I have a Duo working with Palo alto vpn , palo alto uses a duo proxy to use the AD auth.
I have only one user that is getting an error when trying to enter the portal.
Same user works for login to his computer and from the same computer when i use a deferent user it works.
How can i debug it ? , is there a cache or setting that can cause such a problem?
I encountered a similar problem months ago, and the root cause actually had to do with the Auth Proxy config. file.
The AD client section of the file was configured to use Global Catalog and user experiencing this issue had an account in both the root AD domain and a child AD domain.
When the Global Catalog lookup was being performed, the user would be found in both domains, resulting in an account lookup conflict that prevented authentication from being performed.
Changing the AD client section to use LDAP or removing the user from all domains but the root should resolve the issue.
Check the auth proxy debug logs on the proxy server filesystem in the logs folder.
I’m unsure how your system is configured but I hope the above helps.
A good first step is to enable debug logging on your Duo authentication proxy server. Then you can reproduce the issue and check the log file to see what’s happening. Here is a guide to reading the debug output and identifying some common issues.
You can also contact Duo Support for troubleshooting assistance.