Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1407
Views
0
Helpful
7
Replies

Cisco DUO problem with AD

Chatchawan
Level 1
Level 1

‎07-21-2023 04:07 AM

Dear All

  I would like your support, I used Cisco DUO , integrate with Local Microsoft active directory, we have schedule to sync information every 8 Hrs.  but we found issue , when our user change password from their computer , but after 8 hrs pass, they go to home and try to used VPN, Cisco duo away inform can not login, we try to manual sync.it still not working  , for work around we need to reset user's password on Active directory console then sync manual to cisco duo  

 

  where I can get log to check what is root cause of these problem, and how to fix it 

Labels:
0 Helpful
7 Replies 7

DuoKristina
Cisco Employee
Cisco Employee

‎07-21-2023 06:42 AM

I don't quite understand your problem. Duo's directory sync does not sync in any of your users' passwords. Today Duo does not store any of your users' passwords.

How is your VPN performing primary authentication?

Duo, not DUO.
0 Helpful

Chatchawan
Level 1
Level 1

‎07-22-2023 07:14 AM

We used VPN that have  MFA, first Authenticator is  our local Microsoft Active directory ,  2nd Authenticator is Cisco Duo

my problem is , when user change password from these notebook in office, when they go back home and try to connect vpn with new password , it's can not login. on Duo console is show password is wrong. ( schedule sync is work, no error ) , for work around I reset their password from local AD console, and manual sync to cisco duo, user can login VPN, and duo is working 

0 Helpful

DuoKristina
Cisco Employee
Cisco Employee
In response to Chatchawan

‎07-25-2023 07:01 AM

Sorry, you're not providing enough information to assist you. What is your VPN? Did you add Duo to your VPN using LDAP, RADIUS, or SAML? What client do your users launch on their laptops to connect? 

Duo, not DUO.
0 Helpful

Chatchawan
Level 1
Level 1
In response to DuoKristina

‎07-27-2023 03:12 AM

Dear DuoKristina

   Our firewall is Paloalto, our VPN used RADIUS authenticate,  Radius Server setting  is point to local server that install cisco duo proxy server 

0 Helpful

DuoKristina
Cisco Employee
Cisco Employee
In response to Chatchawan

‎07-27-2023 12:06 PM - edited ‎07-27-2023 12:06 PM

Thanks for this extra detail.

In the configuration you describe (users synced into Duo from AD; Palo Alto pointing to Duo Authentication Proxy as a RADIUS server) there is absolutely nothing Duo is doing to store or cache the AD passwords for your users. Duo also maintains no record of when a user last set their AD password; that information is never sent to Duo during authentication or directory sync.

I suggest you contact Duo Support for more help diagnosing the situation.

Duo, not DUO.
0 Helpful

dwalker1
Level 1
Level 1

‎07-24-2023 05:48 AM

We started using duo sso and if we change a AD setting for a user, lets say the "Log In to.." setting to restrict what computer that user should RDP to once they establish a vpn connection, they are greeted with invalid credentials when trying to authenticate with sso.

0 Helpful

DuoKristina
Cisco Employee
Cisco Employee
In response to dwalker1

‎07-25-2023 07:04 AM

Correct, if the LDAP bind for a user via your configured Duo SSO AD authentication server(s) fails (including due to workstation restriction) it will be reported as invalid creds.

Duo, not DUO.
0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents