[rancid] Re: extreme issues
andy
andy at shady.org
Wed Apr 19 16:00:44 UTC 2006
Just to follow up:
----- Forwarded message from andy <andy at shady.org> -----
Date: Mon, 17 Apr 2006 12:44:28 +0100
From: andy <andy at shady.org>
To: john heasley <heas at shrubbery.net>
Subject: Re: extreme issues
I have attached a script output of the entire session.
We dont use local users so Ive logged into the switch as an admin user.
If you need me to, I can create a local user and dump the output from that session also.
cheers
On Sun, Apr 16, 2006 at 03:33:48PM +0000, john heasley wrote:
> can you show me the prompt/clogin without tacacs?
>
> Fri, Apr 14, 2006 at 07:04:16PM +0100, andy:
> > Hi,
> >
> > Ive been using rancid for quite some time now, and we decided to roll out tac_plus for auth on our extremes.
> > Basically, rancid then stopped working.
> >
> > Ive been using tac_plus for junipers for a while quite successfully. All good.
> > So, basically, I have a user called "look" that i use for rancid.
> >
> > This is the tac_plus conf for the look group:
> >
> > group = tier1
> > {
> > ## extreme tacacs configuration
> > default service = deny
> > cmd = show {
> > permit configuration
> > permit version
> > permit memory
> > permit switch
> > permit slot
> > permit diag
> > deny .*
> > }
> > cmd = disable {
> > permit clipaging
> > deny .*
> > }
> >
> > ## cli service for junipers
> > service = junos-exec
> > {
> > priv_lvl = 15
> > local-user-name = tier1
> > allow-commands = ""
> > allow-configuration = ""
> > deny-commands = "monitor|request|file"
> > deny-configuration = ""
> > }
> > }
> >
> > I was running the ports version of rancd when stuff broke but ive now downloaded the latest version.
> > It still appears fairly broken though with our new config. I know that the prompt changed when we moved from using an
> > admin user to a non-admin user.
> >
> > Is there a fix for the errors below.
> >
> > cheers
> >
> > this is the output when i try to run clogin
> >
> > carp:~$ ./clogin -c "show version;show version" tallaght-switch.internal.nw
> > tallaght-switch.internal.nw
> > spawn ssh -c 3des -x -l andy tallaght-switch.internal.nw
> > andy at tallaght-switch.internal.nw's password:
> >
> > ExtremeWare
> > Copyright (C) 1996-2003 Extreme Networks. All rights reserved.
> > ===============================================================
> >
> > Press the <tab> key at any time for completions.
> > Tallaght Summit 48si::1 > can't read "expect_out(2,string)": no such element in array
> > while executing
> > "set prompt ".? ?$junk\[0-9]+ $expect_out(2,string)""
> > invoked from within
> > "expect -nobrace -re {[
> > ]+} { exp_continue; } -re {^(.+:)1 >} { # stoopid extreme cmd-line numbers and
> > # prompt based on state of config changes..."
> > invoked from within
> > "expect {
> > -re "\[\r\n]+" { exp_continue; }
> > -re "^(.+:)1 $prompt" { # stoopid extreme cmd-line numbers and
> > # prompt based on state of config ch..."
> > ("foreach" body line 125)
> > invoked from within
> > "foreach router [lrange $argv $i end] {
> > set router [string tolower $router]
> > send_user "$router\n"
> >
> > # Figure out the prompt.
> > # autoenabl..."
> > (file "./clogin" line 686)
> > carp:~$ ./clogin -autoenable -c "show version;show version" tallaght-switch.internal.nw
> > tallaght-switch.internal.nw
> > spawn ssh -c 3des -x -l andy tallaght-switch.internal.nw
> > andy at tallaght-switch.internal.nw's password:
> >
> > ExtremeWare
> > Copyright (C) 1996-2003 Extreme Networks. All rights reserved.
> > ===============================================================
> >
> > Press the <tab> key at any time for completions.
> > Tallaght Summit 48si::1 >
> > ^C^C^Ccarp:~$ ./clogin -noenable -c "show version;show version" tallaght-switch.internal.nw
> > tallaght-switch.internal.nw
> > spawn ssh -c 3des -x -l andy tallaght-switch.internal.nw
> > andy at tallaght-switch.internal.nw's password:
> >
> > ExtremeWare
> > Copyright (C) 1996-2003 Extreme Networks. All rights reserved.
> > ===============================================================
> >
> > Press the <tab> key at any time for completions.
> > Tallaght Summit 48si::1 > can't read "expect_out(2,string)": no such element in array
> > while executing
> > "set prompt ".? ?$junk\[0-9]+ $expect_out(2,string)""
> > invoked from within
> > "expect -nobrace -re {[
> > ]+} { exp_continue; } -re {^(.+:)1 >} { # stoopid extreme cmd-line numbers and
> > # prompt based on state of config changes..."
> > invoked from within
> > "expect {
> > -re "\[\r\n]+" { exp_continue; }
> > -re "^(.+:)1 $prompt" { # stoopid extreme cmd-line numbers and
> > # prompt based on state of config ch..."
> > ("foreach" body line 125)
> > invoked from within
> > "foreach router [lrange $argv $i end] {
> > set router [string tolower $router]
> > send_user "$router\n"
> >
> > # Figure out the prompt.
> > # autoenabl..."
> > (file "./clogin" line 686)
> >
> >
> > --
> > andy andy at shady.org
> > -----------------------------------------------
> > Never argue with an idiot. They drag you down
> > to their level, then beat you with experience.
> > -----------------------------------------------
>
--
andy andy at shady.org
-----------------------------------------------
Never argue with an idiot. They drag you down
to their level, then beat you with experience.
-----------------------------------------------
Script started on Mon Apr 17 12:38:37 2006
�[1mcarp�[m�[4m:�[1m�[24m~#�[mtcsh����cd /usr/ports/editors/�[22Dlocate vim�[K�[10Dcd /usr/ports/editors/�[22Dtcsh�[K�����[Kssh admin at nssc-switch.internal.nw
The authenticity of host 'nssc-switch.internal.nw (10.5.16.8)' can't be established.
DSA key fingerprint is 63:5d:e7:6a:25:d6:5c:3d:a4:0a:4e:2a:a5:5e:fd:83.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'nssc-switch.internal.nw' (DSA) to the list of known hosts.
admin at nssc-switch.internal.nw's password:
Permission denied, please try again.
admin at nssc-switch.internal.nw's password:
Permission denied, please try again.
admin at nssc-switch.internal.nw's password:
ExtremeWare
Copyright (C) 1996-2005 Extreme Networks. All rights reserved.
Protected by U.S Patent Nos 6,678,248; 6,104,700; 6,766,482; 6,618,388; 6,034,957
==============================================================================
Press the <tab> key at any time for completions.
Remember to save your configuration changes.
* NSSC::1 # show version
System Serial Number: 800099-03-07 05155-01269 CLEI: QC: CP:03
CPU ID: 700070-00-06 05145-00992 CP:03
Image : Extremeware Version 7.4.2.6 [ssh] [base] by Release_Master on 09/13/05 13:23:15
BootROM : 8.2
* NSSC::2 # enab
Next possible completions:
access-list accounting alt-queue-management application arp-learning
autodst bgp bootp bootprelay cli-config-logging cli-prompt-number
clipaging cpu-dos-protect dhcp diffserv dlcs dot1p dvmrp eaps edp
elrp-client elsm enhanced-dos-protect esrp esrp-aware ext-mcast
fdb-scan flooding flow-control flow-redirect flowstats gvrp icmp
idletimeouts igmp ignore-bpdu ignore-stp ip-option ip-subnet-lookup
iparp ipforwarding ipmcforwarding iproute ipxrip ipxsap irdp isis isq
jitter-tolerance jumbo-frame lbdetect learning license lldp log
loopback-mode lpm mac-vlan mcast-queue-mgmt mirroring multinetting nat
netlogin ospf pim ports qosmonitor radius radius-accounting red rip
rmon sflow sharing slb slot smartredundancy snmp sntp-client
source-ip-lockdown ssh2 stpd subvlan-proxy-arp sys-health-check syslog
system-watchdog tacacs tacacs-accounting tacacs-authorization telnet
temperature-logging transceiver-test trusted-mac-address type20
udp-echo-server udp-forwarding vrrp web <access list> <eaps domain>
<flow redirect> <spanning tree name>
�[2K
* NSSC::2 # enable clip
Next possible completions:
<cr> session
�[2K
* NSSC::2 # enable clipaging
* NSSC::3 # save
Do you want to save to the primary configuration database? yes
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>!.
Verifying the configuration...
Done!
Saved to primary configuration database.
NSSC::4 # qConnection to nssc-switch.internal.nw closed.
Exit 255
�[1mcarp�[m�[4m:�[1m�[24m~#�[m^D��exit
Script done on Mon Apr 17 12:40:04 2006
----- End forwarded message -----
--
andy andy at shady.org
-----------------------------------------------
Never argue with an idiot. They drag you down
to their level, then beat you with experience.
-----------------------------------------------
More information about the Rancid-discuss
mailing list