cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
955
Views
20
Helpful
6
Replies

FMC new local admin cannot console or SSH

tato386
Level 6
Level 6

I created a second admin account on my FMC 7.1 but it only works with the GUI.  When I try to use the console I get "login incorrect" and when I try SSH I get "access denied". Any ideas?

TIA,
Diego

1 Accepted Solution

Accepted Solutions

@tato386 actually it only appears to synchronise the password when initially setting up the system.

admin user—The FMC supports two different internal admin users: one for the web interface, and another with CLI access. The system initialization process synchronizes the passwords for these two admin accounts so they start out the same, but they are tracked by different internal mechanisms and may diverge after initial configuration

https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/admin/710/management-center-admin-71/system-users.html#id_63534

 

View solution in original post

6 Replies 6

@tato386 internal FMC user accounts can only access the web GUI, not the CLI. You must use an external user (LDAP or RADIUS) which can login to GUI or CLI.

https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/admin/710/management-center-admin-71/system-users.html#id_63534

FYI, there are actually 2 "admin" (the default admin account) accounts on the FMC, one with web access and the other for CLI access, the password is synchronised.

Is this new to 7.x?  I believe I was able to do this with 6.x but don't have any 6.x systems around anymore to test.  What about if I need a 2nd local admin on the FMC?  Maybe there is a manual procedure to create one?

Thanks,

You mentioned that the two account passwords are synchronized but I just changed the GUI password and CLI is still old password.  Is this normal?  Maybe I have to wait for some process to do its thing?

@tato386 actually it only appears to synchronise the password when initially setting up the system.

admin user—The FMC supports two different internal admin users: one for the web interface, and another with CLI access. The system initialization process synchronizes the passwords for these two admin accounts so they start out the same, but they are tracked by different internal mechanisms and may diverge after initial configuration

https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/admin/710/management-center-admin-71/system-users.html#id_63534

 

understood.  thank you sir!

  

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: