<div>How is your ACS configure?</div>
<div>Are you mapping DNS/Group --> ACS group or local ACS account?</div>
<div>If you are mapping DNS groups to ACS, make sure your account is ONLY one security group that maps to ACS group. User account can be in multiple group, but you need to re-arrange it in ACS mapping, basicly first group will win situation...</div>
<div> </div>
<div>I had same issue, my account was member of multiple security group in AD and some of these groups were mapped to ACS group. I created ACS local account and it worked like champ :-). I test login using Rancid on switch and router and worked OK. However, if it times out and I think lot of people having same issue. </div>
<div>Example; /var/lib/rancid/bin/clogin -c 'show clock' test-c3560-acc-sw1 - logs into switch and waits... finaly times out :-(</div>
<div> </div>
<div>Sample;</div>
<div>1. nano /root/.cloginrc<br>example follows;<br>add user test-c3560-acc-sw1 testacc (local ACS account)<br>add userpassword test-c3560-acc-sw1 password<br>add password test-c3560-acc-sw1 password enablepassword<br>add method test-c3560-acc-sw1 {ssh}</div>
<div> <br><br></div>
<div class="gmail_quote">On Fri, Dec 26, 2008 at 7:03 AM, Scott Kee <span dir="ltr"><<a href="mailto:SKee@cmsstl.com">SKee@cmsstl.com</a>></span> wrote:<br>
<blockquote style="BORDER-LEFT: #ccc 1px solid; MARGIN: 0px 0px 0px 0.8ex; PADDING-LEFT: 1ex" class="gmail_quote">
<div lang="EN-US" vlink="purple" link="blue">
<div>
<p>Rancid is backing up all of our pix501 firewall. I used to use local account to logon to the pix501 but recently we changed to radius.</p>
<p>Ever since we made the change we can't log on to 3 501s using clogin. It lets me logon to the rest of the 30 pixes.</p>
<p> </p>
<p>Error message:</p>
<p>Permission denied, please try again</p>
<p>Error: Check your passwd for device name</p>
<p> </p>
<p>I am able to logon via ssh</p>
<p> </p>
<p> </p>
<p>Anyone have idea?</p></div></div><br>_______________________________________________<br>Rancid-discuss mailing list<br><a href="mailto:Rancid-discuss@shrubbery.net">Rancid-discuss@shrubbery.net</a><br><a target="_blank" href="http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss">http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss</a><br>
</blockquote></div><br>