21:36:00 2008 From: heas at shrubbery.net (john heasley) Date: Thu, 11 Dec 2008 13:36:00 -0800 Subject: [rancid] Re: best way to remove part of a command's output In-Reply-To: References: Message-ID: <20081211213600.GH2631@shrubbery.net> Thu, Dec 11, 2008 at 04:21:08PM -0500, Burton Windle: > I've got a few Dell 6248 switches which, as part of the 'show system' > command, display both their uptime and the temperature of the units. > Both of these are problems, as they cause frequent hourly diffs to > be emailed out. > > I've removed the uptime, as that was all on one line with a unique prefix, > but I'm unsure what the best way to remove the temperature. I'd really > like to include the output of 'show system', as it has some data (fan > status, mostly) I'd like to keep. I guess I could just remove any line > with 'OK' in it, but I'd like to know more experienced rancid'ers > would solve this. > > Raw output is: > > WH-ClientSW-1#show system > System Description: Dell Ethernet Switch > System Up Time (days, hour:min:sec): 4, 9:45:22 > System Contact: > System Name: WH-ClientSW-1 > System Location: Warehouse Server room > Burned In MAC Address: 001E.C984.FAE6 > System Object ID: 1.3.6.1.4.1.674.10875.3011 > Machine Type: Dell 48 Port Gigabit Ethernet > Temperature Sensors: > > Unit Temperature (Celsius) Status > ---- --------------------- ------ > 1 35 OK > 2 36 OK > 3 36 OK does "unit" refer to the temp sensor or something else? or, is "status" interesting? From kevin_turner at syncglobal.net Thu Dec 11 21:58:47 2008 From: kevin_turner at syncglobal.net (Kevin Turner) Date: Thu, 11 Dec 2008 16:58:47 -0500 Subject: [rancid] Alcatel-Lucent Omniswitch Message-ID: <78FE85DE12AA4C188130C47278329C98@hydrogen> Hello, I found a thread from earlier this year with discussion of scripts to make RANCID work with Alcatel Omniswitch devices (I need it to work with a 6850). Someone offered to contribute scripts they had written, but I can not find any other references to the scripts. Does anyone have scripts for these devices and would like to share them? I would attempt myself, but I am unfamiliar with Expect and Perl. Thank you, Kevin -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20081211/5008d074/attachment.html From kevin_turner at syncglobal.net Thu Dec 11 22:15:36 2008 From: kevin_turner at syncglobal.net (Kevin Turner) Date: Thu, 11 Dec 2008 17:15:36 -0500 Subject: [rancid] Re: Alcatel-Lucent Omniswitch In-Reply-To: <78FE85DE12AA4C188130C47278329C98@hydrogen> References: <78FE85DE12AA4C188130C47278329C98@hydrogen> Message-ID: Nevermind, I found them and will try them. Thanks, Kevin _____ From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Kevin Turner Sent: Thursday, December 11, 2008 4:59 PM To: rancid-discuss at shrubbery.net Subject: [rancid] Alcatel-Lucent Omniswitch Hello, I found a thread from earlier this year with discussion of scripts to make RANCID work with Alcatel Omniswitch devices (I need it to work with a 6850). Someone offered to contribute scripts they had written, but I can not find any other references to the scripts. Does anyone have scripts for these devices and would like to share them? I would attempt myself, but I am unfamiliar with Expect and Perl. Thank you, Kevin -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20081211/9259b45c/attachment.html From J.S.Peatfield at damtp.cam.ac.uk Mon Dec 15 20:20:38 2008 From: J.S.Peatfield at damtp.cam.ac.uk (Jon Peatfield) Date: Mon, 15 Dec 2008 20:20:38 +0000 (GMT) Subject: [rancid] Re: bypassing splash screen on HP ProCurve 3500 In-Reply-To: <49401534.1020007@networktest.com> References: <4938BB54.2040004@networktest.com> <20081205174541.GF21966@shrubbery.net> <493980D4.503@networktest.com> <493E93D9.2040109@networktest.com> <004301c95aba$bcdeba60$369c2f20$@svennevik@met.no> <49401534.1020007@networktest.com> Message-ID: On Wed, 10 Dec 2008, David Newman wrote: > On 12/10/08 3:30 AM, Arne Svennevik wrote: >> First, I'd try with hlogin instead of clogin (since it's a HP). We have >> several types of HP switches, all with the mentioned splash screen, and >> rancid pulls configs just fine. We use 'hp' as device type in router.db and >> the following authentication info: >> add password xx.xx.xx.xx {password} >> add method xx.xx.xx.xx telnet >> add autoenable xx.xx.xx.xx 1 > > Thanks. You're using telnet, and I had ssh. Just tried with telnet > re-enabled on the switch and that works, including getting past the > splash screen. > > hlogin isn't working with ssh, though: > > $ /usr/local/libexec/rancid/hlogin 1.2.3.4 > spawn hpuifilter -- 'ssh -c 3des -x -l admin' 1.2.3.4 > > Error: Couldn't login > > But manually executing 'ssh -c 3des -x -l admin 1.2.3.4' works OK. > > Rancid and ssh work with Cisco boxes here; am I missing something in the > ssh setup for hp? > > Also, FWIW the rancid logs report a clogin error for the HP switch: > > 1.2.3.4 clogin error: Error: Couldn't login > > even though it's defined as an HP box in router.db: > > 1.2.3.4:hp:up > > What am I missing? The following seems to work for me - against a variety of HP procurve switches though I don't actually have any 3500 boxes atm... # data (and voip) core switches are HP procurve 5400z series add password bl08-\[dv\]core1.private {xxxxxxx} {xxxxxxx} add user bl08-\[dv\]core1.private {manager} add autoenable bl08-\[dv\]core1.private {1} add method bl08-\[dv\]core1.private ssh $ hlogin bl08-vcore1.private bl08-vcore1.private spawn hpuifilter -- ssh -c 3des -x -l manager bl08-vcore1.private bl08-vcore1 (hp 5406zl), CMS voice core switch manager at bl08-vcore1.private's password: ProCurve J8697A Switch 5406zl Software revision K.13.09 Press any key to continuebl08-vcore1# bl08-vcore1# logo Do you want to log out [y/n]? y Connection to bl08-vcore1.private closed. that is with rancid-2.3.2a8 with a patch (from Richard Golier) to collect info with the right commands for the 'newer' versions of the HP firmware. I suppose that at some point I ought to check if rancid-2.3.2a9 already includes that hp fix... -- Jon From quagga at muntinternet.nl Mon Dec 15 21:01:47 2008 From: quagga at muntinternet.nl (Jeroen) Date: Mon, 15 Dec 2008 22:01:47 +0100 Subject: [rancid] Re: problem with procurve 2900-24g and new firmware version (T13.23 In-Reply-To: References: <49269E29.90701@muntinternet.nl> Message-ID: <4946C5BB.6000304@muntinternet.nl> Burton Windle wrote: > Did you make any progress on this? I just spent most of this week > getting rancid to play nice with a few Dell switches, and I > encountered similar issues. > > Hi Burton, No, because of time I have left it on the side for the moment... My fix worked, but then the switches that were not yet running version 13 firmware wouldn't work.... John offered a larger patch, but that isn't working either.... Kind regards, jeroen From dnewman at networktest.com Tue Dec 16 06:01:36 2008 From: dnewman at networktest.com (David Newman) Date: Mon, 15 Dec 2008 22:01:36 -0800 Subject: [rancid] Re: bypassing splash screen on HP ProCurve 3500 In-Reply-To: References: <4938BB54.2040004@networktest.com> <20081205174541.GF21966@shrubbery.net> <493980D4.503@networktest.com> <493E93D9.2040109@networktest.com> <004301c95aba$bcdeba60$369c2f20$@svennevik@met.no> <49401534.1020007@networktest.com> Message-ID: <49474440.6030102@networktest.com> On 12/15/08 12:20 PM, Jon Peatfield wrote: > that is with rancid-2.3.2a8 with a patch (from Richard Golier) to > collect info with the right commands for the 'newer' versions of the HP > firmware. > > I suppose that at some point I ought to check if rancid-2.3.2a9 already > includes that hp fix... That might be the problem. I'm running 2.3.1_3 from FreeBSD ports. Later in the week when I have more free cycles I will try again with 2.3.2aX... thanks dn From jeff at ocjtech.us Wed Dec 17 05:53:25 2008 From: jeff at ocjtech.us (Jeffrey Ollie) Date: Tue, 16 Dec 2008 23:53:25 -0600 Subject: [rancid] Git patch for RANCID 2.3.2a9 Message-ID: <935ead450812162153g46beee82h5c2ee8fa5e8af237@mail.gmail.com> Here's a version of my Git patch rebased to 2.3.2a9. No changes to functionality. A git repo with all of my changes can be found here: git://fedorapeople.org/home/fedora/jcollie/public_git/rancid.git -- Jeff Ollie "You know, I used to think it was awful that life was so unfair. Then I thought, wouldn't it be much worse if life were fair, and all the terrible things that happen to us come because we actually deserve them? So, now I take great comfort in the general hostility and unfairness of the universe." -- Marcus to Franklin in Babylon 5: "A Late Delivery from Avalon" -------------- next part -------------- A non-text attachment was scrubbed... Name: rancid-2.3.2a9-git.patch Type: text/x-patch Size: 11943 bytes Desc: not available Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20081216/b968836f/attachment.bin From J.S.Peatfield at damtp.cam.ac.uk Wed Dec 17 08:32:27 2008 From: J.S.Peatfield at damtp.cam.ac.uk (Jon Peatfield) Date: Wed, 17 Dec 2008 08:32:27 +0000 (GMT) Subject: [rancid] Re: problem with procurve 2900-24g and new firmware version (T13.23 In-Reply-To: <4946C5BB.6000304@muntinternet.nl> References: <49269E29.90701@muntinternet.nl> <4946C5BB.6000304@muntinternet.nl> Message-ID: On Mon, 15 Dec 2008, Jeroen wrote: > Burton Windle wrote: >> Did you make any progress on this? I just spent most of this week >> getting rancid to play nice with a few Dell switches, and I >> encountered similar issues. >> >> > Hi Burton, > > No, because of time I have left it on the side for the moment... > > My fix worked, but then the switches that were not yet running version > 13 firmware wouldn't work.... > > John offered a larger patch, but that isn't working either.... I'm incuding a patch which works ok for me with either version 12 or 13 of a variety of HP procurve switches. Patch is against rancid-2.3.2a8 - I've not yet checked a9. The patch causes it to send both the show system-information and show system information commands but ignore the errors from the one which fails with if there are certain 'errors' (Invalid command etc). The patch is originally from Richard Golier so he deserves the credit. -- Jon -------------- next part -------------- --- rancid-2.3.2a8/bin/hrancid.in.procurve 2008-02-08 06:28:29.000000000 +0000 +++ rancid-2.3.2a8/bin/hrancid.in 2008-09-24 17:42:33.000000000 +0100 @@ -203,7 +203,7 @@ return; } -# This routine parses "show system-information" +# This routine parses "show system-information" or "show system information" sub ShowSystem { print STDERR " In ShowSystem: $_" if ($debug); @@ -212,7 +212,7 @@ last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); return(-1) if (/command authorization failed/i); - return(-1) if /^(Invalid|Ambiguous) input:/i; + return(1) if /^(Invalid|Ambiguous) input:/i; if (/memory\s+-\s+total\s+:\s+(\S+)/i) { my($mem) = $1; @@ -462,6 +462,7 @@ {'show version' => 'ShowVersion'}, {'show flash' => 'ShowFlash'}, {'show system-information' => 'ShowSystem'}, + {'show system information' => 'ShowSystem'}, {'show module' => 'ShowModule'}, {'show stack' => 'ShowStack'}, {'write term' => 'WriteTerm'} From J.S.Peatfield at damtp.cam.ac.uk Wed Dec 17 08:35:27 2008 From: J.S.Peatfield at damtp.cam.ac.uk (Jon Peatfield) Date: Wed, 17 Dec 2008 08:35:27 +0000 (GMT) Subject: [rancid] Re: bypassing splash screen on HP ProCurve 3500 In-Reply-To: <49474440.6030102@networktest.com> References: <4938BB54.2040004@networktest.com> <20081205174541.GF21966@shrubbery.net> <493980D4.503@networktest.com> <493E93D9.2040109@networktest.com> <004301c95aba$bcdeba60$369c2f20$@svennevik@met.no> <49401534.1020007@networktest.com> <49474440.6030102@networktest.com> Message-ID: On Mon, 15 Dec 2008, David Newman wrote: > On 12/15/08 12:20 PM, Jon Peatfield wrote: > >> that is with rancid-2.3.2a8 with a patch (from Richard Golier) to >> collect info with the right commands for the 'newer' versions of the HP >> firmware. >> >> I suppose that at some point I ought to check if rancid-2.3.2a9 already >> includes that hp fix... > > That might be the problem. I'm running 2.3.1_3 from FreeBSD ports. > > Later in the week when I have more free cycles I will try again with > 2.3.2aX... Sounds very likely. From http://www.shrubbery.net/rancid/ ... Also, there are two alpha images; rancid-2.3.2a7.tar.gz and rancid-wcgallar.tar.gz. The latter pre-dates the former by just a bit; both now include fixes for use of SSH with HP Procurve switches. though a8 and a9 are now on the ftp site so are presumably the preferred versions. -- Jon From joaje at dongenergy.dk Thu Dec 18 15:24:20 2008 From: joaje at dongenergy.dk (Joachim Jerberg Jensen) Date: Thu, 18 Dec 2008 16:24:20 +0100 Subject: [rancid] Re: rancid don't create configurations files In-Reply-To: <8D68760F464FFD40A01BF2FB374E4A28C6F7784143@SRVEXC02.aas.its.nja.dk> References: <8D68760F464FFD40A01BF2FB374E4A28C6F7784143@SRVEXC02.aas.its.nja.dk> Message-ID: <87A30259343A4341AE7875D53403F04E133827E8FA@CLU01EX.de-prod.dk> >On Wednesday, December 10, 2008 9:03 PM, Arne Larsen wrote: >Hi all Hi Arne, > >Can someone help me out. Have you solved your problem yet? >i've install rancid on a Centos5, and configured it as I belive it should, but I don't get any configurations into the file structure. >If I run .cloginrc -c " sh run " and pipe it into a file I get the configuration of the router. >If I run rancid-run, and at the same time do a tcpdump then I can see the connect to the router from rancid and also a lot off packets being transferred from the router to rancid. >But I never get a list of configurations files. >I don't get a log file in /var/log either. Rancid should generate a logfile in like /usr/local/var/rancid/logs depending on where you have installed rancid. In these logs, you should see some kind of an error. The logfile is named "thegroup.date.time" Hygge -- Joachim Jerberg Jensen >What can I be missing here. I run rancid-run as rancid user. >Here is the extensions of the created file.: -rw-r----- 1 rancid rancid 0 Dec 10 20:49 testsw1 > >/Arne From sreekanth.krishna at gmail.com Fri Dec 19 05:16:50 2008 From: sreekanth.krishna at gmail.com (Sreekanth K) Date: Fri, 19 Dec 2008 10:46:50 +0530 Subject: [rancid] Help on backing up Cisco ASA / ACE with Multiple Contexts!! Message-ID: <32c3e1da0812182116s322a70f3x9efd462e52b8700c@mail.gmail.com> Dear All, Has any one succeeded in backing up Cisco ASA / ACE with Multiple Contexts. When i try to do the same I am able to backup only the Admin Context. Any idea how to backup other contexts ? Best Regards K Sreekanth -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20081219/ead20b33/attachment.html From mstefani at redhat.com Fri Dec 19 09:35:58 2008 From: mstefani at redhat.com (Michael Stefaniuc) Date: Fri, 19 Dec 2008 10:35:58 +0100 Subject: [rancid] Re: Help on backing up Cisco ASA / ACE with Multiple Contexts!! In-Reply-To: <32c3e1da0812182116s322a70f3x9efd462e52b8700c@mail.gmail.com> References: <32c3e1da0812182116s322a70f3x9efd462e52b8700c@mail.gmail.com> Message-ID: <494B6AFE.7030004@redhat.com> Hello, Sreekanth K wrote: > Has any one succeeded in backing up Cisco ASA / ACE with Multiple Contexts. > > When i try to do the same I am able to backup only the Admin Context. Any > idea how to backup other contexts ? easiest if all the contexts have their own IP: you can backup then each context separately. bye michael -- Michael Stefaniuc Tel.: +49-711-96437-199 Consulting Communications Engineer Fax.: +49-711-96437-111 -------------------------------------------------------------------- Reg. Adresse: Red Hat GmbH, Otto-Hahn-Strasse 20, 85609 Dornach bei Muenchen Handelsregister: Amtsgericht Muenchen HRB 153243 Gesch?ftsf?hrer: Brendan Lane, Charlie Peters, Michael Cunningham, Werner Knoblich From sreekanth.krishna at gmail.com Fri Dec 19 09:49:53 2008 From: sreekanth.krishna at gmail.com (Sreekanth K) Date: Fri, 19 Dec 2008 15:19:53 +0530 Subject: [rancid] Re: Help on backing up Cisco ASA / ACE with Multiple Contexts!! In-Reply-To: <494B6AFE.7030004@redhat.com> References: <32c3e1da0812182116s322a70f3x9efd462e52b8700c@mail.gmail.com> <494B6AFE.7030004@redhat.com> Message-ID: <32c3e1da0812190149g4042d904k81b48b9ca3d8efbe@mail.gmail.com> True.. But Unfortunate that I cannot do that due to organisation policy restrictions :( On 12/19/08, Michael Stefaniuc wrote: > > Hello, > > Sreekanth K wrote: > > Has any one succeeded in backing up Cisco ASA / ACE with Multiple > Contexts. > > > > When i try to do the same I am able to backup only the Admin Context. Any > > idea how to backup other contexts ? > easiest if all the contexts have their own IP: you can backup then each > context separately. > > bye > michael > -- > Michael Stefaniuc Tel.: +49-711-96437-199 > Consulting Communications Engineer Fax.: +49-711-96437-111 > -------------------------------------------------------------------- > Reg. Adresse: Red Hat GmbH, Otto-Hahn-Strasse 20, 85609 Dornach bei > Muenchen > Handelsregister: Amtsgericht Muenchen HRB 153243 > Gesch?ftsf?hrer: Brendan Lane, Charlie Peters, Michael Cunningham, > Werner Knoblich > -- Best Regards K Sreekanth 09941914363 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20081219/539cd4e2/attachment.html From CBell at thig.com Fri Dec 19 14:00:22 2008 From: CBell at thig.com (Chris Bell) Date: Fri, 19 Dec 2008 09:00:22 -0500 Subject: [rancid] Re: rancid don't create configurations files In-Reply-To: <87A30259343A4341AE7875D53403F04E133827E8FA@CLU01EX.de-prod.dk> Message-ID: I believe he fixed this by re-installing rancid under the "rancid" user. It was apparently a permissions issue. -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Joachim Jerberg Jensen Sent: Thursday, December 18, 2008 10:24 AM To: Arne Larsen / Region Nordjylland; 'rancid-discuss at shrubbery.net' Subject: [rancid] Re: rancid don't create configurations files >On Wednesday, December 10, 2008 9:03 PM, Arne Larsen wrote: >Hi all Hi Arne, > >Can someone help me out. Have you solved your problem yet? >i've install rancid on a Centos5, and configured it as I belive it should, but I don't get any configurations into the file structure. >If I run .cloginrc -c " sh run " and pipe it into a file I get the configuration of the router. >If I run rancid-run, and at the same time do a tcpdump then I can see the connect to the router from rancid and also a lot off packets being transferred from the router to rancid. >But I never get a list of configurations files. >I don't get a log file in /var/log either. Rancid should generate a logfile in like /usr/local/var/rancid/logs depending on where you have installed rancid. In these logs, you should see some kind of an error. The logfile is named "thegroup.date.time" Hygge -- Joachim Jerberg Jensen >What can I be missing here. I run rancid-run as rancid user. >Here is the extensions of the created file.: -rw-r----- 1 rancid rancid 0 Dec 10 20:49 testsw1 > >/Arne _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From smunzani at comcast.net Fri Dec 19 14:30:29 2008 From: smunzani at comcast.net (Sam Munzani) Date: Fri, 19 Dec 2008 08:30:29 -0600 Subject: [rancid] Re: Help on backing up Cisco ASA / ACE with Multiple Contexts!! In-Reply-To: <494B6AFE.7030004@redhat.com> References: <32c3e1da0812182116s322a70f3x9efd462e52b8700c@mail.gmail.com> <494B6AFE.7030004@redhat.com> Message-ID: <494BB005.8010902@comcast.net> That's the approach I take. Usually we need to monitor each context so our management station needs to reach each context directly anyway. So rancid just ssh to each context individually and treat them as separate devices. sam > Hello, > > Sreekanth K wrote: > >> Has any one succeeded in backing up Cisco ASA / ACE with Multiple Contexts. >> >> When i try to do the same I am able to backup only the Admin Context. Any >> idea how to backup other contexts ? >> > easiest if all the contexts have their own IP: you can backup then each > context separately. > > bye > michael > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20081219/93a457d5/attachment.html From NMaio at guesswho.com Fri Dec 19 14:39:43 2008 From: NMaio at guesswho.com (NMaio at guesswho.com) Date: Fri, 19 Dec 2008 09:39:43 -0500 Subject: [rancid] Re: Help on backing up Cisco ASA / ACE with Multiple Contexts!! In-Reply-To: <494BB005.8010902@comcast.net> References: <32c3e1da0812182116s322a70f3x9efd462e52b8700c@mail.gmail.com><494B6AFE.7030004@redhat.com> <494BB005.8010902@comcast.net> Message-ID: As do I?.though I modified the script to also look for FT (fault tolerance) changes so I know if a failover occurred. This has already notified me a two pretty large bugs in the ACE code. Nick From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Sam Munzani Sent: Friday, December 19, 2008 9:30 AM To: Michael Stefaniuc Cc: rancid-discuss at shrubbery.net Subject: [rancid] Re: Help on backing up Cisco ASA / ACE with Multiple Contexts!! That's the approach I take. Usually we need to monitor each context so our management station needs to reach each context directly anyway. So rancid just ssh to each context individually and treat them as separate devices. sam Hello, Sreekanth K wrote: Has any one succeeded in backing up Cisco ASA / ACE with Multiple Contexts. When i try to do the same I am able to backup only the Admin Context. Any idea how to backup other contexts ? easiest if all the contexts have their own IP: you can backup then each context separately. bye michael -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20081219/ed0d133b/attachment.html From mstefani at redhat.com Fri Dec 19 15:25:28 2008 From: mstefani at redhat.com (Michael Stefaniuc) Date: Fri, 19 Dec 2008 16:25:28 +0100 Subject: [rancid] Re: Help on backing up Cisco ASA / ACE with Multiple Contexts!! In-Reply-To: References: <32c3e1da0812182116s322a70f3x9efd462e52b8700c@mail.gmail.com><494B6AFE.7030004@redhat.com> <494BB005.8010902@comcast.net> Message-ID: <494BBCE8.8070602@redhat.com> Hello Nick, NMaio at guesswho.com wrote: > As do I?.though I modified the script to also look for FT (fault tolerance) changes so I know if a failover occurred. This has already notified me a two pretty large bugs in the ACE code. would you mind sharing your FT changes? I for one would be interested in those. thanks bye michael > From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Sam Munzani > Sent: Friday, December 19, 2008 9:30 AM > To: Michael Stefaniuc > Cc: rancid-discuss at shrubbery.net > Subject: [rancid] Re: Help on backing up Cisco ASA / ACE with Multiple Contexts!! > > > > That's the approach I take. Usually we need to monitor each context so our management station needs to reach each context directly anyway. So rancid just ssh to each context individually and treat them as separate devices. > > sam > > > > Hello, > > Sreekanth K wrote: > > > Has any one succeeded in backing up Cisco ASA / ACE with Multiple Contexts. > > When i try to do the same I am able to backup only the Admin Context. Any > idea how to backup other contexts ? > > > easiest if all the contexts have their own IP: you can backup then each > context separately. -- Michael Stefaniuc Tel.: +49-711-96437-199 Consulting Communications Engineer Fax.: +49-711-96437-111 -------------------------------------------------------------------- Reg. Adresse: Red Hat GmbH, Otto-Hahn-Strasse 20, 85609 Dornach bei Muenchen Handelsregister: Amtsgericht Muenchen HRB 153243 Gesch?ftsf?hrer: Brendan Lane, Charlie Peters, Michael Cunningham, Werner Knoblich From NMaio at guesswho.com Fri Dec 19 16:30:14 2008 From: NMaio at guesswho.com (NMaio at guesswho.com) Date: Fri, 19 Dec 2008 11:30:14 -0500 Subject: [rancid] Re: Help on backing up Cisco ASA / ACE with Multiple Contexts!! In-Reply-To: <494BBCE8.8070602@redhat.com> References: <32c3e1da0812182116s322a70f3x9efd462e52b8700c@mail.gmail.com><494B6AFE.7030004@redhat.com> <494BB005.8010902@comcast.net> <494BBCE8.8070602@redhat.com> Message-ID: Michael, I did this a while ago so I apologize it if isn't the cleanest but here is the file I use for the ace contexts. All I care about is the configuration changes and the ft status. This tells me the last time a failover occurred via the "show ft group detail" command. Nick -----Original Message----- From: Michael Stefaniuc [mailto:mstefani at redhat.com] Sent: Friday, December 19, 2008 10:25 AM To: Nicholas Maio Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Re: Help on backing up Cisco ASA / ACE with Multiple Contexts!! Hello Nick, NMaio at guesswho.com wrote: > As do I?.though I modified the script to also look for FT (fault tolerance) changes so I know if a failover occurred. This has already notified me a two pretty large bugs in the ACE code. would you mind sharing your FT changes? I for one would be interested in those. thanks bye michael > From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Sam Munzani > Sent: Friday, December 19, 2008 9:30 AM > To: Michael Stefaniuc > Cc: rancid-discuss at shrubbery.net > Subject: [rancid] Re: Help on backing up Cisco ASA / ACE with Multiple Contexts!! > > > > That's the approach I take. Usually we need to monitor each context so our management station needs to reach each context directly anyway. So rancid just ssh to each context individually and treat them as separate devices. > > sam > > > > Hello, > > Sreekanth K wrote: > > > Has any one succeeded in backing up Cisco ASA / ACE with Multiple Contexts. > > When i try to do the same I am able to backup only the Admin Context. Any > idea how to backup other contexts ? > > > easiest if all the contexts have their own IP: you can backup then each > context separately. -- Michael Stefaniuc Tel.: +49-711-96437-199 Consulting Communications Engineer Fax.: +49-711-96437-111 -------------------------------------------------------------------- Reg. Adresse: Red Hat GmbH, Otto-Hahn-Strasse 20, 85609 Dornach bei Muenchen Handelsregister: Amtsgericht Muenchen HRB 153243 Gesch?ftsf?hrer: Brendan Lane, Charlie Peters, Michael Cunningham, Werner Knoblich -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: acerancid.txt Url: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20081219/02367613/attachment.txt From dtuecks at googlemail.com Fri Dec 19 20:35:39 2008 From: dtuecks at googlemail.com (Daniel Tuecks) Date: Fri, 19 Dec 2008 21:35:39 +0100 Subject: [rancid] Re: Help on backing up Cisco ASA / ACE with Multiple Contexts!! In-Reply-To: <32c3e1da0812190149g4042d904k81b48b9ca3d8efbe@mail.gmail.com> References: <32c3e1da0812182116s322a70f3x9efd462e52b8700c@mail.gmail.com> <494B6AFE.7030004@redhat.com> <32c3e1da0812190149g4042d904k81b48b9ca3d8efbe@mail.gmail.com> Message-ID: Hi all, I have a similar problem. I'd (still) like to backup various contexts of my firewall service modules (FWSM) and I too can only access the admin context... so long Daniel 2008/12/19 Sreekanth K > True.. But Unfortunate that I cannot do that due to organisation policy > restrictions :( > > > On 12/19/08, Michael Stefaniuc wrote: >> >> Hello, >> >> Sreekanth K wrote: >> > Has any one succeeded in backing up Cisco ASA / ACE with Multiple >> Contexts. >> > >> > When i try to do the same I am able to backup only the Admin Context. >> Any >> > idea how to backup other contexts ? >> easiest if all the contexts have their own IP: you can backup then each >> context separately. >> >> bye >> michael >> -- >> Michael Stefaniuc Tel.: +49-711-96437-199 >> Consulting Communications Engineer Fax.: +49-711-96437-111 >> -------------------------------------------------------------------- >> Reg. Adresse: Red Hat GmbH, Otto-Hahn-Strasse 20, 85609 Dornach bei >> Muenchen >> Handelsregister: Amtsgericht Muenchen HRB 153243 >> Gesch?ftsf?hrer: Brendan Lane, Charlie Peters, Michael Cunningham, >> Werner Knoblich >> > > > > -- > Best Regards > K Sreekanth > 09941914363 > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20081219/b6f1ed08/attachment.html From dnewman at networktest.com Mon Dec 22 06:17:32 2008 From: dnewman at networktest.com (David Newman) Date: Sun, 21 Dec 2008 22:17:32 -0800 Subject: [rancid] Re: bypassing splash screen on HP ProCurve 3500 In-Reply-To: References: <4938BB54.2040004@networktest.com> <20081205174541.GF21966@shrubbery.net> <493980D4.503@networktest.com> <493E93D9.2040109@networktest.com> <004301c95aba$bcdeba60$369c2f20$@svennevik@met.no> <49401534.1020007@networktest.com> <49474440.6030102@networktest.com> Message-ID: <494F30FC.5090509@networktest.com> On 12/17/08 12:35 AM, Jon Peatfield wrote: > On Mon, 15 Dec 2008, David Newman wrote: > >> On 12/15/08 12:20 PM, Jon Peatfield wrote: >> >>> that is with rancid-2.3.2a8 with a patch (from Richard Golier) to >>> collect info with the right commands for the 'newer' versions of the HP >>> firmware. >>> >>> I suppose that at some point I ought to check if rancid-2.3.2a9 already >>> includes that hp fix... >> >> That might be the problem. I'm running 2.3.1_3 from FreeBSD ports. >> >> Later in the week when I have more free cycles I will try again with >> 2.3.2aX... > > Sounds very likely. From http://www.shrubbery.net/rancid/ > > ... > Also, there are two alpha images; rancid-2.3.2a7.tar.gz and > rancid-wcgallar.tar.gz. The latter pre-dates the former by just a bit; > both now include fixes for use of SSH with HP Procurve switches. > > though a8 and a9 are now on the ftp site so are presumably the preferred > versions. OK, I installed rancid-2.3.2a7_1 from the FreeBSD ports collection after deinstalling 2.3.1. The good news is that "hlogin -c 'sh run' 1.2.3.4" now runs just fine with no more problems from the splash screen. The bad news: rancid-run still won't grab configs. The log error is the same as before: Trying to get all of the configs. 1.2.3.4: missed cmd(s): show stack,show module,write term 1.2.3.4: End of run not found This switch is ID'd as an hp device in router.db, and again here is the relevant section from .cloginrc: # hp3500yl add user 1.2.3.4 myuser add password 1.2.3.4 iamsolame add autoenable 1.2.3.4 1 add method 1.2.3.4 ssh Not sure what else is missing here. rancid grabs configs from a bunch of Cisco devices with no problems. thanks dn From SKee at cmsstl.com Fri Dec 26 15:03:37 2008 From: SKee at cmsstl.com (Scott Kee) Date: Fri, 26 Dec 2008 09:03:37 -0600 Subject: [rancid] Permission denied, please try again message Message-ID: <5A344813F87C4B4AB15C8753DC56FD6A19E94F574D@CMSMAIL.Spectrumhealth.com> Rancid is backing up all of our pix501 firewall. I used to use local account to logon to the pix501 but recently we changed to radius. Ever since we made the change we can't log on to 3 501s using clogin. It lets me logon to the rest of the 30 pixes. Error message: Permission denied, please try again Error: Check your passwd for device name I am able to logon via ssh Anyone have idea? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20081226/d917d586/attachment.html From Todd at equivoice.com Mon Dec 29 20:27:08 2008 From: Todd at equivoice.com (Todd Heide) Date: Mon, 29 Dec 2008 14:27:08 -0600 Subject: [rancid] .clogin question Message-ID: <082FEA82DC985B4F8A6B412D5AC4E2200148BFAC@exchange.Equivoice.local> Is it possible to have the cloginrc first check username/password and then password for all devices? Reason I ask is we have several hundred devices that Rancid backed up, but our master Tacacs server went poof, and we replaced it with Cisco ACS, but not all the devices are on the new system, in fact only about 15% of them are. Problem is now that they aren't on Tacacs, I have an either or condition, either I backup those that accept standard password authentication, or those with Tacacs authentication. Can it be setup to try both for all devices, except firewalls of course. Thanks Todd -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20081229/d24e4fe1/attachment.html From azheng at monterey.k12.ca.us Mon Dec 29 20:32:20 2008 From: azheng at monterey.k12.ca.us (Alex Zheng) Date: Mon, 29 Dec 2008 12:32:20 -0800 Subject: [rancid] Re: .clogin question In-Reply-To: <082FEA82DC985B4F8A6B412D5AC4E2200148BFAC@exchange.Equivoice.local> References: <082FEA82DC985B4F8A6B412D5AC4E2200148BFAC@exchange.Equivoice.local> Message-ID: <541DF25433B5E547B4017C4D8E19666302DD179FB5@EXCHANGE.monterey.k12.ca.us> Does anyone have the link to unsubscribe from this list? From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Todd Heide Sent: Monday, December 29, 2008 12:27 PM To: rancid-discuss at shrubbery.net Subject: [BULK] [rancid] .clogin question Importance: Low Is it possible to have the cloginrc first check username/password and then password for all devices? Reason I ask is we have several hundred devices that Rancid backed up, but our master Tacacs server went poof, and we replaced it with Cisco ACS, but not all the devices are on the new system, in fact only about 15% of them are. Problem is now that they aren't on Tacacs, I have an either or condition, either I backup those that accept standard password authentication, or those with Tacacs authentication. Can it be setup to try both for all devices, except firewalls of course. Thanks Todd -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20081229/e64cf943/attachment.html From rancid at gheek.net Mon Dec 29 20:37:58 2008 From: rancid at gheek.net (Lance Vermilion) Date: Mon, 29 Dec 2008 13:37:58 -0700 Subject: [rancid] Re: .clogin question In-Reply-To: <082FEA82DC985B4F8A6B412D5AC4E2200148BFAC@exchange.Equivoice.local> References: <082FEA82DC985B4F8A6B412D5AC4E2200148BFAC@exchange.Equivoice.local> Message-ID: <8423e7bb0812291237s1e8df346s1564854d3451ce3d@mail.gmail.com> Todd, I have to assume you know what devices are in the new ACS server. Take a list of those names and then specify those before a global specificied username/password. username router1 bleh password router1 {blehpassword} {blehenablepassword} username router2 bloh password router2 {blohpassword} {blohenablepassword} username * blah password * {blahpassword} {blahenablepassword} On Mon, Dec 29, 2008 at 1:27 PM, Todd Heide wrote: > Is it possible to have the cloginrc first check username/password and then > password for all devices? > > > > Reason I ask is we have several hundred devices that Rancid backed up, but > our master Tacacs server went poof, and we replaced it with Cisco ACS, but > not all the devices are on the new system, in fact only about 15% of them > are. Problem is now that they aren't on Tacacs, I have an either or > condition, either I backup those that accept standard password > authentication, or those with Tacacs authentication. > > > > Can it be setup to try both for all devices, except firewalls of course. > > > > Thanks > > Todd > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > From Todd at equivoice.com Mon Dec 29 20:40:07 2008 From: Todd at equivoice.com (Todd Heide) Date: Mon, 29 Dec 2008 14:40:07 -0600 Subject: [rancid] Re: .clogin question In-Reply-To: <8423e7bb0812291237s1e8df346s1564854d3451ce3d@mail.gmail.com> References: <082FEA82DC985B4F8A6B412D5AC4E2200148BFAC@exchange.Equivoice.local> <8423e7bb0812291237s1e8df346s1564854d3451ce3d@mail.gmail.com> Message-ID: <082FEA82DC985B4F8A6B412D5AC4E2200148BFB3@exchange.Equivoice.local> I was hoping to avoid that since there are about 70 devices in ACS. I guess the best thing to do is print out the logs from each group and go add those to ACS, its just finding the time to do it. Thanks Todd Heide Equivoice Inc. CCSP CCNA CCDA 847-235-3308 Nothing ever goes as planned, Its a hell of a notion, Even pharaohs turn to sand, Like a drop in the ocean -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Lance Vermilion Sent: Monday, December 29, 2008 2:38 PM To: rancid-discuss at shrubbery.net Subject: [rancid] Re: .clogin question Todd, I have to assume you know what devices are in the new ACS server. Take a list of those names and then specify those before a global specificied username/password. username router1 bleh password router1 {blehpassword} {blehenablepassword} username router2 bloh password router2 {blohpassword} {blohenablepassword} username * blah password * {blahpassword} {blahenablepassword} On Mon, Dec 29, 2008 at 1:27 PM, Todd Heide wrote: > Is it possible to have the cloginrc first check username/password and then > password for all devices? > > > > Reason I ask is we have several hundred devices that Rancid backed up, but > our master Tacacs server went poof, and we replaced it with Cisco ACS, but > not all the devices are on the new system, in fact only about 15% of them > are. Problem is now that they aren't on Tacacs, I have an either or > condition, either I backup those that accept standard password > authentication, or those with Tacacs authentication. > > > > Can it be setup to try both for all devices, except firewalls of course. > > > > Thanks > > Todd > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From rancid at gheek.net Mon Dec 29 20:48:24 2008 From: rancid at gheek.net (Lance Vermilion) Date: Mon, 29 Dec 2008 13:48:24 -0700 Subject: [rancid] Re: .clogin question In-Reply-To: <082FEA82DC985B4F8A6B412D5AC4E2200148BFB3@exchange.Equivoice.local> References: <082FEA82DC985B4F8A6B412D5AC4E2200148BFAC@exchange.Equivoice.local> <8423e7bb0812291237s1e8df346s1564854d3451ce3d@mail.gmail.com> <082FEA82DC985B4F8A6B412D5AC4E2200148BFB3@exchange.Equivoice.local> Message-ID: <8423e7bb0812291248x53e4498ex96cc6ca730bb5e98@mail.gmail.com> Todd, If your device names are similar for department / location / etc you can use wildcards to include/exclude all/part of those. On Mon, Dec 29, 2008 at 1:40 PM, Todd Heide wrote: > I was hoping to avoid that since there are about 70 devices in ACS. I > guess the best thing to do is print out the logs from each group and go > add those to ACS, its just finding the time to do it. > > Thanks > Todd Heide > Equivoice Inc. > > CCSP CCNA CCDA > 847-235-3308 > > Nothing ever goes as planned, Its a hell of a notion, > Even pharaohs turn to sand, Like a drop in the ocean > > -----Original Message----- > From: rancid-discuss-bounces at shrubbery.net > [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Lance > Vermilion > Sent: Monday, December 29, 2008 2:38 PM > To: rancid-discuss at shrubbery.net > Subject: [rancid] Re: .clogin question > > Todd, > > I have to assume you know what devices are in the new ACS server. Take > a list of those names and then specify those before a global > specificied username/password. > > username router1 bleh > password router1 {blehpassword} {blehenablepassword} > username router2 bloh > password router2 {blohpassword} {blohenablepassword} > username * blah > password * {blahpassword} {blahenablepassword} > > On Mon, Dec 29, 2008 at 1:27 PM, Todd Heide wrote: >> Is it possible to have the cloginrc first check username/password and > then >> password for all devices? >> >> >> >> Reason I ask is we have several hundred devices that Rancid backed up, > but >> our master Tacacs server went poof, and we replaced it with Cisco ACS, > but >> not all the devices are on the new system, in fact only about 15% of > them >> are. Problem is now that they aren't on Tacacs, I have an either or >> condition, either I backup those that accept standard password >> authentication, or those with Tacacs authentication. >> >> >> >> Can it be setup to try both for all devices, except firewalls of > course. >> >> >> >> Thanks >> >> Todd >> >> >> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >> > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > From boheme at gmail.com Tue Dec 30 00:03:03 2008 From: boheme at gmail.com (Chris Knight) Date: Mon, 29 Dec 2008 16:03:03 -0800 Subject: [rancid] Does the clogin -x flag work if ssh is the transport? Message-ID: Howdy, I am new to rancid, and I apologize if this is considered a newbie question. I am trying to use rancid to send a set of canned commands to a Cisco ASA. I have installed rancid 2.3.2a7 onto a RHEL5.2 box running a 2.6.18-92.1.22.el5 kernel. I have configured .cloginrc and tested that I can log into the ASA using clogin. After verifying that I could log into the ASA via clogin, I constructed a very simple command file, that contains only two commands "show ver" and "show run". I invoke this command file with this command line: ./bin/clogin asa-office -x test.cmd What appears to happen is that clogin does in fact log into the ASA, and then it stalls. If I let it sit for five minutes, nothing happens. So, I type 'exit'. Now clogin appears to be invoking telnet, and if I let that sit for a few minutes it times out: [rancid at zack ~]$ ./bin/clogin asa-office -x test.cmd asa-office spawn ssh -c 3des -x -l proxyit asa-office proxyit at asa-office's password: Type help or '?' for a list of available commands. hq> enable Password: ************* hq# hq# exit Logoff Connection to asa-office closed by remote host. Connection to asa-office closed. -x spawn telnet -x telnet> enable ?Invalid command telnet> Error: TIMEOUT reached can not find channel named "exp6" while executing "send "\r"" ("foreach" body line 129) invoked from within "foreach router [lrange $argv $i end] { set router [string tolower $router] # attempt at platform switching. set platform "" send_user ..." (file "./bin/clogin" line 712) [rancid at zack ~]$ Is there a trick to being able to use the -x flag to invoke a list of commands when using ssh instead of telnet? -Chris From boheme at gmail.com Tue Dec 30 00:14:34 2008 From: boheme at gmail.com (Chris Knight) Date: Mon, 29 Dec 2008 16:14:34 -0800 Subject: [rancid] Re: Does the clogin -x flag work if ssh is the transport? In-Reply-To: References: Message-ID: Yes, it was a n00b question... Thank you Chris Moody for pointing out that the order of the options is indeed important. My bad. Cheers everyone, -Chris On Mon, Dec 29, 2008 at 4:03 PM, Chris Knight wrote: > Howdy, > > I am new to rancid, and I apologize if this is considered a newbie > question. I am trying to use rancid to send a set of canned commands > to a Cisco ASA. I have installed rancid 2.3.2a7 onto a RHEL5.2 box > running a 2.6.18-92.1.22.el5 kernel. I have configured .cloginrc and > tested that I can log into the ASA using clogin. From cgauthier at mapscu.com Tue Dec 30 00:48:15 2008 From: cgauthier at mapscu.com (Chris Gauthier) Date: Mon, 29 Dec 2008 16:48:15 -0800 Subject: [rancid] Re: Does the clogin -x flag work if ssh is the transport? In-Reply-To: References: Message-ID: <0A9A5A2BC1C0A94C981AF5FCF2D2F3381321724C@mshin01.mapscu.com> It is probably failing because the ASA/PIX series always logs you in at a non-privileged exec mode. To get to the privileged exec mode, you have to enter your login password a second time. Here is how my working .cloginrc is configured: # Firewalls (before global settings) # add method PIX_firewall.example.com ssh add autoenable PIX_firewall.example.com 0 add user PIX_firewall.example.com rancid add password PIX_firewall.example.com e7eet.Pa55w0rd e7eet.Pa55w0rd (I had to obfuscate the password in a fun way ) Good luck! Chris -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Chris Knight Sent: Monday, December 29, 2008 4:03 PM To: Rancid-discuss at shrubbery.net Subject: [rancid] Does the clogin -x flag work if ssh is the transport? Howdy, I am new to rancid, and I apologize if this is considered a newbie question. I am trying to use rancid to send a set of canned commands to a Cisco ASA. I have installed rancid 2.3.2a7 onto a RHEL5.2 box running a 2.6.18-92.1.22.el5 kernel. I have configured .cloginrc and tested that I can log into the ASA using clogin. After verifying that I could log into the ASA via clogin, I constructed a very simple command file, that contains only two commands "show ver" and "show run". I invoke this command file with this command line: ./bin/clogin asa-office -x test.cmd What appears to happen is that clogin does in fact log into the ASA, and then it stalls. If I let it sit for five minutes, nothing happens. So, I type 'exit'. Now clogin appears to be invoking telnet, and if I let that sit for a few minutes it times out: [rancid at zack ~]$ ./bin/clogin asa-office -x test.cmd asa-office spawn ssh -c 3des -x -l proxyit asa-office proxyit at asa-office's password: Type help or '?' for a list of available commands. hq> enable Password: ************* hq# hq# exit Logoff Connection to asa-office closed by remote host. Connection to asa-office closed. -x spawn telnet -x telnet> enable ?Invalid command telnet> Error: TIMEOUT reached can not find channel named "exp6" while executing "send "\r"" ("foreach" body line 129) invoked from within "foreach router [lrange $argv $i end] { set router [string tolower $router] # attempt at platform switching. set platform "" send_user ..." (file "./bin/clogin" line 712) [rancid at zack ~]$ Is there a trick to being able to use the -x flag to invoke a list of commands when using ssh instead of telnet? -Chris _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From oglumavd at gmail.com Wed Dec 31 04:40:07 2008 From: oglumavd at gmail.com (Oglum AVD) Date: Tue, 30 Dec 2008 20:40:07 -0800 Subject: [rancid] Re: Does the clogin -x flag work if ssh is the transport? In-Reply-To: References: Message-ID: Hi Chris; I never used -x flag but I always test it with following command to ensure device/config is functioning properly; /var/lib/rancid/bin/clogin -c 'show clock' test-c3560-acc-sw1 *Configuration example on Ubunto 8.x;* adduser rancid ?rancid /var/lib/rancid su rancid /var/lib/rancid/bin/rancid-cvs cd /var/lib/rancid rancid-run chmod 777 /var/lib/rancid/.cloginrc chown -R rancid /etc/cvsweb ===================================================== /etc/postfix/main.cf removed; myemail at email.com, , localhost.localdomain, localhost /etc/init.d/postfix restart ===================================================== *1. Add to Hosts file;* nano /etc/hosts example; 172.16.30.1 test-c3560-acc-sw1 *2. Add device password to .cloginrc* nano /root/.cloginrc example follows; add user test-c3560-acc-sw1 testacc add userpassword test-c3560-acc-sw1 password add password test-c3560-acc-sw1 password enablepassword add method test-c3560-acc-sw1 {ssh} *3. Edit to Router.db* nano /var/lib/rancid/switches/router.db nano /var/lib/rancid/CVS/switches/router.db example; test-c3560-acc-sw1:cisco:up -- Run it; ./bin/rancid-run -r test-c3560-acc-sw1 *Test:* /var/lib/rancid/bin/clogin -c 'show clock' test-c3560-acc-sw1 ./clogin test-c3560-acc-sw1 /usr/lib/rancid/bin/clogin -c 'write term' test-c3560-acc-sw1 > /var/lib/rancid/backups/test.cfg -- Configure CVSWeb - /etc/cvsweb/cvsweb.conf Basedir=/usr/local/rancid; expert basedir path=/usr/local/rancid/bin:/usr/local/bin:/usr/lib/usr/bin:/usr/bin CVSROOT=$basedir/CVS CVSWEBs; /etc/cvsweb /usr/share/cvsweb /usr/lib/cgi-bin/cvsweb /usr/share/doc/cvsweb ===================================== # run config differ hourly 1 * * * * /usr/lib/rancid/rancid-run # clean out config differ logs 50 23 * * * /usr/bin/find /var/lib/rancid/logs -type f -mtime +2 -exec rm {} \; ----------------------------------------------------------------------------------------------------- I hope this helps Dean On Mon, Dec 29, 2008 at 4:03 PM, Chris Knight wrote: > Howdy, > > I am new to rancid, and I apologize if this is considered a newbie > question. I am trying to use rancid to send a set of canned commands > to a Cisco ASA. I have installed rancid 2.3.2a7 onto a RHEL5.2 box > running a 2.6.18-92.1.22.el5 kernel. I have configured .cloginrc and > tested that I can log into the ASA using clogin. > > After verifying that I could log into the ASA via clogin, I > constructed a very simple command file, that contains only two > commands "show ver" and "show run". I invoke this command file with > this command line: > > ./bin/clogin asa-office -x test.cmd > > What appears to happen is that clogin does in fact log into the ASA, > and then it stalls. If I let it sit for five minutes, nothing > happens. So, I type 'exit'. Now clogin appears to be invoking > telnet, and if I let that sit for a few minutes it times out: > > [rancid at zack ~]$ ./bin/clogin asa-office -x test.cmd > asa-office > spawn ssh -c 3des -x -l proxyit asa-office > proxyit at asa-office's password: > Type help or '?' for a list of available commands. > hq> enable > Password: ************* > hq# > hq# exit > > Logoff > > Connection to asa-office closed by remote host. > Connection to asa-office closed. > -x > spawn telnet -x > telnet> enable > ?Invalid command > telnet> > Error: TIMEOUT reached > can not find channel named "exp6" > while executing > "send "\r"" > ("foreach" body line 129) > invoked from within > "foreach router [lrange $argv $i end] { > set router [string tolower $router] > # attempt at platform switching. > set platform "" > send_user ..." > (file "./bin/clogin" line 712) > [rancid at zack ~]$ > > > Is there a trick to being able to use the -x flag to invoke a list > of commands when using ssh instead of telnet? > > -Chris > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20081230/1cd70ac9/attachment.html From oglumavd at gmail.com Wed Dec 31 06:14:25 2008 From: oglumavd at gmail.com (Oglum AVD) Date: Tue, 30 Dec 2008 22:14:25 -0800 Subject: [rancid] Re: Rancid with Cisco ACS 4.x Issue In-Reply-To: References: Message-ID: Here's latest update on this; /var/lib/rancid/bin/clogin -t -c 'show clock' test-c3560-48-sw.mydomain.comlog 2>&1 show clock *Error: no password for show clock in /root/.cloginrc.