Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

Active Directory MFA

1

I've been following this recipe for enabling MFA.... https://medium.com/@sjsumit10/enable-mfa-for-aws-managed-ad-using-freeradius-with-google-authenticator-caaabc450c0b

The procedure works well up until I reach the final step where MFA is enabled for the AD using the AWS console. The step fails with no obvious information as to why. I believe I've verified that UDP port 1812 is open. Where can I look for hints as to what the problem is? CloudWatch logs are not providing much insight.

Argomenti
Sicurezza, identità e conformitàGestione e amministrazione
Tag
Gestione identità e accesso AWSAWS Directory ServiceConsole di gestione AWS
Lingua
English
AWS-User-jht
posta 2 anni fa409 visualizzazioni
1 Risposta
1

Hello! Managed AD attempts to communicate with the RADIUS server over UDP 1812 by default, sends a "awsfakeuser" authentication request and expects a "Access-Reject" message back from RADIUS. If Managed AD does not receive a response, or receives a different response other than "Access-Reject", MFA will fail to enable.

Ensure that UDP 1812 is allowed both inbound and outbound on the Directory Service's security group. Also ensure that the FreeRADIUS instance allows the traffic. Check the FreeRADIUS logs to ensure the traffic is received and that it sends a response back. You can also create a VPC Flow Log [1] to monitor the packets seen from the AWS side, or do a packet capture on the FreeRADIUS side. I have personally tested the guide you are using and can confirm it works.

If you still run into issues, please open a new support case with us and we will be ready to assist you.

  1. https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html
AWS
TECNICO DI SUPPORTO
Francisco_L
con risposta 2 anni fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente