...
Prior to the installation of the DualShield logon client, the Linux workstation must be domain joined.
Mandatory Configuration
Disable use_fully_qualified_names, otherwise 1. unlock would fail if UPN user name is not the same with the login name or custom UPN suffix is enabled 2. User console displaying name could be wrong.
| Code Block |
|---|
$ sudo vi /etc/sssd/sssd.conf
# line 16: change True to False
use_fully_qualified_names = False
$ sudo systemctl restart sssd |
Install Logon Client on CentOS / Fedora
Download the installer file linuxdshield-computer-client-clientservice-x.y.z-x86_64.rpm, and execute the command below to install it (whereas x.y.z is the version and build number, e.g. 1.0.0)
| Code Block | ||
|---|---|---|
| ||
$ sudo rpmyum -ivh linux-computer-install ./dshield-client-clientservice-1.0.0-x86_64.rpm |
Install Logon Client on
...
Ubuntu
Download the install file linuxfile dshield-computerclient-logon-clientservice-x.y.z-x86_64.deb, and execute the command below to instal install it
| Code Block | ||
|---|---|---|
| ||
$ sudo dpkgapt -i linux-computer-install ./dshield-client-clientservice-1.0.0-x86_64.deb |
SSH Login
If you want to enable 2FA on SSH login, then you need to enable challenge/response and also enable keyboard-interactive.
For Ubuntu 18 & 20, and
...
CentOS
| Code Block | ||
|---|---|---|
| ||
$ sudo vi /etc/ssh/sshd_config ChallengeResponseAuthentication yes AuthenticationMethods keyboard-interactive |
...