Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1624
Views
0
Helpful
1
Replies

Cannot make LDAP and DUO both authenticate

mikehalfogre
Level 1
Level 1

‎12-19-2017 12:20 PM

We have a configuration that currently makes use of DUO, and before we install DUO we ensure a working integration with LDAP for user logins.

Once we install DUO though, and follow the initial documents, we can get the auth requests from DUO … but the password can be any quickly typed keyboard mash and you still log in to the system.

I have tried a few alternate configurations of common-auth and sshd in /etc/pam.d , but none of them seem to allow me to auth with the password , and you then do not get a prompt from DUO

Can someone point me at the right documentation?

Labels:
0 Helpful
1 Reply 1

jsesser
Level 1
Level 1

‎12-22-2017 07:35 AM

Mike,

I’m using this successfully on CentOS 6 and 7 systems in password-auth-ac:

auth required pam_env.so
auth [default=1 success=ignore] pam_localuser.so
auth [success=1 default=ignore] pam_unix.so nullok try_first_pass
auth requisite pam_ldap.so
auth sufficient pam_duo.so
auth required pam_deny.so

This is the only pam change I had to make. Before coming up with this config, I did come up with several that didn’t require passwords at all! The changes to sshd_config follow the documentation.

0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents