Comments (4)
Hi @elitegoodguy,
What version of Duo Unix did you try this with? The most recent release?
Also, to make sure I understand your expectations, are you specifying a groupname or a !groupname?
groups=foo
means only apply Duo 2FA to members of foo
; users whose group membership does not include foo
will bypass 2FA.
from duo_unix.
Sorry left that out... It's login_duo 1.12.0
That is correct I attempted groups=users,!wheel
For all users except for those in the wheel group. Maybe put the AD group that I am in? groups="Domain Users",!wheel ? I have not tried that yet.
from duo_unix.
I resolved it It was that it was allowing them through regardless of the group. You can either be included or excluded... If you are not in any group that's included you're automatically considered excluded and do not need to have 2fa. I found that once I added in a valid group name that I am 100% included then it works.
This works just fine for me because it says everyone on the domain needs duo 2fa to get into this server except for root. My login rules will lock it down further to restrict it to a certain group and allow root to login local only.
groups=domain\ users,!root
from duo_unix.
@elitegoodguy Looks like you go this working to your satisfaction, so I'll close this out. Let us know if you run into any other issues, and thanks for using Duo!
from duo_unix.
Related Issues (20)
- Feature request: default PAM / authselect profiles HOT 4
- Critical Vulnerability: Default Configuration Can Leave Unenrolled Accounts (Including 'root') Exposed HOT 3
- RHEL 9 / Centos 9 are missing in repo HOT 2
- Are there any tips as to how to get NetDrive or SSHFS to work with pam_duo? HOT 2
- Autopush should be configurable by device, not globally HOT 2
- login_duo: no selection output and automatically pushes to first phone in list with eternal terminal HOT 2
- duo_unix-1.12.1-4.el8 and setuid HOT 3
- Duo Unix 2.x RPM Digests on RHEL 8 with FIPS enabled HOT 7
- Feature request: behavior in situation of missing conf file and not member of groups directive HOT 4
- Bbbb
- More of a feature request, would like to have ,push# implemented like the Fortinet VPN module has HOT 2
- PAM_SUCCESS returned for non-duo users instead of PAM_IGNORE HOT 8
- /usr/sbin/login_duo returning no such file or directory after fresh install of duo HOT 1
- Manpages (login_duo/login_duo.8, pam_duo/pam_duo.8) hardcodes /etc instead of adjusting path according to --prefix
- Choice of the second factor should have a default value
- 8.8.8.8 DNS Server is hardcoded
- duo_unix not working with openssl 3.0.8 HOT 4
- Order of DUO Devices Displayed Incorrectly for Users with 10 or More Devices HOT 3
- Duo UNIX PAM module failing on AIX
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from duo_unix.