From owner-rancid-discuss-outgoing@shrubbery.net Wed Jun 2 23:23:39 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 0CD8611CE2E for ; Wed, 2 Jun 2004 23:23:38 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id C8D7517D02B; Wed, 2 Jun 2004 23:23:37 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id A9A2017D033; Wed, 2 Jun 2004 23:23:37 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from server.nipper.de (relay.nipper.de [212.86.201.222]) by guelah.shrubbery.net (Postfix) with ESMTP id 963A817D02B for ; Wed, 2 Jun 2004 23:23:35 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by server.nipper.de (Postfix on SuSE Linux 7.3 (i386)) with ESMTP id A7955247B1 for ; Thu, 3 Jun 2004 01:23:17 +0200 (CEST) Received: from server.nipper.de ([127.0.0.1]) by localhost (server [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 12912-10 for ; Thu, 3 Jun 2004 01:23:13 +0200 (CEST) Received: from [127.0.0.1] (pc103.nipper.de [192.168.144.103]) by server.nipper.de (Postfix on SuSE Linux 7.3 (i386)) with ESMTP id 6C9DF2479C for ; Thu, 3 Jun 2004 01:23:12 +0200 (CEST) Message-ID: <40BE615D.7090802@nipper.de> Date: Thu, 03 Jun 2004 01:23:09 +0200 From: Arnold Nipper Organization: nIPper consulting User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7) Gecko/20040514 X-Accept-Language: de, en-us, en MIME-Version: 1.0 To: "rancid-discuss@shrubbery.net" Subject: rancid router hung on loghost? Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at nipper.de Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Since a couple of hours I get: rancid router hung on loghost? Old lockfile still exists: -rw-r----- 1 rancid rancid 0 Jun 2 20:13 /tmp/.router.run.lock As usual I didn't change anything (TM) :-) I see some rancid processes (loghost:nipper 2 ) ps -alef -opid,user,stime,args | grep rancid 17398 rancid 00:30:49 /usr/bin/perl /usr/local/bin/rancid gw.de-cix.net 17397 rancid 00:30:49 sh -c (rancid-fe \gw.de-cix.net:cisco) 4090 rancid 20:13:01 /bin/sh /usr/local/bin/control_rancid router 4083 rancid 20:13:01 sh -c /usr/local/bin/do-diffs 17411 rancid 00:30:49 /usr/local/bin/expect -- /usr/local/bin/clogin -t 90 -c show version;show insta 17419 rancid 00:30:49 ssh -c 3des -x -l rancid gw.de-cix.net 4086 rancid 20:13:01 /bin/sh /usr/local/bin/do-diffs 17399 rancid 00:30:49 sh -c clogin -t 90 -c "show version;show install active;show env all;show gsr c 4084 rancid 20:13:01 /bin/sh /usr/local/bin/do-diffs 17396 rancid 00:30:49 /usr/bin/perl /usr/local/bin/par -q -n 5 -c rancid-fe \{} /var/rancid/router/ro but have no idea why they got stuck. Looks like processes from 20:13 are still active though all other processes started at 21:13, 22:13, ... wnet thru. Removing /tmp/.router.run.lock does not really help as the same problem reappears some hours later. Any ideas? Thanks for your help! Arnold From owner-rancid-discuss-outgoing@shrubbery.net Thu Jun 3 07:57:35 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id BBD3711CE30 for ; Thu, 3 Jun 2004 07:57:35 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id 006241113B; Thu, 3 Jun 2004 07:57:35 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id ED7661113E; Thu, 3 Jun 2004 07:57:34 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 7053) id 6C2331113D; Thu, 3 Jun 2004 07:57:34 +0000 (UTC) Date: Thu, 3 Jun 2004 07:57:34 +0000 From: john heasley To: Arnold Nipper Cc: "rancid-discuss@shrubbery.net" Subject: Re: rancid router hung on loghost? Message-ID: <20040603075734.GC231@shrubbery.net> References: <40BE615D.7090802@nipper.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <40BE615D.7090802@nipper.de> User-Agent: Mutt/1.4.2.1i X-PGPkey: http://www.shrubbery.net/~heas/public-key.asc X-note: live free, or die! X-homer: awe, not the good cheek Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Thu, Jun 03, 2004 at 01:23:09AM +0200, Arnold Nipper: > Since a couple of hours I get: > > rancid router hung on loghost? Old lockfile still exists: > -rw-r----- 1 rancid rancid 0 Jun 2 20:13 /tmp/.router.run.lock > > As usual I didn't change anything (TM) :-) > > I see some rancid processes > > (loghost:nipper 2 ) ps -alef -opid,user,stime,args | grep rancid > 17398 rancid 00:30:49 /usr/bin/perl /usr/local/bin/rancid gw.de-cix.net > 17397 rancid 00:30:49 sh -c (rancid-fe \gw.de-cix.net:cisco) > 4090 rancid 20:13:01 /bin/sh /usr/local/bin/control_rancid router > 4083 rancid 20:13:01 sh -c /usr/local/bin/do-diffs > 17411 rancid 00:30:49 /usr/local/bin/expect -- /usr/local/bin/clogin > -t 90 -c show version;show insta > 17419 rancid 00:30:49 ssh -c 3des -x -l rancid gw.de-cix.net > 4086 rancid 20:13:01 /bin/sh /usr/local/bin/do-diffs > 17399 rancid 00:30:49 sh -c clogin -t 90 -c "show version;show install > active;show env all;show gsr c > 4084 rancid 20:13:01 /bin/sh /usr/local/bin/do-diffs > 17396 rancid 00:30:49 /usr/bin/perl /usr/local/bin/par -q -n 5 -c > rancid-fe \{} /var/rancid/router/ro > > but have no idea why they got stuck. Looks like processes from 20:13 are > still active though all other processes started at 21:13, 22:13, ... > wnet thru. Removing /tmp/.router.run.lock does not really help as the > same problem reappears some hours later. > > Any ideas? Thanks for your help! dollars to donuts you're using a linux or solaris box and its nothing you've done, your timing is just lucky. you need the expect patch on www.shrubbery.net/rancid. we've discovered that solaris 2.8 (possibly others) appears to have a bug whereby that patch will affect the streams device (tty driver) and thus leaves your terminal (or stdin) in non-blocking mode...which happens to really irritate older versions of bash. i havent worked out a better patch yet. From owner-rancid-discuss-outgoing@shrubbery.net Thu Jun 3 08:16:37 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 3841E11CE30 for ; Thu, 3 Jun 2004 08:16:35 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id DEAFA11146; Thu, 3 Jun 2004 08:16:34 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id D69F211149; Thu, 3 Jun 2004 08:16:34 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from server.nipper.de (relay.nipper.de [212.86.201.222]) by guelah.shrubbery.net (Postfix) with ESMTP id C351F11146; Thu, 3 Jun 2004 08:16:33 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by server.nipper.de (Postfix on SuSE Linux 7.3 (i386)) with ESMTP id C340924811; Thu, 3 Jun 2004 10:16:27 +0200 (CEST) Received: from server.nipper.de ([127.0.0.1]) by localhost (server [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 18678-06; Thu, 3 Jun 2004 10:16:26 +0200 (CEST) Received: from [127.0.0.1] (pc103.nipper.de [192.168.144.103]) by server.nipper.de (Postfix on SuSE Linux 7.3 (i386)) with ESMTP id 12081246B9; Thu, 3 Jun 2004 10:16:26 +0200 (CEST) Message-ID: <40BEDE51.7040907@nipper.de> Date: Thu, 03 Jun 2004 10:16:17 +0200 From: Arnold Nipper Organization: nIPper consulting User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7) Gecko/20040514 X-Accept-Language: de, en-us, en MIME-Version: 1.0 To: john heasley Cc: "rancid-discuss@shrubbery.net" Subject: Re: rancid router hung on loghost? References: <40BE615D.7090802@nipper.de> <20040603075734.GC231@shrubbery.net> In-Reply-To: <20040603075734.GC231@shrubbery.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at nipper.de Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk On 03.06.2004 09:57 john heasley wrote: > dollars to donuts you're using a linux or solaris box and its nothing you've > done, your timing is just lucky. you need the expect patch on > www.shrubbery.net/rancid. > (loghost:nipper 1 ) uname -a SunOS loghost 5.9 Generic_112233-04 sun4u sparc SUNW,UltraAX-i2 :-) Thanks for the hint. I will apply the patch. Arnold From owner-rancid-discuss-outgoing@shrubbery.net Mon Jun 14 20:32:28 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id C8C4611CE30 for ; Mon, 14 Jun 2004 20:32:28 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id DA24511136; Mon, 14 Jun 2004 19:13:52 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id CBFB611146; Mon, 14 Jun 2004 19:13:52 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from mail.coretel.net (mail.coretel.net [209.163.108.99]) by guelah.shrubbery.net (Postfix) with ESMTP id 2EF0311136 for ; Mon, 14 Jun 2004 19:13:52 +0000 (UTC) Received: from [209.163.108.198] (www.geekdevil.com [209.163.108.198]) by mail.coretel.net (8.12.8/8.12.8) with ESMTP id i5EJDpuR020665 for ; Mon, 14 Jun 2004 15:13:51 -0400 Message-ID: <40CDF8EF.9070001@coretel.net> Date: Mon, 14 Jun 2004 15:13:51 -0400 From: "Scott B. Lowe" User-Agent: Mozilla Thunderbird 0.6 (X11/20040502) X-Accept-Language: en-us, en MIME-Version: 1.0 To: rancid-discuss@shrubbery.net Subject: Riverstone Login problem Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk I am using RANCID 2.3 with great sucess on Cisco gear but I am having an issue with Riverstone 3000's. When you login to one of these, either by telnet or ssh, you must hit return before a login prompt appears. Therefore when I use clogin to try to connect it just sits at the login screen for the Riverstone, not getting to the prompt. Is there a way I can force RANCID to hit a carriage return before looking for the login prompt? From owner-rancid-discuss-outgoing@shrubbery.net Mon Jun 14 20:38:05 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id D305E11CE30 for ; Mon, 14 Jun 2004 20:38:04 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id 4BF7F11136; Mon, 14 Jun 2004 20:38:04 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 4348311158; Mon, 14 Jun 2004 20:38:04 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from condor.depaul.edu (condor.depaul.edu [140.192.1.6]) by guelah.shrubbery.net (Postfix) with ESMTP id AEE2311136 for ; Mon, 14 Jun 2004 20:38:03 +0000 (UTC) Received: by condor.depaul.edu (Postfix, from userid 16037) id A322CAC3; Mon, 14 Jun 2004 15:36:08 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by condor.depaul.edu (Postfix) with ESMTP id A15FBABE; Mon, 14 Jun 2004 15:36:08 -0500 (CDT) Date: Mon, 14 Jun 2004 15:36:08 -0500 (CDT) From: Michael C Siy To: "Scott B. Lowe" Cc: Subject: Re: Riverstone Login problem In-Reply-To: <40CDF8EF.9070001@coretel.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Scott, \n will force a carriage a return for clogin. For example, clogin -c '\n; show version' switch will do a return on a Cisco gear before doing the show version command. Try that. Mikee Siy Networks and Telecom DePaul University On Mon, 14 Jun 2004, Scott B. Lowe wrote: > I am using RANCID 2.3 with great sucess on Cisco gear but I am having an > issue with Riverstone 3000's. > > When you login to one of these, either by telnet or ssh, you must hit > return before a login prompt appears. Therefore when I use clogin to > try to connect it just sits at the login screen for the Riverstone, not > getting to the prompt. Is there a way I can force RANCID to hit a > carriage return before looking for the login prompt? > From owner-rancid-discuss-outgoing@shrubbery.net Tue Jun 15 15:37:25 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 474C111CE3B for ; Tue, 15 Jun 2004 15:37:25 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id 9664A11136; Tue, 15 Jun 2004 15:37:24 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 8B22E11149; Tue, 15 Jun 2004 15:37:24 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from mail.coretel.net (mail.coretel.net [209.163.108.99]) by guelah.shrubbery.net (Postfix) with ESMTP id 95F0F11136 for ; Tue, 15 Jun 2004 15:37:23 +0000 (UTC) Received: from [209.163.108.198] (www.geekdevil.com [209.163.108.198]) by mail.coretel.net (8.12.8/8.12.8) with ESMTP id i5FFbMuR023189 for ; Tue, 15 Jun 2004 11:37:22 -0400 Message-ID: <40CF17B1.7080008@coretel.net> Date: Tue, 15 Jun 2004 11:37:21 -0400 From: "Scott B. Lowe" User-Agent: Mozilla Thunderbird 0.6 (X11/20040502) X-Accept-Language: en-us, en MIME-Version: 1.0 To: rancid-discuss@shrubbery.net Subject: rivlogin problem Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk I am having another issue with Riverstone gear. I use tacacs+ to login to my Riverstone gear. To login I enter the tac_username then the tac_password. The enable password and vty password are the same on the Riverstone. According to the documentation, I set up .cloginrc to look like this add password my.river.stone {enable&vtypass} {enable&vtypass} add user my.river.stone {tacuser} add userpassword my.river.stone {tacuserpass} When I run the rivlogin for the router It logs in fine using the tacacs username and password but gives a bad-password error when it trys the enable command. If I disable tacacs and set up .cloginrc to just use the last-resort/enable password for a login it goes all the way through to enable mode just fine. This leads me to believe that rivlogin is trying to use the {tacuserpass} for enable instead of {enable&vtypass}. Perhaps I have missed something in the config? Any help would be greatly appreciated. Thank you From owner-rancid-discuss-outgoing@shrubbery.net Wed Jun 16 03:47:49 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 0938C11CE3E for ; Wed, 16 Jun 2004 03:47:48 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id 7AF0511136; Wed, 16 Jun 2004 03:47:48 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 713CE11149; Wed, 16 Jun 2004 03:47:48 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from gizmo10ps.bigpond.com (gizmo10ps.bigpond.com [144.140.71.20]) by guelah.shrubbery.net (Postfix) with SMTP id 5EED111136 for ; Wed, 16 Jun 2004 03:47:46 +0000 (UTC) Received: (qmail 28920 invoked from network); 16 Jun 2004 03:25:26 -0000 Received: from unknown (HELO psmam01.bigpond.com) (144.135.25.69) by gizmo10ps.bigpond.com with SMTP; 16 Jun 2004 03:25:26 -0000 Received: from cpe-144-132-109-92.vic.bigpond.net.au ([144.132.109.92]) by psmam01.bigpond.com(MAM REL_3_4_2a 71/14175757) with SMTP id 14175757; Wed, 16 Jun 2004 13:47:41 +1000 Message-ID: <40CFC25F.1020204@choqolat.org> Date: Wed, 16 Jun 2004 13:45:35 +1000 From: Andrew Fort User-Agent: Mozilla Thunderbird 0.6 (Windows/20040502) X-Accept-Language: en-us, en MIME-Version: 1.0 To: "Scott B. Lowe" Cc: rancid-discuss@shrubbery.net Subject: Re: rivlogin problem References: <40CF17B1.7080008@coretel.net> In-Reply-To: <40CF17B1.7080008@coretel.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Scott B. Lowe wrote: > I am having another issue with Riverstone gear. Hi, Scott > I use tacacs+ to login to my Riverstone gear. To login I enter the > tac_username then the tac_password. The enable password and vty > password are the same on the Riverstone. According to the > documentation, I set up .cloginrc to look like this > > add password my.river.stone {enable&vtypass} {enable&vtypass} > add user my.river.stone {tacuser} > add userpassword my.river.stone {tacuserpass} We're using RADIUS here, but it should be the same. The 'add password' line handling changed for rivlogin around about rancid 2.2bsomething - if the following suggestion doesn't work, try going to rancid 2.3. Also, non TAC+ logins were broken. In the newer version... For your add password line, the first password on the line should be the password you enter immediately after "Press RETURN to activate console...". The second password is the last resort password (i.e., when you've logged in using that first password, you go to enable, and your TACACS+ credentials cannot be checked because the AAA server is 'unreachable' (buggy network code on the Enterasys shows this up regularly)). The userpassword is your tac+ user password, and the user is your tac+ user. (This handling hasn't changed). > When I run the rivlogin