[rancid] Problems with Rancid and Privilege Levels
Jethro R Binks
jethro.binks at strath.ac.uk
Mon Jan 27 14:12:09 UTC 2014
On Fri, 24 Jan 2014, Gordon Ross wrote:
> I didn't want to give the Level 15 enable password for my ASAs to
> Rancid, so I've tried to configure Rancid to use a customer privilege
> level, but I'm stuck at the last hurdle and Rancid doesn't seem able to
> get the config.
I can't remember if this is all of what is required, but I have an ASA
that looks like this:
username rancid password PASSWORD encrypted privilege 7
privilege cmd level 7 mode exec command more
privilege cmd level 7 mode exec command dir
privilege cmd level 7 mode exec command write
privilege cmd level 7 mode exec command terminal
privilege show level 7 mode exec command running-config
privilege show level 7 mode exec command version
privilege show level 7 mode exec command bootvar
privilege show level 7 mode exec command names
privilege show level 7 mode exec command vlan
privilege show level 7 mode exec command module
I'm running an old version of clogin specified as "cisco" in router.db,
but I also have a note that I modified it to send "terminal pager 0" as
well as "terminal length 0".
To find out where yours is going wrong though, you'll need to run rancid
in debug mode, along the lines of:
env NOPIPE=YES PATH=${PATH}:/usr/local/libexec/rancid rancid -d devicename
and inspect the *.raw file to see where it went wrong.
Jethro.
> The steps I took were:
>
> * Copied bin/clogin to asa-clogin.
>
> * Changed the 'send "enable\r"' command to be 'send "enable 4\r"' in asa-clogin
>
> * In rancid-fe, I added an entry of "'asa' => 'asa-clogin',"
>
> * In my router.db I added "asa1.example.com:asa:up"
>
> * Added the asa's credentials to .clogin
>
> If I run (as the rancid user) "asa-clogin asa1.example.com" I end up at
> an enable prompt on my asa:
>
> asa-1/act#
>
> But when rancid runs, the logs show:
>
> Trying to get all of the configs.
> asa-1.example.com
> spawn ssh -c 3des -x -l rancid asa-1.example.com
> rancid at asa-1.example.com's password:
> Type help or '?' for a list of available commands.
> asa-1/act> enable 4
> Password: ***********
> asa-1/act#
> asa-1/act# =====================================
> Getting missed routers: round 1.
> ....
>
> The rancid ASA can do show ver, show run, etc.
>
> How can I find out what's wrong?
>
> Thanks,
>
> GTG
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss
>
. . . . . . . . . . . . . . . . . . . . . . . . .
Jethro R Binks, Network Manager,
Information Services Directorate, University Of Strathclyde, Glasgow, UK
The University of Strathclyde is a charitable body, registered in
Scotland, number SC015263.
More information about the Rancid-discuss
mailing list