cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3213
Views
11
Helpful
3
Replies

netsim Failed to authenticate - bad password

ben_piret
Level 1
Level 1

Hi NSO community,

I am trying to establis a netsim device called netsimC1111-4P.

This device is under authgroup default as per :

admin@ncs% show devices device netsimC1111-4P

...

authgroup default;

...

then, I define the username to login on the netsim device by :

admin@ncs% set devices authgroups group default default-map same-user remote-password cisco

(followed by commit)

with this I should be able to connect to my netsim device as I have a user admin/cisco defined in it via the ios.xml file :

cisco@nsopoc:~/win$ ncs-netsim restart netsimC1111-4P
DEVICE netsimC1111-4P STOPPED
DEVICE netsimC1111-4P RESET
DEVICE netsimC1111-4P OK STARTED
cisco@nsopoc:~/win$ ncs-netsim cli-c netsimC1111-4P

admin connected from 10.14.32.234 using ssh on nsopoc
netsimC1111-4P# show run
no service pad
username admin secret cisco
username cisco secret cisco
no ip domain-lookup
no ip http server
no ip http secure-server

However when I try to connect to this netsim device with admin user, I get a bad password message. See log below - any idea of what I am doing wrong ?

admin@ncs% request devices device netsimC1111-4P connect                          
result false
info Failed to authenticate towards device netsimC1111-4P: Bad password for local/remote user admin/admin Auth failed
[ok][2018-06-19 12:37:01]

[edit]
admin@ncs%

1 Accepted Solution

Accepted Solutions

rogaglia
Cisco Employee
Cisco Employee

Hi Benoit,

I believe what is happening is that you are changing the IOS config in the netsim device and expect that the change will have any effect in the NETSIM SSH server credentials.

You need to remember that NETSIM does not analyse the config it receives, so, the username/password you are setting is not changing the SSH server credentials.

The credentials for the netsim devices are created in a XML file in the device cdb folder as seen here. I am not sure if this could be modified via the confd CLI of the device or you would need to re-create your device with the new XML file in the right folder or simply "load merge" the new values.

Roque

ROGAGLIA-M-M0VW:simple-mpls-vpn rogaglia$ more netsim/ce/ce0/cdb/aaa_init.xml

<config xmlns="http://tail-f.com/ns/config/1.0">

  <aaa xmlns="http://tail-f.com/ns/aaa/1.1">

    <authentication>

      <users>

        <user>

          <name>admin</name>

          <uid>9001</uid>

          <gid>100</gid>

          <password>$0$admin</password>

          <ssh_keydir>/var/confd/homes/admin/.ssh</ssh_keydir>

          <homedir>/var/confd/homes/admin</homedir>

        </user>

        <user>

          <name>oper</name>

          <uid>9001</uid>

          <gid>100</gid>

          <password>$0$oper</password>

          <ssh_keydir>/var/confd/homes/oper/.ssh</ssh_keydir>

          <homedir>/var/confd/homes/oper</homedir>

        </user>

        <user>

          <name>public</name>

          <uid>9001</uid>

          <gid>100</gid>

          <password>$0$public</password>

          <ssh_keydir>/var/confd/homes/public/.ssh</ssh_keydir>

          <homedir>/var/confd/homes/public</homedir>

        </user>

        <user>

          <name>private</name>

          <uid>9001</uid>

          <gid>100</gid>

          <password>$0$private</password>

          <ssh_keydir>/var/confd/homes/private/.ssh</ssh_keydir>

          <homedir>/var/confd/homes/private</homedir>

        </user>

      </users>

    </authentication>

    <ios>

      <level>

        <nr>0</nr>

        <prompt>ce0> </prompt>

      </level>

      <level>

        <nr>15</nr>

        <prompt>ce0# </prompt>

      </level>

      <privilege>

        <mode>exec</mode>

        <level>

          <nr>0</nr>

          <command>

            <name>exit</name>

          </command>

          <command>

            <name>action</name>

          </command>

          <command>

            <name>help</name>

          </command>

          <command>

            <name>autowizard</name>

          </command>

          <command>

            <name>enable</name>

          </command>

          <command>

            <name>startup</name>

          </command>

        </level>

        <level>

          <nr>15</nr>

          <command>

            <name>configure</name>

          </command>

        </level>

      </privilege>

    </ios>

  </aaa>

  <nacm xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-acm">

    <write-default>permit</write-default>

    <groups>

      <group>

        <name>admin</name>

        <user-name>admin</user-name>

        <user-name>private</user-name>

      </group>

      <group>

        <name>oper</name>

        <user-name>oper</user-name>

        <user-name>public</user-name>

      </group>

    </groups>

    <rule-list>

      <name>admin</name>

      <group>admin</group>

      <rule>

        <name>any-access</name>

        <action>permit</action>

      </rule>

    </rule-list>

    <rule-list>

      <name>any-group</name>

      <group>*</group>

      <rule>

        <name>tailf-aaa-authentication</name>

        <module-name>tailf-aaa</module-name>

        <path>/aaa/authentication/users/user[name='$USER']</path>

        <access-operations>read update</access-operations>

        <action>permit</action>

      </rule>

      <rule>

        <name>tailf-aaa-user</name>

        <module-name>tailf-aaa</module-name>

        <path>/user[name='$USER']</path>

        <access-operations>create read update delete</access-operations>

        <action>permit</action>

      </rule>

      <rule>

        <name>tailf-webui-user</name>

        <module-name>tailf-webui</module-name>

        <path>/webui/data-stores/user-profile[username='$USER']</path>

        <access-operations>create read update delete</access-operations>

        <action>permit</action>

      </rule>

    </rule-list>

  </nacm>

</config>

ROGAGLIA-M-M0VW:simple-mpls-vpn rogaglia$

View solution in original post

3 Replies 3

rogaglia
Cisco Employee
Cisco Employee

Hi Benoit,

I believe what is happening is that you are changing the IOS config in the netsim device and expect that the change will have any effect in the NETSIM SSH server credentials.

You need to remember that NETSIM does not analyse the config it receives, so, the username/password you are setting is not changing the SSH server credentials.

The credentials for the netsim devices are created in a XML file in the device cdb folder as seen here. I am not sure if this could be modified via the confd CLI of the device or you would need to re-create your device with the new XML file in the right folder or simply "load merge" the new values.

Roque

ROGAGLIA-M-M0VW:simple-mpls-vpn rogaglia$ more netsim/ce/ce0/cdb/aaa_init.xml

<config xmlns="http://tail-f.com/ns/config/1.0">

  <aaa xmlns="http://tail-f.com/ns/aaa/1.1">

    <authentication>

      <users>

        <user>

          <name>admin</name>

          <uid>9001</uid>

          <gid>100</gid>

          <password>$0$admin</password>

          <ssh_keydir>/var/confd/homes/admin/.ssh</ssh_keydir>

          <homedir>/var/confd/homes/admin</homedir>

        </user>

        <user>

          <name>oper</name>

          <uid>9001</uid>

          <gid>100</gid>

          <password>$0$oper</password>

          <ssh_keydir>/var/confd/homes/oper/.ssh</ssh_keydir>

          <homedir>/var/confd/homes/oper</homedir>

        </user>

        <user>

          <name>public</name>

          <uid>9001</uid>

          <gid>100</gid>

          <password>$0$public</password>

          <ssh_keydir>/var/confd/homes/public/.ssh</ssh_keydir>

          <homedir>/var/confd/homes/public</homedir>

        </user>

        <user>

          <name>private</name>

          <uid>9001</uid>

          <gid>100</gid>

          <password>$0$private</password>

          <ssh_keydir>/var/confd/homes/private/.ssh</ssh_keydir>

          <homedir>/var/confd/homes/private</homedir>

        </user>

      </users>

    </authentication>

    <ios>

      <level>

        <nr>0</nr>

        <prompt>ce0> </prompt>

      </level>

      <level>

        <nr>15</nr>

        <prompt>ce0# </prompt>

      </level>

      <privilege>

        <mode>exec</mode>

        <level>

          <nr>0</nr>

          <command>

            <name>exit</name>

          </command>

          <command>

            <name>action</name>

          </command>

          <command>

            <name>help</name>

          </command>

          <command>

            <name>autowizard</name>

          </command>

          <command>

            <name>enable</name>

          </command>

          <command>

            <name>startup</name>

          </command>

        </level>

        <level>

          <nr>15</nr>

          <command>

            <name>configure</name>

          </command>

        </level>

      </privilege>

    </ios>

  </aaa>

  <nacm xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-acm">

    <write-default>permit</write-default>

    <groups>

      <group>

        <name>admin</name>

        <user-name>admin</user-name>

        <user-name>private</user-name>

      </group>

      <group>

        <name>oper</name>

        <user-name>oper</user-name>

        <user-name>public</user-name>

      </group>

    </groups>

    <rule-list>

      <name>admin</name>

      <group>admin</group>

      <rule>

        <name>any-access</name>

        <action>permit</action>

      </rule>

    </rule-list>

    <rule-list>

      <name>any-group</name>

      <group>*</group>

      <rule>

        <name>tailf-aaa-authentication</name>

        <module-name>tailf-aaa</module-name>

        <path>/aaa/authentication/users/user[name='$USER']</path>

        <access-operations>read update</access-operations>

        <action>permit</action>

      </rule>

      <rule>

        <name>tailf-aaa-user</name>

        <module-name>tailf-aaa</module-name>

        <path>/user[name='$USER']</path>

        <access-operations>create read update delete</access-operations>

        <action>permit</action>

      </rule>

      <rule>

        <name>tailf-webui-user</name>

        <module-name>tailf-webui</module-name>

        <path>/webui/data-stores/user-profile[username='$USER']</path>

        <access-operations>create read update delete</access-operations>

        <action>permit</action>

      </rule>

    </rule-list>

  </nacm>

</config>

ROGAGLIA-M-M0VW:simple-mpls-vpn rogaglia$

Hi Roque,

It sounds fully logic ... after this explanation and indeed I hadn't spotted that...

I simply changed to :

admin@ncs% set devices authgroups group default default-map remote-name admin remote-password admin

(commit)

and I can now connect.

Many thanks !

Thanks. Helped a lot.