05-02-2018 01:27 AM
Hello,
I have a Duo working with Palo alto vpn , palo alto uses a duo proxy to use the AD auth.
I have only one user that is getting an error when trying to enter the portal.
Same user works for login to his computer and from the same computer when i use a deferent user it works.
How can i debug it ? , is there a cache or setting that can cause such a problem?
Thanks
Solved! Go to Solution.
11-27-2018 11:43 AM
A good first step is to enable debug logging on your Duo authentication proxy server. Then you can reproduce the issue and check the log file to see what’s happening. Here is a guide to reading the debug output and identifying some common issues.
You can also contact Duo Support for troubleshooting assistance.
11-26-2018 02:33 PM
I encountered a similar problem months ago, and the root cause actually had to do with the Auth Proxy config. file.
The AD client section of the file was configured to use Global Catalog and user experiencing this issue had an account in both the root AD domain and a child AD domain.
When the Global Catalog lookup was being performed, the user would be found in both domains, resulting in an account lookup conflict that prevented authentication from being performed.
Changing the AD client section to use LDAP or removing the user from all domains but the root should resolve the issue.
Check the auth proxy debug logs on the proxy server filesystem in the logs folder.
I’m unsure how your system is configured but I hope the above helps.
11-27-2018 11:43 AM
A good first step is to enable debug logging on your Duo authentication proxy server. Then you can reproduce the issue and check the log file to see what’s happening. Here is a guide to reading the debug output and identifying some common issues.
You can also contact Duo Support for troubleshooting assistance.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide