I have a question about Firepower local users. I see one local user admin but in document there is another local user called casuser. I was looking about casuser in Cisco website but no luck. Could you please help me about "casuser" in IPS module and what command I need to use to see it.
"casuer" is an internal username that the Firepower code uses when making changes to the system via a deployment job.
You can see it in the underlying Linux OS as follows:
Cisco Fire Linux OS v6.4.0 (build 2) Cisco Firepower Management Center for VMWare v188.8.131.52 (build 34) admin@fmc:~$ sudo su - Password: root@fmc:~# cat /etc/passwd root:x:0:0:Operator:/root:/bin/sh bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin mysql:x:27:27:MySQL:/var/lib/mysql:/sbin/nologin nobody:x:99:99:nobody:/:/sbin/nologin sshd:x:33:33:sshd:/:/sbin/nologin www:x:67:67:HTTP server:/var/www:/sbin/nologin sfrna:x:88:88:SF RNA User:/Volume/home/sfrna:/sbin/nologin snorty:x:90:90:Snorty User:/Volume/home/snorty:/sbin/nologin sfsnort:x:95:95:SF Snort User:/Volume/home/sfsnort:/sbin/nologin sfremediation:x:103:103::/Volume/home/remediations:/sbin/nologin admin:x:100:100::/Volume/home/admin:/bin/sh casuser:x:101:104:CiscoUser:/var/opt/CSCOpx:/sbin/nologin lamplighter:x:110:110::/var/opt/lamplighter:/bin/sh user1:x:1000:201::/Volume/home/user1:/bin/bash root@fmc:~#
Thank you Marvin for your quick response. I have another question for you. I have GUI access to FMC but do not have CLI access to FMC using same credentials. Please help me.
The GUI and cli credentials are separate - even if you are using the username "admin" for each.
Password recovery steps for the various scenarios are described in detail here: