I support a couple of offices where we have implemented DUO with LDAP authentication for WatchGuard Firewall and SSLVPN client. Authentication works fine with PUSH notifications and SMS codes for all offices. I have a couple of offices where the phone call back option does not work tho. It works in some offices, but not others. All configs appear to be similar at each location, but on 2 of these offices, the phone call back just doesn’t work. I get the following error in the logs:
2019-03-05T13:11:46-0600 [HTTPPageGetter (TLSMemoryBIOProtocol),client] [Request from 192.168.2.254:41594] Duo authentication returned ‘deny’: ‘Incorrect passcode. Please try again.’
2019-03-05T13:11:46-0600 [HTTPPageGetter (TLSMemoryBIOProtocol),client] [Request from 192.168.2.254:41594] Incorrect passcode. Please try again.
Same user can use PUSH or SMS or the DUO app on the phone and enter the passcode manually, but the phone call back just doesn’t seem to be working. No issues with telephony credits either. I’ve tried multiple users at the effecting office and phone call back does not work for anyone.