cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
254
Views
0
Helpful
1
Replies

Windows server 2022 stand alone, RDP sessions

mullola
Level 1
Level 1

I have a windows 2022 server in a standalone deployment, i.e. not belonging to a domain. Is there any chance of Duo Security could help me to authenticate via RADIUS the incoming RDP sessions? I already have the RADIUS server, and it's external to the windows 2022 server. I want the windows server to contact the external RADIUS server to authenticate the incoming RDP connections it receives.

1 Reply 1

DuoKristina
Cisco Employee
Cisco Employee

This isn't something that any Duo software would do for you.

However, it looks like you can already do this with existing Windows features:

  1. Deploy RD Gateway.
  2. Use RD Gateway CAP/RAP to make it send requests to your RADIUS server.
  3. Only allow RDP connections that use RD Gateway.

This isn't a config that is compatible with Duo to add 2FA though. The Duo for RD Gateway plugin disables RDG CAP/RAP so installing that would short-circuit RADIUS auth, and leaving RDG CAP/RAP intact but then creating a CAP that forwards RDG RADIUS requests to Duo Authentication Proxy RADIUS server won't work either as those requests don't contain info in the packet that can be used for the Duo proxy to complete primary authentication (and such a config does not allow for a Duo-only RADIUS config).

Duo, not DUO.
Quick Links