[rancid] Re: Permission denied, please try again message

[Oglum AVD]

How is your ACS configure?
Are you mapping DNS/Group --> ACS group or local ACS account?
If you are mapping DNS groups to ACS, make sure your account is ONLY one
security group that maps to ACS group.  User account can be in multiple
group, but you need to re-arrange it in ACS mapping, basicly first group
will win situation...

I had same issue, my account was member of multiple security group in AD and
some of these groups were mapped to ACS group. I created ACS local account
and it worked like champ :-).  I test login using Rancid on switch and
router and worked OK.  However, if it times out and I think lot of people
having same issue.
Example; /var/lib/rancid/bin/clogin  -c 'show clock' test-c3560-acc-sw1 -
logs into switch and waits... finaly times out :-(

Sample;
1. nano /root/.cloginrc
example follows;
add user test-c3560-acc-sw1 testacc (local ACS account)
add userpassword test-c3560-acc-sw1 password
add password test-c3560-acc-sw1 password enablepassword
add method test-c3560-acc-sw1 {ssh}


On Fri, Dec 26, 2008 at 7:03 AM, Scott Kee <SKee at cmsstl.com> wrote:

>  Rancid is backing up all of our pix501 firewall.  I used to use local
> account to logon to the pix501 but recently we changed to radius.
>
> Ever since we made the change we can't log on to 3 501s using clogin.  It
> lets me logon to the rest of the 30 pixes.
>
>
>
> Error message:
>
> Permission denied, please try again
>
> Error: Check your passwd for device name
>
>
>
> I am able to logon via ssh
>
>
>
>
>
> Anyone have idea?
>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20081230/f5174a9c/attachment.html