Symptom
Unable to SSH into FTD device using External authentication with Radius. Once the ssh connection is established, the Radius Server authenticates the user, but the SSH session is closed with the following error message:
'This account is currently not available.'
Conditions
FTD device with External Authentication with Radius enabled.
Workaround
Add the users under the shell access filter. As a side effect of adding them to this list, all users will have administrator privileges.
Versions 7.1.X and above are not affected by this issue.
NOTE:
This option is only possible for sensors managed by FMC.
For sensors managed by FDM there are presently no workaround options except for upgrading to 7.1.X versions.
Further Problem Description
As documented in FMC configuration guide, adding users under the shell access filter for FTD is optional. If you want to use the Radius users you have to leave this option empty:
https://www.cisco.com/c/en/us/td/docs/security/firepower/70/configuration/guide/fpmc-config-guide-v70/user_accounts_device.html#id_63531
