03-03-2021 09:29 PM
Currently DUO is authenticated to LDAP via plaintext. We would like to change it to LDAPS, ie connect DUO to AD via LDAPS.
Can someone tell what are the changes to be done in DUO config file for this.
Also, any downtime required for this?
Solved! Go to Solution.
03-04-2021 06:50 AM
Assuming you’re using the Authentication Proxy, look here, especially the Optional section: Duo Authentication Proxy Reference | Duo Security
You’ll need to change or add “transport”, add “ssl_ca_certs_file” and have the CA root cert and chain that issued the cert on your DC in a file for that entry to point at.
You have to restart the proxy, so yes to downtime…
03-04-2021 06:50 AM
Assuming you’re using the Authentication Proxy, look here, especially the Optional section: Duo Authentication Proxy Reference | Duo Security
You’ll need to change or add “transport”, add “ssl_ca_certs_file” and have the CA root cert and chain that issued the cert on your DC in a file for that entry to point at.
You have to restart the proxy, so yes to downtime…
03-05-2021 01:53 AM
Thank you @kstieers
Currently authentication is requested from Cisco ASA and DUO sends to AD.
Will there be any change in ASA to Duo config too ?
03-05-2021 07:50 AM
So if already doing LDAPS from ASA to the DUO Authentication Proxy, then no, no change needed…
04-12-2021 05:00 AM
For Duo LDAPS, should any change be done in Duo Admin panel as mentioned in this link ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide