RADIUS FILTER-id attribute

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-29-2023 01:18 PM
Hi,
customer has watchguard firewall and I try to implement duo auth proxy with it. Auth proxy handles AD (via ldap) authentication and push notification. The problem is that watchguard requires to receive filter-id parameter but as far as I know auth proxy returns it only the radius_client is used, which is not. Is there any workaround? It would be enough to send the attribute statically - so at least something. Doesn't need to correlate with the reality.
from documentation:
If you use RADIUS to authenticate these users, make sure the RADIUS server returns the group membership as the Filter-ID attribute.
thank you
- Labels:
-
Authentication Proxy

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-03-2023 02:13 PM
The only way you can pass through attributes from the primary authentication server is to use radius_client. LDAP primary authentication (ad_client) will not return any values for the Filter-ID RADIUS attribute.
Watchguard has a guide for this that includes configuring RADIUS for primary auth against AD but using NPS and radius_client: https://www.watchguard.com/help/docs/help-center/en-US/Content/Integration-Guides/General/duo-security-authentication.html
