Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
ramakrishnan
Contributor
Jump to solution

Landing Expert Mode

HI All, 

 

When I login into Security gateway over SSH I am taking to directly to expert prompt login as showing below:

*************************************************************************
[Expert@nwseg1-pd-fw01:0]# pwd
/home/_nonlocl

But when I change to clish and give expert password throwing wrong password. Firewall is integrated with RADIUS (ISE)

My ISE team told I will use same password for login. Am I am landing on expert level, how I can verify I have expert level access. 

When I check our community when I land on nonlocal doesn't get into expert level 

0 Kudos
2 Solutions

Accepted Solutions
Bob_Zimmerman
Authority
Authority

"Expert" is really just BASH with root-level permissions. You can't go from BASH into clish, then back into BASH.

To confirm you have root privileges, run 'whoami'. It should show you are 'admin'.

View solution in original post

the_rock
Legend
Legend

As @Bob_Zimmerman saud, you can run whoami and verify that. By the way, you can always change the mode by below command.

Lets assume admin username is simply admin, command would be as below:

chsh -s /etc/cli.sh admin

You can also do it from web UI from below screen:

 

Screenshot_1.png

 

 [Expert@quantum-firewall:0]# whoami
admin
[Expert@quantum-firewall:0]#

View solution in original post

4 Replies
Bob_Zimmerman
Authority
Authority

"Expert" is really just BASH with root-level permissions. You can't go from BASH into clish, then back into BASH.

To confirm you have root privileges, run 'whoami'. It should show you are 'admin'.

Scottc98
Advisor

" You can't go from BASH into clish, then back into BASH"

- Is that a limitation of an account via Radius or TACACS?      On a local account (i.e Admin), if I set the 'Shell' to '/bin/bash', it does land in BASH upon a SSH login.   Typing 'clish' puts me into clish mode.   If you type 'exit' it does take you back to the shell. (I.e. have to exit twice to end the SSH session if in direct clish mode). 

Am I missing something?       I have inquiry for either TACAC or Radius to avoid 'sharing' the 'expert' password (i.e Admin users direct to BASH; read only users direct to clish) so curious myself if there is some limitations to consider.    

@ramakrishnan   If you are doing Radius, what is the Super User UID you have set under "User Management => Authentication Servers =>"Radius Servers Advance Configuration".  Is it 96 or 0?

0 Kudos
Bob_Zimmerman
Authority
Authority

You can leave clish, but you can't start another BASH session. That is, you can't log in to BASH, then run 'clish' to get into clish, then run 'expert' to get back into BASH. People try that all the time and are confused when they can "no longer get into expert mode".

0 Kudos
the_rock
Legend
Legend

As @Bob_Zimmerman saud, you can run whoami and verify that. By the way, you can always change the mode by below command.

Lets assume admin username is simply admin, command would be as below:

chsh -s /etc/cli.sh admin

You can also do it from web UI from below screen:

 

Screenshot_1.png

 

 [Expert@quantum-firewall:0]# whoami
admin
[Expert@quantum-firewall:0]#

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events