[c-nsp] Fwd: tacplus and rancid combined

Affan Basalamah affanzbasalamah at gmail.com
Mon May 8 03:24:13 EDT 2006


On 5/3/06, Estes, Paul <pestes at covad.com> wrote:
> The # in your banner is probably the culprit. From the RANCID FAQ:
>
> Q. Are there any characters in the banner that rancid has problems with
> OR
>    I changed the device's command prompt and now collection is failing?
> A. The trickiest part about clogin (et al) is recognizing the prompt
>    correctly.  clogin looks for '>' and '#' to figure out if it is
> logged
>    in or in enable mode.  So if you have a '>' or '#' in your login
> banner
>    (or other motd), then clogin gets all confused and will not be able
> to log
>    in correctly, and thus rancid will fail.
>
> --Paul
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Affan Basalamah
> Sent: Wednesday, May 03, 2006 9:25 AM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] Fwd: tacplus and rancid combined
>
> On 4/29/06, Afsheen Bigdeli <afsheenb at emusic.com> wrote:
> > Your .cloginrc should be in the following format:
> >
> > add user         10.10.10.1           username
> > add password 10.10.10.1           {login-password}
> {enable-password}
> >
> > You can specify an individual user in the .cloginrc, but if you do not
> > rancid will attempt to login as user rancid. For this reason you may
> > want to try changing all instances of user ranciduser to user rancid,
> so
> > you'll be able to get rid of the "add user" line entirely in your
> > config.
> >
> > <conjecture> I believe that the problem you're having is with the
> > autoenable=1 bit; IIRC that will only work if a user is able to enter
> > privileged exec mode without a password. </conjecture>
> >
> >
> > Also, you can always try manually, from the command line on your linux
> > box, running "clogin devicename", which is essentially the same
> > mechanism that rancid uses to login to your devices. If all works
> well,
> > you should be logged in with an enable prompt after typing this. If
> not,
> > the point where the login process fails, combined with the log files
> > that rancid outputs, should offer plenty of guidance.
> >
> >
> > --afsheenb

Hi all,

It seems the fault is on my side,
I forget to add authorization in tacplus for command 'dir' and
'write'. Previously I only allow 'show' and 'exit/logout/quit'
command. Now rancid can archive my config perfectly.

-affan



More information about the cisco-nsp mailing list