Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I’ve been reading docs and I reconfigured Duo to use ldaps instead of radius for Fortigate auth in hopes of getting expired password change functionality working. Here’s the duo config:
[main]
debug=false
log_auth_events=true
[ad_client]
host=dc01.m...
I have one user (me) who is able to auth via RADIUS but other accounts setup in what I think is the exact same manner don’t seem to work. I replaced the domain, username and OU with generic text.
Any help would be greatly appreciated!
Here’s a snip o...
I’m trying to follow the Sonicwall SRA implementation guide on the Duo site but I’m implementing on a TZ series vs. a Sonicwall SRA series that the doc covers. I’m not able to get the portal configured to include the Duo JavaScript.
I was able to reg...
Thanks for the pointer to https://help.duo.com/s/article/3162?language=en_US Adding exempt_ou_1=<bind user DN> and exempt_primary_bind=false to the config made everything work.
Hi, thanks for the reply. The VPN client auth fails as well with “Error: permission denied” on the web interface and “Login failed. Insufficient credential(s). Please check the password, client certificate, etc.” on the FortiClient.
In debug mode the...
I missed the radius_server_auto section of the config, here’s the whole thing:
avery@cerberus:/opt/duoauthproxy/conf$ cat authproxy.cfg
; Complete documentation about the Duo Auth Proxy can be found here:
; https://duo.com/docs/authproxy_reference
[...
Thanks for taking a look! I apologize but I should have provided this info in the op: both users are members of the vpn_users group.
The user who is working:
firstname@smtp01:~$ ldapsearch -x -h 10.1.1.45 -D firstname@mydomain.local -W -b "OU=GROUPOU...
