search

ansible-collections / community.ciscosmb

Ansible Galaxy module for Cisco SMB switches - SG300, SG500, SG350, SG550
http://galaxy.ansible.com/community/ciscosmb
GNU General Public License v3.0
19 stars 9 forks source link

Bad authentication #54

Closed rez97415 closed 1 year ago

rez97415 commented 2 years ago
SUMMARY

Hi, i have the problem by using your module My stdout: ansible spb-expo-sw2-new -m community.ciscosmb.facts --vault-password-file ~/.vault_pass.txt --extra-vars "ANSIBLE_NET_USERNAME=****** ANSIBLE_NET_PASSWORD=*****" router | FAILED! => { "changed": false, "msg": "Failed to authenticate: Bad authentication type; allowed types: ['']" } My vars file: ansible_user: user; ansible_connection: network_cli; ansible_network_os: community.ciscosmb.ciscosmb; ansible_password: password;

Please help me with this issue Regards

qaxi commented 2 years ago

Hello,

you did not sent your inventory file, so I can not check it.

Try ansible-play example from README first, please.

Regards Petr Klíma

heewey commented 2 years ago

Hello Petr,

I had the same issue, and the reason was the not allowed option ip ssh password-auth on the device.

could you please advise me, on how to proceed with the login, when the direct login is not allowed and the cisco-smb always expects to fill username and password on the welcome screen? In case, when this password-auth option is allowed, the ansible module works properly.

Thanks for any advice.

heewey commented 2 years ago

Hello again,

it was quiet easy.

Run playbook as usual and ask for ssh password, like that ansible-playbook yourplaybookname --ask-pass

In the playbook do something similar

---
#Configure ciscosmb
- name: CiscoSMB IOS Command
  hosts: your_host_group
  become: true
  connection: local
  vars_prompt:
    - name: Cisco-User
      prompt: Type Cisco-User
      private: no
    - name: Cisco-Pass
      prompt: Type Cisco-Pass
      private: yes

  tasks:
    - name: Name of this taks
      community.ciscosmb.command:
        commands:
            - list
            - of
            - commands
            - which
            - you
            - will
            - use
heewey commented 2 years ago

Sorry for spam - it still not working, still the same ip ssh password-auth has to be enabled.

FooBarTrixibell commented 2 years ago

I am having a similar issue on an SG350 switch but enabling password authentication does not fix it.

Every time it gets to "ESTABLISH SSH CONNECTION FOR USER: admin" it hangs at

SSH: EXEC sshpass -d10 ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'User="admin"' -o ConnectTimeout=10 -o ControlPath=/tmp/bwrap_123v1oz23s/awx_123_f123kd1l/cp/23f12312ba XXX.XXX.XXX.XXX '/bin/sh -c '"'"'echo ~admin && sleep 0'"'"''

There is no further output even if I wait 12 hours. This is with Verbosity at 4.

I am running this through AWX so every time I try I have to restart the AWX container to kill the job.

I have tried with a user credential containing the password only, one with a key and one with escalation "enable" set, with every combination of options for a password, key and Automatic Login set.

I can ssh from a normal Linux box with those credentials without an issue (though without Automatic Login it does prompt a second time for both username and password).

My Playbook has been stripped down to almost nothing -

- name: Set the NTP Servers
  gather_facts: no
  hosts: all

  tasks:
        - name: show clock
          community.ciscosmb.command:
           commands: show clock
          register: output
        - name: show output
          debug: 
           var: output.stdout
qaxi commented 2 years ago

Strange ... I am curently testing on SG350X-48-K9.

#show inventory 
NAME: "1"   DESCR: "SG350X-48 48-Port Gigabit Stackable Managed Switch"   
PID: SG350X-48-K9   VID: V02   SN: XXXXXXXXXXXXXXXXXX   
...

#show version
Active-image: flash://system/images/image_tesla_hybrid_2.4.5.71_release_cisco_signed.bin
  Version: 2.4.5.71
  MD5 Digest: 2dff89efdb2a0ec2f9a2c414ff7d401c
  Date: 04-Nov-2018
  Time: 19:46:16
...

inventory.yml

all:
  vars:    
    ansible_connection: network_cli
    ### change what you need
    # ansible_ssh_private_key_file: /dir/private.key
    ansible_ssh_user: test
    ansible_ssh_pass: passwd
    ansible_become_method: enable
    ansible_become_password: passwd2
    #
    ### Enable become globaly, by host, by playbook or by task
    # ansible_become: yes 

  hosts:
    sw-1:
      ansible_host: xx.xx.xx.xx
      ansible_network_os: community.ciscosmb.ciscosmb

playbook.yml

- name: CiscoSMB - test commands
  gather_facts: no
  hosts: all
  # vars:
  #  ansible_become: yes

  tasks:
    - name: CiscoSMB - show clock
      community.ciscosmb.command:
        commands:
          - show version
          - show clock
      register: show_clock

    - name: show output
      ansible.builtin.debug: 
        var:  show_clock

    - name: CiscoSMB - set timezone
      community.ciscosmb.command:
        commands:
          - configure terminal
          - clock timezone CET +1
      vars:
        ansible_become: yes
      register: set_timezone

    - name: show output
      ansible.builtin.debug: 
        var: set_timezone

ansible-play -i inventory.yml playbook.yml

And this work without issues.

sniplet of cisco config regarding user settings

username test password encrypted xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx privilege 1
enable password level 15 encrypted xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

ip ssh server
ip ssh password-auth
ip ssh pubkey-auth auto-login
# !!! no key for user test

What is your model and FW version show inventory and show version ?

FooBarTrixibell commented 2 years ago

I ran your playbook directly from the command line and it worked perfectly!

I then compared that to what I had and realised I was missing -

ansible_connection: network_cli ansible_network_os: community.ciscosmb.ciscosmb

From my inventory.

I added this and suddenly everything is working!

ok: [XXX.XXX.XXX.XXX] => { "output.stdout": [ "04:50:52 CET Oct 12 2021\nTime from SNTP is enabled\nOperational Time Source: None\nTime from Browser is disabled" ] }

You can ignore the time, the switch has been reset to factory so that I could play with configuring it.

Anyway, thank you so much! I'm off to try some proper configuration stuff now.

FooBarTrixibell commented 2 years ago

So embarrassing when I see those exact lines in the inventory in the readme!

FooBarTrixibell commented 2 years ago

By the way, I can confirm it works without password authentication set, I have only ip ssh pubkey-auth auto-login set and it works on the sg350-10p (Version: 2.5.8.15).

qaxi commented 2 years ago

Hello,

right now I can not test it, but on firs look I can see "ansible_network_os: qaxi" it should be "ansible_network_os: ciscosmb".

I will test it ASAP. If you have a time to test, try ansible-play example form README, please.

Retards

   Petr Klíma
***@***.***>

Dne 14. 03. 22 v 15:53 rez97415 napsal(a):

      SUMMARY

Hi, i have the problem by using your module My stdout: |ansible spb-expo-sw2-new -m qaxi.ciscosmb.facts --vault-password-file ~/.vault_pass.txt --extra-vars "ANSIBLE_NET_USERNAME=** ANSIBLE_NET_PASSWORD=*****" router | FAILED! => { "changed": false, "msg": "Failed to authenticate: Bad authentication type; allowed types: ['']" }| My vars file: |ansible_user: user; ansible_connection: network_cli; ansible_network_os: qaxi; ansible_password: password;|

Please help me with this issue Regards

— Reply to this email directly, view it on GitHub https://github.com/ansible-collections/community.ciscosmb/issues/54, or unsubscribe https://github.com/notifications/unsubscribe-auth/AA6KH4HCHHLVTJKDXJ43OSDU75HF7ANCNFSM5QVY7JJA. You are receiving this because you are subscribed to this thread.Message ID: @.***>