Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1506
Views
0
Helpful
11
Replies

N5K LMS 4.0 Credential issue

haidar_alm
Level 1
Level 1

‎08-29-2013 02:32 AM

Hello,

I need help with configuring our N5K switches on LMS.

As you can see from the below detail that I'm getting an error with SSH and is not even trying the Enable SSH pw.

Failed Devices

Showing 1-2 of 2 records

 Device Name Read
Community 		Read Write
Community 		SSH Enable
by SSH
1.n5k-cr2OkOkIncorrectDid Not Try
2.n5k-cr1OkOkIncorrectDid Not Try

Looking at the configuratin of it I saw the below command:

username (Output Amended) password 5 (Some Password)  role network-operator

snmp-server user (Output Amended) network-operator auth md5 (Password) priv (Password) local

Is it the snmp-server user passwords that need to match with the Credential Sets in LMS?

Many thanks,

H

Labels:
0 Helpful
11 Replies 11

AFROJ AHMAD
Cisco Employee
Cisco Employee

‎08-29-2013 04:49 AM

Hi ,

Are you using TACACS to device authentocation ?

Are there any Custom prompts configure on the device like :

login as:

Password:

If yes then open the TACACSPROMPT.ini file (NMSROOT/CSCOpx/objects/cmf/data )

check the device user prompts. Is it like 

Username:
Password:

or something else. If it some thing else update the tacacsprompt.ini file
with respective prompt. This could be one of the reason for failure.

I hope this will help

Thanks-

Afroz

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****
0 Helpful

haidar_alm
Level 1
Level 1
In response to AFROJ AHMAD

‎08-30-2013 01:27 AM

Hello,

We are not using TACACS.

Once I put the device IP address on Putty I get a prompt asking to login as, and then password.
Once I enter the detail I get to the # prompt.

many thanks,

H

0 Helpful

AFROJ AHMAD
Cisco Employee
Cisco Employee
In response to haidar_alm

‎08-30-2013 01:41 AM

Hi Haider

In the TACACSPROMPT.in  file .. add the below prompt or the way it appers on your device (case sensitive ):

login as:

Password:

then run the CDA job.

Thanks-

Afroz

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****
0 Helpful

haidar_alm
Level 1
Level 1
In response to AFROJ AHMAD

‎08-30-2013 01:55 AM

Hi Afroz,

The Tacacsprompt file has the following entries:

[TELNET]

USERNAME_PROMPT=

PASSWORD_PROMPT=

Should I change it to:

[SSH]

login as:

Password:

?
Also, what effects will this have on all the other non NexOS devices?

Many thanks,

Haidar

0 Helpful

AFROJ AHMAD
Cisco Employee
Cisco Employee
In response to haidar_alm

‎08-30-2013 01:58 AM

Hi Haider,

No need to change that ..It should be :

The Tacacsprompt file has the following entries:

[TELNET]

USERNAME_PROMPT=login as:

PASSWORD_PROMPT=Password:

you can add many prompts with the sepration of , (Commma) character.

Thanks

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****
0 Helpful

haidar_alm
Level 1
Level 1
In response to AFROJ AHMAD

‎08-30-2013 02:03 AM

I've just made the changes. I'm still confused because we're using SSH and not telnet. Also, when I configure the device credentials, what should I put? And, what about the snmp user server credentials?
These credentials are different than the username pw credentials!

Apologies for asking so many questions, but I would like to understand what changes I'm making and not only to get it working.

many thanks,

H

0 Helpful

AFROJ AHMAD
Cisco Employee
Cisco Employee
In response to haidar_alm

‎08-30-2013 02:27 AM

Hi,

In TACACSPrompt.ini file it say's TELNET but it applies to SSH as well.

under >Primary Credential  >> you need to put user user name and password that you used to login to the device ( telnet\ssh)

check the below link:

http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_lan_management_solution/4.0/user/guide/getting_started/managdevicegrps.html#wp1055262

Is the CDA job still faling after the changes in the file ?

if yes then : run the CmdsvcTest.pl

Syntax: CmdsvcTest.pl [ip] [port] [telnet|ssh] [ios|catos|nam][username] [login pass]
[enable pass] [telnet_timeout] [command1]  ...";

Example:

opt/CSCOpx/MDC/tomcat/webapps/rme/WEB-INF/debugtools>/opt/CSCOpx/bin/perl CmdsvcTest.pl
 22 ssh ios  
 10 "show run-config" > output.txt

(this will redirect the output to 'output.txt', share the rsults with me)

NOTE for Nexus you may need to use SS instead of IOS in the above command

Thanks

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****
0 Helpful

haidar_alm
Level 1
Level 1
In response to AFROJ AHMAD

‎01-28-2014 02:58 AM

Even if we're not using TACACS to authenticate?!

0 Helpful

AFROJ AHMAD
Cisco Employee
Cisco Employee
In response to haidar_alm

‎01-28-2014 03:00 AM

No, if you are not using TACACS then TACACSPROMPT.ini will not play any role.

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****
0 Helpful

haidar_alm
Level 1
Level 1
In response to AFROJ AHMAD

‎01-28-2014 03:01 AM

But I did say in my reply above that we're not using TACACS.

Any other suggestions then please to fix the issue if u don't mind?
Many thanks,

H

0 Helpful

AFROJ AHMAD
Cisco Employee
Cisco Employee
In response to haidar_alm

‎01-28-2014 03:06 AM

share the cmdsvctest.pl output to look into the issue.

Thanks-

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****
0 Helpful
Customers Also Viewed These Support Documents