08-15-2020 01:26 PM
I have used Admin password to login to CLI on FTD's since they were built & can access expert mode. But just tried to run an upgrade readyness check at CLi & it says I don't have privilege so tried sudo to root & none of the passwords I have configured work, including the default one.
I changed the admin account password when the box was built, but never added a separate root password, as I don't recall it being in the build docs.
Any ideas ?
Solved! Go to Solution.
08-15-2020 08:18 PM
08-15-2020 08:18 PM
08-17-2020 01:47 AM
08-17-2020 07:10 PM
08-18-2020 01:42 AM
Yes, now working but requires specific "sudo su" rather than the "su -" I'm more accustomed to.
I assumed it was not working because typing just "sudo" or "su -" both returned the password prompt, but would NOT accept the admin password !
Many thanks.
Chris.
08-18-2020 06:11 PM
08-19-2020 01:29 AM
Hi Francesco,
I think you misunderstood my last reply, it is now WORKING :)
Thanks
Chris
08-19-2020 06:42 PM
01-27-2021 11:07 PM
Hi i have the same problem , but in my fp1010 i have not allowed use the command sudo or su , i am trying to type sudo pmon stop and it is failing , if i type without sudo the command runs but asking for a password if i type the admin password show the mesages :Password:
Sorry, user admin is not allowed to execute '/usr/bin/pkill -SIGUSR1 pmon' as root
pls need help , thanks in advance.
01-28-2021 12:46 AM
Hi Vanjulen1,
I think your issue is the same as mine, i.e. previous experience with Unix/Linux. Ignore what you know, the FTD platform is NOT the same, its close, but different.
Do NOT use sudo or su - to initiate Root commands, they won't work. You need to change context first then issue your root commands.
So login as admin via SSH to CLi, then issue sudo su followed by the admin user password to change context to Root user.
This worked for me, now issue your required commands without the "sudo" precursor, so your command "sudo pmon stop" becomes "pmon stop" because you are now issuing it as the root user.
I hope that works for you.
Regards
01-28-2021 03:38 AM
Hi Ida71 when i try to type sudo su always show error " invalid command" , i am using a console , because the DME is crashed am i need restart the pmon service , but i have no idea how to login or use the sentence like a root user.
thanks fo all.
01-28-2021 04:19 AM
@Vanjulen1 you are trying to run the command from FXOS. That's different than running it from FTD. The "sudo" instructions are specific to FTD as it has Linux underlying in expert mode. FXOS should not require sudo.
I don't have a 1010 handy but here is the example on a Firepower 1120 running FTD 6.7:
fp1120-v-1(local-mgmt)# show pmon state SERVICE NAME STATE RETRY(MAX) EXITCODE SIGNAL CORE ------------ ----- ---------- -------- ------ ---- svc_sam_dme running 0(4) 0 0 no svc_sam_dcosAG running 0(4) 0 0 no svc_sam_portAG running 0(4) 0 0 no svc_sam_statsAG running 0(4) 0 0 no httpd.sh running 0(4) 0 0 no svc_sam_sessionmgrAG running 0(4) 0 0 no sam_core_mon running 0(4) 0 0 no svc_sam_svcmonAG running 0(4) 0 0 no svc_sam_serviceOrchAG running 0(4) 0 0 no svc_sam_appAG running 0(4) 0 0 no svc_sam_envAG running 0(4) 0 0 no fp1120-v-1(local-mgmt)# fp1120-v-1(local-mgmt)# fp1120-v-1(local-mgmt)# fp1120-v-1(local-mgmt)# pmon start Start operation stop Stop operation fp1120-v-1(local-mgmt)# pmon stop fp1120-v-1(local-mgmt)# show pmon state SERVICE NAME STATE RETRY(MAX) EXITCODE SIGNAL CORE ------------ ----- ---------- -------- ------ ---- svc_sam_dme terminated 0(4) 0 0 no svc_sam_dcosAG terminated 0(4) 0 0 no svc_sam_portAG terminated 0(4) 0 0 no svc_sam_statsAG terminated 0(4) 0 0 no httpd.sh killed 0(4) 0 0 no svc_sam_sessionmgrAGterminated 0(4) 0 0 no sam_core_mon terminated 0(4) 0 0 no svc_sam_svcmonAG terminated 0(4) 0 0 no svc_sam_serviceOrchAGterminated 0(4) 0 0 no svc_sam_appAG terminated 0(4) 0 0 no svc_sam_envAG terminated 0(4) 0 0 no fp1120-v-1(local-mgmt)# fp1120-v-1(local-mgmt)# fp1120-v-1(local-mgmt)# pmon start fp1120-v-1(local-mgmt)# fp1120-v-1(local-mgmt)# fp1120-v-1(local-mgmt)# show pmon state SERVICE NAME STATE RETRY(MAX) EXITCODE SIGNAL CORE ------------ ----- ---------- -------- ------ ---- svc_sam_dme running 0(4) 0 0 no svc_sam_dcosAG running 0(4) 0 0 no svc_sam_portAG running 0(4) 0 0 no svc_sam_statsAG running 0(4) 0 0 no httpd.sh running 0(4) 0 0 no svc_sam_sessionmgrAG running 0(4) 0 0 no sam_core_mon running 0(4) 0 0 no svc_sam_svcmonAG running 0(4) 0 0 no svc_sam_serviceOrchAG running 0(4) 0 0 no svc_sam_appAG running 0(4) 0 0 no svc_sam_envAG running 0(4) 0 0 no fp1120-v-1(local-mgmt)#
If you are unable to run the commands as I demonstrated, perhaps opening a TAC case would be useful. Even if you could run them, you should not be having to run those commands normally.
01-28-2021 04:41 AM
Hi Marvin thanks for you reply , i have a cisco tac , and the last workaround is , i have to stop the pmon service , but if i use the command show pmon state , dont do nothing , it doent show any result only return the prompt , and when i try to stop the service , asking me for a password and i use the admin password , and after that , show the errorSorry, user admin is not allowed to execute '/usr/bin/pkill -SIGUSR1 pmon' as root on
I need some help , thanks in advance.
01-28-2021 04:48 AM
If you are working with TAC, it would be most effective to continue doing so. If the current engineer is unable to assist then request escalation to a more senior engineer or lead.
You didn't mention what version of software you are running.
08-16-2020 04:55 AM
My experience matches @Francesco Molino .
When you say you changed the admin password do you mean the standard prompt to do so during initial setup or did you use some other method?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide