[rancid] Re: rancid bombing out on "dir /all disk0:" when command not authorized by AAA
Jethro R Binks
jethro.binks at strath.ac.uk
Tue Mar 9 19:47:38 UTC 2010
On Tue, 9 Mar 2010, john heasley wrote:
> > I'm trying to collect configs from a bunch of Cisco ASA 5500 series
> > firewalls.
> >
> > Recently we brought them into production and as part of that exercise,
> > enabled AAA (TACACS). The command set doesn't permit some of the
> > commands RANCID is attempting to execute. It looks like it's bombing
> > out when parsing the output from 'dir /all disk0:', which in this case
> > is "Command authorization failed".
> >
> > I'll probably just end up adding this command to the authorised set,
> > but am I missing something or is this behaviour a bit .. ungraceful?
> > :-)
>
> nope; it expects to be able to run the commands and was not written with
> the idea that folks would care that it be able to run them.
I don't use AAA in this case, and I can't remember all the details, but
here's at least some of what I did with one of my ASA5500s:
username rancid password blahblah encrypted privilege 7
privilege cmd level 7 mode exec command more
privilege cmd level 7 mode exec command dir
privilege cmd level 7 mode exec command write
privilege cmd level 7 mode exec command terminal
privilege show level 7 mode exec command running-config
privilege show level 7 mode exec command version
privilege show level 7 mode exec command bootvar
privilege show level 7 mode exec command names
privilege show level 7 mode exec command vlan
privilege show level 7 mode exec command module
Jethro.
. . . . . . . . . . . . . . . . . . . . . . . . .
Jethro R Binks
Computing Officer, IT Services, University Of Strathclyde, Glasgow, UK
More information about the Rancid-discuss
mailing list