- This topic has 4 replies, 2 voices, and was last updated 4 years, 5 months ago by
.
-
Posts
-
So I thought this would be simple. We use Cisco Anyconnect with Duo MFA. The process of connecting the VPN on a laptop is as simple as entering username, password and the word ‘push’ in the ‘Second Password’ field of the Anyconnect VPN Client.
I’m having play with a Wyse / Dell 3010 with ThinOS 8.4.something and setting up OpenConnect VPN. I can get it to work fine if I disable DUO MFA for the account I’m playing with, but when its enabled you do not get the ‘Second Password’ field to type in ‘push’. Now I get that the second password field might not be supported in the GUI and was hoping there would be something in the confgen for this OR just something I can add to the serialnumber.ini files in the ‘inc’ folder.
Anyone got this working or is it MFA for Openconnect in ThinOS a step too far?
OpenConnect is just supporting username/password/domain. Nothing else.
CG
That is indeed a shame. Openconnect under LINUX does support the second password field to specify the ‘push’ statement. Are you aware if any of the new Dell thin-clients are able to support this?
Its a shame if not and would suggest not moving with the times. HP thin clients are working well with MFA.
I am not sure about ThinLinux. Windows IoT will support it for sure.
I had a trial installation of DUO running in my lab. After the trial expired I have contacted DUO to get a permanent trial license for my lab. Unfortunately, they were not able to assist here. Not very good support I would say. Otherwise, I would have been able to do some tests and give precise feedback.
CG
Morning,
DUO offer a free (up to 10 user) account with full MFA functionality. You have the option of switching from the trial to free account yourself in their portal. As well as our work account I set a free account up for home use and have all our home devices using it for free. For support, I’ve always found them very helpful even with the free account – maybe that’s changed since being taken over by Cisco, but they helped me last week when I was looking to get the second password field working in OpenConnect on Linux.
Looking to see if we can set the default option to ‘push’ via the firewall, therefore taking the Wyse out of the equation. But not keen on making config changes to production environments at the moment – don’t want to risk bringing anything down.
Rgds
- You must be logged in to reply to this topic.