[rancid] Re: Rancid with Cisco ACS 4.x Issue

Chris Bell CBell at thig.com
Tue Dec 9 12:04:42 UTC 2008


I've been using RANCID with the Cisco ACS server for a while now with no
issues after the initial setup for authenticating to my devices (HP,
Cisco, Force 10).  I used NDG's and added my RANCID user to the Domain.
Mapped the ACS group to the AD group and Voila!!  
 
One problem I have noticed however with Cisco ACS is that if the user is
a member of more than once user group with different types of
authentication (TACACS or RADIUS), one or the other will work but not
both.  For example:
 
User has access to all network devices using AD account and TACACS
authentication over the ACS.
 
Same user has VPN access and firewall points RADIUS authentication to
the ACS.  
 
It don't work - I have a TAC case open, but no word yet.

________________________________

From: rancid-discuss-bounces at shrubbery.net
[mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Oglum AVD
Sent: Sunday, December 07, 2008 9:07 PM
To: rancid-discuss at shrubbery.net
Subject: [rancid] Rancid with Cisco ACS 4.x Issue


I have been running Rancid a while and everything has been great until
recent.
We purchased Cisco ACS 4.x and of-course authentication is going thru
the ACS server.  I have been having issue with when Rancid access the
router, nothing displays;
 
Example:
root at linux804:/var/lib/rancid# /var/lib/rancid/bin/clogin  -c 'sho
clock' c3560-24-sw1
hsparkeast-c3560-24-sw1
spawn ssh -c 3des -x -l netman c3560-24-sw1
netman at c3560-24-sw1's password:
Error: TIMEOUT reached
root at linux804:/var/lib/rancid#
 
if I removed the device from ACS and use local account, everything work
great!
 
Any help greatly appreciated!
 
OglumAVD
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20081209/0d48f0d1/attachment.html 


More information about the Rancid-discuss mailing list