Discussion:
[rancid] Rancid without radius
William Muriithi
2007-10-05 08:48:00 UTC
Permalink
Hallo pals,

I have a quick question that I don't seem to find answer from google search.
We have issues setting up radius such that if radius is unavailable, the NAS
can fall back to the local account. Yeah yeah, the last option in aaa command
should be local, but for some reason, its not working. This mean we are
still using local accounts

Now, I am attempting to backup a pix device. The backup account is local and
with enable 5 rights. The network guys have decided its not wise to give this
account enable 15 access.

The problem is, I am not able to have rancid log in to the pix device with
enable 5 permission. Is anyone aware of how to achieve this? I would be
grateful for any pointer?

Thanks in advance
William
David Croft
2007-10-05 09:47:03 UTC
Permalink
Hi William,

The PIX/ASA drops you in at level 0 after login when you use local
authentication, you need to either "enable" (with the enable password)
or "login" (with your own password) again.

Try ths patch

http://www.shrubbery.net/pipermail/rancid-discuss/2007-June/002252.html

and then add to your .cloginrc

add enacmd <device> login

Regards,

David
Post by William Muriithi
Hallo pals,
I have a quick question that I don't seem to find answer from google search.
We have issues setting up radius such that if radius is unavailable, the NAS
can fall back to the local account. Yeah yeah, the last option in aaa command
should be local, but for some reason, its not working. This mean we are
still using local accounts
Now, I am attempting to backup a pix device. The backup account is local and
with enable 5 rights. The network guys have decided its not wise to give this
account enable 15 access.
The problem is, I am not able to have rancid log in to the pix device with
enable 5 permission. Is anyone aware of how to achieve this? I would be
grateful for any pointer?
Thanks in advance
William
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
john heasley
2007-11-14 17:45:01 UTC
Permalink
Post by William Muriithi
Hallo pals,
I have a quick question that I don't seem to find answer from google search.
We have issues setting up radius such that if radius is unavailable, the NAS
can fall back to the local account. Yeah yeah, the last option in aaa command
should be local, but for some reason, its not working. This mean we are
still using local accounts
Now, I am attempting to backup a pix device. The backup account is local and
with enable 5 rights. The network guys have decided its not wise to give this
account enable 15 access.
The problem is, I am not able to have rancid log in to the pix device with
enable 5 permission. Is anyone aware of how to achieve this? I would be
grateful for any pointer?
My guess would be that level 5 changes the prompt to '#', which clogin will
believe is already enabled. I'd just leave it with level 1 and let clogin
do the enable to 15.

OR, perhaps enable doesn't automatically move you from a level of >1 && <15
to level 15. I don't know, >1 && <15 have always seemed pointless, so I've
never experimented.

Loading...