Jump to content
Greg.Buerk

Duo Security Plugin

Recommended Posts

It's working now!! Has anyone figured out how to get PUSH working? The duo documentation says just type PUSH into the duo token field, but that isnt working.

 

How did you manage to get this working? I still had no success.

Share this post


Link to post
Share on other sites

Uninstalled, re-installed. Simply does not work.

 

Now I cant even get the "Test" button to show back up.

 

Everything is greyed out. Have followed the instructions above. No joy.

Share this post


Link to post
Share on other sites

Hi Scubes,

 

Uninstall the entire plugin.. then from your labtech server, reinstall the plugin. Launch Labtech and activate the plugin, close the control center, relaunch, and then go to the integrations dashboard.

 

If that doesn't work, reload the plugin and try again... I had to do it a few times.. and since I had other stuff going on also, I had to restart the LT Database... that could have been what made mine start working, but I am not sure.

 

It's working like a charm now and we are on LT Beta/Pilot LT v10 and it's still working perfectly.

 

Jason

Share this post


Link to post
Share on other sites

Troubleshooting TIPs and Internal Docs:

 

---LabTech Properties---

 

DuoConfig = True\False

if this is not set to True then the configuration will not show, this is set to True when a successful request can be made to HTTPS://DuoSiteUrl/auth/v2/ping, this happens on Save.

 

 

 

DuoSiteUrl = String

This is the API Hostname, it does not include http: or paths. Example is api-f1120ec9.duosecurity.com

 

 

 

These are the Configuration values you obtained from the DUO SDK

DuoIntegKey = String

DuoSecretKey = String

 

 

These Properties are the results of the checkboxes in the operation settings

DuoEnabled = True\False

DuoEnabledWebCC = True\False

DuoEnabledCC = True\False

DuoEnabledSuperAdmin = True\False

DuoEnabledSuperVisor = True\False

DuoEnabledAllUsers = True\False

Share this post


Link to post
Share on other sites

Troubleshooting TIPs and Internal Docs:

 

To configure the Plugin.

Install the Plugin, Enable it and restart control center.

Open the Control Center to the Intergration Tab, select the Duo Tab.

Enter your integration Key and Secret Key, API Hostname.

Click SAVE.

Close the Dashboard and reopen it tot he duo Tab.

The Tab should be expanded to show all the other options and allow you to enable Duo.

If it does not allow you to Enable Duo, test it this way.

In a Web Browser open this URL https://APIHostname/auth/v2/ping

It will return a JSON file, it it does not then you do not have the correct API Hostname.

 

 

 

 

The TEST LOGIN Button.

This does not have anything to do with the configuration, this is to test the passcode with a LabTech account.

 

 

Accounts in DUO must match CASE with LabTech account names.

 

We do not support ANY method other than the TOKEN. Push will not work or Call Back.

Share this post


Link to post
Share on other sites

Greg,

 

Thank you for the plugin but I cannot seem to get it to work. I have reinstalled it half a dozen times and rebooted my server twice. I plug in the integ and secret keys along with the api host and I still am unable to get it to allow the check boxes. I tried to modify the properties to allow me to configure but the logon fails. I would really like to implement this extra security but I am stuck. I have tried both the Auth API and the WEB API. Any help would be great.

 

Again Thanks for all you do.

 

J Hall

i.t.NOW

UT US

Share this post


Link to post
Share on other sites

Hi J. Hall,

Did you ever get the Duo integration to work? I appear to be having the same issue. I have tried multiple installs, uninstalls, reboots, etc., but to no avail.

 

--Luke

Share this post


Link to post
Share on other sites

Is there any way to disable the plugin from outside the labtech control center when you have accidentally locked yourself out? Superadmin + all other admins have duo enabled, but the integration does not work correctly, making it unable to enter a valid duo code on login.

Are there certain files in the labtech client folder that can be deleted? Or can the plugin be set to "disabeld" in a configuration file?

Share this post


Link to post
Share on other sites

Use a program to log into the MySQL server. In the table "Plugins" look for this addon, and change `Enable` = 0. Restart Control Center and see if you can log in.

Share this post


Link to post
Share on other sites
Use a program to log into the MySQL server. In the table "Plugins" look for this addon, and change `Enable` = 0. Restart Control Center and see if you can log in.

worked, thanks !

used following SQL: update plugins set Enable=0 where name="duo security";

Share this post


Link to post
Share on other sites

Hi everyone,

1. First question - I have an issue with login in to the Control Center with Duo enabled from remote PC. Local on the Labtech server i'm able to login in to the Control Center without any problem. Any idea how can I solve it ?

2. Second question is - how can I enable Duo login only for certain users , because some of users are only for labtech system and they have no access to the control center or web control center

Thank s in advance

Share this post


Link to post
Share on other sites

this does work on cloud instances; i think when you install it , all it does a check on the adress you type in, if it's a hostedrmm.com domain it says it's not supported. if you use a CNAME and do something like rmm.domain.com and point it to your *.hostedrmm.com domain; use that address in the installer and it installs and works just fine.

Share this post


Link to post
Share on other sites

Thanks for all the updates. has anyone tried to use the personal/business version with success? I have not tried it yet but to me it appears the personal/business one would work for both the client and the website and use the phone based soft token to authenticate.

Share this post


Link to post
Share on other sites
Thanks for all the updates. has anyone tried to use the personal/business version with success? I have not tried it yet but to me it appears the personal/business one would work for both the client and the website and use the phone based soft token to authenticate.

 

Yes, I use the personal edition for my LabTech testing environment and it works great..LT10 too. It works fine and works with the phone for token.

 

jeff

Share this post


Link to post
Share on other sites

I got it to allow me to enable it and I tried it for one user and it ended up applying to all I had to disable using SQL when I turn this thing back on after everyone is enrolled where does the 2 factor come in I didn't see anything different on the login page?

Share this post


Link to post
Share on other sites

I just got it working. It pops up while the LabTech client is loading. Just before the console opens, a popup box opens prompting for the token. Are you sure it enabled for all users? When mine installed, it didn't have any selected. It showed all my users in the list, but I had to click them individually and highlight them on.

Share this post


Link to post
Share on other sites

newbie question, I got the plugin setup. Able to login with one time generated passcode. my question is how do set it to call a phone for authentication? or does it only support via android/iphone app?

 

*Edited* never mind just reread the post. :oops:

We do not support ANY method other than the TOKEN. Push will not work or Call Back.

 

So new question: Which kind of token? Hardware token or U2F token? or both?

Share this post


Link to post
Share on other sites
Does this DuoSecurity plugin work with Labtech V10?

 

Yes it is working with LT10. But required a token, which I still need more info on which type.

Share this post


Link to post
Share on other sites

I got it to work on the client without any issue.

Now i just cant get it to work on the web portal OR with windows 10 machine (always says wrong token, same user work on a windows 8.1)

 

Any suggestion to get the request to appear on the web portal ?

 

Thanks

Share this post


Link to post
Share on other sites

@Felix,

 

I think you may need to use LDAP proxy for that.

 

Off topic here, has anyone use DUO with Connectwise? Any pointer?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×