07-20-2022 08:37 AM
HI all
Am hoping for a little advice
I have recently setup our DNS server which uses openLDAP to connect to our Debian DuoProxy server to authenticate against the AD
I have managed to get it to work but there is no 2fa Prompt(we are looking at making the DNS control panel accessible to the WEB and want to 2fa for added protection)
When i add exempt_ou_1=CN=duo_ldap,OU=users,DC=AD,DC=Webnetism,DC=com
exempt_primary_bind=false
it fails right away
if i then delete the above lines or change
exempt_primary_bind=true it log in fine.
my config is as follows
[ad_client]
host=192.168.0.0(my ldap ad server ip)
service_account_username=duo_ldap
service_account_password=***********
search_dn=DC=AD,DC=example,DC=com
[ldap_server_auto]
client=ad_client
ikey=*****************
skey=*****************
api_host=**********************
exempt_ou_1=CN=duo_ldap,OU=users,DC=AD,DC=example,DC=com
exempt_primary_bind=false
failmode=safe
port=389
any advice would be greatly appreciated.
07-20-2022 11:02 AM
Hello Chayne, welcome to our Duo Community!
I’m sorry to hear you’re having issues with the Duo prompt. Before making any changes, I would recommend that you enable debug logging and check the log output to see if that provides some answers.
One probable explanation is that your server can’t find your users because the proxy is defaulting to look for AD attributes. Specifying the username_attribute
on the client to the openLDAP attribute that holds your Duo usernames would resolve this issue.
This community thread deals with a similar issue and will further clarify how to troubleshoot in this situation.
I hope this helps, let me know if you have any further questions.
07-21-2022 01:18 AM
Hi ldubravec
Many thanks for your assistance.
What i did in the end was to add security_group_dn under the ad_client part
along with the two exempt entries
and i had to enroll my mobiles with the help of the authproxy.log file
but now i am receiving Duo prompts for my ldap sign ins
thank you for your direction
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide