ONTAP Discussions

Unable to get Duo two factor working on 9.14.1P1

Stormont
1,014 Views

We already have our clusters connected to Active Directory and I have been using my AD account for SSH logins for years.  Following the steps  https://docs.netapp.com/us-en/ontap/authentication/configure-cisco-duo-mfa-task.html#bypass-duo-authentication-for-users  in we ran:

 

security login duo create -vserver Cardinal -integration-key <ikey here> -secret-key <skey here> -apihost <apihost here>
<create the "Duo Users - NetApps" group in Active Directory>
security login duo group create -vserver Cardinal -group-name "Duo Users - NetApp"

 

However when I SSH to the cluster I am never prompted with a Duo challenge.  "security logon duo show" says that the status is "OK".  We then tried to make a new AD group just called duo_netapp but the same issue exists where we never receive the challenge.

1 REPLY 1

ByronE
20 Views

The following might be applicable.

 

"Cisco Duo two-factor authentication does not authenticate. Even when correctly configured, no prompt for authentication is given at login."

https://kb.netapp.com/on-prem/ontap/Ontap_OS/OS-Issues/CONTAP-233092

 

Public