[Dev] Cisco Pix adaptor failed to retrieve configuration because of TACACS+ server.

PingShan Li lipingshan72 at gmail.com
Fri Mar 21 10:43:41 CDT 2008 

Ryan,

Yes, I agree that will solve the problem.

The problem is more related to company policy. A lot of companies have
certain rules on how to login to pix device. My intention is to make ziptie
adaptor more flexible or robust to handle different use cases without asking
customer to change the current way of managing pix device. I will find some
time to see if I can modify the script to handle this use case.

Thank you for your help. We tried different ways to retrieve cisco
configuration, zipetie's implementation is the best we have seen so far.

PingShan Li



2008/3/20 Ryan Kruse <rkruse at alterpoint.com>:

>  Hi PingShan Li,
>
> Can you just login to the device directly with your "james" account?  That
> would require no adapter modification.
>
> It seems as though you've setup TACACS+ to deny the "enable" command for
> the "testUser" so you just login with your "james" account that gets you
> right to priv 15 (enable) mode.   Please correct me if I'm wrong.
>
> -Ryan
>
>  ------------------------------
> *From:* dev-bounces at ziptie.org [mailto:dev-bounces at ziptie.org] *On Behalf
> Of *PingShan Li
> *Sent:* Thursday, March 20, 2008 9:48 AM
> *To:* dev at ziptie.org
> *Subject:* [Dev] Cisco Pix adaptor failed to retrieve configuration
> because of TACACS+ server.
>
>   Cisco Pix adaptor failed to retrieve configuration because of TACACS+
> server.
>
> The pix device is configured to use TACACS+ server, when the user types
> enable command, "Command authorization failed" is replied. The attched file
> handles this situation, but it can be improved to try to send enable command
> first, then try to send login command if enable failed.
>
> Please review the changes.
>
> Thanks
>
> PingShan Li
>
>
>
>
> User Access Verification
>
>
>
> Username: testUser
> Password: ********
> Type help or '?' for a list of available commands.
> fnkc-isofw> enable
> Command authorization failed
> fnkc-isofw>
> fnkc-isofw>
> fnkc-isofw> enable
> Command authorization failed
> fnkc-isofw>
> fnkc-isofw>
> fnkc-isofw> login
> Username: james
> Password: ********
> fnkc-isofw#
> fnkc-isofw#
> fnkc-isofw#
>
>
>
>
>
> _______________________________________________
> Dev mailing list
> Dev at ziptie.org
> http://mailman.ziptie.org/listinfo/dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ziptie.org/pipermail/dev/attachments/20080321/73ac0363/attachment.html

More information about the Dev mailing list