Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: RANCID: Users

diff to make rancid work with HP 2810-24G and tacacs+ authentication

 

 

RANCID users RSS feed   Index | Next | Previous | View Threaded


johan at securit

Jul 13, 2012, 1:59 AM

Post #1 of 4 (517 views)
Permalink
diff to make rancid work with HP 2810-24G and tacacs+ authentication

Hi.

I where having big problems when I enabled tacacs authentication for
HP 2810-24G switches and I found two issues that made rancid
(hpuifilder) to consume 100% cpu and it hang there forever.

First problem, the enable prompt
The switch are using "Login:" and I think this could be changed in the
default userprompt from "(Username|login|user name):" to
"(Username|[Ll]ogin|user name):"
--- /usr/local/bin/hlogin Fri Jul 13 10:12:12 2012
+++ hlogin Fri Jul 13 10:58:19 2012
@@ -697,7 +697,7 @@
# Figure out prompts
set u_prompt [find userprompt $router]
if { "$u_prompt" == "" } {
- set u_prompt "(Username|login|user name):"
+ set u_prompt "(Username|[Ll]ogin|user name):"
} else {
set u_prompt [join [lindex $u_prompt 0] ""]
}



Second problem, hlogin was to fast to enter the enable command after
login. The only letters that where written to the console was "nable".
I could reproduce this every time. The fix was to add a sleep in
hlogin after the "welcome prompt"

--- /usr/local/bin/hlogin Fri Jul 13 10:40:23 2012
+++ /usr/local/bin/hlogin Fri Jul 13 10:12:12 2012
@@ -394,6 +394,7 @@
expect {
"Press any key to continue" {
send " "
+ sleep 1
exp_continue
}
"Enter switch number to connect to or <CR>:" {

For the record. I'm using rancid 2.3.8 on OpenBSD 5.1

Best regards Johan Ryberg
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss [at] shrubbery
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss


heas at shrubbery

Jul 27, 2012, 11:35 AM

Post #2 of 4 (464 views)
Permalink
Re: diff to make rancid work with HP 2810-24G and tacacs+ authentication [In reply to]

Fri, Jul 13, 2012 at 10:59:45AM +0200, Johan Ryberg:
> Hi.
>
> I where having big problems when I enabled tacacs authentication for
> HP 2810-24G switches and I found two issues that made rancid
> (hpuifilder) to consume 100% cpu and it hang there forever.
>
> First problem, the enable prompt
> The switch are using "Login:" and I think this could be changed in the
> default userprompt from "(Username|login|user name):" to
> "(Username|[Ll]ogin|user name):"
> --- /usr/local/bin/hlogin Fri Jul 13 10:12:12 2012
> +++ hlogin Fri Jul 13 10:58:19 2012
> @@ -697,7 +697,7 @@
> # Figure out prompts
> set u_prompt [find userprompt $router]
> if { "$u_prompt" == "" } {
> - set u_prompt "(Username|login|user name):"
> + set u_prompt "(Username|[Ll]ogin|user name):"
> } else {
> set u_prompt [join [lindex $u_prompt 0] ""]
> }

committed.

> Second problem, hlogin was to fast to enter the enable command after
> login. The only letters that where written to the console was "nable".
> I could reproduce this every time. The fix was to add a sleep in
> hlogin after the "welcome prompt"
>
> --- /usr/local/bin/hlogin Fri Jul 13 10:40:23 2012
> +++ /usr/local/bin/hlogin Fri Jul 13 10:12:12 2012
> @@ -394,6 +394,7 @@
> expect {
> "Press any key to continue" {
> send " "
> + sleep 1
> exp_continue
> }
> "Enter switch number to connect to or <CR>:" {
>
> For the record. I'm using rancid 2.3.8 on OpenBSD 5.1

Are you sure? usually when behavior like occurs, its more likely that it
matched something in the preceeding output. i asked because this kind of
usually just moves the problem elsewhere. it might just be better to deal
with recovering from the error and re-enter 'enable'.
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss [at] shrubbery
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss


johan at securit

Jul 27, 2012, 12:35 PM

Post #3 of 4 (454 views)
Permalink
Re: diff to make rancid work with HP 2810-24G and tacacs+ authentication [In reply to]

Thanks =)

I have been running this code with both tacacs enabled switches and
with local only authentication since the post without any problems.

All changes are committed to cvs and I have not noticed any other issues.

I will however look at the banner to see if it match something else.
If I got time I will look at it on Monday.

Best regards Johan

2012/7/27 heasley <heas [at] shrubbery>:
> Fri, Jul 13, 2012 at 10:59:45AM +0200, Johan Ryberg:
>> Hi.
>>
>> I where having big problems when I enabled tacacs authentication for
>> HP 2810-24G switches and I found two issues that made rancid
>> (hpuifilder) to consume 100% cpu and it hang there forever.
>>
>> First problem, the enable prompt
>> The switch are using "Login:" and I think this could be changed in the
>> default userprompt from "(Username|login|user name):" to
>> "(Username|[Ll]ogin|user name):"
>> --- /usr/local/bin/hlogin Fri Jul 13 10:12:12 2012
>> +++ hlogin Fri Jul 13 10:58:19 2012
>> @@ -697,7 +697,7 @@
>> # Figure out prompts
>> set u_prompt [find userprompt $router]
>> if { "$u_prompt" == "" } {
>> - set u_prompt "(Username|login|user name):"
>> + set u_prompt "(Username|[Ll]ogin|user name):"
>> } else {
>> set u_prompt [join [lindex $u_prompt 0] ""]
>> }
>
> committed.
>
>> Second problem, hlogin was to fast to enter the enable command after
>> login. The only letters that where written to the console was "nable".
>> I could reproduce this every time. The fix was to add a sleep in
>> hlogin after the "welcome prompt"
>>
>> --- /usr/local/bin/hlogin Fri Jul 13 10:40:23 2012
>> +++ /usr/local/bin/hlogin Fri Jul 13 10:12:12 2012
>> @@ -394,6 +394,7 @@
>> expect {
>> "Press any key to continue" {
>> send " "
>> + sleep 1
>> exp_continue
>> }
>> "Enter switch number to connect to or <CR>:" {
>>
>> For the record. I'm using rancid 2.3.8 on OpenBSD 5.1
>
> Are you sure? usually when behavior like occurs, its more likely that it
> matched something in the preceeding output. i asked because this kind of
> usually just moves the problem elsewhere. it might just be better to deal
> with recovering from the error and re-enter 'enable'.
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss [at] shrubbery
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss


johan at securit

Jul 30, 2012, 12:58 AM

Post #4 of 4 (469 views)
Permalink
Re: diff to make rancid work with HP 2810-24G and tacacs+ authentication [In reply to]

This is the banner. I have replaced username and hostname. Maybe it's
the "Press any key to continuesome.host.name>" that is the problem.
The switch does not put any space between continue and the hostname.

This may fail
expect {
"Press any key to continue" {
send " "
exp_continue
}

-- Johan Ryberg

spawn hpuifilter -- ssh -c 3des -x -l someusername some.host.name We'd
like to keep you up to date about:
* Software feature updates
* New product announcements
* Special events

Please register your products now at: www.ProCurve.com

someusername [at] some's password:
ProCurve J9021A Switch 2810-24G
Software revision N.11.52

Copyright (C) 1991-2011 Hewlett-Packard Co. All Rights Reserved.

RESTRICTED RIGHTS LEGEND

Use, duplication, or disclosure by the Government is subject to restrictions
as set forth in subdivision (b) (3) (ii) of the Rights in Technical Data and
Computer Software clause at 52.227-7013.

HEWLETT-PACKARD COMPANY, 3000 Hanover St., Palo Alto, CA 94303

Press any key to continuesome.host.name> enable Login:someusername
Enable password:
hostname#


2012/7/27 Johan Ryberg <johan [at] securit>:
> Thanks =)
>
> I have been running this code with both tacacs enabled switches and
> with local only authentication since the post without any problems.
>
> All changes are committed to cvs and I have not noticed any other issues.
>
> I will however look at the banner to see if it match something else.
> If I got time I will look at it on Monday.
>
> Best regards Johan
>
> 2012/7/27 heasley <heas [at] shrubbery>:
>> Fri, Jul 13, 2012 at 10:59:45AM +0200, Johan Ryberg:
>>> Hi.
>>>
>>> I where having big problems when I enabled tacacs authentication for
>>> HP 2810-24G switches and I found two issues that made rancid
>>> (hpuifilder) to consume 100% cpu and it hang there forever.
>>>
>>> First problem, the enable prompt
>>> The switch are using "Login:" and I think this could be changed in the
>>> default userprompt from "(Username|login|user name):" to
>>> "(Username|[Ll]ogin|user name):"
>>> --- /usr/local/bin/hlogin Fri Jul 13 10:12:12 2012
>>> +++ hlogin Fri Jul 13 10:58:19 2012
>>> @@ -697,7 +697,7 @@
>>> # Figure out prompts
>>> set u_prompt [find userprompt $router]
>>> if { "$u_prompt" == "" } {
>>> - set u_prompt "(Username|login|user name):"
>>> + set u_prompt "(Username|[Ll]ogin|user name):"
>>> } else {
>>> set u_prompt [join [lindex $u_prompt 0] ""]
>>> }
>>
>> committed.
>>
>>> Second problem, hlogin was to fast to enter the enable command after
>>> login. The only letters that where written to the console was "nable".
>>> I could reproduce this every time. The fix was to add a sleep in
>>> hlogin after the "welcome prompt"
>>>
>>> --- /usr/local/bin/hlogin Fri Jul 13 10:40:23 2012
>>> +++ /usr/local/bin/hlogin Fri Jul 13 10:12:12 2012
>>> @@ -394,6 +394,7 @@
>>> expect {
>>> "Press any key to continue" {
>>> send " "
>>> + sleep 1
>>> exp_continue
>>> }
>>> "Enter switch number to connect to or <CR>:" {
>>>
>>> For the record. I'm using rancid 2.3.8 on OpenBSD 5.1
>>
>> Are you sure? usually when behavior like occurs, its more likely that it
>> matched something in the preceeding output. i asked because this kind of
>> usually just moves the problem elsewhere. it might just be better to deal
>> with recovering from the error and re-enter 'enable'.
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss [at] shrubbery
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

RANCID users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.