[rancid] .clogin question

Discussion:

Todd Heide

2008-12-29 20:27:08 UTC

Is it possible to have the cloginrc first check username/password and
then password for all devices?

Reason I ask is we have several hundred devices that Rancid backed up,
but our master Tacacs server went poof, and we replaced it with Cisco
ACS, but not all the devices are on the new system, in fact only about
15% of them are. Problem is now that they aren't on Tacacs, I have an
either or condition, either I backup those that accept standard
password authentication, or those with Tacacs authentication.

Can it be setup to try both for all devices, except firewalls of course.

Thanks

Todd

Alex Zheng

2008-12-29 20:32:20 UTC

Permalink

Does anyone have the link to unsubscribe from this list?

From: rancid-discuss-***@shrubbery.net [mailto:rancid-discuss-***@shrubbery.net] On Behalf Of Todd Heide
Sent: Monday, December 29, 2008 12:27 PM
To: rancid-***@shrubbery.net
Subject: [BULK] [rancid] .clogin question
Importance: Low

Is it possible to have the cloginrc first check username/password and then password for all devices?

Reason I ask is we have several hundred devices that Rancid backed up, but our master Tacacs server went poof, and we replaced it with Cisco ACS, but not all the devices are on the new system, in fact only about 15% of them are. Problem is now that they aren't on Tacacs, I have an either or condition, either I backup those that accept standard password authentication, or those with Tacacs authentication.

Can it be setup to try both for all devices, except firewalls of course.

Thanks
Todd

Lance Vermilion

2008-12-29 20:37:58 UTC

Permalink

Todd,

I have to assume you know what devices are in the new ACS server. Take
a list of those names and then specify those before a global
specificied username/password.

username router1 bleh
password router1 {blehpassword} {blehenablepassword}
username router2 bloh
password router2 {blohpassword} {blohenablepassword}
username * blah
password * {blahpassword} {blahenablepassword}

Post by Alex Zheng
Is it possible to have the cloginrc first check username/password and then
password for all devices?
Reason I ask is we have several hundred devices that Rancid backed up, but
our master Tacacs server went poof, and we replaced it with Cisco ACS, but
not all the devices are on the new system, in fact only about 15% of them
are. Problem is now that they aren't on Tacacs, I have an either or
condition, either I backup those that accept standard password
authentication, or those with Tacacs authentication.
Can it be setup to try both for all devices, except firewalls of course.
Thanks
Todd
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

Todd Heide

2008-12-29 20:40:07 UTC

Permalink

I was hoping to avoid that since there are about 70 devices in ACS. I
guess the best thing to do is print out the logs from each group and go
add those to ACS, its just finding the time to do it.

Thanks
Todd Heide
Equivoice Inc.

CCSP CCNA CCDA
847-235-3308

Nothing ever goes as planned, Its a hell of a notion,
Even pharaohs turn to sand, Like a drop in the ocean

-----Original Message-----
From: rancid-discuss-***@shrubbery.net
[mailto:rancid-discuss-***@shrubbery.net] On Behalf Of Lance
Vermilion
Sent: Monday, December 29, 2008 2:38 PM
To: rancid-***@shrubbery.net
Subject: [rancid] Re: .clogin question

Todd,

I have to assume you know what devices are in the new ACS server. Take
a list of those names and then specify those before a global
specificied username/password.

username router1 bleh
password router1 {blehpassword} {blehenablepassword}
username router2 bloh
password router2 {blohpassword} {blohenablepassword}
username * blah
password * {blahpassword} {blahenablepassword}

Lance Vermilion

2008-12-29 20:48:24 UTC

Permalink

Todd,

If your device names are similar for department / location / etc you
can use wildcards to include/exclude all/part of those.

Post by Todd Heide
I was hoping to avoid that since there are about 70 devices in ACS. I
guess the best thing to do is print out the logs from each group and go
add those to ACS, its just finding the time to do it.
Thanks
Todd Heide
Equivoice Inc.
CCSP CCNA CCDA
847-235-3308
Nothing ever goes as planned, Its a hell of a notion,
Even pharaohs turn to sand, Like a drop in the ocean
-----Original Message-----
Vermilion
Sent: Monday, December 29, 2008 2:38 PM
Subject: [rancid] Re: .clogin question
Todd,
I have to assume you know what devices are in the new ACS server. Take
a list of those names and then specify those before a global
specificied username/password.
username router1 bleh
password router1 {blehpassword} {blehenablepassword}
username router2 bloh
password router2 {blohpassword} {blohenablepassword}
username * blah
password * {blahpassword} {blahenablepassword}

Post by Todd Heide
Is it possible to have the cloginrc first check username/password and

then

Post by Todd Heide
password for all devices?
Reason I ask is we have several hundred devices that Rancid backed up,

but

Post by Todd Heide
our master Tacacs server went poof, and we replaced it with Cisco ACS,

but

Post by Todd Heide
not all the devices are on the new system, in fact only about 15% of

them

Post by Todd Heide
are. Problem is now that they aren't on Tacacs, I have an either or
condition, either I backup those that accept standard password
authentication, or those with Tacacs authentication.
Can it be setup to try both for all devices, except firewalls of

course.

Post by Todd Heide
Thanks
Todd
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss