<div>Oh, it also got onto the box before, it's just the enable part that seems to be the problem.. This is without debug stuff:</div>
<div> </div>
<div> </div>
<div>[rancid@LinuxSrv ~]$ /usr/libexec/rancid/clogin -t 10 192.168.1.2<br>192.168.1.2<br>spawn telnet 192.168.1.2<br>Trying 192.168.1.2...<br>Connected to 192.168.1.2.<br>Escape character is '^]'.</div>
<div><br>User Access Verification</div>
<div>Password: <br>Type help or '?' for a list of available commands.<br>ASAFW01> </div>
<div>Error: TIMEOUT reached<br>[rancid@LinuxSrv ~]$ </div>
<div> </div>
<div><br><br> </div>
<div class="gmail_quote">On Thu, Dec 17, 2009 at 11:36 AM, William <span dir="ltr"><<a href="mailto:willay@gmail.com">willay@gmail.com</a>></span> wrote:<br>
<blockquote style="BORDER-LEFT: #ccc 1px solid; MARGIN: 0px 0px 0px 0.8ex; PADDING-LEFT: 1ex" class="gmail_quote">so its getting onto the box now... but doesnt enable... whats the<br>output without all the debug junk?<br>
<div>
<div></div>
<div class="h5"><br>2009/12/17 Ronni Jensen <<a href="mailto:ronnij@gmail.com">ronnij@gmail.com</a>>:<br>> It's like it never gets to the enable-part.. Here is the debug output of a<br>> manual clogin run:<br>
><br>><br>> [rancid@LinuxSrv ~]$ /usr/libexec/rancid/clogin -d -t 10 10.10.1.2<br>> 10.10.1.2<br>> spawn telnet 10.10.1.2<br>> parent: waiting for sync byte<br>> parent: telling child to go ahead<br>> parent: now unsynchronized from child<br>
> spawn: returns {13658}<br>> expect: does "" (spawn_id exp4) match regular expression "(Connection<br>> refused|Secure connection [^\n\r]+ refused)"? no<br>> "(Connection closed by|Connection to [^\n\r]+ closed)"? no<br>
> expect: does "" (spawn_id exp4) match glob pattern "unknown host\r"? no<br>> expect: does "" (spawn_id exp4) match glob pattern "Host is unreachable"? no<br>> "No address associated with name"? no<br>
> "(Host key not found |The authenticity of host .* be<br>> established).*(yes/no)?"? no<br>> "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no<br>> "Offending key for .* (yes/no)?"? no<br>
> "(denied|Sorry)"? no<br>> "Login failed"? no<br>> "% (Bad passwords|Authentication failed)"? no<br>> "Press any key to continue"? no<br>> "Enter Selection: "? no<br>
> "Last login:"? no<br>> "@[^\r\n]+ ([Pp]assword|passwd):"? no<br>> "pix"? no<br>> "([Pp]assword|passwd):"? no<br>> "(#| \(enable\))"? no<br>> "Login invalid"? no<br>
> Trying 10.10.1.2...<br>> Connected to 10.10.1.2.<br>> Escape character is '^]'.<br>> expect: does "Trying 10.10.1.2...\r\r\nConnected to 10.10.1.2.\r\r\nEscape<br>> character is '^]'.\r\r\n" (spawn_id exp4) match regular expression<br>
> "(Connection refused|Secure connection [^\n\r]+ refused)"? no<br>> "(Connection closed by|Connection to [^\n\r]+ closed)"? no<br>> expect: does "Trying 10.10.1.2...\r\r\nConnected to 10.10.1.2.\r\r\nEscape<br>
> character is '^]'.\r\r\n" (spawn_id exp4) match glob pattern "unknown<br>> host\r"? no<br>> expect: does "Trying 10.10.1.2...\r\r\nConnected to 10.10.1.2.\r\r\nEscape<br>> character is '^]'.\r\r\n" (spawn_id exp4) match glob pattern "Host is<br>
> unreachable"? no<br>> "No address associated with name"? no<br>> "(Host key not found |The authenticity of host .* be<br>> established).*(yes/no)?"? no<br>> "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no<br>
> "Offending key for .* (yes/no)?"? no<br>> "(denied|Sorry)"? no<br>> "Login failed"? no<br>> "% (Bad passwords|Authentication failed)"? no<br>> "Press any key to continue"? no<br>
> "Enter Selection: "? no<br>> "Last login:"? no<br>> "@[^\r\n]+ ([Pp]assword|passwd):"? no<br>> "pix"? no<br>> "([Pp]assword|passwd):"? no<br>> "(#| \(enable\))"? no<br>
> "Login invalid"? no<br>> User Access Verification<br>> Password:<br>> expect: does "Trying 10.10.1.2...\r\r\nConnected to 10.10.1.2.\r\r\nEscape<br>> character is '^]'.\r\r\n\r\n\r\nUser Access Verification\r\n\r\nPassword: "<br>
> (spawn_id exp4) match regular expression "(Connection refused|Secure<br>> connection [^\n\r]+ refused)"? no<br>> "(Connection closed by|Connection to [^\n\r]+ closed)"? no<br>> expect: does "Trying 10.10.1.2...\r\r\nConnected to 10.10.1.2.\r\r\nEscape<br>
> character is '^]'.\r\r\n\r\n\r\nUser Access Verification\r\n\r\nPassword: "<br>> (spawn_id exp4) match glob pattern "unknown host\r"? no<br>> expect: does "Trying 10.10.1.2...\r\r\nConnected to 10.10.1.2.\r\r\nEscape<br>
> character is '^]'.\r\r\n\r\n\r\nUser Access Verification\r\n\r\nPassword: "<br>> (spawn_id exp4) match glob pattern "Host is unreachable"? no<br>> "No address associated with name"? no<br>
> "(Host key not found |The authenticity of host .* be<br>> established).*(yes/no)?"? no<br>> "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no<br>> "Offending key for .* (yes/no)?"? no<br>
> "(denied|Sorry)"? no<br>> "Login failed"? no<br>> "% (Bad passwords|Authentication failed)"? no<br>> "Press any key to continue"? no<br>> "Enter Selection: "? no<br>
> "Last login:"? no<br>> "@[^\r\n]+ ([Pp]assword|passwd):"? no<br>> "pix"? no<br>> "([Pp]assword|passwd):"? yes<br>> expect: set expect_out(0,string) "Password:"<br>
> expect: set expect_out(1,string) "Password"<br>> expect: set expect_out(spawn_id) "exp4"<br>> expect: set expect_out(buffer) "Trying 10.10.1.2...\r\r\nConnected to<br>> 10.10.1.2.\r\r\nEscape character is '^]'.\r\r\n\r\n\r\nUser Access<br>
> Verification\r\n\r\nPassword:"<br>> send: sending "exec_pass\r" to { exp4 }<br>> expect: continuing expect<br>> expect: does " " (spawn_id exp4) match regular expression "(Connection<br>
> refused|Secure connection [^\n\r]+ refused)"? no<br>> "(Connection closed by|Connection to [^\n\r]+ closed)"? no<br>> expect: does " " (spawn_id exp4) match glob pattern "unknown host\r"? no<br>
> expect: does " " (spawn_id exp4) match glob pattern "Host is unreachable"?<br>> no<br>> "No address associated with name"? no<br>> "(Host key not found |The authenticity of host .* be<br>
> established).*(yes/no)?"? no<br>> "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no<br>> "Offending key for .* (yes/no)?"? no<br>> "(denied|Sorry)"? no<br>> "Login failed"? no<br>
> "% (Bad passwords|Authentication failed)"? no<br>> "Press any key to continue"? no<br>> "Enter Selection: "? no<br>> "Last login:"? no<br>> "@[^\r\n]+ ([Pp]assword|passwd):"? no<br>
> "pix"? no<br>> "([Pp]assword|passwd):"? no<br>> "(#| \(enable\))"? no<br>> "Login invalid"? no<br>> expect: does " \r\n" (spawn_id exp4) match regular expression "(Connection<br>
> refused|Secure connection [^\n\r]+ refused)"? no<br>> "(Connection closed by|Connection to [^\n\r]+ closed)"? no<br>> expect: does " \r\n" (spawn_id exp4) match glob pattern "unknown host\r"? no<br>
> expect: does " \r\n" (spawn_id exp4) match glob pattern "Host is<br>> unreachable"? no<br>> "No address associated with name"? no<br>> "(Host key not found |The authenticity of host .* be<br>
> established).*(yes/no)?"? no<br>> "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no<br>> "Offending key for .* (yes/no)?"? no<br>> "(denied|Sorry)"? no<br>> "Login failed"? no<br>
> "% (Bad passwords|Authentication failed)"? no<br>> "Press any key to continue"? no<br>> "Enter Selection: "? no<br>> "Last login:"? no<br>> "@[^\r\n]+ ([Pp]assword|passwd):"? no<br>
> "pix"? no<br>> "([Pp]assword|passwd):"? no<br>> "(#| \(enable\))"? no<br>> "Login invalid"? no<br>> Type help or '?' for a list of available commands.<br>> ASAFW01><br>
> expect: does " \r\nType help or '?' for a list of available<br>> commands.\r\n\rASAFW01> " (spawn_id exp4) match regular expression<br>> "(Connection refused|Secure connection [^\n\r]+ refused)"? no<br>
> "(Connection closed by|Connection to [^\n\r]+ closed)"? no<br>> expect: does " \r\nType help or '?' for a list of available<br>> commands.\r\n\rASAFW01> " (spawn_id exp4) match glob pattern "unknown<br>
> host\r"? no<br>> expect: does " \r\nType help or '?' for a list of available<br>> commands.\r\n\rASAFW01> " (spawn_id exp4) match glob pattern "Host is<br>> unreachable"? no<br>
> "No address associated with name"? no<br>> "(Host key not found |The authenticity of host .* be<br>> established).*(yes/no)?"? no<br>> "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no<br>
> "Offending key for .* (yes/no)?"? no<br>> "(denied|Sorry)"? no<br>> "Login failed"? no<br>> "% (Bad passwords|Authentication failed)"? no<br>> "Press any key to continue"? no<br>
> "Enter Selection: "? no<br>> "Last login:"? no<br>> "@[^\r\n]+ ([Pp]assword|passwd):"? no<br>> "pix"? no<br>> "([Pp]assword|passwd):"? no<br>> "(#| \(enable\))"? no<br>
> "Login invalid"? no<br>> expect: timed out<br>> Error: TIMEOUT reached<br>> [rancid@LinuxSrv ~]$<br>><br>><br>><br>> On Thu, Dec 17, 2009 at 11:03 AM, William <<a href="mailto:willay@gmail.com">willay@gmail.com</a>> wrote:<br>
>><br>>> Ronni,<br>>><br>>> Try running the clogin program manually, for example type from the<br>>> command prompt (as the rancid user):<br>>><br>>> clogin 10.10.1.2<br>>><br>
>> and paste the output?<br>>><br>>> Cheers,<br>>><br>>><br>>><br>>> 2009/12/17 Ronni Jensen <<a href="mailto:ronnij@gmail.com">ronnij@gmail.com</a>>:<br>>> > Hi,<br>
>> ><br>>> > I tried with the example you wrote, but it didn't change anything.. I<br>>> > still<br>>> > get the "clogin error: Error: TIMEOUT reached" errors in the logfile.<br>
>> ><br>>> > Any other suggestions how I can fix the error?<br>>> ><br>>> > Best regards,<br>>> > Ronni<br>>> ><br>>> > On Thu, Dec 17, 2009 at 9:10 AM, William <<a href="mailto:willay@gmail.com">willay@gmail.com</a>> wrote:<br>
>> >><br>>> >> Ronni,<br>>> >><br>>> >> According to your email when accessing the firewall manually there is<br>>> >> no autoenable, so I would try the following config for your device:<br>
>> >><br>>> >> add userprompt 10.10.1.2 pix<br>>> >> add method 10.10.1.2 telnet<br>>> >> add password 10.10.1.2 {exec_pass} {enable_pass}<br>>> >><br>
>> >><br>>> >> hope this helps.<br>>> >><br>>> >> Cheers,<br>>> >><br>>> >> Will<br>>> >><br>>> >> 2009/12/17 Ronni Jensen <<a href="mailto:ronnij@gmail.com">ronnij@gmail.com</a>>:<br>
>> >> > Hi,<br>>> >> ><br>>> >> > My rancid installation works perfectly for Cisco Catalyst switches<br>>> >> > and<br>>> >> > other<br>>> >> > stuff too.. but for the Cisco ASA firewalls it fails.. In the logs, I<br>
>> >> > get<br>>> >> > the "clogin error: Error: TIMEOUT reached" error.<br>>> >> ><br>>> >> > .cloginrc for a particular FW looks like:<br>>> >> ><br>
>> >> > add password 10.10.1.2 {exec_pass} {enable_pass}<br>>> >> > add method 10.10.1.2 telnet<br>>> >> > add autoenable 10.10.1.2 {1}<br>>> >> ><br>
>> >> > I've also tried replacing IP-address with DNS hostname or just using<br>>> >> > a<br>>> >> > wildcard star... no difference. When I telnet directly from the<br>>> >> > server<br>
>> >> > to<br>>> >> > the firewall, the sequence looks like:<br>>> >> ><br>>> >> ><br>>> >> > [me@LinuxSrv ~]$ telnet 192.168.1.2<br>>> >> > Trying 10.10.1.2...<br>
>> >> > Connected to 10.10.1.2.<br>>> >> > Escape character is '^]'.<br>>> >> > User Access Verification<br>>> >> > Password: <TYPING PASSWD><br>>> >> > Type help or '?' for a list of available commands.<br>
>> >> > UMUSASA01> <TYPING "ENABLE"><br>>> >> > Password: *******<br>>> >> > UMUSASA01#<br>>> >> ><br>>> >> > Any ideas?<br>>> >> > _______________________________________________<br>
>> >> > Rancid-discuss mailing list<br>>> >> > <a href="mailto:Rancid-discuss@shrubbery.net">Rancid-discuss@shrubbery.net</a><br>>> >> > <a href="http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss" target="_blank">http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss</a><br>
>> >> ><br>>> ><br>>> ><br>><br>><br></div></div></blockquote></div><br>