Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 5 subscribers
  • Views 8144 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Duo 2FA + SophosUTM .. Half works.

Zak P

Hi all

 

I have setup Duo 2FA to work with the Sophos, as per Duo's and Sophos's guide here:

https://community.sophos.com/kb/en-us/127334

 

 

I have the Duo Proxy using AD_client and it successfully authenticates me on the Duo Web Portal :

 

 

When I log into the User Portal, I use my full email address from AD e.g. xxx@xxx.com , and my AD password.

I then receive a Push notification from Duo. I then click Accept, and then it takes me through to the OTP screen.

 

 

 

 

How come it is requesting me to setup a OTP  ? If I go ahead and add the QR code into Duo or Google Authenticator, I still see the same screen when logging in e.g. the OTP page with the QR code keeps looping around as such.

 

What I want to do is have all users be able to log into the both Portal, and the SSL-VPN using their Active Directory Usernames (which is their email address), and passwords from AD, and have Duo do the 2FA. At the moment, it seems like it still wants 2FA passwords?

 

Any ideas on this? Is it possible to have both OTP and Duo 2FA working at the same time too?

 

Thanks 



This thread was automatically locked due to age.
Parents
  • 0

    I read the link describing how to setup this combination of DUO and Sophos. Are you entering your password and then add a comma (,) followed by the OTP value as described in the document?

    Standard config if you conifgure OTP in Sophos and you "forget" to enter the OTP, you'll get to the screen with the QR-code to indicate you "forgot" to enter the OTP.

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • 0 in reply to apijnappels

    Thanks for that

     

    Yes I tried with Username + Password,123456   .. Still takes me to the OTP screen.

     

    Maybe I need to completely disable OTP ? (abit hard being a production firewall - would be nice to know if they can work together e.g. co-exist OTP vs Radius) first 

Reply
  • 0 in reply to apijnappels

    Thanks for that

     

    Yes I tried with Username + Password,123456   .. Still takes me to the OTP screen.

     

    Maybe I need to completely disable OTP ? (abit hard being a production firewall - would be nice to know if they can work together e.g. co-exist OTP vs Radius) first 

Children
No Data
Unfiltered HTML