[rancid] Re: does clogin work for Cisco FWSM ?

Lourdes Llorente lllorente at amadeus.com
Wed Oct 18 13:08:37 UTC 2006


Just for trying, I tried to run rancid for the fws and it downloads the 
configs, although the commands for routers terminal length 0 and for the 
fws terminal monitor 0 are different..
So it works anyway !
I will have to look inside the script "rancid" to find it why...
But I am happy so rancid can manage also the FWs modules..
Thanks for your time !

Cheers, 
Lourdes







Lourdes Llorente/MUC/AMADEUS
10/18/06 02:28 PM

To
david_laporte at harvard.edu
cc
rancid-discuss at shrubbery.net
Subject
Re: [rancid]  does clogin work for Cisco FWSM ?





Hi Dave,
at the end I managed...
What I have done in : 
add password mucfwt10  {pw} {enable-pw}

is to set up, instead of the enable-pw locally installed in the fw, I have 
put the Tacacs password for the user rancid... and it works.,
Now I have to trigger a little bit the scripts because for the fws is not 
valid anymore the command "terminal length 0", if not the command 
"terminal monitor 0"
The rest, (regarding at least the show config )looks the same..
 

Best regards

Lourdes







David LaPorte <david_laporte at harvard.edu>
Please respond to david_laporte at harvard.edu
10/17/06 05:48 PM

To
Lourdes Llorente <lllorente at amadeus.com>
cc



Subject
Re: [rancid]  does clogin work for Cisco FWSM ?






My authentication is also done through TACACS.  You've tried it with the
"add password" line and it still fails?


Dave

Lourdes Llorente wrote:
> 
> Hi David!
> 
> Stil does not work... :o( , still does not find the password. The
> authentication is done through Tacacs this is why it looks a little bit
> different..
> 
> Look at my config in .cloginrc
> 
> add method fwt10  {ssh}
> add user fwt10 {rancid}
> add userpassword fwt10 {password}
> 
> Thanks a lot for your help..
> Cheers
> 
> 
> 
> 
> *David LaPorte <david_laporte at harvard.edu>*
> Please respond to david_laporte at harvard.edu
> 
> 10/17/06 05:29 PM
> 
> 
> To
>                Lourdes Llorente <lllorente at amadeus.com>
> cc
> 
> 
> Subject
>                Re: [rancid]  does clogin work for Cisco FWSM ?
> 
> 
> 
> 
> 
> 
> 
> 
> here's what my .cloginrc looks like for that particular element:
> 
> add method oxfw1 {ssh}
> add user * rancid
> add password * {rancid_pass} {enable_pass}
> 
> I don't believe "enauser" and "userpassword" are necessary.
> 
> Dave
> 
> Lourdes Llorente wrote:
>>
>> Hello !
>>
>> clogin fwt10
>> fwt10
>>
>> Error: no password for fwt10 in /export/home/guest/.cloginrc.
>>
>> Cheers,
>> Lourdes
>>
>>
>>
>>
>>
>> *David LaPorte <david_laporte at harvard.edu>*
>> Please respond to david_laporte at harvard.edu
>>
>> 10/17/06 05:08 PM
>>
>> 
>> To
>>                  Lourdes Llorente <lllorente at amadeus.com>
>> cc
>> 
>> 
>> Subject
>>                  Re: [rancid]  does clogin work for Cisco FWSM ?
>>
>>
>> 
>>
>>
>>
>>
>>
>> This is what a clogin transcript logging into one of my FWSMs looks 
like:
>>
>> -bash-2.05b$ ./clogin oxfw1
>> oxfw1
>> spawn ssh -c 3des -x -l rancid oxfw1
>> rancid at oxfw1's password:
>>
>> ********************* W A R N I N G *********************
>>
>> This system is for authorized users at Harvard University.
>>                No other use is permitted.
>>
>> ***** Harvard University Network Operations Center *******
>> ********************* (617) 496-4736 *********************
>>
>> Type help or '?' for a list of available commands.
>> oxfw1>
>> oxfw1> enable
>> Password: *********
>> oxfw1#
>>
>>
>>
>> Can you send me what yours looks like?
>>
>> thanks,
>> Dave
>>
>> Lourdes Llorente wrote:
>>>
>>> Thanks for your answer !
>>> But do you have a special prompt ?
>>> For some reason when typing "clogin fwt10", it does not find the pw 
for
>>> the fw10.
>>>
>>> And my .cloginrc looks like this:
>>> add user fwt10  {rancid}
>>> add userpassword fwt10  {password}
>>> add method fwt10  {ssh}
>>> add enauser fwt10 {password}
>>> add enableprompt {"fw*+/pri/act>"}
>>>
>>> Cheers,
>>>
>>>
>>>
>>>
>>>
>>>
>>> *David LaPorte <david_laporte at harvard.edu>*
>>> Please respond to david_laporte at harvard.edu
>>>
>>> 10/17/06 04:08 PM
>>>
>>> 
>>> To
>>>                  Lourdes Llorente <lllorente at amadeus.com>
>>> cc
>>>                  rancid-discuss at shrubbery.net
>>> 
>>> Subject
>>>                  Re: [rancid]  does clogin work for Cisco FWSM ?
>>>
>>>
>>> 
>>>
>>>
>>>
>>>
>>>
>>> We're using it with 15 FWSMs and it works well.  I tag them as "cisco"
>>> and I don't believe I needed to hack any code to make things work.
>>>
>>> Dave
>>>
>>> Lourdes Llorente wrote:
>>>>
>>>> Hello !
>>>>
>>>> Has anyone tried to setup Rancid to work with FWSM from Cisco ?
>>>> I am having some trouble with it as I am not managing to set up 
properly
>>>> .cloginrc , for example it does not find the password for the fw and 
the
>>>> userprompt is also not correct, on the format "user at fw's password:"
>>>>
>>>>
>>>> Another special thing is that defining in router.db the fw as juniper
>>>> device, it logs in but it does not manage to download the 
configuration.
>>>>
>>>> Thanks in advance for your help,
>>>> Cheers
>>>>
>>>>
>>>> 
------------------------------------------------------------------------
>>>>
>>>> _______________________________________________
>>>> Rancid-discuss mailing list
>>>> Rancid-discuss at shrubbery.net
>>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>>>
>>
>> --
>> David LaPorte, CISSP, CCNP
>> Security Manager, Network and Server Systems
>> Harvard University Information Systems
>> -----------------------------------------------
>> Email: david_laporte at harvard.edu
>>  PGP: 0x4DC3E508
>>       4A1F058DB2B32FEF10A14F6BD370A6AD4DC3E508
>>
>>
> 
> -- 
> David LaPorte, CISSP, CCNP
> Security Manager, Network and Server Systems
> Harvard University Information Systems
> -----------------------------------------------
> Email: david_laporte at harvard.edu
>  PGP: 0x4DC3E508
>       4A1F058DB2B32FEF10A14F6BD370A6AD4DC3E508
> 
> 

-- 
David LaPorte, CISSP, CCNP
Security Manager, Network and Server Systems
Harvard University Information Systems
-----------------------------------------------
Email: david_laporte at harvard.edu
  PGP: 0x4DC3E508
       4A1F058DB2B32FEF10A14F6BD370A6AD4DC3E508



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20061018/f55bc358/attachment.html 


More information about the Rancid-discuss mailing list