Hi all;
Never seen this error before… anyone got any ideas?
#ncs-netsim cli-i asr9k_0
“Access check failed”
I trying to add a netsim device to an existing system install:
I have created a authgroup “netsim” like this, but I don’t think the problem is here:
devices authgroups group netsim
umap admin
remote-name admin
remote-password $8$8l6Hbgrl0MqyJvKLroZmtfQ4SvpjUhuyt0gyG/2vHt4=
remote-secondary-password $8$MuYyhbc3qqPZp9VCVQH6fvcEEnCXjzYSUcOAF27JbcE=
!
!
Have checked the logs: No log file is touched.
Best Regards
Paulo Oliveira
Solved! Go to Solution.
Paulo,
Problem solved:
This configuration was present in ncs.conf
<ncs-ipc-access-check>
<enabled>true</enabled>
<filename>${NCS_DIR}/etc/ncs/ipc_access</filename>
</ncs-ipc-access-check>
After changing it to false and removing the environment variable NCS_IPC_ACCESS_FILE
… everything back to normal, netsim devices added and also reachable.
But you have also turned off IPC security, so don't do this in a production system.
Best Regards,
/jan
Can you turn on traces?
Roque
Thanks Roque;
Enable trace to the device:
admin@ncs(config)# devices device asr9k_0 trace raw
Tried to connect:
admin@ncs# devices device asr9k_0 connect
result false
info Failed to connect to device asr9k_0: connection refused: ned_external_error ned_connect_cli: unknown device
A file was created: ned-cisco-ios-xr-asr9k_0.trace
File content is:
>> 6-Oct-2016::12:08:39.606 CLI CONNECT to asr9k_0-127.0.0.1:10022 as admin (Trace=true)
<< 6-Oct-2016::12:08:39.608 SET-TIMOUT
<< 6-Oct-2016::12:08:39.934 ERROR: Network Element Driver error econnrefused for device asr9k_0: ned_external_error ned_connect_cli: unknown device
This configuration was present in ncs.conf
<ncs-ipc-access-check>
<enabled>true</enabled>
<filename>${NCS_DIR}/etc/ncs/ipc_access</filename>
</ncs-ipc-access-check>
After changing it to false and removing the environment variable NCS_IPC_ACCESS_FILE
… everything back to normal, netsim devices added and also reachable.
Best Regards
Paulo Oliveira
Paulo,
Problem solved:
This configuration was present in ncs.conf
<ncs-ipc-access-check>
<enabled>true</enabled>
<filename>${NCS_DIR}/etc/ncs/ipc_access</filename>
</ncs-ipc-access-check>
After changing it to false and removing the environment variable NCS_IPC_ACCESS_FILE
… everything back to normal, netsim devices added and also reachable.
But you have also turned off IPC security, so don't do this in a production system.
Best Regards,
/jan
IMHO, the IPC access check should only be used during certain circumstances. In particular only when you have non trusted shell users on the NSO host.
If you don't - there is no need to use the IPC access ctl, it'll just add to the confusion if you do.
By shell users, I mean actual user logins to the NSO hosts, and you don't want those users to have access to NSO, or you want those users to have to abide by the NACM rules.
/klacke