Discussion:
[rancid] Probelms gettin PIX 501 Version 6.3(5) configuration
Alex Malberty
2008-04-14 17:53:15 UTC
Permalink
Hi everyone,

I am having trouble trying to get the configuration of a PIX 501 Version
6.3(5). I am using an enable user with limited privileges to access the
firewall. This only happens when I use the user with limited privileges
on the firewall. If I use enable level 15 I can get the config and check
it out in SVN. Does anybody know what permissions are needed to allow a
user to pull the running config info? Below are the logs when I run
rancid-run

Thanks in advance,

Alex.

Trying to get all of the configs.
pa-fw-501: End of run not found
: end
la-fw-501 clogin error: Error: TIMEOUT reached
la-fw-501: missed cmd(s): admin show diag,dir /all slavedisk2:,show rsp
chassis-info,dir /all sec-slot2:,show diag,dir /all disk1:,show gsr
chassis,dir /all sec-nvram:,show diag chassis-info,dir /all disk2:,dir
/all sec-bootflash:,show spe version,dir /all slaveslot2:,dir /all
disk0:,show install active,show bootvar,dir /all slaveslot0:,dir /all
sec-slot1:,dir /all harddiska:,dir /all slavenvram:,show flash,dir /all
sec-disk2:,dir /all slavesup-bootflash:,dir /all sec-disk0:,dir /all
harddiskb:,show variables boot,show boot,show inventory raw,dir /all
slavedisk1:,show env all,show module,admin show env all,show
controllers,admin show version,show diagbus,dir /all slavedisk0:,show
debug,show idprom backplane,dir /all bootflash:,dir /all sec-slot0:,dir
/all sec-disk1:,write term,show vtp status,dir /all sup-bootflash:,dir
/all slot2:,dir /all harddisk:,dir /all slot0:,dir /all
sup-microcode:,show vlan,dir /all slavebootflash:,show controllers
cbus,dir /all slaveslot1:,dir /all nvram:,show version,show
vlan-switch,admin show variables boot,show redundancy secondary,show
running-config,show c7200,dir /all slot1:
la-fw-501: End of run not found
!

------------------------------------------------------------------------
--
Alejandro A. Malberty
Systems Administrator
Engineering
BabyCenter, LLC

***@babycenter.com
p: 415.344.7626

<http://www.babycenter.com>


http://www.babycenter.com




This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. If you are the intended recipient, please be advised that the content of this message is subject to access, review and disclosure by the sender's Email System Administrator.
Alex Malberty
2008-04-14 22:08:59 UTC
Permalink
Hi everyone,

I am having trouble trying to get the configuration of a PIX 501 Version
6.3(5). I am using an enable user with limited privileges to access the
firewall. This only happens when I use the user with limited privileges
on the firewall. If I use enable level 15 I can get the config and check
it out in SVN. Does anybody know what permissions are needed to allow a
user to pull the running config info? Below are the logs when I run
rancid-run

Thanks in advance,

Alex.

Trying to get all of the configs.
pa-fw-501: End of run not found
: end
la-fw-501 clogin error: Error: TIMEOUT reached
la-fw-501: missed cmd(s): admin show diag,dir /all slavedisk2:,show rsp
chassis-info,dir /all sec-slot2:,show diag,dir /all disk1:,show gsr
chassis,dir /all sec-nvram:,show diag chassis-info,dir /all disk2:,dir
/all sec-bootflash:,show spe version,dir /all slaveslot2:,dir /all
disk0:,show install active,show bootvar,dir /all slaveslot0:,dir /all
sec-slot1:,dir /all harddiska:,dir /all slavenvram:,show flash,dir /all
sec-disk2:,dir /all slavesup-bootflash:,dir /all sec-disk0:,dir /all
harddiskb:,show variables boot,show boot,show inventory raw,dir /all
slavedisk1:,show env all,show module,admin show env all,show
controllers,admin show version,show diagbus,dir /all slavedisk0:,show
debug,show idprom backplane,dir /all bootflash:,dir /all sec-slot0:,dir
/all sec-disk1:,write term,show vtp status,dir /all sup-bootflash:,dir
/all slot2:,dir /all harddisk:,dir /all slot0:,dir /all
sup-microcode:,show vlan,dir /all slavebootflash:,show controllers
cbus,dir /all slaveslot1:,dir /all nvram:,show version,show
vlan-switch,admin show variables boot,show redundancy secondary,show
running-config,show c7200,dir /all slot1:
la-fw-501: End of run not found
!

------------------------------------------------------------------------
--
Alejandro A. Malberty
Systems Administrator
Engineering
BabyCenter, LLC

***@babycenter.com
p: 415.344.7626

<http://www.babycenter.com>


http://www.babycenter.com




This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. If you are the intended recipient, please be advised that the content of this message is subject to access, review and disclosure by the sender's Email System Administrator.
Sam Munzani
2008-04-17 16:54:49 UTC
Permalink
With limited priv you can't run "show running-config" command. You have
to run "show config" provided its permitted command in your limited
access setup. To setup limited priv properly, you need something like below.

privilege show level 1 mode exec command configuration <== This is
ASA command so you will have to figure out equivalent on PIX

Sam
Post by Alex Malberty
Hi everyone,
I am having trouble trying to get the configuration of a PIX 501
Version 6.3(5). I am using an enable user with limited privileges to
access the firewall. This only happens when I use the user with
limited privileges on the firewall. If I use enable level 15 I can get
the config and check it out in SVN. Does anybody know what permissions
are needed to allow a user to pull the running config info? Below are
the logs when I run rancid-run
Thanks in advance,
Alex.
Trying to get all of the configs.
pa-fw-501: End of run not found
: end
la-fw-501 clogin error: Error: TIMEOUT reached
la-fw-501: missed cmd(s): admin show diag,dir /all slavedisk2:,show
rsp chassis-info,dir /all sec-slot2:,show diag,dir /all disk1:,show
gsr chassis,dir /all sec-nvram:,show diag chassis-info,dir /all
disk2:,dir /all sec-bootflash:,show spe version,dir /all
slaveslot2:,dir /all disk0:,show install active,show bootvar,dir /all
slaveslot0:,dir /all sec-slot1:,dir /all harddiska:,dir /all
slavenvram:,show flash,dir /all sec-disk2:,dir /all
slavesup-bootflash:,dir /all sec-disk0:,dir /all harddiskb:,show
variables boot,show boot,show inventory raw,dir /all slavedisk1:,show
env all,show module,admin show env all,show controllers,admin show
version,show diagbus,dir /all slavedisk0:,show debug,show idprom
backplane,dir /all bootflash:,dir /all sec-slot0:,dir /all
sec-disk1:,write term,show vtp status,dir /all sup-bootflash:,dir /all
slot2:,dir /all harddisk:,dir /all slot0:,dir /all sup-microcode:,show
vlan,dir /all slavebootflash:,show controllers cbus,dir /all
slaveslot1:,dir /all nvram:,show version,show vlan-switch,admin show
variables boot,show redundancy secondary,show running-config,show
la-fw-501: End of run not found
!
--------------------------------------------------------------------------
*Alejandro A. Malberty*
Systems Administrator
Engineering
BabyCenter, LLC
p: 415.344.7626
<http://www.babycenter.com>
_http://www.babycenter.com_
/
This email message is for the sole use of the intended recipient(s)
and may contain confidential and privileged information. Any
unauthorized review, use, disclosure or distribution is prohibited. If
you are not the intended recipient, please contact the sender by reply
email and destroy all copies of the original message. If you are the
intended recipient, please be advised that the content of this message
is subject to access, review and disclosure by the sender's Email
System Administrator.
/
------------------------------------------------------------------------
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
Loading...