Description:
By default, the Duo post-auth script for Access Server sends a passcode instead of push notifications, and some customers prefer to receive push notifications.
Resolution:
- Go to your OpenVPN Access Server CLI.
- Change to the directory where you have the "duo_openvpn_as.py" file (most likely in "/usr/local/openvpn_as/scripts/").
- Edit this file using the "nano" command like this:
nano duo_openvpn_as.py
- Find the line "AUTOPUSH = False" and change it to "AUTOPUSH = True" as in the last line in the example below:
root@openvpn-access-server:/usr/local/openvpn_as/scripts# nano duo_openvpn_as.py
# Set AUTOPUSH to True to automatically prompt the user's default 2FA device.
# This will remove any user prompts for factor selection.
AUTOPUSH = True - Press ctrl+x, then press y, and then press enter, to save and exit the file.
- Use the below command to load the duo file again with the changes:
sudo su cd /usr/local/openvpn_as/scripts
./sacli --key "auth.module.post_auth_script" --value_file="/usr/local/openvpn_as/scripts/duo_openvpn_as.py" ConfigPut - Reload the service to commit the changes:
./sacli start
Now you can test push notifications to your cell phone by signing in again to Access Server.
If you have additional questions please submit a ticket.
Source: https://duo.com/docs/openvpn-as
Comments
0 comments
Please sign in to leave a comment.