Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
656
Views
0
Helpful
1
Replies

Duo LInux two-factor and Windows AD domain users

skylin3r92
Level 1
Level 1

‎02-02-2023 02:33 PM

We’ve implemented Duo two-factor authentication (pam_duo) on our Linux machines.

We’re looking into adding our Linux machines into our Windows active directory. After adding one of our Linux machines to our AD, I’ve noticed that the local user 2FA no longer is required when signing in but is required for admin privilege (sudo).

Is there a way still apply two-factor authentication for local and domain accounts?

For our domain users, we are authenticating with another third-party vendor.

0 Helpful
1 Reply 1

Gurgling6866
Level 1
Level 1

‎06-29-2023 08:24 AM

you’ll need to run the selinux/semodule portion from the pam_duo instruction.
Mount to the installation folder then run

sudo make -C pam_duo semodule
sudo make -C pam_duo semodule-install
sudo setsebool -P pam_duo_permit_local_login on

verify the semodule is installed successfully by running

semodule -l | grep duo

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents