cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
265
Views
20
Helpful
6
Replies

FMC new local admin cannot console or SSH

tato386
Frequent Contributor
Frequent Contributor

I created a second admin account on my FMC 7.1 but it only works with the GUI.  When I try to use the console I get "login incorrect" and when I try SSH I get "access denied". Any ideas?

TIA,
Diego

1 Accepted Solution

Accepted Solutions

@tato386 actually it only appears to synchronise the password when initially setting up the system.

admin user—The FMC supports two different internal admin users: one for the web interface, and another with CLI access. The system initialization process synchronizes the passwords for these two admin accounts so they start out the same, but they are tracked by different internal mechanisms and may diverge after initial configuration

https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/admin/710/management-center-admin-71/system-users.html#id_63534

 

View solution in original post

6 Replies 6

Rob Ingram
VIP Master VIP Master
VIP Master

@tato386 internal FMC user accounts can only access the web GUI, not the CLI. You must use an external user (LDAP or RADIUS) which can login to GUI or CLI.

https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/admin/710/management-center-admin-71/system-users.html#id_63534

FYI, there are actually 2 "admin" (the default admin account) accounts on the FMC, one with web access and the other for CLI access, the password is synchronised.

tato386
Frequent Contributor
Frequent Contributor

Is this new to 7.x?  I believe I was able to do this with 6.x but don't have any 6.x systems around anymore to test.  What about if I need a 2nd local admin on the FMC?  Maybe there is a manual procedure to create one?

Thanks,

tato386
Frequent Contributor
Frequent Contributor

You mentioned that the two account passwords are synchronized but I just changed the GUI password and CLI is still old password.  Is this normal?  Maybe I have to wait for some process to do its thing?

@tato386 actually it only appears to synchronise the password when initially setting up the system.

admin user—The FMC supports two different internal admin users: one for the web interface, and another with CLI access. The system initialization process synchronizes the passwords for these two admin accounts so they start out the same, but they are tracked by different internal mechanisms and may diverge after initial configuration

https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/admin/710/management-center-admin-71/system-users.html#id_63534

 

tato386
Frequent Contributor
Frequent Contributor

understood.  thank you sir!

  

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers