[rancid] Re: rancid bombing out on "dir /all disk0:" when command not authorized by AAA

[Jethro R Binks]

On Tue, 9 Mar 2010, john heasley wrote:

> > I'm trying to collect configs from a bunch of Cisco ASA 5500 series 
> > firewalls.
> > 
> > Recently we brought them into production and as part of that exercise,
> > enabled AAA (TACACS). The command set doesn't permit some of the
> > commands RANCID is attempting to execute. It looks like it's bombing
> > out when parsing the output from 'dir /all disk0:', which in this case
> > is "Command authorization failed".
> > 
> > I'll probably just end up adding this command to the authorised set,
> > but am I missing something or is this behaviour a bit .. ungraceful?
> > :-)
> 
> nope; it expects to be able to run the commands and was not written with 
> the idea that folks would care that it be able to run them. 

I don't use AAA in this case, and I can't remember all the details, but 
here's at least some of what I did with one of my ASA5500s:

username rancid password blahblah encrypted privilege 7

privilege cmd level 7 mode exec command more
privilege cmd level 7 mode exec command dir
privilege cmd level 7 mode exec command write
privilege cmd level 7 mode exec command terminal
privilege show level 7 mode exec command running-config
privilege show level 7 mode exec command version
privilege show level 7 mode exec command bootvar
privilege show level 7 mode exec command names
privilege show level 7 mode exec command vlan
privilege show level 7 mode exec command module

Jethro.

.  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .
Jethro R Binks
Computing Officer, IT Services, University Of Strathclyde, Glasgow, UK