rivlogin problem

Andrew Fort afort at choqolat.org
Wed Jun 16 03:45:35 UTC 2004 

Scott B. Lowe wrote:
> I am having another issue with Riverstone gear.

Hi, Scott

> I use tacacs+ to login to my Riverstone gear.  To login I enter the 
> tac_username then the tac_password.  The enable password and vty 
> password are the same on the Riverstone.  According to the 
> documentation, I set up .cloginrc to look like this
> 
> add password my.river.stone          {enable&vtypass}     {enable&vtypass}
> add user my.river.stone                  {tacuser}
> add userpassword my.river.stone   {tacuserpass}

We're using RADIUS here, but it should be the same.  The 'add password' 
line handling changed for rivlogin around about rancid 2.2bsomething - 
if the following suggestion doesn't work, try going to rancid 2.3. 
Also, non TAC+ logins were broken.

In the newer version...

For your add password line, the first password on the line should be the 
password you enter immediately after "Press RETURN to activate 
console...".

The second password is the last resort password (i.e., when you've 
logged in using that first password, you go to enable, and your TACACS+ 
credentials cannot be checked because the AAA server is 'unreachable' 
(buggy network code on the Enterasys shows this up regularly)).

The userpassword is your tac+ user password, and the user is your tac+ 
user. (This handling hasn't changed).

> When I run the rivlogin for the router It logs in fine using the tacacs 
> username and password but gives a bad-password error when it trys the 
> enable command.  If I disable tacacs and set up .cloginrc to just use 
> the last-resort/enable password for a login it goes all the way through 
> to enable mode just fine.  This leads me to believe that rivlogin is 
> trying to use the {tacuserpass}  for enable instead of 
> {enable&vtypass}.  Perhaps I have missed something in the config?  Any 
> help would be greatly appreciated.

Yes, it would appear you've run across a bug I introduced to rivlogin. 
(oops)

Please try the newest available version on the ftp.shrubbery.net server, 
and if you like mail me off-list if you're still having trouble.

-Andrew

More information about the Rancid-discuss mailing list