[rancid] diff to make rancid work with HP 2810-24G and tacacs+ authentication

Johan Ryberg johan at securit.se
Fri Jul 27 19:35:44 UTC 2012 

Thanks =)

I have been running this code with both tacacs enabled switches and
with local only authentication since the post without any problems.

All changes are committed to cvs and I have not noticed any other issues.

I will however look at the banner to see if it match something else.
If I got time I will look at it on Monday.

Best regards Johan

2012/7/27 heasley <heas at shrubbery.net>:
> Fri, Jul 13, 2012 at 10:59:45AM +0200, Johan Ryberg:
>> Hi.
>>
>> I where having big problems when I enabled tacacs authentication for
>> HP 2810-24G switches and I found two issues that made rancid
>> (hpuifilder) to consume 100% cpu and it hang there forever.
>>
>> First problem, the enable prompt
>> The switch are using "Login:" and I think this could be changed in the
>> default userprompt from "(Username|login|user name):" to
>> "(Username|[Ll]ogin|user name):"
>> --- /usr/local/bin/hlogin       Fri Jul 13 10:12:12 2012
>> +++ hlogin      Fri Jul 13 10:58:19 2012
>> @@ -697,7 +697,7 @@
>>       # Figure out prompts
>>       set u_prompt [find userprompt $router]
>>       if { "$u_prompt" == "" } {
>> -       set u_prompt "(Username|login|user name):"
>> +       set u_prompt "(Username|[Ll]ogin|user name):"
>>       } else {
>>          set u_prompt [join [lindex $u_prompt 0] ""]
>>       }
>
> committed.
>
>> Second problem, hlogin was to fast to enter the enable command after
>> login. The only letters that where written to the console was "nable".
>> I could reproduce this every time. The fix was to add a sleep in
>> hlogin after the "welcome prompt"
>>
>> --- /usr/local/bin/hlogin  Fri Jul 13 10:40:23 2012
>> +++ /usr/local/bin/hlogin       Fri Jul 13 10:12:12 2012
>> @@ -394,6 +394,7 @@
>>       expect {
>>          "Press any key to continue" {
>>              send " "
>> +            sleep 1
>>              exp_continue
>>          }
>>          "Enter switch number to connect to or <CR>:" {
>>
>> For the record. I'm using rancid 2.3.8 on OpenBSD 5.1
>
> Are you sure?  usually when behavior like occurs, its more likely that it
> matched something in the preceeding output.  i asked because this kind of
> usually just moves the problem elsewhere.  it might just be better to deal
> with recovering from the error and re-enter 'enable'.

More information about the Rancid-discuss mailing list