Discussion:
[rancid] diff to make rancid work with HP 2810-24G and tacacs+ authentication
Johan Ryberg
2012-07-13 08:59:45 UTC
Permalink
Hi.

I where having big problems when I enabled tacacs authentication for
HP 2810-24G switches and I found two issues that made rancid
(hpuifilder) to consume 100% cpu and it hang there forever.

First problem, the enable prompt
The switch are using "Login:" and I think this could be changed in the
default userprompt from "(Username|login|user name):" to
"(Username|[Ll]ogin|user name):"
--- /usr/local/bin/hlogin Fri Jul 13 10:12:12 2012
+++ hlogin Fri Jul 13 10:58:19 2012
@@ -697,7 +697,7 @@
# Figure out prompts
set u_prompt [find userprompt $router]
if { "$u_prompt" == "" } {
- set u_prompt "(Username|login|user name):"
+ set u_prompt "(Username|[Ll]ogin|user name):"
} else {
set u_prompt [join [lindex $u_prompt 0] ""]
}



Second problem, hlogin was to fast to enter the enable command after
login. The only letters that where written to the console was "nable".
I could reproduce this every time. The fix was to add a sleep in
hlogin after the "welcome prompt"

--- /usr/local/bin/hlogin Fri Jul 13 10:40:23 2012
+++ /usr/local/bin/hlogin Fri Jul 13 10:12:12 2012
@@ -394,6 +394,7 @@
expect {
"Press any key to continue" {
send " "
+ sleep 1
exp_continue
}
"Enter switch number to connect to or <CR>:" {

For the record. I'm using rancid 2.3.8 on OpenBSD 5.1

Best regards Johan Ryberg
heasley
2012-07-27 18:35:53 UTC
Permalink
Post by Johan Ryberg
Hi.
I where having big problems when I enabled tacacs authentication for
HP 2810-24G switches and I found two issues that made rancid
(hpuifilder) to consume 100% cpu and it hang there forever.
First problem, the enable prompt
The switch are using "Login:" and I think this could be changed in the
default userprompt from "(Username|login|user name):" to
"(Username|[Ll]ogin|user name):"
--- /usr/local/bin/hlogin Fri Jul 13 10:12:12 2012
+++ hlogin Fri Jul 13 10:58:19 2012
@@ -697,7 +697,7 @@
# Figure out prompts
set u_prompt [find userprompt $router]
if { "$u_prompt" == "" } {
- set u_prompt "(Username|login|user name):"
+ set u_prompt "(Username|[Ll]ogin|user name):"
} else {
set u_prompt [join [lindex $u_prompt 0] ""]
}
committed.
Post by Johan Ryberg
Second problem, hlogin was to fast to enter the enable command after
login. The only letters that where written to the console was "nable".
I could reproduce this every time. The fix was to add a sleep in
hlogin after the "welcome prompt"
--- /usr/local/bin/hlogin Fri Jul 13 10:40:23 2012
+++ /usr/local/bin/hlogin Fri Jul 13 10:12:12 2012
@@ -394,6 +394,7 @@
expect {
"Press any key to continue" {
send " "
+ sleep 1
exp_continue
}
"Enter switch number to connect to or <CR>:" {
For the record. I'm using rancid 2.3.8 on OpenBSD 5.1
Are you sure? usually when behavior like occurs, its more likely that it
matched something in the preceeding output. i asked because this kind of
usually just moves the problem elsewhere. it might just be better to deal
with recovering from the error and re-enter 'enable'.
Johan Ryberg
2012-07-27 19:35:44 UTC
Permalink
Thanks =)

I have been running this code with both tacacs enabled switches and
with local only authentication since the post without any problems.

All changes are committed to cvs and I have not noticed any other issues.

I will however look at the banner to see if it match something else.
If I got time I will look at it on Monday.

Best regards Johan
Post by heasley
Post by Johan Ryberg
Hi.
I where having big problems when I enabled tacacs authentication for
HP 2810-24G switches and I found two issues that made rancid
(hpuifilder) to consume 100% cpu and it hang there forever.
First problem, the enable prompt
The switch are using "Login:" and I think this could be changed in the
default userprompt from "(Username|login|user name):" to
"(Username|[Ll]ogin|user name):"
--- /usr/local/bin/hlogin Fri Jul 13 10:12:12 2012
+++ hlogin Fri Jul 13 10:58:19 2012
@@ -697,7 +697,7 @@
# Figure out prompts
set u_prompt [find userprompt $router]
if { "$u_prompt" == "" } {
- set u_prompt "(Username|login|user name):"
+ set u_prompt "(Username|[Ll]ogin|user name):"
} else {
set u_prompt [join [lindex $u_prompt 0] ""]
}
committed.
Post by Johan Ryberg
Second problem, hlogin was to fast to enter the enable command after
login. The only letters that where written to the console was "nable".
I could reproduce this every time. The fix was to add a sleep in
hlogin after the "welcome prompt"
--- /usr/local/bin/hlogin Fri Jul 13 10:40:23 2012
+++ /usr/local/bin/hlogin Fri Jul 13 10:12:12 2012
@@ -394,6 +394,7 @@
expect {
"Press any key to continue" {
send " "
+ sleep 1
exp_continue
}
"Enter switch number to connect to or <CR>:" {
For the record. I'm using rancid 2.3.8 on OpenBSD 5.1
Are you sure? usually when behavior like occurs, its more likely that it
matched something in the preceeding output. i asked because this kind of
usually just moves the problem elsewhere. it might just be better to deal
with recovering from the error and re-enter 'enable'.
Johan Ryberg
2012-07-30 07:58:32 UTC
Permalink
This is the banner. I have replaced username and hostname. Maybe it's
the "Press any key to continuesome.host.name>" that is the problem.
The switch does not put any space between continue and the hostname.

This may fail
expect {
"Press any key to continue" {
send " "
exp_continue
}

-- Johan Ryberg

spawn hpuifilter -- ssh -c 3des -x -l someusername some.host.name We'd
like to keep you up to date about:
* Software feature updates
* New product announcements
* Special events

Please register your products now at: www.ProCurve.com

***@some.host.name's password:
ProCurve J9021A Switch 2810-24G
Software revision N.11.52

Copyright (C) 1991-2011 Hewlett-Packard Co. All Rights Reserved.

RESTRICTED RIGHTS LEGEND

Use, duplication, or disclosure by the Government is subject to restrictions
as set forth in subdivision (b) (3) (ii) of the Rights in Technical Data and
Computer Software clause at 52.227-7013.

HEWLETT-PACKARD COMPANY, 3000 Hanover St., Palo Alto, CA 94303

Press any key to continuesome.host.name> enable Login:someusername
Enable password:
hostname#
Post by Johan Ryberg
Thanks =)
I have been running this code with both tacacs enabled switches and
with local only authentication since the post without any problems.
All changes are committed to cvs and I have not noticed any other issues.
I will however look at the banner to see if it match something else.
If I got time I will look at it on Monday.
Best regards Johan
Post by heasley
Post by Johan Ryberg
Hi.
I where having big problems when I enabled tacacs authentication for
HP 2810-24G switches and I found two issues that made rancid
(hpuifilder) to consume 100% cpu and it hang there forever.
First problem, the enable prompt
The switch are using "Login:" and I think this could be changed in the
default userprompt from "(Username|login|user name):" to
"(Username|[Ll]ogin|user name):"
--- /usr/local/bin/hlogin Fri Jul 13 10:12:12 2012
+++ hlogin Fri Jul 13 10:58:19 2012
@@ -697,7 +697,7 @@
# Figure out prompts
set u_prompt [find userprompt $router]
if { "$u_prompt" == "" } {
- set u_prompt "(Username|login|user name):"
+ set u_prompt "(Username|[Ll]ogin|user name):"
} else {
set u_prompt [join [lindex $u_prompt 0] ""]
}
committed.
Post by Johan Ryberg
Second problem, hlogin was to fast to enter the enable command after
login. The only letters that where written to the console was "nable".
I could reproduce this every time. The fix was to add a sleep in
hlogin after the "welcome prompt"
--- /usr/local/bin/hlogin Fri Jul 13 10:40:23 2012
+++ /usr/local/bin/hlogin Fri Jul 13 10:12:12 2012
@@ -394,6 +394,7 @@
expect {
"Press any key to continue" {
send " "
+ sleep 1
exp_continue
}
"Enter switch number to connect to or <CR>:" {
For the record. I'm using rancid 2.3.8 on OpenBSD 5.1
Are you sure? usually when behavior like occurs, its more likely that it
matched something in the preceeding output. i asked because this kind of
usually just moves the problem elsewhere. it might just be better to deal
with recovering from the error and re-enter 'enable'.
Loading...