03-08-2022 09:23 AM
Hi, the task is simple but I cant get it work. I want to use Duo with anyconnect. The requirements are:
is it something like this possible?
03-08-2022 09:42 AM
I have the same setup except password management (disabled) & OTP (we only use push without any intervention from users). But, as explained here, if some of your users want to use OTP, they may add ,<passcode>
after ther AD password.
For example:
username: bob
password: hunter2,123456
I set it up in the way below:
Regards,
Antony
03-09-2022 07:04 AM
Hi Antony
if you type the OTP in the same line with the password then it is the different setup. I had it like this before but when I enabled password management, the OTP stopped working I believe because of MSCHAP. The requirement is to have 3rd line for OTP, they don’t want to have OTP within password line.thank you
03-09-2022 08:48 AM
Hi @Peter_Matuska,
You may have to follow this guide.
It is about ASA, ISE & Symantec VIP but I’m pretty sure you may adapt it to match your need.
HTH,
Antony
03-16-2022 02:44 PM
So in this case it isn’t Duo that is requiring input into the second password field.
You didn’t say but I am going to assume you are using an ASA.
When you set up separate primary and secondary authentication on the connection profile then the ASA won’t proceed without input in that second password field. At that point it has no idea that the secondary AAA server in the server group you picked is a Duo Authentication Proxy or some other LDAP server or something else entirely. It just knows you configured secondary auth so therefore it needs a password to send to the AAA server.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide