Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
817
Views
0
Helpful
1
Replies

RADIUS FILTER-id attribute

peter.matuska1
Level 1
Level 1

‎09-29-2023 01:18 PM

Hi,

customer has watchguard firewall and I try to implement duo auth proxy with it. Auth proxy handles AD (via ldap) authentication and push notification. The problem is that watchguard requires to receive filter-id parameter but as far as I know auth proxy returns it only the radius_client is used, which is not. Is there any workaround? It would be enough to send the attribute statically - so at least something. Doesn't need to correlate with the reality.

from documentation:

If you use RADIUS to authenticate these users, make sure the RADIUS server returns the group membership as the Filter-ID attribute.

 

thank you

Labels:
0 Helpful
1 Reply 1

DuoKristina
Cisco Employee
Cisco Employee

‎10-03-2023 02:13 PM

The only way you can pass through attributes from the primary authentication server is to use radius_client. LDAP primary authentication (ad_client) will not return any values for the Filter-ID RADIUS attribute.

Watchguard has a guide for this that includes configuring RADIUS for primary auth against AD but using NPS and radius_client: https://www.watchguard.com/help/docs/help-center/en-US/Content/Integration-Guides/General/duo-security-authentication.html

Duo, not DUO.
0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents
Top