There are already some great post on how to get VCENTER 6.5 working with a DUO LDAP proxy, but for the life of me I can never get Vcenter to prompt for MFA PUSH. I have audited my DUO Proxy settings. I am able to configure the Auth with LDAP in vcenter when pointing to the DUo Auth proxy and it finds AD users. Any advice is welcome. Thank you.
If you enter a username and password, do you receive an automatic push? I suspect what’s happening is that you are using the [ldap_server_auto] configuration, which defaults to an automatic push or phone callback during LDAP authentication. Alternatively you can add a comma (",") to the end of your password, followed by a Duo passcode. You won’t see the interactive, browser-based Duo Prompt, however, and there is no way to show it in this configuration. So you won’t be prompted for 2FA, but you should still receive an authentication request.
Please let me know if that answers your question or you still need help!
If @Amy’s good suggestions don’t help, I suggest you enable debug logging and see what’s happening during authentication. Some applications perform the LDAP authentication by binding as the service account then as the authenticating user in the same connection, while others may bind as the service account, disconnect, then bind as the authenticating user in a new connection. You can see an example of this in section 22 in this guide to understanding the debug output.