03-06-2012 06:31 AM
Hello,
Im new with the LMS4.1 soft appliance and got some questions after 1st touch with it:
1. Where can you get the documentation about the very special LMS-appliance-CLI? Is it possible to SSH to the linux-shell directly?
2. What is the default root password?
3. necessary Filesharing (e.g. for csv imports from old system) options:
a) SCP: with pscp from a win-client to LMS I get "cant get vty from remote host ...". Are there working compatibility options for common scp-clients?
b) Is it possible to setup an FTP server on LMS appliance?
c) Has SAMBA been installed, so that it is possible to make CIFS mounts?
(1st workarround = FTP server at the win-client)
4. What means the 1st "Access Denied" message after connecting via SSH and SCP successfuly?
5. Where is mping located?
Thx for hints,
Steffen
Solved! Go to Solution.
09-19-2014 09:36 AM
Hi, i found this solution to work very well for exporting files out of the box, its a workaround for cifs mounts.
As user root:
1) on cisco-lms install sshfs, which lets you mount a folder on a remote linux box through sftp:
install in the following order:
rpm -ivh fuse-libs-2.7.4-8.el5.x86_64.rpm
rpm -ivh fuse-2.7.4-8.el5.x86_64.rpm
rpm -ivh fuse-sshfs-2.5-1.el5.rf.x86_64.rpm
2) mount
mkdir /mnt/backup
sshfs root@<remote-linux-box-ip>:<remote-folder> /mnt/backup -o allow_other
3) rsync with cron
00 1 * * * rsync -r -v /var/adm/CSCOpx/files/rme/dcma/shadow/* /mnt/backup/ >> /root/rsync.log 2>&1
note: the remote-folder in the remote-linux-box can be a cifs mount
03-06-2012 10:59 AM
1 The first cli is quite simple. Very few command and ? to options. The shell is like a stripped linux.
As admin, with the admin password you should be able to login ussing ssh Not sure about recovery if you forgot the pw
2. I think you give the password during inital install. no default AFAIK.
3
a No! Here lms is the client. In other words you login and pull the files from other servers. cron should be able to do that too.
b I don't think so. RCP and TFTP is all you got.
c its stripped and hardened, so it won't be easy, if possible at all.
4 When do you see that?
5 Not used that before. should it be part of lms? then:/opt/CSCOpx/bin should be the place.
Cheers,
Michel
03-07-2012 12:00 AM
>>4 When do you see that?
The “access denied” I see, when I successfully login via SSH and with scp before the message appears that no matching vty was found
>>5 Not used that before. should it be part of lms? then:/opt/CSCOpx/bin should be the place
Mping was always a part of LMS utilities under CSCOpx\bin and is still existing in v4.1 windows and solaris version. It’s a good method to quickly test your SNMP write and read access from command line much more efficient and relyable than from GUI.
03-07-2012 12:35 AM
login as: admin
Access denied
admin@10.226.100.250's password:
Last login: Tue Mar 6 13:00:42 2012 from mbrczc0448fzh.cslg1.cslg.net
eudembrLMS01/admin#
03-07-2012 01:44 AM
Hi Michael,
For Point-3 Filesharing there is one important functionality dropping with the linux based appliance in the way Cisco designed it:
Most of our LMS customer see the plain Fileaccess to shadow directory as one of the most important functionality in LMS to have direct access to configs and SW-images.
How can we handle this without the need of writing copy scripts? From which distribution is it possible to install samba or an vsftp server for 1st aid to the LMS appliance? Or ist a fix known for the misconfigured SCP-server (cant find vty) to can use WinSCP as a Filebrowser?
In my opinion there is some spare left in the handiness of the overall solution with the LMS-appliance.
Steffen
03-08-2012 04:19 AM
It is always better to get the shadow directory copied to another machine and location.
It is not a good idea if everybody can just browse the server. Or worse even modify things.
Security is relatively weak on a windows server, it is somewhat OK on the linux appliance.
But security comes with inconveniences
I have a customer who would like to copy data to the lsm server, who is blocked by the feature that the LMS is server from which we can only pull. The 'data-diode' server who is push only, now has to copy to another server and lms pulls from the data from there.
Cheers,
Michel
03-08-2012 05:38 AM
What is more insecure? To have an secured File server with password access, chroot to shadow-dir, with a protocol one of NFS, CIFS, FTP, FTPS, SCP or
to be forced to need a copy script installed with clear text password to important enterprise file servers beside to need the time writing the script and automation for efficient updating the target.
Rsync for efficient copy and keeping up2date cant also be used in this manner, because smb-mount/client is also missing for the most common scenario of Windows based file servers in customer environments.
Steffen
03-09-2012 03:02 AM
Developed a working solution for SCP based file exchange with LMS-Linux-Appliance:
LMS Appliance:
carshell> shell
sysadmin # useradd -g casusers -d /home/scp -s /bin/bash -c "SCP user for file transfer from and to LMS" scp
sysadmin # passwd scp
sysadmin # ...
WinSCP-Settings:
1. create a new profile with the LMS-IP and scp user
2. force SCP as transport. In SSH version-2, SFTP is the standard scp transport. So you will need a combination of version 2 and SCP, because SFTP is not installed at the LMS linux appliance.
The reason for the need of an extra user is: SCP transport needs a shell and carshell is not a proper shell to handle SCP commands beside Default Shell enforcement doesnt work with WinSCP.
3. optional: preset remote dir: /var/adm/CSCOpx/files/rme/dcma/shadow
Steffen
03-09-2012 03:34 AM
Cool Steffen,
I haven't tried it since the beta version I had once.
Cheers,
Michel
05-30-2012 02:32 AM
Thank you very much Stefen !
It's working very well.
01-02-2014 01:48 PM
Danke / thank you very much steffen.
Funktioniert sofort / it's working.
09-19-2014 09:36 AM
Hi, i found this solution to work very well for exporting files out of the box, its a workaround for cifs mounts.
As user root:
1) on cisco-lms install sshfs, which lets you mount a folder on a remote linux box through sftp:
install in the following order:
rpm -ivh fuse-libs-2.7.4-8.el5.x86_64.rpm
rpm -ivh fuse-2.7.4-8.el5.x86_64.rpm
rpm -ivh fuse-sshfs-2.5-1.el5.rf.x86_64.rpm
2) mount
mkdir /mnt/backup
sshfs root@<remote-linux-box-ip>:<remote-folder> /mnt/backup -o allow_other
3) rsync with cron
00 1 * * * rsync -r -v /var/adm/CSCOpx/files/rme/dcma/shadow/* /mnt/backup/ >> /root/rsync.log 2>&1
note: the remote-folder in the remote-linux-box can be a cifs mount
10-06-2014 09:32 AM
cool Ignacio, does this procedure also work for the Cisco Prime Infrastructure VA to get CPI2.x CIFS able as well?
10-06-2014 05:13 PM
hi sneuser, don't know about prime infrastructure, havent tried it yet.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide