[rancid] diff to make rancid work with HP 2810-24G and tacacs+ authentication

Johan Ryberg johan at securit.se
Mon Jul 30 07:58:32 UTC 2012


This is the banner. I have replaced username and hostname. Maybe it's
the "Press any key to continuesome.host.name>" that is the problem.
The switch does not put any space between continue and the hostname.

This may fail
    expect {
	"Press any key to continue" {
	    send " "
	    exp_continue
	}

-- Johan Ryberg

spawn hpuifilter -- ssh -c 3des -x -l someusername some.host.name We'd
like to keep you up to date about:
   * Software feature updates
   * New product announcements
   * Special events

Please register your products now at:  www.ProCurve.com

someusername at some.host.name's password:
ProCurve J9021A Switch 2810-24G
Software revision N.11.52

Copyright (C) 1991-2011 Hewlett-Packard Co.  All Rights Reserved.

                            RESTRICTED RIGHTS LEGEND

  Use, duplication, or disclosure by the Government is subject to restrictions
  as set forth in subdivision (b) (3) (ii) of the Rights in Technical Data and
  Computer Software clause at 52.227-7013.

          HEWLETT-PACKARD COMPANY, 3000 Hanover St., Palo Alto, CA 94303

Press any key to continuesome.host.name> enable Login:someusername
Enable password:
hostname#


2012/7/27 Johan Ryberg <johan at securit.se>:
> Thanks =)
>
> I have been running this code with both tacacs enabled switches and
> with local only authentication since the post without any problems.
>
> All changes are committed to cvs and I have not noticed any other issues.
>
> I will however look at the banner to see if it match something else.
> If I got time I will look at it on Monday.
>
> Best regards Johan
>
> 2012/7/27 heasley <heas at shrubbery.net>:
>> Fri, Jul 13, 2012 at 10:59:45AM +0200, Johan Ryberg:
>>> Hi.
>>>
>>> I where having big problems when I enabled tacacs authentication for
>>> HP 2810-24G switches and I found two issues that made rancid
>>> (hpuifilder) to consume 100% cpu and it hang there forever.
>>>
>>> First problem, the enable prompt
>>> The switch are using "Login:" and I think this could be changed in the
>>> default userprompt from "(Username|login|user name):" to
>>> "(Username|[Ll]ogin|user name):"
>>> --- /usr/local/bin/hlogin       Fri Jul 13 10:12:12 2012
>>> +++ hlogin      Fri Jul 13 10:58:19 2012
>>> @@ -697,7 +697,7 @@
>>>       # Figure out prompts
>>>       set u_prompt [find userprompt $router]
>>>       if { "$u_prompt" == "" } {
>>> -       set u_prompt "(Username|login|user name):"
>>> +       set u_prompt "(Username|[Ll]ogin|user name):"
>>>       } else {
>>>          set u_prompt [join [lindex $u_prompt 0] ""]
>>>       }
>>
>> committed.
>>
>>> Second problem, hlogin was to fast to enter the enable command after
>>> login. The only letters that where written to the console was "nable".
>>> I could reproduce this every time. The fix was to add a sleep in
>>> hlogin after the "welcome prompt"
>>>
>>> --- /usr/local/bin/hlogin  Fri Jul 13 10:40:23 2012
>>> +++ /usr/local/bin/hlogin       Fri Jul 13 10:12:12 2012
>>> @@ -394,6 +394,7 @@
>>>       expect {
>>>          "Press any key to continue" {
>>>              send " "
>>> +            sleep 1
>>>              exp_continue
>>>          }
>>>          "Enter switch number to connect to or <CR>:" {
>>>
>>> For the record. I'm using rancid 2.3.8 on OpenBSD 5.1
>>
>> Are you sure?  usually when behavior like occurs, its more likely that it
>> matched something in the preceeding output.  i asked because this kind of
>> usually just moves the problem elsewhere.  it might just be better to deal
>> with recovering from the error and re-enter 'enable'.


More information about the Rancid-discuss mailing list