01-17-2018 05:22 PM
I installed duo to a bunch of new unix systems the other night and now I am discovering that all of them are failing to let me in. I’m currently experimenting with login_duo (yes I know I should switch to pam, avoid that for now) and it appears SSH let’s me in and then the call to /usr/sbin/login_duo does nothing. If I manually run login_duo from the command line it returns nothing.
How do I figure what’s failing here? It was all working the other day. In fact, a server I setup 3 YEARS ago is suddenly not working either. I’m having a hard time finding anything in any logs to show me what to look at.
01-17-2018 05:27 PM
Welp, solved my own problem just after posting this (as usual)
I finally found -d on login_duo and it reported one simple message: “Your account has been locked out due to excessive authentication failures. Please contact your administrator.”
How was it this difficult to actually be told my account was locked. Not a single notification anywhere.
01-18-2018 11:11 AM
The Duo account owner can specify whether to send notifications to administrators about user lockouts. You can see how to configure this here.
We’ll examine returning information about account lockout in the prompt without using the debug flag.
Thanks for using Duo!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide