Configuring Duo RADIUS Proxy

1. Install the Duo Authentication Proxy on Windows or Linux server and configure the authproxy.cfg file.

   Location of the configuration file.

   Windows (64-bit): C:\Program Files (x86)\Duo Security Authentication Proxy\conf\authproxy.cfg

   Linux: /opt/duoauthproxy/conf/authproxy.cfg

2. Configure the Proxy for Primary Authentication.

   If you have only RADIUS authentication server for primary authentication, then modify the authproxy.cfg file with below command. For example:

   [radius_client]

   host=1.2.3.4

   secret=radiusclientsecret

   If you have want to use Active Directory for primary authentication, then modify the authproxy.cfg file with below command. For example:

   [ad_client]

   host=1.2.3.4

   host_2=1.2.3.5

   service_account_username=duoservice

   service_account_password=password1

   search_dn=DC=example,DC=com

   security_group_dn=CN=DuoVPNUsers,OU=Groups,DC=example,DC=com

3. Setup the Authentication Proxy to work with Ivanti Policy Secure.

   Example configuration for AD.

   [radius_server_auto]

   ikey=DIXXXXXXXXXXXXXXXXXX

   skey=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

   api_host=api-XXXXXXXX.duosecurity.com

   radius_ip_1=5.6.7.8

   radius_secret_1=radiussecret1

   client=ad_client

   port=1812

   failmode=safe