REST call to always-on sandbox does not authenticate correctly

[juliogomez]

Using curl against the always-on sandbox device does not seem to authenticate correctly with the provided username & password.

$ curl -vk \
-u root:cisco123 \
-H "accept: application/yang-data+json" \
https://ios-xe-mgmt.cisco.com:9443/restconf/data/interfaces/interface\=GigabitEthernet2
*   Trying 64.103.37.51...
* TCP_NODELAY set
* Connected to ios-xe-mgmt.cisco.com (64.103.37.51) port 9443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* NPN, negotiated HTTP1.1
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Unknown (67):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: CN=IOS-Self-Signed-Certificate-3053958489
*  start date: Apr  5 10:47:55 2018 GMT
*  expire date: Jan  1 00:00:00 2020 GMT
*  issuer: CN=IOS-Self-Signed-Certificate-3053958489
*  SSL certificate verify result: self signed certificate (18), continuing anyway.
* Server auth using Basic with user 'root'
> GET /restconf/data/interfaces/interface=GigabitEthernet2 HTTP/1.1
> Host: ios-xe-mgmt.cisco.com:9443
> Authorization: Basic cm9vdDpjaXNjbzEyMw==
> User-Agent: curl/7.54.0
> accept: application/yang-data+json
>
< HTTP/1.1 401 Unauthorized
< Server: nginx
< Date: Mon, 15 Oct 2018 10:30:03 GMT
< Content-Type: application/yang-data+json
< Transfer-Encoding: chunked
< Connection: close
* Authentication problem. Ignoring this.
< WWW-Authenticate: Basic realm="restconf"
< Vary: Accept-Encoding
<
{
  "errors": {
    "error": [
      {
        "error-tag": "access-denied",
        "error-type": "protocol"
      }
    ]
  }
}
* Closing connection 0
* TLSv1.2 (OUT), TLS alert, Client hello (1):

[juliogomez]

I see it works fine with the password provided in the 'curl_examples.sh' file:

curl -vk \
  -u root:D_Vay\!_10\& \
  -H 'accept: application/yang-data+json' \
  https://ios-xe-mgmt.cisco.com:9443/restconf/data/ietf-interfaces:interfaces/interface\=GigabitEthernet2

It might be good to clarify in the "Get started" - "DevNet sanbox" section of 'REST APIs part 1', that you should not use the password from the video example, and check the 'curl_examples.sh' file.

[hpreston]

The passwords in the sandboxes can change from the video recordings. The code examples and notes on Sandboxes have been updated or to mention cases where there are differences.