Wireless Access

Reply
Occasional Contributor II

Rancid & random password generation

Hi guys,

 

I use rancid to backuo configs from WLC7010 (8.0.0.0).


The issue is that random generated passwords on Aruba controller keep changing

<...>
ap system-profile "default"
no ap-console-protection
ap-console-password 9e4c0f6d6c840bab9c98c01d4072a0d4bfda02a27ea15046
bkup-passwords f4cdee53b2e453aae11d86f0a91e70fd4eb086af5a9d6aff3022371cdc7a3707


<..>

A minute later

<..>
ap system-profile "default"
no console-enable
no ap-console-protection
ap-console-password 30cfd03a058fd0520c499fa70987455083a84dd043823225
bkup-passwords 91abf57dff1aa0184bf5701546b33646212bd1982bdc2fc5cf8a3ba8e5960ef2
<..>

 

'f4cdee53b2e453aae11d86f0a91e70fd4eb086af5a9d6aff3022371cdc7a3707' and '91abf57dff1aa0184bf5701546b33646212bd1982bdc2fc5cf8a3ba8e5960ef2' are not matching. This is why I get rancid notifications.

#no ap-console-password
#no bkup-passwords

do not help

 

Can I somehow delete those config lines ?

 

Cheers,
Alex.

 

Guru Elite

Re: Rancid & random password generation

Try "encrypt disable" before backing up your config.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Occasional Contributor II

Re: Rancid & random password generation

Hi cjoseph,

 

Thank you for your reply.

 

There is a problem here 'encrypt disable' will expose WPA passphrases, keys etc to rancid. That is not what I m looking for - all those key still should be copied as hashes or encripted strings.

 

What puzzles me is those string are changing.

Is there any other way to stop generating random key strings in config?

 

Cheers,

Alex.

Guru Elite

Re: Rancid & random password generation

Alex,

 

I am not aware of a way.  Maybe someone else can help.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
New Contributor

Re: Rancid & random password generation

I would think it  might be better to exclude those lines in your Rancid config I have had to perform a similar action in the past. I found a example of someone doing something similar for a ASA.

 

http://router-secrets.net/tools/rancid/rancid-get-rid-of-recurring-changes-of-coredump-cfg-asa/

 

Occasional Contributor II

Re: Rancid & random password generation

I've also done that before. And this password string has popped up in rancid after software upgrade attempt.

 

I'll eclude the string from parser....sigh....

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: