[rancid] Rancid can't authenticate on device even login and passwords are correct. Clogin is also successful.

Auzzik auzzik at gmail.com
Thu Jan 10 06:02:24 UTC 2013


Good day,

I am stacked with a minor problem which I can't fight.

Rancid 2.3.6.
I have a Cisco ASA. I configured Rancid user on it, but I want to
restrict Rancid user on it. So I user privilege commands to do this:

username rancid password <password> encrypted privilege 5

It's know that level 5 on ASA is a read-only privileges by default.
That's fine. I can login to ASA as a rancid user using SSH client.

The problem here is that a rancid user must enable into 5th level using
command 'enable 5'. Originally, 'clogin' script has these lines:
-------------
# Enable
proc do_enable { enauser enapasswd } {
     global do_saveconfig in_proc
     global prompt u_prompt e_prompt
     set in_proc 1

     send "enable\r"
     ...
------------

So, I changed this script to send 'enable 3\r' instead of just 'enable'.
I defined all settings for this box in .cloginrc and router.db files as
well. It's defined as 'asa:cisco:up'

When I use 'clogin' script it works fine:
----------------
$ /usr/libexec/rancid/clogin asa
asa
spawn ssh -c 3des -x -l rancid asa
rancid@[ip]'s password:
Type help or '?' for a list of available commands.
asa1.local> enable 3
Password: *********************
asa1.local# configure ?
ERROR: % Unrecognized command
asa1.local#
asa1.local# show version | in Hardware
Hardware:   ASA5512, 4096 MB RAM, CPU Clarkdale 2792 MHz, 1 CPU (2 cores)
----------------

As you can see I can't get 'conf t' mode, but I can do 'show' commands.
That is what I want.

The problem is that when I run '/usr/bin/rancid-run' rancid can't
authenticate on device.
I see the following in the logs:
-----------------------------------------
Trying to get all of the configs.
asa: End of run not found
!DEBUG:                             ^
=====================================
Getting missed routers: round 1.
asa: End of run not found
!DEBUG:                             ^
=====================================
Getting missed routers: round 2.
asa: End of run not found
!DEBUG:                             ^


ending: Thu Jan 9 05:39:46 UTC 2013
------------------------------------------

I thought rancid uses clogin script to login into cisco devices, but
looks like it does not.

Please point me out on what else I need to change/fix.
Thanks.

P.S. Do you have any diagram showing links between all rancid scripts?
P.P.S. Is any yum repository with latest rancid packages for rhel6?

Auzzik





More information about the Rancid-discuss mailing list