I recently enabled command authorization on my Nexus switches and RANCID could no longer run. The error rancid reported was:
It was weird because the commands RANCID was running, could be ran just fine manually by calling the rancid clogin script. We have different groups setup in TACACS, one for network engineers, and one specifically for RANCID. If I moved the rancid user over to the neteng group it would run fine, so I noticed a difference was a tac_plus.conf stanza present for neteng but missing for rancid:
default service = permit
Directly underneath the group definition. After adding that to the rancid user, all was well.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...