topic Finally I did open a case in Network Security

FMC access to Shell via External Authentication server

rafaelteran — Fri, 21 Feb 2020 14:02:44 GMT

Hi,

I have an FMC running version 6.1. I have created a new Radius server from System >> Users >> External Authentication. I have added some users to "Administrator" role I can successfully log in to the GUI.

But I have also added those users to "Administrator Shell Access User List" and then enabled the Radius server in the Shell Authentication drop down, but I cannot access the FMC CLI with the same Radius user.

In the System >> Monitoring >> Syslog I can see:

Apr 04 2017 15:46:01 <hostname> sshd[1967]: Failed password for <radius_user> from X.X.X.X port 50626 ssh2

Thanks and regards

I believe the users added in

Marvin Rhoads — Tue, 04 Apr 2017 16:28:35 GMT

I believe the users added in the GUI are only GUI users.

To add shell users (either locally or externally authenticated), you should add them from the shell with "sudo useradd".

Using "sudo useradd
rafaelteran — Wed, 05 Apr 2017 08:23:10 GMT

Using "sudo useradd <radius_user>" doesn't seem to work. Still not able to authenticate the user via CLI, with the same error in the even log.

Interesting. There should be

Marvin Rhoads — Wed, 05 Apr 2017 08:25:38 GMT

Interesting. There should be an accounting record on your RADIUS server for the failed atempt. What does it tell you?

Finally I did open a case

rafaelteran — Tue, 20 Jun 2017 17:33:27 GMT

Finally I did open a case with TAC and they reported the bug CSCve60272, which is not yet solved in version 6.2.1

Thanks for the update. I've

Marvin Rhoads — Wed, 21 Jun 2017 02:44:24 GMT

Thanks for the update. I've added that one to my notifications.