Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1609
Views
4
Helpful
4
Replies

Create a second local admin user on FTD FDM

rwills
Level 1
Level 1

‎11-20-2024 11:07 AM

I am trying to create a second local admin user on a Cisco FTD device.  It is a standalone device, running version 7.2.8-25, using FDM.  I have no FMC. 

I have tried creating a second admin user in the cli using

configure user add jsmith password config

I have tried creating it in expert mode

sudo su

usertool.pl -p 'jsmith password'

 

The new user does show up in CLI when I run the command 'show user'

 

> show user

Login              UID   Auth Access  Enabled Reset   Exp     Warn    Grace MinL Str Lock Max

admin              100  Local Config  Enabled    No  10000        7  Disabled    8 Ena   No N/A

jsmith           1000  Local Config  Enabled    No  10000        7  Disabled    0 Dis   No   5

 

And it shows up in expert mode when I run 'usertool.pl -d'

root@FTD01:/home/admin# usertool.pl -d

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

*********************************************************

User:jsmith    UserID:10       Real Name:none

Contact:none    Email:none

User is active

The user is human

Password strength checking off

Number of failed login attempts: 0

Max number of failed login attempts: 5

Last Login: Thu Jan  1 00:00:00 1970

Last Failed Login: Thu Jan  1 00:00:00 1970

Last Validate: Thu Jan  1 00:00:00 1970

Last Changed Password:

Hard Expires: ~ 0 days, 0sec

Soft Expires: ~ 0 days, 0sec

*********************************************************

 

But I cannot log into the GUI with this new account. It just says "Unable to authorize access.  If you continue to have difficulty accessing this device, please contact the system administrator"

How do I activate this user for admin GUI access?

 

0 Helpful
4 Replies 4

Rob Ingram
VIP
VIP

‎11-20-2024 11:12 AM

@rwills with FDM as of 7.6 you cannot create additional user accounts for FDM management access. You'd have to use external authentication (i.e. RADIUS)

Jonatan Jonasson
Level 4
Level 4

‎11-20-2024 04:31 PM

As Rob mentioned, you can only use the "admin" user when using locally authenticated users to FDM, as of 7.6

But for reference this is stated in the System Administration -> System Management section of the FDM Config guide:
"You can configure an external authentication and authorization source for users to log into threat defense (HTTPS access). You can use an external server in addition to, or instead of, the local user database and the system-defined admin user. Note that you cannot create additional local user accounts for device manager access."

https://www.cisco.com/c/en/us/td/docs/security/firepower/720/fdm/fptd-fdm-config-guide-720/fptd-fdm-mgmt.html#id_73790

ahollifield
VIP
VIP

‎11-21-2024 04:58 PM

What is the use-case for FDM?  Why not FMC/cdFMC?

0 Helpful

Jonatan Jonasson
Level 4
Level 4
In response to ahollifield

‎11-22-2024 04:03 PM

@ahollifield this topic can be highly religious and probably deserves it's own thread

Jokes aside, and while I can't speak for OP, there are a number of use cases from costs/logistics/operational and competitive standpoints to use FDM and not FMC.
Personally I would use FDM in more places if it had close to feature parity with FMC for single-box or single-pair environments.

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card