[rancid] cannot login to sf302-08P managed swictch

Natxo Asenjo natxo.asenjo at gmail.com
Wed May 15 09:42:16 UTC 2013


On Wed, May 15, 2013 at 7:16 AM, Per-Olof Olsson <peo at chalmers.se> wrote:

hi,


>
> So what about testing
>   add userprompt switch {User name:}
> in your .cloginrc
>
>
getting closer ;-)


add user switch     {username}
add password switch {pwd}
add userprompt switch {"User Name:"}
# add passprompt switch {"Password:"}
# add method switch {telnet}

adding the userprotmt allows rancid to go on, but it enters the
username/password three times and the authentication fails. I have verified
the user name/password combination are correct, I can log in manually with
those credentials.

I tried (as you see it is now commented out) the passprompt, but that does
not affect it. I see clogin type something 3 times and fail.

Now I have gone digging a bit further. We have radius configured in the
network devices. I used the radiusd -X logging of freeradius to see what
was coming from the switch and to my surprise I saw that the username was
correct but the password that was coming to the radius server corresponded
to the next .clogin defined for the 'normal'  cisco devices. Strange.

so, to be clear, I have at the end of my cloginrc file a catchall rule like
so:

add user *.domain.tld {username}
add password *.domain.tld {pwd} {enablepwd}
add method *.domain.tld ssh

and befor that I add the config for the small switches. And yet rancid sent
the *.domain.tld password to the device.

I have now changed the *.domain.tld {username} to use radius authentication
instead of local user. Now it works.

Thanks for the userprompt tip!

-- 
groet,
natxo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20130515/fe7b0838/attachment.html>


More information about the Rancid-discuss mailing list