06-19-2018 03:37 AM - edited 03-01-2019 04:11 AM
Hi NSO community,
I am trying to establis a netsim device called netsimC1111-4P.
This device is under authgroup default as per :
admin@ncs% show devices device netsimC1111-4P
...
authgroup default;
...
then, I define the username to login on the netsim device by :
admin@ncs% set devices authgroups group default default-map same-user remote-password cisco
(followed by commit)
with this I should be able to connect to my netsim device as I have a user admin/cisco defined in it via the ios.xml file :
cisco@nsopoc:~/win$ ncs-netsim restart netsimC1111-4P
DEVICE netsimC1111-4P STOPPED
DEVICE netsimC1111-4P RESET
DEVICE netsimC1111-4P OK STARTED
cisco@nsopoc:~/win$ ncs-netsim cli-c netsimC1111-4P
admin connected from 10.14.32.234 using ssh on nsopoc
netsimC1111-4P# show run
no service pad
username admin secret cisco
username cisco secret cisco
no ip domain-lookup
no ip http server
no ip http secure-server
However when I try to connect to this netsim device with admin user, I get a bad password message. See log below - any idea of what I am doing wrong ?
admin@ncs% request devices device netsimC1111-4P connect
result false
info Failed to authenticate towards device netsimC1111-4P: Bad password for local/remote user admin/admin Auth failed
[ok][2018-06-19 12:37:01]
[edit]
admin@ncs%
Solved! Go to Solution.
06-19-2018 05:43 AM
Hi Benoit,
I believe what is happening is that you are changing the IOS config in the netsim device and expect that the change will have any effect in the NETSIM SSH server credentials.
You need to remember that NETSIM does not analyse the config it receives, so, the username/password you are setting is not changing the SSH server credentials.
The credentials for the netsim devices are created in a XML file in the device cdb folder as seen here. I am not sure if this could be modified via the confd CLI of the device or you would need to re-create your device with the new XML file in the right folder or simply "load merge" the new values.
Roque
ROGAGLIA-M-M0VW:simple-mpls-vpn rogaglia$ more netsim/ce/ce0/cdb/aaa_init.xml
<config xmlns="http://tail-f.com/ns/config/1.0">
<aaa xmlns="http://tail-f.com/ns/aaa/1.1">
<authentication>
<users>
<user>
<name>admin</name>
<uid>9001</uid>
<gid>100</gid>
<password>$0$admin</password>
<ssh_keydir>/var/confd/homes/admin/.ssh</ssh_keydir>
<homedir>/var/confd/homes/admin</homedir>
</user>
<user>
<name>oper</name>
<uid>9001</uid>
<gid>100</gid>
<password>$0$oper</password>
<ssh_keydir>/var/confd/homes/oper/.ssh</ssh_keydir>
<homedir>/var/confd/homes/oper</homedir>
</user>
<user>
<name>public</name>
<uid>9001</uid>
<gid>100</gid>
<password>$0$public</password>
<ssh_keydir>/var/confd/homes/public/.ssh</ssh_keydir>
<homedir>/var/confd/homes/public</homedir>
</user>
<user>
<name>private</name>
<uid>9001</uid>
<gid>100</gid>
<password>$0$private</password>
<ssh_keydir>/var/confd/homes/private/.ssh</ssh_keydir>
<homedir>/var/confd/homes/private</homedir>
</user>
</users>
</authentication>
<ios>
<level>
<nr>0</nr>
<prompt>ce0> </prompt>
</level>
<level>
<nr>15</nr>
<prompt>ce0# </prompt>
</level>
<privilege>
<mode>exec</mode>
<level>
<nr>0</nr>
<command>
<name>exit</name>
</command>
<command>
<name>action</name>
</command>
<command>
<name>help</name>
</command>
<command>
<name>autowizard</name>
</command>
<command>
<name>enable</name>
</command>
<command>
<name>startup</name>
</command>
</level>
<level>
<nr>15</nr>
<command>
<name>configure</name>
</command>
</level>
</privilege>
</ios>
</aaa>
<nacm xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-acm">
<write-default>permit</write-default>
<groups>
<group>
<name>admin</name>
<user-name>admin</user-name>
<user-name>private</user-name>
</group>
<group>
<name>oper</name>
<user-name>oper</user-name>
<user-name>public</user-name>
</group>
</groups>
<rule-list>
<name>admin</name>
<group>admin</group>
<rule>
<name>any-access</name>
<action>permit</action>
</rule>
</rule-list>
<rule-list>
<name>any-group</name>
<group>*</group>
<rule>
<name>tailf-aaa-authentication</name>
<module-name>tailf-aaa</module-name>
<path>/aaa/authentication/users/user[name='$USER']</path>
<access-operations>read update</access-operations>
<action>permit</action>
</rule>
<rule>
<name>tailf-aaa-user</name>
<module-name>tailf-aaa</module-name>
<path>/user[name='$USER']</path>
<access-operations>create read update delete</access-operations>
<action>permit</action>
</rule>
<rule>
<name>tailf-webui-user</name>
<module-name>tailf-webui</module-name>
<path>/webui/data-stores/user-profile[username='$USER']</path>
<access-operations>create read update delete</access-operations>
<action>permit</action>
</rule>
</rule-list>
</nacm>
</config>
ROGAGLIA-M-M0VW:simple-mpls-vpn rogaglia$
06-19-2018 05:43 AM
Hi Benoit,
I believe what is happening is that you are changing the IOS config in the netsim device and expect that the change will have any effect in the NETSIM SSH server credentials.
You need to remember that NETSIM does not analyse the config it receives, so, the username/password you are setting is not changing the SSH server credentials.
The credentials for the netsim devices are created in a XML file in the device cdb folder as seen here. I am not sure if this could be modified via the confd CLI of the device or you would need to re-create your device with the new XML file in the right folder or simply "load merge" the new values.
Roque
ROGAGLIA-M-M0VW:simple-mpls-vpn rogaglia$ more netsim/ce/ce0/cdb/aaa_init.xml
<config xmlns="http://tail-f.com/ns/config/1.0">
<aaa xmlns="http://tail-f.com/ns/aaa/1.1">
<authentication>
<users>
<user>
<name>admin</name>
<uid>9001</uid>
<gid>100</gid>
<password>$0$admin</password>
<ssh_keydir>/var/confd/homes/admin/.ssh</ssh_keydir>
<homedir>/var/confd/homes/admin</homedir>
</user>
<user>
<name>oper</name>
<uid>9001</uid>
<gid>100</gid>
<password>$0$oper</password>
<ssh_keydir>/var/confd/homes/oper/.ssh</ssh_keydir>
<homedir>/var/confd/homes/oper</homedir>
</user>
<user>
<name>public</name>
<uid>9001</uid>
<gid>100</gid>
<password>$0$public</password>
<ssh_keydir>/var/confd/homes/public/.ssh</ssh_keydir>
<homedir>/var/confd/homes/public</homedir>
</user>
<user>
<name>private</name>
<uid>9001</uid>
<gid>100</gid>
<password>$0$private</password>
<ssh_keydir>/var/confd/homes/private/.ssh</ssh_keydir>
<homedir>/var/confd/homes/private</homedir>
</user>
</users>
</authentication>
<ios>
<level>
<nr>0</nr>
<prompt>ce0> </prompt>
</level>
<level>
<nr>15</nr>
<prompt>ce0# </prompt>
</level>
<privilege>
<mode>exec</mode>
<level>
<nr>0</nr>
<command>
<name>exit</name>
</command>
<command>
<name>action</name>
</command>
<command>
<name>help</name>
</command>
<command>
<name>autowizard</name>
</command>
<command>
<name>enable</name>
</command>
<command>
<name>startup</name>
</command>
</level>
<level>
<nr>15</nr>
<command>
<name>configure</name>
</command>
</level>
</privilege>
</ios>
</aaa>
<nacm xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-acm">
<write-default>permit</write-default>
<groups>
<group>
<name>admin</name>
<user-name>admin</user-name>
<user-name>private</user-name>
</group>
<group>
<name>oper</name>
<user-name>oper</user-name>
<user-name>public</user-name>
</group>
</groups>
<rule-list>
<name>admin</name>
<group>admin</group>
<rule>
<name>any-access</name>
<action>permit</action>
</rule>
</rule-list>
<rule-list>
<name>any-group</name>
<group>*</group>
<rule>
<name>tailf-aaa-authentication</name>
<module-name>tailf-aaa</module-name>
<path>/aaa/authentication/users/user[name='$USER']</path>
<access-operations>read update</access-operations>
<action>permit</action>
</rule>
<rule>
<name>tailf-aaa-user</name>
<module-name>tailf-aaa</module-name>
<path>/user[name='$USER']</path>
<access-operations>create read update delete</access-operations>
<action>permit</action>
</rule>
<rule>
<name>tailf-webui-user</name>
<module-name>tailf-webui</module-name>
<path>/webui/data-stores/user-profile[username='$USER']</path>
<access-operations>create read update delete</access-operations>
<action>permit</action>
</rule>
</rule-list>
</nacm>
</config>
ROGAGLIA-M-M0VW:simple-mpls-vpn rogaglia$
06-19-2018 05:56 AM
Hi Roque,
It sounds fully logic ... after this explanation and indeed I hadn't spotted that...
I simply changed to :
admin@ncs% set devices authgroups group default default-map remote-name admin remote-password admin
(commit)
and I can now connect.
Many thanks !
01-16-2020 12:08 PM
Thanks. Helped a lot.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide