From phantox at gmail.com Thu Nov 1 17:11:48 2007 From: phantox at gmail.com (PhaNtoX) Date: Thu, 1 Nov 2007 12:11:48 -0500 Subject: [rancid] Dell Powerconnects Message-ID: Has anyone written a module to get rancid to work with the dell power connect switches? We have a few dozen 3400 5300 series we would like to get working. I can provide access to a switch if this would help someone. Unfortunately I can't program or I would do this myself Kevin -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20071101/5d4348c1/attachment.html From rancid at gheek.net Thu Nov 1 17:46:12 2007 From: rancid at gheek.net (Lance) Date: Thu, 01 Nov 2007 10:46:12 -0700 Subject: [rancid] Re: Dell Powerconnects Message-ID: <20071101104612.8e114e4890519e5179c192e02d6bca26.f22b65fd09.wbe@email.secureserver.net> Kevin, is it a cisco like CLI? > -------- Original Message -------- > Subject: [rancid] Dell Powerconnects > From: PhaNtoX > Date: Thu, November 01, 2007 10:11 am > To: rancid-discuss at shrubbery.net > Has anyone written a module to get rancid to work with the dell power > connect switches? > We have a few dozen 3400 5300 series we would like to get working. I can > provide access to a switch if this would help someone. > Unfortunately I can't program or I would do this myself > Kevin

_______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From phantox at gmail.com Thu Nov 1 20:22:42 2007 From: phantox at gmail.com (PhaNtoX) Date: Thu, 1 Nov 2007 15:22:42 -0500 Subject: [rancid] Fwd: Dell Powerconnects In-Reply-To: References: <20071101172518.GF22095@shrubbery.net> Message-ID: Just tried this and it doesn't seem to be working im getting this in my logs. Trying to get all of the configs. 172.16.10.161 dlogin error: Error: Connection Refused (ssh) 172.16.10.161: missed cmd(s): show version,show system,show running-config,show vlan,dir 0: found end 172.16.10.161: End of run not found ! ===================================== Look at the activity on the switch itself its getting a telnet connection for user unKnown my .cloginrc looks like this add autoenable 172.16.10.161 1 add user 172.16.10.161 admin add password 172.16.10.161 password my router.db looks like this 172.16.10.161:smc:up And yes this is a cisco like CLI -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20071101/e5c5c62c/attachment.html From sharonabez at yahoo.com Fri Nov 2 09:19:20 2007 From: sharonabez at yahoo.com (abez sharon) Date: Fri, 2 Nov 2007 02:19:20 -0700 (PDT) Subject: [rancid] enable password usage in .cloginrc Message-ID: <832788.82122.qm@web33309.mail.mud.yahoo.com> Hi, Here is the .cloginrc file contents: >add user 192.168.1.1 tom >add userpassword 192.168.1.1 tom-password The 'rancid' user is used to execute the clogin command. the command used is 'clogin 192.168.1.1' It uses tom as the user name to connect and it also uses the tom-password to authenticate successfully. Then it executes the enable command, but is unable to find the password. Where and how can I specify the enable password in the .cloginrc file ? Thank You. Abez __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From gregoryzill at solutionary.com Fri Nov 2 12:37:20 2007 From: gregoryzill at solutionary.com (Gregory W Zill) Date: Fri, 02 Nov 2007 07:37:20 -0500 Subject: [rancid] remote cvs checkout Message-ID: <1194007040.14256.19.camel@oddjob> Can I configure a remote web server to checkout individual cisco configs in the rancid cvs for posting to a customer portal? Our rancid cvs contains both client and internal configs, so I would rather cvs checkout the individual client configs for storage under their specific portal on the remote web server. -- gregory w zill, mba, cissp Information Security Engineer Managed Devices Team ----------------------------- Solutionary, Inc. Making Security Manageable v: 402-361-3066 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20071102/9861dad7/attachment.bin From rancid at gheek.net Fri Nov 2 14:24:43 2007 From: rancid at gheek.net (Lance) Date: Fri, 02 Nov 2007 07:24:43 -0700 Subject: [rancid] Re: Fwd: Dell Powerconnects Message-ID: <20071102072443.8e114e4890519e5179c192e02d6bca26.bb3beaea18.wbe@email.secureserver.net> It looks like ssh is denied or you have the wrong username/password. Make sure you can ssh with that username and password from the same machine you are running rancid from. -Lance > -------- Original Message -------- > Subject: [rancid] Fwd: Dell Powerconnects > From: PhaNtoX > Date: Thu, November 01, 2007 1:22 pm > To: rancid-discuss at shrubbery.net > Just tried this and it doesn't seem to be working im getting this in my > logs. > Trying to get all of the configs. > 172.16.10.161 dlogin error: Error: Connection Refused (ssh) > 172.16.10.161: missed cmd(s): show version,show system,show > running-config,show vlan,dir > 0: found end > 172.16.10.161: End of run not found > ! > ===================================== > Look at the activity on the switch itself its getting a telnet connection > for user unKnown > my .cloginrc looks like this > add autoenable 172.16.10.161 1 > add user 172.16.10.161 admin > add password 172.16.10.161 password > my router.db looks like this > 172.16.10.161:smc:up > And yes this is a cisco like CLI

_______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From sharonabez at yahoo.com Fri Nov 2 15:00:17 2007 From: sharonabez at yahoo.com (abez sharon) Date: Fri, 2 Nov 2007 08:00:17 -0700 (PDT) Subject: [rancid] Re: enable password usage in .cloginrc In-Reply-To: <20071102072655.8e114e4890519e5179c192e02d6bca26.7e2f45eaaf.wbe@email.secureserver.net> Message-ID: <176856.9354.qm@web33312.mail.mud.yahoo.com> Hi Lance, When the .cloginrc file reads : >add user 192.168.20.16 tom >add userpassword 192.168.20.16 tom-password and I execute clogin 192.168.20.16, it outputs: Error in authentication. Error: Check your enable password. ( it fails the enable password authentication) When the .cloginrc file reads: >add user 192.168.20.16 tom >add userpassword 192.168.20.16 tom-password tom-enablepassword and I execute clogin 192.168.20.16, it outputs: Authentication failed. Error: Check your passwd for 192.168.20.16 ( it fails the first level authentication itself) Thanks ahead. --Abez --- Lance wrote: > There are examples of how to configure the .cloginrc > in the > .cloginrc.example file. > > but you are missing it after you regular password. > it should look like > this. > > add userpassword 192.168.1.1 tom-password > tom-enable > > -lance > > > -------- Original Message -------- > > Subject: [rancid] enable password usage in > .cloginrc > > From: abez sharon > > Date: Fri, November 02, 2007 2:19 am > > To: rancid-discuss at shrubbery.net > > Hi, > > Here is the .cloginrc file contents: > > >add user 192.168.1.1 tom > > >add userpassword 192.168.1.1 tom-password > > The 'rancid' user is used to execute the clogin > > command. > > the command used is 'clogin 192.168.1.1' > > It uses tom as the user name to connect and it > also > > uses the tom-password to authenticate > successfully. > > Then it executes the enable command, but is unable > to > > find the password. > > Where and how can I specify the enable password in > the > > .cloginrc file ? > > Thank You. > > Abez > > __________________________________________________ > > Do You Yahoo!? > > Tired of spam? Yahoo! Mail has the best spam > protection around > > http://mail.yahoo.com > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From phantox at gmail.com Fri Nov 2 15:25:28 2007 From: phantox at gmail.com (PhaNtoX) Date: Fri, 2 Nov 2007 10:25:28 -0500 Subject: [rancid] Re: Fwd: Dell Powerconnects In-Reply-To: <20071102072443.8e114e4890519e5179c192e02d6bca26.bb3beaea18.wbe@email.secureserver.net> References: <20071102072443.8e114e4890519e5179c192e02d6bca26.bb3beaea18.wbe@email.secureserver.net> Message-ID: Setup ssh on the switch, verifed I can ssh into the switch with the user and password from the rancid box. However when i try to manually kick off srancid or rancid-run im still getting on the switch. If i try kicking off flogin it connects fine however, I also modified srancid to try to use flogin vs hlogin that actually logs into the switch but fails to go anywhere else. Any other idea's "new ssh connection for user unKnown, source 172.16.10.160 (rancid box)" add autoenable 172.16.10.161 1 add method 172.16.10.161 ssh add user 172.16.10.161 admin add password 172.16.10.161 password On 11/2/07, Lance wrote: > > > It looks like ssh is denied or you have the wrong username/password. > Make sure you can ssh with that username and password from the same > machine you are running rancid from. > > -Lance > > > -------- Original Message -------- > > Subject: [rancid] Fwd: Dell Powerconnects > > From: PhaNtoX > > Date: Thu, November 01, 2007 1:22 pm > > To: rancid-discuss at shrubbery.net > > Just tried this and it doesn't seem to be working im getting this in my > > logs. > > Trying to get all of the configs. > > 172.16.10.161 dlogin error: Error: Connection Refused (ssh) > > 172.16.10.161: missed cmd(s): show version,show system,show > > running-config,show vlan,dir > > 0: found end > > 172.16.10.161: End of run not found > > ! > > ===================================== > > Look at the activity on the switch itself its getting a telnet > connection > > for user unKnown > > my .cloginrc looks like this > > add autoenable 172.16.10.161 1 > > add user 172.16.10.161 admin > > add password 172.16.10.161 password > > my router.db looks like this > > 172.16.10.161:smc:up > > And yes this is a cisco like > CLI

_______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20071102/6b28b419/attachment.html From Brad.Fox at bdk.com Fri Nov 2 15:32:26 2007 From: Brad.Fox at bdk.com (Fox, Brad) Date: Fri, 2 Nov 2007 11:32:26 -0400 Subject: [rancid] Re: enable password usage in .cloginrc In-Reply-To: <176856.9354.qm@web33312.mail.mud.yahoo.com> References: <20071102072655.8e114e4890519e5179c192e02d6bca26.7e2f45eaaf.wbe@email.secureserver.net> <176856.9354.qm@web33312.mail.mud.yahoo.com> Message-ID: Abez, Try for TACACS+ add user username add password Password add autoenable 1 For non-TACACS+ add password User-PW Enable-PW add autoenable 0 If your password has any special characters such as $ put {} around the password as it treats the $ as a variable not as part of your password. Also the .cloginrc file is alpha-numeric sensative so make sure the device is not catching someone elses hostname in ./cloginrc Hope this helps Brad -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of abez sharon Sent: Friday, November 02, 2007 11:00 AM To: Lance Cc: rancid-discuss at shrubbery.net Subject: [rancid] Re: enable password usage in .cloginrc Hi Lance, When the .cloginrc file reads : >add user 192.168.20.16 tom >add userpassword 192.168.20.16 tom-password and I execute clogin 192.168.20.16, it outputs: Error in authentication. Error: Check your enable password. ( it fails the enable password authentication) When the .cloginrc file reads: >add user 192.168.20.16 tom >add userpassword 192.168.20.16 tom-password tom-enablepassword and I execute clogin 192.168.20.16, it outputs: Authentication failed. Error: Check your passwd for 192.168.20.16 ( it fails the first level authentication itself) Thanks ahead. --Abez --- Lance wrote: > There are examples of how to configure the .cloginrc > in the > .cloginrc.example file. > > but you are missing it after you regular password. > it should look like > this. > > add userpassword 192.168.1.1 tom-password > tom-enable > > -lance > > > -------- Original Message -------- > > Subject: [rancid] enable password usage in > .cloginrc > > From: abez sharon > > Date: Fri, November 02, 2007 2:19 am > > To: rancid-discuss at shrubbery.net > > Hi, > > Here is the .cloginrc file contents: > > >add user 192.168.1.1 tom > > >add userpassword 192.168.1.1 tom-password > > The 'rancid' user is used to execute the clogin > > command. > > the command used is 'clogin 192.168.1.1' > > It uses tom as the user name to connect and it > also > > uses the tom-password to authenticate > successfully. > > Then it executes the enable command, but is unable > to > > find the password. > > Where and how can I specify the enable password in > the > > .cloginrc file ? > > Thank You. > > Abez > > __________________________________________________ > > Do You Yahoo!? > > Tired of spam? Yahoo! Mail has the best spam > protection around > > http://mail.yahoo.com > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From rancid at gheek.net Fri Nov 2 16:03:31 2007 From: rancid at gheek.net (Lance) Date: Fri, 02 Nov 2007 09:03:31 -0700 Subject: [rancid] Re: Fwd: Dell Powerconnects Message-ID: <20071102090331.8e114e4890519e5179c192e02d6bca26.055e02f911.wbe@email.secureserver.net> Login to the box via ssh tom at 172.16.10.161. After getting logged in enable. Then log off. Then use a login script to attempt to connect to the same box "172.16.10.161". Make sure to capture all the output from all of that then post back to the list and we might be able to help more. After this we can then try to debug if it is not clear enough...assuming the login script you are using supports the debug switch. -lance > -------- Original Message -------- > Subject: [rancid] Re: Fwd: Dell Powerconnects > From: PhaNtoX > Date: Fri, November 02, 2007 8:25 am > To: rancid-discuss at shrubbery.net > Setup ssh on the switch, verifed I can ssh into the switch with the user and > password from the rancid box. However when i try to manually kick off > srancid or rancid-run im still getting on the switch. If i try kicking off > flogin it connects fine however, I also modified srancid to try to use > flogin vs hlogin that actually logs into the switch but fails to go anywhere > else. Any other idea's > "new ssh connection for user unKnown, source 172.16.10.160 (rancid box)" > add autoenable 172.16.10.161 1 > add method 172.16.10.161 ssh > add user 172.16.10.161 admin > add password 172.16.10.161 password > On 11/2/07, Lance wrote: > > > > > > It looks like ssh is denied or you have the wrong username/password. > > Make sure you can ssh with that username and password from the same > > machine you are running rancid from. > > > > -Lance > > > > > -------- Original Message -------- > > > Subject: [rancid] Fwd: Dell Powerconnects > > > From: PhaNtoX > > > Date: Thu, November 01, 2007 1:22 pm > > > To: rancid-discuss at shrubbery.net > > > Just tried this and it doesn't seem to be working im getting this in my > > > logs. > > > Trying to get all of the configs. > > > 172.16.10.161 dlogin error: Error: Connection Refused (ssh) > > > 172.16.10.161: missed cmd(s): show version,show system,show > > > running-config,show vlan,dir > > > 0: found end > > > 172.16.10.161: End of run not found > > > ! > > > ===================================== > > > Look at the activity on the switch itself its getting a telnet > > connection > > > for user unKnown > > > my .cloginrc looks like this > > > add autoenable 172.16.10.161 1 > > > add user 172.16.10.161 admin > > > add password 172.16.10.161 password > > > my router.db looks like this > > > 172.16.10.161:smc:up > > > And yes this is a cisco like > > CLI

_______________________________________________ > > > Rancid-discuss mailing list > > > Rancid-discuss at shrubbery.net > > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > >

_______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From cgauthie at pcc.edu Fri Nov 2 17:12:57 2007 From: cgauthie at pcc.edu (Chris Gauthier) Date: Fri, 02 Nov 2007 10:12:57 -0700 Subject: [rancid] Re: Fwd: Dell Powerconnects In-Reply-To: <20071102090331.8e114e4890519e5179c192e02d6bca26.055e02f911.wbe@email.secureserver.net> References: <20071102090331.8e114e4890519e5179c192e02d6bca26.055e02f911.wbe@email.secureserver.net> Message-ID: <472B5A99.2040906@pcc.edu> A possibility that might be happening is that if, as I suspect, the switch is OEM'd from Foundry, that SSH is not fully implemented. That has been the case on some Foundry switches I have used. I do not know who the OEM for Dell's networking gear is, though. Chris Gauthier, CCNA, Network+, A+ Network Administration Team Portland Community College Portland, Oregon "For once you have tasted flight you will walk the earth with your eyes turned skywards, for there you have been and there you will long to return." --Leonardo da Vinci Lance wrote: > Login to the box via ssh tom at 172.16.10.161. After getting logged in > enable. Then log off. Then use a login script to attempt to connect to > the same box "172.16.10.161". Make sure to capture all the output from > all of that then post back to the list and we might be able to help > more. > > After this we can then try to debug if it is not clear enough...assuming > the login script you are using supports the debug switch. > > -lance > > >> -------- Original Message -------- >> Subject: [rancid] Re: Fwd: Dell Powerconnects >> From: PhaNtoX >> Date: Fri, November 02, 2007 8:25 am >> To: rancid-discuss at shrubbery.net >> Setup ssh on the switch, verifed I can ssh into the switch with the user and >> password from the rancid box. However when i try to manually kick off >> srancid or rancid-run im still getting on the switch. If i try kicking off >> flogin it connects fine however, I also modified srancid to try to use >> flogin vs hlogin that actually logs into the switch but fails to go anywhere >> else. Any other idea's >> "new ssh connection for user unKnown, source 172.16.10.160 (rancid box)" >> add autoenable 172.16.10.161 1 >> add method 172.16.10.161 ssh >> add user 172.16.10.161 admin >> add password 172.16.10.161 password >> On 11/2/07, Lance wrote: >> >>> It looks like ssh is denied or you have the wrong username/password. >>> Make sure you can ssh with that username and password from the same >>> machine you are running rancid from. >>> >>> -Lance >>> >>> >>>> -------- Original Message -------- >>>> Subject: [rancid] Fwd: Dell Powerconnects >>>> From: PhaNtoX >>>> Date: Thu, November 01, 2007 1:22 pm >>>> To: rancid-discuss at shrubbery.net >>>> Just tried this and it doesn't seem to be working im getting this in my >>>> logs. >>>> Trying to get all of the configs. >>>> 172.16.10.161 dlogin error: Error: Connection Refused (ssh) >>>> 172.16.10.161: missed cmd(s): show version,show system,show >>>> running-config,show vlan,dir >>>> 0: found end >>>> 172.16.10.161: End of run not found >>>> ! >>>> ===================================== >>>> Look at the activity on the switch itself its getting a telnet >>>> >>> connection >>> >>>> for user unKnown >>>> my .cloginrc looks like this >>>> add autoenable 172.16.10.161 1 >>>> add user 172.16.10.161 admin >>>> add password 172.16.10.161 password >>>> my router.db looks like this >>>> 172.16.10.161:smc:up >>>> And yes this is a cisco like >>>> >>> CLI

_______________________________________________ >>> >>>> Rancid-discuss mailing list >>>> Rancid-discuss at shrubbery.net >>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >>>> >>>

_______________________________________________ >>> >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >> > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20071102/88abba98/attachment.html From heas at shrubbery.net Fri Nov 2 17:51:15 2007 From: heas at shrubbery.net (john heasley) Date: Fri, 2 Nov 2007 10:51:15 -0700 Subject: [rancid] Re: Fwd: Dell Powerconnects In-Reply-To: <472B5A99.2040906@pcc.edu> References: <20071102090331.8e114e4890519e5179c192e02d6bca26.055e02f911.wbe@email.secureserver.net> <472B5A99.2040906@pcc.edu> Message-ID: <20071102175115.GC8105@shrubbery.net> right. the dells I've seen were actually SMC OEMs, but like *some* of the HP procurve series, this one appears that it may be a foundry. It is hard to say without seeing the config [and other output]. Fri, Nov 02, 2007 at 10:12:57AM -0700, Chris Gauthier: > A possibility that might be happening is that if, as I suspect, the > switch is OEM'd from Foundry, that SSH is not fully implemented. That > has been the case on some Foundry switches I have used. I do not know > who the OEM for Dell's networking gear is, though. > > Chris Gauthier, CCNA, Network+, A+ > Network Administration Team > Portland Community College > Portland, Oregon > > "For once you have tasted flight you will walk the earth with your eyes > turned skywards, for there you have been and there you will long to return." > --Leonardo da Vinci > > > > Lance wrote: > >Login to the box via ssh tom at 172.16.10.161. After getting logged in > >enable. Then log off. Then use a login script to attempt to connect to > >the same box "172.16.10.161". Make sure to capture all the output from > >all of that then post back to the list and we might be able to help > >more. > > > >After this we can then try to debug if it is not clear enough...assuming > >the login script you are using supports the debug switch. > > > >-lance > > > > > >>-------- Original Message -------- > >>Subject: [rancid] Re: Fwd: Dell Powerconnects > >>From: PhaNtoX > >>Date: Fri, November 02, 2007 8:25 am > >>To: rancid-discuss at shrubbery.net > >>Setup ssh on the switch, verifed I can ssh into the switch with the user > >>and > >>password from the rancid box. However when i try to manually kick off > >>srancid or rancid-run im still getting on the switch. If i try kicking off > >>flogin it connects fine however, I also modified srancid to try to use > >>flogin vs hlogin that actually logs into the switch but fails to go > >>anywhere > >>else. Any other idea's > >> "new ssh connection for user unKnown, source 172.16.10.160 (rancid box)" > >>add autoenable 172.16.10.161 1 > >>add method 172.16.10.161 ssh > >>add user 172.16.10.161 admin > >>add password 172.16.10.161 password > >>On 11/2/07, Lance wrote: > >> > >>>It looks like ssh is denied or you have the wrong username/password. > >>>Make sure you can ssh with that username and password from the same > >>>machine you are running rancid from. > >>> > >>>-Lance > >>> > >>> > >>>>-------- Original Message -------- > >>>>Subject: [rancid] Fwd: Dell Powerconnects > >>>>From: PhaNtoX > >>>>Date: Thu, November 01, 2007 1:22 pm > >>>>To: rancid-discuss at shrubbery.net > >>>>Just tried this and it doesn't seem to be working im getting this in my > >>>>logs. > >>>>Trying to get all of the configs. > >>>>172.16.10.161 dlogin error: Error: Connection Refused (ssh) > >>>>172.16.10.161: missed cmd(s): show version,show system,show > >>>>running-config,show vlan,dir > >>>>0: found end > >>>>172.16.10.161: End of run not found > >>>>! > >>>>===================================== > >>>>Look at the activity on the switch itself its getting a telnet > >>>> > >>>connection > >>> > >>>>for user unKnown > >>>>my .cloginrc looks like this > >>>>add autoenable 172.16.10.161 1 > >>>>add user 172.16.10.161 admin > >>>>add password 172.16.10.161 password > >>>>my router.db looks like this > >>>>172.16.10.161:smc:up > >>>>And yes this is a cisco like > >>>> > >>>CLI

_______________________________________________ > >>> > >>>>Rancid-discuss mailing list > >>>>Rancid-discuss at shrubbery.net > >>>>http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > >>>> > >>>

_______________________________________________ > >>> > >>Rancid-discuss mailing list > >>Rancid-discuss at shrubbery.net > >>http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > >> > > > >_______________________________________________ > >Rancid-discuss mailing list > >Rancid-discuss at shrubbery.net > >http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From rdehbasteh at yahoo.com Sun Nov 4 11:10:52 2007 From: rdehbasteh at yahoo.com (roya dehbateh) Date: Sun, 4 Nov 2007 11:10:52 +0000 (GMT) Subject: [rancid] error no 4 Message-ID: <808997.68033.qm@web30906.mail.mud.yahoo.com> hi I;ve got stuck in a problem for awhile, could you help me? when I type " >> yum install .....(anything) this error is shown : cant find a valid baseurl for repo:extras couldnt retrieve mirrorlist http://mirror.fedoraproject.org/mirrorlist?repo=extras-6&arch=i386 error was Error No 4 . I dont know what should I do. Send instant messages to your online friends http://uk.messenger.yahoo.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20071104/bbbae19b/attachment.html From CBell at thig.com Mon Nov 5 12:15:45 2007 From: CBell at thig.com (Chris Bell) Date: Mon, 5 Nov 2007 07:15:45 -0500 Subject: [rancid] Error in logs after new install Message-ID: <5A7F36775DDD854CB1873E5F790C4D3709F5A043@mailhost.thig.com> Hello, I'm running Rancid 2.3.2a6 on Ubuntu LTS 7.04. This is a first time install for me and I've been able to fight my way through most of it (Linux is fairly new to me). I've got Rancid up and running, and it logs into the devices correctly (save one but I'll figure that out). It does not, however, write the configs to the /home/rancid/var/"mygroup"/configs/"device-ip" folder as expected. When I view the logs at /home/rancid/var/logs/, I get: cvs status: move away `10.1.0.32'; it is in the way cvs status: move away `10.1.0.33'; it is in the way etc... There are about 20 HP switches I have listed in the router.db. I've deleted the files and used rancid-run again, but it errors out the same way each time. When I view the CVS repository, there is no config. The directory and file name for the switch is there, but when checking "Head", it's blank :(. I know I'm missing something stupid but I can't figure out what it is. Permissions? I've done the chmod 600 /home/rancid/.cloginrc and chown: -R rancid:rancid /home/rancid. Thanks in advance for helping a newb. Christopher Bell Network Administrator Tower Hill Insurance Group 352-333-1734 ext 1734 CONFIDENTIAL NOTICE: This email including any attachments, contains confidential information belonging to the sender. It may also be privileged or otherwise protected by work product immunity or other legal rules. This information is intended only for the use of the individual or entity named above. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution or the taking of any action in reliance on the contents of this emailed information is strictly prohibited. If you have received this email in error, please immediately notify us by reply email of the error and then delete this email immediately. From gregoryzill at solutionary.com Mon Nov 5 14:40:16 2007 From: gregoryzill at solutionary.com (Gregory W Zill) Date: Mon, 05 Nov 2007 08:40:16 -0600 Subject: [rancid] log errors In-Reply-To: <20071102090331.8e114e4890519e5179c192e02d6bca26.055e02f911.wbe@email.secureserver.net> References: <20071102090331.8e114e4890519e5179c192e02d6bca26.055e02f911.wbe@email.secureserver.net> Message-ID: <1194273616.6084.21.camel@oddjob> I am consistently getting: /usr/local/rancid/bin/rename: *.new: No such file or directory for both successful *and* unsuccessful rancid-run's in the log file. Could this prevent a newly added router.db entry from succeeding? What file could I touch to eliminate this error? Thanks in advance. -- gregory w zill, mba, cissp Information Security Engineer Managed Devices Team ----------------------------- Solutionary, Inc. Making Security Manageable v: 402-361-3066 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20071105/84a1c4df/attachment.bin From mashcraft at omniture.com Mon Nov 5 16:31:54 2007 From: mashcraft at omniture.com (Mike Ashcraft) Date: Mon, 5 Nov 2007 09:31:54 -0700 Subject: [rancid] Re: Error in logs after new install In-Reply-To: <5A7F36775DDD854CB1873E5F790C4D3709F5A043@mailhost.thig.com> References: <5A7F36775DDD854CB1873E5F790C4D3709F5A043@mailhost.thig.com> Message-ID: <45EB285310B55542A513F93230F0A5330271C631@EXCHANGE0.orm.omniture.com> Chris, This indicates that CVS does not think that /home/rancid/var/"mygroup"/configs/"device-ip" has the same origin as the copy in the repository. The easiest way to fix this is to remove this file and then run `cvs update` within the /home/rancid/var/"mygroup"/configs/ to check out the file. This will establish consistency with the repository. $ cd /home/rancid/var/"mygroup"/configs/ $ rm "device-ip" (repeat for all devices causing this error) $ cvs update If there are errors when running `cvs update` you will need to investigate and resolve these as well. To prevent problems like this, never move or delete files in the configs or CVS directories. Instead, modify the router.db file and let rancid manage these files. rancid will clean up configs for devices removed from the router.db file and create the appropriate files for new devices. Good luck, Mike -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Chris Bell Sent: Monday, November 05, 2007 5:16 AM To: 'Rancid-discuss at shrubbery.net' Subject: [rancid] Error in logs after new install Hello, I'm running Rancid 2.3.2a6 on Ubuntu LTS 7.04. This is a first time install for me and I've been able to fight my way through most of it (Linux is fairly new to me). I've got Rancid up and running, and it logs into the devices correctly (save one but I'll figure that out). It does not, however, write the configs to the /home/rancid/var/"mygroup"/configs/"device-ip" folder as expected. When I view the logs at /home/rancid/var/logs/, I get: cvs status: move away `10.1.0.32'; it is in the way cvs status: move away `10.1.0.33'; it is in the way etc... There are about 20 HP switches I have listed in the router.db. I've deleted the files and used rancid-run again, but it errors out the same way each time. When I view the CVS repository, there is no config. The directory and file name for the switch is there, but when checking "Head", it's blank :(. I know I'm missing something stupid but I can't figure out what it is. Permissions? I've done the chmod 600 /home/rancid/.cloginrc and chown: -R rancid:rancid /home/rancid. Thanks in advance for helping a newb. Christopher Bell Network Administrator Tower Hill Insurance Group 352-333-1734 ext 1734 CONFIDENTIAL NOTICE: This email including any attachments, contains confidential information belonging to the sender. It may also be privileged or otherwise protected by work product immunity or other legal rules. This information is intended only for the use of the individual or entity named above. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution or the taking of any action in reliance on the contents of this emailed information is strictly prohibited. If you have received this email in error, please immediately notify us by reply email of the error and then delete this email immediately. _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From cgauthie at pcc.edu Mon Nov 5 17:47:35 2007 From: cgauthie at pcc.edu (Chris Gauthier) Date: Mon, 05 Nov 2007 09:47:35 -0800 Subject: [rancid] Re: Fwd: Dell Powerconnects In-Reply-To: <20071102175115.GC8105@shrubbery.net> References: <20071102090331.8e114e4890519e5179c192e02d6bca26.055e02f911.wbe@email.secureserver.net> <472B5A99.2040906@pcc.edu> <20071102175115.GC8105@shrubbery.net> Message-ID: <472F5737.9050600@pcc.edu> Yes, some of the HP Procurve line IS actually OEM'd by Foundry, though a recent conversation at the recent Angelbeat conference enlightened me to the fact that HP is now making all of their own stuff. Chris john heasley wrote: > right. the dells I've seen were actually SMC OEMs, but like *some* of the > HP procurve series, this one appears that it may be a foundry. It is hard > to say without seeing the config [and other output]. > > Fri, Nov 02, 2007 at 10:12:57AM -0700, Chris Gauthier: > >> A possibility that might be happening is that if, as I suspect, the >> switch is OEM'd from Foundry, that SSH is not fully implemented. That >> has been the case on some Foundry switches I have used. I do not know >> who the OEM for Dell's networking gear is, though. >> >> Chris Gauthier, CCNA, Network+, A+ >> Network Administration Team >> Portland Community College >> Portland, Oregon >> >> "For once you have tasted flight you will walk the earth with your eyes >> turned skywards, for there you have been and there you will long to return." >> --Leonardo da Vinci >> >> >> >> Lance wrote: >> >>> Login to the box via ssh tom at 172.16.10.161. After getting logged in >>> enable. Then log off. Then use a login script to attempt to connect to >>> the same box "172.16.10.161". Make sure to capture all the output from >>> all of that then post back to the list and we might be able to help >>> more. >>> >>> After this we can then try to debug if it is not clear enough...assuming >>> the login script you are using supports the debug switch. >>> >>> -lance >>> >>> >>> >>>> -------- Original Message -------- >>>> Subject: [rancid] Re: Fwd: Dell Powerconnects >>>> From: PhaNtoX >>>> Date: Fri, November 02, 2007 8:25 am >>>> To: rancid-discuss at shrubbery.net >>>> Setup ssh on the switch, verifed I can ssh into the switch with the user >>>> and >>>> password from the rancid box. However when i try to manually kick off >>>> srancid or rancid-run im still getting on the switch. If i try kicking off >>>> flogin it connects fine however, I also modified srancid to try to use >>>> flogin vs hlogin that actually logs into the switch but fails to go >>>> anywhere >>>> else. Any other idea's >>>> "new ssh connection for user unKnown, source 172.16.10.160 (rancid box)" >>>> add autoenable 172.16.10.161 1 >>>> add method 172.16.10.161 ssh >>>> add user 172.16.10.161 admin >>>> add password 172.16.10.161 password >>>> On 11/2/07, Lance wrote: >>>> >>>> >>>>> It looks like ssh is denied or you have the wrong username/password. >>>>> Make sure you can ssh with that username and password from the same >>>>> machine you are running rancid from. >>>>> >>>>> -Lance >>>>> >>>>> >>>>> >>>>>> -------- Original Message -------- >>>>>> Subject: [rancid] Fwd: Dell Powerconnects >>>>>> From: PhaNtoX >>>>>> Date: Thu, November 01, 2007 1:22 pm >>>>>> To: rancid-discuss at shrubbery.net >>>>>> Just tried this and it doesn't seem to be working im getting this in my >>>>>> logs. >>>>>> Trying to get all of the configs. >>>>>> 172.16.10.161 dlogin error: Error: Connection Refused (ssh) >>>>>> 172.16.10.161: missed cmd(s): show version,show system,show >>>>>> running-config,show vlan,dir >>>>>> 0: found end >>>>>> 172.16.10.161: End of run not found >>>>>> ! >>>>>> ===================================== >>>>>> Look at the activity on the switch itself its getting a telnet >>>>>> >>>>>> >>>>> connection >>>>> >>>>> >>>>>> for user unKnown >>>>>> my .cloginrc looks like this >>>>>> add autoenable 172.16.10.161 1 >>>>>> add user 172.16.10.161 admin >>>>>> add password 172.16.10.161 password >>>>>> my router.db looks like this >>>>>> 172.16.10.161:smc:up >>>>>> And yes this is a cisco like >>>>>> >>>>>> >>>>> CLI

_______________________________________________ >>>>> >>>>> >>>>>> Rancid-discuss mailing list >>>>>> Rancid-discuss at shrubbery.net >>>>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >>>>>> >>>>>> >>>>>

_______________________________________________ >>>>> >>>>> >>>> Rancid-discuss mailing list >>>> Rancid-discuss at shrubbery.net >>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >>>> >>>> >>> _______________________________________________ >>> Rancid-discuss mailing list >>> Rancid-discuss at shrubbery.net >>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >>> >>> > > >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >> > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -- Chris Gauthier, CCNA, Network+, A+ Network Administration Team Portland Community College Portland, Oregon "For once you have tasted flight you will walk the earth with your eyes turned skywards, for there you have been and there you will long to return." --Leonardo da Vinci -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20071105/7ba1cbd8/attachment.html From heas at shrubbery.net Mon Nov 5 18:05:11 2007 From: heas at shrubbery.net (john heasley) Date: Mon, 5 Nov 2007 10:05:11 -0800 Subject: [rancid] Re: Fwd: Dell Powerconnects In-Reply-To: <472F5737.9050600@pcc.edu> References: <20071102090331.8e114e4890519e5179c192e02d6bca26.055e02f911.wbe@email.secureserver.net> <472B5A99.2040906@pcc.edu> <20071102175115.GC8105@shrubbery.net> <472F5737.9050600@pcc.edu> Message-ID: <20071105180511.GH14959@shrubbery.net> Mon, Nov 05, 2007 at 09:47:35AM -0800, Chris Gauthier: > Yes, some of the HP Procurve line IS actually OEM'd by Foundry, though a > recent conversation at the recent Angelbeat conference enlightened me to > the fact that HP is now making all of their own stuff. So, which is worse, hp or foundry? From rob at techniumcast.com Tue Nov 6 09:43:02 2007 From: rob at techniumcast.com (Rob Shepherd) Date: Tue, 06 Nov 2007 09:43:02 +0000 Subject: [rancid] DEVEL: FWSM and Vyatta support Message-ID: <47303726.9020701@techniumcast.com> Dear Rancid users, I'd like to tackle the much talked of support for FWSM multi-context configurations. I'll also try and add support for vyatta OFR PC-Based routers. I have one of these now. So far, impressed and happy with it. I'm unfamiliar with the architecture of rancid and I'm not a perl programmer, but I am a competant developer. Thus i'll need just a bit of handholding to begin with. If anybody has drawn up any ideas thus far, i'd happily start there, as I have not made a start. I will try for dynamic retreival of FWSM contexts, but I'd be happy ending up just doing a static context list(i.e. with a prepoulated list of context somehow - I don't add contexts very often). CAST your votes now..... 1. Could somebody tell me if there is a CVS server for development of rancid 2. Could somebody hint at which version to devel from. should I apply any of the patches available from the main site (I don't know what they do) 3. Please can somebody who has familiarity maybe take some timeout to point out the hunks of code that will need touching 4. Is anybody out there willing to test either of the proposed systems. As for vyatta devices, this just uses an unix SSH connection, to a custom login shell. Attached is sample output for a config retrieval. I can't imagine why I couldn't add support for this.... if somebody can cast an knowledgeable eye and point out any problems before I begin, I would appreciate it. As usual, anything which will help me is greatly appreicated. Cheers Rob -- Rob Shepherd BEng PhD | Computer and Network Engineer | CAST Ltd Technium CAST | LL57 4HJ | http://www.techniumcast.com rob at techniumcast.com | 01248 675024 | 077988 72480 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20071106/1ca23f05/attachment.html From gregoryzill at solutionary.com Tue Nov 6 16:51:06 2007 From: gregoryzill at solutionary.com (Gregory W Zill) Date: Tue, 06 Nov 2007 10:51:06 -0600 Subject: [rancid] manual config adds Message-ID: <1194367866.9187.110.camel@oddjob> Can I manually add some one-off systems into the rancid CVS? A linux iptables config, or some DNS zone files, or other process config files for example? Using some CVS UPDATE commands I imagine, but then some manual tickling of the rancid stuff to update the versioning since rancid itself won't be talking to these one-off devices. Sorry I am such a CVS noob. Any thoughts appreciated. -- gregory w zill, mba, cissp Information Security Engineer Managed Devices Team ----------------------------- Solutionary, Inc. Making Security Manageable v: 402-361-3066 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20071106/b6bc1d97/attachment.bin From mashcraft at omniture.com Tue Nov 6 17:57:13 2007 From: mashcraft at omniture.com (Mike Ashcraft) Date: Tue, 6 Nov 2007 10:57:13 -0700 Subject: [rancid] Re: manual config adds In-Reply-To: <1194367866.9187.110.camel@oddjob> References: <1194367866.9187.110.camel@oddjob> Message-ID: <45EB285310B55542A513F93230F0A5330294AC3A@EXCHANGE0.orm.omniture.com> The short answer is "yes". The F5 BigIP support I hacked could be easily modified to pull these items from a linux server via ssh by just changing the command list and using the ConfFile function to process the output. For example: ('iptables -L' => 'ConfFile'), ('cat /var/named/somedomain.db' => 'ConfFile'). This would require a custom device type and custom rancid script for each but would give you the Rancid automation you may be looking for. I would recommend a more standard implementation but it would require learning CVS: You can create a new project in your CVS repository and manually check files in/out of this project as you mentioned. This is really a CVS question so I recommend you go to the CVS documentation for details on setting this up. There is also a great CVS quick reference card available in pdf format. You can 'cheat' a little by using rancid-cvs to setup your project and sourcing rancid.conf to setup your environment but not understanding what these do could limit your abilities to expand the scope. Once you have the project setup, you can schedule a cron jobs on the server where the iptables, zone files etc, live that checks the current versions into the CVS repository over the network. If you follow the CVS model for your zone files, you would edit and test them in a sandbox (test server), check them in to CVS and then check them out on the live server as your deployment method. Good luck, Mike -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Gregory W Zill Sent: Tuesday, November 06, 2007 9:51 AM To: rancid-discuss Subject: [rancid] manual config adds Can I manually add some one-off systems into the rancid CVS? A linux iptables config, or some DNS zone files, or other process config files for example? Using some CVS UPDATE commands I imagine, but then some manual tickling of the rancid stuff to update the versioning since rancid itself won't be talking to these one-off devices. Sorry I am such a CVS noob. Any thoughts appreciated. -- gregory w zill, mba, cissp Information Security Engineer Managed Devices Team ----------------------------- Solutionary, Inc. Making Security Manageable v: 402-361-3066 From thecomputerking at gmail.com Mon Nov 5 16:19:21 2007 From: thecomputerking at gmail.com (Riley Tompkins) Date: Mon, 5 Nov 2007 11:19:21 -0500 Subject: [rancid] Re: Error in logs after new install In-Reply-To: <5A7F36775DDD854CB1873E5F790C4D3709F5A043@mailhost.thig.com> References: <5A7F36775DDD854CB1873E5F790C4D3709F5A043@mailhost.thig.com> Message-ID: <337a72540711050819l41fd831fr718de4473e38afc7@mail.gmail.com> Maybe the archives can help? http://www.shrubbery.net/pipermail/rancid-discuss/2007-August/002446.html "I fixed my issue. I deleted all config files in my repository and did cvs update. Then run rancid-run fresh and it created new version entry and things are well now." I am a SVN man myself... Regards, -Charles On 11/5/07, Chris Bell wrote: > Hello, > > I'm running Rancid 2.3.2a6 on Ubuntu LTS 7.04. This is a first time install > for me and I've been able to fight my way through most of it (Linux is > fairly new to me). I've got Rancid up and running, and it logs into the > devices correctly (save one but I'll figure that out). > > It does not, however, write the configs to the > /home/rancid/var/"mygroup"/configs/"device-ip" folder as expected. When I > view the logs at /home/rancid/var/logs/, I get: > > cvs status: move away `10.1.0.32'; it is in the way > cvs status: move away `10.1.0.33'; it is in the way > etc... > > There are about 20 HP switches I have listed in the router.db. I've deleted > the files and used rancid-run again, but it errors out the same way each > time. When I view the CVS repository, there is no config. The directory > and file name for the switch is there, but when checking "Head", it's blank > :(. > > I know I'm missing something stupid but I can't figure out what it is. > Permissions? I've done the chmod 600 /home/rancid/.cloginrc and chown: -R > rancid:rancid /home/rancid. > > Thanks in advance for helping a newb. > > Christopher Bell > Network Administrator > Tower Hill Insurance Group > 352-333-1734 > ext 1734 > > > > > CONFIDENTIAL NOTICE: This email including any attachments, contains > confidential information belonging to the sender. It may also be > privileged or otherwise protected by work product immunity or other > legal rules. This information is intended only for the use of the > individual or entity named above. If you are not the intended > recipient, you are hereby notified that any disclosure, copying, > distribution or the taking of any action in reliance on the contents > of this emailed information is strictly prohibited. If you have > received this email in error, please immediately notify us by > reply email of the error and then delete this email immediately. > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > From djrobertsonusa at netscape.net Fri Nov 9 00:31:46 2007 From: djrobertsonusa at netscape.net (djrobertsonusa at netscape.net) Date: Thu, 08 Nov 2007 19:31:46 -0500 Subject: [rancid] Installation issues Message-ID: <8C9F07F0B7EB87D-274-303@WEBMAIL-MB12.sysops.aol.com> I am trying to install Rancid onto a Ubuntu 7.10 client system. I guess my first question is, is this system supported?? If yes then I cannot understand why I am getting the following error. I followed the installation instructions listed at this URL http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch1_:_Network_Backups_With_Rancid Everything went well until I got to the step? ./configure --prefix=/usr/local/rancid/ I then get this error and cannot go forward ------------------------------------------------------------------------------------------------------------- root at laptop:/usr/local/rancid/tar/rancid-2.3.2a2# ./configure checking for a BSD-compatible install... /usr/bin/install -c checking whether build environment is sane... yes checking for gawk... gawk checking whether make sets $(MAKE)... yes checking for gmake... no checking for make... /usr/bin/make checking whether /usr/bin/make sets $(MAKE)... yes checking for gcc... gcc checking for C compiler default output file name... configure: error: C compiler cannot create executables See `config.log' for more details. --------------------------------------------------------------------------------------------------------------- I have attached the config.log file. When I look through it it does not present any clues to the issue. Please help Thanks ________________________________________________________________________ Check Out the new free AIM(R) Mail -- Unlimited storage and industry-leading spam and email virus protection. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20071108/62ca3ada/attachment.html -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: Rancid-config.log.txt Url: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20071108/62ca3ada/attachment.txt From joaje at dongenergy.dk Fri Nov 9 09:46:51 2007 From: joaje at dongenergy.dk (Joachim Jerberg Jensen) Date: Fri, 9 Nov 2007 10:46:51 +0100 Subject: [rancid] clogin on extreme X450 In-Reply-To: <8C9F07F0B7EB87D-274-303@WEBMAIL-MB12.sysops.aol.com> References: <8C9F07F0B7EB87D-274-303@WEBMAIL-MB12.sysops.aol.com> Message-ID: <8DBE4A01414BDD409232EF0C48A87E1B0187AA84@CLU01EX.de-prod.dk> Hi, I have problems with doing clogin into extreme X450 switches doing TACACS authentication. ExtremeXOS version 11.6.3.5 When I login it get following: [rancid at ns1 ~]$ clogin 10.2.0.31 10.2.0.31 spawn telnet 10.2.0.31 Trying 10.2.0.31... Connected to 10.2.0.31 Escape character is '^]'. telnet session telnet0 on /dev/ptyb0 login: rancid password: Login incorrect login: mypassword password: Login incorrect login: mypassword password: Login incorrect Maximum number of login attempts reached! Connection closed by foreign host. My .cloginrc file: ############## add autoenable * {1} add user * {rancid} add password * {mypassword} #add userprompt * {"login:"} #add passprompt * {"password:"} ############## It seems like it doesn't apply the password after the login, but applies the password as username instead.. I have tried rancid-2.3.1 and rancid-2.3.2a7, same problem... I can login manually with login and password with no problem. Anyone have a hint? Best regards Joachim Jerberg Jensen From joaje at dongenergy.dk Fri Nov 9 10:45:44 2007 From: joaje at dongenergy.dk (Joachim Jerberg Jensen) Date: Fri, 9 Nov 2007 11:45:44 +0100 Subject: [rancid] Re: clogin on extreme X450 In-Reply-To: <8DBE4A01414BDD409232EF0C48A87E1B0187AA84@CLU01EX.de-prod.dk> References: <8C9F07F0B7EB87D-274-303@WEBMAIL-MB12.sysops.aol.com> <8DBE4A01414BDD409232EF0C48A87E1B0187AA84@CLU01EX.de-prod.dk> Message-ID: <8DBE4A01414BDD409232EF0C48A87E1B018C13B0@CLU01EX.de-prod.dk> Hey, With a hint from a friend on the list, I made it work. Jlogin works like a charm :) /Joachim Jerberg Jensen -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Joachim Jerberg Jensen Sent: Friday, November 09, 2007 10:47 AM To: rancid-discuss at shrubbery.net Subject: [rancid] clogin on extreme X450 Hi, I have problems with doing clogin into extreme X450 switches doing TACACS authentication. ExtremeXOS version 11.6.3.5 When I login it get following: [rancid at ns1 ~]$ clogin 10.2.0.31 10.2.0.31 spawn telnet 10.2.0.31 Trying 10.2.0.31... Connected to 10.2.0.31 Escape character is '^]'. telnet session telnet0 on /dev/ptyb0 login: rancid password: Login incorrect login: mypassword password: Login incorrect login: mypassword password: Login incorrect Maximum number of login attempts reached! Connection closed by foreign host. My .cloginrc file: ############## add autoenable * {1} add user * {rancid} add password * {mypassword} #add userprompt * {"login:"} #add passprompt * {"password:"} ############## It seems like it doesn't apply the password after the login, but applies the password as username instead.. I have tried rancid-2.3.1 and rancid-2.3.2a7, same problem... I can login manually with login and password with no problem. Anyone have a hint? Best regards Joachim Jerberg Jensen _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From gregoryzill at solutionary.com Fri Nov 9 13:45:11 2007 From: gregoryzill at solutionary.com (Gregory W Zill) Date: Fri, 09 Nov 2007 07:45:11 -0600 Subject: [rancid] Re: Installation issues In-Reply-To: <8C9F07F0B7EB87D-274-303@WEBMAIL-MB12.sysops.aol.com> References: <8C9F07F0B7EB87D-274-303@WEBMAIL-MB12.sysops.aol.com> Message-ID: <1194615912.6699.46.camel@oddjob.corp.solutionary.com> "sudo apt-get install g++" On Thu, 2007-11-08 at 19:31 -0500, djrobertsonusa at netscape.net wrote: > I am trying to install Rancid onto a Ubuntu 7.10 client system. I > guess my first question is, is this system supported?? > checking for gcc... gcc > checking for C compiler default output file name... configure: error: > C compiler cannot create executables -- gregory w zill, mba, cissp Information Security Engineer Managed Devices Team ----------------------------- Solutionary, Inc. Making Security Manageable v: 402-361-3066 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20071109/1a74c1c9/attachment.bin From juancarloshuerta at gmail.com Mon Nov 12 19:56:56 2007 From: juancarloshuerta at gmail.com (Juan Carlos Huerta) Date: Mon, 12 Nov 2007 13:56:56 -0600 Subject: [rancid] Blogin support for Nortel 5520 Message-ID: <60e5bf4c0711121156h79832f2k755ed8504be211d5@mail.gmail.com> Hi all, Is there any support with blogin to Nortel siwtches with UI? (in my case 5520). I want to connect to it using blogin, but the problem is that when I try to ssh my switch it shows an UI (Press Ctrl+Y, use arrow keys, etc) Any idea how to do that with blogin? Thanks! -- Juan Carlos -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20071112/daaf457a/attachment.html From danm at prime.gushi.org Tue Nov 13 22:38:48 2007 From: danm at prime.gushi.org (Dan Mahoney, System Admin) Date: Tue, 13 Nov 2007 17:38:48 -0500 (EST) Subject: [rancid] Required .cloginrc file? Message-ID: <20071113173639.G76536@prime.gushi.org> Hello all, Is there a command line switch that will disable the need to have a .cloginrc file? I'm using clogin to do maintenance tasks and it's being fed by a sql database, but the uid the code is running as has a nonexistent home dierctory (I could change this, don't see why I should need it). All my options come from the command line. -Dan Mahoney -- --------Dan Mahoney-------- Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org --------------------------- From heas at shrubbery.net Tue Nov 13 22:59:32 2007 From: heas at shrubbery.net (john heasley) Date: Tue, 13 Nov 2007 14:59:32 -0800 Subject: [rancid] Re: Required .cloginrc file? In-Reply-To: <20071113173639.G76536@prime.gushi.org> References: <20071113173639.G76536@prime.gushi.org> Message-ID: <20071113225932.GA20650@shrubbery.net> clogin -f /dev/null ? Tue, Nov 13, 2007 at 05:38:48PM -0500, Dan Mahoney, System Admin: > Hello all, > > Is there a command line switch that will disable the need to have a > .cloginrc file? > > I'm using clogin to do maintenance tasks and it's being fed by a sql > database, but the uid the code is running as has a nonexistent home > dierctory (I could change this, don't see why I should need it). All my > options come from the command line. > > -Dan Mahoney > > -- > > --------Dan Mahoney-------- > Techie, Sysadmin, WebGeek > Gushi on efnet/undernet IRC > ICQ: 13735144 AIM: LarpGM > Site: http://www.gushi.org > --------------------------- > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From danm at prime.gushi.org Tue Nov 13 23:29:22 2007 From: danm at prime.gushi.org (Dan Mahoney, System Admin) Date: Tue, 13 Nov 2007 18:29:22 -0500 (EST) Subject: [rancid] Re: Required .cloginrc file? In-Reply-To: <20071113225932.GA20650@shrubbery.net> References: <20071113173639.G76536@prime.gushi.org> <20071113225932.GA20650@shrubbery.net> Message-ID: On Tue, 13 Nov 2007, john heasley wrote: > clogin -f /dev/null ? Error: /dev/null must not be world readable/writable -Dan > > Tue, Nov 13, 2007 at 05:38:48PM -0500, Dan Mahoney, System Admin: >> Hello all, >> >> Is there a command line switch that will disable the need to have a >> .cloginrc file? >> >> I'm using clogin to do maintenance tasks and it's being fed by a sql >> database, but the uid the code is running as has a nonexistent home >> dierctory (I could change this, don't see why I should need it). All my >> options come from the command line. >> >> -Dan Mahoney >> >> -- >> >> --------Dan Mahoney-------- >> Techie, Sysadmin, WebGeek >> Gushi on efnet/undernet IRC >> ICQ: 13735144 AIM: LarpGM >> Site: http://www.gushi.org >> --------------------------- >> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -- "Little tramp sits in her room all day, sewing dolls! Children misbehaving in the basement, and one in the walls, doing his business God knows where! You children will be the death of me, *sniff*." 'Mommy', The People Under The Stairs --------Dan Mahoney-------- Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org --------------------------- From heas at shrubbery.net Wed Nov 14 01:35:22 2007 From: heas at shrubbery.net (john heasley) Date: Tue, 13 Nov 2007 17:35:22 -0800 Subject: [rancid] Re: Required .cloginrc file? In-Reply-To: References: <20071113173639.G76536@prime.gushi.org> <20071113225932.GA20650@shrubbery.net> Message-ID: <20071114013522.GT20650@shrubbery.net> Tue, Nov 13, 2007 at 06:29:22PM -0500, Dan Mahoney, System Admin: > On Tue, 13 Nov 2007, john heasley wrote: > > >clogin -f /dev/null ? > > Error: /dev/null must not be world readable/writable oh, right. sorry. create an empty file, the reading of it will have to be changed in the script. > -Dan > > > > >Tue, Nov 13, 2007 at 05:38:48PM -0500, Dan Mahoney, System Admin: > >>Hello all, > >> > >>Is there a command line switch that will disable the need to have a > >>.cloginrc file? > >> > >>I'm using clogin to do maintenance tasks and it's being fed by a sql > >>database, but the uid the code is running as has a nonexistent home > >>dierctory (I could change this, don't see why I should need it). All my > >>options come from the command line. > >> > >>-Dan Mahoney > >> > >>-- > >> > >>--------Dan Mahoney-------- > >>Techie, Sysadmin, WebGeek > >>Gushi on efnet/undernet IRC > >>ICQ: 13735144 AIM: LarpGM > >>Site: http://www.gushi.org > >>--------------------------- > >> > >>_______________________________________________ > >>Rancid-discuss mailing list > >>Rancid-discuss at shrubbery.net > >>http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > > -- > > "Little tramp sits in her room all day, sewing dolls! Children > misbehaving in the basement, and one in the walls, doing his business God > knows where! You children will be the death of me, *sniff*." > > 'Mommy', The People Under The Stairs > > > --------Dan Mahoney-------- > Techie, Sysadmin, WebGeek > Gushi on efnet/undernet IRC > ICQ: 13735144 AIM: LarpGM > Site: http://www.gushi.org > --------------------------- From cmoody at qualcomm.com Wed Nov 14 01:40:58 2007 From: cmoody at qualcomm.com (Chris Moody) Date: Tue, 13 Nov 2007 17:40:58 -0800 Subject: [rancid] Re: Required .cloginrc file? In-Reply-To: <20071114013522.GT20650@shrubbery.net> References: <20071113173639.G76536@prime.gushi.org> <20071113225932.GA20650@shrubbery.net> <20071114013522.GT20650@shrubbery.net> Message-ID: <473A522A.7020305@qualcomm.com> I have a routine rebuild the .cloginrc file based on what I'm storing in the DB. -Chris john heasley wrote: > Tue, Nov 13, 2007 at 06:29:22PM -0500, Dan Mahoney, System Admin: >> On Tue, 13 Nov 2007, john heasley wrote: >> >>> clogin -f /dev/null ? >> Error: /dev/null must not be world readable/writable > > oh, right. sorry. create an empty file, the reading of it will have to > be changed in the script. > >> -Dan >> >>> Tue, Nov 13, 2007 at 05:38:48PM -0500, Dan Mahoney, System Admin: >>>> Hello all, >>>> >>>> Is there a command line switch that will disable the need to have a >>>> .cloginrc file? >>>> >>>> I'm using clogin to do maintenance tasks and it's being fed by a sql >>>> database, but the uid the code is running as has a nonexistent home >>>> dierctory (I could change this, don't see why I should need it). All my >>>> options come from the command line. >>>> >>>> -Dan Mahoney >>>> >>>> -- >>>> >>>> --------Dan Mahoney-------- >>>> Techie, Sysadmin, WebGeek >>>> Gushi on efnet/undernet IRC >>>> ICQ: 13735144 AIM: LarpGM >>>> Site: http://www.gushi.org >>>> --------------------------- >>>> >>>> _______________________________________________ >>>> Rancid-discuss mailing list >>>> Rancid-discuss at shrubbery.net >>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >> -- >> >> "Little tramp sits in her room all day, sewing dolls! Children >> misbehaving in the basement, and one in the walls, doing his business God >> knows where! You children will be the death of me, *sniff*." >> >> 'Mommy', The People Under The Stairs >> >> >> --------Dan Mahoney-------- >> Techie, Sysadmin, WebGeek >> Gushi on efnet/undernet IRC >> ICQ: 13735144 AIM: LarpGM >> Site: http://www.gushi.org >> --------------------------- > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > From juancarloshuerta at gmail.com Wed Nov 14 02:21:34 2007 From: juancarloshuerta at gmail.com (Juan Carlos Huerta) Date: Tue, 13 Nov 2007 20:21:34 -0600 Subject: [rancid] Re: Blogin support for Nortel 5520 In-Reply-To: <20071114015205.GX20650@shrubbery.net> References: <60e5bf4c0711121156h79832f2k755ed8504be211d5@mail.gmail.com> <20071114015205.GX20650@shrubbery.net> Message-ID: <60e5bf4c0711131821o642f40bcj1333aa7ecef9b607@mail.gmail.com> I'm working in a little modification to blogin to support this, I'll let you know any update. On Nov 13, 2007 7:52 PM, john heasley wrote: > Mon, Nov 12, 2007 at 01:56:56PM -0600, Juan Carlos Huerta: > > Hi all, > > > > Is there any support with blogin to Nortel siwtches with UI? (in my case > > 5520). I want to connect to it using blogin, but the problem is that > when I > > try to ssh my switch it shows an UI (Press Ctrl+Y, use arrow keys, etc) > > sorry, such UIs are not supported. > -- Juan Carlos -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20071113/dcd21e76/attachment.html From heas at shrubbery.net Wed Nov 14 17:03:08 2007 From: heas at shrubbery.net (john heasley) Date: Wed, 14 Nov 2007 09:03:08 -0800 Subject: [rancid] Re: clogin on extreme X450 In-Reply-To: <8DBE4A01414BDD409232EF0C48A87E1B018C13B0@CLU01EX.de-prod.dk> References: <8C9F07F0B7EB87D-274-303@WEBMAIL-MB12.sysops.aol.com> <8DBE4A01414BDD409232EF0C48A87E1B0187AA84@CLU01EX.de-prod.dk> <8DBE4A01414BDD409232EF0C48A87E1B018C13B0@CLU01EX.de-prod.dk> Message-ID: <20071114170308.GC15223@shrubbery.net> I do not see why clogin would not have worked, unless you have a rogue userpassword else where in your cloginrc. you can add "exp_internal 1" just before the main loop to see what it is doing. Fri, Nov 09, 2007 at 11:45:44AM +0100, Joachim Jerberg Jensen: > Hey, > > With a hint from a friend on the list, I made it work. > Jlogin works like a charm :) > > /Joachim Jerberg Jensen > > > -----Original Message----- > From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Joachim Jerberg Jensen > Sent: Friday, November 09, 2007 10:47 AM > To: rancid-discuss at shrubbery.net > Subject: [rancid] clogin on extreme X450 > > Hi, > > I have problems with doing clogin into extreme X450 switches doing TACACS authentication. ExtremeXOS version 11.6.3.5 > > When I login it get following: > > [rancid at ns1 ~]$ clogin 10.2.0.31 > 10.2.0.31 > spawn telnet 10.2.0.31 > Trying 10.2.0.31... > Connected to 10.2.0.31 > Escape character is '^]'. > > telnet session telnet0 on /dev/ptyb0 > > login: rancid > password: > > Login incorrect > login: mypassword > password: > > Login incorrect > login: mypassword > password: > > Login incorrect > Maximum number of login attempts reached! > Connection closed by foreign host. > > My .cloginrc file: > > ############## > add autoenable * {1} > add user * {rancid} > add password * {mypassword} > > #add userprompt * {"login:"} > #add passprompt * {"password:"} > ############## > > It seems like it doesn't apply the password after the login, but applies the password as username instead.. > I have tried rancid-2.3.1 and rancid-2.3.2a7, same problem... > > I can login manually with login and password with no problem. > > Anyone have a hint? > > Best regards > Joachim Jerberg Jensen > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From rob at techniumcast.com Wed Nov 14 17:31:07 2007 From: rob at techniumcast.com (Rob Shepherd) Date: Wed, 14 Nov 2007 17:31:07 +0000 Subject: [rancid] DEVEL: FWSM and Vyatta support [2] Message-ID: <473B30DB.7090106@techniumcast.com> [ Copy of msg sent 06/11/2007 0943 GMT ] [ I've had no responses but I'm still keen to progress this ] [ Anybody with any thoughts please speak now ] [ Original follows ] Dear Rancid users, I'd like to tackle the much talked of support for FWSM multi-context configurations. I'll also try and add support for vyatta OFR PC-Based routers. I have one of these now. So far, impressed and happy with it. I'm unfamiliar with the architecture of rancid and I'm not a perl programmer, but I am a competant developer. Thus i'll need just a bit of handholding to begin with. If anybody has drawn up any ideas thus far, i'd happily start there, as I have not made a start. I will try for dynamic retreival of FWSM contexts, but I'd be happy ending up just doing a static context list(i.e. with a prepoulated list of context somehow - I don't add contexts very often). CAST your votes now..... 1. Could somebody tell me if there is a CVS server for development of rancid 2. Could somebody hint at which version to devel from. should I apply any of the patches available from the main site (I don't know what they do) 3. Please can somebody who has familiarity maybe take some timeout to point out the hunks of code that will need touching 4. Is anybody out there willing to test either of the proposed systems. As for vyatta devices, this just uses an unix SSH connection, to a custom login shell. Attached is sample output for a config retrieval. I can't imagine why I couldn't add support for this.... if somebody can cast an knowledgeable eye and point out any problems before I begin, I would appreciate it. As usual, anything which will help me is greatly appreicated. Cheers Rob -- Rob Shepherd BEng PhD | Computer and Network Engineer | CAST Ltd Technium CAST | LL57 4HJ | http://www.techniumcast.com rob at techniumcast.com | 01248 675024 | 077988 72480 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20071114/d315d6f8/attachment.html From heas at shrubbery.net Wed Nov 14 17:45:01 2007 From: heas at shrubbery.net (john heasley) Date: Wed, 14 Nov 2007 09:45:01 -0800 Subject: [rancid] Re: Rancid without radius In-Reply-To: <200710051148.00114.wmuriithi@iwayafrica.com> References: <200710051148.00114.wmuriithi@iwayafrica.com> Message-ID: <20071114174501.GI15223@shrubbery.net> Fri, Oct 05, 2007 at 11:48:00AM +0300, William Muriithi: > Hallo pals, > > I have a quick question that I don't seem to find answer from google search. > We have issues setting up radius such that if radius is unavailable, the NAS > can fall back to the local account. Yeah yeah, the last option in aaa command > should be local, but for some reason, its not working. This mean we are > still using local accounts > > Now, I am attempting to backup a pix device. The backup account is local and > with enable 5 rights. The network guys have decided its not wise to give this > account enable 15 access. > > The problem is, I am not able to have rancid log in to the pix device with > enable 5 permission. Is anyone aware of how to achieve this? I would be > grateful for any pointer? My guess would be that level 5 changes the prompt to '#', which clogin will believe is already enabled. I'd just leave it with level 1 and let clogin do the enable to 15. OR, perhaps enable doesn't automatically move you from a level of >1 && <15 to level 15. I don't know, >1 && <15 have always seemed pointless, so I've never experimented. From joaje at dongenergy.dk Thu Nov 15 09:20:07 2007 From: joaje at dongenergy.dk (Joachim Jerberg Jensen) Date: Thu, 15 Nov 2007 10:20:07 +0100 Subject: [rancid] Re: clogin on extreme X450 In-Reply-To: <20071114170308.GC15223@shrubbery.net> References: <8C9F07F0B7EB87D-274-303@WEBMAIL-MB12.sysops.aol.com> <8DBE4A01414BDD409232EF0C48A87E1B0187AA84@CLU01EX.de-prod.dk> <8DBE4A01414BDD409232EF0C48A87E1B018C13B0@CLU01EX.de-prod.dk> <20071114170308.GC15223@shrubbery.net> Message-ID: <8DBE4A01414BDD409232EF0C48A87E1B0191322D@CLU01EX.de-prod.dk> >From: john heasley [mailto:heas at shrubbery.net] > > I do not see why clogin would not have worked, unless you have a rogue > userpassword else where in your cloginrc. you can add "exp_internal 1" > just before the main loop to see what it is doing. You are absolutely right.. So I started the expect script in debug mode.. And it seems like it does not match the first "login:" prompt, even though the regexp. should match.!? 3. time it tries to login, it matches, if I add a "sleep 1" timer just before. I also had to change the xrancid script, because the $found_end never becomes set. if (/^# Module vrrp configuration./i) { printf STDERR " End WriteTerm: $_" if ($debug); $found_end = 1; return(0); } Fortunately I don't use vrrp :-) Br Joachim Jerberg Jensen This is the debug output: [rancid at ns1 bin]$ cat scriptfile.txt Script started on Fri 09 Nov 2007 02:19:30 PM CET [rancid at ns1 bin]$ clogin 10.2.0.31 expect version 5.43.0 argv[0] = /usr/bin/expect argv[1] = -d argv[2] = /home/rancid/rancid/bin/clogin argv[3] = 10.2.0.31 set argc 1 set argv0 "/home/rancid/rancid/bin/clogin" set argv "10.2.0.31" executing commands from command file /home/rancid/rancid/bin/clogin 10.2.0.31 spawn telnet 10.2.0.31 23 parent: waiting for sync byte parent: telling child to go ahead parent: now unsynchronized from child spawn: returns {17811} expect: does "" (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no "(Connection closed by|Connection to [^\n\r]+ closed)"? no expect: does "" (spawn_id exp6) match glob pattern "unknown host\r"? no expect: does "" (spawn_id exp6) match glob pattern "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no "Offending key for .* (yes/no)?"? no "(denied|Sorry)"? no "Login failed"? no "% (Bad passwords|Authentication failed)"? no "Press any key to continue."? no "Enter Selection: "? no "Last login:"? no "@[^\r\n]+ password:"? no "(Username|Login|login|user name):"? no "password:"? no "(#| $enable$)"? no "Login invalid"? no Trying 10.2.0.31... Connected to BRY_X450_01.MYNETWORK.ftth (10.2.0.31). Escape character is '^]'. expect: does "Trying 10.2.0.31...\r\r\nConnected to BRY_X450_01.MYNETWORK.ftth (10.2.0.31).\r\r\nEscape character is '^]'.\r\r\n" (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no "(Connection closed by|Connection to [^\n\r]+ closed)"? no expect: does "Trying 10.2.0.31...\r\r\nConnected to BRY_X450_01.MYNETWORK.ftth (10.2.0.31).\r\r\nEscape character is '^]'.\r\r\n" (spawn_id exp6) match glob pattern "unknown host\r"? no expect: does "Trying 10.2.0.31...\r\r\nConnected to BRY_X450_01.MYNETWORK.ftth (10.2.0.31).\r\r\nEscape character is '^]'.\r\r\n" (spawn_id exp6) match glob pattern "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no "Offending key for .* (yes/no)?"? no "(denied|Sorry)"? no "Login failed"? no "% (Bad passwords|Authentication failed)"? no "Press any key to continue."? no "Enter Selection: "? no "Last login:"? no "@[^\r\n]+ password:"? no "(Username|Login|login|user name):"? no "password:"? no "(#| $enable$)"? no "Login invalid"? no telnet session telnet0 on /dev/ptyb0 login: expect: does "Trying 10.2.0.31...\r\r\nConnected to BRY_X450_01.MYNETWORK.ftth (10.2.0.31).\r\r\nEscape character is '^]'.\r\r\n\r\ntelnet session telnet0 on /dev/ptyb0\r\n\r\nlogin: " (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no "(Connection closed by|Connection to [^\n\r]+ closed)"? no expect: does "Trying 10.2.0.31...\r\r\nConnected to BRY_X450_01.MYNETWORK.ftth (10.2.0.31).\r\r\nEscape character is '^]'.\r\r\n\r\ntelnet session telnet0 on /dev/ptyb0\r\n\r\nlogin: " (spawn_id exp6) match glob pattern "unknown host\r"? no expect: does "Trying 10.2.0.31...\r\r\nConnected to BRY_X450_01.MYNETWORK.ftth (10.2.0.31).\r\r\nEscape character is '^]'.\r\r\n\r\ntelnet session telnet0 on /dev/ptyb0\r\n\r\nlogin: " (spawn_id exp6) match glob pattern "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no "Offending key for .* (yes/no)?"? no "(denied|Sorry)"? no "Login failed"? no "% (Bad passwords|Authentication failed)"? no "Press any key to continue."? no "Enter Selection: "? no "Last login:"? no "@[^\r\n]+ password:"? no "(Username|Login|login|user name):"? yes expect: set expect_out(0,string) "login:" expect: set expect_out(1,string) "login" expect: set expect_out(spawn_id) "exp6" expect: set expect_out(buffer) "Trying 10.2.0.31...\r\r\nConnected to BRY_X450_01.MYNETWORK.ftth (10.2.0.31).\r\r\nEscape character is '^]'.\r\r\n\r\ntelnet session telnet0 on /dev/ptyb0\r\n\r\nlogin:" send: sending "rancid\r" to { exp6 } expect: continuing expect expect: does " " (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no "(Connection closed by|Connection to [^\n\r]+ closed)"? no expect: does " " (spawn_id exp6) match glob pattern "unknown host\r"? no expect: does " " (spawn_id exp6) match glob pattern "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no "Offending key for .* (yes/no)?"? no "(denied|Sorry)"? no "Login failed"? no "% (Bad passwords|Authentication failed)"? no "Press any key to continue."? no "Enter Selection: "? no "Last login:"? no "@[^\r\n]+ password:"? no "(Username|Login|login|user name):"? no "password:"? no "(#| $enable$)"? no "Login invalid"? no login: r expect: does " \r\u001b[Klogin: r" (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no "(Connection closed by|Connection to [^\n\r]+ closed)"? no expect: does " \r\u001b[Klogin: r" (spawn_id exp6) match glob pattern "unknown host\r"? no expect: does " \r\u001b[Klogin: r" (spawn_id exp6) match glob pattern "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no "Offending key for .* (yes/no)?"? no "(denied|Sorry)"? no "Login failed"? no "% (Bad passwords|Authentication failed)"? no "Press any key to continue."? no "Enter Selection: "? no "Last login:"? no "@[^\r\n]+ password:"? no "(Username|Login|login|user name):"? yes expect: set expect_out(0,string) "login:" expect: set expect_out(1,string) "login" expect: set expect_out(spawn_id) "exp6" expect: set expect_out(buffer) " \r\u001b[Klogin:" send: sending "rancid\r" to { exp6 } expect: continuing expect expect: does " r" (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no "(Connection closed by|Connection to [^\n\r]+ closed)"? no expect: does " r" (spawn_id exp6) match glob pattern "unknown host\r"? no expect: does " r" (spawn_id exp6) match glob pattern "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no "Offending key for .* (yes/no)?"? no "(denied|Sorry)"? no "Login failed"? no "% (Bad passwords|Authentication failed)"? no "Press any key to continue."? no "Enter Selection: "? no "Last login:"? no "@[^\r\n]+ password:"? no "(Username|Login|login|user name):"? no "password:"? no "(#| $enable$)"? no "Login invalid"? no ancid password: expect: does " rancid\r\n\rpassword: " (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no "(Connection closed by|Connection to [^\n\r]+ closed)"? no expect: does " rancid\r\n\rpassword: " (spawn_id exp6) match glob pattern "unknown host\r"? no expect: does " rancid\r\n\rpassword: " (spawn_id exp6) match glob pattern "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no "Offending key for .* (yes/no)?"? no "(denied|Sorry)"? no "Login failed"? no "% (Bad passwords|Authentication failed)"? no "Press any key to continue."? no "Enter Selection: "? no "Last login:"? no "@[^\r\n]+ password:"? no "(Username|Login|login|user name):"? no "password:"? yes expect: set expect_out(0,string) "password:" expect: set expect_out(spawn_id) "exp6" expect: set expect_out(buffer) " rancid\r\n\rpassword:" send: sending "MYPASSWORD\r" to { exp6 } expect: continuing expect expect: does " " (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no "(Connection closed by|Connection to [^\n\r]+ closed)"? no expect: does " " (spawn_id exp6) match glob pattern "unknown host\r"? no expect: does " " (spawn_id exp6) match glob pattern "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no "Offending key for .* (yes/no)?"? no "(denied|Sorry)"? no "Login failed"? no "% (Bad passwords|Authentication failed)"? no "Press any key to continue."? no "Enter Selection: "? no "Last login:"? no "@[^\r\n]+ password:"? no "(Username|Login|login|user name):"? no "password:"? no "(#| $enable$)"? no "Login invalid"? no Login incorrect login: MYPASSWORD expect: does " \r\n\r\r\n\rLogin incorrect\r\nlogin: MYPASSWORD\r\n\r" (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no "(Connection closed by|Connection to [^\n\r]+ closed)"? no expect: does " \r\n\r\r\n\rLogin incorrect\r\nlogin: MYPASSWORD\r\n\r" (spawn_id exp6) match glob pattern "unknown host\r"? no expect: does " \r\n\r\r\n\rLogin incorrect\r\nlogin: MYPASSWORD\r\n\r" (spawn_id exp6) match glob pattern "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no "Offending key for .* (yes/no)?"? no "(denied|Sorry)"? no "Login failed"? no "% (Bad passwords|Authentication failed)"? no "Press any key to continue."? no "Enter Selection: "? no "Last login:"? no "@[^\r\n]+ password:"? no "(Username|Login|login|user name):"? yes expect: set expect_out(0,string) "login:" expect: set expect_out(1,string) "login" expect: set expect_out(spawn_id) "exp6" expect: set expect_out(buffer) " \r\n\r\r\n\rLogin incorrect\r\nlogin:" send: sending "rancid\r" to { exp6 } expect: continuing expect expect: does " MYPASSWORD\r\n\r" (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no "(Connection closed by|Connection to [^\n\r]+ closed)"? no expect: does " MYPASSWORD\r\n\r" (spawn_id exp6) match glob pattern "unknown host\r"? no expect: does " MYPASSWORD\r\n\r" (spawn_id exp6) match glob pattern "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no "Offending key for .* (yes/no)?"? no "(denied|Sorry)"? no "Login failed"? no "% (Bad passwords|Authentication failed)"? no "Press any key to continue."? no "Enter Selection: "? no "Last login:"? no "@[^\r\n]+ password:"? no "(Username|Login|login|user name):"? no "password:"? no "(#| $enable$)"? no "Login invalid"? no password: expect: does " MYPASSWORD\r\n\rpassword: " (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no "(Connection closed by|Connection to [^\n\r]+ closed)"? no expect: does " MYPASSWORD\r\n\rpassword: " (spawn_id exp6) match glob pattern "unknown host\r"? no expect: does " MYPASSWORD\r\n\rpassword: " (spawn_id exp6) match glob pattern "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no "Offending key for .* (yes/no)?"? no "(denied|Sorry)"? no "Login failed"? no "% (Bad passwords|Authentication failed)"? no "Press any key to continue."? no "Enter Selection: "? no "Last login:"? no "@[^\r\n]+ password:"? no "(Username|Login|login|user name):"? no "password:"? yes expect: set expect_out(0,string) "password:" expect: set expect_out(spawn_id) "exp6" expect: set expect_out(buffer) " MYPASSWORD\r\n\rpassword:" send: sending "MYPASSWORD\r" to { exp6 } expect: continuing expect expect: does " " (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no "(Connection closed by|Connection to [^\n\r]+ closed)"? no expect: does " " (spawn_id exp6) match glob pattern "unknown host\r"? no expect: does " " (spawn_id exp6) match glob pattern "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no "Offending key for .* (yes/no)?"? no "(denied|Sorry)"? no "Login failed"? no "% (Bad passwords|Authentication failed)"? no "Press any key to continue."? no "Enter Selection: "? no "Last login:"? no "@[^\r\n]+ password:"? no "(Username|Login|login|user name):"? no "password:"? no "(#| $enable$)"? no "Login invalid"? no Login incorrect login: expect: does " \r\n\r\r\n\rLogin incorrect\r\nlogin: " (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no "(Connection closed by|Connection to [^\n\r]+ closed)"? no expect: does " \r\n\r\r\n\rLogin incorrect\r\nlogin: " (spawn_id exp6) match glob pattern "unknown host\r"? no expect: does " \r\n\r\r\n\rLogin incorrect\r\nlogin: " (spawn_id exp6) match glob pattern "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no "Offending key for .* (yes/no)?"? no "(denied|Sorry)"? no "Login failed"? no "% (Bad passwords|Authentication failed)"? no "Press any key to continue."? no "Enter Selection: "? no "Last login:"? no "@[^\r\n]+ password:"? no "(Username|Login|login|user name):"? yes expect: set expect_out(0,string) "login:" expect: set expect_out(1,string) "login" expect: set expect_out(spawn_id) "exp6" expect: set expect_out(buffer) " \r\n\r\r\n\rLogin incorrect\r\nlogin:" send: sending "rancid\r" to { exp6 } expect: continuing expect expect: does " " (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no "(Connection closed by|Connection to [^\n\r]+ closed)"? no expect: does " " (spawn_id exp6) match glob pattern "unknown host\r"? no expect: does " " (spawn_id exp6) match glob pattern "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no "Offending key for .* (yes/no)?"? no "(denied|Sorry)"? no "Login failed"? no "% (Bad passwords|Authentication failed)"? no "Press any key to continue."? no "Enter Selection: "? no "Last login:"? no "@[^\r\n]+ password:"? no "(Username|Login|login|user name):"? no "password:"? no "(#| $enable$)"? no "Login invalid"? no MYPASSWORD password: expect: does " MYPASSWORD\r\n\rpassword: " (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no "(Connection closed by|Connection to [^\n\r]+ closed)"? no expect: does " MYPASSWORD\r\n\rpassword: " (spawn_id exp6) match glob pattern "unknown host\r"? no expect: does " MYPASSWORD\r\n\rpassword: " (spawn_id exp6) match glob pattern "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no "Offending key for .* (yes/no)?"? no "(denied|Sorry)"? Fri, Nov 09, 2007 at 11:45:44AM +0100, Joachim Jerberg Jensen: > Hey, > > With a hint from a friend on the list, I made it work. > Jlogin works like a charm :) > > /Joachim Jerberg Jensen > > > -----Original Message----- > From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Joachim Jerberg Jensen > Sent: Friday, November 09, 2007 10:47 AM > To: rancid-discuss at shrubbery.net > Subject: [rancid] clogin on extreme X450 > > Hi, > > I have problems with doing clogin into extreme X450 switches doing TACACS authentication. ExtremeXOS version 11.6.3.5 > > When I login it get following: > > [rancid at ns1 ~]$ clogin 10.2.0.31 > 10.2.0.31 > spawn telnet 10.2.0.31 > Trying 10.2.0.31... > Connected to 10.2.0.31 > Escape character is '^]'. > > telnet session telnet0 on /dev/ptyb0 > > login: rancid > password: > > Login incorrect > login: mypassword > password: > > Login incorrect > login: mypassword > password: > > Login incorrect > Maximum number of login attempts reached! > Connection closed by foreign host. > > My .cloginrc file: > > ############## > add autoenable * {1} > add user * {rancid} > add password * {mypassword} > > #add userprompt * {"login:"} > #add passprompt * {"password:"} > ############## > > It seems like it doesn't apply the password after the login, but applies the password as username instead.. > I have tried rancid-2.3.1 and rancid-2.3.2a7, same problem... > > I can login manually with login and password with no problem. > > Anyone have a hint? > > Best regards > Joachim Jerberg Jensen > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From heas at shrubbery.net Thu Nov 15 18:39:35 2007 From: heas at shrubbery.net (john heasley) Date: Thu, 15 Nov 2007 10:39:35 -0800 Subject: [rancid] Re: clogin on extreme X450 In-Reply-To: <8DBE4A01414BDD409232EF0C48A87E1B0191322D@CLU01EX.de-prod.dk> References: <8C9F07F0B7EB87D-274-303@WEBMAIL-MB12.sysops.aol.com> <8DBE4A01414BDD409232EF0C48A87E1B0187AA84@CLU01EX.de-prod.dk> <8DBE4A01414BDD409232EF0C48A87E1B018C13B0@CLU01EX.de-prod.dk> <20071114170308.GC15223@shrubbery.net> <8DBE4A01414BDD409232EF0C48A87E1B0191322D@CLU01EX.de-prod.dk> Message-ID: <20071115183935.GJ6677@shrubbery.net> Thu, Nov 15, 2007 at 10:20:07AM +0100, Joachim Jerberg Jensen: > >From: john heasley [mailto:heas at shrubbery.net] > > > > I do not see why clogin would not have worked, unless you have a rogue > > userpassword else where in your cloginrc. you can add "exp_internal 1" > > just before the main loop to see what it is doing. > > You are absolutely right.. So I started the expect script in debug mode.. > And it seems like it does not match the first "login:" prompt, even though the regexp. should match.!? > > 3. time it tries to login, it matches, if I add a "sleep 1" timer just before. I see the problem. It prompts for the username, the username is sent, THEN it sends the vt code to clear the line, re-prints the username prompt [and echos part of the username], the username is sent again (since it sent the prompt again), then it echos the rest of the username and prompts for the password....but too late. ie: when the username is sent a second time, the switch consumes it as the password...hrm, how to hack this? one way would be to change the login prompt regex to "$u_prompt[^a-zA-Z0-9]" and the default u_prompt to "(Username|Login|login|user name): ?", which assumes that usernames begin with those characters and still is not fool proof since it relies upon timing/luck. Another way would be to test for (without consuming) more data from the telnet after matching the login. I'm not sure how to do that in expect...and it too is reliant upon timing/luck. Blech! I hate these extremes. you should open a customer support ticket about what a PITA it is to automate configuration on their switches....or stick a knife in their trachea. > I also had to change the xrancid script, because the $found_end never becomes set. damn it. is there any reliable end-of-config marker on these crappy-CLI switches? It used to be that all those comments were in the config, regardless of whether the subsystem was in use. > if (/^# Module vrrp configuration./i) { > printf STDERR " End WriteTerm: $_" if ($debug); > $found_end = 1; > return(0); > } > > Fortunately I don't use vrrp :-) > > Br > Joachim Jerberg Jensen > > This is the debug output: > > [rancid at ns1 bin]$ cat scriptfile.txt > Script started on Fri 09 Nov 2007 02:19:30 PM CET > [rancid at ns1 bin]$ clogin 10.2.0.31 > expect version 5.43.0 > argv[0] = /usr/bin/expect argv[1] = -d argv[2] = /home/rancid/rancid/bin/clogin argv[3] = 10.2.0.31 > set argc 1 > set argv0 "/home/rancid/rancid/bin/clogin" > set argv "10.2.0.31" > executing commands from command file /home/rancid/rancid/bin/clogin > 10.2.0.31 > spawn telnet 10.2.0.31 23 > parent: waiting for sync byte > parent: telling child to go ahead > parent: now unsynchronized from child > spawn: returns {17811} > > expect: does "" (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no > "(Connection closed by|Connection to [^\n\r]+ closed)"? no > > expect: does "" (spawn_id exp6) match glob pattern "unknown host\r"? no > > expect: does "" (spawn_id exp6) match glob pattern "Host is unreachable"? no > "No address associated with name"? no > "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no > "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no > "Offending key for .* (yes/no)?"? no > "(denied|Sorry)"? no > "Login failed"? no > "% (Bad passwords|Authentication failed)"? no > "Press any key to continue."? no > "Enter Selection: "? no > "Last login:"? no > "@[^\r\n]+ password:"? no > "(Username|Login|login|user name):"? no > "password:"? no > "(#| $enable$)"? no > "Login invalid"? no > Trying 10.2.0.31... > Connected to BRY_X450_01.MYNETWORK.ftth (10.2.0.31). > Escape character is '^]'. > > expect: does "Trying 10.2.0.31...\r\r\nConnected to BRY_X450_01.MYNETWORK.ftth (10.2.0.31).\r\r\nEscape character is '^]'.\r\r\n" (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no > "(Connection closed by|Connection to [^\n\r]+ closed)"? no > > expect: does "Trying 10.2.0.31...\r\r\nConnected to BRY_X450_01.MYNETWORK.ftth (10.2.0.31).\r\r\nEscape character is '^]'.\r\r\n" (spawn_id exp6) match glob pattern "unknown host\r"? no > > expect: does "Trying 10.2.0.31...\r\r\nConnected to BRY_X450_01.MYNETWORK.ftth (10.2.0.31).\r\r\nEscape character is '^]'.\r\r\n" (spawn_id exp6) match glob pattern "Host is unreachable"? no > "No address associated with name"? no > "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no > "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no > "Offending key for .* (yes/no)?"? no > "(denied|Sorry)"? no > "Login failed"? no > "% (Bad passwords|Authentication failed)"? no > "Press any key to continue."? no > "Enter Selection: "? no > "Last login:"? no > "@[^\r\n]+ password:"? no > "(Username|Login|login|user name):"? no > "password:"? no > "(#| $enable$)"? no > "Login invalid"? no > > telnet session telnet0 on /dev/ptyb0 > > login: > expect: does "Trying 10.2.0.31...\r\r\nConnected to BRY_X450_01.MYNETWORK.ftth (10.2.0.31).\r\r\nEscape character is '^]'.\r\r\n\r\ntelnet session telnet0 on /dev/ptyb0\r\n\r\nlogin: " (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no > "(Connection closed by|Connection to [^\n\r]+ closed)"? no > > expect: does "Trying 10.2.0.31...\r\r\nConnected to BRY_X450_01.MYNETWORK.ftth (10.2.0.31).\r\r\nEscape character is '^]'.\r\r\n\r\ntelnet session telnet0 on /dev/ptyb0\r\n\r\nlogin: " (spawn_id exp6) match glob pattern "unknown host\r"? no > > expect: does "Trying 10.2.0.31...\r\r\nConnected to BRY_X450_01.MYNETWORK.ftth (10.2.0.31).\r\r\nEscape character is '^]'.\r\r\n\r\ntelnet session telnet0 on /dev/ptyb0\r\n\r\nlogin: " (spawn_id exp6) match glob pattern "Host is unreachable"? no > "No address associated with name"? no > "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no > "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no > "Offending key for .* (yes/no)?"? no > "(denied|Sorry)"? no > "Login failed"? no > "% (Bad passwords|Authentication failed)"? no > "Press any key to continue."? no > "Enter Selection: "? no > "Last login:"? no > "@[^\r\n]+ password:"? no > "(Username|Login|login|user name):"? yes > expect: set expect_out(0,string) "login:" > expect: set expect_out(1,string) "login" > expect: set expect_out(spawn_id) "exp6" > expect: set expect_out(buffer) "Trying 10.2.0.31...\r\r\nConnected to BRY_X450_01.MYNETWORK.ftth (10.2.0.31).\r\r\nEscape character is '^]'.\r\r\n\r\ntelnet session telnet0 on /dev/ptyb0\r\n\r\nlogin:" > send: sending "rancid\r" to { exp6 } > expect: continuing expect > > expect: does " " (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no > "(Connection closed by|Connection to [^\n\r]+ closed)"? no > > expect: does " " (spawn_id exp6) match glob pattern "unknown host\r"? no > > expect: does " " (spawn_id exp6) match glob pattern "Host is unreachable"? no > "No address associated with name"? no > "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no > "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no > "Offending key for .* (yes/no)?"? no > "(denied|Sorry)"? no > "Login failed"? no > "% (Bad passwords|Authentication failed)"? no > "Press any key to continue."? no > "Enter Selection: "? no > "Last login:"? no > "@[^\r\n]+ password:"? no > "(Username|Login|login|user name):"? no > "password:"? no > "(#| $enable$)"? no > "Login invalid"? no > login: r > expect: does " \r\u001b[Klogin: r" (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no > "(Connection closed by|Connection to [^\n\r]+ closed)"? no > > expect: does " \r\u001b[Klogin: r" (spawn_id exp6) match glob pattern "unknown host\r"? no > > expect: does " \r\u001b[Klogin: r" (spawn_id exp6) match glob pattern "Host is unreachable"? no > "No address associated with name"? no > "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no > "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no > "Offending key for .* (yes/no)?"? no > "(denied|Sorry)"? no > "Login failed"? no > "% (Bad passwords|Authentication failed)"? no > "Press any key to continue."? no > "Enter Selection: "? no > "Last login:"? no > "@[^\r\n]+ password:"? no > "(Username|Login|login|user name):"? yes > expect: set expect_out(0,string) "login:" > expect: set expect_out(1,string) "login" > expect: set expect_out(spawn_id) "exp6" > expect: set expect_out(buffer) " \r\u001b[Klogin:" > send: sending "rancid\r" to { exp6 } > expect: continuing expect > > expect: does " r" (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no > "(Connection closed by|Connection to [^\n\r]+ closed)"? no > > expect: does " r" (spawn_id exp6) match glob pattern "unknown host\r"? no > > expect: does " r" (spawn_id exp6) match glob pattern "Host is unreachable"? no > "No address associated with name"? no > "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no > "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no > "Offending key for .* (yes/no)?"? no > "(denied|Sorry)"? no > "Login failed"? no > "% (Bad passwords|Authentication failed)"? no > "Press any key to continue."? no > "Enter Selection: "? no > "Last login:"? no > "@[^\r\n]+ password:"? no > "(Username|Login|login|user name):"? no > "password:"? no > "(#| $enable$)"? no > "Login invalid"? no > ancid > password: > expect: does " rancid\r\n\rpassword: " (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no > "(Connection closed by|Connection to [^\n\r]+ closed)"? no > > expect: does " rancid\r\n\rpassword: " (spawn_id exp6) match glob pattern "unknown host\r"? no > > expect: does " rancid\r\n\rpassword: " (spawn_id exp6) match glob pattern "Host is unreachable"? no > "No address associated with name"? no > "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no > "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no > "Offending key for .* (yes/no)?"? no > "(denied|Sorry)"? no > "Login failed"? no > "% (Bad passwords|Authentication failed)"? no > "Press any key to continue."? no > "Enter Selection: "? no > "Last login:"? no > "@[^\r\n]+ password:"? no > "(Username|Login|login|user name):"? no > "password:"? yes > expect: set expect_out(0,string) "password:" > expect: set expect_out(spawn_id) "exp6" > expect: set expect_out(buffer) " rancid\r\n\rpassword:" > send: sending "MYPASSWORD\r" to { exp6 } > expect: continuing expect > > expect: does " " (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no > "(Connection closed by|Connection to [^\n\r]+ closed)"? no > > expect: does " " (spawn_id exp6) match glob pattern "unknown host\r"? no > > expect: does " " (spawn_id exp6) match glob pattern "Host is unreachable"? no > "No address associated with name"? no > "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no > "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no > "Offending key for .* (yes/no)?"? no > "(denied|Sorry)"? no > "Login failed"? no > "% (Bad passwords|Authentication failed)"? no > "Press any key to continue."? no > "Enter Selection: "? no > "Last login:"? no > "@[^\r\n]+ password:"? no > "(Username|Login|login|user name):"? no > "password:"? no > "(#| $enable$)"? no > "Login invalid"? no > > > Login incorrect > login: MYPASSWORD > > expect: does " \r\n\r\r\n\rLogin incorrect\r\nlogin: MYPASSWORD\r\n\r" (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no > "(Connection closed by|Connection to [^\n\r]+ closed)"? no > > expect: does " \r\n\r\r\n\rLogin incorrect\r\nlogin: MYPASSWORD\r\n\r" (spawn_id exp6) match glob pattern "unknown host\r"? no > > expect: does " \r\n\r\r\n\rLogin incorrect\r\nlogin: MYPASSWORD\r\n\r" (spawn_id exp6) match glob pattern "Host is unreachable"? no > "No address associated with name"? no > "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no > "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no > "Offending key for .* (yes/no)?"? no > "(denied|Sorry)"? no > "Login failed"? no > "% (Bad passwords|Authentication failed)"? no > "Press any key to continue."? no > "Enter Selection: "? no > "Last login:"? no > "@[^\r\n]+ password:"? no > "(Username|Login|login|user name):"? yes > expect: set expect_out(0,string) "login:" > expect: set expect_out(1,string) "login" > expect: set expect_out(spawn_id) "exp6" > expect: set expect_out(buffer) " \r\n\r\r\n\rLogin incorrect\r\nlogin:" > send: sending "rancid\r" to { exp6 } > expect: continuing expect > > expect: does " MYPASSWORD\r\n\r" (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no > "(Connection closed by|Connection to [^\n\r]+ closed)"? no > > expect: does " MYPASSWORD\r\n\r" (spawn_id exp6) match glob pattern "unknown host\r"? no > > expect: does " MYPASSWORD\r\n\r" (spawn_id exp6) match glob pattern "Host is unreachable"? no > "No address associated with name"? no > "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no > "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no > "Offending key for .* (yes/no)?"? no > "(denied|Sorry)"? no > "Login failed"? no > "% (Bad passwords|Authentication failed)"? no > "Press any key to continue."? no > "Enter Selection: "? no > "Last login:"? no > "@[^\r\n]+ password:"? no > "(Username|Login|login|user name):"? no > "password:"? no > "(#| $enable$)"? no > "Login invalid"? no > password: > expect: does " MYPASSWORD\r\n\rpassword: " (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no > "(Connection closed by|Connection to [^\n\r]+ closed)"? no > > expect: does " MYPASSWORD\r\n\rpassword: " (spawn_id exp6) match glob pattern "unknown host\r"? no > > expect: does " MYPASSWORD\r\n\rpassword: " (spawn_id exp6) match glob pattern "Host is unreachable"? no > "No address associated with name"? no > "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no > "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no > "Offending key for .* (yes/no)?"? no > "(denied|Sorry)"? no > "Login failed"? no > "% (Bad passwords|Authentication failed)"? no > "Press any key to continue."? no > "Enter Selection: "? no > "Last login:"? no > "@[^\r\n]+ password:"? no > "(Username|Login|login|user name):"? no > "password:"? yes > expect: set expect_out(0,string) "password:" > expect: set expect_out(spawn_id) "exp6" > expect: set expect_out(buffer) " MYPASSWORD\r\n\rpassword:" > send: sending "MYPASSWORD\r" to { exp6 } > expect: continuing expect > > expect: does " " (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no > "(Connection closed by|Connection to [^\n\r]+ closed)"? no > > expect: does " " (spawn_id exp6) match glob pattern "unknown host\r"? no > > expect: does " " (spawn_id exp6) match glob pattern "Host is unreachable"? no > "No address associated with name"? no > "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no > "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no > "Offending key for .* (yes/no)?"? no > "(denied|Sorry)"? no > "Login failed"? no > "% (Bad passwords|Authentication failed)"? no > "Press any key to continue."? no > "Enter Selection: "? no > "Last login:"? no > "@[^\r\n]+ password:"? no > "(Username|Login|login|user name):"? no > "password:"? no > "(#| $enable$)"? no > "Login invalid"? no > > > Login incorrect > login: > expect: does " \r\n\r\r\n\rLogin incorrect\r\nlogin: " (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no > "(Connection closed by|Connection to [^\n\r]+ closed)"? no > > expect: does " \r\n\r\r\n\rLogin incorrect\r\nlogin: " (spawn_id exp6) match glob pattern "unknown host\r"? no > > expect: does " \r\n\r\r\n\rLogin incorrect\r\nlogin: " (spawn_id exp6) match glob pattern "Host is unreachable"? no > "No address associated with name"? no > "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no > "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no > "Offending key for .* (yes/no)?"? no > "(denied|Sorry)"? no > "Login failed"? no > "% (Bad passwords|Authentication failed)"? no > "Press any key to continue."? no > "Enter Selection: "? no > "Last login:"? no > "@[^\r\n]+ password:"? no > "(Username|Login|login|user name):"? yes > expect: set expect_out(0,string) "login:" > expect: set expect_out(1,string) "login" > expect: set expect_out(spawn_id) "exp6" > expect: set expect_out(buffer) " \r\n\r\r\n\rLogin incorrect\r\nlogin:" > send: sending "rancid\r" to { exp6 } > expect: continuing expect > > expect: does " " (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no > "(Connection closed by|Connection to [^\n\r]+ closed)"? no > > expect: does " " (spawn_id exp6) match glob pattern "unknown host\r"? no > > expect: does " " (spawn_id exp6) match glob pattern "Host is unreachable"? no > "No address associated with name"? no > "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no > "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no > "Offending key for .* (yes/no)?"? no > "(denied|Sorry)"? no > "Login failed"? no > "% (Bad passwords|Authentication failed)"? no > "Press any key to continue."? no > "Enter Selection: "? no > "Last login:"? no > "@[^\r\n]+ password:"? no > "(Username|Login|login|user name):"? no > "password:"? no > "(#| $enable$)"? no > "Login invalid"? no > MYPASSWORD > password: > expect: does " MYPASSWORD\r\n\rpassword: " (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no > "(Connection closed by|Connection to [^\n\r]+ closed)"? no > > expect: does " MYPASSWORD\r\n\rpassword: " (spawn_id exp6) match glob pattern "unknown host\r"? no > > expect: does " MYPASSWORD\r\n\rpassword: " (spawn_id exp6) match glob pattern "Host is unreachable"? no > "No address associated with name"? no > "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no > "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no > "Offending key for .* (yes/no)?"? no > "(denied|Sorry)"? > > > > > > Fri, Nov 09, 2007 at 11:45:44AM +0100, Joachim Jerberg Jensen: > > Hey, > > > > With a hint from a friend on the list, I made it work. > > Jlogin works like a charm :) > > > > /Joachim Jerberg Jensen > > > > > > -----Original Message----- > > From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Joachim Jerberg Jensen > > Sent: Friday, November 09, 2007 10:47 AM > > To: rancid-discuss at shrubbery.net > > Subject: [rancid] clogin on extreme X450 > > > > Hi, > > > > I have problems with doing clogin into extreme X450 switches doing TACACS authentication. ExtremeXOS version 11.6.3.5 > > > > When I login it get following: > > > > [rancid at ns1 ~]$ clogin 10.2.0.31 > > 10.2.0.31 > > spawn telnet 10.2.0.31 > > Trying 10.2.0.31... > > Connected to 10.2.0.31 > > Escape character is '^]'. > > > > telnet session telnet0 on /dev/ptyb0 > > > > login: rancid > > password: > > > > Login incorrect > > login: mypassword > > password: > > > > Login incorrect > > login: mypassword > > password: > > > > Login incorrect > > Maximum number of login attempts reached! > > Connection closed by foreign host. > > > > My .cloginrc file: > > > > ############## > > add autoenable * {1} > > add user * {rancid} > > add password * {mypassword} > > > > #add userprompt * {"login:"} > > #add passprompt * {"password:"} > > ############## > > > > It seems like it doesn't apply the password after the login, but applies the password as username instead.. > > I have tried rancid-2.3.1 and rancid-2.3.2a7, same problem... > > > > I can login manually with login and password with no problem. > > > > Anyone have a hint? > > > > Best regards > > Joachim Jerberg Jensen > > > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From juancarloshuerta at gmail.com Thu Nov 15 22:46:27 2007 From: juancarloshuerta at gmail.com (Juan Carlos Huerta) Date: Thu, 15 Nov 2007 16:46:27 -0600 Subject: [rancid] Re: Blogin support for Nortel 5520 In-Reply-To: <60e5bf4c0711131821o642f40bcj1333aa7ecef9b607@mail.gmail.com> References: <60e5bf4c0711121156h79832f2k755ed8504be211d5@mail.gmail.com> <20071114015205.GX20650@shrubbery.net> <60e5bf4c0711131821o642f40bcj1333aa7ecef9b607@mail.gmail.com> Message-ID: <60e5bf4c0711151446q6fd659e9rf54a32183c4d41f1@mail.gmail.com> I made some modifications to blogin to support the Nortel Baystack 5520 UI (Ctrl-Y + "L" to enter directly to the CLI), I'l be glad to cooperate in the project if you think it's ok. JC On Nov 13, 2007 8:21 PM, Juan Carlos Huerta wrote: > I'm working in a little modification to blogin to support this, I'll let > you know any update. > > > On Nov 13, 2007 7:52 PM, john heasley wrote: > > > Mon, Nov 12, 2007 at 01:56:56PM -0600, Juan Carlos Huerta: > > > Hi all, > > > > > > Is there any support with blogin to Nortel siwtches with UI? (in my > > case > > > 5520). I want to connect to it using blogin, but the problem is that > > when I > > > try to ssh my switch it shows an UI (Press Ctrl+Y, use arrow keys, > > etc) > > > > sorry, such UIs are not supported. > > > > > > -- > Juan Carlos -- Juan Carlos -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20071115/b7c91567/attachment.html From fmikus at acktomic.com Fri Nov 16 14:02:18 2007 From: fmikus at acktomic.com (Francois Mikus) Date: Fri, 16 Nov 2007 09:02:18 -0500 Subject: [rancid] Re: Blogin support for Nortel 5520 In-Reply-To: <60e5bf4c0711151446q6fd659e9rf54a32183c4d41f1@mail.gmail.com> References: <60e5bf4c0711121156h79832f2k755ed8504be211d5@mail.gmail.com> <20071114015205.GX20650@shrubbery.net> <60e5bf4c0711131821o642f40bcj1333aa7ecef9b607@mail.gmail.com> <60e5bf4c0711151446q6fd659e9rf54a32183c4d41f1@mail.gmail.com> Message-ID: <473DA2EA.9080700@acktomic.com> Hello, Do you have consistency in the capture of the Ctrl-Y + L. I have found in testing against 470s(which use the same Menu as the ERS-55x0), that it works 95% of the time. But the more commands are issued in the Menu, the more likely the rancid jams in a loop. I have successfully configured and tested rancid for ERS-1600, ERS-8600, ES-470s with my new custom modules based brancid, another which I can't remember. Increasing delay before sending commands does help, but it has not reached the magic 100% reliability of a regular CLI method. I would suggest configuring your switches to always come up in CLI instead of menu, avoiding all of this hassle. Rancid can automate the configuration of CLI mode. Just run it once, check your logs, then correct the outsanding ones. Or just run rancid a couple times. ;-) Cheers, Francois Mikus Juan Carlos Huerta wrote: > I made some modifications to blogin to support the Nortel Baystack > 5520 UI (Ctrl-Y + "L" to enter directly to the CLI), I'l be glad to > cooperate in the project if you think it's ok. > > JC > > On Nov 13, 2007 8:21 PM, Juan Carlos Huerta > > wrote: > > I'm working in a little modification to blogin to support this, > I'll let you know any update. > > > On Nov 13, 2007 7:52 PM, john heasley < heas at shrubbery.net > > wrote: > > Mon, Nov 12, 2007 at 01:56:56PM -0600, Juan Carlos Huerta: > > Hi all, > > > > Is there any support with blogin to Nortel siwtches with UI? > (in my case > > 5520). I want to connect to it using blogin, but the problem > is that when I > > try to ssh my switch it shows an UI (Press Ctrl+Y, use arrow > keys, etc) > > sorry, such UIs are not supported. > > > > > -- > Juan Carlos > > > > > -- > Juan Carlos > ------------------------------------------------------------------------ > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From joaje at dongenergy.dk Fri Nov 16 15:06:31 2007 From: joaje at dongenergy.dk (Joachim Jerberg Jensen) Date: Fri, 16 Nov 2007 16:06:31 +0100 Subject: [rancid] Re: clogin on extreme X450 In-Reply-To: <20071115183935.GJ6677@shrubbery.net> References: <8C9F07F0B7EB87D-274-303@WEBMAIL-MB12.sysops.aol.com> <8DBE4A01414BDD409232EF0C48A87E1B0187AA84@CLU01EX.de-prod.dk> <8DBE4A01414BDD409232EF0C48A87E1B018C13B0@CLU01EX.de-prod.dk> <20071114170308.GC15223@shrubbery.net> <8DBE4A01414BDD409232EF0C48A87E1B0191322D@CLU01EX.de-prod.dk> <20071115183935.GJ6677@shrubbery.net> Message-ID: <8DBE4A01414BDD409232EF0C48A87E1B019421E0@CLU01EX.de-prod.dk> From: john heasley [mailto:heas at shrubbery.net] >Thu, Nov 15, 2007 at 10:20:07AM +0100, Joachim Jerberg Jensen: >> >From: john heasley [mailto:heas at shrubbery.net] >> > >> > I do not see why clogin would not have worked, unless you have a rogue >> > userpassword else where in your cloginrc. you can add "exp_internal 1" >> > just before the main loop to see what it is doing. >> >> You are absolutely right.. So I started the expect script in debug mode.. >> And it seems like it does not match the first "login:" prompt, even though the regexp. should match.!? >> >> 3. time it tries to login, it matches, if I add a "sleep 1" timer just before. > >I see the problem. It prompts for the username, the username is sent, THEN >it sends the vt code to clear the line, re-prints the username prompt [and >echos part of the username], the username is sent again (since it sent the >prompt again), then it echos the rest of the username and prompts for the >password....but too late. Aaaah yes.. I get it. > >ie: when the username is sent a second time, the switch consumes it as >the password...hrm, how to hack this? one way would be to change the >login prompt regex to "$u_prompt[^a-zA-Z0-9]" and the default u_prompt to >"(Username|Login|login|user name): ?", which assumes that usernames begin >with those characters and still is not fool proof since it relies upon >timing/luck. That could be a way. I will try it out. Thanx for the hint! > Another way would be to test for (without consuming) more >data from the telnet after matching the login. I'm not sure how to do >that in expect...and it too is reliant upon timing/luck. Blech! > >I hate these extremes. you should open a customer support ticket about >what a PITA it is to automate configuration on their switches....or stick >a knife in their trachea. I realy do hate them as well.. But fortunately we are phasing them out within a reasonable time :) So I don't think I will make a call, but just live with the "hacks" I had to make for so long. Even that clogin only works with username logins, as I have to manually set the "uprompt_seen 1" as well.. > >> I also had to change the xrancid script, because the $found_end never becomes set. > >damn it. is there any reliable end-of-config marker on these crappy-CLI >switches? It used to be that all those comments were in the config, >regardless of whether the subsystem was in use. Nope there is no "end-of-config" markers to match at all. But the VRRP configuration is the last line of the generic configuration always printed out, so I am just matching on that. Best regards Joachim Jerberg Jensen > >> if (/^# Module vrrp configuration./i) { >> printf STDERR " End WriteTerm: $_" if ($debug); >> $found_end = 1; >> return(0); >> } >> >> Fortunately I don't use vrrp :-) >> >> Br >> Joachim Jerberg Jensen >> >> This is the debug output: >> From juancarloshuerta at gmail.com Sat Nov 17 17:43:27 2007 From: juancarloshuerta at gmail.com (Juan Carlos Huerta) Date: Sat, 17 Nov 2007 11:43:27 -0600 Subject: [rancid] Re: Blogin support for Nortel 5520 In-Reply-To: <473DA2EA.9080700@acktomic.com> References: <60e5bf4c0711121156h79832f2k755ed8504be211d5@mail.gmail.com> <20071114015205.GX20650@shrubbery.net> <60e5bf4c0711131821o642f40bcj1333aa7ecef9b607@mail.gmail.com> <60e5bf4c0711151446q6fd659e9rf54a32183c4d41f1@mail.gmail.com> <473DA2EA.9080700@acktomic.com> Message-ID: <60e5bf4c0711170943x675c0113g844fb46db47b3c2c@mail.gmail.com> Thanks for your comments... as you said I configured switches to skip banner and menu, the only think I didn't knew is how to disable the menu after doing a "logout" or "exit" in the CLI, currently that's the only step when I have to do a "send 'logout\rL'" (by the way, in the login step I was meaning a Ctrl-Y + C, no Ctrl-Y + L) xD Another question, I'm trying to capture all the switch configuration (ERS-5520) using the "show run", but I cannot avoid the "--- More (press return... ---" pagination, I saw that rancid try to send a "more off" command before asking for config, but It is a not valid command in ERS-5520 switches, do you know how to tell the switch to skip the pagination issue? Thanks a lot. JC On 11/16/07, Francois Mikus wrote: > > Hello, > > Do you have consistency in the capture of the Ctrl-Y + L. > > I have found in testing against 470s(which use the same Menu as the > ERS-55x0), that it works 95% of the time. But the more commands are > issued in the Menu, the more likely the rancid jams in a loop. I have > successfully configured and tested rancid for ERS-1600, ERS-8600, > ES-470s with my new custom modules based brancid, another which I can't > remember. > > Increasing delay before sending commands does help, but it has not > reached the magic 100% reliability of a regular CLI method. > > I would suggest configuring your switches to always come up in CLI > instead of menu, avoiding all of this hassle. Rancid can automate the > configuration of CLI mode. Just run it once, check your logs, then > correct the outsanding ones. Or just run rancid a couple times. ;-) > > Cheers, > > Francois Mikus > > Juan Carlos Huerta wrote: > > I made some modifications to blogin to support the Nortel Baystack > > 5520 UI (Ctrl-Y + "L" to enter directly to the CLI), I'l be glad to > > cooperate in the project if you think it's ok. > > > > JC > > > > On Nov 13, 2007 8:21 PM, Juan Carlos Huerta > > > wrote: > > > > I'm working in a little modification to blogin to support this, > > I'll let you know any update. > > > > > > On Nov 13, 2007 7:52 PM, john heasley < heas at shrubbery.net > > > wrote: > > > > Mon, Nov 12, 2007 at 01:56:56PM -0600, Juan Carlos Huerta: > > > Hi all, > > > > > > Is there any support with blogin to Nortel siwtches with UI? > > (in my case > > > 5520). I want to connect to it using blogin, but the problem > > is that when I > > > try to ssh my switch it shows an UI (Press Ctrl+Y, use arrow > > keys, etc) > > > > sorry, such UIs are not supported. > > > > > > > > > > -- > > Juan Carlos > > > > > > > > > > -- > > Juan Carlos > > ------------------------------------------------------------------------ > > > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > -- Juan Carlos -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20071117/cb0003ab/attachment.html From t at trey.net Tue Nov 20 23:34:03 2007 From: t at trey.net (Trey Valenta) Date: Tue, 20 Nov 2007 15:34:03 -0800 Subject: [rancid] Re: cisco pix clogin timeout In-Reply-To: <1192725709.6230.51.camel@oddjob> References: <1192725709.6230.51.camel@oddjob> Message-ID: <20071120233403.GB4147@trey.net> On Thu, Oct 18, 2007 at 11:41:49AM -0500, Gregory W Zill wrote: I am trying to automatically login with a new rancid setup to a 6.3(5) > pix whose prompt looks like > AbCdEf> > > The login portion appears to work but enable never finishes and > eventually times out even when I add "-t 100" > > The clogin I use looks like > clogin abcdef.clients.company.com > > I can ssh manually to "abcdef.clients.company.com". The enable just > turns the > into a #. Hi Gregory, I had a very similar problem that was a pain to resolve. The expect scripts had no trouble pulling from a pix in my office, but I couldn't reliably connect to a Pix over links with high latencies (particularly connections from the US to China). I never truly resolved the issue, but for some reason passwords with multiple special characters seemed to give me the most trouble. Until I have time to really investigate, I used the following workaround in clogin. I set send_slow to {6 .1} and use "send -s" when sending the enable password. ---cut here------ $ diff -u clogin ~rancid/bin/clogin --- clogin 2007-09-17 13:14:55.000000000 -0700 +++ /usr/local/rancid/bin/clogin 2007-10-18 13:43:00.000000000 -0700 @@ -539,10 +539,11 @@ global u_prompt e_prompt set in_proc 1 +set send_slow { 6 .1 } send "enable\r" expect { -re "$u_prompt" { send "$enauser\r"; exp_continue} - -re "$e_prompt" { send "$enapasswd\r"; exp_continue} + -re "$e_prompt" { send -s "$enapasswd\r"; exp_continue} "#" { set prompt "#" } "(enable)" { set prompt "> (enable) " } -re "(denied|Sorry|Incorrect)" { -----cut here--- -- Seattle, Wash. L is for Leo who swallowed some tacks. From marc.muller at gmx.net Tue Nov 27 16:10:47 2007 From: marc.muller at gmx.net (=?ISO-8859-1?Q?Marc_M=FCller?=) Date: Tue, 27 Nov 2007 17:10:47 +0100 Subject: [rancid] Failure with Extreme XOS 12.x Message-ID: <474C4187.8010000@gmx.net> Hi everybody. I'm new to rancid and i hope this issue hasn't been covered before (didn't find anything on the list though). Got rancid 2.3.2a7 working smoothly with the ciscos but no chance with Extreme X450a's running EXOS 12.x. It seems that xrancid tries to log in using a login/enable scheme and does not get the replies it expects. So no config gets written. Any help in fixing this would be appreciated regards, Marc From Shon.Hender at spservicing.com Tue Nov 27 16:37:01 2007 From: Shon.Hender at spservicing.com (Shon Hender) Date: Tue, 27 Nov 2007 09:37:01 -0700 Subject: [rancid] sonicwall and big-ip Message-ID: <70262067E7786B458AF587D944A209590157C4B6@SLEX1.fairbankscapital.com> Does anyone have login scripts for sonicwall and/or big-ip devices? Thanks, -Shon From mashcraft at omniture.com Tue Nov 27 17:09:00 2007 From: mashcraft at omniture.com (Mike Ashcraft) Date: Tue, 27 Nov 2007 10:09:00 -0700 Subject: [rancid] Re: sonicwall and big-ip In-Reply-To: <70262067E7786B458AF587D944A209590157C4B6@SLEX1.fairbankscapital.com> References: <70262067E7786B458AF587D944A209590157C4B6@SLEX1.fairbankscapital.com> Message-ID: <45EB285310B55542A513F93230F0A53302BD2ED1@EXCHANGE0.orm.omniture.com> I posted rancid scripts for F5 big-ip to the list back in July. Since then, I have fixed all the known issues and sent it to a few individuals for testing. Let me know how these work for you. Installation instructions are in the comments at the top of f5rancid. Mike -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Shon Hender Sent: Tuesday, November 27, 2007 9:37 AM To: rancid-discuss at shrubbery.net Subject: [rancid] sonicwall and big-ip Does anyone have login scripts for sonicwall and/or big-ip devices? Thanks, -Shon _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -------------- next part -------------- A non-text attachment was scrubbed... Name: f5login Type: application/octet-stream Size: 22079 bytes Desc: f5login Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20071127/dad1c94f/attachment.obj -------------- next part -------------- A non-text attachment was scrubbed... Name: f5rancid Type: application/octet-stream Size: 9724 bytes Desc: f5rancid Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20071127/dad1c94f/attachment-0001.obj From techgrrl2003 at yahoo.com Mon Nov 26 02:07:02 2007 From: techgrrl2003 at yahoo.com (Janet Plato) Date: Sun, 25 Nov 2007 18:07:02 -0800 (PST) Subject: [rancid] Any idea on why ssh would resolve hostnames differently from an interactive shell? Message-ID: <13839.97697.qm@web33708.mail.mud.yahoo.com> Hello, I hope this is an appropriate place to ask questions, if not I apologize and would appreciate a pointer to the correct location. The essence of my question is, when clogin spawns ssh directly, the ssh process fails to resolve the hostname (it generates a rather cryptic 17 byte request when viewed from strace -f that does not appear on the wire as far as I can tell), but when clogin spawns bash -c ssh, it opens a socket on port 53 and sends a normal volley of requests, one for each domain in resolv.conf, and ends up getting an answer and connecting successfully. I can also have clogin spawn a bash shell and interact, in which case eveything works great. I am running a config management system more or less based on rancid using the clogin expect script. I have tweaked the script a bit to deal with a variety of cisco and non-cisco devices, as well as to handle running commands that take longer to execute such as archive download-software. I would be glad to provide copies of the source to anyone interested, the changes are minimal but possibly of interest to someone. I find myself extending the types of service to include ssh v2 and I am having some trouble, when I have expect "spawn ssh -x user at device" it fails to resolve the hostname and returns EOF, which makes clogin exit. When I "spawn bash" and interact, or "spawn /bin/bash -c 'ssh device'" it works just fine. I've used strace to determine what is different and I am having trouble understanding the output, it appears my DNS resolution method changes when I spawn ssh versus when I spawn bash -c ssh. I assume most folks are familiar with the foreach device loop in clogin, and contained within it the case statement where for each device you try to determine the connection method and spawn the relevant code. I am copying just the bit of case statement with some comments # Log into the router. proc login { router user userpswd passwd enapasswd cmethod cyphertype } { global spawn_id in_proc do_command do_script platform sshver global prompt u_prompt p_prompt e_prompt set in_proc 1 set uprompt_seen 0 # debug 1 # exp_internal 1 # try each of the connection methods in $cmethod until one is successful set progs [llength $cmethod] foreach prog [lrange $cmethod 0 end] { if [string match "telnet*" $prog] { ... code for telnet deleted ... } elseif ![string compare $prog "bash-ssh"] { # if bash spawns ssh, I can login fine if [ catch {spawn /bin/bash -c "ssh $sshver -c $cyphertype -x $user@$router"} reason ] { send_user "\nError: ssh failed: $reason\n" exit 1 } } elseif ![string compare $prog "ssh"] { # this fails, ssh returns EOF when it cannot determine the host name # spawn ssh -c 3des -x net at fa-cssc-b280c-3-ban-pri # ssh: : Name or service not known # sniffing the wire shows no query, strace shows a cryptic 17 bytes # send followed by a DNS failure if [ catch {spawn ssh $sshver -c $cyphertype -x $user@$router} reason ] { send_user "\nError: ssh failed: $reason\n" exit 1 } Below is the strace -f from a failed clogin attempt, note the send which has to be the DNS request, since I just opened a socket on port 53. I do not understand how it could be though, it does not look like a valid packet or fragment. [pid 27642] send(4, "\205\r\1\0\0\1\0\0\0\0\0\0\0\0\1\0\1", 17, 0) = 17 and the following recvfrom [pid 27642] recvfrom(4, "\205\r\201\200\0\1\0\0\0\1\0\0\0\0\1\0\1\0\0\6\0\1\0\0" ..., 1024, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("128.104.254.254")}, [16]) = 92 [pid 27642] close(4) = 0 [pid 27642] write(2, "ssh: : Name or service not known"..., 34) = 34 [pid 27642] exit_group(255) The strace manpage says the \### stuff is supposed to be in a format a c programmer would understand, but I do not understand it. Is it a mix of octal and the \t, \r, \n we all know and love? In some cases I have seen \Dg which kind of throws the octal and normal escape sequence theory out the window. Knowing what strace is telling me would be a fine start for me. Strace from a failed attempt ------------------------------------------------------------ [pid 27642] socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 4 [pid 27642] connect(4, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_add r("128.104.254.254")}, 28) = 0 [pid 27642] fcntl64(4, F_GETFL) = 0x2 (flags O_RDWR) [pid 27642] fcntl64(4, F_SETFL, O_RDWR|O_NONBLOCK) = 0 [pid 27642] gettimeofday({1195955591, 14548}, NULL) = 0 [pid 27642] poll([{fd=4, events=POLLOUT, revents=POLLOUT}], 1, 0) = 1 [pid 27642] send(4, "\205\r\1\0\0\1\0\0\0\0\0\0\0\0\1\0\1", 17, 0) = 17 [pid 27642] poll([{fd=4, events=POLLIN, revents=POLLIN}], 1, 5000) = 1 [pid 27642] ioctl(4, FIONREAD, [92]) = 0 [pid 27642] recvfrom(4, "\205\r\201\200\0\1\0\0\0\1\0\0\0\0\1\0\1\0\0\6\0\1\0\0" ..., 1024, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("128.10 4.254.254")}, [16]) = 92 [pid 27642] close(4) = 0 [pid 27642] write(2, "ssh: : Name or service not known"..., 34) = 34 [pid 27642] exit_group(255) Here is the strace -f from a successful attempt -------------------------------------------------------------- [pid 17019] socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 4 [pid 17019] connect(4, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_add r("128.104.254.254")}, 28) = 0 [pid 17019] fcntl64(4, F_GETFL) = 0x2 (flags O_RDWR) [pid 17019] fcntl64(4, F_SETFL, O_RDWR|O_NONBLOCK) = 0 [pid 17019] gettimeofday({1195953633, 817845}, NULL) = 0 [pid 17019] poll([{fd=4, events=POLLOUT, revents=POLLOUT}], 1, 0) = 1 [pid 17019] send(4, "\233\233\1\0\0\1\0\0\0\0\0\0\10fa-janet\3net\4wisc\3e"..., 39, 0) = 39 [pid 17019] poll([{fd=4, events=POLLIN, revents=POLLIN}], 1, 5000) = 1 [pid 17019] ioctl(4, FIONREAD, [184]) = 0 [pid 17019] recvfrom(4, "\233\233\201\200\0\1\0\1\0\3\0\4\10fa-janet\3net\4wisc" ..., 1024, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("128.10 4.254.254")}, [16]) = 184 [pid 17019] close(4) = 0 [pid 17019] socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 4 [pid 17019] connect(4, {sa_family=AF_INET, sin_port=htons(22), sin_addr=inet_add r("128.104.137.36")}, 16) = 0 Anyway, if anyone can shed light on the following questions I would be quite grateful. - why would ssh resolve hostnames differently when spawned by expect versus when invoked by bash (which was spawned from expect) - what are the \### in the strace output telling me, especially the 17 byte send that appears to be a DNS requests that is doomed to fail. I hope everyone had a great thanksgiving, gobble, gobble, Janet Plato ____________________________________________________________________________________ Be a better pen pal. Text or chat with friends inside Yahoo! Mail. See how. http://overview.mail.yahoo.com/ From yuval.ben.ari at gmail.com Tue Nov 27 15:08:10 2007 From: yuval.ben.ari at gmail.com (Yuval Ben Ari) Date: Tue, 27 Nov 2007 17:08:10 +0200 Subject: [rancid] problem collecting config from ERX E320 ver 7.3.2 Message-ID: Hi, I am trying to add an ERX and it fails to fetch the config. in the router.db I added it as: erxhostname:erx:up but I am getting "config fetcher problems" for the device doing manuall test I am able to: 1. clogin erx 2. clogin -c 'show confi' erx all looks ok but on var/logs I can see following: Trying to get all of the configs. erx_name clogin error: Error: Connection closed (telnet): erx_name erx_name: missed cmd(s): show environment all,show configuration,show redundancy,show version,show hardware,show boot,dir erx_name: End of run not found ! ===================================== Getting missed routers: round 1. write(spawn_id=1): broken pipe while executing "send_user -- "$expect_out(buffer)"" invoked from within "expect -nobrace -re ^H+ { exp_continue } -re {^[^ ^M *]*MyPrompt([^#>\r\n]+)?[#>]($[^)\r\n]+$)?} { send_user -- "$expect_out(buffer)" } -re {^..." invoked from within "expect { -re "\b+" { exp_continue } -re "^\[^\n\r *]*$reprompt" { send_user -- "$expect_out(buffer)" } -re "^\[^\n\r]*$reprompt." { send..." invoked from within "if [ string match "*\;*" "$command" ] { set commands [split $command \;] set num_commands [llength $commands] # the pager can not be turned off on ..." (procedure "run_commands" line 34) invoked from within "run_commands $prompt $command" ("foreach" body line 144) invoked from within "foreach router [lrange $argv $i end] { set router [string tolower $router] send_user "$router\n" # Figure out prompt. # Since autoena..." (file "/home/rancid/bin/clogin" line 616)^M erx_name: missed cmd(s): show configuration,show hardware,dir erx_name: End of run not found ! srp redundancy: mode is high-availability, state active ===================================== where should I check next? Thanks Yuval -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20071127/c078bf19/attachment.html From joaje at dongenergy.dk Wed Nov 28 08:45:41 2007 From: joaje at dongenergy.dk (Joachim Jerberg Jensen) Date: Wed, 28 Nov 2007 09:45:41 +0100 Subject: [rancid] Re: Failure with Extreme XOS 12.x In-Reply-To: <474C4187.8010000@gmx.net> References: <474C4187.8010000@gmx.net> Message-ID: <8DBE4A01414BDD409232EF0C48A87E1B019DA761@CLU01EX.de-prod.dk> >On Tuesday, November 27, 2007 5:11 PM Marc M?ller wrote: > >Hi everybody. > >I'm new to rancid and i hope this issue hasn't been covered before >(didn't find anything on the list though). > >Got rancid 2.3.2a7 working smoothly with the ciscos but no chance with >Extreme X450a's running EXOS 12.x. I have just been struggling with the same setup, and it required a few hacks to work. > >It seems that xrancid tries to log in using a login/enable scheme and >does not get the replies it expects. So no config gets written. Can you post what exactly happens? -- Joachim Jerberg Jensen > >Any help in fixing this would be appreciated > >regards, >Marc From marc.muller at gmx.net Wed Nov 28 09:29:43 2007 From: marc.muller at gmx.net (=?ISO-8859-1?Q?Marc_M=FCller?=) Date: Wed, 28 Nov 2007 10:29:43 +0100 Subject: [rancid] Re: Failure with Extreme XOS 12.x In-Reply-To: <8DBE4A01414BDD409232EF0C48A87E1B019DA761@CLU01EX.de-prod.dk> References: <474C4187.8010000@gmx.net> <8DBE4A01414BDD409232EF0C48A87E1B019DA761@CLU01EX.de-prod.dk> Message-ID: <474D3507.8060804@gmx.net> Joachim Jerberg Jensen wrote: >> On Tuesday, November 27, 2007 5:11 PM Marc M?ller wrote: >>9 >> Hi everybody. >> >> I'm new to rancid and i hope this issue hasn't been covered before >> (didn't find anything on the list though). >> >> Got rancid 2.3.2a7 working smoothly with the ciscos but no chance with >> Extreme X450a's running EXOS 12.x. > > I have just been struggling with the same setup, and it required a few hacks to work. sounds like you've been succesfull... > >> It seems that xrancid tries to log in using a login/enable scheme and >> does not get the replies it expects. So no config gets written. > > Can you post what exactly happens? xrancid calls clogin - clogin logs in as an admin user and then tries to run an 'enable' cmd. Off course this returns not the expected results and the rancid script times out... Log output: Trying to get all of the configs. couldn't compile regular expression pattern: quantifier operand invalid while executing "expect -nobrace -re {* tln-ch-zr([^#>\r\n]+)?[#>]($[^)\r\n]+$)?} {} -re {[ ^M]+} { exp_continue }" invoked from within "expect { -re $reprompt {} -re "\[\n\r]+" { exp_continue } }" (procedure "run_commands" line 23) invoked from within "run_commands $prompt $command" ("foreach" body line 150) invoked from within "foreach router [lrange $argv $i end] { set router [string tolower $router] # attempt at platform switching. set platform "" send_user ..." (file "/home/rancid/bin/clogin" line 712)^M x.x.x.x: missed cmd(s): show configuration detail,show slot,show configuration,show version,show diag,show memory,show switch x.x.x.x: End of run not found Marc > > -- > Joachim Jerberg Jensen > >> Any help in fixing this would be appreciated >> >> regards, >> Marc > From will.miller at gtri.gatech.edu Wed Nov 28 14:57:55 2007 From: will.miller at gtri.gatech.edu (Will Miller) Date: Wed, 28 Nov 2007 09:57:55 -0500 Subject: [rancid] Re: The annoyance of whitespace changes. In-Reply-To: <47164628.9080802@gtri.gatech.edu> References: <47164628.9080802@gtri.gatech.edu> Message-ID: <474D81F3.4060103@gtri.gatech.edu> Miller, William S. wrote: > Hey guys, I'm a newcomer, so be gentle. > > I've looked high and low for a solution to this, but to no avail-- hence > my adding to your inboxes. > > So, here's my problem. I have a device (specifically a firewall > services module in a 6509) being monitored by rancid. Much to > frequently, though (on the order of a few times a day), I get config > diffs mailed to me that contain a bunch of changes like this: > > @@ -500,9 +500,9 @@ > port-object eq 27002 > port-object eq 27003 > port-object eq 27004 > port-object eq 27005 > - port-object eq 27006 > + port-object eq 27006 > port-object eq 27007 > port-object eq 27008 > port-object eq 27009 > port-object eq 27010 > > Note that the only thing that changed is the whitespace before the > command. > > Try as I might, I can't figure out a workaround. I tried modifying > control_rancid from "cvs -f diff -U 4" to "cvs -f diff -w -U 4". This, > however, didn't change the number of emails coming in. It still printed > the header with no diffs listed: > > Index: configs/ > =================================================================== > retrieving revision 1.240 > diff -w -U4 -r1.240 > > (Yeah, that was revision 240... no, we don't change the config quite > that often.) > > So, any of you have any ideas why this might be happening or, failing > that, how I might work around it? > > Thanks for any help, > > -- > Will Old topic, I know, but here's how I worked around it. I took Lance's suggestion and just pulled out leading whitespace from all configs. Diff between the original and modified versions of control_rancid: 361c361,363 < mv $router.new $router --- > #mv $router.new $router > cat $router.new | sed -e 's/^ *//g' > $router > rm -f $router.new Admittedly not the most elegant solution--and not even implemented very well, but it does what I wanted which is to mute all the false differences. It's been a while, but I'm fairly sure I tried Aaron's suggestion about killing the pager, but either I didn't do it right or it didn't do what was wanted, so I went this route. -- Will From yuval.ben.ari at gmail.com Wed Nov 28 17:03:21 2007 From: yuval.ben.ari at gmail.com (Yuval Ben Ari) Date: Wed, 28 Nov 2007 19:03:21 +0200 Subject: [rancid] Fwd: problem collecting config from ERX E320 ver 7.3.2 In-Reply-To: References: Message-ID: for some reason I don't see that my message was posted, re-sending. ---------- Forwarded message ---------- From: Yuval Ben Ari Date: Nov 27, 2007 5:08 PM Subject: problem collecting config from ERX E320 ver 7.3.2 To: rancid-discuss at shrubbery.net Hi, I am trying to add an ERX and it fails to fetch the config. in the router.db I added it as: erxhostname:erx:up but I am getting "config fetcher problems" for the device doing manuall test I am able to: 1. clogin erx 2. clogin -c 'show confi' erx all looks ok but on var/logs I can see following: Trying to get all of the configs. erx_name clogin error: Error: Connection closed (telnet): erx_name erx_name: missed cmd(s): show environment all,show configuration,show redundancy,show version,show hardware,show boot,dir erx_name: End of run not found ! ===================================== Getting missed routers: round 1. write(spawn_id=1): broken pipe while executing "send_user -- "$expect_out(buffer)"" invoked from within "expect -nobrace -re ^H+ { exp_continue } -re {^[^ ^M *]*MyPrompt([^#>\r\n]+)?[#>]($[^)\r\n]+$)?} { send_user -- "$expect_out(buffer)" } -re {^..." invoked from within "expect { -re "\b+" { exp_continue } -re "^\[^\n\r *]*$reprompt" { send_user -- "$expect_out(buffer)" } -re "^\[^\n\r]*$reprompt." { send..." invoked from within "if [ string match "*\;*" "$command" ] { set commands [split $command \;] set num_commands [llength $commands] # the pager can not be turned off on ..." (procedure "run_commands" line 34) invoked from within "run_commands $prompt $command" ("foreach" body line 144) invoked from within "foreach router [lrange $argv $i end] { set router [string tolower $router] send_user "$router\n" # Figure out prompt. # Since autoena..." (file "/home/rancid/bin/clogin" line 616)^M erx_name: missed cmd(s): show configuration,show hardware,dir erx_name: End of run not found ! srp redundancy: mode is high-availability, state active ===================================== where should I check next? Thanks Yuval -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20071128/4ac90642/attachment.html From jeremys at rickyninja.net Wed Nov 28 05:39:49 2007 From: jeremys at rickyninja.net (Jeremy Singletary) Date: Tue, 27 Nov 2007 22:39:49 -0700 Subject: [rancid] RANCID for Dell powerconnect switches Message-ID: <20071128053949.GA18020@pegasus.billn.net> I put some derivative code online that will enable RANCID to work on at least one model of Dell switch. This code has been in production where I work for over a year, no issues so far. http://www.rickyninja.net/rancid/ -jeremy From heas at shrubbery.net Wed Nov 28 19:45:05 2007 From: heas at shrubbery.net (john heasley) Date: Wed, 28 Nov 2007 19:45:05 +0000 Subject: [rancid] Re: Any idea on why ssh would resolve hostnames differently from an interactive shell? In-Reply-To: <13839.97697.qm@web33708.mail.mud.yahoo.com> References: <13839.97697.qm@web33708.mail.mud.yahoo.com> Message-ID: <20071128194504.GP8436@shrubbery.net> Sun, Nov 25, 2007 at 06:07:02PM -0800, Janet Plato: > I find myself extending the types of service to include ssh v2 and I > am having some trouble, when I have expect "spawn ssh -x user at device" my guess is the @ is buggering it. try -l. > [pid 27642] recvfrom(4, > "\205\r\201\200\0\1\0\0\0\1\0\0\0\0\1\0\1\0\0\6\0\1\0\0" ..., 1024, 0, > {sa_family=AF_INET, sin_port=htons(53), > sin_addr=inet_addr("128.104.254.254")}, [16]) = 92 > [pid 27642] close(4) = 0 > [pid 27642] write(2, "ssh: : Name or service not known"..., 34) = 34 > [pid 27642] exit_group(255) > > The strace manpage says the \### stuff is supposed to be in a format > a c programmer would understand, but I do not understand it. Is it a > mix of octal and the \t, \r, \n we all know and love? In some cases I > have seen \Dg which kind of throws the octal and normal escape sequence > theory out the window. Knowing what strace is telling me would be a > fine start for me. my guess would be those are decimal. I'd expect octals to be \0xxx. From techgrrl2003 at yahoo.com Wed Nov 28 20:14:34 2007 From: techgrrl2003 at yahoo.com (Janet Plato) Date: Wed, 28 Nov 2007 12:14:34 -0800 (PST) Subject: [rancid] Re: Any idea on why ssh would resolve hostnames differently from an interactive shell? In-Reply-To: <20071128194504.GP8436@shrubbery.net> Message-ID: <462583.62107.qm@web33711.mail.mud.yahoo.com> Hi John, Thanks for replying. So I figured this out yesterday. One of the variable $sshver is occasionally empty. When spawn creates the ARGV array it creates it with an empty item, ssh tries to resolve the empty item thinking it is a hostname and fails. When it closes, clogin sees an EOF. If spawn sends it to bash -c "ssh $sshver etc" the empty $sshver simply becomes a blank spot in the string, and ssh has to build the argv array before exec'ing ssh, and so it works. I replaced this: } elseif ![string compare $prog "ssh"] { if [ catch {spawn ssh $sshver -c $cyphertype -x -l $user $router} reason ] { with this: } elseif ![string compare $prog "ssh"] { set mycommand [concat ssh -c $cyphertype $sshver -x $user@$router] if [ catch "spawn $mycommand" reason ] { send_user "\nError: ssh failed: $reason\n" exit 1 } and all is well. Cheers, Janet --- john heasley wrote: > Sun, Nov 25, 2007 at 06:07:02PM -0800, Janet Plato: > > I find myself extending the types of service to include ssh v2 > and I > > am having some trouble, when I have expect "spawn ssh -x > user at device" > > my guess is the @ is buggering it. try -l. > > > [pid 27642] recvfrom(4, > > "\205\r\201\200\0\1\0\0\0\1\0\0\0\0\1\0\1\0\0\6\0\1\0\0" ..., 1024, > 0, > > {sa_family=AF_INET, sin_port=htons(53), > > sin_addr=inet_addr("128.104.254.254")}, [16]) = 92 > > [pid 27642] close(4) = 0 > > [pid 27642] write(2, "ssh: : Name or service not known"..., 34) = > 34 > > [pid 27642] exit_group(255) > > > > The strace manpage says the \### stuff is supposed to be in a > format > > a c programmer would understand, but I do not understand it. Is it > a > > mix of octal and the \t, \r, \n we all know and love? In some > cases I > > have seen \Dg which kind of throws the octal and normal escape > sequence > > theory out the window. Knowing what strace is telling me would be > a > > fine start for me. > > my guess would be those are decimal. I'd expect octals to be \0xxx. > > ____________________________________________________________________________________ Be a better pen pal. Text or chat with friends inside Yahoo! Mail. See how. http://overview.mail.yahoo.com/ From joaje at dongenergy.dk Thu Nov 29 08:27:58 2007 From: joaje at dongenergy.dk (Joachim Jerberg Jensen) Date: Thu, 29 Nov 2007 09:27:58 +0100 Subject: [rancid] Re: Failure with Extreme XOS 12.x In-Reply-To: <474D3507.8060804@gmx.net> References: <474C4187.8010000@gmx.net> <8DBE4A01414BDD409232EF0C48A87E1B019DA761@CLU01EX.de-prod.dk> <474D3507.8060804@gmx.net> Message-ID: <8DBE4A01414BDD409232EF0C48A87E1B019DAD59@CLU01EX.de-prod.dk> Wednesday, November 28, 2007 10:30 AM Marc M?ller wrote: >> I have just been struggling with the same setup, and it required a few >hacks to work. >sounds like you've been succesfull... >> >>> It seems that xrancid tries to log in using a login/enable scheme and >>> does not get the replies it expects. So no config gets written. >> >> Can you post what exactly happens? >xrancid calls clogin - clogin logs in as an admin user and then tries to >run an 'enable' cmd. Off course this returns not the expected results >and the rancid script times out... > >Log output: >Trying to get all of the configs. >couldn't compile regular expression pattern: quantifier operand invalid > while executing >"expect -nobrace -re {* tln-ch-zr([^#>\r\n]+)?[#>]($[^)\r\n]+$)?} {} >-re {[ >^M]+} { exp_continue }" > invoked from within >"expect { > -re $reprompt {} > -re "\[\n\r]+" { exp_continue } > }" > (procedure "run_commands" line 23) > invoked from within >"run_commands $prompt $command" > ("foreach" body line 150) > invoked from within >"foreach router [lrange $argv $i end] { > set router [string tolower $router] > # attempt at platform switching. > set platform "" > send_user ..." > (file "/home/rancid/bin/clogin" line 712)^M >x.x.x.x: missed cmd(s): show configuration detail,show slot,show >configuration,show version,show diag,show memory,show switch I think this is the problem: >x.x.x.x: End of run not found It doesn't detect when the configuration is finished, so the $found_end = 1; never becomes set. Try to edit xrancid: -- # catch anything that wasnt match above. ProcessHistory("COMMENTS","keysort","H0","$_"); # end of config #if (/^# End of configuration file/i) { ++ if (/^# Module vrrp configuration./i) { printf STDERR " End WriteTerm: $_" if ($debug); $found_end = 1; return(0); -- This will set $found_end=1 when it detects the part where VRRP is configured, which is the last part of the configuration. It's a nasty hack, but it should work. -- Joachim Jerberg Jensen > >Marc > > -- > Joachim Jerberg Jensen > >> Any help in fixing this would be appreciated >> >> regards, >> Marc > From cmoody at qualcomm.com Thu Nov 29 09:36:12 2007 From: cmoody at qualcomm.com (Chris Moody) Date: Thu, 29 Nov 2007 01:36:12 -0800 Subject: [rancid] Official contact info for submitting patches/upgrades In-Reply-To: <462583.62107.qm@web33711.mail.mud.yahoo.com> References: <462583.62107.qm@web33711.mail.mud.yahoo.com> Message-ID: <474E880C.4010704@qualcomm.com> Whom should I contact to (re)submit a patch I contributed to handle Tacacs "PASSCODE" prompts on C* devices? I just pulled the latest source and don't see the PASSCODE bits in clogin anyplace. Am I overlooking that prompt type being handled another way? Cheers, -Chris From overkillxx at gmail.com Thu Nov 29 20:31:29 2007 From: overkillxx at gmail.com (overkillxx at gmail.com) Date: Fri, 30 Nov 2007 07:31:29 +1100 Subject: [rancid] Fwd: Show Vlan in Cisco Module In-Reply-To: References: Message-ID: Hi Guys, Recently just installed rancid & have been playing with it. I've noticed that when it runs alot of the time (For me) it sends an email & flags differences on information on the "show vlan" command almost all the time. Is there are way I can remove this from the Cisco module?? If anybody can help out there with this I would be extremely greatful. Thanks in advance Regards, Brad -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20071130/3dc9c8b5/attachment.html From overkillxx at gmail.com Thu Nov 29 12:06:09 2007 From: overkillxx at gmail.com (overkillxx at gmail.com) Date: Thu, 29 Nov 2007 23:06:09 +1100 Subject: [rancid] Show Vlan in Cisco Module Message-ID: Hi Guys. Recently just installed rancid & have been playing with it. I've noticed that when it runs the diff alot of the time (For me) it sends an email & flags differences on information I don't care about. Such as the "Show Vlan" command. Is there are way to suppress/stop the Cisco Module when selected doing certain "show" commands?? I only really want to stop the Show Vlan at this stage. Regards, Brad -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20071129/093082fc/attachment.html From mashcraft at omniture.com Fri Nov 30 00:58:41 2007 From: mashcraft at omniture.com (Mike Ashcraft) Date: Thu, 29 Nov 2007 17:58:41 -0700 Subject: [rancid] Re: Show Vlan in Cisco Module In-Reply-To: References: Message-ID: <45EB285310B55542A513F93230F0A53302FC191E@EXCHANGE0.orm.omniture.com> Brad, You can play with the subroutine that parses the show vlan output. Search bin/rancid for "sub ShowVLAN". You could also just eliminate the show vlan altogether by removing or commenting out the line {'show vlan' => 'ShowVLAN'}, from bin/rancid. Mike ________________________________ From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of overkillxx at gmail.com Sent: Thursday, November 29, 2007 5:06 AM To: rancid-discuss at shrubbery.net Subject: [rancid] Show Vlan in Cisco Module Hi Guys. Recently just installed rancid & have been playing with it. I've noticed that when it runs the diff alot of the time (For me) it sends an email & flags differences on information I don't care about. Such as the "Show Vlan" command. Is there are way to suppress/stop the Cisco Module when selected doing certain "show" commands?? I only really want to stop the Show Vlan at this stage. Regards, Brad -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20071129/7a3947e8/attachment.html From BCurtin at eircom.ie Fri Nov 30 12:57:13 2007 From: BCurtin at eircom.ie (BCurtin at eircom.ie) Date: Fri, 30 Nov 2007 12:57:13 -0000 Subject: [rancid] Logging into Extreme X450 Message-ID: <8A824268255CF4478B88D36CF44C714EC53405@DNEXVS02.eircom.ie> Hi I am having similar issues logging on to Extreme's X450 switch using clogin (ExtremeXOS version 11.6.3.4) as mentioned in the thread "clogin on extreme X450". However in my case the login process works about 70% of the time (but has to make two attempts) and fails after 3 attempts the rest of the time. See output below for both cases. I suspect the issue is the same. [alderaan] ~/deltas/SPOOL> clogin metro-sw1 metro-sw1 spawn telnet metro-sw1 Trying 10.10.80.11... Won't send login name and/or authentication information. Connected to metro-sw1. Escape character is '^]'. telnet session telnet0 on /dev/ptyb0 login: admin password: Login incorrect login: passwd password: Login incorrect login: admin password: ExtremeXOS Copyright (C) 2000-2006 Extreme Networks. All rights reserved. Protected by US Patent Nos: 6,678,248; 6,104,700; 6,766,482; 6,618,388; 6,034,957; 6,859,438; 6,912,592; 6,954,436; 6,977,891; 6,980,550; 6,981,174; 7,003,705; 7,012,082. ======================================================================== ====== Press the or '?' key at any time for completions. Remember to save your configuration changes. metro-sw1:.1 # [alderaan] ~/deltas/SPOOL> clogin metro-sw1 metro-sw1 spawn telnet metro-sw1 Trying 10.252.80.11... Won't send login name and/or authentication information. Connected to metro-sw1. Escape character is '^]'. telnet session telnet0 on /dev/ptyb0 login: admin password: Login incorrect login: passwd password: Login incorrect login: passwd password: Login incorrect Maximum number of login attempts reached! Connection closed by foreign host. passwd Error: Connection Refused (telnet) [alderaan] ~/deltas/SPOOL> I tried the suggested fix, i.e. "one way would be to change the login prompt regex to "$u_prompt[^a-zA-Z0-9]" and the default u_prompt to "(Username|Login|login|user name): ?"," but couldn't get it to work - kept getting a syntax error for the "u_prompt[^a-zA-Z0-9]" bit. I'm not familiar with expect so was wondering if the syntax given is correct. The changes I made to clogin and the error message I get are shown below. Changed these two lines if { "$u_prompt" == "" } { set u_prompt "(Username|Login|login|user name): ?" } -re "$u_prompt[^a-zA-Z0-9]" { Get this error message when I run clogin %clogin metro-sw1 metro-sw1 spawn telnet metro-sw1 invalid command name "^a-zA-Z0-9" while executing "^a-zA-Z0-9" invoked from within "expect { -re "(Connection refused|Secure connection \[^\n\r]+ refused|Connection closed by)" { catch {close}; wait if ..." (procedure "login" line 66) invoked from within "login $router $ruser $userpswd $passwd $enapasswd $cmethod $cyphertype" ("foreach" body line 94) invoked from within "foreach router [lrange $argv $i end] { set router [string tolower $router] send_user "$router\n" # Figure out prompt. # Since autoena..." (file "/var/local/rancid/bin/clogin" line 565) % Regards Bill Curtin *************************************************************** The information contained in this e-mail and any files transmitted with it is confidential and may be subject to legal professional privilege. It is intended solely for the use of the addressee(s). If you are not the intended recipient of this e-mail, please note that any review, dissemination, disclosure, alteration, printing, copying or transmission of this e-mail and/or any file transmitted with it, is prohibited and may be unlawful. If you have received this e-mail by mistake, please promptly inform the sender by reply e-mail and delete the material. Whilst this e-mail message has been swept for the presence of computer viruses, eircom does not, except as required by law, represent, warrant and/or guarantee that the integrity of this communication has been maintained nor that the communication is free of errors, viruses, interception or interference. eircom Limited. Private Company Limited by Shares. Registered in Dublin. Registration Number 98789. Registered Office - 114 St. Stephen's Green West, Dublin 2. *************************************************************** -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20071130/5c31ffdd/attachment.html From mohsen_Puurunen at sanangelohomes.com Fri Nov 30 05:16:10 2007 From: mohsen_Puurunen at sanangelohomes.com (mohsen Puurunen) Date: Fri, 30 Nov 2007 06:16:10 +0100 Subject: [rancid] nanoyz Message-ID: <000201c83310$1e65f1f0$16a39652@k01> you aint got shit if your not packing an 8 inch cock http://www.leabos.com/