[rancid] Re: does clogin work for Cisco FWSM ?
Hopper, Faron W.
faron.hopper at capgemini.com
Thu Oct 19 14:51:31 UTC 2006
Did you get it to download the system context?
Thank you,
Faron Hopper / Capgemini / Kansas City
Network Engineer / Outsourcing Services
Office: 1 816 459 5139 / Mobile: 1 816 863 1234
Alternate Phone Number: 1 866 207 3344 option 1, ext 5139
www.us.capgemini.com
Fax: 1 816 459 6767
3315 N Oak Trafficway, Kansas City, MO, 64116
Email: faron.hopper at capgemini.com
Join <mailto:faron.hopper at capgemini.comJoin> the Collaborative Business
Experience
________________________________
From: rancid-discuss-bounces at shrubbery.net
[mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Lourdes
Llorente
Sent: Wednesday, October 18, 2006 8:09 AM
To: david_laporte at harvard.edu
Cc: rancid-discuss at shrubbery.net
Subject: [rancid] Re: does clogin work for Cisco FWSM ?
Just for trying, I tried to run rancid for the fws and it downloads the
configs, although the commands for routers terminal length 0 and for the
fws terminal monitor 0 are different..
So it works anyway !
I will have to look inside the script "rancid" to find it why...
But I am happy so rancid can manage also the FWs modules..
Thanks for your time !
Cheers,
Lourdes
Lourdes Llorente/MUC/AMADEUS
10/18/06 02:28 PM
To
david_laporte at harvard.edu
cc
rancid-discuss at shrubbery.net
Subject
Re: [rancid] does clogin work for Cisco FWSM ?Link
<Notes:///412568A50046F9EF/64CB56C0D0B2D2124125686400327369/C57569E93202
B3ACC125720A00579728>
Hi Dave,
at the end I managed...
What I have done in :
add password mucfwt10 {pw} {enable-pw}
is to set up, instead of the enable-pw locally installed in the fw, I
have put the Tacacs password for the user rancid... and it works.,
Now I have to trigger a little bit the scripts because for the fws is
not valid anymore the command "terminal length 0", if not the command
"terminal monitor 0"
The rest, (regarding at least the show config )looks the same..
Best regards
Lourdes
David LaPorte <david_laporte at harvard.edu>
Please respond to david_laporte at harvard.edu
10/17/06 05:48 PM
To
Lourdes Llorente <lllorente at amadeus.com>
cc
Subject
Re: [rancid] does clogin work for Cisco FWSM ?
My authentication is also done through TACACS. You've tried it with the
"add password" line and it still fails?
Dave
Lourdes Llorente wrote:
>
> Hi David!
>
> Stil does not work... :o( , still does not find the password. The
> authentication is done through Tacacs this is why it looks a little
bit
> different..
>
> Look at my config in .cloginrc
>
> add method fwt10 {ssh}
> add user fwt10 {rancid}
> add userpassword fwt10 {password}
>
> Thanks a lot for your help..
> Cheers
>
>
>
>
> *David LaPorte <david_laporte at harvard.edu>*
> Please respond to david_laporte at harvard.edu
>
> 10/17/06 05:29 PM
>
>
> To
> Lourdes Llorente <lllorente at amadeus.com>
> cc
>
>
> Subject
> Re: [rancid] does clogin work for Cisco FWSM ?
>
>
>
>
>
>
>
>
> here's what my .cloginrc looks like for that particular element:
>
> add method oxfw1 {ssh}
> add user * rancid
> add password * {rancid_pass} {enable_pass}
>
> I don't believe "enauser" and "userpassword" are necessary.
>
> Dave
>
> Lourdes Llorente wrote:
>>
>> Hello !
>>
>> clogin fwt10
>> fwt10
>>
>> Error: no password for fwt10 in /export/home/guest/.cloginrc.
>>
>> Cheers,
>> Lourdes
>>
>>
>>
>>
>>
>> *David LaPorte <david_laporte at harvard.edu>*
>> Please respond to david_laporte at harvard.edu
>>
>> 10/17/06 05:08 PM
>>
>>
>> To
>> Lourdes Llorente <lllorente at amadeus.com>
>> cc
>>
>>
>> Subject
>> Re: [rancid] does clogin work for Cisco FWSM ?
>>
>>
>>
>>
>>
>>
>>
>>
>> This is what a clogin transcript logging into one of my FWSMs looks
like:
>>
>> -bash-2.05b$ ./clogin oxfw1
>> oxfw1
>> spawn ssh -c 3des -x -l rancid oxfw1
>> rancid at oxfw1's password:
>>
>> ********************* W A R N I N G *********************
>>
>> This system is for authorized users at Harvard University.
>> No other use is permitted.
>>
>> ***** Harvard University Network Operations Center *******
>> ********************* (617) 496-4736 *********************
>>
>> Type help or '?' for a list of available commands.
>> oxfw1>
>> oxfw1> enable
>> Password: *********
>> oxfw1#
>>
>>
>>
>> Can you send me what yours looks like?
>>
>> thanks,
>> Dave
>>
>> Lourdes Llorente wrote:
>>>
>>> Thanks for your answer !
>>> But do you have a special prompt ?
>>> For some reason when typing "clogin fwt10", it does not find the pw
for
>>> the fw10.
>>>
>>> And my .cloginrc looks like this:
>>> add user fwt10 {rancid}
>>> add userpassword fwt10 {password}
>>> add method fwt10 {ssh}
>>> add enauser fwt10 {password}
>>> add enableprompt {"fw*+/pri/act>"}
>>>
>>> Cheers,
>>>
>>>
>>>
>>>
>>>
>>>
>>> *David LaPorte <david_laporte at harvard.edu>*
>>> Please respond to david_laporte at harvard.edu
>>>
>>> 10/17/06 04:08 PM
>>>
>>>
>>> To
>>> Lourdes Llorente <lllorente at amadeus.com>
>>> cc
>>> rancid-discuss at shrubbery.net
>>>
>>> Subject
>>> Re: [rancid] does clogin work for Cisco FWSM ?
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> We're using it with 15 FWSMs and it works well. I tag them as
"cisco"
>>> and I don't believe I needed to hack any code to make things work.
>>>
>>> Dave
>>>
>>> Lourdes Llorente wrote:
>>>>
>>>> Hello !
>>>>
>>>> Has anyone tried to setup Rancid to work with FWSM from Cisco ?
>>>> I am having some trouble with it as I am not managing to set up
properly
>>>> .cloginrc , for example it does not find the password for the fw
and the
>>>> userprompt is also not correct, on the format "user at fw's password:"
>>>>
>>>>
>>>> Another special thing is that defining in router.db the fw as
juniper
>>>> device, it logs in but it does not manage to download the
configuration.
>>>>
>>>> Thanks in advance for your help,
>>>> Cheers
>>>>
>>>>
>>>>
------------------------------------------------------------------------
>>>>
>>>> _______________________________________________
>>>> Rancid-discuss mailing list
>>>> Rancid-discuss at shrubbery.net
>>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>>>
>>
>> --
>> David LaPorte, CISSP, CCNP
>> Security Manager, Network and Server Systems
>> Harvard University Information Systems
>> -----------------------------------------------
>> Email: david_laporte at harvard.edu
>> PGP: 0x4DC3E508
>> 4A1F058DB2B32FEF10A14F6BD370A6AD4DC3E508
>>
>>
>
> --
> David LaPorte, CISSP, CCNP
> Security Manager, Network and Server Systems
> Harvard University Information Systems
> -----------------------------------------------
> Email: david_laporte at harvard.edu
> PGP: 0x4DC3E508
> 4A1F058DB2B32FEF10A14F6BD370A6AD4DC3E508
>
>
--
David LaPorte, CISSP, CCNP
Security Manager, Network and Server Systems
Harvard University Information Systems
-----------------------------------------------
Email: david_laporte at harvard.edu
PGP: 0x4DC3E508
4A1F058DB2B32FEF10A14F6BD370A6AD4DC3E508
This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20061019/31b1e271/attachment.html
More information about the Rancid-discuss
mailing list