Mailing List Archive

Tue, Apr 30, 2002 at 12:42:01PM -0700, Fergus Roche:
> I'm having problems logging into a Nortel (Accelar 1200) - blogin hangs
> and times out. I have had the same problem with 2.2b8 and 2.2 on 2
> different machines. I am using expect-5.32.2-65, tcl/tk-8.3.3-65 on
> RH7.2 (2.4.9-31), but have also tried expect-5.24 on mandrake
> (2.2.14-15)
> I have tried various combinations of entries in .cloginrc, but always
> with the same result. Any help would be much appreciated.

please try attached. set for rancid-2.2.1 maint rel RSN.

>
>
> $ bin/blogin bay-nr1
> bay-nr1
> spawn telnet bay-nr1
> Trying 10.10.0.1...
> Connected to bay-nr1
> Escape character is '^]'.
>
> ********************************
> * Bay Networks,Inc. *
> * Copyright (c) 1996-1999 *
> * All Rights Reserved *
> * Accelar 1200 *
> * Software Release 2.0.5.7 *
> ********************************
>
> Login:
> Error: TIMEOUT reached
>
>
> $ cat .cloginrc
> add user bay-nr1 readwrite
> add password bay-nr1 {password} I noted Mark Cooper's patch of 11/23/01,
> but that appears to have been included in the 2.2 release.
>
>
> $ cat router.db
> bay-nr1:baynet:up
>
>
>
> Thanks,
> Fergus Roche
> Loudeye Technologies
-------------- next part --------------
#!@EXPECT_PATH@ --
##
##
## Copyright (C) 1997-2001 by Henry Kilmer, Erik Sherk and Pete Whiting.
## All rights reserved.
##
## This software may be freely copied, modified and redistributed without
## fee for non-commerical purposes provided that this copyright notice is
## preserved intact on all copies and modified copies.
##
## There is no warranty or other guarantee of fitness of this software.
## It is provided solely "as is". The author(s) disclaim(s) all
## responsibility and liability with respect to this software's usage
## or its effect upon hardware, computer systems, other software, or
## anything else.
##
##
#
# blogin - Bay Networks(Nortel) login
#
# Unlike the Cisco's, there is no enable function on the Bay's.
# Instead there are seperate User and Manager accounts. A 'system' command
# exists, which i am told does nothing.
#

# Usage line
set usage "Usage: $argv0 \[-autoenable\] \[-noenable\] \[-c command\] \
\[-Evar=x\] \[-e enable-password\] \[-f cloginrc-file\] \[-p user-password\] \
\[-s script-file\] \[-t timeout\] \[-u username\] \
\[-v vty-password\] \[-w enable-username\] \[-x command-file\] \
\[-y ssh_cypher_type\] router \[router...\]\n"

# env(CLOGIN) may contain:
# x == do not set xterm banner or name

# Password file
set password_file $env(HOME)/.cloginrc
# Default is to login to the router
set do_command 0
set do_script 0
# The default is to automatically enable
set enable 0
# The default is that you login non-enabled (tacacs can have you login already enabled)
set autoenable 0
# The default is to look in the password file to find the passwords. This
# tracks if we receive them on the command line.
set do_passwd 1
set do_enapasswd 0

# Find the user in the ENV, or use the unix userid.
if {[ info exists env(CISCO_USER) ] } {
set default_user $env(CISCO_USER)
} elseif {[ info exists env(USER) ]} {
set default_user $env(USER)
} else {
# This uses "id" which I think is portable. At least it has existed
# (without options) on all machines/OSes I've been on recently -
# unlike whoami or id -nu.
if [ catch {exec id} reason ] {
send_error "\nError: could not exec id: $reason\n"
exit 1
}
regexp {\(([^)]*)} "$reason" junk default_user
}

# Sometimes routers take awhile to answer (the default is 10 sec)
set timeout 45

# Process the command line
for {set i 0} {$i < $argc} {incr i} {
set arg [lindex $argv $i]

switch -glob -- $arg {
# Username
-u* -
-U* {
if {! [ regexp .\[uU\](.+) $arg ignore user]} {
incr i
set username [ lindex $argv $i ]
}
# VTY Password
} -p* -
-P* {
if {! [ regexp .\[pP\](.+) $arg ignore userpasswd]} {
incr i
set userpasswd [ lindex $argv $i ]
}
set do_passwd 0
# VTY Password
} -v* -
-v* {
if {! [ regexp .\[vV\](.+) $arg ignore passwd]} {
incr i
set passwd [ lindex $argv $i ]
}
set do_passwd 0
# Enable Username
} -w* -
-W* {
if {! [ regexp .\[wW\](.+) $arg ignore enauser]} {
incr i
set enausername [ lindex $argv $i ]
}
# Environment variable to pass to -s scripts
} -E*
{
if {[ regexp .\[E\](.+)=(.+) $arg ignore varname varvalue]} {
set E$varname $varvalue
} else {
send_user "Error: invalid format for -E in $arg\n"
exit 1
}
# Enable Password
} -e*
{
if {! [ regexp .\[eE\](.+) $arg ignore enapasswd]} {
incr i
set enapasswd [ lindex $argv $i ]
}
set do_enapasswd 0
# Command to run.
} -c* -
-C* {
if {! [ regexp .\[cC\](.+) $arg ignore command]} {
incr i
set command [ lindex $argv $i ]
}
set do_command 1
# Expect script to run.
} -s* -
-S* {
if {! [ regexp .\[sS\](.+) $arg ignore sfile]} {
incr i
set sfile [ lindex $argv $i ]
}
if { ! [ file readable $sfile ] } {
send_user "\nError: Can't read $sfile\n"
exit 1
}
set do_script 1
# 'ssh -c' cypher type
} -y* -
-Y* {
if {! [ regexp .\[eE\](.+) $arg ignore cypher]} {
incr i
set cypher [ lindex $argv $i ]
}
# alternate cloginrc file
} -f* -
-F* {
if {! [ regexp .\[fF\](.+) $arg ignore password_file]} {
incr i
set password_file [ lindex $argv $i ]
}
# Timeout
} -t* -
-T* {
if {! [ regexp .\[tT\](.+) $arg ignore timeout]} {
incr i
set timeout [ lindex $argv $i ]
}
# Command file
} -x* -
-X {
if {! [ regexp .\[xX\](.+) $arg ignore cmd_file]} {
incr i
set cmd_file [ lindex $argv $i ]
}
set cmd_fd [open $cmd_file r]
set cmd_text [read $cmd_fd]
close $cmd_fd
set command [join [split $cmd_text \n] \;]
set do_command 1
# Do we enable?
} -noenable {
set enable 0
# Does tacacs automatically enable us?
} -autoenable {
set autoenable 1
set enable 0
} -* {
send_user "\nError: Unknown argument! $arg\n"
send_user $usage
exit 1
} default {
break
}
}
}
# Process routers...no routers listed is an error.
if { $i == $argc } {
send_user "\nError: $usage"
}

# Only be quiet if we are running a script (it can log its output
# on its own)
if { $do_script } {
log_user 0
} else {
log_user 1
}

#
# Done configuration/variable setting. Now run with it...
#

# Sets Xterm title if interactive...if its an xterm and the user cares
proc label { host } {
global env
# if CLOGIN has an 'x' in it, don't set the xterm name/banner
if [info exists env(CLOGIN)] {
if {[string first "x" $env(CLOGIN)] != -1} { return }
}
# take host from ENV(TERM)
if [info exists env(TERM)] {
if [regexp \^(xterm|vs) $env(TERM) ignore ] {
send_user "\033]1;[lindex [split $host "."] 0]\a"
send_user "\033]2;$host\a"
}
}
}

# This is a helper function to make the password file easier to
# maintain. Using this the password file has the form:
# add password sl* pete cow
# add password at* steve
# add password * hanky-pie
proc add {var args} { global int_$var ; lappend int_$var $args}
proc include {args} {
global env
regsub -all "(^{|}$)" $args {} args
if { [ regexp "^/" $args ignore ] == 0 } {
set args $env(HOME)/$args
}
source_password_file $args
}

proc find {var router} {
upvar int_$var list
if { [info exists list] } {
foreach line $list {
if { [string match [lindex $line 0] $router ] } {
return [lrange $line 1 end]
}
}
}
return {}
}

# Loads the password file. Note that as this file is tcl, and that
# it is sourced, the user better know what to put in there, as it
# could install more than just password info... I will assume however,
# that a "bad guy" could just as easy put such code in the clogin
# script, so I will leave .cloginrc as just an extention of that script
proc source_password_file { password_file } {
global env
if { ! [file exists $password_file] } {
send_user "\nError: password file ($password_file) does not exist\n"
exit 1
}
file stat $password_file fileinfo
if { [expr ($fileinfo(mode) & 007)] != 0000 } {
send_user "\nError: $password_file must not be world readable/writable\n"
exit 1
}
if [ catch {source $password_file} reason ] {
send_user "\nError: $reason\n"
exit 1
}
}

# Log into the router.
proc login { router user userpswd passwd enapasswd prompt cmethod cyphertype } {
global spawn_id in_proc do_command do_script
global u_prompt p_prompt e_prompt
set in_proc 1

# try each of the connection methods in $cmethod until one is successful
set progs [llength $cmethod]
foreach prog [lrange $cmethod 0 end] {
if [string match "telnet*" $prog] {
regexp {telnet(:([^[:space:]]+))*} $prog command suffix port
if {"$port" == ""} {
set retval [ catch {spawn telnet $router} reason ]
} else {
set retval [ catch {spawn telnet $router $port} reason ]
}
if { $retval } {
send_user "\nError: telnet failed: $reason\n"
exit 1
}
} elseif ![string compare $prog "ssh"] {
if [. catch {spawn ssh -c $cyphertype -x -l $user $router} reason ] {
send_user "\nError: ssh failed: $reason\n"
exit 1
}
} elseif ![string compare $prog "rsh"] {
if [ catch {spawn rsh -l $user $router} reason ] {
send_user "\nError: rsh failed: $reason\n"
exit 1
}
} else {
puts "\nError: unknown connection method: $prog"
return 1
}
incr progs -1
sleep 0.3

# This helps cleanup each expect clause.
expect_after {
timeout {
send_user "\nError: TIMEOUT reached\n"
catch {close}; wait
if { $in_proc} {
return 1
} else {
continue
}
} eof {
send_user "\nError: EOF received\n"
catch {close}; wait
if { $in_proc} {
return 1
} else {
continue
}
}
}

# Here we get a little tricky. There are several possibilities:
# the router can ask for a username and passwd and then
# talk to the TACACS server to authenticate you, or if the
# TACACS server is not working, then it will use the enable
# passwd. Or, the router might not have TACACS turned on,
# then it will just send the passwd.
# if telnet fails with connection refused, try ssh
expect {
-re "(Connection refused|Secure connection \[^\n\r]+ refused|Connection closed by)" {
catch {close}; wait
if !$progs {
send_user "\nError: Connection Refused ($prog)\n"; return 1
}
} eof { send_user "\nError: Couldn't login\n"; wait; return 1
} -nocase "unknown host\r" {
catch {close};
send_user "\nError: Unknown host\n"; wait; return 1
} "Host is unreachable" {
catch {close};
send_user "\nError: Host Unreachable!\n"; wait; return 1
} "No address associated with name" {
catch {close};
send_user "\nError: Unknown host\n"; wait; return 1
}
-re "(Host key not found |The authenticity of host .* be established).*\(yes\/no\)\?" {
send "yes\r"
send_user "\nHost $router added to the list of known hosts.\n"
exp_continue }
-re "HOST IDENTIFICATION HAS CHANGED.* \(yes\/no\)\?" {
send "no\r"
send_user "\nError: The host key for $router has changed. Update the SSH known_hosts file accordingly.\n"
return 1 }
-re "Offending key for .* \(yes\/no\)\?" {
send "no\r"
send_user "\nError: host key mismatch for $router. Update the SSH known_hosts file accordingly.\n"
return 1 }
-re "$u_prompt" { send "$user\r"
expect {
eof { send_user "\nError: Couldn't login\n"; wait; return 1 }
"Login invalid" { send_user "\nError: Invalid login\n"; vatch {close}; wait; return 1 }
-re "$p_prompt" { send "$userpswd\r" }
"$prompt" { set in_proc 0; return 0 }
}
exp_continue
}
-re "$p_prompt" {
if ![string compare $prog "ssh"] {
send "$userpswd\r"
} else {
send "$passwd\r"
}
expect {
eof { send_user "\nError: Couldn't login\n"; wait; return 1 }
-re "$e_prompt" { send "$enapasswd\r" }
"$prompt" { set in_proc 0; return 0 }
}
exp_continue
}
"$prompt" { break; }
denied { send_user "\nError: Check your passwd for $router\n"
catch {close}; wait; return 1
}
"% Bad passwords" {send_user "\nError: Check your passwd for $router\n"; return 1 }
}
}
set in_proc 0
return 0
}

# Enable
proc do_enable { enauser enapasswd } {
global prompt in_proc
global u_prompt e_prompt
set in_proc 1

send "enable\r"
expect {
-re "$u_prompt" { send "$enauser\r"; exp_continue}
-re "$e_prompt" { send "$enapasswd\r"; exp_continue}
"#" { set prompt "#" }
"(enable)" { set prompt "> (enable) " }
denied { send_user "\nError: Check your Enable passwd\n"; return 1}
"% Bad passwords" { send_user "\nError: Check your Enable passwd\n"
return 1
}
}
# We set the prompt variable (above) so script files don't need
# to know what it is.
set in_proc 0
return 0
}

# Run commands given on the command line.
proc run_commands { prompt command } {
global in_proc
set in_proc 1

send "more off\r"

expect $prompt {}

regsub -all "\[)(]" $prompt {\\&} reprompt

# Is this a multi-command?
if [ string match "*\;*" "$command" ] {
set commands [split $command \;]
set num_commands [llength $commands]

for {set i 0} {$i < $num_commands} { incr i} {
send "[subst -nocommands [lindex $commands $i]]\r"
expect {
-re "^\[^\n\r *]*$reprompt" {}
-re "^\[^\n\r]*$reprompt." { exp_continue }
-re "\[\n\r]" { exp_continue }
}
}
} else {
send "[subst -nocommands $command]\r"
expect {
-re "^\[^\n\r *]*$reprompt" {}
-re "^\[^\n\r]*$reprompt." { exp_continue }
-re "\[\n\r]" { exp_continue }
}
}
send "logout\r"
expect {
"\n" { exp_continue }
timeout { return 0 }
eof { return 0 }
}
set in_proc 0
}

#
# For each router... (this is main loop)
#
source_password_file $password_file
set in_proc 0
foreach router [lrange $argv $i end] {
set router [string tolower $router]
send_user "$router\n"

# Figure out prompt.
# Since autoenable is off by default, if we have it defined, it
# was done on the command line. If it is not specifically set on the
# command line, check the password file.
if $autoenable {
set prompt "#"
} else {
set ae [find autoenable $router]
if { "$ae" == "1" } {
set autoenable 1
set enable 0
set prompt "#"
} else {
set autoenable 0
set prompt ">"
}
}

# look for noenable option in .cloginrc
if { [find noenable $router] != "" } {
set enable 0
}

# Figure out passwords
if { $do_passwd || $do_enapasswd } {
set pswd [find password $router]
if { [llength $pswd] == 0 } {
send_user "Error - no password for $router in $password_file.\n"
continue
}
if { $do_enapasswd && $autoenable == 0 && [llength $pswd] < 2 } {
send_user "Error - no enable password for $router in $password_file.\n"
continue
}
set passwd [lindex $pswd 0]
set enapasswd [lindex $pswd 1]
}

# Figure out username
if {[info exists username]} {
# command line username
set ruser $username
} else {
set ruser [find user $router]
if { "$ruser" == "" } { set ruser $default_user }
}

# Figure out username's password (if different from the vty password)
if {[info exists userpasswd]} {
# command line username
set userpswd $userpasswd
} else {
set userpswd [find userpassword $router]
if { "$userpswd" == "" } { set userpswd $passwd }
}

# Figure out enable username
if {[info exists enausername]} {
# command line enausername
set enauser $enausername
} else {
set enauser [find enauser $router]
if { "$enauser" == "" } { set enauser $ruser }
}

# Figure out prompts
set u_prompt [find userprompt $router]
if { "$u_prompt" == "" } { set u_prompt "(Username|login|user name):" }
set p_prompt [find passprompt $router]
if { "$p_prompt" == "" } { set p_prompt "(\[Pp]assword|passwd):" }
set e_prompt [find enableprompt $router]
if { "$e_prompt" == "" } { set e_prompt "\[Pp]assword:" }

# Figure out cypher type
if {[info exists cypher]} {
# command line cypher type
set cyphertype $cypher
} else {
set cyphertype [find cyphertype $router]
if { "$cyphertype" == "" } { set cyphertype "3des" }
}

# Figure out connection method
set cmethod [find method $router]
if { "$cmethod" == "" } { set cmethod {{telnet}} }

# Login to the router
if {[login $router $ruser $userpswd $passwd $enapasswd $prompt $cmethod $cyphertype]} {
continue
}
if { $enable } {
if {[do_enable $enauser $enapasswd]} {
if { $do_command || $do_script } {
close; wait
continue
}
}
}

if { $do_command } {
if {[run_commands $prompt $command]} {
continue
}
} elseif { $do_script } {
send "more off\r"
expect $prompt {}
source $sfile
close
} else {
label $router
log_user 1
interact
}

# End of for each router
wait
sleep 0.3
}
exit 0

Tue, Apr 30, 2002 at 10:12:34PM +0000, john heasley:
> Tue, Apr 30, 2002 at 12:42:01PM -0700, Fergus Roche:
> > I'm having problems logging into a Nortel (Accelar 1200) - blogin hangs
> > and times out. I have had the same problem with 2.2b8 and 2.2 on 2
> > different machines. I am using expect-5.32.2-65, tcl/tk-8.3.3-65 on
> > RH7.2 (2.4.9-31), but have also tried expect-5.24 on mandrake
> > (2.2.14-15)
> > I have tried various combinations of entries in .cloginrc, but always
> > with the same result. Any help would be much appreciated.
>
> please try attached. set for rancid-2.2.1 maint rel RSN.

actually, scratch that comment. you probably want this version; but,
i think the problem is really the case of "Login". the user prompt
its looking for is the regex "(Username|login|user name):". if you
add to .cloginrc:

add userprompt bay-nr1 {Login:}

i think this will work.

i'm interested to know if the case has changed or if we've made a mistake
somewhere along the line and inadvertently changed the regex.

> >
> >
> > $ bin/blogin bay-nr1
> > bay-nr1
> > spawn telnet bay-nr1
> > Trying 10.10.0.1...
> > Connected to bay-nr1
> > Escape character is '^]'.
> >
> > ********************************
> > * Bay Networks,Inc. *
> > * Copyright (c) 1996-1999 *
> > * All Rights Reserved *
> > * Accelar 1200 *
> > * Software Release 2.0.5.7 *
> > ********************************
> >
> > Login:
> > Error: TIMEOUT reached
> >
> >
> > $ cat .cloginrc
> > add user bay-nr1 readwrite
> > add password bay-nr1 {password} I noted Mark Cooper's patch of 11/23/01,
> > but that appears to have been included in the 2.2 release.
> >
> >
> > $ cat router.db
> > bay-nr1:baynet:up
> >
> >
> >
> > Thanks,
> > Fergus Roche
> > Loudeye Technologies

> #!@EXPECT_PATH@ --
> ##
> ##
> ## Copyright (C) 1997-2001 by Henry Kilmer, Erik Sherk and Pete Whiting.
> ## All rights reserved.
> ##
> ## This software may be freely copied, modified and redistributed without
> ## fee for non-commerical purposes provided that this copyright notice is
> ## preserved intact on all copies and modified copies.
> ##
> ## There is no warranty or other guarantee of fitness of this software.
> ## It is provided solely "as is". The author(s) disclaim(s) all
> ## responsibility and liability with respect to this software's usage
> ## or its effect upon hardware, computer systems, other software, or
> ## anything else.
> ##
> ##
> #
> # blogin - Bay Networks(Nortel) login
> #
> # Unlike the Cisco's, there is no enable function on the Bay's.
> # Instead there are seperate User and Manager accounts. A 'system' command
> # exists, which i am told does nothing.
> #
>
> # Usage line
> set usage "Usage: $argv0 \[-autoenable\] \[-noenable\] \[-c command\] \
> \[-Evar=x\] \[-e enable-password\] \[-f cloginrc-file\] \[-p user-password\] \
> \[-s script-file\] \[-t timeout\] \[-u username\] \
> \[-v vty-password\] \[-w enable-username\] \[-x command-file\] \
> \[-y ssh_cypher_type\] router \[router...\]\n"
>
> # env(CLOGIN) may contain:
> # x == do not set xterm banner or name
>
> # Password file
> set password_file $env(HOME)/.cloginrc
> # Default is to login to the router
> set do_command 0
> set do_script 0
> # The default is to automatically enable
> set enable 0
> # The default is that you login non-enabled (tacacs can have you login already enabled)
> set autoenable 0
> # The default is to look in the password file to find the passwords. This
> # tracks if we receive them on the command line.
> set do_passwd 1
> set do_enapasswd 0
>
> # Find the user in the ENV, or use the unix userid.
> if {[ info exists env(CISCO_USER) ] } {
> set default_user $env(CISCO_USER)
> } elseif {[ info exists env(USER) ]} {
> set default_user $env(USER)
> } else {
> # This uses "id" which I think is portable. At least it has existed
> # (without options) on all machines/OSes I've been on recently -
> # unlike whoami or id -nu.
> if [ catch {exec id} reason ] {
> send_error "\nError: could not exec id: $reason\n"
> exit 1
> }
> regexp {\(([^)]*)} "$reason" junk default_user
> }
>
> # Sometimes routers take awhile to answer (the default is 10 sec)
> set timeout 45
>
> # Process the command line
> for {set i 0} {$i < $argc} {incr i} {
> set arg [lindex $argv $i]
>
> switch -glob -- $arg {
> # Username
> -u* -
> -U* {
> if {! [ regexp .\[uU\](.+) $arg ignore user]} {
> incr i
> set username [ lindex $argv $i ]
> }
> # VTY Password
> } -p* -
> -P* {
> if {! [ regexp .\[pP\](.+) $arg ignore userpasswd]} {
> incr i
> set userpasswd [ lindex $argv $i ]
> }
> set do_passwd 0
> # VTY Password
> } -v* -
> -v* {
> if {! [ regexp .\[vV\](.+) $arg ignore passwd]} {
> incr i
> set passwd [ lindex $argv $i ]
> }
> set do_passwd 0
> # Enable Username
> } -w* -
> -W* {
> if {! [ regexp .\[wW\](.+) $arg ignore enauser]} {
> incr i
> set enausername [ lindex $argv $i ]
> }
> # Environment variable to pass to -s scripts
> } -E*
> {
> if {[ regexp .\[E\](.+)=(.+) $arg ignore varname varvalue]} {
> set E$varname $varvalue
> } else {
> send_user "Error: invalid format for -E in $arg\n"
> exit 1
> }
> # Enable Password
> } -e*
> {
> if {! [ regexp .\[eE\](.+) $arg ignore enapasswd]} {
> incr i
> set enapasswd [ lindex $argv $i ]
> }
> set do_enapasswd 0
> # Command to run.
> } -c* -
> -C* {
> if {! [ regexp .\[cC\](.+) $arg ignore command]} {
> incr i
> set command [ lindex $argv $i ]
> }
> set do_command 1
> # Expect script to run.
> } -s* -
> -S* {
> if {! [ regexp .\[sS\](.+) $arg ignore sfile]} {
> incr i
> set sfile [ lindex $argv $i ]
> }
> if { ! [ file readable $sfile ] } {
> send_user "\nError: Can't read $sfile\n"
> exit 1
> }
> set do_script 1
> # 'ssh -c' cypher type
> } -y* -
> -Y* {
> if {! [ regexp .\[eE\](.+) $arg ignore cypher]} {
> incr i
> set cypher [ lindex $argv $i ]
> }
> # alternate cloginrc file
> } -f* -
> -F* {
> if {! [ regexp .\[fF\](.+) $arg ignore password_file]} {
> incr i
> set password_file [ lindex $argv $i ]
> }
> # Timeout
> } -t* -
> -T* {
> if {! [ regexp .\[tT\](.+) $arg ignore timeout]} {
> incr i
> set timeout [ lindex $argv $i ]
> }
> # Command file
> } -x* -
> -X {
> if {! [ regexp .\[xX\](.+) $arg ignore cmd_file]} {
> incr i
> set cmd_file [ lindex $argv $i ]
> }
> set cmd_fd [open $cmd_file r]
> set cmd_text [read $cmd_fd]
> close $cmd_fd
> set command [join [split $cmd_text \n] \;]
> set do_command 1
> # Do we enable?
> } -noenable {
> set enable 0
> # Does tacacs automatically enable us?
> } -autoenable {
> set autoenable 1
> set enable 0
> } -* {
> send_user "\nError: Unknown argument! $arg\n"
> send_user $usage
> exit 1
> } default {
> break
> }
> }
> }
> # Process routers...no routers listed is an error.
> if { $i == $argc } {
> send_user "\nError: $usage"
> }
>
> # Only be quiet if we are running a script (it can log its output
> # on its own)
> if { $do_script } {
> log_user 0
> } else {
> log_user 1
> }
>
> #
> # Done configuration/variable setting. Now run with it...
> #
>
> # Sets Xterm title if interactive...if its an xterm and the user cares
> proc label { host } {
> global env
> # if CLOGIN has an 'x' in it, don't set the xterm name/banner
> if [info exists env(CLOGIN)] {
> if {[string first "x" $env(CLOGIN)] != -1} { return }
> }
> # take host from ENV(TERM)
> if [info exists env(TERM)] {
> if [regexp \^(xterm|vs) $env(TERM) ignore ] {
> send_user "\033]1;[lindex [split $host "."] 0]\a"
> send_user "\033]2;$host\a"
> }
> }
> }
>
> # This is a helper function to make the password file easier to
> # maintain. Using this the password file has the form:
> # add password sl* pete cow
> # add password at* steve
> # add password * hanky-pie
> proc add {var args} { global int_$var ; lappend int_$var $args}
> proc include {args} {
> global env
> regsub -all "(^{|}$)" $args {} args
> if { [ regexp "^/" $args ignore ] == 0 } {
> set args $env(HOME)/$args
> }
> source_password_file $args
> }
>
> proc find {var router} {
> upvar int_$var list
> if { [info exists list] } {
> foreach line $list {
> if { [string match [lindex $line 0] $router ] } {
> return [lrange $line 1 end]
> }
> }
> }
> return {}
> }
>
> # Loads the password file. Note that as this file is tcl, and that
> # it is sourced, the user better know what to put in there, as it
> # could install more than just password info... I will assume however,
> # that a "bad guy" could just as easy put such code in the clogin
> # script, so I will leave .cloginrc as just an extention of that script
> proc source_password_file { password_file } {
> global env
> if { ! [file exists $password_file] } {
> send_user "\nError: password file ($password_file) does not exist\n"
> exit 1
> }
> file stat $password_file fileinfo
> if { [expr ($fileinfo(mode) & 007)] != 0000 } {
> send_user "\nError: $password_file must not be world readable/writable\n"
> exit 1
> }
> if [ catch {source $password_file} reason ] {
> send_user "\nError: $reason\n"
> exit 1
> }
> }
>
> # Log into the router.
> proc login { router user userpswd passwd enapasswd prompt cmethod cyphertype } {
> global spawn_id in_proc do_command do_script
> global u_prompt p_prompt e_prompt
> set in_proc 1
>
> # try each of the connection methods in $cmethod until one is successful
> set progs [llength $cmethod]
> foreach prog [lrange $cmethod 0 end] {
> if [string match "telnet*" $prog] {
> regexp {telnet(:([^[:space:]]+))*} $prog command suffix port
> if {"$port" == ""} {
> set retval [ catch {spawn telnet $router} reason ]
> } else {
> set retval [ catch {spawn telnet $router $port} reason ]
> }
> if { $retval } {
> send_user "\nError: telnet failed: $reason\n"
> exit 1
> }
> } elseif ![string compare $prog "ssh"] {
> if [. catch {spawn ssh -c $cyphertype -x -l $user $router} reason ] {
> send_user "\nError: ssh failed: $reason\n"
> exit 1
> }
> } elseif ![string compare $prog "rsh"] {
> if [ catch {spawn rsh -l $user $router} reason ] {
> send_user "\nError: rsh failed: $reason\n"
> exit 1
> }
> } else {
> puts "\nError: unknown connection method: $prog"
> return 1
> }
> incr progs -1
> sleep 0.3
>
> # This helps cleanup each expect clause.
> expect_after {
> timeout {
> send_user "\nError: TIMEOUT reached\n"
> catch {close}; wait
> if { $in_proc} {
> return 1
> } else {
> continue
> }
> } eof {
> send_user "\nError: EOF received\n"
> catch {close}; wait
> if { $in_proc} {
> return 1
> } else {
> continue
> }
> }
> }
>
> # Here we get a little tricky. There are several possibilities:
> # the router can ask for a username and passwd and then
> # talk to the TACACS server to authenticate you, or if the
> # TACACS server is not working, then it will use the enable
> # passwd. Or, the router might not have TACACS turned on,
> # then it will just send the passwd.
> # if telnet fails with connection refused, try ssh
> expect {
> -re "(Connection refused|Secure connection \[^\n\r]+ refused|Connection closed by)" {
> catch {close}; wait
> if !$progs {
> send_user "\nError: Connection Refused ($prog)\n"; return 1
> }
> } eof { send_user "\nError: Couldn't login\n"; wait; return 1
> } -nocase "unknown host\r" {
> catch {close};
> send_user "\nError: Unknown host\n"; wait; return 1
> } "Host is unreachable" {
> catch {close};
> send_user "\nError: Host Unreachable!\n"; wait; return 1
> } "No address associated with name" {
> catch {close};
> send_user "\nError: Unknown host\n"; wait; return 1
> }
> -re "(Host key not found |The authenticity of host .* be established).*\(yes\/no\)\?" {
> send "yes\r"
> send_user "\nHost $router added to the list of known hosts.\n"
> exp_continue }
> -re "HOST IDENTIFICATION HAS CHANGED.* \(yes\/no\)\?" {
> send "no\r"
> send_user "\nError: The host key for $router has changed. Update the SSH known_hosts file accordingly.\n"
> return 1 }
> -re "Offending key for .* \(yes\/no\)\?" {
> send "no\r"
> send_user "\nError: host key mismatch for $router. Update the SSH known_hosts file accordingly.\n"
> return 1 }
> -re "$u_prompt" { send "$user\r"
> expect {
> eof { send_user "\nError: Couldn't login\n"; wait; return 1 }
> "Login invalid" { send_user "\nError: Invalid login\n"; vatch {close}; wait; return 1 }
> -re "$p_prompt" { send "$userpswd\r" }
> "$prompt" { set in_proc 0; return 0 }
> }
> exp_continue
> }
> -re "$p_prompt" {
> if ![string compare $prog "ssh"] {
> send "$userpswd\r"
> } else {
> send "$passwd\r"
> }
> expect {
> eof { send_user "\nError: Couldn't login\n"; wait; return 1 }
> -re "$e_prompt" { send "$enapasswd\r" }
> "$prompt" { set in_proc 0; return 0 }
> }
> exp_continue
> }
> "$prompt" { break; }
> denied { send_user "\nError: Check your passwd for $router\n"
> catch {close}; wait; return 1
> }
> "% Bad passwords" {send_user "\nError: Check your passwd for $router\n"; return 1 }
> }
> }
> set in_proc 0
> return 0
> }
>
> # Enable
> proc do_enable { enauser enapasswd } {
> global prompt in_proc
> global u_prompt e_prompt
> set in_proc 1
>
> send "enable\r"
> expect {
> -re "$u_prompt" { send "$enauser\r"; exp_continue}
> -re "$e_prompt" { send "$enapasswd\r"; exp_continue}
> "#" { set prompt "#" }
> "(enable)" { set prompt "> (enable) " }
> denied { send_user "\nError: Check your Enable passwd\n"; return 1}
> "% Bad passwords" { send_user "\nError: Check your Enable passwd\n"
> return 1
> }
> }
> # We set the prompt variable (above) so script files don't need
> # to know what it is.
> set in_proc 0
> return 0
> }
>
> # Run commands given on the command line.
> proc run_commands { prompt command } {
> global in_proc
> set in_proc 1
>
> send "more off\r"
>
> expect $prompt {}
>
> regsub -all "\[)(]" $prompt {\\&} reprompt
>
> # Is this a multi-command?
> if [ string match "*\;*" "$command" ] {
> set commands [split $command \;]
> set num_commands [llength $commands]
>
> for {set i 0} {$i < $num_commands} { incr i} {
> send "[subst -nocommands [lindex $commands $i]]\r"
> expect {
> -re "^\[^\n\r *]*$reprompt" {}
> -re "^\[^\n\r]*$reprompt." { exp_continue }
> -re "\[\n\r]" { exp_continue }
> }
> }
> } else {
> send "[subst -nocommands $command]\r"
> expect {
> -re "^\[^\n\r *]*$reprompt" {}
> -re "^\[^\n\r]*$reprompt." { exp_continue }
> -re "\[\n\r]" { exp_continue }
> }
> }
> send "logout\r"
> expect {
> "\n" { exp_continue }
> timeout { return 0 }
> eof { return 0 }
> }
> set in_proc 0
> }
>
> #
> # For each router... (this is main loop)
> #
> source_password_file $password_file
> set in_proc 0
> foreach router [lrange $argv $i end] {
> set router [string tolower $router]
> send_user "$router\n"
>
> # Figure out prompt.
> # Since autoenable is off by default, if we have it defined, it
> # was done on the command line. If it is not specifically set on the
> # command line, check the password file.
> if $autoenable {
> set prompt "#"
> } else {
> set ae [find autoenable $router]
> if { "$ae" == "1" } {
> set autoenable 1
> set enable 0
> set prompt "#"
> } else {
> set autoenable 0
> set prompt ">"
> }
> }
>
> # look for noenable option in .cloginrc
> if { [find noenable $router] != "" } {
> set enable 0
> }
>
> # Figure out passwords
> if { $do_passwd || $do_enapasswd } {
> set pswd [find password $router]
> if { [llength $pswd] == 0 } {
> send_user "Error - no password for $router in $password_file.\n"
> continue
> }
> if { $do_enapasswd && $autoenable == 0 && [llength $pswd] < 2 } {
> send_user "Error - no enable password for $router in $password_file.\n"
> continue
> }
> set passwd [lindex $pswd 0]
> set enapasswd [lindex $pswd 1]
> }
>
> # Figure out username
> if {[info exists username]} {
> # command line username
> set ruser $username
> } else {
> set ruser [find user $router]
> if { "$ruser" == "" } { set ruser $default_user }
> }
>
> # Figure out username's password (if different from the vty password)
> if {[info exists userpasswd]} {
> # command line username
> set userpswd $userpasswd
> } else {
> set userpswd [find userpassword $router]
> if { "$userpswd" == "" } { set userpswd $passwd }
> }
>
> # Figure out enable username
> if {[info exists enausername]} {
> # command line enausername
> set enauser $enausername
> } else {
> set enauser [find enauser $router]
> if { "$enauser" == "" } { set enauser $ruser }
> }
>
> # Figure out prompts
> set u_prompt [find userprompt $router]
> if { "$u_prompt" == "" } { set u_prompt "(Username|login|user name):" }
> set p_prompt [find passprompt $router]
> if { "$p_prompt" == "" } { set p_prompt "(\[Pp]assword|passwd):" }
> set e_prompt [find enableprompt $router]
> if { "$e_prompt" == "" } { set e_prompt "\[Pp]assword:" }
>
> # Figure out cypher type
> if {[info exists cypher]} {
> # command line cypher type
> set cyphertype $cypher
> } else {
> set cyphertype [find cyphertype $router]
> if { "$cyphertype" == "" } { set cyphertype "3des" }
> }
>
> # Figure out connection method
> set cmethod [find method $router]
> if { "$cmethod" == "" } { set cmethod {{telnet}} }
>
> # Login to the router
> if {[login $router $ruser $userpswd $passwd $enapasswd $prompt $cmethod $cyphertype]} {
> continue
> }
> if { $enable } {
> if {[do_enable $enauser $enapasswd]} {
> if { $do_command || $do_script } {
> close; wait
> continue
> }
> }
> }
>
> if { $do_command } {
> if {[run_commands $prompt $command]} {
> continue
> }
> } elseif { $do_script } {
> send "more off\r"
> expect $prompt {}
> source $sfile
> close
> } else {
> label $router
> log_user 1
> interact
> }
>
> # End of for each router
> wait
> sleep 0.3
> }
> exit 0

On Tue, 2002-04-30 at 15:18, john heasley wrote:
> Tue, Apr 30, 2002 at 10:12:34PM +0000, john heasley:
> >
> > please try attached. set for rancid-2.2.1 maint rel RSN.
>
> actually, scratch that comment. you probably want this version; but,
> i think the problem is really the case of "Login". the user prompt
> its looking for is the regex "(Username|login|user name):". if you
> add to .cloginrc:
>
> add userprompt bay-nr1 {Login:}
>
> i think this will work.
>
> i'm interested to know if the case has changed or if we've made a mistake
> somewhere along the line and inadvertently changed the regex.
>

Arrgh..Thanks for the help.I was using add userprompt bay-nr1 {"Login:"}
{Login:} works. I also had to add autoenable bay-nr1 1
Once logged in, the older software version on my Accelar does not
support most of the commands used in blogin and brancid - I substituted
send "config cli more false\r" for send "more off\r" in blogin, and in
brancid, bcc is not available and "show config -all" becomes "show
config verbose"
Unfortunately my troubles do not end there and I am experiencing the
premature session termination described by Andrew Partan on
Tue, 12 Mar 2002. The .raw file produced by brancid -d shows the output
being terminated within 10-20 lines of where it should end. If there is
a solution for this I'd love to hear about it.

Thanks again,

Fergus Roche
Loudeye Technlogies

I'd also be interested in knowing if anyone has gotten this to work on a
Nortel Passport (Accelar) 8600, with firmware 3.0.2. I can use blogin to
run commands, but even after updating brancid to use the correct commands
to turn off cli paging and to dump the config, I don't seem to be able to
retrieve the config automatically.

--
Andrew Reynolds, CCNA
Senior Network Analyst
Nova Scotia Power
andrew.reynolds at nspower.ca
(902)428-6508





I'm having problems logging into a Nortel (Accelar 1200) - blogin hangs
and times out. I have had the same problem with 2.2b8 and 2.2 on 2
different machines. I am using expect-5.32.2-65, tcl/tk-8.3.3-65 on
RH7.2 (2.4.9-31), but have also tried expect-5.24 on mandrake
(2.2.14-15)
I have tried various combinations of entries in .cloginrc, but always
with the same result. Any help would be much appreciated.





Thanks,
Fergus Roche
Loudeye Technologies

Wed, May 01, 2002 at 09:13:04AM -0700, Fergus Roche:
>
> On Tue, 2002-04-30 at 15:18, john heasley wrote:
> > Tue, Apr 30, 2002 at 10:12:34PM +0000, john heasley:
> > >
> > > please try attached. set for rancid-2.2.1 maint rel RSN.
> >
> > actually, scratch that comment. you probably want this version; but,
> > i think the problem is really the case of "Login". the user prompt
> > its looking for is the regex "(Username|login|user name):". if you
> > add to .cloginrc:
> >
> > add userprompt bay-nr1 {Login:}
> >
> > i think this will work.
> >
> > i'm interested to know if the case has changed or if we've made a mistake
> > somewhere along the line and inadvertently changed the regex.
> >
>
> Arrgh..Thanks for the help.I was using add userprompt bay-nr1 {"Login:"}
> {Login:} works. I also had to add autoenable bay-nr1 1
> Once logged in, the older software version on my Accelar does not
> support most of the commands used in blogin and brancid - I substituted
> send "config cli more false\r" for send "more off\r" in blogin, and in
> brancid, bcc is not available and "show config -all" becomes "show
> config verbose"
> Unfortunately my troubles do not end there and I am experiencing the
> premature session termination described by Andrew Partan on
> Tue, 12 Mar 2002. The .raw file produced by brancid -d shows the output
> being terminated within 10-20 lines of where it should end. If there is
> a solution for this I'd love to hear about it.

afraid i can't find the discussion you mention. can you provide an
example collection from the router? like
setenv NOPIPE=YES
brancid -d router
there should be a router.raw file left behind.

> Thanks again,
>
> Fergus Roche
> Loudeye Technlogies
>
>

Wed, May 01, 2002 at 03:30:23PM -0300, andrew.reynolds at nspower.ca:
>
> I'd also be interested in knowing if anyone has gotten this to work on a
> Nortel Passport (Accelar) 8600, with firmware 3.0.2. I can use blogin to
> run commands, but even after updating brancid to use the correct commands
> to turn off cli paging and to dump the config, I don't seem to be able to
> retrieve the config automatically.

are these differences between the platforms or just the newer software?
brancid currently runs

'bcc' => "RunCommand",
'show config' => "ShowConfig",
'show config -all' => "ShowConfig",

what are the new equivalents? does the bay produce a consistent error
for unknown commands like the cisco's "Invalid input detected" such
that we could send both sets of commands?

does blogin -c 'bcc;show config;show config -all' router work? where
does it fail?

> --
> Andrew Reynolds, CCNA
> Senior Network Analyst
> Nova Scotia Power
> andrew.reynolds at nspower.ca
> (902)428-6508
>
>
>
>
>
> I'm having problems logging into a Nortel (Accelar 1200) - blogin hangs
> and times out. I have had the same problem with 2.2b8 and 2.2 on 2
> different machines. I am using expect-5.32.2-65, tcl/tk-8.3.3-65 on
> RH7.2 (2.4.9-31), but have also tried expect-5.24 on mandrake
> (2.2.14-15)
> I have tried various combinations of entries in .cloginrc, but always
> with the same result. Any help would be much appreciated.
>
>
>
>
>
> Thanks,
> Fergus Roche
> Loudeye Technologies
>
>

On Thu, 2002-05-02 at 14:54, john heasley wrote:

>
> afraid i can't find the discussion you mention. can you provide an
> example collection from the router? like
> setenv NOPIPE=YES
> brancid -d router
> there should be a router.raw file left behind.
>

Using these commands in brancid:

%commands=(
'show config' => "ShowConfig",
'show config verbose' => "ShowConfig",
'exit' => "RunCommand"


$ brancid -d bay-nr1
executing blogin -t 90 -c"show config;show config verbose;exit" bay-nr1
bay-nr1: missed cmd(s): show config,show config verbose,exit
bay-nr1: missed cmd(s): show config,show config verbose,exit
bay-nr1: End of run not found
bay-nr1: End of run not found
!
$


The .raw file contains the full output of show config and show config
verbose, but ends approximately 22 lines prematurely:

$ tail -20 bay-nr1.raw
default-supply disable
listen enable
poison disable
supply enable
trigger disable
back
traffic-filter
back
back
stg 1
faststart disable
pathcost 10
priority 128
stp enable
back
unknown-mac-discard
activation disable
autolearn disable

Connection closed by foreign host.
$


$ cat bay-nr1.new
!RANCID-CONTENT-TYPE: bay
!
$

Let me know if you need the whole .raw file, just the last part seemed
relevant.
The discussion I was referring to goes as follows:


Date: Tue, 12 Mar 2002 15:57:13 -0500
From: Andrew Partan <asp@partan.com>
To: Robert Klingsten <bladex at engin.umich.edu>
Cc: rancid-discuss at shrubbery.net
Subject: Re: Newbie: Problems with Catalyst
On Tue, Mar 12, 2002 at 03:32:27PM -0500, Robert Klingsten wrote:
> ummu-cis6513-mr> (enable)Connection to ummu-cis6513-mr.ummu.umich.edu
>closed
> by remote host.
> Connection to ummu-cis6513-mr.ummu.umich.edu closed.

Looks like it could be another case of a router being too eager to
drop the tcp session and not echoing back the 'quit' rancid sends
it first.

Rancid sends a 'quit' and then the router should echo that back &
then close the tcp session (it should wait for the output to drain
before doing the final tcp close). Some routers have bugs and
don't do this.

I know we had to do a fair amount of expect goo to work around this
for the extreme (in xrancid).
-asp

Thanks,

Fergus Roche

>Wed, May 01, 2002 at 03:30:23PM -0300, andrew.reynolds at nspower.ca:
>>
>> I'd also be interested in knowing if anyone has gotten this to work on a
>> Nortel Passport (Accelar) 8600, with firmware 3.0.2. I can use blogin to
>> run commands, but even after updating brancid to use the correct
commands
>> to turn off cli paging and to dump the config, I don't seem to be able
to
>> retrieve the config automatically.
>
>are these differences between the platforms or just the newer software?
>brancid currently runs
>
> 'bcc' => "RunCommand",
> 'show config' => "ShowConfig",
> 'show config -all' => "ShowConfig",
>
>what are the new equivalents? does the bay produce a consistent error
>for unknown commands like the cisco's "Invalid input detected" such
>that we could send both sets of commands?
>
>does blogin -c 'bcc;show config;show config -all' router work? where
>does it fail?

I had to modify brancid to

'show config' => "ShowConfig",
'show config verbose' => "ShowConfig",

In order to get it to sort of run. If I set NOPIP=YES, and run brancid -d
router, the .raw output file is complete, but the .new file only has the
following text:

!RANCID-CONTENT-TYPE: bay
!


--
Andrew Reynolds, CCNA
Senior Network Analyst
Nova Scotia Power
andrew.reynolds at nspower.ca
(902)428-6508

Thu, May 02, 2002 at 04:02:11PM -0700, Fergus Roche:
> On Thu, 2002-05-02 at 14:54, john heasley wrote:
>
> >
> > afraid i can't find the discussion you mention. can you provide an
> > example collection from the router? like
> > setenv NOPIPE=YES
> > brancid -d router
> > there should be a router.raw file left behind.
> >
>
> Using these commands in brancid:
>
> %commands=(
> 'show config' => "ShowConfig",
> 'show config verbose' => "ShowConfig",
> 'exit' => "RunCommand"
>
>
> $ brancid -d bay-nr1
> executing blogin -t 90 -c"show config;show config verbose;exit" bay-nr1
> bay-nr1: missed cmd(s): show config,show config verbose,exit
> bay-nr1: missed cmd(s): show config,show config verbose,exit
> bay-nr1: End of run not found
> bay-nr1: End of run not found
> !
> $
>
>
> The .raw file contains the full output of show config and show config
> verbose, but ends approximately 22 lines prematurely:
>
> $ tail -20 bay-nr1.raw
> default-supply disable
> listen enable
> poison disable
> supply enable
> trigger disable
> back
> traffic-filter
> back
> back
> stg 1
> faststart disable
> pathcost 10
> priority 128
> stp enable
> back
> unknown-mac-discard
> activation disable
> autolearn disable

hmm. how many lines were cut? blogin is just writting to stdout which
is redirected to this file. what i find odd is lack of an error, timeout
specifically.

could you telnet to the box, enter 'more off' (disable pager), then
'show config' and 'show config verbose', and finally exit. if it
doesnt truncate; please send the portion from 'autolearn' on to the
unix prompt.

> Connection closed by foreign host.
> $
>
>
> $ cat bay-nr1.new
> !RANCID-CONTENT-TYPE: bay
> !
> $
>
> Let me know if you need the whole .raw file, just the last part seemed
> relevant.
> The discussion I was referring to goes as follows:
>
>
> Date: Tue, 12 Mar 2002 15:57:13 -0500
> From: Andrew Partan <asp at partan.com>
> To: Robert Klingsten <bladex at engin.umich.edu>
> Cc: rancid-discuss at shrubbery.net
> Subject: Re: Newbie: Problems with Catalyst
> On Tue, Mar 12, 2002 at 03:32:27PM -0500, Robert Klingsten wrote:
> > ummu-cis6513-mr> (enable)Connection to ummu-cis6513-mr.ummu.umich.edu
> >closed
> > by remote host.
> > Connection to ummu-cis6513-mr.ummu.umich.edu closed.
>
> Looks like it could be another case of a router being too eager to
> drop the tcp session and not echoing back the 'quit' rancid sends
> it first.
>
> Rancid sends a 'quit' and then the router should echo that back &
> then close the tcp session (it should wait for the output to drain
> before doing the final tcp close). Some routers have bugs and
> don't do this.
>
> I know we had to do a fair amount of expect goo to work around this
> for the extreme (in xrancid).
> -asp
>
> Thanks,
>
> Fergus Roche
>
>
>

Thu, May 02, 2002 at 09:00:31PM -0300, andrew.reynolds at nspower.ca:
>
>
>
>
> >Wed, May 01, 2002 at 03:30:23PM -0300, andrew.reynolds at nspower.ca:
> >>
> >> I'd also be interested in knowing if anyone has gotten this to work on a
> >> Nortel Passport (Accelar) 8600, with firmware 3.0.2. I can use blogin to
> >> run commands, but even after updating brancid to use the correct
> commands
> >> to turn off cli paging and to dump the config, I don't seem to be able
> to
> >> retrieve the config automatically.
> >
> >are these differences between the platforms or just the newer software?
> >brancid currently runs
> >
> > 'bcc' => "RunCommand",
> > 'show config' => "ShowConfig",
> > 'show config -all' => "ShowConfig",
> >
> >what are the new equivalents? does the bay produce a consistent error
> >for unknown commands like the cisco's "Invalid input detected" such
> >that we could send both sets of commands?
> >
> >does blogin -c 'bcc;show config;show config -all' router work? where
> >does it fail?
>
> I had to modify brancid to
>
> 'show config' => "ShowConfig",
> 'show config verbose' => "ShowConfig",
>
> In order to get it to sort of run. If I set NOPIP=YES, and run brancid -d
> router, the .raw output file is complete, but the .new file only has the
> following text:
>
> !RANCID-CONTENT-TYPE: bay
> !

i'd guess that this is a login problem or that blogin is failing to
run the commands properly. try

blogin -c 'bcc;show config;show config verbose' router

it should run all three commands (whatever bcc is/does).

> > On Thu, 2002-05-02 at 14:54, john heasley wrote:
> >
> > >
> > > afraid i can't find the discussion you mention. can you provide an
> > > example collection from the router? like
> > > setenv NOPIPE=YES
> > > brancid -d router
> > > there should be a router.raw file left behind.
> > >
> >
> > Using these commands in brancid:
> >
> > %commands=(
> > 'show config' => "ShowConfig",
> > 'show config verbose' => "ShowConfig",
> > 'exit' => "RunCommand"
> >
> >
> > $ brancid -d bay-nr1
> > executing blogin -t 90 -c"show config;show config verbose;exit"
bay-nr1
> > bay-nr1: missed cmd(s): show config,show config verbose,exit
> > bay-nr1: missed cmd(s): show config,show config verbose,exit
> > bay-nr1: End of run not found
> > bay-nr1: End of run not found
> > !
> > $
> >
> >
> > The .raw file contains the full output of show config and show config
> > verbose, but ends approximately 22 lines prematurely:
> >
> > $ tail -20 bay-nr1.raw
> > default-supply disable
> > listen enable
> > poison disable
> > supply enable
> > trigger disable
> > back
> > traffic-filter
> > back
> > back
> > stg 1
> > faststart disable
> > pathcost 10
> > priority 128
> > stp enable
> > back
> > unknown-mac-discard
> > activation disable
> > autolearn disable
>
>hmm. how many lines were cut? blogin is just writting to stdout which
>is redirected to this file. what i find odd is lack of an error,
>timeout
>specifically.
>
>could you telnet to the box, enter 'more off' (disable pager), then
>'show config' and 'show config verbose', and finally exit. if it
>doesnt truncate; please send the portion from 'autolearn' on to the
>unix prompt.
>

It doesn't truncate when I log in and run the commands manually. Heres the
end part that is missed when using brancid.

autolearn disable
autolearn-mode one-shot
default-autolearn-monitor monitor
default-autolearn-priority high
lock-autolearn-mac disable
violation-downport disable
violation-logging enable
violation-sendtrap disable
back
back
ethernet 7/14
high-priority false
linktrap enable
lock false
state enable
auto-negotiate enable
perform-tagging disable
tagged-frames-discard disable
ip
proxy disable
arp-response enable
l3-igmp
last-memb-query-int 1

bay-nr1# exit
Connection closed by foreign host.
$

Fri, May 03, 2002 at 05:15:03PM -0700, Fergus Roche:
> > > On Thu, 2002-05-02 at 14:54, john heasley wrote:
> >hmm. how many lines were cut? blogin is just writting to stdout which
> >is redirected to this file. what i find odd is lack of an error,
> >timeout
> >specifically.
> >
> >could you telnet to the box, enter 'more off' (disable pager), then
> >'show config' and 'show config verbose', and finally exit. if it
> >doesnt truncate; please send the portion from 'autolearn' on to the
> >unix prompt.
> >
>
> It doesn't truncate when I log in and run the commands manually. Heres the
> end part that is missed when using brancid.
>
> autolearn disable
> autolearn-mode one-shot
> default-autolearn-monitor monitor
> default-autolearn-priority high
> lock-autolearn-mac disable
> violation-downport disable
> violation-logging enable
> violation-sendtrap disable
> back
> back
> ethernet 7/14
> high-priority false
> linktrap enable
> lock false
> state enable
> auto-negotiate enable
> perform-tagging disable
> tagged-frames-discard disable
> ip
> proxy disable
> arp-response enable
> l3-igmp
> last-memb-query-int 1
>
> bay-nr1# exit
> Connection closed by foreign host.
> $

something must be buggered in blogin's matching. please grab a local copy
of blogin, edit it; in 'proc run_commands' just before the line
send "more off\r"
add 'exp_internal 1; log_user 1;' then run blogin

blogin -c 'bcc;show config;show config verbose' >& log

and send the log file to me. if you can give me telnet access to the/a
box, that would be much easier.