Will Duo work with Synology NAS as Active Directory Server in local domain?

I am using a Synology NAS as an Active Directory Server in a local domain and its very annoying that currently have no way to enforce 2FA for logging in to Windows 10 clients. Someone on the Synology forum suggested using Duo and I can’t figure out if that will work. Note that the Synology NAS is based on Samba, but I don’t want to add anything to it that is not vanilla from Synology so I don’t have upgrade issues.

As a second question, if we have less than 10 users, can we use the free version of Duo? If not, which version would work?

As a third question, we have standardized on Google Authenticator for 2FA. Do we need to use the Duo app? If so, can it replace Google Authenticator for other 2FA applications?

Thanks!!

its very annoying that currently have no way to enforce 2FA for logging in to Windows 10 clients

We have an application to add 2FA to Windows Logons: https://duo.com/docs/rdp. We don’t have a way to add 2FA directly to AD.

We do have a way to add 2FA to LDAP logins from applications against a directory server, but this doesn’t apply to Windows itself (like if you had a web application that authenticated against your Synology Samba AD using LDAP, you could put a Duo LDAP proxy in between the web application and the directory server). Learn more about this at https://duo.com/docs/ldap.

To your second question, the Duo free edition is indeed free for up to 10 users, and has a reduced set of features compared to our paid plans (the Windows Logon and LDAP applications are included in the Free plan though).

Thirdly, yes, you must use Duo Mobile with any of Duo’s applications. We don’t support receiving Duo Push login requests with Google Authenticator, or enrolling Google Authenticator as an OTP generating device for Duo.