johan at securit
Jul 30, 2012, 12:58 AM
Post #4 of 4
(268 views)
Permalink
|
|
Re: diff to make rancid work with HP 2810-24G and tacacs+ authentication
[In reply to]
|
|
This is the banner. I have replaced username and hostname. Maybe it's
the "Press any key to continuesome.host.name>" that is the problem.
The switch does not put any space between continue and the hostname.
This may fail
expect {
"Press any key to continue" {
send " "
exp_continue
}
-- Johan Ryberg
spawn hpuifilter -- ssh -c 3des -x -l someusername some.host.name We'd
like to keep you up to date about:
* Software feature updates
* New product announcements
* Special events
Please register your products now at: www.ProCurve.com
someusername [at] some's password:
ProCurve J9021A Switch 2810-24G
Software revision N.11.52
Copyright (C) 1991-2011 Hewlett-Packard Co. All Rights Reserved.
RESTRICTED RIGHTS LEGEND
Use, duplication, or disclosure by the Government is subject to restrictions
as set forth in subdivision (b) (3) (ii) of the Rights in Technical Data and
Computer Software clause at 52.227-7013.
HEWLETT-PACKARD COMPANY, 3000 Hanover St., Palo Alto, CA 94303
Press any key to continuesome.host.name> enable Login:someusername
Enable password:
hostname#
2012/7/27 Johan Ryberg <johan [at] securit>:
> Thanks =)
>
> I have been running this code with both tacacs enabled switches and
> with local only authentication since the post without any problems.
>
> All changes are committed to cvs and I have not noticed any other issues.
>
> I will however look at the banner to see if it match something else.
> If I got time I will look at it on Monday.
>
> Best regards Johan
>
> 2012/7/27 heasley <heas [at] shrubbery>:
>> Fri, Jul 13, 2012 at 10:59:45AM +0200, Johan Ryberg:
>>> Hi.
>>>
>>> I where having big problems when I enabled tacacs authentication for
>>> HP 2810-24G switches and I found two issues that made rancid
>>> (hpuifilder) to consume 100% cpu and it hang there forever.
>>>
>>> First problem, the enable prompt
>>> The switch are using "Login:" and I think this could be changed in the
>>> default userprompt from "(Username|login|user name):" to
>>> "(Username|[Ll]ogin|user name):"
>>> --- /usr/local/bin/hlogin Fri Jul 13 10:12:12 2012
>>> +++ hlogin Fri Jul 13 10:58:19 2012
>>> @@ -697,7 +697,7 @@
>>> # Figure out prompts
>>> set u_prompt [find userprompt $router]
>>> if { "$u_prompt" == "" } {
>>> - set u_prompt "(Username|login|user name):"
>>> + set u_prompt "(Username|[Ll]ogin|user name):"
>>> } else {
>>> set u_prompt [join [lindex $u_prompt 0] ""]
>>> }
>>
>> committed.
>>
>>> Second problem, hlogin was to fast to enter the enable command after
>>> login. The only letters that where written to the console was "nable".
>>> I could reproduce this every time. The fix was to add a sleep in
>>> hlogin after the "welcome prompt"
>>>
>>> --- /usr/local/bin/hlogin Fri Jul 13 10:40:23 2012
>>> +++ /usr/local/bin/hlogin Fri Jul 13 10:12:12 2012
>>> @@ -394,6 +394,7 @@
>>> expect {
>>> "Press any key to continue" {
>>> send " "
>>> + sleep 1
>>> exp_continue
>>> }
>>> "Enter switch number to connect to or <CR>:" {
>>>
>>> For the record. I'm using rancid 2.3.8 on OpenBSD 5.1
>>
>> Are you sure? usually when behavior like occurs, its more likely that it
>> matched something in the preceeding output. i asked because this kind of
>> usually just moves the problem elsewhere. it might just be better to deal
>> with recovering from the error and re-enter 'enable'.
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss [at] shrubbery
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
|
