Discussion:
[rancid] cloginrc
Joshua Krause
2008-01-15 22:03:31 UTC
Permalink
I have a question about the .cloginrc file. I have a number of switches
that I am currently backing up the configs with and would like to add my pix
firewalls. Currently I have this in my cloginrc file:



## Routers and Switches

add user * user

add password * {password}

add autoenable * 1



And I was going to add this for the pix firewalls that used ssh:

## Pix Firewalls

add password gsonc-spg-pix* {radius pass} {enablepass}

add method gsonc-spg-pix* ssh



add password *501 {radius pass} {enablepass}

add method *501 ssh



So my config looks like this now:

## Routers and Switches

add user * user

add password * {password}

add autoenable * 1



## Pix Firewalls

add password gsonc-spg-pix* {radius pass} {enablepass}

add method gsonc-spg-pix* ssh



add password *501 {radius pass} {enablepass}

add method *501 ssh





But my logfile says that the pixes are timeing out at login. Can someone
help me out with this?



Thanks,



Josh
Sam Munzani
2008-01-15 22:12:49 UTC
Permalink
Joshua,

move the "*" section at the end. More specific regex should go 1st
otherwise it will match at your 1st wild card and never evaluate the others.

Sam
Post by Joshua Krause
I have a question about the .cloginrc file. I have a number of
switches that I am currently backing up the configs with and would
## Routers and Switches
add user * user
add password * {password}
add autoenable * 1
## Pix Firewalls
add password gsonc-spg-pix* {radius pass} {enablepass}
add method gsonc-spg-pix* ssh
add password *501 {radius pass} {enablepass}
add method *501 ssh
## Routers and Switches
add user * user
add password * {password}
add autoenable * 1
## Pix Firewalls
add password gsonc-spg-pix* {radius pass} {enablepass}
add method gsonc-spg-pix* ssh
add password *501 {radius pass} {enablepass}
add method *501 ssh
But my logfile says that the pixes are timeing out at login. Can
someone help me out with this?
Thanks,
Josh
------------------------------------------------------------------------
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
Chris Moody
2008-01-15 22:20:48 UTC
Permalink
You have to put your more-specific matches higher in the list...before
the wildcard "*" matches you have.

It should look like this:
------------------------
add user hostxxx {username}
add password hostxxx {password} {enable_password}
add method hostxxx {ssh}
add cyphertype hostxxx {3des} <--- only really necessary for DES

add user * {username}
add password * {password} {enable_password}
...
and so on

What's happening is that you're matching on the wildcard pattern before
ever getting to the more specific lines.

Cheers,
-Chris
Post by Joshua Krause
I have a question about the .cloginrc file. I have a number of switches
that I am currently backing up the configs with and would like to add my
## Routers and Switches
add user * user
add password * {password}
add autoenable * 1
## Pix Firewalls
add password gsonc-spg-pix* {radius pass} {enablepass}
add method gsonc-spg-pix* ssh
add password *501 {radius pass} {enablepass}
add method *501 ssh
## Routers and Switches
add user * user
add password * {password}
add autoenable * 1
## Pix Firewalls
add password gsonc-spg-pix* {radius pass} {enablepass}
add method gsonc-spg-pix* ssh
add password *501 {radius pass} {enablepass}
add method *501 ssh
But my logfile says that the pixes are timeing out at login. Can
someone help me out with this?
Thanks,
Josh
------------------------------------------------------------------------
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
Loading...