[rancid] Re: extreme issues

andy andy at shady.org
Tue May 23 14:22:58 UTC 2006


An update on this issue:

clogin has stopped working with extreme with extremeIOS latest versions it seems.
This relates to both admin and local users, with or without TACACS+.

example1 (local admin user)

carp:~/rancid-2.3.2a4/bin$ ./clogin -c "show version" ballinteer-switch.internal.nw
ballinteer-switch.internal.nw
spawn ssh -c 3des -x -l admin ballinteer-switch.internal.nw
admin at ballinteer-switch.internal.nw's password:

ExtremeWare
Copyright (C) 1996-2005 Extreme Networks.  All rights reserved.
Protected by U.S Patent Nos 6,678,248; 6,104,700; 6,766,482; 6,618,388; 6,034,957
==============================================================================

Press the <tab> key at any time for completions.
Remember to save your configuration changes.
Ballinteer Summit 48si:1 #
Ballinteer Summit 48si:1 # ^]quit
^C^C^Ccarp:~/rancid-2.3.2a4/bin$

example2 (local non admin user)

carp:~/rancid-2.3.2a4/bin$ ./clogin -u look -p xxxxxxx -c "show version" ballinteer-switch.internal.nw
ballinteer-switch.internal.nw
spawn ssh -c 3des -x -l look ballinteer-switch.internal.nw
look at ballinteer-switch.internal.nw's password:

ExtremeWare
Copyright (C) 1996-2005 Extreme Networks.  All rights reserved.
Protected by U.S Patent Nos 6,678,248; 6,104,700; 6,766,482; 6,618,388; 6,034,957
==============================================================================

Press the <tab> key at any time for completions.
Ballinteer Summit 48si:1 >
Ballinteer Summit 48si:1 >Connection to ballinteer-switch.internal.nw closed.
carp:~/rancid-2.3.2a4/bin$


example3 (tacacs non admin user)

carp:~/rancid-2.3.2a4/bin$ ./clogin -u look -p xxxxxx -c "show version" athlone-switch.internal.nw
athlone-switch.internal.nw
spawn ssh -c 3des -x -l look athlone-switch.internal.nw
look at athlone-switch.internal.nw's password:

ExtremeWare
Copyright (C) 1996-2005 Extreme Networks.  All rights reserved.
Protected by U.S Patent Nos 6,678,248; 6,104,700; 6,766,482; 6,618,388; 6,034,957
==============================================================================

Press the <tab> key at any time for completions.
Summit48si:1 >
Summit48si:1 >Connection to athlone-switch.internal.nw closed.



The version of rancid is the latest version "rancid-2.3.2a4".


I believe this is due to a change in the prompt made by extreme in the last few releases of their firmware.

Does anyone have a working copy of clogin that works with local users with extreme switches as Ive never managed to get 
clogin working with a non-admin user?

clogin cvs revision number: clogin.in,v 1.94 2006/04/28

This extreme IOS change has also affected version "clogin.in,v 1.79" which is still the currently distrobuted ports 
version for FreeBSD.

I can supply outputs, in any enviroment with or without tacacs auth, using local or admin users if someone can fix the 
expect code used.

cheers
 


On Wed, Apr 19, 2006 at 05:02:04PM +0100, andy wrote:
> Follow up to list:
> 
> 
> 
> ----- Forwarded message from andy <andy at shady.org> -----
> 
> Date: Tue, 18 Apr 2006 20:52:32 +0100
> From: andy <andy at shady.org>
> To: john heasley <heas at shrubbery.net>
> Subject: Re: extreme issues
> 
> Do you have enough info to look into this issue?
> I can provide more if needed, Ive looked into it fairly closely now and I have to admit, without going right through
> the code, I would not be able to solve the issue.
> 
> I did some testing today however, and it seems the issue exists with a "user" account and no tacacs.
> I could only get clogin to work with the "admin" user using both versions 7.4 and the new 7.5.
> 
> cheers
> 
> 
> 
> On Sun, Apr 16, 2006 at 03:33:48PM +0000, john heasley wrote:
> > can you show me the prompt/clogin without tacacs?
> > 
> > Fri, Apr 14, 2006 at 07:04:16PM +0100, andy:
> > > Hi,
> > > 
> > > Ive been using rancid for quite some time now, and we decided to roll out tac_plus for auth on our extremes.
> > > Basically, rancid then stopped working.
> > > 
> > > Ive been using tac_plus for junipers for a while quite successfully. All good.
> > > So, basically, I have a user called "look" that i use for rancid.
> > > 
> > > This is the tac_plus conf for the look group:
> > > 
> > > group = tier1
> > > {
> > >   ## extreme tacacs configuration
> > >   default service = deny
> > >   cmd = show {
> > >         permit configuration
> > >         permit version
> > >         permit memory
> > >         permit switch
> > >         permit slot
> > >         permit diag
> > >         deny .*
> > >   }
> > >   cmd = disable {
> > >         permit clipaging
> > >         deny .*
> > >   }
> > > 
> > >   ## cli service for junipers
> > >   service = junos-exec
> > >   {
> > >   priv_lvl = 15
> > >     local-user-name = tier1
> > >     allow-commands = ""
> > >     allow-configuration = ""
> > >     deny-commands = "monitor|request|file"
> > >     deny-configuration = ""
> > >   }
> > > }
> > > 
> > > I was running the ports version of rancd when stuff broke but ive now downloaded the latest version.
> > > It still appears fairly broken though with our new config. I know that the prompt changed when we moved from using an 
> > > admin user to a non-admin user.
> > > 
> > > Is there a fix for the errors below.
> > > 
> > > cheers
> > > 
> > > this is the output when i try to run clogin
> > > 
> > > carp:~$ ./clogin -c "show version;show version" tallaght-switch.internal.nw
> > > tallaght-switch.internal.nw
> > > spawn ssh -c 3des -x -l andy tallaght-switch.internal.nw
> > > andy at tallaght-switch.internal.nw's password:
> > > 
> > > ExtremeWare
> > > Copyright (C) 1996-2003 Extreme Networks.  All rights reserved.
> > > ===============================================================
> > > 
> > > Press the <tab> key at any time for completions.
> > > Tallaght Summit 48si::1 > can't read "expect_out(2,string)": no such element in array
> > >     while executing
> > > "set prompt ".? ?$junk\[0-9]+ $expect_out(2,string)""
> > >     invoked from within
> > > "expect -nobrace -re {[
> > > ]+} { exp_continue; } -re {^(.+:)1 >} { # stoopid extreme cmd-line numbers and
> > >                                   # prompt based on state of config changes..."
> > >     invoked from within
> > > "expect {
> > >         -re "\[\r\n]+"          { exp_continue; }
> > >         -re "^(.+:)1 $prompt"   { # stoopid extreme cmd-line numbers and
> > >                                   # prompt based on state of config ch..."
> > >     ("foreach" body line 125)
> > >     invoked from within
> > > "foreach router [lrange $argv $i end] {
> > >     set router [string tolower $router]
> > >     send_user "$router\n"
> > > 
> > >     # Figure out the prompt.
> > >     # autoenabl..."
> > >     (file "./clogin" line 686)
> > > carp:~$ ./clogin -autoenable -c "show version;show version" tallaght-switch.internal.nw
> > > tallaght-switch.internal.nw
> > > spawn ssh -c 3des -x -l andy tallaght-switch.internal.nw
> > > andy at tallaght-switch.internal.nw's password:
> > > 
> > > ExtremeWare
> > > Copyright (C) 1996-2003 Extreme Networks.  All rights reserved.
> > > ===============================================================
> > > 
> > > Press the <tab> key at any time for completions.
> > > Tallaght Summit 48si::1 >
> > > ^C^C^Ccarp:~$ ./clogin -noenable -c "show version;show version" tallaght-switch.internal.nw
> > > tallaght-switch.internal.nw
> > > spawn ssh -c 3des -x -l andy tallaght-switch.internal.nw
> > > andy at tallaght-switch.internal.nw's password:
> > > 
> > > ExtremeWare
> > > Copyright (C) 1996-2003 Extreme Networks.  All rights reserved.
> > > ===============================================================
> > > 
> > > Press the <tab> key at any time for completions.
> > > Tallaght Summit 48si::1 > can't read "expect_out(2,string)": no such element in array
> > >     while executing
> > > "set prompt ".? ?$junk\[0-9]+ $expect_out(2,string)""
> > >     invoked from within
> > > "expect -nobrace -re {[
> > > ]+} { exp_continue; } -re {^(.+:)1 >} { # stoopid extreme cmd-line numbers and
> > >                                   # prompt based on state of config changes..."
> > >     invoked from within
> > > "expect {
> > >         -re "\[\r\n]+"          { exp_continue; }
> > >         -re "^(.+:)1 $prompt"   { # stoopid extreme cmd-line numbers and
> > >                                   # prompt based on state of config ch..."
> > >     ("foreach" body line 125)
> > >     invoked from within
> > > "foreach router [lrange $argv $i end] {
> > >     set router [string tolower $router]
> > >     send_user "$router\n"
> > > 
> > >     # Figure out the prompt.
> > >     # autoenabl..."
> > >     (file "./clogin" line 686)
> > > 
> > > 
> > > -- 
> > > andy    andy at shady.org
> > > -----------------------------------------------
> > > Never argue with an idiot. They drag you down 
> > > to their level, then beat you with experience.
> > > ----------------------------------------------- 
> > 
> 
> -- 
> andy    andy at shady.org
> -----------------------------------------------
> Never argue with an idiot. They drag you down 
> to their level, then beat you with experience.
> ----------------------------------------------- 
> 
> ----- End forwarded message -----
> 
> -- 
> andy    andy at shady.org
> -----------------------------------------------
> Never argue with an idiot. They drag you down 
> to their level, then beat you with experience.
> ----------------------------------------------- 
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
> 

-- 
andy    andy at shady.org
-----------------------------------------------
Never argue with an idiot. They drag you down 
to their level, then beat you with experience.
----------------------------------------------- 



More information about the Rancid-discuss mailing list