* test-c3560-48-sw.mydomain.com spawn ssh -c 3des -x -l ddnetman test-c3560-48-sw.mydomain.com *Error: TIMEOUT reached log Error: no password for log in /root/.cloginrc* ** *Password Verification:* nano .cloginrc add autoenable *.mydomain.com 1 add user *.mydomain.com testacc add password *.mydomain.com password add method *.mydomain.com {ssh} *Test ssh from this device to switch;* root at 804:~# ssh -l testacc test-c3560-48-sw.mydomain.com testacc at test-c3560-48-sw.mydomain.com's password: test-c3560-48-sw.mydomain.com#*show clock* 22:07:13.168 PST Tue Dec 30 2008 test-c3560-48-sw.mydomain.com# it works OK. using Cisco ACS 4.x and ACS local account. Any suggestion? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20081230/ab766544/attachment.html From oglumavd at gmail.com Wed Dec 31 04:52:35 2008 From: oglumavd at gmail.com (Oglum AVD) Date: Tue, 30 Dec 2008 20:52:35 -0800 Subject: [rancid] Re: Permission denied, please try again message In-Reply-To: <5A344813F87C4B4AB15C8753DC56FD6A19E94F574D@CMSMAIL.Spectrumhealth.com> References: <5A344813F87C4B4AB15C8753DC56FD6A19E94F574D@CMSMAIL.Spectrumhealth.com> Message-ID: How is your ACS configure? Are you mapping DNS/Group --> ACS group or local ACS account? If you are mapping DNS groups to ACS, make sure your account is ONLY one security group that maps to ACS group. User account can be in multiple group, but you need to re-arrange it in ACS mapping, basicly first group will win situation... I had same issue, my account was member of multiple security group in AD and some of these groups were mapped to ACS group. I created ACS local account and it worked like champ :-). I test login using Rancid on switch and router and worked OK. However, if it times out and I think lot of people having same issue. Example; /var/lib/rancid/bin/clogin -c 'show clock' test-c3560-acc-sw1 - logs into switch and waits... finaly times out :-( Sample; 1. nano /root/.cloginrc example follows; add user test-c3560-acc-sw1 testacc (local ACS account) add userpassword test-c3560-acc-sw1 password add password test-c3560-acc-sw1 password enablepassword add method test-c3560-acc-sw1 {ssh} On Fri, Dec 26, 2008 at 7:03 AM, Scott Kee wrote: > Rancid is backing up all of our pix501 firewall. I used to use local > account to logon to the pix501 but recently we changed to radius. > > Ever since we made the change we can't log on to 3 501s using clogin. It > lets me logon to the rest of the 30 pixes. > > > > Error message: > > Permission denied, please try again > > Error: Check your passwd for device name > > > > I am able to logon via ssh > > > > > > Anyone have idea? > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20081230/f5174a9c/attachment.html From peter.serwe at gmail.com Wed Dec 31 05:38:23 2008 From: peter.serwe at gmail.com (Peter Serwe) Date: Tue, 30 Dec 2008 21:38:23 -0800 Subject: [rancid] Re: Does the clogin -x flag work if ssh is the transport? In-Reply-To: References: Message-ID: clogin -x doesn't care what the transport is, as long as it's functional. If you spec ssh as the transport against a non-ssh router (yes, they exist), it won't work. If you spec telnet as the transport and it's an ssh only router, it won't work. (Nice line wraps ;)) Irrespective, if clogin works, then certain clogin -x works the exact same way, provided the command file is in the format of one command per line, and the commands are valid for the router, in which case clogin will log in, execute the command file, and log out of the router. Below is a sample commandfile I used to address all routers of a certain type in my environment during the 2 hour presentation I did on building and using rancid: no events conf t snmp-server contact "Tier 3 NOC" snmp-server contact phone "xxx-xxx-xxxx" snmp-server contact email "t3noc at domain.tld" no snmp-server chassis-id exit wr mem On Tue, Dec 30, 2008 at 8:40 PM, Oglum AVD wrote: > Hi Chris; > > I never used -x flag but I always test it with following command to ensure > device/config is functioning properly; > /var/lib/rancid/bin/clogin -c 'show clock' test-c3560-acc-sw1 > > Configuration example on Ubunto 8.x; > adduser rancid ?Crancid /var/lib/rancid > su rancid > /var/lib/rancid/bin/rancid-cvs > cd /var/lib/rancid > rancid-run > chmod 777 /var/lib/rancid/.cloginrc > chown -R rancid /etc/cvsweb > ===================================================== > /etc/postfix/main.cf > removed; > myemail at email.com, , localhost.localdomain, localhost > /etc/init.d/postfix restart > ===================================================== > 1. Add to Hosts file; > nano /etc/hosts > example; 172.16.30.1 test-c3560-acc-sw1 > > 2. Add device password to .cloginrc > nano /root/.cloginrc > example follows; > add user test-c3560-acc-sw1 testacc > add userpassword test-c3560-acc-sw1 password > add password test-c3560-acc-sw1 password enablepassword > add method test-c3560-acc-sw1 {ssh} > > 3. Edit to Router.db > nano /var/lib/rancid/switches/router.db > nano /var/lib/rancid/CVS/switches/router.db > example; test-c3560-acc-sw1:cisco:up > > -- Run it; > ./bin/rancid-run -r test-c3560-acc-sw1 > Test: > /var/lib/rancid/bin/clogin -c 'show clock' test-c3560-acc-sw1 > ./clogin test-c3560-acc-sw1 > /usr/lib/rancid/bin/clogin -c 'write term' test-c3560-acc-sw1 > > /var/lib/rancid/backups/test.cfg > -- Configure CVSWeb - > /etc/cvsweb/cvsweb.conf > Basedir=/usr/local/rancid; expert basedir > path=/usr/local/rancid/bin:/usr/local/bin:/usr/lib/usr/bin:/usr/bin > CVSROOT=$basedir/CVS > CVSWEBs; > /etc/cvsweb > /usr/share/cvsweb > /usr/lib/cgi-bin/cvsweb > /usr/share/doc/cvsweb > ===================================== > # run config differ hourly > 1 * * * * /usr/lib/rancid/rancid-run > # clean out config differ logs > 50 23 * * * /usr/bin/find /var/lib/rancid/logs -type f -mtime +2 -exec rm {} > \; > ----------------------------------------------------------------------------------------------------- > I hope this helps > > Dean > > > > On Mon, Dec 29, 2008 at 4:03 PM, Chris Knight wrote: >> >> Howdy, >> >> I am new to rancid, and I apologize if this is considered a newbie >> question. I am trying to use rancid to send a set of canned commands >> to a Cisco ASA. I have installed rancid 2.3.2a7 onto a RHEL5.2 box >> running a 2.6.18-92.1.22.el5 kernel. I have configured .cloginrc and >> tested that I can log into the ASA using clogin. >> >> After verifying that I could log into the ASA via clogin, I >> constructed a very simple command file, that contains only two >> commands "show ver" and "show run". I invoke this command file with >> this command line: >> >> ./bin/clogin asa-office -x test.cmd >> >> What appears to happen is that clogin does in fact log into the ASA, >> and then it stalls. If I let it sit for five minutes, nothing >> happens. So, I type 'exit'. Now clogin appears to be invoking >> telnet, and if I let that sit for a few minutes it times out: >> >> [rancid at zack ~]$ ./bin/clogin asa-office -x test.cmd >> asa-office >> spawn ssh -c 3des -x -l proxyit asa-office >> proxyit at asa-office's password: >> Type help or '?' for a list of available commands. >> hq> enable >> Password: ************* >> hq# >> hq# exit >> >> Logoff >> >> Connection to asa-office closed by remote host. >> Connection to asa-office closed. >> -x >> spawn telnet -x >> telnet> enable >> ?Invalid command >> telnet> >> Error: TIMEOUT reached >> can not find channel named "exp6" >> while executing >> "send "\r"" >> ("foreach" body line 129) >> invoked from within >> "foreach router [lrange $argv $i end] { >> set router [string tolower $router] >> # attempt at platform switching. >> set platform "" >> send_user ..." >> (file "./bin/clogin" line 712) >> [rancid at zack ~]$ >> >> >> Is there a trick to being able to use the -x flag to invoke a list >> of commands when using ssh instead of telnet? >> >> -Chris >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -- ???`???` From CBell at thig.com Wed Dec 31 11:05:11 2008 From: CBell at thig.com (Chris Bell) Date: Wed, 31 Dec 2008 06:05:11 -0500 Subject: [rancid] Re: Rancid with Cisco ACS 4.x Issue In-Reply-To: Message-ID: Is your password enclosed in {password} ? Did you try with IP rather than DNS? ________________________________ From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Oglum AVD Sent: Wednesday, December 31, 2008 1:14 AM To: rancid-discuss at shrubbery.net Subject: [rancid] Re: Rancid with Cisco ACS 4.x Issue Here's latest update on this; /var/lib/rancid/bin/clogin -t -c 'show clock' test-c3560-48-sw.mydomain.com log 2>&1 show clock Error: no password for show clock in /root/.cloginrc. test-c3560-48-sw.mydomain.com spawn ssh -c 3des -x -l ddnetman test-c3560-48-sw.mydomain.com Error: TIMEOUT reached log Error: no password for log in /root/.cloginrc Password Verification: nano .cloginrc add autoenable *.mydomain.com 1 add user *.mydomain.com testacc add password *.mydomain.com password add method *.mydomain.com {ssh} Test ssh from this device to switch; root at 804:~# ssh -l testacc test-c3560-48-sw.mydomain.com testacc at test-c3560-48-sw.mydomain.com's password: test-c3560-48-sw.mydomain.com#show clock 22:07:13.168 PST Tue Dec 30 2008 test-c3560-48-sw.mydomain.com# it works OK. using Cisco ACS 4.x and ACS local account. Any suggestion? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20081231/27e5c8a1/attachment.html From Todd at equivoice.com Wed Dec 31 15:25:37 2008 From: Todd at equivoice.com (Todd Heide) Date: Wed, 31 Dec 2008 09:25:37 -0600 Subject: [rancid] Re: Rancid with Cisco ACS 4.x Issue In-Reply-To: References: Message-ID: <082FEA82DC985B4F8A6B412D5AC4E2200148C0EF@exchange.Equivoice.local> Not exactly sure what you are doing wrong there, but there shouldn't be any issues using ACS as the tacacs server, provided you are using Tacacs and not radius for authentication, are you also using authorization? When you log in manually are you doing it as the rancid user account or a different server account? I have found if I log in as root and do test connections they always worked, but not always as rancid. I would go through your logs on ACS instead of rancid since it looks like your .clogin is correct, with the exception of the @domain, mine is the same. Thanks Todd From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Chris Bell Sent: Wednesday, December 31, 2008 5:05 AM To: Oglum AVD; rancid-discuss at shrubbery.net Subject: [rancid] Re: Rancid with Cisco ACS 4.x Issue Is your password enclosed in {password} ? Did you try with IP rather than DNS? ________________________________ From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Oglum AVD Sent: Wednesday, December 31, 2008 1:14 AM To: rancid-discuss at shrubbery.net Subject: [rancid] Re: Rancid with Cisco ACS 4.x Issue Here's latest update on this; /var/lib/rancid/bin/clogin -t -c 'show clock' test-c3560-48-sw.mydomain.com log 2>&1 show clock Error: no password for show clock in /root/.cloginrc. test-c3560-48-sw.mydomain.com spawn ssh -c 3des -x -l ddnetman test-c3560-48-sw.mydomain.com Error: TIMEOUT reached log Error: no password for log in /root/.cloginrc Password Verification: nano .cloginrc add autoenable *.mydomain.com 1 add user *.mydomain.com testacc add password *.mydomain.com password add method *.mydomain.com {ssh} Test ssh from this device to switch; root at 804:~# ssh -l testacc test-c3560-48-sw.mydomain.com testacc at test-c3560-48-sw.mydomain.com's password: test-c3560-48-sw.mydomain.com# show clock 22:07:13.168 PST Tue Dec 30 2008 test-c3560-48-sw.mydomain.com# it works OK. using Cisco ACS 4.x and ACS local account. Any suggestion? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20081231/641e1c18/attachment.html From ryan at muppethouse.com Wed Dec 31 15:22:30 2008 From: ryan at muppethouse.com (Ryan Shea) Date: Wed, 31 Dec 2008 10:22:30 -0500 Subject: [rancid] Erratic "e" and "x" characters with clogin and hlogin Message-ID: <469e38160812310722r1adbc223n6ff026c93e0bece1@mail.gmail.com> We run rancid against two different kinds of devices, one using clogin and one using hlogin, but we often see erratic config differences. It seems that almost randomly "e" or "x" characters will show up toward the beginning of certain lines. Here are a few examples: @@ -7 +7 @@ - timezone Etc/UTC + etimezone Etc/UTC @@ -35 +35 @@ - e speed auto + speed auto @@ -4 +4 @@ - !xiBGP table version is 0, local router ID is 10.10.10.10 + !BGP table version is 0, local router ID is 10.10.10.10 This is troubling because with the number of devices we check there is almost always a flake-out on a few of them, making config change notifications very spammy. I am running this system on on an Ubuntu Hardy server with expect version 5.43.0. It did not look like the expect patch had anything to do with these random characters, so I have not patched/hacked my expect. In the past I have seen this - as well as seemingly random spaces at the beginning of lines with Cisco ASAs - on RHEL 5 machines as well. Any pointers in the right direction would be appreciated. Thanks, Ryan -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20081231/84e5ecc5/attachment.html From ryanshea+rancid at gmail.com Wed Dec 31 18:08:17 2008 From: ryanshea+rancid at gmail.com (Ryan Shea) Date: Wed, 31 Dec 2008 13:08:17 -0500 Subject: [rancid] Erratic "e" and "x" characters with clogin and hlogin Message-ID: <469e38160812311008wa2e55f2ted70132b427b9ec0@mail.gmail.com> We run rancid against two different kinds of devices, one using clogin and one using hlogin, but we often see erratic config differences. It seems that almost randomly "e" or "x" characters will show up toward the beginning of certain lines. Here are a few examples: @@ -7 +7 @@ - timezone Etc/UTC + etimezone Etc/UTC @@ -35 +35 @@ - e speed auto + speed auto @@ -4 +4 @@ - !xiBGP table version is 0, local router ID is 10.10.10.10 + !BGP table version is 0, local router ID is 10.10.10.10 This is troubling because with the number of devices we check there is almost always a flake-out on a few of them, making config change notifications very spammy. I am running this system on on an Ubuntu Hardy server with expect version 5.43.0. It did not look like the expect patch had anything to do with these random characters, so I have not patched/hacked my expect. In the past I have seen this - as well as seemingly random spaces at the beginning of lines with Cisco ASAs - on RHEL 5 machines as well. Any pointers in the right direction would be appreciated. Thanks, Ryan -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20081231/6fc1d1b2/attachment.html From mashcraft at omniture.com Wed Dec 31 18:29:40 2008 From: mashcraft at omniture.com (Mike Ashcraft) Date: Wed, 31 Dec 2008 11:29:40 -0700 Subject: [rancid] Re: Rancid with Cisco ACS 4.x Issue In-Reply-To: References: Message-ID: <45EB285310B55542A513F93230F0A53308AE4236@EXCHANGE0.orm.omniture.com> Your test command line needs some work. For example, clogin is trying to connect to the routers 'show clock' and 'log'. Start by removing all spaces between the -c and the command string. You also need to set a value for the timeout or remove the -t option. Your output redirection needs some work as well, you can test without it. For example: /var/lib/rancid/bin/clogin -t30 -c'show clock' test-c3560-48-sw.mydomain Hope that helps, Mike From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Oglum AVD Sent: Tuesday, December 30, 2008 11:14 PM To: rancid-discuss at shrubbery.net Subject: [rancid] Re: Rancid with Cisco ACS 4.x Issue Here's latest update on this; /var/lib/rancid/bin/clogin -t -c 'show clock' test-c3560-48-sw.mydomain.com log 2>&1 show clock Error: no password for show clock in /root/.cloginrc. test-c3560-48-sw.mydomain.com spawn ssh -c 3des -x -l ddnetman test-c3560-48-sw.mydomain.com Error: TIMEOUT reached log Error: no password for log in /root/.cloginrc Password Verification: nano .cloginrc add autoenable *.mydomain.com 1 add user *.mydomain.com testacc add password *.mydomain.com password add method *.mydomain.com {ssh} Test ssh from this device to switch; root at 804:~# ssh -l testacc test-c3560-48-sw.mydomain.com testacc at test-c3560-48-sw.mydomain.com's password: test-c3560-48-sw.mydomain.com# show clock 22:07:13.168 PST Tue Dec 30 2008 test-c3560-48-sw.mydomain.com# it works OK. using Cisco ACS 4.x and ACS local account. Any suggestion? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20081231/2bd2b514/attachment.html