[tac_plus] Re: Very Odd Behavior

john heasley heas at shrubbery.net
Thu Mar 5 18:43:16 UTC 2009


Thu, Mar 05, 2009 at 09:07:03AM -0500, Jason Frisvold:
> All,
> 
> 	This is ....  odd, at best.  And I'm not sure that tac_plus is the
> cause, but it's the only variable that has changed in the last day, so
> I'm taking a stab in the dark here...
> 
> 	We use rancid for configuration backups.  Rancid has worked wonderfully
> for a few years now and we're quite happy with it.  Yesterday, we
> ditched our ACS server and moved over to the open-source tac_plus server
> (4.0.4.15).
> 
> 	Since the move, we have noticed that a number of our Cisco switches
> have spontaneously added "privilege level 15" to their configuration
> under "line vty 0 4" ...  We removed the offending line as it prevented
> rancid from running correctly, and re-ran rancid.  Again, the line was
> re-added.
> 
> 	A sampling of these switches seems to indicate that all the affected
> switches are model 3750G, though I did run across one 3750G that was not
> affected.
> 
> 	Has anyone seen anything like this?  Any suggestions on how to track
> down the cause?

I haven't, but its not uncommon for ciscos to add things to their configs
spontaneously (STP-related stuff is very common) that will appear in the
output.  my guess is that you have priv-lvl in your tacacs config and its
causing this silly config change.  could also be a bug or caused by the
aaa config on the switches.

anyway, this should not cause rancid to fail.  you probably just need to
adjust autoenable in your cloginrc, see cloginrc(5).


More information about the tac_plus mailing list