[rancid] ASA IOS 9.8(2) support?

[Bob Brunette]

If you're authenticating to a server, you can use this to skip the enable:

aaa authorization exec authentication-server auto-enable

For both this and the 'LOCAL' version, remember to change the autoenable value to '1' in your .cloginrc file.

Bob

On 9/11/17, 12:17 PM, "Rancid-discuss on behalf of Ryan West" <rancid-discuss-bounces at shrubbery.net on behalf of rwest at zyedge.com> wrote:

    On Mon, Sep 11, 2017 at 01:47:38, Wayne Eisenberg wrote:
    > Subject: [rancid] ASA IOS 9.8(2) support?
    > 
    > Hi,
    > 
    > 
    > 
    > I have an ASA firewall running version 9.8(2), and the clogin script 
    > is missing something in the sequence such that I don't get to the 
    > enable mode properly.
    
    Hi Wayne,
    
    Try this -
    
    no aaa authentication login-history
    
    The alternative is that clogin itself needs to be updated to ignore the new : that shows up in the login banner.  And yet another alternative is this -
    
    aaa authorization exec LOCAL auto-enable
    
    That assumes you are using the local database and that the user has exec privs, but it skips the need for enable and behaves like more like a router.
    
    -ryan
    
    _______________________________________________
    Rancid-discuss mailing list
    Rancid-discuss at shrubbery.net
    https://urldefense.proofpoint.com/v2/url?u=http-3A__www.shrubbery.net_mailman_listinfo_rancid-2Ddiscuss&d=DwICAg&c=PzM68gSF_5r1R7BCE75oeA&r=gYZeMiDUCUw52JdC5NN6jRS7tkNrkCJCnDUS2Hz0h_k&m=qKVjsk6S0s9KMitnliPTMBpfw2NbvapsEL_YebvDvWo&s=5VuBKvS1NQeKW4_v_1FjASKqvISL0jEmnsPYVn5gi0c&e=