Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

LMS4.1 soft appliance 1st aid

Hello,

Im new with the LMS4.1 soft appliance and got some questions after 1st touch with it:

1. Where can you get the documentation about the very special LMS-appliance-CLI? Is it possible to SSH to the linux-shell directly?

2. What is the default root password?

3. necessary Filesharing (e.g. for csv imports from old system) options:

a) SCP: with pscp from a win-client to LMS I get "cant get vty from remote host ...". Are there working compatibility options for common scp-clients?

b) Is it possible to setup an FTP server on LMS appliance?

c) Has SAMBA been installed, so that it is possible to make CIFS mounts?

(1st workarround = FTP server at the win-client)

4. What means the 1st "Access Denied" message after connecting via SSH and SCP successfuly?

5. Where is mping located?

Thx for hints,

Steffen

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Hi, i found this solution to

Hi, i found this solution to work very well for exporting files out of the box, its a workaround for cifs mounts.

As user root:

1) on cisco-lms install sshfs, which lets you mount a folder on a remote linux box through sftp:
install in the following order:
rpm -ivh fuse-libs-2.7.4-8.el5.x86_64.rpm
rpm -ivh fuse-2.7.4-8.el5.x86_64.rpm
rpm -ivh fuse-sshfs-2.5-1.el5.rf.x86_64.rpm

2) mount 
mkdir /mnt/backup
sshfs root@<remote-linux-box-ip>:<remote-folder> /mnt/backup -o allow_other

3) rsync with cron
00 1 * * * rsync -r -v /var/adm/CSCOpx/files/rme/dcma/shadow/* /mnt/backup/ >> /root/rsync.log 2>&1

 

note: the remote-folder in the remote-linux-box can be a cifs mount

13 REPLIES

LMS4.1 soft appliance 1st aid

1 The first cli is quite simple. Very few command and ? to options. The shell is like a stripped linux.

As admin, with the admin password you should be able to login ussing ssh Not sure about recovery if you forgot the pw

2. I think you give the password during inital install. no default AFAIK.

3

a No! Here lms is the client. In other words you login and pull the files from other servers. cron should be able to do that too.

b I don't think so. RCP and TFTP is all you got.

c its stripped and hardened, so  it won't be easy, if possible at all.

4 When do you see that?

5 Not used that before. should it be part of lms? then:/opt/CSCOpx/bin should be the place.

Cheers,

Michel

New Member

Re: LMS4.1 soft appliance 1st aid

>>4 When do you see that?

The “access denied” I see, when I successfully login via SSH and with scp before the message appears that no matching vty was found

>>5 Not used that before. should it be part of lms? then:/opt/CSCOpx/bin should be the place

Mping was always a part of LMS utilities under CSCOpx\bin and is still existing in v4.1 windows and solaris version. It’s a good method to quickly test your SNMP write and read access from command line much more efficient and relyable than from GUI.

New Member

Re: LMS4.1 soft appliance 1st aid

login as: admin

Access denied

admin@10.226.100.250's password:

Last login: Tue Mar 6 13:00:42 2012 from mbrczc0448fzh.cslg1.cslg.net

eudembrLMS01/admin#

New Member

Re: LMS4.1 soft appliance 1st aid

Hi Michael,

For Point-3 Filesharing there is one important functionality dropping with the linux based appliance in the way Cisco designed it:

Most of our LMS customer see the plain Fileaccess to shadow directory as one of the most important functionality in LMS to have direct access to configs and SW-images.

How can we handle this without the need of writing copy scripts? From which distribution is it possible to install samba or an vsftp server for 1st aid to the LMS appliance? Or ist a fix known for the misconfigured SCP-server (cant find vty) to can use WinSCP as a Filebrowser?

In my opinion there is some spare left in the handiness of the overall solution with the LMS-appliance.

Steffen

LMS4.1 soft appliance 1st aid

It is always better to get the shadow directory copied to another machine and location.

It is not a good idea if everybody can just browse the server. Or worse even modify things.

Security is relatively weak on a windows server, it is somewhat OK on the linux appliance.

But security comes with inconveniences

I have a customer who would like to copy data to the lsm server, who is blocked by the feature that the LMS is server from which we can only pull. The 'data-diode' server who is push only, now has to copy to another server and lms pulls from the data from there.

Cheers,

Michel

New Member

Re: LMS4.1 soft appliance 1st aid

What is more insecure? To have an secured File server with password access, chroot to shadow-dir, with a protocol one of NFS, CIFS, FTP, FTPS, SCP or

to be forced to need a copy script installed with clear text password to important enterprise file servers beside to need the time writing the script and automation for efficient updating the target.

Rsync for efficient copy and keeping up2date cant also be used in this manner, because smb-mount/client is also missing for the most common scenario of Windows based file servers in customer environments.

Steffen

New Member

Re: LMS4.1 soft appliance 1st aid

Developed a working solution for SCP based file exchange with LMS-Linux-Appliance:

LMS Appliance:

carshell> shell

sysadmin # useradd -g casusers -d /home/scp -s /bin/bash -c "SCP user for file transfer from and to LMS" scp

sysadmin # passwd scp

sysadmin # ...

WinSCP-Settings:

1. create a new profile with the LMS-IP and scp user

2. force SCP as transport. In SSH version-2, SFTP is the standard scp transport. So you will need a combination of version 2 and SCP, because SFTP is not installed at the LMS linux appliance.

The reason for the need of an extra user is: SCP transport needs a shell and carshell is not a proper shell to handle SCP commands beside Default Shell enforcement doesnt work with WinSCP.

3. optional: preset remote dir: /var/adm/CSCOpx/files/rme/dcma/shadow

Steffen

LMS4.1 soft appliance 1st aid

Cool Steffen,

I haven't tried it since the beta version I had once.

Cheers,

Michel

Re: LMS4.1 soft appliance 1st aid

Thank you very much Stefen !

It's working very well.

New Member

LMS4.1 soft appliance 1st aid

Danke / thank you very much steffen.

Funktioniert sofort / it's working.

New Member

Hi, i found this solution to

Hi, i found this solution to work very well for exporting files out of the box, its a workaround for cifs mounts.

As user root:

1) on cisco-lms install sshfs, which lets you mount a folder on a remote linux box through sftp:
install in the following order:
rpm -ivh fuse-libs-2.7.4-8.el5.x86_64.rpm
rpm -ivh fuse-2.7.4-8.el5.x86_64.rpm
rpm -ivh fuse-sshfs-2.5-1.el5.rf.x86_64.rpm

2) mount 
mkdir /mnt/backup
sshfs root@<remote-linux-box-ip>:<remote-folder> /mnt/backup -o allow_other

3) rsync with cron
00 1 * * * rsync -r -v /var/adm/CSCOpx/files/rme/dcma/shadow/* /mnt/backup/ >> /root/rsync.log 2>&1

 

note: the remote-folder in the remote-linux-box can be a cifs mount

New Member

cool Ignacio, does this

cool Ignacio, does this procedure also work for the Cisco Prime Infrastructure VA to get CPI2.x CIFS able as well?

New Member

hi sneuser, don't know about

hi sneuser, don't know about prime infrastructure, havent tried it yet.

1610
Views
20
Helpful
13
Replies
CreatePlease login to create content