<html><head><meta http-equiv="Content-Type" content="text/html; charset=us-ascii"><meta name="Generator" content="Microsoft Word 12 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style></head><body lang="EN-US" link="blue" vlink="purple"><div class="WordSection1"><p class="MsoNormal">I’ve modified do_auth to discriminate between the nexus and Cisco (or Brocade which acts a lot like Cisco). A basic configuration would be:</p>
<p class="MsoNormal"> </p><p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Courier New"">user = tester {</span></p><p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Courier New""> default service = permit</span></p>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Courier New""> login = cleartext "test_me"</span></p><p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Courier New""> enable = cleartext "test_me"</span></p>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Courier New""> pap = cleartext "test_me"</span></p><p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Courier New""> service = exec {</span></p>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Courier New""> priv-lvl = 1 </span></p><p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Courier New""> shell:roles="network-operator"</span></p>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Courier New""> idletime = 3 </span></p><p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Courier New""> timeout = 15</span></p>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Courier New""> }</span></p><p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Courier New""> after authorization "/usr/bin/python /root/do_auth_beta.py -i $address -fix_crs_bug -u $user -d $name -l /root/log2.txt -f /root/do_auth.ini"</span></p>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Courier New"">}</span></p><p class="MsoNormal"> </p><p class="MsoNormal">Do_auth will send shell:roles to the nexus, but filter it from the Cisco’s/Brocades. (Sending both seems to confuse other Cisco devices) You can also replace those pairs in do_auth by group, giving network-operator based on device to some and network-admin to others. It works quite well. If anybody is interested in testing it, drop me a line, else I’ll get to posting it when I get to posting it. </p>
</div></body></html>
<pre>E-Mail to and from me, in connection with the transaction
of public business,is subject to the Wyoming Public Records
Act, and may be disclosed to third parties.