DualShield Computer Logon Client is available for both RPM and DEB based Linux operating systems.
Prior to the installation of the DualShield logon client, the Linux workstation must be domain joined.
Disable use_fully_qualified_names, otherwise 1. unlock would fail if UPN user name is not the same with the login name or custom UPN suffix is enabled 2. User console displaying name could be wrong.
$ sudo vi /etc/sssd/sssd.conf # line 16: change True to False use_fully_qualified_names = False $ sudo systemctl restart sssd |
Download the installer file dshield-client-service-x.y.z-x86_64.rpm, and execute the command below to install it (whereas x.y.z is the version and build number, e.g. 1.0.0)
$ sudo yum install ./dshield-client-service-1.0.0-x86_64.rpm |
Download the install file dshield-client-service-x.y.z-x86_64.deb, and execute the command below to install it
$ sudo apt install ./dshield-client-service-1.0.0-x86_64.deb |
If you want to enable 2FA on SSH login, then you need to enable challenge/response and also enable keyboard-interactive.
$ sudo vi /etc/ssh/sshd_config ChallengeResponseAuthentication yes AuthenticationMethods keyboard-interactive |
$ sudo vi /etc/ssh/sshd_config KbdInteractiveAuthentication yes |
Restart SSHD service after the above change:
$ sudo systemctl restart sshd |