Duo & Sonicwall TZ - 6 digit code works, but not getting push

rtimmons · ‎05-22-2020

I’ve got Duo configured and working with a Sonicwall TZ firewall. Users can get synced over LDAP & login using their domain password. Using NetExtender, user can login and get prompted to put in the 6 digit code. Then they get logged onto the VPN.

I’m trying to understand why it’s prompting for the code rather than simply pushing to the mobile device.

Any help would be appreciated.

My config:

[main]
test_connectivity_on_startup=true
debug=true

[ad_client]
host=(IP Address)
service_account_username=serviceaccountname
service_account_password=serviceaccountpassword
search_dn=dc=sample,dc=local
ikey=IKEY
skey=SKEY
api_host=APIHOST

[ldap_server_auto]
port=xxx (nonstandard LDAP port)
ikey=IKEY
skey=SKEY
api_host=APIHOST
client=ad_client
failmode=safe
exempt_primary_bind=false

Amy2 · ‎05-26-2020

Hi there! For Sonicwall TZ, you should use our generic RADIUS instructions, and be sure to configure the proxy for Active Directory/LDAP as your primary authenticator. @DuoKristina shared more info on this particular configuration in a past answer here, so I suggest checking that topic out for details. I hope that helps!

Edit: oh, and let us know if you have other questions. I’m not an expert on this topic, but perhaps others can weigh in.