We have a UAG using Radius to DUO. When a users password is reset and we check the box "User must change password at next login". They can no longer access VDI protected with Duo. Assuming this is because of using Radius, does anyone know of a workaround that will either let the user log into the desktop and force them to change the password or have the connection server facilitate the password change? Right now we just get "Access Denied" and they cannot proceed.
Thank you all in advance.
We are using a Loadbalancer as AccessGateway for Horizon and also using Duo with Radius.
So, i don't think its an Radius problem. Passwort Change is working.
Do you have Duo Proxys in your infrastructure?
What setup have you done in the setup file of the duo proxy?
I assume you are doing a AD checkup (LDAPs) and syncing the users from AD to DUO?
Do you connecting using the web access or the horizon client?
My advice is review the logs on the duo proxy, what happens, if the password change is done. Maybe it's also a timeout issue.
We are having the same problem with expired passwords.
Here is our DUO config.
Looks like we have to switch client to [duo_only_client] as mentioned in the blog post below