[rancid] Re: Backup Password?

Jeffrey Ollie jeff at ocjtech.us
Fri Apr 4 17:40:44 UTC 2008


On Fri, Apr 4, 2008 at 11:47 AM, PIERCE, STEVEN T (STEVE), ATTOPS
<stpierce at att.com> wrote:
>
> Is there a way to create a "backup" or "secondary" password that RANCID can
> try if the first attempt to reach a device fails? Or, perhaps, better, a way
> for RANCID to recognize that it's not being prompted for a "Username" since
> AAA isn't working (it gets prompted for "Password:") and to simply enter the
> enable password?  In this situation, I don't want RANCID to use it's
> username password, but the enable password.

What you can do is something like this:

username rancid privilege 15 secret blahblahblah
aaa authentication login default group tacacs+ local-case
aaa authentication enable default group tacacs+ enable
aaa authorization exec default group tacacs+ local

If the TACACS+ servers are unavailable the router will fall back to a
local database of users (the "username" statements).  If you keep the
passwords for RANCID synced between the TACACS+ server and the routers
RANCID will never know that the TACACS+ server was down.  You could
also create an "emergency" password on your routers for humans to use
when the network is having issues.

Jeff


More information about the Rancid-discuss mailing list