search

napalm-automation / napalm

Network Automation and Programmability Abstraction Layer with Multivendor support
Apache License 2.0
2.26k stars 555 forks source link

Is AAA (TACACS) Supported? Not able to login nor test. #472

Closed mirceaulinic closed 6 years ago

mirceaulinic commented 7 years ago

Description of Issue/Question

Did you follow the steps from https://github.com/napalm-automation/napalm#faq

Setup

napalm-ios version

(Paste verbatim output from pip freeze | grep napalm-ios between quotes below)

napalm-ios==0.8.1

IOS version

(Paste verbatim output from show version between quotes below)

Cisco IOS Software, C3750 Software (C3750-IPSERVICESK9-M), Version 12.2(55)SE10, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2015 by Cisco Systems, Inc.
Compiled Wed 11-Feb-15 11:40 by prod_rel_team
Image text-base: 0x01000000, data-base: 0x02F00000

ROM: Bootstrap program is C3750 boot loader
BOOTLDR: C3750 Boot Loader (C3750-HBOOT-M) Version 12.2(44)SE5, RELEASE SOFTWARE (fc1)

400USW04003 uptime is 1 year, 10 weeks, 4 days, 20 hours, 58 minutes
System returned to ROM by power-on
System restarted at 16:20:06 UTC Fri Aug 5 2016
System image file is "flash:c3750-ipservicesk9-mz.122-55.SE10.bin"

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco WS-C3750-48P (PowerPC405) processor (revision J0) with 131072K bytes of memory.
Processor board ID CAT1050ZHJ0
Last reset from power-on
5 Virtual Ethernet interfaces
48 FastEthernet interfaces
4 Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.

512K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address       : 00:1A:A1:4A:7A:80
Motherboard assembly number     : 73-9675-11
Power supply part number        : 341-0029-05
Motherboard serial number       : CAT1050535L
Power supply serial number      : LIT104201TJ
Model revision number           : J0
Motherboard revision number     : A0
Model number                    : WS-C3750-48PS-S
System serial number            : CAT1050ZHJ0
SFP Module assembly part number : 73-7757-03
SFP Module revision Number      : A0
SFP Module serial number        : CAT10495J1F
Top Assembly Part Number        : 800-25858-03
Top Assembly Revision Number    : G0
Version ID                      : V05
CLEI Code Number                : COM1W00ARB
Hardware Board Revision Number  : 0x01

Switch Ports Model              SW Version            SW Image
------ ----- -----              ----------            ----------
*    1 52    WS-C3750-48P       12.2(55)SE10          C3750-IPSERVICESK9-M

Configuration register is 0xF

Steps to Reproduce the Issue

Error Traceback

(Paste the complete traceback of the exception between quotes below)

cl_napalm_test --vendor ios --user jloatman --password <pass-with-special-char> --debug 400usw04003
/usr/lib/python2.7/site-packages/napalm_base/clitools/helpers.py:24: DeprecationWarning: This tool has been deprecated, please use `napalm` instead

  DeprecationWarning)
2017-10-19 06:21:17,426 - cl_napalm_test.py - DEBUG - Getting driver for OS "ios"
2017-10-19 06:21:17,512 - cl_napalm_test.py - DEBUG - Connecting to device "400usw04003" with user "jloatman" and optional_args={}
Traceback (most recent call last):
  File "/bin/cl_napalm_test", line 11, in <module>
    sys.exit(main())
  File "/usr/lib/python2.7/site-packages/napalm_base/clitools/cl_napalm_test.py", line 41, in main
    optional_args=optional_args) as device:
  File "/usr/lib/python2.7/site-packages/napalm_base/base.py", line 47, in __enter__
    self.open()
  File "/usr/lib/python2.7/site-packages/napalm_ios/ios.py", line 140, in open
    **self.netmiko_optional_args)
  File "/usr/lib/python2.7/site-packages/netmiko/ssh_dispatcher.py", line 131, in ConnectHandler
    return ConnectionClass(*args, **kwargs)
  File "/usr/lib/python2.7/site-packages/netmiko/base_connection.py", line 151, in __init__
    self.establish_connection()
  File "/usr/lib/python2.7/site-packages/netmiko/base_connection.py", line 541, in establish_connection
    raise NetMikoAuthenticationException(msg)
netmiko.ssh_exception.NetMikoAuthenticationException: Authentication failure: unable to connect cisco_ios 400usw04003:22
Authentication failed.

This switch uses TACACS - I can login fine, password is not wrong - I even tested netmiko script below from netmiko import ConnectHandler

cisco_3750 = {'device_type': 'cisco_ios', 'ip': '25.4.232.9', 'username': 'jloatman', 'password': '', 'port': 22,}

net_connect = ConnectHandler(**cisco_3750)

output = net_connect.send_command('show ip int brief') print(output)

Complete discussion at https://github.com/napalm-automation/napalm-ios/issues/216

ktbyers commented 6 years ago

I looked back at the original issue...this should work at the Netmiko/NAPALM level so AAA/TACACS+ should be supported.

If people run into issues, this can be re-opened.