- Newest
- Most votes
- Most comments
This is now resolved. I was able to enable MFA. Just needed to add the 2nd IP of DS to the config file which seemed to work. Thanks for the previous poster for chiming in.
I suspect you missed configuring your"Install the Duo Authentication Proxy". To integrate Duo with your RADIUS device, you will need to install a local Duo proxy service on a machine within your network. This Duo proxy server will receive incoming RADIUS requests from your RADIUS device, contact your existing local LDAP/AD or RADIUS server to perform primary authentication if necessary, and then contact Duo's cloud service for secondary authentication. Would you please verify that you have configured this step: https://duo.com/docs/radius
Configuring proxy will allow you to setup something like this: [ad_client] host=1.2.3.4 host_2=1.2.3.5 service_account_username=duoservice service_account_password=password1 search_dn=DC=example,DC=com security_group_dn=CN=DuoVPNUsers,OU=Groups,DC=example,DC=com
with this in place you should be able to authenticate with correct service account name and password.
Relevant content
- asked 8 months ago
- Accepted Answerasked 2 years ago
- asked 2 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 3 years ago
Thanks! You were not too far off. I did get this working....go figure, as soon as I post this. :) In any case, I failed to add the second IP of DS to my config file and that did the trick.