[rancid] Re: Rancid with Cisco ACS 4.x Issue

Todd Heide Todd at equivoice.com
Wed Dec 31 15:25:37 UTC 2008


Not exactly sure what you are doing wrong there, but there shouldn't be
any issues using ACS as the tacacs server, provided you are using Tacacs
and not radius for authentication, are you also using authorization?
When you log in manually are you doing it as the rancid user account or
a different server account? I have found if I log in as root and do test
connections they always worked, but not always as rancid.  I would go
through your logs on ACS instead of rancid since it looks like your
.clogin is correct, with the exception of the @domain, mine is the same.


 

Thanks

Todd

 

From: rancid-discuss-bounces at shrubbery.net
[mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Chris Bell
Sent: Wednesday, December 31, 2008 5:05 AM
To: Oglum AVD; rancid-discuss at shrubbery.net
Subject: [rancid] Re: Rancid with Cisco ACS 4.x Issue

 

Is your password enclosed in {password} ?

 

Did you try with IP rather than DNS? 

 

________________________________

From: rancid-discuss-bounces at shrubbery.net
[mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Oglum AVD
Sent: Wednesday, December 31, 2008 1:14 AM
To: rancid-discuss at shrubbery.net
Subject: [rancid] Re: Rancid with Cisco ACS 4.x Issue

Here's latest update on this;

 

/var/lib/rancid/bin/clogin -t -c  'show clock'
test-c3560-48-sw.mydomain.com log 2>&1 
show clock

Error: no password for show clock in /root/.cloginrc.
test-c3560-48-sw.mydomain.com
spawn ssh -c 3des -x -l ddnetman test-c3560-48-sw.mydomain.com
Error: TIMEOUT reached log
Error: no password for log in /root/.cloginrc

 

Password Verification:
nano .cloginrc
add autoenable *.mydomain.com 1
add user *.mydomain.com testacc
add password *.mydomain.com password
add method *.mydomain.com {ssh}

 

Test ssh from this device to switch;
root at 804:~# ssh -l testacc test-c3560-48-sw.mydomain.com
testacc at test-c3560-48-sw.mydomain.com's password: 
test-c3560-48-sw.mydomain.com# <http://test-c3560-48-sw.mydomain.com>
show clock
22:07:13.168 PST Tue Dec 30 2008
test-c3560-48-sw.mydomain.com# <http://test-c3560-48-sw.mydomain.com> 
it works OK.

 

using Cisco ACS 4.x and ACS local account.

Any suggestion?


 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20081231/641e1c18/attachment.html 


More information about the Rancid-discuss mailing list