[rancid] rancid bombing out on "dir /all disk0:" when command not authorized by AAA

Dale Shaw dale.shaw+rancid-discuss at gmail.com
Tue Mar 9 05:27:03 UTC 2010


Hi all,

I'm running RANCID 2.3.2 on Ubuntu 9.04.

I'm trying to collect configs from a bunch of Cisco ASA 5500 series firewalls.

Recently we brought them into production and as part of that exercise,
enabled AAA (TACACS). The command set doesn't permit some of the
commands RANCID is attempting to execute. It looks like it's bombing
out when parsing the output from 'dir /all disk0:', which in this case
is "Command authorization failed".

I'll probably just end up adding this command to the authorised set,
but am I missing something or is this behaviour a bit .. ungraceful?
:-)

rancid -d and clogin -c output below.

Cheers,
Dale

dshaw at utility:/usr/local/rancid/var/customer-all/configs$ sudo -u
rancid /usr/local/rancid/bin/rancid -d customer-fw01
executing clogin -t 90 -c"admin show version;show version;show
redundancy secondary;show idprom backplane;show install active;admin
show env all;show env all;show rsp chassis-info;show gsr chassis;show
diag chassis-info;show boot;show bootvar;admin show variables
boot;show variables boot;show flash;dir /all nvram:;dir /all
bootflash:;dir /all slot0:;dir /all disk0:;dir /all slot1:;dir /all
disk1:;dir /all slot2:;dir /all disk2:;dir /all harddisk:;dir /all
harddiska:;dir /all harddiskb:;dir /all sup-bootflash:;dir /all
sup-microcode:;dir /all slavenvram:;dir /all slavebootflash:;dir /all
slaveslot0:;dir /all slavedisk0:;dir /all slaveslot1:;dir /all
slavedisk1:;dir /all slaveslot2:;dir /all slavedisk2:;dir /all
slavesup-bootflash:;dir /all sec-nvram:;dir /all sec-bootflash:;dir
/all sec-slot0:;dir /all sec-disk0:;dir /all sec-slot1:;dir /all
sec-disk1:;dir /all sec-slot2:;dir /all sec-disk2:;show
controllers;show controllers cbus;show diagbus;admin show diag;show
diag;show module;show spe version;show c7200;show inventory raw;show
vtp status;show vlan;show vlan-switch;show debug;more
system:running-config;show running-config;write term" customer-fw01
PROMPT MATCH: CUSTOMER-FW01#
HIT COMMAND:CUSTOMER-FW01#  admin show version
    In ShowVersion: CUSTOMER-FW01#  admin show version
HIT COMMAND:CUSTOMER-FW01# show version
    In ShowVersion: CUSTOMER-FW01# show version
HIT COMMAND:CUSTOMER-FW01# show redundancy secondary
    In ShowRedundancy: CUSTOMER-FW01# show redundancy secondary
HIT COMMAND:CUSTOMER-FW01# show idprom backplane
    In ShowIDprom: CUSTOMER-FW01# show idprom backplane
HIT COMMAND:CUSTOMER-FW01# show install active
    In ShowInstallActive: CUSTOMER-FW01# show install active
HIT COMMAND:CUSTOMER-FW01# admin show env all
    In ShowEnv: CUSTOMER-FW01# admin show env all
HIT COMMAND:CUSTOMER-FW01# show env all
    In ShowEnv: CUSTOMER-FW01# show env all
HIT COMMAND:CUSTOMER-FW01# show rsp chassis-info
    In ShowRSP: CUSTOMER-FW01# show rsp chassis-info
HIT COMMAND:CUSTOMER-FW01# show gsr chassis
    In ShowGSR: CUSTOMER-FW01# show gsr chassis
HIT COMMAND:CUSTOMER-FW01# show diag chassis-info
    In ShowGSR: CUSTOMER-FW01# show diag chassis-info
HIT COMMAND:CUSTOMER-FW01# show boot
    In ShowBoot: CUSTOMER-FW01# show boot
HIT COMMAND:CUSTOMER-FW01# show bootvar
    In ShowBoot: CUSTOMER-FW01# show bootvar
HIT COMMAND:CUSTOMER-FW01# admin show variables boot
    In ShowBoot: CUSTOMER-FW01# admin show variables boot
HIT COMMAND:CUSTOMER-FW01# show variables boot
    In ShowBoot: CUSTOMER-FW01# show variables boot
HIT COMMAND:CUSTOMER-FW01# show flash
    In ShowFlash: CUSTOMER-FW01# show flash
HIT COMMAND:CUSTOMER-FW01# dir /all nvram:
    In DirSlotN: CUSTOMER-FW01# dir /all nvram:
HIT COMMAND:CUSTOMER-FW01# dir /all bootflash:
    In DirSlotN: CUSTOMER-FW01# dir /all bootflash:
HIT COMMAND:CUSTOMER-FW01# dir /all slot0:
    In DirSlotN: CUSTOMER-FW01# dir /all slot0:
HIT COMMAND:CUSTOMER-FW01# dir /all disk0:
    In DirSlotN: CUSTOMER-FW01# dir /all disk0:
write(spawn_id=1): broken pipe
    while executing
"send_user -- "$expect_out(buffer)""
    invoked from within
"expect -nobrace -re+ { exp_continue } -re {^[^
 *]*CUSTOMER([^#>\r\n]+)?[#>](\([^)\r\n]+\))?} { send_user --
"$expect_out(buffer)"
                                                } -re {..."
    invoked from within
"expect {
            -re "\b+"                           { exp_continue }
            -re "^\[^\n\r *]*$reprompt"         { send_user --
"$expect_out(buffer)"
                                                }
            -re "^\[^\n\r]*$reprom..."
    (procedure "run_commands" line 39)
    invoked from within
"run_commands $prompt $command"
    ("foreach" body line 149)
    invoked from within
"foreach router [lrange $argv $i end] {
    set router [string tolower $router]
    # attempt at platform switching.
    set platform ""
    send_user ..."
    (file "/usr/local/rancid/bin/clogin" line 723)

dshaw at utility:~$ clogin -c "dir /all disk0:" customer-fw01
customer-fw01
spawn ssh -c 3des -x -l user customer-fw01
user at customer-fw01's password:
Type help or '?' for a list of available commands.
CUSTOMER-FW01> enable
Password: ********
CUSTOMER-FW01#
CUSTOMER-FW01# terminal length 0
                           ^
ERROR: % Invalid input detected at '^' marker.
CUSTOMER-FW01#  dir /all disk0:
Command authorization failed
CUSTOMER-FW01#exit

Logoff

Connection to customer-fw01 closed.


More information about the Rancid-discuss mailing list