Discussion:
[rancid] rancid failing login to cisco switches
Cuttler, Brian (HEALTH)
2015-04-17 18:08:42 UTC
Permalink
I'm replacing the HUP switches with Cisco and I've found that only switches that have established local user accounts (seems against new policy) are succeeding at login, were as my TACACS login is failing.

I have added the "add user" and "add password" entries for each switch to the .cloginrc file, but I think its ignoring those lines in favor of the
"add user * joe" record in the .cloginrc file.

Now quite sure what I'm seeing and don't see sufficient detail in the racid-run log files to verify my suspicion, or work around it.

Open to suggestions, that in advance.

Not sure what version of rancid I'm running, the clogin binary is in the 2.3.8 tree, I'm running on Ubuntu 14.04 LTS.

Thanks in advance,
Brian
Alan McKinnon
2015-04-18 11:52:52 UTC
Permalink
Post by Cuttler, Brian (HEALTH)
I'm replacing the HUP switches with Cisco and I've found that only switches that have established local user accounts (seems against new policy) are succeeding at login, were as my TACACS login is failing.
I have added the "add user" and "add password" entries for each switch to the .cloginrc file, but I think its ignoring those lines in favor of the
"add user * joe" record in the .cloginrc file.
Now quite sure what I'm seeing and don't see sufficient detail in the racid-run log files to verify my suspicion, or work around it.
Open to suggestions, that in advance.
Not sure what version of rancid I'm running, the clogin binary is in the 2.3.8 tree, I'm running on Ubuntu 14.04 LTS.
.cloginrc is read strictly in order so if you have "add user * joe" at
the very top, it will be used everywhere.

Check the ordering of .loginrc as step one.

Step 2 is to run clogin manually and check the output
--
Alan McKinnon
***@gmail.com
Cuttler, Brian (HEALTH)
2015-04-20 20:36:07 UTC
Permalink
Thank you.

It was a couple of things, the add user *, and the add password *.

Also, since we had (mandated to) a change of switch names and IP numbers, I copied the new switch names out of the scripts that updated the switches and they were all in uppercase, and where not found by the clogin script when it scanned the .cloginrc file.

Those problems have all been corrected.

I did try to add a new group, unsuccessfully.

I added the new group to the /etc/rancid/rancid.conf file, created a new directory, a new router.db, but I'm not finding the information via CVSWEB nor do I have CVS archives of the data.

CVS home is /home/rancid/CVS, where I do see directories for my groups. I also see CVS directories in each group directory as well as the configs/CVS directories. These are not links (well, not softlinks). I'm missing something basic here, but not quite certain what.

Thank you,
Brian

-----Original Message-----
From: Rancid-discuss [mailto:rancid-discuss-***@shrubbery.net] On Behalf Of Alan McKinnon
Sent: Saturday, April 18, 2015 7:53 AM
To: rancid-***@shrubbery.net
Subject: Re: [rancid] rancid failing login to cisco switches
Post by Cuttler, Brian (HEALTH)
I'm replacing the HUP switches with Cisco and I've found that only switches that have established local user accounts (seems against new policy) are succeeding at login, were as my TACACS login is failing.
I have added the "add user" and "add password" entries for each switch
to the .cloginrc file, but I think its ignoring those lines in favor of the "add user * joe" record in the .cloginrc file.
Now quite sure what I'm seeing and don't see sufficient detail in the racid-run log files to verify my suspicion, or work around it.
Open to suggestions, that in advance.
Not sure what version of rancid I'm running, the clogin binary is in the 2.3.8 tree, I'm running on Ubuntu 14.04 LTS.
.cloginrc is read strictly in order so if you have "add user * joe" at the very top, it will be used everywhere.

Check the ordering of .loginrc as step one.

Step 2 is to run clogin manually and check the output


--
Alan McKinnon
***@gmail.com
heasley
2015-04-20 21:07:53 UTC
Permalink
Post by Cuttler, Brian (HEALTH)
Thank you.
It was a couple of things, the add user *, and the add password *.
Also, since we had (mandated to) a change of switch names and IP numbers, I copied the new switch names out of the scripts that updated the switches and they were all in uppercase, and where not found by the clogin script when it scanned the .cloginrc file.
the match is case-insensitive in v 3.2.
Post by Cuttler, Brian (HEALTH)
I did try to add a new group, unsuccessfully.
I added the new group to the /etc/rancid/rancid.conf file, created a new directory, a new router.db, but I'm not finding the information via CVSWEB nor do I have CVS archives of the data.
you must use rancid-cvs to create the dir.
Cuttler, Brian (HEALTH)
2015-04-22 20:54:33 UTC
Permalink
I had found that in the info, but had created the directories first and then tried to run it.

I destroyed the directory for the new group, ran $ rancid-cvs and all is fine now.

Thank you again!

Brian

-----Original Message-----
From: heasley [mailto:***@shrubbery.net]
Sent: Monday, April 20, 2015 5:08 PM
To: Cuttler, Brian (HEALTH)
Cc: Alan McKinnon; rancid-***@shrubbery.net
Subject: Re: [rancid] rancid failing login to cisco switches
Post by Cuttler, Brian (HEALTH)
Thank you.
It was a couple of things, the add user *, and the add password *.
Also, since we had (mandated to) a change of switch names and IP numbers, I copied the new switch names out of the scripts that updated the switches and they were all in uppercase, and where not found by the clogin script when it scanned the .cloginrc file.
the match is case-insensitive in v 3.2.
Post by Cuttler, Brian (HEALTH)
I did try to add a new group, unsuccessfully.
I added the new group to the /etc/rancid/rancid.conf file, created a new directory, a new router.db, but I'm not finding the information via CVSWEB nor do I have CVS archives of the data.
you must use rancid-cvs to create the dir.

Loading...