Re: Unable to get Duo two factor working on 9.14.1P1

Stormont · ‎2024-03-28

We already have our clusters connected to Active Directory and I have been using my AD account for SSH logins for years. Following the steps https://docs.netapp.com/us-en/ontap/authentication/configure-cisco-duo-mfa-task.html#bypass-duo-authentication-for-users in we ran:

security login duo create -vserver Cardinal -integration-key <ikey here> -secret-key <skey here> -apihost <apihost here>
<create the "Duo Users - NetApps" group in Active Directory>
security login duo group create -vserver Cardinal -group-name "Duo Users - NetApp"

However when I SSH to the cluster I am never prompted with a Duo challenge. "security logon duo show" says that the status is "OK". We then tried to make a new AD group just called duo_netapp but the same issue exists where we never receive the challenge.

ByronE

The following might be applicable.

"Cisco Duo two-factor authentication does not authenticate. Even when correctly configured, no prompt for authentication is given at login."

https://kb.netapp.com/on-prem/ontap/Ontap_OS/OS-Issues/CONTAP-233092