[rancid] Re: fnrancid and Fortinet equipment

Eric Humphries ehumphri at gmail.com
Mon Sep 18 20:19:34 UTC 2006

On 9/18/06, john heasley <heas at shrubbery.net> wrote:
> Sun, Sep 17, 2006 at 03:49:17PM -0500, Eric Humphries:
> > Hey guys,
> >
> > I'm using rancid on a FreeBSD 6.1-Stable box, and I'm trying to log into
> > some fortinet equipment (more specifically a Fortigate 60M) using the
> > fnrancid module.
> >
> > I'm able to manually use clogin to log into the firewall and it brings
> me to
> > the prompt but immediately after the session freezes and I'm unable to
> > type/run commands. Using rancid-run fails to run the commands as well so
> it
> > appears to be something with how the script expects the login prompt to
> > appear, possibly. The hostname I have on the device is "testdevice $"
> when I
> > log in as a user and "testdevice #" when I log in with admin. There is
> not
> > enable password required.
> I'm not familiar with the fortinet (or the netscreen), but there seems to
> have
> been a change in the UI.
> 1) nlogin expects the prompt to end with "-> "
> 2) nlogin does not know about an "enable" mode.

1) Well I've yet to see any fortinet equipment have a prompt that ends in
->, default or otherwise.
2) Well, I guess the noenable business isn't going to do the trick then.

So, this is not going to work.  nlogin will need to be changed.  Or, try
> clogin to see if it works: clogin -c 'some command; some other command'
> > I'm quite new to rancid (a few days) and I've searched around for help
> > regarding this specific issue but I've yet to find anything that matches
> my
> > problem well. I can provide information as necessary, just tell me what
> you
> > need to see.
> >
> > Is there something I'm doing wrong that would cause the shell to hang?
> I've
> > tried running rancid with tcsh, and sh - both with the same result.
> It should not hang forever.  If it is expecting output and not receiving
> it,
> the timeout should trip and the login script should close the connection.
> If it is hanging forever, then I suspect you're using solaris/linux and
> you
> need to apply the expect patch from the rancid web page.

It does trip the TIMEOUT.

So I guess my main question is is the fnrancid module setup to expect a
prompt that ends in "-> "? I haven't had time to dig into fnrancid or nlogin
to lear the innerworkings as I've only been messing with it in my freetime.
Eventually, I would like to deploy this for close to 1,000 firewalls or so.

I guess my next step is to dig into fnrancid and try to figure out what its
doing. I know the modules are fancy front-ends for expect that are used to
describe device behavior but thats as far as I've gone.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20060918/ff3a55cf/attachment.html 

More information about the Rancid-discuss mailing list