cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2889
Views
1
Helpful
4
Replies

DUO with AD LDAPS

manvik
Level 3
Level 3

Currently DUO is authenticated to LDAP via plaintext. We would like to change it to LDAPS, ie connect DUO to AD via LDAPS.
Can someone tell what are the changes to be done in DUO config file for this.
Also, any downtime required for this?

1 Accepted Solution

Accepted Solutions

Assuming you’re using the Authentication Proxy, look here, especially the Optional section: Duo Authentication Proxy Reference | Duo Security
You’ll need to change or add “transport”, add “ssl_ca_certs_file” and have the CA root cert and chain that issued the cert on your DC in a file for that entry to point at.

You have to restart the proxy, so yes to downtime…

View solution in original post

4 Replies 4

Assuming you’re using the Authentication Proxy, look here, especially the Optional section: Duo Authentication Proxy Reference | Duo Security
You’ll need to change or add “transport”, add “ssl_ca_certs_file” and have the CA root cert and chain that issued the cert on your DC in a file for that entry to point at.

You have to restart the proxy, so yes to downtime…

manvik
Level 3
Level 3

Thank you @kstieers
Currently authentication is requested from Cisco ASA and DUO sends to AD.
Will there be any change in ASA to Duo config too ?

So if already doing LDAPS from ASA to the DUO Authentication Proxy, then no, no change needed…

manvik
Level 3
Level 3

For Duo LDAPS, should any change be done in Duo Admin panel as mentioned in this link ?

Quick Links