From gmccullagh at gmail.com Tue Feb 1 00:04:15 2011 From: gmccullagh at gmail.com (Gavin McCullagh) Date: Tue, 1 Feb 2011 00:04:15 +0000 Subject: [rancid] rancid with Fortigate FG100A In-Reply-To: <201101311010.00032.diego.ercolani@ssis.sm> References: <20110130170234.GR13825@gmail.com> <201101311010.00032.diego.ercolani@ssis.sm> Message-ID: <20110201000415.GC2140@gmail.com> Hi, On Mon, 31 Jan 2011, Diego Ercolani wrote: > I've already submitted patch to accomplish fortinet. Here it is the relevant > post: > http://www.shrubbery.net/pipermail/rancid-discuss/2009-June/004005.html > > if you see in the mailing list there are time to time modifications. I see, thanks very much. I've upgraded to v2.3.6 (I was using the debian packages which are v2.3.2) and it seems to work. The only trouble I see so far is that we're getting repeated patches with lines like: - !System time: Mon Jan 31 22:11:05 2011 + !System time: Mon Jan 31 23:11:09 2011 and: - #conf_file_ver=7138776372466847334 + #conf_file_ver=2985214935052655642 So I'm experimenting with a patch: --------------------------------------------------------------------------------- --- /usr/local/rancid/bin/fnrancid.orig 2011-01-31 23:59:10.000000000 +0000 +++ /usr/local/rancid/bin/fnrancid 2011-01-31 23:59:54.000000000 +0000 @@ -175,7 +175,7 @@ next if /^\s*$/; last if (/$prompt/); - next if (/^System Time:/); + next if (/^System Time:/i); next if (/^\s*Virus-DB: .*/); next if (/^\s*Extended DB: .*/); next if (/^\s*IPS-DB: .*/); @@ -207,7 +207,7 @@ # System time is fortigate extraction time next if (/^\s*!System time:/); # remove occurrances of conf_file_ver - next if (/^conf_file_ver=/); + next if (/^#?conf_file_ver=/); # filter variabilities between configurations. password encryption # upon each display of the configuration. if (/^\s*(set [^\s]*)\s(Enc\s[^\s]+)(.*)/i && $filter_pwds > 0 ) { --------------------------------------------------------------------------------- I'm also seeing the two RSA Private Keys changing regularly which is very odd. I'm not sure if that tells me something's odd about the firewall rather than about Rancid, but I'm seeing this on two different FG100A firewalls. Gavin From bigbrother at gmx.ch Tue Feb 1 16:43:09 2011 From: bigbrother at gmx.ch (bigbrother at gmx.ch) Date: Tue, 01 Feb 2011 17:43:09 +0100 Subject: [rancid] rancid-run failure Message-ID: <20110201164309.37020@gmx.net> Hi there I tried to install rancid. I did it with an rpm under centos. If I try run ruancid-run I get the following log output: $ cat logs/networking.20110201.173138 starting: Tue Feb 1 17:31:38 CET 2011 cvs status: cannot open CVS/Entries for reading: No such file or directory cvs status: use `cvs add' to create an entry for 10.100.48.18 cvs add: in directory .: cvs [add aborted]: there is no version here; do 'cvs checkout' first CVS added missing router 10.100.48.18 Trying to get all of the configs. All routers sucessfully completed. cvs diff: in directory .: cvs [diff aborted]: there is no version here; run 'cvs checkout' first cvs commit: in directory .: cvs [commit aborted]: there is no version here; run 'cvs checkout' first CVS is installed and CVSROOT is already created via rancid-cvs. I also get the configuration from the device but it's not moved to the cvs system. Somebody out there who can help? Kind regards bb -- GMX DSL Doppel-Flat ab 19,99 Euro/mtl.! Jetzt mit gratis Handy-Flat! http://portal.gmx.net/de/go/dsl From Ian.Murphy at populous.com Tue Feb 1 19:08:49 2011 From: Ian.Murphy at populous.com (Ian Murphy) Date: Tue, 1 Feb 2011 13:08:49 -0600 Subject: [rancid] rancid-run failure In-Reply-To: <20110201164309.37020@gmx.net> References: <20110201164309.37020@gmx.net> Message-ID: <71E4C3C936BF364FAC4E44AD90ECCCD30D01F888F1@US-MAIL.pop.local> I followed this tutorial to the letter and am very pleased: http://www.debian-administration.org/articles/429 -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of bigbrother at gmx.ch Sent: Tuesday, February 01, 2011 10:43 AM To: rancid-discuss at shrubbery.net Subject: [rancid] rancid-run failure Hi there I tried to install rancid. I did it with an rpm under centos. If I try run ruancid-run I get the following log output: $ cat logs/networking.20110201.173138 starting: Tue Feb 1 17:31:38 CET 2011 cvs status: cannot open CVS/Entries for reading: No such file or directory cvs status: use `cvs add' to create an entry for 10.100.48.18 cvs add: in directory .: cvs [add aborted]: there is no version here; do 'cvs checkout' first CVS added missing router 10.100.48.18 Trying to get all of the configs. All routers sucessfully completed. cvs diff: in directory .: cvs [diff aborted]: there is no version here; run 'cvs checkout' first cvs commit: in directory .: cvs [commit aborted]: there is no version here; run 'cvs checkout' first CVS is installed and CVSROOT is already created via rancid-cvs. I also get the configuration from the device but it's not moved to the cvs system. Somebody out there who can help? Kind regards bb -- GMX DSL Doppel-Flat ab 19,99 Euro/mtl.! Jetzt mit gratis Handy-Flat! http://portal.gmx.net/de/go/dsl _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss The information contained in this electronic communication, as well as in any attachments, may contain confidential or privileged information and may constitute non-public information, and is intended solely for use by the addressee(s). Any other use, disclosure, dissemination, distribution or copying of this electronic communication is strictly prohibited, may constitute an interference with Populous confidential business relationships and may be unlawful. If you received this communication in error, please notify me immediately and permanently delete the original and any electronic or printed copies of this electronic communication (including any attachments). Populous makes no representation regarding the absence of any virus in any attachment and expressly disclaims any responsibility for any damage suffered from the presence of a virus. From bigbrother at gmx.ch Tue Feb 1 19:47:19 2011 From: bigbrother at gmx.ch (bigbrother at gmx.ch) Date: Tue, 01 Feb 2011 20:47:19 +0100 Subject: [rancid] rancid-run failure In-Reply-To: <71E4C3C936BF364FAC4E44AD90ECCCD30D01F888F1@US-MAIL.pop.local> References: <20110201164309.37020@gmx.net> <71E4C3C936BF364FAC4E44AD90ECCCD30D01F888F1@US-MAIL.pop.local> Message-ID: <20110201194719.44420@gmx.net> Hi Ian Your link has helped me a lot. My mistake was the directory permissions. - set the correct persissions - deleted the $BASEDIR/ - rancid-cvs - edit the router.db - configure host name resolution in /etc/hosts - configure .cloginrc with the hostname - rancid-run ... and it rocks ... Many thanx for anybody's help and response. bb -------- Original-Nachricht -------- > Datum: Tue, 1 Feb 2011 13:08:49 -0600 > Von: Ian Murphy > An: "bigbrother at gmx.ch" , "rancid-discuss at shrubbery.net" > Betreff: RE: [rancid] rancid-run failure > I followed this tutorial to the letter and am very pleased: > http://www.debian-administration.org/articles/429 > > > -----Original Message----- > From: rancid-discuss-bounces at shrubbery.net > [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of bigbrother at gmx.ch > Sent: Tuesday, February 01, 2011 10:43 AM > To: rancid-discuss at shrubbery.net > Subject: [rancid] rancid-run failure > > Hi there > > I tried to install rancid. I did it with an rpm under centos. > If I try run ruancid-run I get the following log output: > > > $ cat logs/networking.20110201.173138 > starting: Tue Feb 1 17:31:38 CET 2011 > > cvs status: cannot open CVS/Entries for reading: No such file or directory > cvs status: use `cvs add' to create an entry for 10.100.48.18 cvs add: in > directory .: > cvs [add aborted]: there is no version here; do 'cvs checkout' first CVS > added missing router 10.100.48.18 > > > Trying to get all of the configs. > All routers sucessfully completed. > > cvs diff: in directory .: > cvs [diff aborted]: there is no version here; run 'cvs checkout' first cvs > commit: in directory .: > cvs [commit aborted]: there is no version here; run 'cvs checkout' first > > > CVS is installed and CVSROOT is already created via rancid-cvs. > > I also get the configuration from the device but it's not moved to the cvs > system. > > Somebody out there who can help? > > > Kind regards > bb > -- > GMX DSL Doppel-Flat ab 19,99 Euro/mtl.! Jetzt mit gratis Handy-Flat! > http://portal.gmx.net/de/go/dsl _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > The information contained in this electronic communication, as well as in > any attachments, may contain confidential or privileged information and may > constitute non-public information, and is intended solely for use by the > addressee(s). Any other use, disclosure, dissemination, distribution or > copying of this electronic communication is strictly prohibited, may constitute > an interference with Populous confidential business relationships and may > be unlawful. If you received this communication in error, please notify me > immediately and permanently delete the original and any electronic or > printed copies of this electronic communication (including any attachments). > Populous makes no representation regarding the absence of any virus in any > attachment and expressly disclaims any responsibility for any damage suffered > from the presence of a virus. > -- Neu: GMX De-Mail - Einfach wie E-Mail, sicher wie ein Brief! Jetzt De-Mail-Adresse reservieren: http://portal.gmx.net/de/go/demail From rhooper at wheelercat.com Tue Feb 1 21:08:39 2011 From: rhooper at wheelercat.com (Rhett Hooper) Date: Tue, 1 Feb 2011 14:08:39 -0700 Subject: [rancid] [patch] Filter oscillating VLAN port membership when VTP Pruning Message-ID: Hello all, I recently installed rancid 2.3.6 to provide revision control for our Cisco gear. Thanks for this great project. I quickly found that VTP pruning was causing VLAN port membership changes that show up in the diffs. I found the thread from last July where Marty noticed the same problem (http://www.shrubbery.net/pipermail/rancid-discuss/2010-July/005054.html). I really wish the output from "show vlan brief" was truly brief. I couldn't find a way to get IOS to just show a list of the VLAN numbers with their names, so I made the following patch to rancid. It filters the VLAN port membership from the output of "show vlan" when it finds that VTP Pruning is enabled. In our environment, 802.1X VLAN assignments also cause port membership changes that result in needless diffs. On our install, I plan to always filter VLAN port membership. Since we have less than 100 routers and switches in our environment, I thought I'd submit this VTP Pruning patch to the list for wider review. --- rancid-2.3.6/bin/rancid.orig 2011-01-28 13:36:40.000000000 -0700 +++ rancid-2.3.6/bin/rancid 2011-02-01 10:52:22.000000000 -0700 @@ -1503,6 +1503,10 @@ if (/^VTP Operating Mode\s+:\s+(Transparent|Server)/) { $DO_SHOW_VLAN = 1; } + # check for VTP pruning so VLAN port membership can be filtered later + if (/^VTP Pruning Mode\s+:\s+Enabled/) { + $DO_FILTER_VLAN_PORTS = 1; + } ProcessHistory("COMMENTS","keysort","I0","!VTP: $_"); } ProcessHistory("COMMENTS","keysort","I0","!\n"); @@ -1515,6 +1519,8 @@ ($_ = , return(1)) if (!$DO_SHOW_VLAN); + my($in_vlan_brief) = 0; + while () { tr/\015//d; last if (/^$prompt/); @@ -1529,6 +1535,22 @@ my($len) = length($1); s/^$1\s{$len}//; } + if ($DO_FILTER_VLAN_PORTS) { + # exclude port membership so VTP pruning won't cause oscillations + # toggle flag if we exit or enter the "show vlan brief" section + $in_vlan_brief = 0 if ($in_vlan_brief and not /^[-\d\s]/); + $in_vlan_brief = 1 if (/^VLAN\s+Name\s+Status/); + # if we are in the "show vlan brief" section remove port membership info + if ($in_vlan_brief) { + # skip the wrapped port membership lines + next unless (/^(VLAN|-{4}|\d+)/); + # keep the first part of the header + s/^(VLAN\sName\s+Status).*$/$1/; + s/^(-{4}\s-{6,}\s-{6,}).*$/$1/; + # keep the VLAN number, name, and status + s/^(\d+\s+\b.{32}\s\S*).*$/$1/; + } + } ProcessHistory("COMMENTS","keysort","IO","!VLAN: $_"); } -- Rhett Hooper Network Administrator Wheeler Machinery Co. From gmccullagh at gmail.com Wed Feb 2 10:25:01 2011 From: gmccullagh at gmail.com (Gavin McCullagh) Date: Wed, 2 Feb 2011 10:25:01 +0000 Subject: [rancid] rancid with Fortigate FG100A In-Reply-To: <20110201000415.GC2140@gmail.com> References: <20110130170234.GR13825@gmail.com> <201101311010.00032.diego.ercolani@ssis.sm> <20110201000415.GC2140@gmail.com> Message-ID: <20110202102500.GA9564@gmail.com> Hi, On Tue, 01 Feb 2011, Gavin McCullagh wrote: > I'm also seeing the two RSA Private Keys changing regularly which is very > odd. I'm not sure if that tells me something's odd about the firewall > rather than about Rancid, but I'm seeing this on two different FG100A > firewalls. I have a request in with Fortinet to understand why this is. In the meantime, I've written a small patch to strip the private key from the config rancid keeps. It works, though I'm not yet sure if ignoring this key is a sensible thing to do. If I get a decent answer from Fortinet I'll pass it on here. Gavin --- fnrancid.v1 2011-02-01 23:25:13.000000000 +0000 +++ fnrancid 2011-02-01 23:40:34.000000000 +0000 @@ -170,6 +170,7 @@ sub GetSystem { print STDERR " In GetSystem: $_" if ($debug); + my $priv_key; while () { tr/\015//d; next if /^\s*$/; @@ -203,6 +204,11 @@ tr/\015//d; next if /^\s*$/; last if (/$prompt/); + # spot the start of an RSA private key + $priv_key = 1 if(/^\s*set private-key "-----BEGIN RSA PRIVATE KEY-----/); + # spot the end of an RSA private key + $priv_key = 0 && next if(/^\s*-----END RSA PRIVATE KEY-----"/); + next if($priv_key == 1); # System time is fortigate extraction time next if (/^\s*!System time:/); From gmccullagh at gmail.com Wed Feb 2 10:35:38 2011 From: gmccullagh at gmail.com (Gavin McCullagh) Date: Wed, 2 Feb 2011 10:35:38 +0000 Subject: [rancid] support for D-Link switches, where to start? Message-ID: <20110202103538.GB9564@gmail.com> Hi, we have a lot of D-Link switches which we'd like to use Rancid to version the config of. It appears that D-Link is not supported at the moment, but I'm hoping I might be able to work on that a little. Before I waste a lot of time: 1. Is anyone already working on this or does anyone know of something which is close to D-Link which could be massaged to work? 2. If I were creating, let's say dlrancid and dllogin, is there a particular current script that I should use as a template? 3. Are there any docs on how best to go about this? Is there a procedure you guys would expect me to follow or is it just post clean, working code to the list? Thanks in advance, Gavin From imd at acens.com Wed Feb 2 14:33:43 2011 From: imd at acens.com (=?iso-8859-1?Q?I=F1aki_Mart=EDnez_D=EDez?=) Date: Wed, 2 Feb 2011 15:33:43 +0100 Subject: [rancid] rancid with Fortigate FG100A In-Reply-To: <20110201000415.GC2140@gmail.com> Message-ID: Hi, I have problems getting configs from fortigates: Version: Fortigate-5001FA2 3.00,build0670,080729 Version: Fortigate-1000AFA2 3.00,build0416,070821 The problem is not getting complete config and the last lines are like these: --More-- --More-- No errors in log. Rancid versi?n 2.3.6, also tested with earlier versions. Any help ? Thank you in advance. El 01/02/11 01:04, "Gavin McCullagh" escribi?: >Hi, > >On Mon, 31 Jan 2011, Diego Ercolani wrote: > >> I've already submitted patch to accomplish fortinet. Here it is the >>relevant >> post: >> http://www.shrubbery.net/pipermail/rancid-discuss/2009-June/004005.html >> >> if you see in the mailing list there are time to time modifications. > >I see, thanks very much. I've upgraded to v2.3.6 (I was using the debian >packages which are v2.3.2) and it seems to work. > >The only trouble I see so far is that we're getting repeated patches with >lines like: > - !System time: Mon Jan 31 22:11:05 2011 > + !System time: Mon Jan 31 23:11:09 2011 >and: > - #conf_file_ver=7138776372466847334 > + #conf_file_ver=2985214935052655642 > >So I'm experimenting with a patch: > >-------------------------------------------------------------------------- >------- > >--- /usr/local/rancid/bin/fnrancid.orig 2011-01-31 23:59:10.000000000 >+0000 >+++ /usr/local/rancid/bin/fnrancid 2011-01-31 23:59:54.000000000 +0000 >@@ -175,7 +175,7 @@ > next if /^\s*$/; > last if (/$prompt/); > >- next if (/^System Time:/); >+ next if (/^System Time:/i); > next if (/^\s*Virus-DB: .*/); > next if (/^\s*Extended DB: .*/); > next if (/^\s*IPS-DB: .*/); >@@ -207,7 +207,7 @@ > # System time is fortigate extraction time > next if (/^\s*!System time:/); > # remove occurrances of conf_file_ver >- next if (/^conf_file_ver=/); >+ next if (/^#?conf_file_ver=/); > # filter variabilities between configurations. password encryption > # upon each display of the configuration. > if (/^\s*(set [^\s]*)\s(Enc\s[^\s]+)(.*)/i && $filter_pwds > 0 ) { > >-------------------------------------------------------------------------- >------- > >I'm also seeing the two RSA Private Keys changing regularly which is very >odd. I'm not sure if that tells me something's odd about the firewall >rather than about Rancid, but I'm seeing this on two different FG100A >firewalls. > >Gavin > >________________________________________ I?aki Mart?nez D?ez Departamento de redes acens Technologies S.L. imd at acens.com Tel?fono: 637 772 156 Fax: 911 418 501 Este mensaje puede contener informaci?n confidencial dirigida exclusivamente a su destinatario. No se permite su copia o distribuci?n sin la autorizaci?n expresa y por anticipado de acens. Si recibi? este mensaje por error, por favor, comun?quelo al emisor y elim?nelo de su ordenador. Gracias. This message may contain confidential information exclusively addressed to its intended recipient. The copy or distribution of this message is not permitted without the prior express consent by acens. If you are not the intended recipient of this message please advise the sender and delete it. Thank you. _______________________________________________ >Rancid-discuss mailing list >Rancid-discuss at shrubbery.net >http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From gmccullagh at gmail.com Wed Feb 2 15:18:10 2011 From: gmccullagh at gmail.com (Gavin McCullagh) Date: Wed, 2 Feb 2011 15:18:10 +0000 Subject: [rancid] rancid with Fortigate FG100A In-Reply-To: References: <20110201000415.GC2140@gmail.com> Message-ID: <20110202151810.GE9564@gmail.com> Hi, On Wed, 02 Feb 2011, I?aki Mart?nez D?ez wrote: > I have problems getting configs from fortigates: > > Version: Fortigate-5001FA2 3.00,build0670,080729 > > Version: Fortigate-1000AFA2 3.00,build0416,070821 > > The problem is not getting complete config and the last lines are like > these: > > --More-- > --More-- The console is in "more" (pager) mode. You need to change it to standard mode: gcd-fw # config system console gcd-fw (console) # set output standard gcd-fw (console) # end gcd-fw # show system console config system console set output standard end If you want it in "more" mode for your own usage, you might need to get the rancid script to set it to standard, then take its config, then set it back again. A decent console app would probably achieve the same thing though. Gavin From wpereira at pop-sp.rnp.br Wed Feb 2 19:33:45 2011 From: wpereira at pop-sp.rnp.br (Wagner Pereira) Date: Wed, 02 Feb 2011 17:33:45 -0200 Subject: [rancid] cvs status: conflict Message-ID: <4D49B199.5070802@pop-sp.rnp.br> Hi, folks. I excluded, accidentally, one file named 10.0.0.4,v in the /home/rancid/var/rancid/CVS/group/configs directory. I already ran the cvs update command, but the file was not recreated. I thank John Heasley very much for all his valuable help. That's the log's complete output: --------------- starting: Qua Fev 2 17:19:24 BRST 2011 cvs status: conflict: `10.0.0.4' is modified but no longer in the repository Trying to get all of the configs. All routers sucessfully completed. cvs diff: Diffing . cvs diff: Diffing configs cvs diff: cannot find revision control file for configs/10.0.0.4 cvs commit: Examining . cvs commit: Examining configs cvs commit: file `configs/10.0.0.4' had a conflict and has not been modified cvs [commit aborted]: correct above errors first! --------------- Att, -- Wagner Pereira PoP-SP/RNP - Ponto de Presen?a da RNP em S?o Paulo CCE/USP - Centro de Computa??o Eletr?nica da Universidade de S?o Paulo http://www.pop-sp.rnp.br Tel. +55 11 3091-8901 fone at RNP: 10158902 From wpereira at pop-sp.rnp.br Wed Feb 2 20:13:28 2011 From: wpereira at pop-sp.rnp.br (Wagner Pereira) Date: Wed, 02 Feb 2011 18:13:28 -0200 Subject: [rancid] cvs status: conflict In-Reply-To: <20110202200205.GA9522@shrubbery.net> References: <4D49B199.5070802@pop-sp.rnp.br> <20110202200205.GA9522@shrubbery.net> Message-ID: <4D49BAE8.60401@pop-sp.rnp.br> "Excluded" means that I rm'ed the file, manually! Shame! Everything is OK now. I removed the line from router.db, ran the Rancid, inserted it back and re-ran the Rancid. Thanks again. Att, -- Wagner Pereira PoP-SP/RNP - Ponto de Presen?a da RNP em S?o Paulo CCE/USP - Centro de Computa??o Eletr?nica da Universidade de S?o Paulo http://www.pop-sp.rnp.br Tel. +55 11 3091-8901 fone at RNP: 10158902 Em 2/2/2011 18:02, john heasley escreveu: > Wed, Feb 02, 2011 at 05:33:45PM -0200, Wagner Pereira: >> Hi, folks. >> >> I excluded, accidentally, one file named 10.0.0.4,v in the >> /home/rancid/var/rancid/CVS/group/configs directory. > what do you mean 'excluded'? did you move the repository? > > to fix, > rm configs/10.0.0.4 > touch configs/10.0.0.4 > cvs add configs/10.0.0.4 > cvs commit -m '' configs/10.0.0.4 > > or remove it from router.db, run rancid, add it back. > >> I already ran the cvs update command, but the file was not recreated. >> >> I thank John Heasley very much for all his valuable help. > >> That's the log's complete output: >> >> --------------- >> starting: Qua Fev 2 17:19:24 BRST 2011 >> >> cvs status: conflict: `10.0.0.4' is modified but no longer in the repository >> >> Trying to get all of the configs. >> All routers sucessfully completed. >> >> cvs diff: Diffing . >> cvs diff: Diffing configs >> cvs diff: cannot find revision control file for configs/10.0.0.4 >> cvs commit: Examining . >> cvs commit: Examining configs >> cvs commit: file `configs/10.0.0.4' had a conflict and has not been modified >> cvs [commit aborted]: correct above errors first! >> --------------- >> >> Att, >> >> >> -- >> >> Wagner Pereira >> >> PoP-SP/RNP - Ponto de Presen?a da RNP em S?o Paulo >> CCE/USP - Centro de Computa??o Eletr?nica da Universidade de S?o Paulo >> http://www.pop-sp.rnp.br >> Tel. +55 11 3091-8901 >> fone at RNP: 10158902 >> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From heas at shrubbery.net Wed Feb 2 20:25:14 2011 From: heas at shrubbery.net (john heasley) Date: Wed, 2 Feb 2011 20:25:14 +0000 Subject: [rancid] rancid with Fortigate FG100A In-Reply-To: <20110202151810.GE9564@gmail.com> References: <20110201000415.GC2140@gmail.com> <20110202151810.GE9564@gmail.com> Message-ID: <20110202202514.GC9522@shrubbery.net> Wed, Feb 02, 2011 at 03:18:10PM +0000, Gavin McCullagh: > Hi, > > On Wed, 02 Feb 2011, I?aki Mart?nez D?ez wrote: > > > I have problems getting configs from fortigates: > > > > Version: Fortigate-5001FA2 3.00,build0670,080729 > > > > Version: Fortigate-1000AFA2 3.00,build0416,070821 > > > > The problem is not getting complete config and the last lines are like > > these: > > > > --More-- > > --More-- > > The console is in "more" (pager) mode. You need to change it to standard > mode: > > > gcd-fw # config system console > > gcd-fw (console) # set output standard > > gcd-fw (console) # end > > gcd-fw # show system console > config system console > set output standard > end > > > If you want it in "more" mode for your own usage, you might need to get the > rancid script to set it to standard, then take its config, then set it back > again. A decent console app would probably achieve the same thing though. assuming that the pager can not be disabled per-tty, which i presume is what the magic chant 'set output standard' does; teach fnlogin about the pager. but, fnlogin already has a case for the pager. So, why is that not working? I'll bet its failing because there are control characters among the pager prompt. set NOPIPE=YES and collect from the device with fnrancid -d hostname then look for the pager prompt in the hostname.raw file in your editor. or look at the debug output of fnlogin -d hostname to see why the match is failing. From dr at cluenet.de Wed Feb 2 20:55:28 2011 From: dr at cluenet.de (Daniel Roesen) Date: Wed, 2 Feb 2011 21:55:28 +0100 Subject: [rancid] [patch] Filter oscillating VLAN port membership when VTP Pruning In-Reply-To: References: Message-ID: <20110202205528.GA29040@srv03.cluenet.de> On Tue, Feb 01, 2011 at 02:08:39PM -0700, Rhett Hooper wrote: > I really wish the output from "show vlan brief" was truly brief. > I couldn't find a way to get IOS to just show a list of the VLAN > numbers with their names, so I made the following patch to rancid. > It filters the VLAN port membership from the output of "show vlan" > when it finds that VTP Pruning is enabled. Actually, is there a good reason not to filter it unconditionally? I mean, it's (potentially) dynamic operational state, not configuration. Suggest to filter unconditionally. Best regards, Daniel -- CLUE-RIPE -- Jabber: dr at cluenet.de -- dr at IRCnet -- PGP: 0xA85C8AA0 From gmccullagh at gmail.com Wed Feb 2 22:04:34 2011 From: gmccullagh at gmail.com (Gavin McCullagh) Date: Wed, 2 Feb 2011 22:04:34 +0000 Subject: [rancid] rancid with Fortigate FG100A In-Reply-To: <20110202202514.GC9522@shrubbery.net> References: <20110201000415.GC2140@gmail.com> <20110202151810.GE9564@gmail.com> <20110202202514.GC9522@shrubbery.net> Message-ID: <20110202220434.GJ9564@gmail.com> Hi John, On Wed, 02 Feb 2011, john heasley wrote: > > The console is in "more" (pager) mode. You need to change it to standard > > mode: > > > > gcd-fw # config system console > > gcd-fw (console) # set output standard > > gcd-fw (console) # end > assuming that the pager can not be disabled per-tty, which i presume is > what the magic chant 'set output standard' does; teach fnlogin about the > pager. but, fnlogin already has a case for the pager. So, why is that > not working? > I'll bet its failing because there are control characters among the pager > prompt. set NOPIPE=YES and collect from the device with fnrancid -d hostname > then look for the pager prompt in the hostname.raw file in your editor. or > look at the debug output of fnlogin -d hostname to see why the match is > failing. You make a compelling point. My guess is the "(console)" in the prompt too. I came across the same problem and just disabled the pager manually myself, I hadn't noticed that the expect script explicitly did this. I'll try and get time to test and see is the prompt the issue. Gavin From rhooper at wheelercat.com Wed Feb 2 23:04:06 2011 From: rhooper at wheelercat.com (Rhett Hooper) Date: Wed, 2 Feb 2011 16:04:06 -0700 Subject: [rancid] [patch] Filter oscillating VLAN port membership when VTP Pruning In-Reply-To: <20110202205528.GA29040@srv03.cluenet.de> References: <20110202205528.GA29040@srv03.cluenet.de> Message-ID: <4D49E2E6.8090004@wheelercat.com> On 2/2/2011 1:55 PM, Daniel Roesen wrote: > On Tue, Feb 01, 2011 at 02:08:39PM -0700, Rhett Hooper wrote: >> I really wish the output from "show vlan brief" was truly brief. >> I couldn't find a way to get IOS to just show a list of the VLAN >> numbers with their names, so I made the following patch to rancid. >> It filters the VLAN port membership from the output of "show vlan" >> when it finds that VTP Pruning is enabled. > > Actually, is there a good reason not to filter it unconditionally? > I mean, it's (potentially) dynamic operational state, not > configuration. None that I know of. I think it is useful information to get a list of VLAN numbers with their names, but an actual change in the configuration shows up as a "switchport access vlan" statement in the output from "show running-config". > Suggest to filter unconditionally. Which is what I now do in our environment since VLAN port membership "dynamic operational state" can change for reasons other than VTP pruning. We use 802.1X authentication to dynamically assign a VLAN, too. We have a mix of Cisco 6509, 3750, 3560, 3550, and 2960 switches running a fairly uniform set of IOS versions. I didn't think that was a wide enough sample to say that the regular expressions that filter the ports from the "show vlan" output will work for everyone. -- Rhett Hooper Network Administrator Wheeler Machinery Co. From chris at siliconhotrod.com Thu Feb 3 00:06:56 2011 From: chris at siliconhotrod.com (Chris Moody) Date: Wed, 02 Feb 2011 16:06:56 -0800 Subject: [rancid] Need some Help - F5's in RANCID In-Reply-To: <20110131213336.GJ19923@shrubbery.net> References: <4D471B89.5020800@siliconhotrod.com> <5DC4853C6CC3EE4788779E0726E034DD6C405D@zy-ex1.zyedge.local> <20110131212021.GG19923@shrubbery.net> <5DC4853C6CC3EE4788779E0726E034DD6C413E@zy-ex1.zyedge.local> <20110131213336.GJ19923@shrubbery.net> Message-ID: <4D49F1A0.7030905@siliconhotrod.com> ok - so followed John's suggestion to set the NOPIPE variable - so I'm now generating .raw files. I've checked several of them and only see each and every command completing perfectly. They're still marked as 'unreachable' however. Any other ideas to try? Do I need to push an ssh key so it automatically logs in without a password or something? I'm seriously stumped as to why it's worked a few times but then stops working. -Chris On 1/31/11 1:33 PM, john heasley wrote: > Mon, Jan 31, 2011 at 09:22:42PM +0000, Ryan West: >>>> You're doing anything wrong. You'll probably find that you can 'rancid-run -r' and have it backup properly. I would recommend getting a good backup of the keys once and then comment out the lines in the command table. >>> why? what is special about the keys? >>> >> Wish I knew, they execute fine from command line (on F5) and even from a single rancid-run. And as Chris mentioned, it worked for a while and then stopped. A few other users I have spoken to about the problem have removed those lines and not bothered with it anymore. > i'm not doing perl/unix lessosn, but you seem clueful enough to try this > on your own. change NOPIPE to YES, then just before the rancid script > removes the .raw file, copy it somewhere for safe keeping. this problem > is most likely related to cron, and the .raw file may have the clues needed > to fix this. > >> Chris, >> >> How many devices are you backing up at a time? Mine is set to PAR_COUNT=12; (rancid.conf) > thats shouldnt matter. they all run as separate instances. > >>>> ===================================== >>>> Getting missed routers: round 4. >>>> xxxx.yyyy.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.crt,ls --full-time --color=never /config/ssl/ssl.key >>>> zzzz.yyyy.com: missed cmd(s): ls --full-time --color=never /config/ssl/ssl.crt,ls --full-time --color=never /config/ssl/ssl.key >>>> From joseph.e.mcdonagh at gmail.com Thu Feb 3 16:41:02 2011 From: joseph.e.mcdonagh at gmail.com (Joe McDonagh) Date: Thu, 03 Feb 2011 11:41:02 -0500 Subject: [rancid] Interesting problem, HP procurve 2800s work fine, 2500s config won't download In-Reply-To: <4D42FF3D.1040400@gmail.com> References: <4D42FF3D.1040400@gmail.com> Message-ID: <4D4ADA9E.3060308@gmail.com> I followed the debug instructions and found that 'write term' is where rancid is having a problem. I ran "hlogin -t 90 -c"show version;show flash;show system-information;show module;show stack;write term" 10.5.30.3" And this is what happens: ... x699-2520-24-PoE-01# show system-information Invalid input: system-information x699-2520-24-PoE-01# show module Invalid input: module x699-2520-24-PoE-01# show stack Stacking - Stacking Status (This Switch) Stack State : Candidate Transmission Interval : 60 Auto Join : No x699-2520-24-PoE-01# write term ... It just hangs there. On 01/28/2011 12:39 PM, Joe McDonagh wrote: > hlogin works fine to both these sets of routers, however the config for > 2500s never gets downloaded and I get this trace back: > > Getting missed routers: round 4. > write(spawn_id=1): broken pipe > while executing > "send_user -- "$expect_out(buffer)"" > invoked from within > "expect -nobrace -re {^[^ > *]*x699-25250G-24-PoE-01#} { send_user -- "$expect_out(buffer)" > } -re {^[^ > ]*x699-25250G-24-PoE-01#.} { send_user --..." > invoked from within > "expect { > -re "^\[^\n\r *]*$reprompt" { send_user -- "$expect_out(buffer)" > } > -re "^\[^\n\r]*$reprompt." { send_user -- "$expect_out(buffer)" > ..." > invoked from within > "if [ string match "*\;*" "$command" ] { > set commands [split $command \;] > set num_commands [llength $commands] > # the pager can not be turned off on ..." > (procedure "run_commands" line 15) > invoked from within > "run_commands $prompt $command" > ("foreach" body line 139) > invoked from within > "foreach router [lrange $argv $i end] { > set router [string tolower $router] > send_user "$router\n" > > # Figure out prompt. > # Since autoena..." > (file "/usr/lib/rancid/bin/hlogin" line 583) > 10.5.30.4: missed cmd(s): show stack,show module,write term > 10.5.30.4: End of run not found > ; > -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode L'ennui est contre-r?volutionnaire From joseph.e.mcdonagh at gmail.com Thu Feb 3 18:04:30 2011 From: joseph.e.mcdonagh at gmail.com (Joe McDonagh) Date: Thu, 03 Feb 2011 13:04:30 -0500 Subject: [rancid] Interesting problem, HP procurve 2800s work fine, 2500s config won't download In-Reply-To: <20110203170755.GE16787@shrubbery.net> References: <4D42FF3D.1040400@gmail.com> <4D4ADA9E.3060308@gmail.com> <20110203170755.GE16787@shrubbery.net> Message-ID: <4D4AEE2E.50005@gmail.com> On 02/03/2011 12:07 PM, john heasley wrote: > Thu, Feb 03, 2011 at 11:41:02AM -0500, Joe McDonagh: >> I followed the debug instructions and found that 'write term' is >> where rancid is having a problem. I ran >> >> "hlogin -t 90 -c"show version;show flash;show >> system-information;show module;show stack;write term" 10.5.30.3" >> >> And this is what happens: >> >> ... >> x699-2520-24-PoE-01# show system-information >> Invalid input: system-information >> x699-2520-24-PoE-01# show module >> Invalid input: module >> x699-2520-24-PoE-01# show stack >> >> Stacking - Stacking Status (This Switch) >> Stack State : Candidate >> Transmission Interval : 60 >> Auto Join : No >> >> x699-2520-24-PoE-01# write term >> ... >> >> It just hangs there. > > where exactly is "there"? does it output some of the config, then hang? > what does it out with the -d option added? By 'there' I mean at write term. Nothing outputs after write term. Here is the output of -d: $ ./bin/hrancid -d 10.5.30.3 executing hlogin -t 90 -c"show version;show flash;show system-information;show module;show stack;write term" 10.5.30.3 PROMPT MATCH: x699-2520-24-PoE-01[#>] HIT COMMAND:x699-2520-24-PoE-01# show version In ShowVersion: x699-2520-24-PoE-01# show version HIT COMMAND:x699-2520-24-PoE-01# show flash In ShowFlash: x699-2520-24-PoE-01# show flash HIT COMMAND:x699-2520-24-PoE-01# show system-information In ShowSystem: x699-2520-24-PoE-01# show system-information write(spawn_id=1): broken pipe while executing "send_user -- "$expect_out(buffer)"" invoked from within "expect -nobrace -re {^[^ *]*x699-2520-24-PoE-01#} { send_user -- "$expect_out(buffer)" } -re {^[^ ]*x699-2520-24-PoE-01#.} { send_user -- "$e..." invoked from within "expect { -re "^\[^\n\r *]*$reprompt" { send_user -- "$expect_out(buffer)" } -re "^\[^\n\r]*$reprompt." { send_user -- "$expect_out(buffer)" ..." invoked from within "if [ string match "*\;*" "$command" ] { set commands [split $command \;] set num_commands [llength $commands] # the pager can not be turned off on ..." (procedure "run_commands" line 15) invoked from within "run_commands $prompt $command" ("foreach" body line 139) invoked from within "foreach router [lrange $argv $i end] { set router [string tolower $router] send_user "$router\n" # Figure out prompt. # Since autoena..." (file "/var/lib/rancid/bin/hlogin" line 583) 10.5.30.3: missed cmd(s): show stack,show module,write term 10.5.30.3: missed cmd(s): show stack,show module,write term 10.5.30.3: End of run not found 10.5.30.3: End of run not found ; -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode L'ennui est contre-r?volutionnaire From wpereira at pop-sp.rnp.br Thu Feb 3 18:42:45 2011 From: wpereira at pop-sp.rnp.br (Wagner Pereira) Date: Thu, 03 Feb 2011 16:42:45 -0200 Subject: [rancid] Using of Rancid to backup Linux' files Message-ID: <4D4AF725.4050200@pop-sp.rnp.br> Hi, everybody. Was Rancid made to backup Linux' files? Are there some script to do that? Att, -- Wagner Pereira PoP-SP/RNP - Ponto de Presen?a da RNP em S?o Paulo CCE/USP - Centro de Computa??o Eletr?nica da Universidade de S?o Paulo http://www.pop-sp.rnp.br Tel. +55 11 3091-8901 fone at RNP: 10158902 From wpereira at pop-sp.rnp.br Thu Feb 3 19:28:36 2011 From: wpereira at pop-sp.rnp.br (Wagner Pereira) Date: Thu, 03 Feb 2011 17:28:36 -0200 Subject: [rancid] Using of Rancid to backup Linux' files In-Reply-To: References: <4D4AF725.4050200@pop-sp.rnp.br> Message-ID: <4D4B01E4.6010500@pop-sp.rnp.br> Hey, Adam. I intend to backup some specific files, such as some .conf files (Request Tracker, Cacti, Nagios, FreeRADIUS, the Rancid thenselves) etc Att, -- Wagner Pereira PoP-SP/RNP - Ponto de Presen?a da RNP em S?o Paulo CCE/USP - Centro de Computa??o Eletr?nica da Universidade de S?o Paulo http://www.pop-sp.rnp.br Tel. +55 11 3091-8901 fone at RNP: 10158902 Em 3/2/2011 17:07, Adam Korab escreveu: > 2011/2/3 Wagner Pereira: >> Hi, everybody. >> >> Was Rancid made to backup Linux' files? Are there some script to do that? > Were you interested in revisions/diffs of any particular subset of > specific files, or are you talking about general backup of a Linux > host? > > --Adam From adam.korab at gmail.com Thu Feb 3 19:07:18 2011 From: adam.korab at gmail.com (Adam Korab) Date: Thu, 3 Feb 2011 13:07:18 -0600 Subject: [rancid] Using of Rancid to backup Linux' files In-Reply-To: <4D4AF725.4050200@pop-sp.rnp.br> References: <4D4AF725.4050200@pop-sp.rnp.br> Message-ID: 2011/2/3 Wagner Pereira : > Hi, everybody. > > Was Rancid made to backup Linux' files? Are there some script to do that? Were you interested in revisions/diffs of any particular subset of specific files, or are you talking about general backup of a Linux host? --Adam From adam.korab at gmail.com Thu Feb 3 19:50:24 2011 From: adam.korab at gmail.com (Adam Korab) Date: Thu, 3 Feb 2011 13:50:24 -0600 Subject: [rancid] Using of Rancid to backup Linux' files In-Reply-To: <4D4B01E4.6010500@pop-sp.rnp.br> References: <4D4AF725.4050200@pop-sp.rnp.br> <4D4B01E4.6010500@pop-sp.rnp.br> Message-ID: 2011/2/3 Wagner Pereira : > Hey, Adam. > > I intend to backup some specific files, such as some .conf files (Request > Tracker, Cacti, Nagios, FreeRADIUS, the Rancid thenselves) etc Do you mean to just back them up periodically, or do you actually want hourly diffs like rancid does for devices? If the former, I suggest rsync from cron. If the latter, it's entirely possible to modify one of the clogin variants for a Linux host and then ssh to the host and scrape out the desired file, shove it into cvs/svn, diff it, mail the diffs, etc. I have no idea if anybody has done so yet, though. --Adam From rwest at zyedge.com Thu Feb 3 19:53:43 2011 From: rwest at zyedge.com (Ryan West) Date: Thu, 3 Feb 2011 19:53:43 +0000 Subject: [rancid] Using of Rancid to backup Linux' files In-Reply-To: References: <4D4AF725.4050200@pop-sp.rnp.br> <4D4B01E4.6010500@pop-sp.rnp.br> Message-ID: <5DC4853C6CC3EE4788779E0726E034DD6CB256@zy-ex1.zyedge.local> http://www.shrubbery.net/pipermail/rancid-discuss/2010-October/005315.html -ryan -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Adam Korab Sent: Thursday, February 03, 2011 2:50 PM To: Wagner Pereira Cc: Rancid Mailing List Subject: Re: [rancid] Using of Rancid to backup Linux' files 2011/2/3 Wagner Pereira : > Hey, Adam. > > I intend to backup some specific files, such as some .conf files > (Request Tracker, Cacti, Nagios, FreeRADIUS, the Rancid thenselves) > etc Do you mean to just back them up periodically, or do you actually want hourly diffs like rancid does for devices? If the former, I suggest rsync from cron. If the latter, it's entirely possible to modify one of the clogin variants for a Linux host and then ssh to the host and scrape out the desired file, shove it into cvs/svn, diff it, mail the diffs, etc. I have no idea if anybody has done so yet, though. --Adam _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From wpereira at pop-sp.rnp.br Thu Feb 3 20:09:08 2011 From: wpereira at pop-sp.rnp.br (Wagner Pereira) Date: Thu, 03 Feb 2011 18:09:08 -0200 Subject: [rancid] Using of Rancid to backup Linux' files [SOLVED] In-Reply-To: References: <4D4AF725.4050200@pop-sp.rnp.br> <4D4B01E4.6010500@pop-sp.rnp.br> Message-ID: <4D4B0B64.5090506@pop-sp.rnp.br> Adam, I meant the former. So I am gonna follow your suggestion and test rsync from cron. Att, -- Wagner Pereira PoP-SP/RNP - Ponto de Presen?a da RNP em S?o Paulo CCE/USP - Centro de Computa??o Eletr?nica da Universidade de S?o Paulo http://www.pop-sp.rnp.br Tel. +55 11 3091-8901 fone at RNP: 10158902 Em 3/2/2011 17:50, Adam Korab escreveu: > 2011/2/3 Wagner Pereira: >> Hey, Adam. >> >> I intend to backup some specific files, such as some .conf files (Request >> Tracker, Cacti, Nagios, FreeRADIUS, the Rancid thenselves) etc > Do you mean to just back them up periodically, or do you actually want > hourly diffs like rancid does for devices? > > If the former, I suggest rsync from cron. > > If the latter, it's entirely possible to modify one of the clogin > variants for a Linux host and then ssh to the host and scrape out the > desired file, shove it into cvs/svn, diff it, mail the diffs, etc. I > have no idea if anybody has done so yet, though. > > --Adam From john at johnsmail.net Thu Feb 3 22:09:12 2011 From: john at johnsmail.net (John Biederstedt) Date: Thu, 03 Feb 2011 16:09:12 -0600 Subject: [rancid] nslogin for newer Netscaler boxes Message-ID: <1296770952.7886.1418840865@webmail.messagingengine.com> Running rancid 2.3.6. nslogin can login to Netscalers running version 9 or newer, but can't send commands. It looks like it may be the prompt, which is initially set to "#", but the prompt in netscalers nowadays is ">". Also in the expect statement, the regular expression looks like it needs at least one space in from of the prompt. I think with a few changes both situations can be handled. How can I submit changes/suggestions? Any info would be great, John -- "We are all geniuses when we dream" - E.M. Cioran -------------- next part -------------- An HTML attachment was scrubbed... URL: From cdelome at lus.org Thu Feb 3 23:48:25 2011 From: cdelome at lus.org (Chance Delome) Date: Thu, 3 Feb 2011 17:48:25 -0600 Subject: [rancid] Alcatel Omniswitch and Rancid In-Reply-To: <2C2EB65E9541674190062A288A739F0001407D180B@DUFA.siminn.is> References: <2C2EB65E9541674190062A288A739F0001407D180B@DUFA.siminn.is> Message-ID: <4CA0624E05306542BC0A621B23C5E9AF0CC09940@LUS-EXCHANGE-01.UTILITIES.PRI> I'm also having problems with 7750s and Rancid. >From what I can debug, it's not recognizing the "logout" entry. Any suggestions? Chance Delome Chief Communication Systems Operator Lafayette Utilities System / LUS Fiber 234 Distribution Drive Lafayette, LA 70507 Chance at lus.org Office: 337-291-5851 Cell: 337-319-8472 From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Dav?? ?rn J?hannsson Sent: Wednesday, February 24, 2010 4:54 AM To: rancid-discuss at shrubbery.net Subject: [rancid] Re: Alcatel Omniswitch and Rancid Hi Alex, Doing some googling gave you away, I saw that you had modified rancid and clogin to being able to support Alcatel routers in Rancid, did you publish your modification anywhere where I could take a look at them? I'm trying to be able to use Rancid for Alcatel SR7750 and any help would be apreciated. Kve?ja, Dav?? ?rn J?hannsson S?rfr??ingur Stj?rnkerfi S?mi +354 897 7463 Fax +354 S?minn - ?rm?li 25 - 108 Reykjav?k - Iceland - siminn.is ?byrg? ??n var?andi t?lvup?st. -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image002.jpg Type: image/jpeg Size: 2697 bytes Desc: image002.jpg URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image003.jpg Type: image/jpeg Size: 22658 bytes Desc: image003.jpg URL: From nick at buraglio.com Fri Feb 4 01:58:40 2011 From: nick at buraglio.com (Nick Buraglio) Date: Thu, 3 Feb 2011 19:58:40 -0600 Subject: [rancid] Alcatel Omniswitch and Rancid In-Reply-To: <4CA0624E05306542BC0A621B23C5E9AF0CC09940@LUS-EXCHANGE-01.UTILITIES.PRI> References: <2C2EB65E9541674190062A288A739F0001407D180B@DUFA.siminn.is> <4CA0624E05306542BC0A621B23C5E9AF0CC09940@LUS-EXCHANGE-01.UTILITIES.PRI> Message-ID: <-8991374591620832589@unknownmsgid> I had this working on the alu boxes we used at SC10 but i do have to admit that the logout was what i had the most trouble with. I no longer have access to any alu boxes to help troubleshoot but I'll chime in if i can help since i wrote the initial port. What is the error you're seeing? nb On Feb 3, 2011, at 5:50 PM, "Chance Delome" wrote: I?m also having problems with 7750s and Rancid. >From what I can debug, it?s not recognizing the ?logout? entry. Any suggestions? Chance Delome Chief Communication Systems Operator Lafayette Utilities System / LUS Fiber 234 Distribution Drive Lafayette, LA 70507 Chance at lus.org Office: 337-291-5851 Cell: 337-319-8472 *From:* rancid-discuss-bounces at shrubbery.net [mailto: rancid-discuss-bounces at shrubbery.net] *On Behalf Of *Dav?? ?rn J?hannsson *Sent:* Wednesday, February 24, 2010 4:54 AM *To:* rancid-discuss at shrubbery.net *Subject:* [rancid] Re: Alcatel Omniswitch and Rancid Hi Alex, Doing some googling gave you away, I saw that you had modified rancid and clogin to being able to support Alcatel routers in Rancid, did you publish your modification anywhere where I could take a look at them? I?m trying to be able to use Rancid for Alcatel SR7750 and any help would be apreciated. Kve?ja, *Dav?? ?rn J?hannsson* S?rfr??ingur Stj?rnkerfi S?mi +354 897 7463 Fax +354 S?minn - ?rm?li 25 - 108 Reykjav?k - Iceland - siminn.is ?byrg? ??n var?andi t?lvup?st. _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From gmccullagh at gmail.com Fri Feb 4 11:33:45 2011 From: gmccullagh at gmail.com (Gavin McCullagh) Date: Fri, 4 Feb 2011 11:33:45 +0000 Subject: [rancid] ! character added to start of GetSystem lines Message-ID: <20110204113345.GB30795@gmail.com> Hi, using fnrancid (for fortinet), I've noticed that the scripts prefix lines from the GetSystem command with a !. Is this a rancid-specific notation or is this an effort to make these lines into comments, so the whole file could be loaded up on a Fortinet unit? As far as I can see # is the comment character on Fortinet. Gavin From imd at acens.com Fri Feb 4 11:41:39 2011 From: imd at acens.com (=?iso-8859-1?Q?I=F1aki_Mart=EDnez_D=EDez?=) Date: Fri, 4 Feb 2011 12:41:39 +0100 Subject: [rancid] rancid with Fortigate FG100A In-Reply-To: <20110202202514.GC9522@shrubbery.net> Message-ID: Hello, Debug mode done, I got this: set authgrp none --More-- set avgrp none set fwgrp none Last lines: next --More-- edit "operator" --More-- NOTE: after "--" there are spaces not tab, checked with 2 editors. I think the problem is this line in fnlogin: 460 -gl "--More--" { send " " El 02/02/11 21:25, "john heasley" escribi?: >Wed, Feb 02, 2011 at 03:18:10PM +0000, Gavin McCullagh: >> Hi, >> >> On Wed, 02 Feb 2011, I?aki Mart?nez D?ez wrote: >> >> > I have problems getting configs from fortigates: >> > >> > Version: Fortigate-5001FA2 3.00,build0670,080729 >> > >> > Version: Fortigate-1000AFA2 3.00,build0416,070821 >> > >> > The problem is not getting complete config and the last lines are >>like >> > these: >> > >> > --More-- >> > --More-- >> >> The console is in "more" (pager) mode. You need to change it to >>standard >> mode: >> >> >> gcd-fw # config system console >> >> gcd-fw (console) # set output standard >> >> gcd-fw (console) # end >> >> gcd-fw # show system console >> config system console >> set output standard >> end >> >> >> If you want it in "more" mode for your own usage, you might need to get >>the >> rancid script to set it to standard, then take its config, then set it >>back >> again. A decent console app would probably achieve the same thing >>though. > >assuming that the pager can not be disabled per-tty, which i presume is >what the magic chant 'set output standard' does; teach fnlogin about the >pager. but, fnlogin already has a case for the pager. So, why is that >not working? > >I'll bet its failing because there are control characters among the pager >prompt. set NOPIPE=YES and collect from the device with fnrancid -d >hostname >then look for the pager prompt in the hostname.raw file in your editor. >or >look at the debug output of fnlogin -d hostname to see why the match is >failing. >________________________________________ I?aki Mart?nez D?ez Departamento de redes acens Technologies S.L. imd at acens.com Tel?fono: 637 772 156 Fax: 911 418 501 Este mensaje puede contener informaci?n confidencial dirigida exclusivamente a su destinatario. No se permite su copia o distribuci?n sin la autorizaci?n expresa y por anticipado de acens. Si recibi? este mensaje por error, por favor, comun?quelo al emisor y elim?nelo de su ordenador. Gracias. This message may contain confidential information exclusively addressed to its intended recipient. The copy or distribution of this message is not permitted without the prior express consent by acens. If you are not the intended recipient of this message please advise the sender and delete it. Thank you. _______________________________________________ >Rancid-discuss mailing list >Rancid-discuss at shrubbery.net >http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From imd at acens.com Fri Feb 4 11:47:07 2011 From: imd at acens.com (=?iso-8859-1?Q?I=F1aki_Mart=EDnez_D=EDez?=) Date: Fri, 4 Feb 2011 12:47:07 +0100 Subject: [rancid] ! character added to start of GetSystem lines In-Reply-To: <20110204113345.GB30795@gmail.com> Message-ID: Hello, You are right, ! Is for comments in Cisco, so in fortigate should change these lines in fnracid: 183 ProcessHistory("","","","!$_"); 214 ProcessHistory("ENC","","","!$1 ENC $3\n"); 289 ProcessHistory("","","","!RANCID-CONTENT-TYPE: fortigate\n\n"); To 183 ProcessHistory("","","","#$_"); 214 ProcessHistory("ENC","","","#$1 ENC $3\n"); 289 ProcessHistory("","","","!RANCID-CONTENT-TYPE: fortigate\n\n"); El 04/02/11 12:33, "Gavin McCullagh" escribi?: >Hi, > >using fnrancid (for fortinet), I've noticed that the scripts prefix lines >from the GetSystem command with a !. > >Is this a rancid-specific notation or is this an effort to make these >lines >into comments, so the whole file could be loaded up on a Fortinet unit? >As >far as I can see # is the comment character on Fortinet. > >Gavin > >________________________________________ I?aki Mart?nez D?ez Departamento de redes acens Technologies S.L. imd at acens.com Tel?fono: 637 772 156 Fax: 911 418 501 Este mensaje puede contener informaci?n confidencial dirigida exclusivamente a su destinatario. No se permite su copia o distribuci?n sin la autorizaci?n expresa y por anticipado de acens. Si recibi? este mensaje por error, por favor, comun?quelo al emisor y elim?nelo de su ordenador. Gracias. This message may contain confidential information exclusively addressed to its intended recipient. The copy or distribution of this message is not permitted without the prior express consent by acens. If you are not the intended recipient of this message please advise the sender and delete it. Thank you. _______________________________________________ >Rancid-discuss mailing list >Rancid-discuss at shrubbery.net >http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From john at johnsmail.net Fri Feb 4 15:24:33 2011 From: john at johnsmail.net (John Biederstedt) Date: Fri, 04 Feb 2011 09:24:33 -0600 Subject: [rancid] Netscaler 9.x support Message-ID: <1296833073.27354.1418959591@webmail.messagingengine.com> I've tried getting rancid to work with Netscaler boxes running 9.x, and while it can connect to them, it can't send commands (or I should say that it seems to send the commands, but in interactive move, nothing happens). When run from crontab I see: starting: Fri Feb 4 09:20:01 CST 2011 Trying to get all of the configs. ns-pair2-2 nslogin error: Error: TIMEOUT reached ns-pair2-2: missed cmd(s): show ns ns.conf ns-pair2-2: End of run not found ! ===================================== Has anyone been able to get rancid to work with netscaler running 9.x? -- "We are all geniuses when we dream" - E.M. Cioran -------------- next part -------------- An HTML attachment was scrubbed... URL: From cdelome at lus.org Fri Feb 4 17:44:47 2011 From: cdelome at lus.org (Chance Delome) Date: Fri, 4 Feb 2011 11:44:47 -0600 Subject: [rancid] Alcatel Omniswitch and Rancid In-Reply-To: <-8991374591620832589@unknownmsgid> References: <2C2EB65E9541674190062A288A739F0001407D180B@DUFA.siminn.is> <4CA0624E05306542BC0A621B23C5E9AF0CC09940@LUS-EXCHANGE-01.UTILITIES.PRI> <-8991374591620832589@unknownmsgid> Message-ID: <4CA0624E05306542BC0A621B23C5E9AF0CC09981@LUS-EXCHANGE-01.UTILITIES.PRI> I've edited the last few lines of alurancid to see more of the last entries: if (!$clean_run || !$found_end) { print STDOUT "$host: End of run not found prompt was $prompt \n"; printf(STDERR "$host: clean_run $clean_run\n") if ($debug); printf(STDERR "$host: found_end $found_end\n") if ($debug); print STDERR "$host: End of run not found \n" if ($debug); #system("/usr/bin/tail -1 $host.new"); ? system("/usr/bin/tail -3 $host.new"); This is the output from the log: 10.128.1.4: End of run not found Last Boot Env Sync Time : 02/03/2011 02:57:08 =============================================================================== !A:LFTHEDDR01#logout Connection closed by foreign host. All commands are being executed as "Last Boot Env Sync Time " is from show redundancy sync. >From what I can tell regarding the difference between a 7450 logout and a 7750 logout. The 7750 stays on the same line ? A:LFTHEDDR01#logout Connection closed by foreign host. The 7450 generates a new line ? *A:LFTHEDSW1# logout Connection to 10.128.1.2 closed. Nick's version of aluRancid has no problems running on 7450s as it runs brillitantly. Thoughts? Chance Delome Chief Communication Systems Operator Lafayette Utilities System / LUS Fiber 234 Distribution Drive Lafayette, LA 70507 Chance at lus.org Office: 337-291-5851 Cell: 337-319-8472 From: Nick Buraglio [mailto:nick at buraglio.com] Sent: Thursday, February 03, 2011 7:59 PM To: Chance Delome Cc: Dav?? ?rn J?hannsson; Subject: Re: [rancid] Alcatel Omniswitch and Rancid I had this working on the alu boxes we used at SC10 but i do have to admit that the logout was what i had the most trouble with. I no longer have access to any alu boxes to help troubleshoot but I'll chime in if i can help since i wrote the initial port. What is the error you're seeing? nb On Feb 3, 2011, at 5:50 PM, "Chance Delome" wrote: I'm also having problems with 7750s and Rancid. From what I can debug, it's not recognizing the "logout" entry. Any suggestions? Chance Delome Chief Communication Systems Operator Lafayette Utilities System / LUS Fiber 234 Distribution Drive Lafayette, LA 70507 Chance at lus.org Office: 337-291-5851 Cell: 337-319-8472 From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Dav?? ?rn J?hannsson Sent: Wednesday, February 24, 2010 4:54 AM To: rancid-discuss at shrubbery.net Subject: [rancid] Re: Alcatel Omniswitch and Rancid Hi Alex, Doing some googling gave you away, I saw that you had modified rancid and clogin to being able to support Alcatel routers in Rancid, did you publish your modification anywhere where I could take a look at them? I'm trying to be able to use Rancid for Alcatel SR7750 and any help would be apreciated. Kve?ja, Dav?? ?rn J?hannsson S?rfr??ingur Stj?rnkerfi S?mi +354 897 7463 Fax +354 S?minn - ?rm?li 25 - 108 Reykjav?k - Iceland - siminn.is ?byrg? ??n var?andi t?lvup?st. _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.jpg Type: image/jpeg Size: 2697 bytes Desc: image001.jpg URL: From a.hongens at netmatch.nl Fri Feb 4 18:24:05 2011 From: a.hongens at netmatch.nl (=?ISO-8859-1?Q?Angelo_H=F6ngens?=) Date: Fri, 04 Feb 2011 19:24:05 +0100 Subject: [rancid] powerconnect problem Message-ID: <4D4C4445.3030805@netmatch.nl> Hey, I'm running rancid 2.3.6 on CentOS5.5.. I was running on old version of rancid, which worked perfectly for over a year, but I was stupid enough to break it. (I trashed the vm and installed a new clean CentOS machine to start fresh) I'm monitoring cisco, hp and dell devices. Cisco and HP work fine, but I have some problems with my dell devices (PowerConnect 6224 switches). I'm running Ricky Ninja's dlogin and drancid scripts, the latest on his site. When I run dlogin interactively, it works fine: ----------------------------------------------------- [rancid at til-bak-02 logs]$ dlogin -c "show ver" wol-swi-a1.weeronlinecolo.local wol-swi-a1.weeronlinecolo.local spawn ssh -c 3des -x -l root wol-swi-a1.weeronlinecolo.local root at wol-swi-a1.weeronlinecolo.local's password: console>enable console# console#show ver <..bla, correct output..] 1 2.2.0.3 2.2.0.3 image1 image1 2 2.2.0.3 2.2.0.3 image1 image1 console#exit console>exit ^ % Invalid input detected at '^' marker. console>quitReceived disconnect from 10.216.254.181: 11: Logout [rancid at til-bak-02 logs]$ ----------------------------------------------------- As you can see, the command exits nicely (it sends an 'exit', and when that gives an error it send a 'quit'). Hoewever, when running from rancid-run, it seems to hang. When I tail the logfile, I see it logs in to the switch, it sends the enable command, and then.. nothing, everything just hangs: ----------------------------------------------------- wol-swi-a1.weeronlinecolo.local spawn ssh -c 3des -x -l root wol-swi-a1.weeronlinecolo.local root at wol-swi-a1.weeronlinecolo.local's password: console>enable console# console# ----------------------------------------------------- Does anyone have any clever ideas? -- With kind regards, Angelo H?ngens systems administrator MCSE on Windows 2003 MCSE on Windows 2000 MS Small Business Specialist ------------------------------------------ NetMatch tourism internet software solutions Ringbaan Oost 2b 5013 CA Tilburg +31 (0)13 5811088 +31 (0)13 5821239 A.Hongens at netmatch.nl www.netmatch.nl ------------------------------------------ From ron.whitney at doitbest.com Fri Feb 4 18:43:36 2011 From: ron.whitney at doitbest.com (Ron Whitney) Date: Fri, 4 Feb 2011 13:43:36 -0500 Subject: [rancid] powerconnect problem In-Reply-To: <4D4C4445.3030805@netmatch.nl> Message-ID: <1FD6BFAE6EA54341821D01FB8E617B6503EE82C9@EXCHANGE1.ntserv.doitbestcorp.com> Not sure if this is relevant but on my Powerconnect switches, I created user 'rancid' as a privledged (15) user. I then configured 'add autoenable 1' to my .cloginrc file. This avoids the 'enable' command which may be causing your issue. Just a thought. Ron Whitney Network Administrator Do it Best Corp. | 6502 Nelson Road | Fort Wayne, IN 46803 260.748.5657 (direct) | 260.748.5623 (fax) > -----Original Message----- > From: rancid-discuss-bounces at shrubbery.net > [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of > Angelo H?ngens > Sent: Friday, February 04, 2011 13:24 > To: rancid-discuss at shrubbery.net > Subject: [rancid] powerconnect problem > > > Hey, > > I'm running rancid 2.3.6 on CentOS5.5.. > > I was running on old version of rancid, which worked > perfectly for over a year, but I was stupid enough to break > it. (I trashed the vm and installed a new clean CentOS > machine to start fresh) > > I'm monitoring cisco, hp and dell devices. Cisco and HP work > fine, but I have some problems with my dell devices > (PowerConnect 6224 switches). I'm running Ricky Ninja's > dlogin and drancid scripts, the latest on his site. > > When I run dlogin interactively, it works fine: > > ----------------------------------------------------- > [rancid at til-bak-02 logs]$ dlogin -c "show ver" > wol-swi-a1.weeronlinecolo.local > wol-swi-a1.weeronlinecolo.local spawn ssh -c 3des -x -l root > wol-swi-a1.weeronlinecolo.local > root at wol-swi-a1.weeronlinecolo.local's password: > > console>enable > > console# > console#show ver > > <..bla, correct output..] > > 1 2.2.0.3 2.2.0.3 image1 image1 > 2 2.2.0.3 2.2.0.3 image1 image1 > > console#exit > > console>exit > ^ > % Invalid input detected at '^' marker. > > console>quitReceived disconnect from 10.216.254.181: 11: Logout > [rancid at til-bak-02 logs]$ > ----------------------------------------------------- > As you can see, the command exits nicely (it sends an 'exit', > and when that gives an error it send a 'quit'). > > > Hoewever, when running from rancid-run, it seems to hang. > When I tail the logfile, I see it logs in to the switch, it > sends the enable command, and then.. nothing, everything just hangs: > > ----------------------------------------------------- > wol-swi-a1.weeronlinecolo.local > spawn ssh -c 3des -x -l root wol-swi-a1.weeronlinecolo.local > root at wol-swi-a1.weeronlinecolo.local's password: > > console>enable > > console# > console# > ----------------------------------------------------- > > Does anyone have any clever ideas? > > -- > > > With kind regards, > > > Angelo H?ngens > systems administrator > > MCSE on Windows 2003 > MCSE on Windows 2000 > MS Small Business Specialist > ------------------------------------------ > NetMatch > tourism internet software solutions > > Ringbaan Oost 2b > 5013 CA Tilburg > +31 (0)13 5811088 > +31 (0)13 5821239 > > A.Hongens at netmatch.nl > www.netmatch.nl > ------------------------------------------ > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > From a.hongens at netmatch.nl Fri Feb 4 18:47:01 2011 From: a.hongens at netmatch.nl (=?ISO-8859-1?Q?Angelo_H=F6ngens?=) Date: Fri, 04 Feb 2011 19:47:01 +0100 Subject: [rancid] powerconnect problem In-Reply-To: <1FD6BFAE6EA54341821D01FB8E617B6503EE82C9@EXCHANGE1.ntserv.doitbestcorp.com> References: <1FD6BFAE6EA54341821D01FB8E617B6503EE82C9@EXCHANGE1.ntserv.doitbestcorp.com> Message-ID: <4D4C49A5.9080309@netmatch.nl> On 4-2-2011 19:43, Ron Whitney wrote: > Not sure if this is relevant but on my Powerconnect switches, I created user 'rancid' as a privledged (15) user. I then configured 'add autoenable 1' to my .cloginrc file. This avoids the 'enable' command which may be causing your issue. Just a thought. -- With kind regards, Angelo H?ngens systems administrator MCSE on Windows 2003 MCSE on Windows 2000 MS Small Business Specialist ------------------------------------------ NetMatch tourism internet software solutions Ringbaan Oost 2b 5013 CA Tilburg +31 (0)13 5811088 +31 (0)13 5821239 A.Hongens at netmatch.nl www.netmatch.nl ------------------------------------------ From a.hongens at netmatch.nl Fri Feb 4 18:48:11 2011 From: a.hongens at netmatch.nl (=?ISO-8859-1?Q?Angelo_H=F6ngens?=) Date: Fri, 04 Feb 2011 19:48:11 +0100 Subject: [rancid] powerconnect problem In-Reply-To: <1FD6BFAE6EA54341821D01FB8E617B6503EE82C9@EXCHANGE1.ntserv.doitbestcorp.com> References: <1FD6BFAE6EA54341821D01FB8E617B6503EE82C9@EXCHANGE1.ntserv.doitbestcorp.com> Message-ID: <4D4C49EB.3070906@netmatch.nl> On 4-2-2011 19:43, Ron Whitney wrote: > Not sure if this is relevant but on my Powerconnect switches, I > created user 'rancid' as a privledged (15) user. I then configured > 'add autoenable 1' to my .cloginrc file. This avoids the > 'enable' command which may be causing your issue. Just a thought. doh, hit the wrong button.. I'm connecting using the 'root' account over ssh. But I can try adding a user, good idea, perhaps that behaves different from the root account. -- With kind regards, Angelo H?ngens systems administrator MCSE on Windows 2003 MCSE on Windows 2000 MS Small Business Specialist ------------------------------------------ NetMatch tourism internet software solutions Ringbaan Oost 2b 5013 CA Tilburg +31 (0)13 5811088 +31 (0)13 5821239 A.Hongens at netmatch.nl www.netmatch.nl ------------------------------------------ From ron.whitney at doitbest.com Fri Feb 4 19:15:53 2011 From: ron.whitney at doitbest.com (Ron Whitney) Date: Fri, 4 Feb 2011 14:15:53 -0500 Subject: [rancid] powerconnect problem In-Reply-To: <4D4C49EB.3070906@netmatch.nl> Message-ID: <1FD6BFAE6EA54341821D01FB8E617B6503EE82CB@EXCHANGE1.ntserv.doitbestcorp.com> > I'm connecting using the 'root' account over ssh. But I can > try adding a user, good idea, perhaps that behaves different > from the root account. FWIW, my switch is using the 'Login' Authentication Profile instead of the 'Enable' profile. From a.hongens at netmatch.nl Fri Feb 4 19:46:25 2011 From: a.hongens at netmatch.nl (=?ISO-8859-1?Q?Angelo_H=F6ngens?=) Date: Fri, 04 Feb 2011 20:46:25 +0100 Subject: [rancid] powerconnect problem In-Reply-To: <1FD6BFAE6EA54341821D01FB8E617B6503EE82CB@EXCHANGE1.ntserv.doitbestcorp.com> References: <1FD6BFAE6EA54341821D01FB8E617B6503EE82CB@EXCHANGE1.ntserv.doitbestcorp.com> Message-ID: <4D4C5791.9000300@netmatch.nl> On 4-2-2011 20:15, Ron Whitney wrote: > >> I'm connecting using the 'root' account over ssh. But I can try >> adding a user, good idea, perhaps that behaves different from the >> root account. > > FWIW, my switch is using the 'Login' Authentication Profile instead > of the 'Enable' profile. I am using the basic defaults. A 'show run' shows me only some 'username' lines, but nothing else concerning authentication. When I go to 'select authentication' in the GUI, I see it uses the default authentication profile 'networkList' for ssh login, and the profile 'enableList' for ssh enable. I tried some stuff there, but did not get anywhere, and rolled back. I'm a bit reluctant to change anything on the switches, as I want to keep things as simple and a default as possible, and the 12 M6220's I have, have been monitored fine in the past.. I think I'm going to try some old versions of rancid, and see if anything useful comes up there. -- With kind regards, Angelo H?ngens systems administrator MCSE on Windows 2003 MCSE on Windows 2000 MS Small Business Specialist ------------------------------------------ NetMatch tourism internet software solutions Ringbaan Oost 2b 5013 CA Tilburg +31 (0)13 5811088 +31 (0)13 5821239 A.Hongens at netmatch.nl www.netmatch.nl ------------------------------------------ From Ian.Murphy at populous.com Fri Feb 4 20:57:05 2011 From: Ian.Murphy at populous.com (Ian Murphy) Date: Fri, 4 Feb 2011 14:57:05 -0600 Subject: [rancid] Curious Cisco ASA problem Message-ID: <71E4C3C936BF364FAC4E44AD90ECCCD30D0212BDFC@US-MAIL.pop.local> I'm running into some interesting behavior regarding my Cisco ASA 5520. The device is talking to my TACACS server for authentication just fine. Clogin doesn't want to finish all the way though. It's hanging at the enable prompt where all my other devices do not. Here's the output from the clogin: rancid at kc-tacacs:~$ clogin kansascityASA5520 kansascityasa5520 spawn telnet kansascityasa5520 Trying 10.103.9.250... telnet: Unable to connect to remote host: Connection refused spawn ssh -c 3des -x -l rancid kansascityasa5520 rancid at kansascityasa5520's password: You are connected to: kansascityASA5520.pop.local Type help or '?' for a list of available commands. kansascityASA5520> enable Password: ******** Invalid password Password: ******** Invalid password Password: ******** Invalid password Access denied. kansascityASA5520> Error: Check your Enable passwd kansascityASA5520> I gets connected just fine then drops to the unprivileged account. I have tried to add a specific username and password for this device like this: #add user kansascityASA5520* {user} #add password kansascityASA5520* {password} {password} But, that didn't work either. Any help would be greatly appreciated, thanks Ian Murphy The information contained in this electronic communication, as well as in any attachments, may contain confidential or privileged information and may constitute non-public information, and is intended solely for use by the addressee(s). Any other use, disclosure, dissemination, distribution or copying of this electronic communication is strictly prohibited, may constitute an interference with Populous confidential business relationships and may be unlawful. If you received this communication in error, please notify me immediately and permanently delete the original and any electronic or printed copies of this electronic communication (including any attachments). Populous makes no representation regarding the absence of any virus in any attachment and expressly disclaims any responsibility for any damage suffered from the presence of a virus. -------------- next part -------------- An HTML attachment was scrubbed... URL: From cgauthier at mapscu.com Fri Feb 4 21:08:52 2011 From: cgauthier at mapscu.com (Chris Gauthier) Date: Fri, 4 Feb 2011 13:08:52 -0800 Subject: [rancid] Curious Cisco ASA problem In-Reply-To: <71E4C3C936BF364FAC4E44AD90ECCCD30D0212BDFC@US-MAIL.pop.local> References: <71E4C3C936BF364FAC4E44AD90ECCCD30D0212BDFC@US-MAIL.pop.local> Message-ID: You are connected to:? kansascityASA5520.pop.local? Type help or '?' for a list of available commands. kansascityASA5520> enable Password: ******** Invalid password Password: ******** Invalid password Password: ******** Invalid password Access denied. kansascityASA5520> Error: Check your Enable passwd kansascityASA5520> I gets connected just fine then drops to the unprivileged account. I have tried to add a specific username and password for this device like this: #add user kansascityASA5520* {user} #add password kansascityASA5520* {password} {password} -----My reply---- Be sure that the username and password are defined before the "global" username and password. Also, make sure the passwords are the same. Is autoenable turned on? If so, turn it off for that device. Lastly, what is the * used for in the example above? I am not sure that is a permissible character in the hostname field. Chris ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ CONFIDENTIALITY NOTICE Attention: The information contained in this email and/or attachments is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any system and destroy any copies. From Ian.Murphy at populous.com Fri Feb 4 21:23:41 2011 From: Ian.Murphy at populous.com (Ian Murphy) Date: Fri, 4 Feb 2011 15:23:41 -0600 Subject: [rancid] Curious Cisco ASA problem In-Reply-To: References: <71E4C3C936BF364FAC4E44AD90ECCCD30D0212BDFC@US-MAIL.pop.local> Message-ID: <71E4C3C936BF364FAC4E44AD90ECCCD30D0212BE1E@US-MAIL.pop.local> Hi Chris, Thanks for the reply. I added the username and password above the "global" password as you suggested and I still get the same result. Autoenable is not applied to that device. One thing I noticed about the difference between the ASA and another device Here's a snip from a working device: edge4503a>enable Password: edge4503a# and from the nonworking device: kansascityASA5520> enable Password: ******** Invalid password Password: ******** Invalid password Password: ******** Invalid password Access denied. kansascityASA5520> It looks like it's passing the creds differently. Maybe I have the ASA classified wrong in router.db? Is it supposed to be something other than type cisco? Thanks, Ian -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Chris Gauthier Sent: Friday, February 04, 2011 3:09 PM To: rancid-discuss at shrubbery.net Subject: Re: [rancid] Curious Cisco ASA problem You are connected to:? kansascityASA5520.pop.local? Type help or '?' for a list of available commands. kansascityASA5520> enable Password: ******** Invalid password Password: ******** Invalid password Password: ******** Invalid password Access denied. kansascityASA5520> Error: Check your Enable passwd kansascityASA5520> I gets connected just fine then drops to the unprivileged account. I have tried to add a specific username and password for this device like this: #add user kansascityASA5520* {user} #add password kansascityASA5520* {password} {password} -----My reply---- Be sure that the username and password are defined before the "global" username and password. Also, make sure the passwords are the same. Is autoenable turned on? If so, turn it off for that device. Lastly, what is the * used for in the example above? I am not sure that is a permissible character in the hostname field. Chris ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ CONFIDENTIALITY NOTICE Attention: The information contained in this email and/or attachments is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any system and destroy any copies. _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss The information contained in this electronic communication, as well as in any attachments, may contain confidential or privileged information and may constitute non-public information, and is intended solely for use by the addressee(s). Any other use, disclosure, dissemination, distribution or copying of this electronic communication is strictly prohibited, may constitute an interference with Populous confidential business relationships and may be unlawful. If you received this communication in error, please notify me immediately and permanently delete the original and any electronic or printed copies of this electronic communication (including any attachments). Populous makes no representation regarding the absence of any virus in any attachment and expressly disclaims any responsibility for any damage suffered from the presence of a virus. From ThomisonL at muni.org Fri Feb 4 21:40:16 2011 From: ThomisonL at muni.org (Thomison, Lee) Date: Fri, 4 Feb 2011 12:40:16 -0900 Subject: [rancid] recovering or examining old cisco configs? Message-ID: <27B58F038E8FC24680CE64F6CDC508E590A5B919B9@mlpsmail01.mlp.muniverse.net> We're using rancid with svn. Is it possible (and easy) to examine a cisco config from an arbitrary time period ago? Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: From egirard at focustsi.com Fri Feb 4 21:52:47 2011 From: egirard at focustsi.com (Eric Girard) Date: Fri, 4 Feb 2011 16:52:47 -0500 Subject: [rancid] Curious Cisco ASA problem In-Reply-To: <71E4C3C936BF364FAC4E44AD90ECCCD30D0212BE1E@US-MAIL.pop.local> References: <71E4C3C936BF364FAC4E44AD90ECCCD30D0212BDFC@US-MAIL.pop.local> <71E4C3C936BF364FAC4E44AD90ECCCD30D0212BE1E@US-MAIL.pop.local> Message-ID: Ian, Does your ASA have TACACS turned on for enable access as well as telnet/SSH? All of my ASA's are in RANCID as type 'cisco', I think you just have some sort of password mismatch. Can you log in manually using the credentials you have specificed in your cloginrc? Eric -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Ian Murphy Sent: Friday, February 04, 2011 4:24 PM To: Chris Gauthier; rancid-discuss at shrubbery.net Subject: Re: [rancid] Curious Cisco ASA problem Hi Chris, Thanks for the reply. I added the username and password above the "global" password as you suggested and I still get the same result. Autoenable is not applied to that device. One thing I noticed about the difference between the ASA and another device Here's a snip from a working device: edge4503a>enable Password: edge4503a# and from the nonworking device: kansascityASA5520> enable Password: ******** Invalid password Password: ******** Invalid password Password: ******** Invalid password Access denied. kansascityASA5520> It looks like it's passing the creds differently. Maybe I have the ASA classified wrong in router.db? Is it supposed to be something other than type cisco? Thanks, Ian -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Chris Gauthier Sent: Friday, February 04, 2011 3:09 PM To: rancid-discuss at shrubbery.net Subject: Re: [rancid] Curious Cisco ASA problem You are connected to:? kansascityASA5520.pop.local? Type help or '?' for a list of available commands. kansascityASA5520> enable Password: ******** Invalid password Password: ******** Invalid password Password: ******** Invalid password Access denied. kansascityASA5520> Error: Check your Enable passwd kansascityASA5520> I gets connected just fine then drops to the unprivileged account. I have tried to add a specific username and password for this device like this: #add user kansascityASA5520* {user} #add password kansascityASA5520* {password} {password} -----My reply---- Be sure that the username and password are defined before the "global" username and password. Also, make sure the passwords are the same. Is autoenable turned on? If so, turn it off for that device. Lastly, what is the * used for in the example above? I am not sure that is a permissible character in the hostname field. Chris ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ CONFIDENTIALITY NOTICE Attention: The information contained in this email and/or attachments is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any system and destroy any copies. _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss The information contained in this electronic communication, as well as in any attachments, may contain confidential or privileged information and may constitute non-public information, and is intended solely for use by the addressee(s). Any other use, disclosure, dissemination, distribution or copying of this electronic communication is strictly prohibited, may constitute an interference with Populous confidential business relationships and may be unlawful. If you received this communication in error, please notify me immediately and permanently delete the original and any electronic or printed copies of this electronic communication (including any attachments). Populous makes no representation regarding the absence of any virus in any attachment and expressly disclaims any responsibility for any damage suffered from the presence of a virus. _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From Ian.Murphy at populous.com Fri Feb 4 22:00:32 2011 From: Ian.Murphy at populous.com (Ian Murphy) Date: Fri, 4 Feb 2011 16:00:32 -0600 Subject: [rancid] Curious Cisco ASA problem In-Reply-To: <71E4C3C936BF364FAC4E44AD90ECCCD30D0212BE1E@US-MAIL.pop.local> References: <71E4C3C936BF364FAC4E44AD90ECCCD30D0212BDFC@US-MAIL.pop.local> <71E4C3C936BF364FAC4E44AD90ECCCD30D0212BE1E@US-MAIL.pop.local> Message-ID: <71E4C3C936BF364FAC4E44AD90ECCCD30D0212BE5A@US-MAIL.pop.local> Ok I tried this: clogin -u rancid -p loginPW -e enablePW -c "sh ver" kansascityASA5520 and got the expected results. The device returned the version info. Here's my .cloginrc file: #custom user name and password for KC ASA add user kansascityASA5520 {rancid} add password kansascityASA5520 { loginPW } { enablePW } add user * {rancid} add password * { loginPW } { enablePW } and clogin kansascityASA5520 fail to get eabled. -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Ian Murphy Sent: Friday, February 04, 2011 3:24 PM To: Chris Gauthier; rancid-discuss at shrubbery.net Subject: Re: [rancid] Curious Cisco ASA problem Hi Chris, Thanks for the reply. I added the username and password above the "global" password as you suggested and I still get the same result. Autoenable is not applied to that device. One thing I noticed about the difference between the ASA and another device Here's a snip from a working device: edge4503a>enable Password: edge4503a# and from the nonworking device: kansascityASA5520> enable Password: ******** Invalid password Password: ******** Invalid password Password: ******** Invalid password Access denied. kansascityASA5520> It looks like it's passing the creds differently. Maybe I have the ASA classified wrong in router.db? Is it supposed to be something other than type cisco? Thanks, Ian -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Chris Gauthier Sent: Friday, February 04, 2011 3:09 PM To: rancid-discuss at shrubbery.net Subject: Re: [rancid] Curious Cisco ASA problem You are connected to:? kansascityASA5520.pop.local? Type help or '?' for a list of available commands. kansascityASA5520> enable Password: ******** Invalid password Password: ******** Invalid password Password: ******** Invalid password Access denied. kansascityASA5520> Error: Check your Enable passwd kansascityASA5520> I gets connected just fine then drops to the unprivileged account. I have tried to add a specific username and password for this device like this: #add user kansascityASA5520* {user} #add password kansascityASA5520* {password} {password} -----My reply---- Be sure that the username and password are defined before the "global" username and password. Also, make sure the passwords are the same. Is autoenable turned on? If so, turn it off for that device. Lastly, what is the * used for in the example above? I am not sure that is a permissible character in the hostname field. Chris ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ CONFIDENTIALITY NOTICE Attention: The information contained in this email and/or attachments is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any system and destroy any copies. _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss The information contained in this electronic communication, as well as in any attachments, may contain confidential or privileged information and may constitute non-public information, and is intended solely for use by the addressee(s). Any other use, disclosure, dissemination, distribution or copying of this electronic communication is strictly prohibited, may constitute an interference with Populous confidential business relationships and may be unlawful. If you received this communication in error, please notify me immediately and permanently delete the original and any electronic or printed copies of this electronic communication (including any attachments). Populous makes no representation regarding the absence of any virus in any attachment and expressly disclaims any responsibility for any damage suffered from the presence of a virus. _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From cgauthier at mapscu.com Fri Feb 4 22:01:04 2011 From: cgauthier at mapscu.com (Chris Gauthier) Date: Fri, 4 Feb 2011 14:01:04 -0800 Subject: [rancid] Curious Cisco ASA problem In-Reply-To: References: <71E4C3C936BF364FAC4E44AD90ECCCD30D0212BDFC@US-MAIL.pop.local> <71E4C3C936BF364FAC4E44AD90ECCCD30D0212BE1E@US-MAIL.pop.local> Message-ID: Eric makes a good point. If you are not using aaa for authentication AND authorization then you do run a risk of having mismatched password and it gets pretty cranky about it. It might look like this (with a successful login): Username: jdoe Password: abc123 edge4503a>enable Password: abc123 edge4503a# Note the same password is used for both login and enable. That could be part of the problem. --chris -----Original Message----- From: Eric Girard [mailto:egirard at focustsi.com] Sent: Friday, February 04, 2011 1:53 PM To: 'Ian Murphy'; Chris Gauthier; 'rancid-discuss at shrubbery.net' Subject: RE: Curious Cisco ASA problem Ian, Does your ASA have TACACS turned on for enable access as well as telnet/SSH? All of my ASA's are in RANCID as type 'cisco', I think you just have some sort of password mismatch. Can you log in manually using the credentials you have specificed in your cloginrc? Eric -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Ian Murphy Sent: Friday, February 04, 2011 4:24 PM To: Chris Gauthier; rancid-discuss at shrubbery.net Subject: Re: [rancid] Curious Cisco ASA problem Hi Chris, Thanks for the reply. I added the username and password above the "global" password as you suggested and I still get the same result. Autoenable is not applied to that device. One thing I noticed about the difference between the ASA and another device Here's a snip from a working device: edge4503a>enable Password: edge4503a# and from the nonworking device: kansascityASA5520> enable Password: ******** Invalid password Password: ******** Invalid password Password: ******** Invalid password Access denied. kansascityASA5520> It looks like it's passing the creds differently. Maybe I have the ASA classified wrong in router.db? Is it supposed to be something other than type cisco? Thanks, Ian -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Chris Gauthier Sent: Friday, February 04, 2011 3:09 PM To: rancid-discuss at shrubbery.net Subject: Re: [rancid] Curious Cisco ASA problem You are connected to:? kansascityASA5520.pop.local? Type help or '?' for a list of available commands. kansascityASA5520> enable Password: ******** Invalid password Password: ******** Invalid password Password: ******** Invalid password Access denied. kansascityASA5520> Error: Check your Enable passwd kansascityASA5520> I gets connected just fine then drops to the unprivileged account. I have tried to add a specific username and password for this device like this: #add user kansascityASA5520* {user} #add password kansascityASA5520* {password} {password} -----My reply---- Be sure that the username and password are defined before the "global" username and password. Also, make sure the passwords are the same. Is autoenable turned on? If so, turn it off for that device. Lastly, what is the * used for in the example above? I am not sure that is a permissible character in the hostname field. Chris ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ CONFIDENTIALITY NOTICE Attention: The information contained in this email and/or attachments is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any system and destroy any copies. _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss The information contained in this electronic communication, as well as in any attachments, may contain confidential or privileged information and may constitute non-public information, and is intended solely for use by the addressee(s). Any other use, disclosure, dissemination, distribution or copying of this electronic communication is strictly prohibited, may constitute an interference with Populous confidential business relationships and may be unlawful. If you received this communication in error, please notify me immediately and permanently delete the original and any electronic or printed copies of this electronic communication (including any attachments). Populous makes no representation regarding the absence of any virus in any attachment and expressly disclaims any responsibility for any damage suffered from the presence of a virus. _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From rwest at zyedge.com Fri Feb 4 22:03:10 2011 From: rwest at zyedge.com (Ryan West) Date: Fri, 4 Feb 2011 22:03:10 +0000 Subject: [rancid] Curious Cisco ASA problem In-Reply-To: <71E4C3C936BF364FAC4E44AD90ECCCD30D0212BE5A@US-MAIL.pop.local> References: <71E4C3C936BF364FAC4E44AD90ECCCD30D0212BDFC@US-MAIL.pop.local> <71E4C3C936BF364FAC4E44AD90ECCCD30D0212BE1E@US-MAIL.pop.local> <71E4C3C936BF364FAC4E44AD90ECCCD30D0212BE5A@US-MAIL.pop.local> Message-ID: <5DC4853C6CC3EE4788779E0726E034DD6CD74B@zy-ex1.zyedge.local> Remove the spaces between your curly brackets. -ryan -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Ian Murphy Sent: Friday, February 04, 2011 5:01 PM To: Ian Murphy; Chris Gauthier; rancid-discuss at shrubbery.net Subject: Re: [rancid] Curious Cisco ASA problem Ok I tried this: clogin -u rancid -p loginPW -e enablePW -c "sh ver" kansascityASA5520 and got the expected results. The device returned the version info. Here's my .cloginrc file: #custom user name and password for KC ASA add user kansascityASA5520 {rancid} add password kansascityASA5520 { loginPW } { enablePW } add user * {rancid} add password * { loginPW } { enablePW } and clogin kansascityASA5520 fail to get eabled. -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Ian Murphy Sent: Friday, February 04, 2011 3:24 PM To: Chris Gauthier; rancid-discuss at shrubbery.net Subject: Re: [rancid] Curious Cisco ASA problem Hi Chris, Thanks for the reply. I added the username and password above the "global" password as you suggested and I still get the same result. Autoenable is not applied to that device. One thing I noticed about the difference between the ASA and another device Here's a snip from a working device: edge4503a>enable Password: edge4503a# and from the nonworking device: kansascityASA5520> enable Password: ******** Invalid password Password: ******** Invalid password Password: ******** Invalid password Access denied. kansascityASA5520> It looks like it's passing the creds differently. Maybe I have the ASA classified wrong in router.db? Is it supposed to be something other than type cisco? Thanks, Ian -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Chris Gauthier Sent: Friday, February 04, 2011 3:09 PM To: rancid-discuss at shrubbery.net Subject: Re: [rancid] Curious Cisco ASA problem You are connected to:? kansascityASA5520.pop.local? Type help or '?' for a list of available commands. kansascityASA5520> enable Password: ******** Invalid password Password: ******** Invalid password Password: ******** Invalid password Access denied. kansascityASA5520> Error: Check your Enable passwd kansascityASA5520> I gets connected just fine then drops to the unprivileged account. I have tried to add a specific username and password for this device like this: #add user kansascityASA5520* {user} #add password kansascityASA5520* {password} {password} -----My reply---- Be sure that the username and password are defined before the "global" username and password. Also, make sure the passwords are the same. Is autoenable turned on? If so, turn it off for that device. Lastly, what is the * used for in the example above? I am not sure that is a permissible character in the hostname field. Chris ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ CONFIDENTIALITY NOTICE Attention: The information contained in this email and/or attachments is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any system and destroy any copies. _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss The information contained in this electronic communication, as well as in any attachments, may contain confidential or privileged information and may constitute non-public information, and is intended solely for use by the addressee(s). Any other use, disclosure, dissemination, distribution or copying of this electronic communication is strictly prohibited, may constitute an interference with Populous confidential business relationships and may be unlawful. If you received this communication in error, please notify me immediately and permanently delete the original and any electronic or printed copies of this electronic communication (including any attachments). Populous makes no representation regarding the absence of any virus in any attachment and expressly disclaims any responsibility for any damage suffered from the presence of a virus. _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From Ian.Murphy at populous.com Fri Feb 4 22:12:05 2011 From: Ian.Murphy at populous.com (Ian Murphy) Date: Fri, 4 Feb 2011 16:12:05 -0600 Subject: [rancid] Curious Cisco ASA problem In-Reply-To: References: <71E4C3C936BF364FAC4E44AD90ECCCD30D0212BDFC@US-MAIL.pop.local> <71E4C3C936BF364FAC4E44AD90ECCCD30D0212BE1E@US-MAIL.pop.local> Message-ID: <71E4C3C936BF364FAC4E44AD90ECCCD30D0212BE7C@US-MAIL.pop.local> I'm only using TACACS for authentication and accounting.. . no authorization. The rancid user logon and enable passwords are the same in tac_plus.conf. the ASA has an enable secret that is different, call it enableSECRET. So the last email I sent needs a little more explanation. Here it is: clogin -u rancid -p loginPW -e enableSECRET -c "sh ver" kansascityASA5520 and got the expected results. The device returned the version info. Here's my .cloginrc file: #custom user name and password for KC ASA add user kansascityASA5520 {rancid} add password kansascityASA5520 { loginPW } { enableSECRET } add user * {rancid} add password * { loginPW } { enablePW} and clogin kansascityASA5520 fail to get enabled, but this works on every other device. Ryan, thanks for the reply. I tried removing whitespace from between the curly braces and it failed to execute the script at all. -----Original Message----- From: Eric Girard [mailto:egirard at focustsi.com] Sent: Friday, February 04, 2011 3:53 PM To: Ian Murphy; 'Chris Gauthier'; 'rancid-discuss at shrubbery.net' Subject: RE: Curious Cisco ASA problem Ian, Does your ASA have TACACS turned on for enable access as well as telnet/SSH? All of my ASA's are in RANCID as type 'cisco', I think you just have some sort of password mismatch. Can you log in manually using the credentials you have specificed in your cloginrc? Eric -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Ian Murphy Sent: Friday, February 04, 2011 4:24 PM To: Chris Gauthier; rancid-discuss at shrubbery.net Subject: Re: [rancid] Curious Cisco ASA problem Hi Chris, Thanks for the reply. I added the username and password above the "global" password as you suggested and I still get the same result. Autoenable is not applied to that device. One thing I noticed about the difference between the ASA and another device Here's a snip from a working device: edge4503a>enable Password: edge4503a# and from the nonworking device: kansascityASA5520> enable Password: ******** Invalid password Password: ******** Invalid password Password: ******** Invalid password Access denied. kansascityASA5520> It looks like it's passing the creds differently. Maybe I have the ASA classified wrong in router.db? Is it supposed to be something other than type cisco? Thanks, Ian -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Chris Gauthier Sent: Friday, February 04, 2011 3:09 PM To: rancid-discuss at shrubbery.net Subject: Re: [rancid] Curious Cisco ASA problem You are connected to:? kansascityASA5520.pop.local? Type help or '?' for a list of available commands. kansascityASA5520> enable Password: ******** Invalid password Password: ******** Invalid password Password: ******** Invalid password Access denied. kansascityASA5520> Error: Check your Enable passwd kansascityASA5520> I gets connected just fine then drops to the unprivileged account. I have tried to add a specific username and password for this device like this: #add user kansascityASA5520* {user} #add password kansascityASA5520* {password} {password} -----My reply---- Be sure that the username and password are defined before the "global" username and password. Also, make sure the passwords are the same. Is autoenable turned on? If so, turn it off for that device. Lastly, what is the * used for in the example above? I am not sure that is a permissible character in the hostname field. Chris ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ CONFIDENTIALITY NOTICE Attention: The information contained in this email and/or attachments is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any system and destroy any copies. _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss The information contained in this electronic communication, as well as in any attachments, may contain confidential or privileged information and may constitute non-public information, and is intended solely for use by the addressee(s). Any other use, disclosure, dissemination, distribution or copying of this electronic communication is strictly prohibited, may constitute an interference with Populous confidential business relationships and may be unlawful. If you received this communication in error, please notify me immediately and permanently delete the original and any electronic or printed copies of this electronic communication (including any attachments). Populous makes no representation regarding the absence of any virus in any attachment and expressly disclaims any responsibility for any damage suffered from the presence of a virus. _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From Ian.Murphy at populous.com Fri Feb 4 22:14:29 2011 From: Ian.Murphy at populous.com (Ian Murphy) Date: Fri, 4 Feb 2011 16:14:29 -0600 Subject: [rancid] Curious Cisco ASA problem In-Reply-To: References: <71E4C3C936BF364FAC4E44AD90ECCCD30D0212BDFC@US-MAIL.pop.local> <71E4C3C936BF364FAC4E44AD90ECCCD30D0212BE1E@US-MAIL.pop.local> Message-ID: <71E4C3C936BF364FAC4E44AD90ECCCD30D0212BE82@US-MAIL.pop.local> Eric, thanks for the reply. when I manually log in as rancid I can only gain enable by using the local enable secret -----Original Message----- From: Eric Girard [mailto:egirard at focustsi.com] Sent: Friday, February 04, 2011 3:53 PM To: Ian Murphy; 'Chris Gauthier'; 'rancid-discuss at shrubbery.net' Subject: RE: Curious Cisco ASA problem Ian, Does your ASA have TACACS turned on for enable access as well as telnet/SSH? All of my ASA's are in RANCID as type 'cisco', I think you just have some sort of password mismatch. Can you log in manually using the credentials you have specificed in your cloginrc? Eric -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Ian Murphy Sent: Friday, February 04, 2011 4:24 PM To: Chris Gauthier; rancid-discuss at shrubbery.net Subject: Re: [rancid] Curious Cisco ASA problem Hi Chris, Thanks for the reply. I added the username and password above the "global" password as you suggested and I still get the same result. Autoenable is not applied to that device. One thing I noticed about the difference between the ASA and another device Here's a snip from a working device: edge4503a>enable Password: edge4503a# and from the nonworking device: kansascityASA5520> enable Password: ******** Invalid password Password: ******** Invalid password Password: ******** Invalid password Access denied. kansascityASA5520> It looks like it's passing the creds differently. Maybe I have the ASA classified wrong in router.db? Is it supposed to be something other than type cisco? Thanks, Ian -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Chris Gauthier Sent: Friday, February 04, 2011 3:09 PM To: rancid-discuss at shrubbery.net Subject: Re: [rancid] Curious Cisco ASA problem You are connected to:? kansascityASA5520.pop.local? Type help or '?' for a list of available commands. kansascityASA5520> enable Password: ******** Invalid password Password: ******** Invalid password Password: ******** Invalid password Access denied. kansascityASA5520> Error: Check your Enable passwd kansascityASA5520> I gets connected just fine then drops to the unprivileged account. I have tried to add a specific username and password for this device like this: #add user kansascityASA5520* {user} #add password kansascityASA5520* {password} {password} -----My reply---- Be sure that the username and password are defined before the "global" username and password. Also, make sure the passwords are the same. Is autoenable turned on? If so, turn it off for that device. Lastly, what is the * used for in the example above? I am not sure that is a permissible character in the hostname field. Chris ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ CONFIDENTIALITY NOTICE Attention: The information contained in this email and/or attachments is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any system and destroy any copies. _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss The information contained in this electronic communication, as well as in any attachments, may contain confidential or privileged information and may constitute non-public information, and is intended solely for use by the addressee(s). Any other use, disclosure, dissemination, distribution or copying of this electronic communication is strictly prohibited, may constitute an interference with Populous confidential business relationships and may be unlawful. If you received this communication in error, please notify me immediately and permanently delete the original and any electronic or printed copies of this electronic communication (including any attachments). Populous makes no representation regarding the absence of any virus in any attachment and expressly disclaims any responsibility for any damage suffered from the presence of a virus. _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From rwest at zyedge.com Fri Feb 4 22:14:46 2011 From: rwest at zyedge.com (Ryan West) Date: Fri, 4 Feb 2011 22:14:46 +0000 Subject: [rancid] Curious Cisco ASA problem In-Reply-To: <71E4C3C936BF364FAC4E44AD90ECCCD30D0212BE7C@US-MAIL.pop.local> References: <71E4C3C936BF364FAC4E44AD90ECCCD30D0212BDFC@US-MAIL.pop.local> <71E4C3C936BF364FAC4E44AD90ECCCD30D0212BE1E@US-MAIL.pop.local> <71E4C3C936BF364FAC4E44AD90ECCCD30D0212BE7C@US-MAIL.pop.local> Message-ID: <5DC4853C6CC3EE4788779E0726E034DD6CD7C5@zy-ex1.zyedge.local> Ian, I meant here -> { loginPW }, unless you're using a special character that would cause the .cloginrc to fail, you can remove the brackets and use a tab between the passwords. -ryan -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Ian Murphy Sent: Friday, February 04, 2011 5:12 PM To: Eric Girard; 'Chris Gauthier'; 'rancid-discuss at shrubbery.net' Subject: Re: [rancid] Curious Cisco ASA problem I'm only using TACACS for authentication and accounting.. . no authorization. The rancid user logon and enable passwords are the same in tac_plus.conf. the ASA has an enable secret that is different, call it enableSECRET. So the last email I sent needs a little more explanation. Here it is: clogin -u rancid -p loginPW -e enableSECRET -c "sh ver" kansascityASA5520 and got the expected results. The device returned the version info. Here's my .cloginrc file: #custom user name and password for KC ASA add user kansascityASA5520 {rancid} add password kansascityASA5520 { loginPW } { enableSECRET } add user * {rancid} add password * { loginPW } { enablePW} and clogin kansascityASA5520 fail to get enabled, but this works on every other device. Ryan, thanks for the reply. I tried removing whitespace from between the curly braces and it failed to execute the script at all. -----Original Message----- From: Eric Girard [mailto:egirard at focustsi.com] Sent: Friday, February 04, 2011 3:53 PM To: Ian Murphy; 'Chris Gauthier'; 'rancid-discuss at shrubbery.net' Subject: RE: Curious Cisco ASA problem Ian, Does your ASA have TACACS turned on for enable access as well as telnet/SSH? All of my ASA's are in RANCID as type 'cisco', I think you just have some sort of password mismatch. Can you log in manually using the credentials you have specificed in your cloginrc? Eric -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Ian Murphy Sent: Friday, February 04, 2011 4:24 PM To: Chris Gauthier; rancid-discuss at shrubbery.net Subject: Re: [rancid] Curious Cisco ASA problem Hi Chris, Thanks for the reply. I added the username and password above the "global" password as you suggested and I still get the same result. Autoenable is not applied to that device. One thing I noticed about the difference between the ASA and another device Here's a snip from a working device: edge4503a>enable Password: edge4503a# and from the nonworking device: kansascityASA5520> enable Password: ******** Invalid password Password: ******** Invalid password Password: ******** Invalid password Access denied. kansascityASA5520> It looks like it's passing the creds differently. Maybe I have the ASA classified wrong in router.db? Is it supposed to be something other than type cisco? Thanks, Ian -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Chris Gauthier Sent: Friday, February 04, 2011 3:09 PM To: rancid-discuss at shrubbery.net Subject: Re: [rancid] Curious Cisco ASA problem You are connected to:? kansascityASA5520.pop.local? Type help or '?' for a list of available commands. kansascityASA5520> enable Password: ******** Invalid password Password: ******** Invalid password Password: ******** Invalid password Access denied. kansascityASA5520> Error: Check your Enable passwd kansascityASA5520> I gets connected just fine then drops to the unprivileged account. I have tried to add a specific username and password for this device like this: #add user kansascityASA5520* {user} #add password kansascityASA5520* {password} {password} -----My reply---- Be sure that the username and password are defined before the "global" username and password. Also, make sure the passwords are the same. Is autoenable turned on? If so, turn it off for that device. Lastly, what is the * used for in the example above? I am not sure that is a permissible character in the hostname field. Chris ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ CONFIDENTIALITY NOTICE Attention: The information contained in this email and/or attachments is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any system and destroy any copies. _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss The information contained in this electronic communication, as well as in any attachments, may contain confidential or privileged information and may constitute non-public information, and is intended solely for use by the addressee(s). Any other use, disclosure, dissemination, distribution or copying of this electronic communication is strictly prohibited, may constitute an interference with Populous confidential business relationships and may be unlawful. If you received this communication in error, please notify me immediately and permanently delete the original and any electronic or printed copies of this electronic communication (including any attachments). Populous makes no representation regarding the absence of any virus in any attachment and expressly disclaims any responsibility for any damage suffered from the presence of a virus. _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From Ian.Murphy at populous.com Fri Feb 4 22:24:35 2011 From: Ian.Murphy at populous.com (Ian Murphy) Date: Fri, 4 Feb 2011 16:24:35 -0600 Subject: [rancid] Curious Cisco ASA problem In-Reply-To: <5DC4853C6CC3EE4788779E0726E034DD6CD7C5@zy-ex1.zyedge.local> References: <71E4C3C936BF364FAC4E44AD90ECCCD30D0212BDFC@US-MAIL.pop.local> <71E4C3C936BF364FAC4E44AD90ECCCD30D0212BE1E@US-MAIL.pop.local> <71E4C3C936BF364FAC4E44AD90ECCCD30D0212BE7C@US-MAIL.pop.local> <5DC4853C6CC3EE4788779E0726E034DD6CD7C5@zy-ex1.zyedge.local> Message-ID: <71E4C3C936BF364FAC4E44AD90ECCCD30D0212BE9E@US-MAIL.pop.local> Oh, I see. Sorry, I verified that there are no spaces in inside the curly braces. I typed it up that way in the email though. -----Original Message----- From: Ryan West [mailto:rwest at zyedge.com] Sent: Friday, February 04, 2011 4:15 PM To: Ian Murphy; Eric Girard; 'Chris Gauthier'; 'rancid-discuss at shrubbery.net' Subject: RE: Curious Cisco ASA problem Ian, I meant here -> { loginPW }, unless you're using a special character that would cause the .cloginrc to fail, you can remove the brackets and use a tab between the passwords. -ryan -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Ian Murphy Sent: Friday, February 04, 2011 5:12 PM To: Eric Girard; 'Chris Gauthier'; 'rancid-discuss at shrubbery.net' Subject: Re: [rancid] Curious Cisco ASA problem I'm only using TACACS for authentication and accounting.. . no authorization. The rancid user logon and enable passwords are the same in tac_plus.conf. the ASA has an enable secret that is different, call it enableSECRET. So the last email I sent needs a little more explanation. Here it is: clogin -u rancid -p loginPW -e enableSECRET -c "sh ver" kansascityASA5520 and got the expected results. The device returned the version info. Here's my .cloginrc file: #custom user name and password for KC ASA add user kansascityASA5520 {rancid} add password kansascityASA5520 { loginPW } { enableSECRET } add user * {rancid} add password * { loginPW } { enablePW} and clogin kansascityASA5520 fail to get enabled, but this works on every other device. Ryan, thanks for the reply. I tried removing whitespace from between the curly braces and it failed to execute the script at all. -----Original Message----- From: Eric Girard [mailto:egirard at focustsi.com] Sent: Friday, February 04, 2011 3:53 PM To: Ian Murphy; 'Chris Gauthier'; 'rancid-discuss at shrubbery.net' Subject: RE: Curious Cisco ASA problem Ian, Does your ASA have TACACS turned on for enable access as well as telnet/SSH? All of my ASA's are in RANCID as type 'cisco', I think you just have some sort of password mismatch. Can you log in manually using the credentials you have specificed in your cloginrc? Eric -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Ian Murphy Sent: Friday, February 04, 2011 4:24 PM To: Chris Gauthier; rancid-discuss at shrubbery.net Subject: Re: [rancid] Curious Cisco ASA problem Hi Chris, Thanks for the reply. I added the username and password above the "global" password as you suggested and I still get the same result. Autoenable is not applied to that device. One thing I noticed about the difference between the ASA and another device Here's a snip from a working device: edge4503a>enable Password: edge4503a# and from the nonworking device: kansascityASA5520> enable Password: ******** Invalid password Password: ******** Invalid password Password: ******** Invalid password Access denied. kansascityASA5520> It looks like it's passing the creds differently. Maybe I have the ASA classified wrong in router.db? Is it supposed to be something other than type cisco? Thanks, Ian -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Chris Gauthier Sent: Friday, February 04, 2011 3:09 PM To: rancid-discuss at shrubbery.net Subject: Re: [rancid] Curious Cisco ASA problem You are connected to:? kansascityASA5520.pop.local? Type help or '?' for a list of available commands. kansascityASA5520> enable Password: ******** Invalid password Password: ******** Invalid password Password: ******** Invalid password Access denied. kansascityASA5520> Error: Check your Enable passwd kansascityASA5520> I gets connected just fine then drops to the unprivileged account. I have tried to add a specific username and password for this device like this: #add user kansascityASA5520* {user} #add password kansascityASA5520* {password} {password} -----My reply---- Be sure that the username and password are defined before the "global" username and password. Also, make sure the passwords are the same. Is autoenable turned on? If so, turn it off for that device. Lastly, what is the * used for in the example above? I am not sure that is a permissible character in the hostname field. Chris ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ CONFIDENTIALITY NOTICE Attention: The information contained in this email and/or attachments is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any system and destroy any copies. _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss The information contained in this electronic communication, as well as in any attachments, may contain confidential or privileged information and may constitute non-public information, and is intended solely for use by the addressee(s). Any other use, disclosure, dissemination, distribution or copying of this electronic communication is strictly prohibited, may constitute an interference with Populous confidential business relationships and may be unlawful. If you received this communication in error, please notify me immediately and permanently delete the original and any electronic or printed copies of this electronic communication (including any attachments). Populous makes no representation regarding the absence of any virus in any attachment and expressly disclaims any responsibility for any damage suffered from the presence of a virus. _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From gmccullagh at gmail.com Fri Feb 4 22:25:25 2011 From: gmccullagh at gmail.com (Gavin McCullagh) Date: Fri, 4 Feb 2011 22:25:25 +0000 Subject: [rancid] recovering or examining old cisco configs? In-Reply-To: <27B58F038E8FC24680CE64F6CDC508E590A5B919B9@mlpsmail01.mlp.muniverse.net> References: <27B58F038E8FC24680CE64F6CDC508E590A5B919B9@mlpsmail01.mlp.muniverse.net> Message-ID: <20110204222525.GA9133@gmail.com> On Fri, 04 Feb 2011, Thomison, Lee wrote: > We're using rancid with svn. Is it possible (and easy) to examine a > cisco config from an arbitrary time period ago? As long as you were using rancid & svn within the arbitrary time in question, yeah, that should be fine. You just need to do a checkout with the right date, eg. sudo -u rancid svn checkout -r '{2011-02-02}' file:///var/lib/svn/rancid I needed to run this as rancid (hence the sudo -u rancid) because the archive is owned by the rancid user. Depending how you've set things up, you may need to do something similar. The subversion side of it is fairly simple though. Gavin From heas at shrubbery.net Fri Feb 4 22:33:36 2011 From: heas at shrubbery.net (john heasley) Date: Fri, 4 Feb 2011 22:33:36 +0000 Subject: [rancid] recovering or examining old cisco configs? In-Reply-To: <27B58F038E8FC24680CE64F6CDC508E590A5B919B9@mlpsmail01.mlp.muniverse.net> References: <27B58F038E8FC24680CE64F6CDC508E590A5B919B9@mlpsmail01.mlp.muniverse.net> Message-ID: <20110204223336.GP27286@shrubbery.net> Fri, Feb 04, 2011 at 12:40:16PM -0900, Thomison, Lee: > We're using rancid with svn. Is it possible (and easy) to examine a cisco config from an arbitrary time period ago? > > Thanks google for cvsweb and see the cvs manpage. From rancid at ale.cx Fri Feb 4 22:30:16 2011 From: rancid at ale.cx (Alex DEKKER) Date: Fri, 4 Feb 2011 22:30:16 +0000 Subject: [rancid] recovering or examining old cisco configs? In-Reply-To: <27B58F038E8FC24680CE64F6CDC508E590A5B919B9@mlpsmail01.mlp.muniverse.net> References: <27B58F038E8FC24680CE64F6CDC508E590A5B919B9@mlpsmail01.mlp.muniverse.net> Message-ID: <201102042230.17071.rancid@ale.cx> On Friday 04 February 2011 21:40:16 Thomison, Lee wrote: > We're using rancid with svn. Is it possible (and easy) to examine a cisco > config from an arbitrary time period ago? I used Trac for this [trac.edgewall.org]. It has other features like a wiki and issue tracking that may be of interest. alexd From heas at shrubbery.net Fri Feb 4 23:09:56 2011 From: heas at shrubbery.net (john heasley) Date: Fri, 4 Feb 2011 23:09:56 +0000 Subject: [rancid] Curious Cisco ASA problem In-Reply-To: <5DC4853C6CC3EE4788779E0726E034DD6CD7C5@zy-ex1.zyedge.local> References: <71E4C3C936BF364FAC4E44AD90ECCCD30D0212BDFC@US-MAIL.pop.local> <71E4C3C936BF364FAC4E44AD90ECCCD30D0212BE1E@US-MAIL.pop.local> <71E4C3C936BF364FAC4E44AD90ECCCD30D0212BE7C@US-MAIL.pop.local> <5DC4853C6CC3EE4788779E0726E034DD6CD7C5@zy-ex1.zyedge.local> Message-ID: <20110204230956.GS27286@shrubbery.net> Fri, Feb 04, 2011 at 10:14:46PM +0000, Ryan West: > Ian, > > I meant here -> { loginPW }, unless you're using a special character that would cause the .cloginrc to fail, you can remove the brackets and use a tab between the passwords. please don't tell folks to remove the braces. please stay in the habit of using them - be consistent and avoid the typical problems. if you have special characters in your pwds, you must escape them. see cloginrc(5). if you still have a problem, use the login script's -d option to see what it's sending. From jlozano at socccd.edu Fri Feb 4 23:09:56 2011 From: jlozano at socccd.edu (James Lozano) Date: Fri, 4 Feb 2011 15:09:56 -0800 Subject: [rancid] Unsubscribe to rancid-discussion Message-ID: <295F7188E1C1B04CB294FA6324C8D2ECD34E7C9E@EXCH2K7.socccd.edu> Hello, Quite a long time ago I subscribed to rancid-discussion when dealing with rancid in my last job position. I no longer am working with rancid. I am no longer in that position and do not wish to receive any further email from rancid-discussion. How can I unsubscribe? If possible please remove me form the distribution list. My email address is jlozano at socccd.edu. Thanks. Jim Lozano -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Fri Feb 4 23:33:44 2011 From: heas at shrubbery.net (john heasley) Date: Fri, 4 Feb 2011 23:33:44 +0000 Subject: [rancid] rancid with Fortigate FG100A In-Reply-To: References: <20110202202514.GC9522@shrubbery.net> Message-ID: <20110204233344.GW27286@shrubbery.net> Fri, Feb 04, 2011 at 12:41:39PM +0100, I?aki Mart?nez D?ez: > Hello, > > Debug mode done, I got this: > > set authgrp none > --More-- set avgrp none > set fwgrp none > > > > Last lines: > > next > --More-- edit "operator" > --More-- > > > > NOTE: after "--" there are spaces not tab, checked with 2 editors. > > > I think the problem is this line in fnlogin: > > 460 -gl "--More--" { send " " no, thats fine. i think the device is stupid. my guess is that telnet/ssh sent zero for the rows tty attribute that the device's pager is confused. is this (from fnlogin) working on your device: # Disable output paging. send -- "config system console\r" expect -re $prompt; send -- "set output standard\r" expect -re $prompt; send -- "end\r" expect -re $prompt; does a hack like this have an affect: Index: bin/fnlogin.in =================================================================== --- bin/fnlogin.in (revision 2282) +++ bin/fnlogin.in (working copy) @@ -99,6 +99,8 @@ set password_file $env(CLOGINRC) } +stty rows 1024 + # Sometimes firewall take awhile to answer (the default is 10 sec) set timeout 45 From gmccullagh at gmail.com Sat Feb 5 07:57:57 2011 From: gmccullagh at gmail.com (Gavin McCullagh) Date: Sat, 5 Feb 2011 07:57:57 +0000 Subject: [rancid] Unsubscribe to rancid-discussion In-Reply-To: <295F7188E1C1B04CB294FA6324C8D2ECD34E7C9E@EXCH2K7.socccd.edu> References: <295F7188E1C1B04CB294FA6324C8D2ECD34E7C9E@EXCH2K7.socccd.edu> Message-ID: <20110205075757.GB9133@gmail.com> Hi, On Fri, 04 Feb 2011, James Lozano wrote: > How can I unsubscribe? there's a link on the bottom of every single email. Go that page and look at the "unsubscribe" section. Gavin > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From nategagne at gmail.com Mon Feb 7 12:48:00 2011 From: nategagne at gmail.com (Nate Gagne) Date: Mon, 7 Feb 2011 07:48:00 -0500 Subject: [rancid] Ignore dhcp-binding changes? Message-ID: We have a Cisco 1921 that is spitting out diffs whenever the dhcp-binding table changes. How can I get RANCID to ignore these? - !Flash: nvram: 6 -rw- 1291 dhcp-binding + !Flash: nvram: 6 -rw- 1163 dhcp-binding -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Mon Feb 7 19:07:13 2011 From: heas at shrubbery.net (john heasley) Date: Mon, 7 Feb 2011 19:07:13 +0000 Subject: [rancid] Ignore dhcp-binding changes? In-Reply-To: References: Message-ID: <20110207190713.GL27536@shrubbery.net> Mon, Feb 07, 2011 at 07:48:00AM -0500, Nate Gagne: > We have a Cisco 1921 that is spitting out diffs whenever the dhcp-binding > table changes. How can I get RANCID to ignore these? > > - !Flash: nvram: 6 -rw- 1291 > dhcp-binding > > + !Flash: nvram: 6 -rw- 1163 > dhcp-binding it already filters dhcp files that match the filenames suggested by the cisco documentation. next if (/dhcp_[^. ]*\.txt/); From cgauthier at mapscu.com Mon Feb 7 19:57:36 2011 From: cgauthier at mapscu.com (Chris Gauthier) Date: Mon, 7 Feb 2011 11:57:36 -0800 Subject: [rancid] Ignore dhcp-binding changes? In-Reply-To: <20110207190713.GL27536@shrubbery.net> References: <20110207190713.GL27536@shrubbery.net> Message-ID: > -----Original Message----- > From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss- > bounces at shrubbery.net] On Behalf Of john heasley > Sent: Monday, February 07, 2011 11:07 AM > To: Nate Gagne > Cc: rancid-discuss at shrubbery.net > Subject: Re: [rancid] Ignore dhcp-binding changes? > > Mon, Feb 07, 2011 at 07:48:00AM -0500, Nate Gagne: > > We have a Cisco 1921 that is spitting out diffs whenever the > > dhcp-binding table changes. How can I get RANCID to ignore these? > > > > - !Flash: nvram: 6 -rw- 1291 > > dhcp-binding > > > > + !Flash: nvram: 6 -rw- 1163 > > dhcp-binding > > it already filters dhcp files that match the filenames suggested by the cisco > documentation. > > next if (/dhcp_[^. ]*\.txt/); I would alter the line to: next if (/dhcp[\-\_][^. ]*\.txt/); I am not sure if the - and the _ need to be escaped, but, never hurts to be explicit. Chris ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ CONFIDENTIALITY NOTICE Attention: The information contained in this email and/or attachments is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any system and destroy any copies. From heas at shrubbery.net Mon Feb 7 20:22:59 2011 From: heas at shrubbery.net (john heasley) Date: Mon, 7 Feb 2011 20:22:59 +0000 Subject: [rancid] Ignore dhcp-binding changes? In-Reply-To: References: <20110207190713.GL27536@shrubbery.net> Message-ID: <20110207202259.GF11523@shrubbery.net> Mon, Feb 07, 2011 at 11:57:36AM -0800, Chris Gauthier: > I am not sure if the - and the _ need to be escaped, but, never hurts to be explicit. _ never needs to be escaped. - does not need to be escaped if it follows the [. From joseph.e.mcdonagh at gmail.com Mon Feb 7 23:45:58 2011 From: joseph.e.mcdonagh at gmail.com (Joe McDonagh) Date: Mon, 07 Feb 2011 18:45:58 -0500 Subject: [rancid] Interesting problem, HP procurve 2800s work fine, 2500s config won't download In-Reply-To: <4D42FF3D.1040400@gmail.com> References: <4D42FF3D.1040400@gmail.com> Message-ID: <4D508436.7070801@gmail.com> FYI, upgrading to 2.3.6 solved this issue. Working beautifully now, and fixed some stuff with the ASAs diffing files that it shouldn't have been. On 01/28/2011 12:39 PM, Joe McDonagh wrote: > hlogin works fine to both these sets of routers, however the config for > 2500s never gets downloaded and I get this trace back: > > Getting missed routers: round 4. > write(spawn_id=1): broken pipe > while executing > "send_user -- "$expect_out(buffer)"" > invoked from within > "expect -nobrace -re {^[^ > *]*x699-25250G-24-PoE-01#} { send_user -- "$expect_out(buffer)" > } -re {^[^ > ]*x699-25250G-24-PoE-01#.} { send_user --..." > invoked from within > "expect { > -re "^\[^\n\r *]*$reprompt" { send_user -- "$expect_out(buffer)" > } > -re "^\[^\n\r]*$reprompt." { send_user -- "$expect_out(buffer)" > ..." > invoked from within > "if [ string match "*\;*" "$command" ] { > set commands [split $command \;] > set num_commands [llength $commands] > # the pager can not be turned off on ..." > (procedure "run_commands" line 15) > invoked from within > "run_commands $prompt $command" > ("foreach" body line 139) > invoked from within > "foreach router [lrange $argv $i end] { > set router [string tolower $router] > send_user "$router\n" > > # Figure out prompt. > # Since autoena..." > (file "/usr/lib/rancid/bin/hlogin" line 583) > 10.5.30.4: missed cmd(s): show stack,show module,write term > 10.5.30.4: End of run not found > ; > -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode L'ennui est contre-r?volutionnaire From bigbrother at gmx.ch Tue Feb 8 08:19:21 2011 From: bigbrother at gmx.ch (bigbrother at gmx.ch) Date: Tue, 08 Feb 2011 09:19:21 +0100 Subject: [rancid] F5 and rancid Message-ID: <20110208081921.78670@gmx.net> Hi out there Does somebody have a rancid script for the F5 loadbalancer boxes? Any help is appreciated bb -- Neu: GMX De-Mail - Einfach wie E-Mail, sicher wie ein Brief! Jetzt De-Mail-Adresse reservieren: http://portal.gmx.net/de/go/demail From bobthebaritone at gmail.com Tue Feb 8 09:30:10 2011 From: bobthebaritone at gmail.com (bob watson) Date: Tue, 8 Feb 2011 20:30:10 +1100 Subject: [rancid] F5 and rancid In-Reply-To: <20110208081921.78670@gmx.net> References: <20110208081921.78670@gmx.net> Message-ID: It comes with RANCID 2.3.4 - f5rancid.... There is an issue with backing up SSL keys though. See mail list archives for details. Bob On 8 February 2011 19:19, wrote: > Hi out there > > Does somebody have a rancid script for the F5 loadbalancer boxes? > > > Any help is appreciated > bb > -- > Neu: GMX De-Mail - Einfach wie E-Mail, sicher wie ein Brief! > Jetzt De-Mail-Adresse reservieren: http://portal.gmx.net/de/go/demail > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: From bigbrother at gmx.ch Tue Feb 8 10:09:44 2011 From: bigbrother at gmx.ch (Andrea Arquint) Date: Tue, 08 Feb 2011 11:09:44 +0100 Subject: [rancid] F5 and rancid In-Reply-To: References: <20110208081921.78670@gmx.net> Message-ID: <20110208100944.78640@gmx.net> Hi Bob I'm looking for an centos rpm. I tried to create one by myself but there are some errors and I'm not much familiar with rpmbuild. So if there is somebody out there with an centos rpm for version 2.3.4 or higher let me please know. kr bb -------- Original-Nachricht -------- > Datum: Tue, 8 Feb 2011 20:30:10 +1100 > Von: bob watson > An: bigbrother at gmx.ch > CC: rancid-discuss at shrubbery.net > Betreff: Re: [rancid] F5 and rancid > It comes with RANCID 2.3.4 - f5rancid.... > There is an issue with backing up SSL keys though. > See mail list archives for details. > Bob > > On 8 February 2011 19:19, wrote: > > > Hi out there > > > > Does somebody have a rancid script for the F5 loadbalancer boxes? > > > > > > Any help is appreciated > > bb > > -- > > Neu: GMX De-Mail - Einfach wie E-Mail, sicher wie ein Brief! > > Jetzt De-Mail-Adresse reservieren: http://portal.gmx.net/de/go/demail > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > -- NEU: FreePhone - kostenlos mobil telefonieren und surfen! Jetzt informieren: http://www.gmx.net/de/go/freephone From bigbrother at gmx.ch Tue Feb 8 10:49:40 2011 From: bigbrother at gmx.ch (bigbrother at gmx.ch) Date: Tue, 08 Feb 2011 11:49:40 +0100 Subject: [rancid] F5 and rancid In-Reply-To: <20110208100944.78640@gmx.net> References: <20110208081921.78670@gmx.net> <20110208100944.78640@gmx.net> Message-ID: <20110208104940.78670@gmx.net> Hi there I did now find spec file for the rpmbuild process for rancid. So I was able to create a new rpm with rancid 2.3.6 for centos 5.5. I have to now further test but as far as I can see in logs the bigip boxes are gathered now. thanx anyway bb -------- Original-Nachricht -------- > Datum: Tue, 08 Feb 2011 11:09:44 +0100 > Von: "Andrea Arquint" > An: bob watson > CC: rancid-discuss at shrubbery.net > Betreff: Re: [rancid] F5 and rancid > Hi Bob > > I'm looking for an centos rpm. I tried to create one by myself but there > are some errors and I'm not much familiar with rpmbuild. > > So if there is somebody out there with an centos rpm for version 2.3.4 or > higher let me please know. > > > kr > bb > > -------- Original-Nachricht -------- > > Datum: Tue, 8 Feb 2011 20:30:10 +1100 > > Von: bob watson > > An: bigbrother at gmx.ch > > CC: rancid-discuss at shrubbery.net > > Betreff: Re: [rancid] F5 and rancid > > > It comes with RANCID 2.3.4 - f5rancid.... > > There is an issue with backing up SSL keys though. > > See mail list archives for details. > > Bob > > > > On 8 February 2011 19:19, wrote: > > > > > Hi out there > > > > > > Does somebody have a rancid script for the F5 loadbalancer boxes? > > > > > > > > > Any help is appreciated > > > bb > > > -- > > > Neu: GMX De-Mail - Einfach wie E-Mail, sicher wie ein Brief! > > > Jetzt De-Mail-Adresse reservieren: http://portal.gmx.net/de/go/demail > > > _______________________________________________ > > > Rancid-discuss mailing list > > > Rancid-discuss at shrubbery.net > > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > > > -- > NEU: FreePhone - kostenlos mobil telefonieren und surfen! > Jetzt informieren: http://www.gmx.net/de/go/freephone > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -- Neu: GMX De-Mail - Einfach wie E-Mail, sicher wie ein Brief! Jetzt De-Mail-Adresse reservieren: http://portal.gmx.net/de/go/demail From matt.listspam at gmail.com Wed Feb 9 16:02:13 2011 From: matt.listspam at gmail.com (Matt L) Date: Wed, 9 Feb 2011 11:02:13 -0500 Subject: [rancid] Problem with Rancid and Nexus 7000 Message-ID: So I have Rancid working fine with all my other gear, ASA 5510's, Catalyst 3560's, etc. We recently installed a Nexus 7000 and I have been trying to get it going with Rancid. I created a new TACACS user for this purpose (due to the way logins work for NX-OS), defined it in cloginrc with autoenable as '1'. This is what happens if I just run clogin to the box with no extra flags: [rancid at linuxhost ~]$ clogin nexus nexus spawn ssh -c 3des -x -l rancidnx nexus #User Access Verification# Password: It just sits there and does nothing at this point. I can enter the password manually and it will login successfully. If I remove the autoenable from cloginrc, it will successfully login, but then hang there (I assume waiting for enable prompt which will never appear). Rancid version is 2.3.3 (I have tried with 2.3.6 clogin separately as well). NX-OS version is 5.1(2). Obviously until I can get past the initial login, I can't test with nxrancid or any type of automation. Any ideas? Am I missing something stupid? Thanks, Matt -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Wed Feb 9 18:25:15 2011 From: heas at shrubbery.net (john heasley) Date: Wed, 9 Feb 2011 10:25:15 -0800 Subject: [rancid] Problem with Rancid and Nexus 7000 In-Reply-To: References: Message-ID: <20110209182515.GF26039@shrubbery.net> Wed, Feb 09, 2011 at 11:02:13AM -0500, Matt L: > So I have Rancid working fine with all my other gear, ASA 5510's, Catalyst > 3560's, etc. We recently installed a Nexus 7000 and I have been trying to > get it going with Rancid. > > I created a new TACACS user for this purpose (due to the way logins work for > NX-OS), defined it in cloginrc with autoenable as '1'. > > This is what happens if I just run clogin to the box with no extra flags: > > [rancid at linuxhost ~]$ clogin nexus > nexus > spawn ssh -c 3des -x -l rancidnx nexus > #User Access Verification# where are the #'s coming from? from your tacacs, i suspect. that looks like a cli prompt to clogin. > Password: > > > It just sits there and does nothing at this point. I can enter the password > manually and it will login successfully. > > If I remove the autoenable from cloginrc, it will successfully login, but > then hang there (I assume waiting for enable prompt which will never > appear). > > Rancid version is 2.3.3 (I have tried with 2.3.6 clogin separately as well). > > NX-OS version is 5.1(2). > > Obviously until I can get past the initial login, I can't test with nxrancid > or any type of automation. > > Any ideas? Am I missing something stupid? > > Thanks, > > Matt > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From matt.listspam at gmail.com Wed Feb 9 18:22:34 2011 From: matt.listspam at gmail.com (Matt L) Date: Wed, 9 Feb 2011 13:22:34 -0500 Subject: [rancid] Problem with Rancid and Nexus 7000 In-Reply-To: <20110209182515.GF26039@shrubbery.net> References: <20110209182515.GF26039@shrubbery.net> Message-ID: Default login banner. Someone mentioned to me privately to change it to remove any #'s, and that actually did the trick. So everything looks good now. Thanks for the responses everyone! On Wed, Feb 9, 2011 at 1:25 PM, john heasley wrote: > Wed, Feb 09, 2011 at 11:02:13AM -0500, Matt L: > > So I have Rancid working fine with all my other gear, ASA 5510's, > Catalyst > > 3560's, etc. We recently installed a Nexus 7000 and I have been trying > to > > get it going with Rancid. > > > > I created a new TACACS user for this purpose (due to the way logins work > for > > NX-OS), defined it in cloginrc with autoenable as '1'. > > > > This is what happens if I just run clogin to the box with no extra flags: > > > > [rancid at linuxhost ~]$ clogin nexus > > nexus > > spawn ssh -c 3des -x -l rancidnx nexus > > #User Access Verification# > > where are the #'s coming from? from your tacacs, i suspect. that looks > like a cli prompt to clogin. > > > Password: > > > > > > It just sits there and does nothing at this point. I can enter the > password > > manually and it will login successfully. > > > > If I remove the autoenable from cloginrc, it will successfully login, but > > then hang there (I assume waiting for enable prompt which will never > > appear). > > > > Rancid version is 2.3.3 (I have tried with 2.3.6 clogin separately as > well). > > > > NX-OS version is 5.1(2). > > > > Obviously until I can get past the initial login, I can't test with > nxrancid > > or any type of automation. > > > > Any ideas? Am I missing something stupid? > > > > Thanks, > > > > Matt > > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From chris at siliconhotrod.com Wed Feb 9 19:26:38 2011 From: chris at siliconhotrod.com (Chris Moody) Date: Wed, 09 Feb 2011 11:26:38 -0800 Subject: [rancid] Problem with Rancid and Nexus 7000 In-Reply-To: References: <20110209182515.GF26039@shrubbery.net> Message-ID: <4D52EA6E.8000608@siliconhotrod.com> We are running rancid across our N7k's successfully. (2.3.2 - so not even most recent) The old "#" in the banner is a common mistake. Any "control characters" such as '#' really shouldn't be used in banners. Breaks all sorts of stuff. -Chris On 2/9/11 10:22 AM, Matt L wrote: > Default login banner. Someone mentioned to me privately to change it > to remove any #'s, and that actually did the trick. So everything > looks good now. > > Thanks for the responses everyone! > > > On Wed, Feb 9, 2011 at 1:25 PM, john heasley > wrote: > > Wed, Feb 09, 2011 at 11:02:13AM -0500, Matt L: > > So I have Rancid working fine with all my other gear, ASA > 5510's, Catalyst > > 3560's, etc. We recently installed a Nexus 7000 and I have been > trying to > > get it going with Rancid. > > > > I created a new TACACS user for this purpose (due to the way > logins work for > > NX-OS), defined it in cloginrc with autoenable as '1'. > > > > This is what happens if I just run clogin to the box with no > extra flags: > > > > [rancid at linuxhost ~]$ clogin nexus > > nexus > > spawn ssh -c 3des -x -l rancidnx nexus > > #User Access Verification# > > where are the #'s coming from? from your tacacs, i suspect. that > looks > like a cli prompt to clogin. > > > Password: > > > > > > It just sits there and does nothing at this point. I can enter > the password > > manually and it will login successfully. > > > > If I remove the autoenable from cloginrc, it will successfully > login, but > > then hang there (I assume waiting for enable prompt which will never > > appear). > > > > Rancid version is 2.3.3 (I have tried with 2.3.6 clogin > separately as well). > > > > NX-OS version is 5.1(2). > > > > Obviously until I can get past the initial login, I can't test > with nxrancid > > or any type of automation. > > > > Any ideas? Am I missing something stupid? > > > > Thanks, > > > > Matt > > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From imd at acens.com Thu Feb 10 09:07:02 2011 From: imd at acens.com (=?iso-8859-1?Q?I=F1aki_Mart=EDnez_D=EDez?=) Date: Thu, 10 Feb 2011 10:07:02 +0100 Subject: [rancid] rancid with Fortigate FG100A In-Reply-To: <20110204233344.GW27286@shrubbery.net> Message-ID: Hi, >i think the device is stupid. my guess is that telnet/ssh sent zero for >the rows tty attribute that the device's pager is confused. Yes the device is "very" stupid and more with old versions. >is this (from fnlogin) working on your device: > # Disable output paging. > send -- "config system console\r" > expect -re $prompt; send -- "set output standard\r" > expect -re $prompt; send -- "end\r" > expect -re $prompt; It is ignored, but i think is version or user permissions. >does a hack like this have an affect: >Index: bin/fnlogin.in >=================================================================== >--- bin/fnlogin.in (revision 2282) >+++ bin/fnlogin.in (working copy) >@@ -99,6 +99,8 @@ > set password_file $env(CLOGINRC) > } > >+stty rows 1024 >+ > # Sometimes firewall take awhile to answer (the default is 10 sec) > set timeout 45 > Do not have effect :( My best option is: 1) change manually "set output standard" 2) user with root permissions With this i got a configuration but it is different than tftp configuration. I will try to open a case with Fortinet to try to understand why config if different with "show full-configuration" and tftp. ________________________________________ I?aki Mart?nez D?ez Departamento de redes acens Technologies S.L. imd at acens.com Tel?fono: 637 772 156 Fax: 911 418 501 Este mensaje puede contener informaci?n confidencial dirigida exclusivamente a su destinatario. No se permite su copia o distribuci?n sin la autorizaci?n expresa y por anticipado de acens. Si recibi? este mensaje por error, por favor, comun?quelo al emisor y elim?nelo de su ordenador. Gracias. This message may contain confidential information exclusively addressed to its intended recipient. The copy or distribution of this message is not permitted without the prior express consent by acens. If you are not the intended recipient of this message please advise the sender and delete it. Thank you. From cdelome at lus.org Thu Feb 10 19:25:06 2011 From: cdelome at lus.org (Chance Delome) Date: Thu, 10 Feb 2011 13:25:06 -0600 Subject: [rancid] Alcatel Omniswitch and Rancid In-Reply-To: <4CA0624E05306542BC0A621B23C5E9AF0CC09981@LUS-EXCHANGE-01.UTILITIES.PRI> References: <2C2EB65E9541674190062A288A739F0001407D180B@DUFA.siminn.is><4CA0624E05306542BC0A621B23C5E9AF0CC09940@LUS-EXCHANGE-01.UTILITIES.PRI><-8991374591620832589@unknownmsgid> <4CA0624E05306542BC0A621B23C5E9AF0CC09981@LUS-EXCHANGE-01.UTILITIES.PRI> Message-ID: <4CA0624E05306542BC0A621B23C5E9AF0CC09BE1@LUS-EXCHANGE-01.UTILITIES.PRI> When I run a debug from rancid on an Alcatel SR 7750, this is the end of the debug logging. (I've edited and thrown in a few print stdout statements). HIT COMMAND:A:LFTHEDDR01# show redundancy synchronization In ShowRedSync: A:LFTHEDDR01# show redundancy synchronization 10.128.1.4: End of run not found clean run is 0 and Found_end is 5 ;prompt was A:LFTHEDDR01# 10.128.1.4: clean_run 0 10.128.1.4: found_end 5 10.128.1.4: End of run not found !A:LFTHEDDR01#logout Connection closed by foreign host. Also, the debug file that is generated that shows all the commands and outputs looks just fine. So, it's not a problem with htting or missing any commands, just a problem with parsing and detecting the end which would $clean_run = 1; Boot/Config Sync Mode : Boot Environment Boot/Config Sync Status : All boot environment synchronized Last Config File Sync Time : 04/28/2010 03:03:40 Last Boot Env Sync Time : 02/10/2011 02:57:07 =============================================================================== !A:LFTHEDDR01#logout Connection closed by foreign host. Thoughts? Chance -------------- next part -------------- An HTML attachment was scrubbed... URL: From gmccullagh at gmail.com Sun Feb 13 12:30:39 2011 From: gmccullagh at gmail.com (Gavin McCullagh) Date: Sun, 13 Feb 2011 12:30:39 +0000 Subject: [rancid] support for D-Link switches, where to start? In-Reply-To: <20110202103538.GB9564@gmail.com> References: <20110202103538.GB9564@gmail.com> Message-ID: <20110213123039.GK26658@gmail.com> Hi, On Wed, 02 Feb 2011, Gavin McCullagh wrote: > we have a lot of D-Link switches which we'd like to use Rancid to version > the config of. It appears that D-Link is not supported at the moment, but > I'm hoping I might be able to work on that a little. I've spent some time on this and have moreorless working dlrancid and dllogin scripts which login to the switches (over ssh only just now) and run: show switch for getSystem show config current_config for getConf This generally works, but there are a few problems which I wonder if people might have come across in other models and already have strategies for dealing with. 1. Some of the switches seem very slow to respond. I've had to up $timeo in dlrancid to 300 seconds as the configs were getting truncated. The dllogin timeout is set at 45 seconds. 2. Occasionally, I'm getting a truncated config, like this: config igmp_snooping querier management last_member_query_interval 1 state disable config igmp_snooping staff host_timeout 260 router_timeout 260 leave_timer 2 state enable - config igmp_snooping querier staff query_iConnection to sw-w106-3 closed by remote host. - Connection to sw-w106-3 closed 3. We're having some intermittent network issues which might be explained by switches dropping frames. I can't really pinpoint it as being due to rancid, but we've cut it back to running once overnight for now instead of hourly. It appears our problems have cleared up since. 4. One model of D-Link switch (DES-3250TG) appears not to have a single getConf command. I can probably constuct a config from 30 commands, but I'm not keen on that. The switch is capable of uploading the config to a TFTP server though. Obviously ssh has much greater CPU requirements than telnet or tftp would so I guess switching to telnet is my main plan for now. Has anyone else noted issues like this, or is it just these D-Links? Is there another possible explanation? Where there isn't a getConf() command available, do people have a solution, eg maybe run command to put config to a tftp server, then have rancid download from the tftp server. Thanks in advance for any help, Gavin From heas at shrubbery.net Wed Feb 16 00:35:42 2011 From: heas at shrubbery.net (john heasley) Date: Wed, 16 Feb 2011 00:35:42 +0000 Subject: [rancid] support for D-Link switches, where to start? In-Reply-To: <20110213123039.GK26658@gmail.com> References: <20110202103538.GB9564@gmail.com> <20110213123039.GK26658@gmail.com> Message-ID: <20110216003542.GN25376@shrubbery.net> Sun, Feb 13, 2011 at 12:30:39PM +0000, Gavin McCullagh: > Hi, > > On Wed, 02 Feb 2011, Gavin McCullagh wrote: > > > we have a lot of D-Link switches which we'd like to use Rancid to version > > the config of. It appears that D-Link is not supported at the moment, but > > I'm hoping I might be able to work on that a little. > > I've spent some time on this and have moreorless working dlrancid and > dllogin scripts which login to the switches (over ssh only just now) and > run: > show switch for getSystem > show config current_config for getConf > > This generally works, but there are a few problems which I wonder if people > might have come across in other models and already have strategies for > dealing with. > > 1. Some of the switches seem very slow to respond. I've had to up $timeo > in dlrancid to 300 seconds as the configs were getting truncated. The > dllogin timeout is set at 45 seconds. > > 2. Occasionally, I'm getting a truncated config, like this: > > config igmp_snooping querier management last_member_query_interval 1 state disable > config igmp_snooping staff host_timeout 260 router_timeout 260 leave_timer 2 state enable > - config igmp_snooping querier staff query_iConnection to sw-w106-3 closed by remote host. > - Connection to sw-w106-3 closed that could be a network issue or you're just asking too much of the switch or it's software ... i mean, did you really expect to read the config? :) > 3. We're having some intermittent network issues which might be explained > by switches dropping frames. I can't really pinpoint it as being due > to rancid, but we've cut it back to running once overnight for now > instead of hourly. It appears our problems have cleared up since. its possible; if the box switches in s/w and doesnt give scheduling priority to switching or is one non-interruptible context ... it could hurt. > 4. One model of D-Link switch (DES-3250TG) appears not to have a single > getConf command. I can probably constuct a config from 30 commands, but > I'm not keen on that. The switch is capable of uploading the config to > a TFTP server though. > > > Obviously ssh has much greater CPU requirements than telnet or tftp would > so I guess switching to telnet is my main plan for now. Has anyone else > noted issues like this, or is it just these D-Links? Is there another > possible explanation? this occurs on some old ciscos, though rarely results in a timeout. you might try a smaller key, less cpu intensive cypher, etc. > Where there isn't a getConf() command available, do people have a solution, > eg maybe run command to put config to a tftp server, then have rancid > download from the tftp server. that could work, but I've not done it before (ie: have no examples). From gmccullagh at gmail.com Wed Feb 16 08:22:39 2011 From: gmccullagh at gmail.com (Gavin McCullagh) Date: Wed, 16 Feb 2011 08:22:39 +0000 Subject: [rancid] support for D-Link switches, where to start? In-Reply-To: <20110216003542.GN25376@shrubbery.net> References: <20110202103538.GB9564@gmail.com> <20110213123039.GK26658@gmail.com> <20110216003542.GN25376@shrubbery.net> Message-ID: <20110216082239.GE6432@gmail.com> Hi, On Wed, 16 Feb 2011, john heasley wrote: > > - config igmp_snooping querier staff query_iConnection to sw-w106-3 closed by remote host. > > - Connection to sw-w106-3 closed > > that could be a network issue or you're just asking too much of the switch > or it's software ... i mean, did you really expect to read the config? :) I was also getting the ssh error "bad packet" now and then. I've since switched to telnet and all is well now, so I don't fully understand the cause, but I at least have a workaround. > > 3. We're having some intermittent network issues which might be explained > > by switches dropping frames. I can't really pinpoint it as being due > > to rancid, but we've cut it back to running once overnight for now > > instead of hourly. It appears our problems have cleared up since. > > its possible; if the box switches in s/w and doesnt give scheduling priority > to switching or is one non-interruptible context ... it could hurt. I wouldn't have thought there was switching in software but I guess there may be some small software element which can cause a deadlock. > > Obviously ssh has much greater CPU requirements than telnet or tftp would > > so I guess switching to telnet is my main plan for now. Has anyone else > > noted issues like this, or is it just these D-Links? Is there another > > possible explanation? > > this occurs on some old ciscos, though rarely results in a timeout. you > might try a smaller key, less cpu intensive cypher, etc. I tried blowfish which is supposed to be less cpu intensive, but it didn't seem to make much difference. > > Where there isn't a getConf() command available, do people have a solution, > > eg maybe run command to put config to a tftp server, then have rancid > > download from the tftp server. > > that could work, but I've not done it before (ie: have no examples). Ah well, the lazy person in me was hoping some code would be there already :-) Our 3Com 4400s seem to have the same issue. Gavin From jethro.binks at strath.ac.uk Wed Feb 16 09:31:59 2011 From: jethro.binks at strath.ac.uk (Jethro R Binks) Date: Wed, 16 Feb 2011 09:31:59 +0000 (GMT) Subject: [rancid] support for D-Link switches, where to start? In-Reply-To: <20110216082239.GE6432@gmail.com> References: <20110202103538.GB9564@gmail.com> <20110213123039.GK26658@gmail.com> <20110216003542.GN25376@shrubbery.net> <20110216082239.GE6432@gmail.com> Message-ID: On Wed, 16 Feb 2011, Gavin McCullagh wrote: > > > Where there isn't a getConf() command available, do people have a > > > solution, eg maybe run command to put config to a tftp server, then > > > have rancid download from the tftp server. > > > > that could work, but I've not done it before (ie: have no examples). > > Ah well, the lazy person in me was hoping some code would be there > already :-) Our 3Com 4400s seem to have the same issue. wrancid/wrapwrancid might help: see: http://sites.google.com/site/jrbinks/code/rancid/wraprancid although since I modified Michael Stefaniuc's original, I haven't actually used it. "In brief, w(rap)rancid permits a arbitrary third-party script to be used to obtain the configuration for a device, rather than expecting rancid itself to obtain it through clogin/etc. This permits rancid to be used as a tool for backing up and monitoring changes on a class of devices that do not have a useable CLI, or which cannot write a textual configuration to the terminal, as long as some method exists for pulling a textual configuration from the device (for example, by invoking transfer to tftp/ftp server via SNMP or CLI, or using scp to retrieve the configuration file)." The 3Com 4400 doesn't have a CLI (menu) command to show the running config, but you could run something periodically to tftp the config to a server, from where you can instruct rancid can read it by using wraprancid. Disclaimer: I've forgotten everything about wraprancid now ... J. . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks, Network Manager, Information Services Directorate, University Of Strathclyde, Glasgow, UK The University of Strathclyde is a charitable body, registered in Scotland, number SC015263. From ryamry at kimberly.k12.wi.us Mon Feb 21 21:33:29 2011 From: ryamry at kimberly.k12.wi.us (Rob Yamry) Date: Mon, 21 Feb 2011 15:33:29 -0600 Subject: [rancid] Enterasys C-Series Message-ID: Hi All- I have rancid set up and working for cisco and hp devices. I also have Enterasys C-Series switches in my environment. Does anybody have a config for enterasys switches or can you point me in the direction of producing one? Ive tried editing some of the other rancid files (ie hrancid, cat5rancid, etc) and am not having any luck. The switches use 'show config' to output the config...thats about all Im looking to grab from them. Thanks! -Rob -------------- next part -------------- An HTML attachment was scrubbed... URL: From nkkrishnan at gmail.com Mon Feb 21 22:06:24 2011 From: nkkrishnan at gmail.com (N K Krishnan) Date: Mon, 21 Feb 2011 14:06:24 -0800 Subject: [rancid] h3clogin Message-ID: ran into the same problem and after staring at the debug output for a while, moved the sending of the "\r" to after the expect block. # we are logged in, now figure out the full prompt # send "\r" expect { -re "\[\r\n]+" { exp_continue; } -re "^.+$prompt" { set junk $expect_out(0,string); regsub -all "\[\]\[]" $junk {\\&} prompt; } -re "^.+> \\\(enable\\\)" { set junk $expect_out(0,string); regsub -all "\[\]\[]" $junk {\\&} prompt; } } send "\r" and that seemed to have the desired result. -------------- next part -------------- An HTML attachment was scrubbed... URL: From jethro.binks at strath.ac.uk Mon Feb 21 22:50:45 2011 From: jethro.binks at strath.ac.uk (Jethro R Binks) Date: Mon, 21 Feb 2011 22:50:45 +0000 (GMT) Subject: [rancid] h3clogin In-Reply-To: References: Message-ID: On Mon, 21 Feb 2011, N K Krishnan wrote: > ran into the same problem and after staring at the debug output for a > while, moved the sending of the "\r" to after the expect block. I have just tonight 'finished' some major work re-writing all this stuff, and I've had a couple of people testing it - sorry I didn't say anything maybe a day or two sooner, and saved you some staring effort! At the moment I'm updating the website and I'll upload the new versions presently, but I will also send you the current h3clogin privately so you can test with your equipment. Thanks particularly to Ugo Bellavance who has patiently tested various versions and sent me debug output and commentary, and to Alexander Belokopytov who gave me remote access to some equipment which proved useful at one point. Jethro. . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks, Network Manager, Information Services Directorate, University Of Strathclyde, Glasgow, UK The University of Strathclyde is a charitable body, registered in Scotland, number SC015263. From corey at sequestered.net Tue Feb 22 01:06:10 2011 From: corey at sequestered.net (Corey Quinn) Date: Mon, 21 Feb 2011 17:06:10 -0800 Subject: [rancid] Enterasys C-Series In-Reply-To: References: Message-ID: <0ADF7A69-E86B-478C-B372-CD92F5EE6E35@sequestered.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Feb 21, 2011, at 1:33 PM, Rob Yamry wrote: > Hi All- > I have rancid set up and working for cisco and hp devices. I also have Enterasys C-Series switches in my environment. Does anybody have a config for enterasys switches or can you point me in the direction of producing one? Ive tried editing some of the other rancid files (ie hrancid, cat5rancid, etc) and am not having any luck. The switches use 'show config' to output the config...thats about all Im looking to grab from them. What do your transaction logs say when you attempt to pull the configs via a rancid-run -r $YOUR_SWITCH? I find it's often enlightening when tracking this stuff down... - -- Corey / KB1JWQ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (Darwin) iQEcBAEBAgAGBQJNYwwCAAoJEPmSS8816iBe83wIALUeGKXBqrVq4zkEZGr4k8lN 1EDWjJKSU+qK8195Y+X0I+Equj1rNhDzbcRzdD82EfCweVpD865957j/OlWpuK/a MXaCs/mvuoeal64Xuwc+KxEJ5jG9GBKwW3ABloPLqPIEcwm8iAyxcTZzEdrSz6mQ LkwHSEutsTQeU91sev6jDi0mr8zN4o+x5Oxg+a7ThyMQ0vtkxKvu63U98Vk+O0Aw lZvR4HWWV47KLZr2/8XkpaGYzIHRcrjq0XlVhuDorOBpMyqTlrINxMVl1N54YFU6 /2ZnYDWg5GVfgW1jmNvdUSU+SuvTw3Mbgdy0yYKi9S1mFjOm1rlktywQsYub/BY= =xg1K -----END PGP SIGNATURE----- From ryamry at kimberly.k12.wi.us Tue Feb 22 02:14:16 2011 From: ryamry at kimberly.k12.wi.us (Rob Yamry) Date: Mon, 21 Feb 2011 20:14:16 -0600 Subject: [rancid] Enterasys C-Series In-Reply-To: <0ADF7A69-E86B-478C-B372-CD92F5EE6E35@sequestered.net> References: <0ADF7A69-E86B-478C-B372-CD92F5EE6E35@sequestered.net> Message-ID: > What do your transaction logs say when you attempt to pull the configs via > a rancid-run -r $YOUR_SWITCH? > > I find it's often enlightening when tracking this stuff down... > > Hi- Thanks for the reply. The logs show this: Getting missed routers: round 4. switch_enterasys: missed cmd(s): system show hardware,system show version,system show active-config,system show uptime switch_enterasys: End of run not found The end of run not found is what Ive been seeing the whole time. I tried to modify a script (Im not a programmer) and put in some reg exp to look for the end, but I couldnt get it working. My goals for this is pretty simple....just get a config using the 'show config'. Im not sure if this helps, but the prompt for the cli on these looks like "switch3(su)->" and the config ends with a literal "end". Some switches need the space bar pressed to advance the output. Thanks again for your help. -------------- next part -------------- An HTML attachment was scrubbed... URL: From ryamry at kimberly.k12.wi.us Tue Feb 22 14:31:13 2011 From: ryamry at kimberly.k12.wi.us (Rob Yamry) Date: Tue, 22 Feb 2011 08:31:13 -0600 Subject: [rancid] Enterasys C-Series In-Reply-To: References: <0ADF7A69-E86B-478C-B372-CD92F5EE6E35@sequestered.net> Message-ID: I think Im getting close on this. I edited the rancid script and change the "write term" command to "show config". I putzed around with it and got it to where I can run "rancid.mod -d sw_enterasys" and itll create a .new file with an output of the config but I still get the "end of run not found". >From what I can find, its not setting $clean_run to 1. I printed out $clean_run and $found_end just before the end and they come out as 0 and 1, respectively. The only place I can find where $clean_run would be set to 1 would be in this chunk of below. You can see that tried different things for lines 3-5 to match the final string and set clean run to 1. I ran across a thread where the xtremes have a problem doing this as well. But, I cant seem to get it working. Also, Im not 100% sure that this is where it could be as $clean_run could get set to 0 after that. Id appreciated any help anybody could pass my way. So close..... TOP: while() { > tr/\015//d; > #if (/[>#]\s?exit$/) { > #if (/(closed\.)/) { > if (/$prompt\s?(quit|exit|Connection( to \S+)? closed)/ && $found_end) > { > $clean_run = 1; > last; > } > if (/^Error:/) { > print STDOUT ("$host clogin error: $_"); > print STDERR ("$host clogin error: $_") if ($debug); > $clean_run = 0; > last; > } > while (/[>#]\s*($cmds_regexp)\s*$/) { > $cmd = $1; > if (!defined($prompt)) { > $prompt = ($_ =~ /^([^#>]+[#>])/)[0]; > $prompt =~ s/([][}{)(\\])/\\$1/g; > print STDERR ("PROMPT MATCH: $prompt\n") if ($debug); > } > print STDERR ("HIT COMMAND:$_") if ($debug); > if (! defined($commands{$cmd})) { > print STDERR "$host: found unexpected command - \"$cmd\"\n"; > $clean_run = 0; > last TOP; > } > $rval = &{$commands{$cmd}}; > delete($commands{$cmd}); > if ($rval == -1) { > $clean_run = 0; > last TOP; > } > } > } > -------------- next part -------------- An HTML attachment was scrubbed... URL: From jethro.binks at strath.ac.uk Tue Feb 22 15:06:34 2011 From: jethro.binks at strath.ac.uk (Jethro R Binks) Date: Tue, 22 Feb 2011 15:06:34 +0000 (GMT) Subject: [rancid] Enterasys C-Series In-Reply-To: References: <0ADF7A69-E86B-478C-B372-CD92F5EE6E35@sequestered.net> Message-ID: On Tue, 22 Feb 2011, Rob Yamry wrote: > I think Im getting close on this. I edited the rancid script and change the > "write term" command to "show config". I putzed around with it and got it > to where I can run "rancid.mod -d sw_enterasys" and itll create a .new file > with an output of the config but I still get the "end of run not found". > >From what I can find, its not setting $clean_run to 1. I printed out > $clean_run and $found_end just before the end and they come out as 0 and 1, > respectively. > > The only place I can find where $clean_run would be set to 1 would be in > this chunk of below. You can see that tried different things for lines 3-5 > to match the final string and set clean run to 1. I ran across a thread > where the xtremes have a problem doing this as well. But, I cant seem to > get it working. Also, Im not 100% sure that this is where it could be as > $clean_run could get set to 0 after that. Id appreciated any help anybody > could pass my way. So close..... > > TOP: while() { > > tr/\015//d; > > #if (/[>#]\s?exit$/) { > > #if (/(closed\.)/) { > > if (/$prompt\s?(quit|exit|Connection( to \S+)? closed)/ && $found_end) > > { > > $clean_run = 1; > > last; > > } (I've not been closely following this thread) So if $found_end is true, then /$prompt\s?(quit|exit|Connection( to \S+)? closed)/ must not be, for $clean_run not to be true. What does the end of "show config" look like? Jethro. > > if (/^Error:/) { > > print STDOUT ("$host clogin error: $_"); > > print STDERR ("$host clogin error: $_") if ($debug); > > $clean_run = 0; > > last; > > } > > while (/[>#]\s*($cmds_regexp)\s*$/) { > > $cmd = $1; > > if (!defined($prompt)) { > > $prompt = ($_ =~ /^([^#>]+[#>])/)[0]; > > $prompt =~ s/([][}{)(\\])/\\$1/g; > > print STDERR ("PROMPT MATCH: $prompt\n") if ($debug); > > } > > print STDERR ("HIT COMMAND:$_") if ($debug); > > if (! defined($commands{$cmd})) { > > print STDERR "$host: found unexpected command - \"$cmd\"\n"; > > $clean_run = 0; > > last TOP; > > } > > $rval = &{$commands{$cmd}}; > > delete($commands{$cmd}); > > if ($rval == -1) { > > $clean_run = 0; > > last TOP; > > } > > } > > } > > > . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks, Network Manager, Information Services Directorate, University Of Strathclyde, Glasgow, UK The University of Strathclyde is a charitable body, registered in Scotland, number SC015263. From ryamry at kimberly.k12.wi.us Tue Feb 22 15:17:25 2011 From: ryamry at kimberly.k12.wi.us (Rob Yamry) Date: Tue, 22 Feb 2011 09:17:25 -0600 Subject: [rancid] Enterasys C-Series In-Reply-To: References: <0ADF7A69-E86B-478C-B372-CD92F5EE6E35@sequestered.net> Message-ID: > > (I've not been closely following this thread) > > So if $found_end is true, then /$prompt\s?(quit|exit|Connection( to \S+)? > closed)/ must not be, for $clean_run not to be true. > > What does the end of "show config" look like? > The end will look something like this: ! > end > > > switch(su)-> > but! The "end" is sometimes not there. Not sure why. Also, I set $clean_run at the top of the script and had the variable printed in various parts to see if it got changed at all. I changed it to 2 so I could see if it got changed to 0 or 1. It didnt. It ended with a value of 2. -------------- next part -------------- An HTML attachment was scrubbed... URL: From corey at sequestered.net Tue Feb 22 17:23:58 2011 From: corey at sequestered.net (Corey Quinn) Date: Tue, 22 Feb 2011 09:23:58 -0800 Subject: [rancid] Enterasys C-Series In-Reply-To: References: <0ADF7A69-E86B-478C-B372-CD92F5EE6E35@sequestered.net> Message-ID: <93F39165-0515-4782-A975-1EDE8E54B825@sequestered.net> On Feb 22, 2011, at 7:17 AM, Rob Yamry wrote: > > The end will look something like this: > > ! > end > > > switch(su)-> > switch(su)-> should be the terminator then, regardless if "end" is found or not. You might packet capture this and see what's actually coming back over the wire (assuming telnet). I've seen similar issues before where the (radware) switch was actually echoing what the user had input-- once that was turned off, Rancid "just worked." -- Corey / KB1JWQ -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 487 bytes Desc: This is a digitally signed message part URL: From jethro.binks at strath.ac.uk Tue Feb 22 20:38:06 2011 From: jethro.binks at strath.ac.uk (Jethro R Binks) Date: Tue, 22 Feb 2011 20:38:06 +0000 (GMT) Subject: [rancid] Enterasys C-Series In-Reply-To: <93F39165-0515-4782-A975-1EDE8E54B825@sequestered.net> References: <0ADF7A69-E86B-478C-B372-CD92F5EE6E35@sequestered.net> <93F39165-0515-4782-A975-1EDE8E54B825@sequestered.net> Message-ID: On Tue, 22 Feb 2011, Corey Quinn wrote: > On Feb 22, 2011, at 7:17 AM, Rob Yamry wrote: > > > > The end will look something like this: > > > > ! > > end > > > > > > switch(su)-> > > > switch(su)-> should be the terminator then, regardless if "end" is found or not. > > You might packet capture this and see what's actually coming back over > the wire (assuming telnet). I've seen similar issues before where the > (radware) switch was actually echoing what the user had input-- once > that was turned off, Rancid "just worked." env NOPIPE=YES PATH=${PATH}:/usr/local/libexec/rancid rancid -d devicename substituting the second "rancid" with the appropriate *rancid and modifying the path as appropriate. Then check out the .raw file produced. You previously said: "Some switches need the space bar pressed to advance the output.". If you can't disable per-session paging (commands like "screen length 0" and their ilk), then *login will need to recognise the paging prompt ("--- More ---" etc), send a space when it sees it, and *rancid will need to be able to filter out the paging prompt, control characters etc. It might be that the paging prompt on your devices isn't being recognised by *login/*rancid. Jethro. . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks, Network Manager, Information Services Directorate, University Of Strathclyde, Glasgow, UK The University of Strathclyde is a charitable body, registered in Scotland, number SC015263. From s.felici at mclink.eu Wed Feb 23 11:54:57 2011 From: s.felici at mclink.eu (Simone Felici) Date: Wed, 23 Feb 2011 12:54:57 +0100 Subject: [rancid] Distributed setup possible? Message-ID: <4D64F591.4030702@mclink.eu> Hello to all! I'm new to RANCID but it seems a very powerful tool. I would like to set-up a distributed environment. I'll describe my scenario: I've one master server and some slave servers for monitoring pruposes. The master can reach all the slaves via SSH directly, but the slaves can NOT reach the master, 'cause master it's located in a private net. This why the master server monitors private networks and poll the slaves for informations about monitored devices from slaves. I would like add RANCID support on these servers. I've installed it using a simple guide (with CVS) and there is no problem to install it on all servers. What I would to do is to use the master-server as master repository for all configs. I could use some scripts too to copy what I need from the slaves to the master but have no idea what to copy and how to merge it all. Could someone help me in this or point me to some docs? As written, I can reach the slaves from the master but not the master from slaves (firewall + nat). If I could, I know I could use a remote CVS (slaves->master), but there is no routing. Thanks for the support! Simon From corey at sequestered.net Thu Feb 24 04:24:48 2011 From: corey at sequestered.net (Corey Quinn) Date: Wed, 23 Feb 2011 20:24:48 -0800 Subject: [rancid] Distributed setup possible? In-Reply-To: <4D64F591.4030702@mclink.eu> References: <4D64F591.4030702@mclink.eu> Message-ID: <6D37E119-A29F-476C-BE56-842651167A7D@sequestered.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Feb 23, 2011, at 3:54 AM, Simone Felici wrote: > Hello to all! > > I'm new to RANCID but it seems a very powerful tool. > I would like to set-up a distributed environment. > I'll describe my scenario: > I've one master server and some slave servers for monitoring pruposes. The master can reach all the slaves via SSH directly, but the slaves can NOT reach the master, 'cause master it's located in a private net. This why the master server monitors private networks and poll the slaves for informations about monitored devices from slaves. > I would like add RANCID support on these servers. I've installed it using a simple guide (with CVS) and there is no problem to install it on all servers. What I would to do is to use the master-server as master repository for all configs. I could use some scripts too to copy what I need from the slaves to the master but have no idea what to copy and how to merge it all. Use SVN, set up subversion to check into a central server. That's where your repo lives; you may have to modify slightly to suit your networking constraints... - -- Corey -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (Darwin) iQEcBAEBAgAGBQJNZd2QAAoJEPmSS8816iBeKkAH/3AtAg0ATqShmXU+8g4IKG7H Osvdk7hUTvGITz6DsZS2UiVGybdLz4B/CTJ+nlOvcBxNa05Ue+J2fwl95Un9FXnt uUA5MW3OeGBR8AOoiRB400lR3G2/WrYG95tVw4X3be1DHfkJe1m+sFhXIt1QgNIa yY00OUR1rdgUMKEMiEwU8n5nIqKG/kSL0fMsIAsfUxaZ4D8Vd9NJPQ8meyyr5Woa 5yYRyE9qCD+AXG7QmMAFbMDYk/ztHghWXMliS1S0xTZKR0EP1gLfdkFBUPt0u+sH kEf96EW9J0XFoZ2FCuau7mKBJLpiJH+zgPWjEz1RJ34eAKgv13Ennh8ks7u+yfE= =Luhb -----END PGP SIGNATURE----- From s.felici at mclink.eu Thu Feb 24 08:12:49 2011 From: s.felici at mclink.eu (Simone Felici) Date: Thu, 24 Feb 2011 09:12:49 +0100 Subject: [rancid] Distributed setup possible? In-Reply-To: <6D37E119-A29F-476C-BE56-842651167A7D@sequestered.net> References: <4D64F591.4030702@mclink.eu> <6D37E119-A29F-476C-BE56-842651167A7D@sequestered.net> Message-ID: <4D661301.3050106@mclink.eu> Il 24/02/2011 05:24, Corey Quinn ha scritto: > > Use SVN, set up subversion to check into a central server. That's where your repo lives; you may have to modify slightly to suit your networking constraints... Thank you. Could be a possibility, even if the slaves haven't a direct connection to the master. I'll think about a way to modify network topology in case. Cheers, Simon From corey at sequestered.net Thu Feb 24 08:14:20 2011 From: corey at sequestered.net (Corey Quinn) Date: Thu, 24 Feb 2011 00:14:20 -0800 Subject: [rancid] Distributed setup possible? In-Reply-To: <4D661301.3050106@mclink.eu> References: <4D64F591.4030702@mclink.eu> <6D37E119-A29F-476C-BE56-842651167A7D@sequestered.net> <4D661301.3050106@mclink.eu> Message-ID: <660EE12F-1197-4F7E-B976-EFC9EDCA2E64@sequestered.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Feb 24, 2011, at 12:12 AM, Simone Felici wrote: > Il 24/02/2011 05:24, Corey Quinn ha scritto: > >> >> Use SVN, set up subversion to check into a central server. That's where your repo lives; you may have to modify slightly to suit your networking constraints... > > Thank you. Could be a possibility, even if the slaves haven't a direct connection to the master. I'll think about a way to modify network topology in case. > > Cheers, > > Simon > No worries. Could always use an intermediate server with a post-commit hook if you're wedded to a strange network. - -- Corey / KB1JWQ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (Darwin) iQEcBAEBAgAGBQJNZhNcAAoJEPmSS8816iBeJpUH/1X9TAL9iF3e3qUD9cDlytd0 YAzkg+yleaZQGlnW1H1hwX01Nez8OZOpzbTx0vvKBvdMQkD8yBoxLhWEXCGU5XdQ SV7FZ5EuBNBzYN9C/yTI0892wdKtwkt4I3+FJwS+O7b4oYeGE8pJ1Llf4G/T0g2j IPO5pItQVlTuegCMQm6wH/KS+GbvUc9ZI9ycagBvBBt1KXauoEi1Xl/4HKhIylzQ uyfBUEuZboM4nMba3qMRt4RG6a5FtAlsPcjU4g6rqPeefPVv4XkQg1f5QScjAEN2 y6Oz6uyInAxrqY7d8iEieMpBHN3qZBoKGbE9nSHwI4smP358YXxzYrHHDvGdr6o= =oLug -----END PGP SIGNATURE----- From s.felici at mclink.eu Thu Feb 24 08:26:45 2011 From: s.felici at mclink.eu (Simone Felici) Date: Thu, 24 Feb 2011 09:26:45 +0100 Subject: [rancid] Distributed setup possible? In-Reply-To: <660EE12F-1197-4F7E-B976-EFC9EDCA2E64@sequestered.net> References: <4D64F591.4030702@mclink.eu> <6D37E119-A29F-476C-BE56-842651167A7D@sequestered.net> <4D661301.3050106@mclink.eu> <660EE12F-1197-4F7E-B976-EFC9EDCA2E64@sequestered.net> Message-ID: <4D661645.5030503@mclink.eu> Il 24/02/2011 09:14, Corey Quinn ha scritto: >> > > No worries. > > Could always use an intermediate server with a post-commit hook if you're wedded to a strange network. Why not :) Meanwhile I'll convert my setup from CVS to SVN, then, the next step, to find out a way to have a central SVN repo. Again, thank's! Simon