[c-nsp] tacplus and rancid combined

Joel andersson joel.andersson at euromail.se
Sat Apr 29 11:16:24 EDT 2006


Hello,

 If I'm not totally mistaken you configure the enable
password on the same line as the password, ie

add password <host> <loginpw> <enablepw>

I don't have access to my rancid configuration files at
the moment but I'm running the same setup as you are 
suggesting so it's indeed doable, at least if I have
got the correct impression of what you are trying to
achieve..

Cheers
//Joel



On Sat, 2006-04-29 at 19:46 +0700, Affan Basalamah wrote:
> Hi all,
> 
> Currently I am stuck into a problem in running tacplus and rancid.
> 
> I installed tacplus, configured the username and password at tacplus
> server, and configuring authentication, authorization and accounting
> at router, and currently it works just fine. Only registered user at
> tacplus server that can access the router. I follow the directions
> from Cisco Press book 'Cisco Router & Firewall Security'
> 
> The problem comes when I want to archive all the configuration using
> RANCID. Since I use tacplus username and password, I setup one
> username and password for RANCID, and set it to only do 'show'
> command. I set the username and password for router in .cloginrc, but
> after thorough search on rancid manuals, I didn't find any command
> that allows me to put username, user password and enable password in
> .cloginrc just like when I use command 'add password <router> <passwd>
> <enable passwd>.
> 
> This is the snippet of my .cloginrc :
> 
> add user 10.10.10.1           ranciduser
> add password 10.10.10.1       {rancidpassword}
> add autoenable                  1
> 
> This is the snippet of my tacplus.conf :
> 
> user = ranciduser {
>     member = automated
>     login = cleartext rancidpassword
> }
> 
> user = $enab15$ {
>     login = cleartext enablepassword
> }
> 
> I am confused that I don't know where will I put the enable password
> at my .cloginrc. With this config, rancid tells that it cannot access
> my router. Anyone had a clue about this ? Please help.
> 
> Regards,
> 
> -affan
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list