FQDN Authentication Issue With LinOTP
by foa771 from LinuxQuestions.org on (#6KGFA)
Hello Everyone,
I installed Linotp 2.12.6 and integrated it with AWS workspaces using this documentation for MFA TOTP:
https://aws.amazon.com/blogs/desktop...on-workspaces/
Everything is working well using workspaces and LinOTP.
Now I want to add MFA to a Bastion Amazon Linux instance that is domain joined. I want to leverage the same LinOTP that I already have in the environment for TOTP. I configured the Linux instance for MFA and to send the TOTP token to the radius server however after reviewing the logs on LINOTP, I see it is receiving the username with the domain (user...@example.com) and it fails to find a matching user in the resolver.
the realm is the same as the windows domain name. I made sure that the setting to split on "@" is enabled so it differentiate username from realm, however authentication fails. LinOTP authenticates successfully users logging into workspaces since only the username is sent to the radius server, without the FQDN.
I would really appreciate any guidance on how to enable windows domain striping and resolve this issue.
Thank you!
I installed Linotp 2.12.6 and integrated it with AWS workspaces using this documentation for MFA TOTP:
https://aws.amazon.com/blogs/desktop...on-workspaces/
Everything is working well using workspaces and LinOTP.
Now I want to add MFA to a Bastion Amazon Linux instance that is domain joined. I want to leverage the same LinOTP that I already have in the environment for TOTP. I configured the Linux instance for MFA and to send the TOTP token to the radius server however after reviewing the logs on LINOTP, I see it is receiving the username with the domain (user...@example.com) and it fails to find a matching user in the resolver.
the realm is the same as the windows domain name. I made sure that the setting to split on "@" is enabled so it differentiate username from realm, however authentication fails. LinOTP authenticates successfully users logging into workspaces since only the username is sent to the radius server, without the FQDN.
I would really appreciate any guidance on how to enable windows domain striping and resolve this issue.
Thank you!