11-10-2020 08:07 AM
Hi everyone,
I’m testing to set up MFA with DUO Mobile on my VPN server.
Everything works with a normal SSTP connection.
Here is my configuration :
1x : Windows 2019 server : RRAS with (SSTP protocol) (10.10.10.22)
1x: Windows 2019 server: NPS/Radius (10.10.10.23)
1x: Windows 2019 server: Duo Proxy service (10.10.10.24)
When I try to connect my VPN client, I get the following messages in the logs:
2020-11-10T16:57:51+0100 [duoauthproxy.lib.log#info] Duo Security Authentication Proxy 5.1.0 - Init Complete
2020-11-10T16:57:51+0100 [-] RadiusClient starting on 55744
2020-11-10T16:57:51+0100 [-] Starting protocol <duoauthproxy.lib.radius.client.RadiusClient object at 0x000001957A1563D0>
2020-11-10T16:58:30+0100 [duoauthproxy.lib.log#info] Sending request from 192.168.68.22 to radius_server_auto
2020-11-10T16:58:30+0100 [duoauthproxy.lib.log#info] Received new request id 4 from ('192.168.68.22', 52047)
2020-11-10T16:58:30+0100 [duoauthproxy.lib.log#info] (('192.168.68.22', 52047), fidmc\mdm-user1, 4): login attempt for username 'fidmc\\mdm-user1'
2020-11-10T16:58:30+0100 [duoauthproxy.lib.log#info] Sending request for user 'fidmc\\mdm-user1' to ('192.168.68.23', 1812) with id 38
2020-11-10T16:58:30+0100 [duoauthproxy.lib.log#info] Got response for id 38 from ('192.168.68.23', 1812); code 3
2020-11-10T16:58:30+0100 [duoauthproxy.lib.log#info] (('10.10.10.22', 52047), fidmc\mdm-user1, 4): Primary credentials rejected - No reply message in packet
2020-11-10T16:58:30+0100 [duoauthproxy.lib.log#info] (('10.10.10.22', 52047), fidmc\mdm-user1, 4): Returning response code 3: AccessReject
2020-11-10T16:58:30+0100 [duoauthproxy.lib.log#info] (('10.10.10.22', 52047), fidmc\mdm-user1, 4): Sending response
Here is my authproxy.conf file:
[radius_client]
host=10.10.10.23
secret key=XXXXXXXX
pass_through_all=true
[ad_client]
host=10.10.10.10
service_account_username=FIDMC\Administrateur (for test)
service_account_password=mypassword
search_dn=DC=fidmc,DC=ch
security_group_dn=CN=AOVPN_Users,OU=GROUPS,OU=MCH,DC=fidmc,DC=ch
[radius_server_auto]
ikey=my_ikey
skey=my_skey
api_host=my_api_host
radius_ip_1=10.10.10.22
radius_secret_1=radiussecret1
failmode=safe
client=client_radius
port=1812
I also get error 812 in the client’s Event Viewer.
Does anyone know where the error could come from?
Thank’s in advance.
11-10-2020 10:06 AM
Hi @Frederic_Viatte, just a heads up that I edited your post to remove your secret key and RADIUS secret. These are unique to your application and account and should be kept private. They should never be shared publicly
I noticed in your config file under [radius_server_auto] you have the client listed as client=client_radius
when it should be radius_client
instead. Try fixing that and see if it resolves the issue!
Something else I looked into was the error code Primary credentials rejected - No reply message in packet
in your AuthProxy log. This help article says to set pass_through_all=true
under radius_client
to resolve this. However, I see in your config that you have done so already, so that shouldn’t be a problem.
Give my suggestion a try, and if you’re still encountering trouble, I recommend reaching out to Duo Support for further troubleshooting and help.
11-10-2020 11:04 AM
Thank you for your quick response!
Thanks for correcting the post, I’ll know for next time
Then indeed the radius_client line was already configured right. I made a mistake in the post.
Here is a quick schematic of the current configuration.
Hopefully it will help to solve the problem.
Thank’s in advance.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide