DualShield Computer Logon Client is available for both RPM and DEB based Linux operating systems.
Prerequisites
Prior to the installation of the DualShield logon client, the Linux workstation must be domain joined.
Mandatory Configuration
Disable use_fully_qualified_names, otherwise 1. unlock would fail if UPN user name is not the same with the login name or custom UPN suffix is enabled 2. User console displaying name could be wrong.
$ sudo vi /etc/sssd/sssd.conf # line 16: change True to False use_fully_qualified_names = False $ sudo systemctl restart sssd
Install Logon Client on CentOS / Fedora
Download the installer file dshield-client-service-x.y.z-x86_64.rpm, and execute the command below to install it (whereas x.y.z is the version and build number, e.g. 1.0.0)
$ sudo yum install ./dshield-client-service-1.0.0-x86_64.rpm
Install Logon Client on Ubuntu
Download the install file dshield-client-service-x.y.z-x86_64.deb, and execute the command below to install it
$ sudo apt install ./dshield-client-service-1.0.0-x86_64.deb
SSH Login
If you want to enable 2FA on SSH login, then you need to enable challenge/response and also enable keyboard-interactive.
For Ubuntu 18 & 20, and CentOS
$ sudo vi /etc/ssh/sshd_config ChallengeResponseAuthentication yes AuthenticationMethods keyboard-interactive
For Ubuntu 22
$ sudo vi /etc/ssh/sshd_config KbdInteractiveAuthentication yes
Restart SSHD service after the above change:
$ sudo systemctl restart sshd