04-03-2017 01:53 PM
Hi,
We are using duo_unix-1.9.19-0.x86_64.rpm together with Centrify authentication on Red Hat Linux 6.7.
You can see we are doing Centrify authentication first, then DUO authentication:
#%PAM-1.0
auth required pam_env.so
auth [success=1 default=ignore] pam_centrifydc.so
auth sufficient pam_duo.so
auth requisite pam_succeed_if.so uid >= 1000 quiet_success
auth required pam_deny.so
Now we encountered one problem.
We have some special users whose unixname mapped in Centrify is different from their Active Directory canonical name (samAccountName).
Those special users can’t pass through DUO authentication with either name, because both will be converted as their unixname and sent to Duo for verification. Since they registered their AD account on Duo, both will fail.
For example, for user “Binello Sev”:
unixname:binello
uid:4107
gid:23
dn:CN=Binello\, Severino,OU=CAM - Users,OU=CAM,DC=bnl,DC=gov
samAccountName:sev
We tried both:
ssh sev@mytestmachine
ssh binello@mytestmachine
Neither is working, because both will be converted as “binello” and sent to Duo for verification. Since he registered his Active Directory account (sev) on Duo, both will fail.
We are wondering if there is a configuration parameter than can be provided so that the DUO module will forward the samAccountName when authenticating to the DUO server?
Thanks,
Zaiwen
04-05-2017 10:37 AM
Hi there Zaiwen,
While there’s not an officially supported configuration for this, our Support Team will be able to do some in-depth troubleshooting with you and may have a workaround. I recommend you contact them when you have a chance: https://duo.com/support.
Thanks!
09-19-2017 08:05 AM
You may be able to use the new ‘aliases’ feature. In the case of AD sync, it would just be a matter of configuring your custom attribute mapping to use whatever attributes (UPN, SamAccountName, a custom field, etc.) are needed.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide