Bug#849530: Rancid: clogin fails on fortigate devices with read-only users

2017-01-12 Thread Héctor Sánchez 
Hi Ronald,

Indeed, there wasn't a issue at all, thank you very much,.

Kind regards.

On 11 January 2017 at 22:44, Roland Rosenfeld  wrote:

> Hi Héctor!
>
> On Wed, 28 Dec 2016, Héctor Sánchez wrote:
>
> > Many thanks for the advise!, I'll try fnlogin then.
>
> Did this solve your issue, so we can close this bug report now?
>
> Greetings
> Roland
>
> > > > Package:rancid
> > > > Version:2.3.8-6
> > >
> > > > Clogin fails to connect to our fortigate devices (300D & 600D) using
> > > > read-only users, no issue using admin ones (except having to force an
> > > > specific cypher for newer fortigate firmware):
> > >
> > > Please try using fnlogin for Fortigate devices instead of clogin.
> > > This should work around your problems, since it is optimized for
> > > Fortigate.
> > >
> > > > root@rancid[PRO]:~# diff /usr/bin/clogin{,_bk}
> > > >
> > > > 788c788
> > > >
> > > > < set prompt "(\\$|>|#| \\(enable\\))"
> > > >
> > > > ---
> > > >
> > > > > set prompt "(>|#| \\(enable\\))"
> > >
> > > That's why you should use fnlogin:
> > >
> > > # FortiOS 2.x prompts can end in either '#' or '$'
> > > set prompt "\[#\\$] "
>



-- 

--
[image: Fon] 
Héctor Javier Sánchez Montes

Network Specialist
+34 912 91 76 83
Skype: hector.sanchez.fon
All information in this email is confidential

Bug#849530: Rancid: clogin fails on fortigate devices with read-only users

2017-01-11 Thread Roland Rosenfeld 
Hi Héctor!

On Wed, 28 Dec 2016, Héctor Sánchez wrote:

> Many thanks for the advise!, I'll try fnlogin then.

Did this solve your issue, so we can close this bug report now?

Greetings
Roland

> > > Package:rancid
> > > Version:2.3.8-6
> >
> > > Clogin fails to connect to our fortigate devices (300D & 600D) using
> > > read-only users, no issue using admin ones (except having to force an
> > > specific cypher for newer fortigate firmware):
> >
> > Please try using fnlogin for Fortigate devices instead of clogin.
> > This should work around your problems, since it is optimized for
> > Fortigate.
> >
> > > root@rancid[PRO]:~# diff /usr/bin/clogin{,_bk}
> > >
> > > 788c788
> > >
> > > < set prompt "(\\$|>|#| \\(enable\\))"
> > >
> > > ---
> > >
> > > > set prompt "(>|#| \\(enable\\))"
> >
> > That's why you should use fnlogin:
> >
> > # FortiOS 2.x prompts can end in either '#' or '$'
> > set prompt "\[#\\$] "

Bug#849530: Rancid: clogin fails on fortigate devices with read-only users

2016-12-28 Thread Héctor Sánchez 
Hi Roland,

Many thanks for the advise!, I'll try fnlogin then.

Kind regards.

On 28 December 2016 at 10:24, Roland Rosenfeld  wrote:

> Hi Héctor!
>
> On Wed, 28 Dec 2016, Héctor Sánchez wrote:
>
> > Package:rancid
> > Version:2.3.8-6
>
> > Clogin fails to connect to our fortigate devices (300D & 600D) using
> > read-only users, no issue using admin ones (except having to force an
> > specific cypher for newer fortigate firmware):
>
> Please try using fnlogin for Fortigate devices instead of clogin.
> This should work around your problems, since it is optimized for
> Fortigate.
>
> > root@rancid[PRO]:~# diff /usr/bin/clogin{,_bk}
> >
> > 788c788
> >
> > < set prompt "(\\$|>|#| \\(enable\\))"
> >
> > ---
> >
> > > set prompt "(>|#| \\(enable\\))"
>
> That's why you should use fnlogin:
>
> # FortiOS 2.x prompts can end in either '#' or '$'
> set prompt "\[#\\$] "
>
> Greetings
>
> Roland
>



-- 

--
[image: Fon] 
Héctor Javier Sánchez Montes

Network Specialist
+34 912 91 76 83
Skype: hector.sanchez.fon
All information in this email is confidential

Bug#849530: Rancid: clogin fails on fortigate devices with read-only users

2016-12-28 Thread Roland Rosenfeld 
Hi Héctor!

On Wed, 28 Dec 2016, Héctor Sánchez wrote:

> Package:rancid
> Version:2.3.8-6

> Clogin fails to connect to our fortigate devices (300D & 600D) using
> read-only users, no issue using admin ones (except having to force an
> specific cypher for newer fortigate firmware):

Please try using fnlogin for Fortigate devices instead of clogin.
This should work around your problems, since it is optimized for
Fortigate.

> root@rancid[PRO]:~# diff /usr/bin/clogin{,_bk}
> 
> 788c788
> 
> < set prompt "(\\$|>|#| \\(enable\\))"
> 
> ---
> 
> > set prompt "(>|#| \\(enable\\))"

That's why you should use fnlogin:

# FortiOS 2.x prompts can end in either '#' or '$'
set prompt "\[#\\$] "

Greetings

Roland

Bug#849530: Rancid: clogin fails on fortigate devices with read-only users

2016-12-28 Thread Héctor Sánchez 
Package:rancid
Version:2.3.8-6

Hi,

Clogin fails to connect to our fortigate devices (300D & 600D) using
read-only users, no issue using admin ones (except having to force an
specific cypher for newer fortigate firmware):

root@rancid[PRO]:~# /usr/bin/clogin_bk fortigate1

fortigate1

spawn ssh -c aes128-ctr -x -l rancid fortigate1

rancid@fortigate1's password:

fortigate1 $

Error: TIMEOUT reached

root@rancid[PRO]:~# /usr/bin/clogin fortigate1

fortigate1

spawn ssh -c aes128-ctr -x -l rancid fortigate1

rancid@fortigate1's password:

fortigate1 $

fortigate1 $

fortigate1 $

fortigate1 $ exit

Connection to fortigate1 closed.

root@rancid[PRO]:~# diff /usr/bin/clogin{,_bk}

788c788

< set prompt "(\\$|>|#| \\(enable\\))"

---

> set prompt "(>|#| \\(enable\\))"

root@tacacs[PRO]:~# grep fortigate1 /var/lib/rancid/sitea/router.db

fortigate1:fortigate:up

root@rancid[PRO]:~# grep fortigate1 /home/rancid/.cloginrc

add userfortigate1   rancid

add passwordfortigate1   foobar

add cyphertype  fortigate1  {aes128-ctr}

add noenablefortigate1  1


Seems that '$' isn't a valid prompt, logins on fortigate devices with a
read-only user gives you that prompt instead of '#'.


Kind regards.


-- 

--
[image: Fon] 
Héctor Javier Sánchez Montes

Network Specialist
+34 912 91 76 83
Skype: hector.sanchez.fon
All information in this email is confidential