If that experiment I mentioned works to auth you with a passcode, try changing the config on your Authentication Proxy to match what’s in our Duo AWS Workspaces document. Instead, expects to receive just the name of a factor (like push or sms) or just a passcode ( 123456). The reason is because does not expect to receive a factor appended to a password, and it does not perform an automatic push. We have not tested that Amazon VPN configuration I linked, but we did test AWS Workspaces with AWS Managed AD + RADIUS, and in that deployment we recommend instead of.
Here is something you can try: when you get to where you would enter the Duo passcode, try entering some characters as a fake password, followed by a comma and the passcode you want to use - something like this: abc,123456. If you are only typing in the passcode, then the Duo proxy likely thinks the passcode is the password, and since there is no other factor or passcode appended to that string, that it should send an automatic push.
Duo mfa token password#
But, the configuration for the Duo Authentication Proxy expects to receive a string for the password that is just the password and it will send an automatic push or phone call, or the password followed by an appended factor name or passcode, like password,123456.
The Amazon instructions look like it sets up the VPN so it should prompt for a Duo factor separately after primary AD authentication.
Duo mfa token how to#
The community is an area for discussion, but isn’t how you open a case for support (see the post How to contact support and get help for Duo).ĭid you follow these instructions? How can I use Duo with my AWS Managed Microsoft AD to provide multi-factor authentication for end users connecting to an AWS Client VPN endpoint? I don’t have any familiarity with the AWS VPN, but the approach described there seems flawed. Please don’t send me your lab info or configs.
0 kommentar(er)
