[rancid] Rancid can't authenticate on device even login and passwords are correct. Clogin is also successful.
Auzzik
auzzik at gmail.com
Thu Jan 10 06:02:24 UTC 2013
Good day,
I am stacked with a minor problem which I can't fight.
Rancid 2.3.6.
I have a Cisco ASA. I configured Rancid user on it, but I want to
restrict Rancid user on it. So I user privilege commands to do this:
username rancid password <password> encrypted privilege 5
It's know that level 5 on ASA is a read-only privileges by default.
That's fine. I can login to ASA as a rancid user using SSH client.
The problem here is that a rancid user must enable into 5th level using
command 'enable 5'. Originally, 'clogin' script has these lines:
-------------
# Enable
proc do_enable { enauser enapasswd } {
global do_saveconfig in_proc
global prompt u_prompt e_prompt
set in_proc 1
send "enable\r"
...
------------
So, I changed this script to send 'enable 3\r' instead of just 'enable'.
I defined all settings for this box in .cloginrc and router.db files as
well. It's defined as 'asa:cisco:up'
When I use 'clogin' script it works fine:
----------------
$ /usr/libexec/rancid/clogin asa
asa
spawn ssh -c 3des -x -l rancid asa
rancid@[ip]'s password:
Type help or '?' for a list of available commands.
asa1.local> enable 3
Password: *********************
asa1.local# configure ?
ERROR: % Unrecognized command
asa1.local#
asa1.local# show version | in Hardware
Hardware: ASA5512, 4096 MB RAM, CPU Clarkdale 2792 MHz, 1 CPU (2 cores)
----------------
As you can see I can't get 'conf t' mode, but I can do 'show' commands.
That is what I want.
The problem is that when I run '/usr/bin/rancid-run' rancid can't
authenticate on device.
I see the following in the logs:
-----------------------------------------
Trying to get all of the configs.
asa: End of run not found
!DEBUG: ^
=====================================
Getting missed routers: round 1.
asa: End of run not found
!DEBUG: ^
=====================================
Getting missed routers: round 2.
asa: End of run not found
!DEBUG: ^
ending: Thu Jan 9 05:39:46 UTC 2013
------------------------------------------
I thought rancid uses clogin script to login into cisco devices, but
looks like it does not.
Please point me out on what else I need to change/fix.
Thanks.
P.S. Do you have any diagram showing links between all rancid scripts?
P.P.S. Is any yum repository with latest rancid packages for rhel6?
Auzzik
More information about the Rancid-discuss
mailing list