Discussion:
[rancid] authentication groups on .cloginrc file
Alejandro Sanchez
2011-07-20 14:37:44 UTC
Permalink
Hi guys,



Is there a way to create different ways of authentication?

I have some devices that have tacacs and some just user/pass



Also I have some that have autoenable.



Thanks



Best Regards



Alejandro Sánchez Lucas
Network Specialist

SITEL EMEA GNS



**CONFIDENTIAL NOTICE**
This e-mail and any files transmitted with it may contain PRIVILEGED or CONFIDENTIAL information and may be read or used only by the intended recipient. If you are not the intended recipient of the e-mail or any of its attachments, please be advised that you have received this e-mail in error and that any use, dissemination, distribution, forwarding, printing, or copying of this e-mail or any attached files is strictly prohibited. If you have received this e-mail in error, please immediately purge it and all attachments and notify the sender by reply e-mail.
Jeremy Bresley
2011-07-20 15:19:58 UTC
Permalink
Yes, the cloginrc is parsed in order. So you can put your defaults as a
* entry at the bottom of the file, and have your more specific entries
above it.

Something like:

add user router123 localuser1

add user router* tacacsuser1

add user * tacacsuser2

router123 would use localuser1, all other devices matching router* would
use tacacsuser1, and everything else would use tacacsuser2.
Passwords/autoenable settings can be done this way as well.

Jeremy
Post by Alejandro Sanchez
Hi guys,
Is there a way to create different ways of authentication?
I have some devices that have tacacs and some just user/pass
Also I have some that have autoenable.
Thanks
Best Regards
**Alejandro Sánchez Lucas***
*Network Specialist
SITEL EMEA GNS
**CONFIDENTIAL NOTICE**
This e-mail and any files transmitted with it may contain PRIVILEGED
or CONFIDENTIAL information and may be read or used only by the
intended recipient. If you are not the intended recipient of the
e-mail or any of its attachments, please be advised that you have
received this e-mail in error and that any use, dissemination,
distribution, forwarding, printing, or copying of this e-mail or any
attached files is strictly prohibited. If you have received this
e-mail in error, please immediately purge it and all attachments and
notify the sender by reply e-mail.
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
Alejandro Sanchez
2011-07-21 08:21:58 UTC
Permalink
Its partly solved now.

The problema I have is that, half of my boxes have tacacs and the others have normal user/pass. How can I set up the other generic access instead of adding device per device?



So 2 generic access, one tacacs, that I already did but I need the other non-tacacs one



Many thanks



Alejandro Sánchez Lucas
Network Specialist

SITEL EMEA GNS

________________________________

De: rancid-discuss-***@shrubbery.net [mailto:rancid-discuss-***@shrubbery.net] En nombre de Jeremy Bresley
Enviado el: miércoles, 20 de julio de 2011 17:20
Para: rancid-***@shrubbery.net
Asunto: Re: [rancid] authentication groups on .cloginrc file



Yes, the cloginrc is parsed in order. So you can put your defaults as a * entry at the bottom of the file, and have your more specific entries above it.

Something like:

add user router123 localuser1

add user router* tacacsuser1

add user * tacacsuser2

router123 would use localuser1, all other devices matching router* would use tacacsuser1, and everything else would use tacacsuser2. Passwords/autoenable settings can be done this way as well.

Jeremy

On 7/20/2011 9:37 AM, Alejandro Sanchez wrote:

Hi guys,



Is there a way to create different ways of authentication?

I have some devices that have tacacs and some just user/pass



Also I have some that have autoenable.



Thanks



Best Regards



Alejandro Sánchez Lucas
Network Specialist

SITEL EMEA GNS



**CONFIDENTIAL NOTICE**
This e-mail and any files transmitted with it may contain PRIVILEGED or CONFIDENTIAL information and may be read or used only by the intended recipient. If you are not the intended recipient of the e-mail or any of its attachments, please be advised that you have received this e-mail in error and that any use, dissemination, distribution, forwarding, printing, or copying of this e-mail or any attached files is strictly prohibited. If you have received this e-mail in error, please immediately purge it and all attachments and notify the sender by reply e-mail.



_______________________________________________
Rancid-discuss mailing list
Rancid-***@shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss



**CONFIDENTIAL NOTICE**
This e-mail and any files transmitted with it may contain PRIVILEGED or CONFIDENTIAL information and may be read or used only by the intended recipient. If you are not the intended recipient of the e-mail or any of its attachments, please be advised that you have received this e-mail in error and that any use, dissemination, distribution, forwarding, printing, or copying of this e-mail or any attached files is strictly prohibited. If you have received this e-mail in error, please immediately purge it and all attachments and notify the sender by reply e-mail.
Alejandro Sanchez
2011-07-27 15:01:39 UTC
Permalink
Team,

Any ideas on this?



Best Regards



Alejandro Sánchez Lucas
Network Specialist

SITEL EMEA GNS



________________________________

De: Alejandro Sanchez
Enviado el: jueves, 21 de julio de 2011 10:22
Para: 'Jeremy Bresley'; rancid-***@shrubbery.net
Asunto: RE: [rancid] authentication groups on .cloginrc file



Its partly solved now.

The problem I have is that, half of my boxes have tacacs and the others have normal user/pass. How can I set up the other generic access instead of adding device per device?



So 2 generic access, one tacacs, that I already did but I need the other non-tacacs one



Many thanks



Alejandro Sánchez Lucas
Network Specialist

SITEL EMEA GNS

________________________________

De: rancid-discuss-***@shrubbery.net [mailto:rancid-discuss-***@shrubbery.net] En nombre de Jeremy Bresley
Enviado el: miércoles, 20 de julio de 2011 17:20
Para: rancid-***@shrubbery.net
Asunto: Re: [rancid] authentication groups on .cloginrc file



Yes, the cloginrc is parsed in order. So you can put your defaults as a * entry at the bottom of the file, and have your more specific entries above it.

Something like:

add user router123 localuser1

add user router* tacacsuser1

add user * tacacsuser2

router123 would use localuser1, all other devices matching router* would use tacacsuser1, and everything else would use tacacsuser2. Passwords/autoenable settings can be done this way as well.

Jeremy

On 7/20/2011 9:37 AM, Alejandro Sanchez wrote:

Hi guys,



Is there a way to create different ways of authentication?

I have some devices that have tacacs and some just user/pass



Also I have some that have autoenable.



Thanks



Best Regards



Alejandro Sánchez Lucas
Network Specialist

SITEL EMEA GNS



**CONFIDENTIAL NOTICE**
This e-mail and any files transmitted with it may contain PRIVILEGED or CONFIDENTIAL information and may be read or used only by the intended recipient. If you are not the intended recipient of the e-mail or any of its attachments, please be advised that you have received this e-mail in error and that any use, dissemination, distribution, forwarding, printing, or copying of this e-mail or any attached files is strictly prohibited. If you have received this e-mail in error, please immediately purge it and all attachments and notify the sender by reply e-mail.



_______________________________________________
Rancid-discuss mailing list
Rancid-***@shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss



**CONFIDENTIAL NOTICE**
This e-mail and any files transmitted with it may contain PRIVILEGED or CONFIDENTIAL information and may be read or used only by the intended recipient. If you are not the intended recipient of the e-mail or any of its attachments, please be advised that you have received this e-mail in error and that any use, dissemination, distribution, forwarding, printing, or copying of this e-mail or any attached files is strictly prohibited. If you have received this e-mail in error, please immediately purge it and all attachments and notify the sender by reply e-mail.
Alejandro Sanchez
2011-07-29 11:38:10 UTC
Permalink
Hi team

I am desperated.

Still having issues with the authentication:



I have the following:



Add autoenable * 1

Add user * alex

Add pass * alexpass



Add autoenable * 0

Add user x.x.x.x alex

Add pass x.x.x.x alexpass alexenapass



The problem is that the second group is not being executed, so this box, is not being checked



Any ideas?



Alex

________________________________

De: rancid-discuss-***@shrubbery.net [mailto:rancid-discuss-***@shrubbery.net] En nombre de Alejandro Sanchez
Enviado el: miércoles, 27 de julio de 2011 17:02
Para: rancid-***@shrubbery.net
Asunto: Re: [rancid] authentication groups on .cloginrc file



Team,

Any ideas on this?



Best Regards



Alejandro Sánchez Lucas
Network Specialist

SITEL EMEA GNS



________________________________

De: Alejandro Sanchez
Enviado el: jueves, 21 de julio de 2011 10:22
Para: 'Jeremy Bresley'; rancid-***@shrubbery.net
Asunto: RE: [rancid] authentication groups on .cloginrc file



Its partly solved now.

The problem I have is that, half of my boxes have tacacs and the others have normal user/pass. How can I set up the other generic access instead of adding device per device?



So 2 generic access, one tacacs, that I already did but I need the other non-tacacs one



Many thanks



Alejandro Sánchez Lucas
Network Specialist

SITEL EMEA GNS

________________________________

De: rancid-discuss-***@shrubbery.net [mailto:rancid-discuss-***@shrubbery.net] En nombre de Jeremy Bresley
Enviado el: miércoles, 20 de julio de 2011 17:20
Para: rancid-***@shrubbery.net
Asunto: Re: [rancid] authentication groups on .cloginrc file



Yes, the cloginrc is parsed in order. So you can put your defaults as a * entry at the bottom of the file, and have your more specific entries above it.

Something like:

add user router123 localuser1

add user router* tacacsuser1

add user * tacacsuser2

router123 would use localuser1, all other devices matching router* would use tacacsuser1, and everything else would use tacacsuser2. Passwords/autoenable settings can be done this way as well.

Jeremy

On 7/20/2011 9:37 AM, Alejandro Sanchez wrote:

Hi guys,



Is there a way to create different ways of authentication?

I have some devices that have tacacs and some just user/pass



Also I have some that have autoenable.



Thanks



Best Regards



Alejandro Sánchez Lucas
Network Specialist

SITEL EMEA GNS



**CONFIDENTIAL NOTICE**
This e-mail and any files transmitted with it may contain PRIVILEGED or CONFIDENTIAL information and may be read or used only by the intended recipient. If you are not the intended recipient of the e-mail or any of its attachments, please be advised that you have received this e-mail in error and that any use, dissemination, distribution, forwarding, printing, or copying of this e-mail or any attached files is strictly prohibited. If you have received this e-mail in error, please immediately purge it and all attachments and notify the sender by reply e-mail.



_______________________________________________
Rancid-discuss mailing list
Rancid-***@shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss



**CONFIDENTIAL NOTICE**
This e-mail and any files transmitted with it may contain PRIVILEGED or CONFIDENTIAL information and may be read or used only by the intended recipient. If you are not the intended recipient of the e-mail or any of its attachments, please be advised that you have received this e-mail in error and that any use, dissemination, distribution, forwarding, printing, or copying of this e-mail or any attached files is strictly prohibited. If you have received this e-mail in error, please immediately purge it and all attachments and notify the sender by reply e-mail.

**CONFIDENTIAL NOTICE**
This e-mail and any files transmitted with it may contain PRIVILEGED or CONFIDENTIAL information and may be read or used only by the intended recipient. If you are not the intended recipient of the e-mail or any of its attachments, please be advised that you have received this e-mail in error and that any use, dissemination, distribution, forwarding, printing, or copying of this e-mail or any attached files is strictly prohibited. If you have received this e-mail in error, please immediately purge it and all attachments and notify the sender by reply e-mail.
Gareth Hopkins
2011-07-29 12:38:26 UTC
Permalink
Hi,

Put your second group with the listed IP's at the top of the file.

What's happening is you are matching * from the first group for everything.

Cheers,

Gareth
**
Hi team****
I am desperated.****
Still having issues with the authentication:****
** **
I have the following:****
** **
Add autoenable * 1****
Add user * alex****
Add pass * alexpass****
** **
Add autoenable * 0****
Add user x.x.x.x alex****
Add pass x.x.x.x alexpass alexenapass****
** **
The problem is that the second group is not being executed, so this box, is
not being checked****
** **
Any ideas?****
** **
Alex ****
------------------------------
*Enviado el:* miércoles, 27 de julio de 2011 17:02
*Asunto:* Re: [rancid] authentication groups on .cloginrc file
****
** **
Team,****
Any ideas on this?****
** **
Best Regards****
** **
*Alejandro Sánchez Lucas**
*Network Specialist ****
SITEL EMEA GNS****
****
------------------------------
*De:* **Alejandro Sanchez**
*Enviado el:* jueves, 21 de julio de 2011 10:22
*Asunto:* RE: [rancid] authentication groups on .cloginrc file****
** **
Its partly solved now.****
The problem I have is that, half of my boxes have tacacs and the others
have normal user/pass. How can I set up the other generic access instead of
adding device per device?****
** **
So 2 generic access, one tacacs, that I already did but I need the other
non-tacacs one****
** **
Many thanks ****
** **
*Alejandro Sánchez Lucas**
*Network Specialist ****
SITEL EMEA GNS****
------------------------------
*Enviado el:* miércoles, 20 de julio de 2011 17:20
*Asunto:* Re: [rancid] authentication groups on .cloginrc file****
** **
Yes, the cloginrc is parsed in order. So you can put your defaults as a *
entry at the bottom of the file, and have your more specific entries above
it.
add user router123 localuser1
add user router* tacacsuser1
add user * tacacsuser2
router123 would use localuser1, all other devices matching router* would
use tacacsuser1, and everything else would use tacacsuser2.
Passwords/autoenable settings can be done this way as well.
Jeremy
On 7/20/2011 9:37 AM, **Alejandro Sanchez** wrote: ****
Hi guys,********
** ******
Is there a way to create different ways of authentication?********
I have some devices that have tacacs and some just user/pass********
** ******
Also I have some that have autoenable.********
** ******
Thanks********
** ******
Best Regards********
** ******
*Alejandro Sánchez Lucas**
*Network Specialist ********
SITEL EMEA GNS****
****
** ******
**CONFIDENTIAL NOTICE**
This e-mail and any files transmitted with it may contain PRIVILEGED or
CONFIDENTIAL information and may be read or used only by the intended
recipient. If you are not the intended recipient of the e-mail or any of its
attachments, please be advised that you have received this e-mail in error
and that any use, dissemination, distribution, forwarding, printing, or
copying of this e-mail or any attached files is strictly prohibited. If you
have received this e-mail in error, please immediately purge it and all
attachments and notify the sender by reply e-mail.****
** **
** **
_______________________________________________****
Rancid-discuss mailing list****
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss****
** **
**CONFIDENTIAL NOTICE**
This e-mail and any files transmitted with it may contain PRIVILEGED or
CONFIDENTIAL information and may be read or used only by the intended
recipient. If you are not the intended recipient of the e-mail or any of its
attachments, please be advised that you have received this e-mail in error
and that any use, dissemination, distribution, forwarding, printing, or
copying of this e-mail or any attached files is strictly prohibited. If you
have received this e-mail in error, please immediately purge it and all
attachments and notify the sender by reply e-mail.****
**CONFIDENTIAL NOTICE**
This e-mail and any files transmitted with it may contain PRIVILEGED or
CONFIDENTIAL information and may be read or used only by the intended
recipient. If you are not the intended recipient of the e-mail or any of its
attachments, please be advised that you have received this e-mail in error
and that any use, dissemination, distribution, forwarding, printing, or
copying of this e-mail or any attached files is strictly prohibited. If you
have received this e-mail in error, please immediately purge it and all
attachments and notify the sender by reply e-mail.
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
Loading...