From afort@staff.webcentral.com.au Mon Jun 25 04:59:31 2001 Return-Path: Received: from vista.webcentral.com.au (vista.webcentral.com.au [202.139.236.31]) by guelah.shrubbery.net (8.11.3/8.11.1) with ESMTP id f5P4xTq00810; Mon, 25 Jun 2001 04:59:29 GMT Received: from localhost (afort@localhost) by vista.webcentral.com.au (8.11.2/8.11.2) with ESMTP id f5P534h02550; Mon, 25 Jun 2001 15:03:04 +1000 X-Authentication-Warning: vista.webcentral.com.au: afort owned process doing -bs Date: Mon, 25 Jun 2001 15:03:04 +1000 (EST) From: Andrew Fort X-X-Sender: To: Hee-Juan Ho cc: "'john heasley'" , Subject: RE: alteon support In-Reply-To: <004801c0fd32$65f4ad60$6d00c1d2@qalacom.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Status: RO X-Status: A Content-Length: 1192 Lines: 40 On Mon, 25 Jun 2001, Hee-Juan Ho wrote: > Hi John, > OK, the alogin manages to login but the 1st command does not execute : > > =============== screen shot =============== > %alogin -c '/info/sys;/cfg/dump' ad3-backbone > ad3-backbone > spawn telnet ad3-backbone > Trying ... > Connected to ad3-backbone. > Escape character is '^]'. > > Enter password: > ------------------------------------------------------------ > [Main Menu] > info - Information Menu > stats - Statistics Menu > exit - Exit [global command, always available] > > >> Main> ^^ okay, alogin is getting an unpriveliged login, so it is stalling. it expects to see >> Main# -- this is probably a bug, it should ideally finish, but just fail for the /cfg/dump bit (an unpriv'd user can still /info/sys, kinda like you cant "write term" on a cisco when you're not enabled). If John reckons this is not the correct behaviour, I'll fix it :), but I cant dedicate much time over the next day or so.. for now, make sure your .cloginrc has only one password for this device, the administrator password, e.g. add password ad3-backbone {adminpassword} Regards, -- andrew fort From owner-rancid-discuss Tue Jun 26 00:53:56 2001 >From majordom Tue Jun 26 00:53:56 2001 Return-Path: Received: by guelah.shrubbery.net (8.11.3/8.11.1) id f5Q0r0O01323 for rancid-discuss-outgoing; Tue, 26 Jun 2001 00:53:01 GMT Received: from bnc.powerup.com.au (bnc.webcentral.com.au [202.139.236.123]) by guelah.shrubbery.net (8.11.3/8.11.1) with ESMTP id f5Q0qrq01280 for ; Tue, 26 Jun 2001 00:52:54 GMT Received: by bnc.webcentral.com.au with Internet Mail Service (5.5.2653.19) id ; Tue, 26 Jun 2001 10:51:17 +1000 Message-ID: <415DD4BF903BD311A3D900A0C99F90220960706C@bnc.webcentral.com.au> From: Andrew Fort To: rancid-discuss@shrubbery.net Subject: RE: alteon support Date: Tue, 26 Jun 2001 10:51:14 +1000 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Status: RO X-Status: A Content-Length: 1397 Lines: 38 >> okay, alogin is getting an unpriveliged login, so it is stalling. it >> expects to see >> Main# -- this is probably a bug, it should ideally >> finish, but just fail for the /cfg/dump bit (an unpriv'd >user can still >> /info/sys, kinda like you cant "write term" on a cisco when >you're not >> enabled). If John reckons this is not the correct >behaviour, I'll fix it >> :), but I cant dedicate much time over the next day or so.. > >you'll have to explain the login scenario. is there a way to "enable" >once you've logged in with a password other than adminpassword? either >way, it should be as "fault" tolerant as possible. cool -- I'll fix the prompt character dependancy (to make it like > as well as #), it'll be a few days though. Ho's issue was resolved by using the snigle password only in .cloginrc. i.e., add password ad3-core {priv-user-password} instead of add password ad3-core {unpriv-user-password} {priv-user-password} (the second password is ignored by alogin). For the record, at least as far as I know, there's no way to enable once logged in. The password (only) determines your userlevel. This muddies the issue when you deal with using TACACS+ or RADIUS for user authentication. SSH without AAA allows you to use any username, the password only being the key for authentication. Yet another reason for standardisation across vendors, eh :) -afort