[Dev] Cisco Pix adaptor failed to retrieve configuration because of TACACS+ server.

Ryan Kruse rkruse at alterpoint.com
Fri Mar 21 10:50:54 CDT 2008 

PingShan Li,

Great. I think we're on the same page then.  If you truely want to login with your testUser account first then you should probably modify the AutoLogin module for yourself.  Or better yet, create your own custom version of this adapter so that it won't get overwritten when you upgrade to the next ZipTie release.

Keep the suggestings coming.  We certainly appreciate it.

Ryan

________________________________
From: dev-bounces at ziptie.org [mailto:dev-bounces at ziptie.org] On Behalf Of PingShan Li
Sent: Friday, March 21, 2008 10:44 AM
To: ZipTie Development List
Subject: Re: [Dev] Cisco Pix adaptor failed to retrieve configuration because of TACACS+ server.

Ryan,

Yes, I agree that will solve the problem.

The problem is more related to company policy. A lot of companies have certain rules on how to login to pix device. My intention is to make ziptie adaptor more flexible or robust to handle different use cases without asking customer to change the current way of managing pix device. I will find some time to see if I can modify the script to handle this use case.

Thank you for your help. We tried different ways to retrieve cisco configuration, zipetie's implementation is the best we have seen so far.

PingShan Li



2008/3/20 Ryan Kruse <rkruse at alterpoint.com<mailto:rkruse at alterpoint.com>>:
Hi PingShan Li,

Can you just login to the device directly with your "james" account?  That would require no adapter modification.

It seems as though you've setup TACACS+ to deny the "enable" command for the "testUser" so you just login with your "james" account that gets you right to priv 15 (enable) mode.   Please correct me if I'm wrong.

-Ryan

________________________________
From: dev-bounces at ziptie.org<mailto:dev-bounces at ziptie.org> [mailto:dev-bounces at ziptie.org<mailto:dev-bounces at ziptie.org>] On Behalf Of PingShan Li
Sent: Thursday, March 20, 2008 9:48 AM
To: dev at ziptie.org<mailto:dev at ziptie.org>
Subject: [Dev] Cisco Pix adaptor failed to retrieve configuration because of TACACS+ server.

Cisco Pix adaptor failed to retrieve configuration because of TACACS+ server.

The pix device is configured to use TACACS+ server, when the user types enable command, "Command authorization failed" is replied. The attched file handles this situation, but it can be improved to try to send enable command first, then try to send login command if enable failed.

Please review the changes.

Thanks

PingShan Li




User Access Verification



Username: testUser
Password: ********
Type help or '?' for a list of available commands.
fnkc-isofw> enable
Command authorization failed
fnkc-isofw>
fnkc-isofw>
fnkc-isofw> enable
Command authorization failed
fnkc-isofw>
fnkc-isofw>
fnkc-isofw> login
Username: james
Password: ********
fnkc-isofw#
fnkc-isofw#
fnkc-isofw#





_______________________________________________
Dev mailing list
Dev at ziptie.org<mailto:Dev at ziptie.org>
http://mailman.ziptie.org/listinfo/dev


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ziptie.org/pipermail/dev/attachments/20080321/674836ba/attachment.html

More information about the Dev mailing list