Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
726
Views
0
Helpful
1
Replies

Active Directory - not getting group and users

NocturnaLearner
Level 1
Level 1

‎09-30-2022 09:32 AM

The proxy is able to query Active Directory but as soon as I try and get users from a specific group it errors out:

[error] The Auth Proxy did not get results searching for users in DN DC=company,DC=org using the filter (&(|(memberof=CN=Duo Users,OU=Users,DC=company,DC=org))(|(&(objectClass=user)(objectCategory=person))(objectClass=inetOrgPerson)(objectClass=organizationalPerson))). It is likely that Duo would not be able to find specific users during authentication. Please confirm that DC=company,DC=org is the correct, fully qualified DN and that users should pass the filter.

[error] The Auth Proxy was not able to find the DN CN=Duo Users,OU=Users,DC=company,DC=org. Please confirm that DN exists and is accessible.

[ad_client]
host=10.1.1.2
host_2=10.1.1.3
service_account_username=duo
service_account_password=XXXXXXXXXXXX
search_dn=DC=company,DC=org
security_group_dn=CN=Duo Users,OU=Users,DC=company,DC=org

Once I remove the security_group_dn everything validates properly so I know it is binding to AD just fine.

Thank you for your help!

Labels:
0 Helpful
1 Reply 1

NocturnaLearner
Level 1
Level 1

‎09-30-2022 09:53 AM

Never mind, I overlooked the fact that the Users folder is actually a container and not an OU hah!

0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents