[c-nsp] tacplus and rancid combined

john heasley heas at shrubbery.net
Sat Apr 29 11:20:39 EDT 2006


Sat, Apr 29, 2006 at 05:16:24PM +0200, Joel andersson:
> Hello,
> 
>  If I'm not totally mistaken you configure the enable
> password on the same line as the password, ie
> 
> add password <host> <loginpw> <enablepw>

you are correct.  Please read the manpage, cloginrc(5).

> I don't have access to my rancid configuration files at
> the moment but I'm running the same setup as you are 
> suggesting so it's indeed doable, at least if I have
> got the correct impression of what you are trying to
> achieve..
> 
> Cheers
> //Joel
> 
> 
> 
> On Sat, 2006-04-29 at 19:46 +0700, Affan Basalamah wrote:
> > Hi all,
> > 
> > Currently I am stuck into a problem in running tacplus and rancid.
> > 
> > I installed tacplus, configured the username and password at tacplus
> > server, and configuring authentication, authorization and accounting
> > at router, and currently it works just fine. Only registered user at
> > tacplus server that can access the router. I follow the directions
> > from Cisco Press book 'Cisco Router & Firewall Security'
> > 
> > The problem comes when I want to archive all the configuration using
> > RANCID. Since I use tacplus username and password, I setup one
> > username and password for RANCID, and set it to only do 'show'
> > command. I set the username and password for router in .cloginrc, but
> > after thorough search on rancid manuals, I didn't find any command
> > that allows me to put username, user password and enable password in
> > .cloginrc just like when I use command 'add password <router> <passwd>
> > <enable passwd>.
> > 
> > This is the snippet of my .cloginrc :
> > 
> > add user 10.10.10.1           ranciduser
> > add password 10.10.10.1       {rancidpassword}
> > add autoenable                  1
> > 
> > This is the snippet of my tacplus.conf :
> > 
> > user = ranciduser {
> >     member = automated
> >     login = cleartext rancidpassword
> > }
> > 
> > user = $enab15$ {
> >     login = cleartext enablepassword
> > }
> > 
> > I am confused that I don't know where will I put the enable password
> > at my .cloginrc. With this config, rancid tells that it cannot access
> > my router. Anyone had a clue about this ? Please help.
> > 
> > Regards,
> > 
> > -affan
> > 
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/


More information about the cisco-nsp mailing list