FMC access to Shell via External Authentication server

rafaelteran · ‎04-04-2017

Hi,

I have an FMC running version 6.1. I have created a new Radius server from System >> Users >> External Authentication. I have added some users to "Administrator" role I can successfully log in to the GUI.

But I have also added those users to "Administrator Shell Access User List" and then enabled the Radius server in the Shell Authentication drop down, but I cannot access the FMC CLI with the same Radius user.

In the System >> Monitoring >> Syslog I can see:

Apr 04 2017 15:46:01 <hostname> sshd[1967]: Failed password for <radius_user> from X.X.X.X port 50626 ssh2

Thanks and regards

Marvin Rhoads · ‎04-04-2017

I believe the users added in the GUI are only GUI users.

To add shell users (either locally or externally authenticated), you should add them from the shell with "sudo useradd".

rafaelteran · ‎04-05-2017

Using "sudo useradd <radius_user>" doesn't seem to work. Still not able to authenticate the user via CLI, with the same error in the even log.

Marvin Rhoads · ‎04-05-2017

Interesting. There should be an accounting record on your RADIUS server for the failed atempt. What does it tell you?

rafaelteran · ‎06-20-2017

Finally I did open a case with TAC and they reported the bug CSCve60272, which is not yet solved in version 6.2.1

Marvin Rhoads · ‎06-20-2017

Thanks for the update. I've added that one to my notifications.