for the router It logs in fine using the tacacs > username and password but gives a bad-password error when it trys the > enable command. If I disable tacacs and set up .cloginrc to just use > the last-resort/enable password for a login it goes all the way through > to enable mode just fine. This leads me to believe that rivlogin is > trying to use the {tacuserpass} for enable instead of > {enable&vtypass}. Perhaps I have missed something in the config? Any > help would be greatly appreciated. Yes, it would appear you've run across a bug I introduced to rivlogin. (oops) Please try the newest available version on the ftp.shrubbery.net server, and if you like mail me off-list if you're still having trouble. -Andrew From owner-rancid-discuss-outgoing@shrubbery.net Wed Jun 16 13:38:40 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 01FBE11CE3F for ; Wed, 16 Jun 2004 13:38:39 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id 653DC11136; Wed, 16 Jun 2004 13:38:39 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 58D2111149; Wed, 16 Jun 2004 13:38:39 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from relay.mbrd.ru (relay.mbrd.ru [194.117.71.2]) by guelah.shrubbery.net (Postfix) with ESMTP id 4662211136 for ; Wed, 16 Jun 2004 13:38:37 +0000 (UTC) Received: from msd (msd.mbrd.ru [172.16.4.9]) by relay.mbrd.ru (8.12.1/8.11.1) with SMTP id i5GDcaV1007604 for ; Wed, 16 Jun 2004 17:38:36 +0400 (MSD) (envelope-from sem@mbrd.ru) Message-ID: <005901c453a7$398fdd70$090410ac@mbrd.ru> From: "Sergey Matveychuk" To: Subject: shorten rules Date: Wed, 16 Jun 2004 17:38:36 +0400 MIME-Version: 1.0 Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1409 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409 Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Hello! I'm a newcomer to rancid. My proposal is here. It's looks like I can't set in .cloginrc somethink like: add autoenable * 1 add autoenable some-ip 0 My .cloginrc grows to tens lines w/o this feature. It will be great to implement it. And a question. If I need to use other commands to get configuration from my CISCO systems, what is the best way to do so? I think to clone rancid and modify the copy and rancid-fe script. Is it right? --- Sem. From owner-rancid-discuss-outgoing@shrubbery.net Wed Jun 16 13:55:22 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 64C9611CE3F for ; Wed, 16 Jun 2004 13:55:22 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id A8A0611136; Wed, 16 Jun 2004 13:55:21 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 90F8511149; Wed, 16 Jun 2004 13:55:21 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from server.nipper.de (relay.nipper.de [212.86.201.222]) by guelah.shrubbery.net (Postfix) with ESMTP id E08DC11136 for ; Wed, 16 Jun 2004 13:55:20 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by server.nipper.de (Postfix on SuSE Linux 7.3 (i386)) with ESMTP id A565C3BB80; Wed, 16 Jun 2004 15:55:14 +0200 (CEST) Received: from server.nipper.de ([127.0.0.1]) by localhost (server [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 20310-04; Wed, 16 Jun 2004 15:55:11 +0200 (CEST) Received: from [127.0.0.1] (pc103.nipper.de [192.168.144.103]) by server.nipper.de (Postfix on SuSE Linux 7.3 (i386)) with ESMTP id BA4D03BB5B; Wed, 16 Jun 2004 15:55:11 +0200 (CEST) Message-ID: <40D0513B.2020608@nipper.de> Date: Wed, 16 Jun 2004 15:55:07 +0200 From: Arnold Nipper Organization: nIPper consulting User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7) Gecko/20040514 X-Accept-Language: de, en-us, en MIME-Version: 1.0 To: Sergey Matveychuk Cc: rancid-discuss@shrubbery.net Subject: Re: shorten rules References: <005901c453a7$398fdd70$090410ac@mbrd.ru> In-Reply-To: <005901c453a7$398fdd70$090410ac@mbrd.ru> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at nipper.de Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk On 16.06.2004 15:38 Sergey Matveychuk wrote: > Hello! > > I'm a newcomer to rancid. My proposal is here. > It's looks like I can't set in .cloginrc somethink like: > add autoenable * 1 > add autoenable some-ip 0 > > My .cloginrc grows to tens lines w/o this feature. It will be great to > implement it. > But you may do it the otherway round :-) add autoenable some-ip 0 add autoenable * 1 The seconf will not overwrite the first Arnold From owner-rancid-discuss-outgoing@shrubbery.net Wed Jun 16 16:07:41 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id B43F911CE3F for ; Wed, 16 Jun 2004 16:07:40 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id 2701111136; Wed, 16 Jun 2004 16:07:40 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 1E47611149; Wed, 16 Jun 2004 16:07:40 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: from mail.coretel.net (mail.coretel.net [209.163.108.99]) by guelah.shrubbery.net (Postfix) with ESMTP id 6BC6F11136 for ; Wed, 16 Jun 2004 16:07:39 +0000 (UTC) Received: from [209.163.108.198] (www.geekdevil.com [209.163.108.198]) by mail.coretel.net (8.12.8/8.12.8) with ESMTP id i5GG7WC2012899; Wed, 16 Jun 2004 12:07:33 -0400 Message-ID: <40D07044.7060800@coretel.net> Date: Wed, 16 Jun 2004 12:07:32 -0400 From: "Scott B. Lowe" User-Agent: Mozilla Thunderbird 0.6 (X11/20040502) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Andrew Fort Cc: rancid-discuss@shrubbery.net Subject: Re: rivlogin problem References: <40CF17B1.7080008@coretel.net> <40CFC25F.1020204@choqolat.org> In-Reply-To: <40CFC25F.1020204@choqolat.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Thanks for the input Andrew, I am using version 2.3 now with no luck. Let me explain a little more of what I have. My Riverstones only have one password for last-resort/enable/vty. They are all the same. I only use tac+ for the initial login after the "Press return to activate...". I set up the .cloginrc file as you explained and it still gave me a bad password error when it went to enable. I was convinced that rivlogin was ignoring the password line and just using the tac+ password for enable so I tested it. I created a tac+ user with a password that is the same as the enable password on the Riverstone. You can guess what happened.....that worked fine. In fact I can remove the password line all together and it will still go all the way through enable. This must be a bug in the rivlogin script as it only pays attention to the first password on the line. I can't leave the tac+ password the same as the enable password so if you have any more suggestions I would be grateful. Andrew Fort wrote: > Scott B. Lowe wrote: > >> I am having another issue with Riverstone gear. > > > Hi, Scott > >> I use tacacs+ to login to my Riverstone gear. To login I enter the >> tac_username then the tac_password. The enable password and vty >> password are the same on the Riverstone. According to the >> documentation, I set up .cloginrc to look like this >> >> add password my.river.stone {enable&vtypass} >> {enable&vtypass} >> add user my.river.stone {tacuser} >> add userpassword my.river.stone {tacuserpass} > > > We're using RADIUS here, but it should be the same. The 'add > password' line handling changed for rivlogin around about rancid > 2.2bsomething - if the following suggestion doesn't work, try going to > rancid 2.3. Also, non TAC+ logins were broken. > > In the newer version... > > For your add password line, the first password on the line should be > the password you enter immediately after "Press RETURN to activate > console...". > > The second password is the last resort password (i.e., when you've > logged in using that first password, you go to enable, and your > TACACS+ credentials cannot be checked because the AAA server is > 'unreachable' (buggy network code on the Enterasys shows this up > regularly)). > > The userpassword is your tac+ user password, and the user is your tac+ > user. (This handling hasn't changed). > >> When I run the rivlogin for the router It logs in fine using the >> tacacs username and password but gives a bad-password error when it >> trys the enable command. If I disable tacacs and set up .cloginrc to >> just use the last-resort/enable password for a login it goes all the >> way through to enable mode just fine. This leads me to believe that >> rivlogin is trying to use the {tacuserpass} for enable instead of >> {enable&vtypass}. Perhaps I have missed something in the config? >> Any help would be greatly appreciated. > > > Yes, it would appear you've run across a bug I introduced to rivlogin. > (oops) > > Please try the newest available version on the ftp.shrubbery.net > server, and if you like mail me off-list if you're still having trouble. > > -Andrew From owner-rancid-discuss-outgoing@shrubbery.net Wed Jun 16 17:06:48 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 0C51611CE44 for ; Wed, 16 Jun 2004 17:06:48 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id 6E42C11136; Wed, 16 Jun 2004 17:06:47 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 66EB01114D; Wed, 16 Jun 2004 17:06:47 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 7053) id E08CF11149; Wed, 16 Jun 2004 17:06:46 +0000 (UTC) Date: Wed, 16 Jun 2004 17:06:46 +0000 From: john heasley To: Sergey Matveychuk Cc: rancid-discuss@shrubbery.net Subject: Re: shorten rules Message-ID: <20040616170646.GD9834@shrubbery.net> References: <005901c453a7$398fdd70$090410ac@mbrd.ru> <40D0513B.2020608@nipper.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <40D0513B.2020608@nipper.de> User-Agent: Mutt/1.4.2.1i X-PGPkey: http://www.shrubbery.net/~heas/public-key.asc X-note: live free, or die! X-homer: awe, not the good cheek Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Wed, Jun 16, 2004 at 03:55:07PM +0200, Arnold Nipper: > On 16.06.2004 15:38 Sergey Matveychuk wrote: > > > Hello! > > > > I'm a newcomer to rancid. My proposal is here. > > It's looks like I can't set in .cloginrc somethink like: > > add autoenable * 1 > > add autoenable some-ip 0 > > > > My .cloginrc grows to tens lines w/o this feature. It will be great to > > implement it. > > > > But you may do it the otherway round :-) > > add autoenable some-ip 0 > add autoenable * 1 > > The seconf will not overwrite the first Or more to the point, "the first match wins". note that in order for this to match, you would have to type clogin some-ip clogin does not attempt to resolve a name (or visa versa) for the purpose of scanning .cloginrc. From owner-rancid-discuss-outgoing@shrubbery.net Wed Jun 16 17:07:27 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 7A88211CE3F for ; Wed, 16 Jun 2004 17:07:27 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id CA88011149; Wed, 16 Jun 2004 17:07:26 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id C2FFE11154; Wed, 16 Jun 2004 17:07:26 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Delivered-To: rancid-discuss@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 7053) id 589ED1114D; Wed, 16 Jun 2004 17:07:26 +0000 (UTC) Date: Wed, 16 Jun 2004 17:07:26 +0000 From: john heasley To: Sergey Matveychuk Cc: rancid-discuss@shrubbery.net Subject: Re: shorten rules Message-ID: <20040616170726.GE9834@shrubbery.net> References: <005901c453a7$398fdd70$090410ac@mbrd.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <005901c453a7$398fdd70$090410ac@mbrd.ru> User-Agent: Mutt/1.4.2.1i X-PGPkey: http://www.shrubbery.net/~heas/public-key.asc X-note: live free, or die! X-homer: awe, not the good cheek Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Wed, Jun 16, 2004 at 05:38:36PM +0400, Sergey Matveychuk: > > And a question. If I need to use other commands to get configuration from my > CISCO systems, what is the best way to do so? I think to clone rancid and > modify the copy and rancid-fe script. Is it right? For now, yes.