DUO 2FA Authentication
Has anything set up DUO Multifactor authentication for Meraki Remove VPN?
Just curious what the 'radius_ip_1' field should be, which can be found under this section here:
[radius_server_auto]
ikey=DIXXXXXXXXXXXXXXXXXX
skey=XXXXXXXXXXXXXXXXXXXXX
api_host=api-XXXXXXXX.duos
failmode=safe
radius_ip_1=5.6.7.8
radius_secret_1=thisisalso
client=radius_client
https://duo.com/docs/authproxy-reference#configuration
I am quite understanding this.
TIA.
Just curious what the 'radius_ip_1' field should be, which can be found under this section here:
[radius_server_auto]
ikey=DIXXXXXXXXXXXXXXXXXX
skey=XXXXXXXXXXXXXXXXXXXXX
api_host=api-XXXXXXXX.duos
failmode=safe
radius_ip_1=5.6.7.8
radius_secret_1=thisisalso
client=radius_client
https://duo.com/docs/authproxy-reference#configuration
I am quite understanding this.
TIA.
Last Comment
ASKER
Hi Pete,
Thank you for the response and URL.
I noticed that your configuration has you also have client=ad_client under:
[radius_server_auto]
client=ad_client
shouldn't it be radius_client?
In your case, do you have another section above it with [ad_client], with a configuration similar to below (as per the instructions):
[ad_client]
host=1.2.3.4
service_account_username=d
service_account_password=p
search_dn=DC=example,DC=co
security_group_dn=CN=DuoVP
Also, in my configuration, I have this configured below:
[radius_client]
host=1.2.3.4
secret=thisisaradiussecret
That is where I actually specify the Meraki_IP and the shared key use.
So you're saying this section is not needed at all? and I should configure that in the [radius_server_auto] and change the client type to ad_client instead?
If that is all its needed, I am willing to try it.
Thank you!
Thank you for the response and URL.
I noticed that your configuration has you also have client=ad_client under:
[radius_server_auto]
client=ad_client
shouldn't it be radius_client?
In your case, do you have another section above it with [ad_client], with a configuration similar to below (as per the instructions):
[ad_client]
host=1.2.3.4
service_account_username=d
service_account_password=p
search_dn=DC=example,DC=co
security_group_dn=CN=DuoVP
Also, in my configuration, I have this configured below:
[radius_client]
host=1.2.3.4
secret=thisisaradiussecret
That is where I actually specify the Meraki_IP and the shared key use.
So you're saying this section is not needed at all? and I should configure that in the [radius_server_auto] and change the client type to ad_client instead?
If that is all its needed, I am willing to try it.
Thank you!
Hiya bud
It's got ad_client in there simply because that's what the run through form Duo said to put in there!
The section I have above the RADIUS setup is as per this article,
Everything you need for Meraki you should find here
https://duo.com/docs/meraki-radius
It's got ad_client in there simply because that's what the run through form Duo said to put in there!
The section I have above the RADIUS setup is as per this article,
Everything you need for Meraki you should find here
https://duo.com/docs/meraki-radius
ASKER
Ok Pete, thanks again for this.
Just a fyi - we're adding user manually for now and using the trial version. The AD Sync will not work unless we have a paid version and will switch to that once we get it tested with the trail working first. So what you provided will be helpful when I get to that.
As for now, should I be use radius client then instead of ad_client since I am adding user manually.
Let me know what you suggest.
Thank you!
Just a fyi - we're adding user manually for now and using the trial version. The AD Sync will not work unless we have a paid version and will switch to that once we get it tested with the trail working first. So what you provided will be helpful when I get to that.
As for now, should I be use radius client then instead of ad_client since I am adding user manually.
Let me know what you suggest.
Thank you!
>>The AD Sync will not work unless we have a paid version
Are you sure Ive never paid for it?
As per the link above you only use ad_client if you are querying AD directly.
You will need to use radius_client to specify the Meraki so it can query the Duo server anyway.
</P>
Are you sure Ive never paid for it?
As per the link above you only use ad_client if you are querying AD directly.
You will need to use radius_client to specify the Meraki so it can query the Duo server anyway.
</P>
ASKER
Hi Pete,
That was a comment concerning the AD Sync requirement. We will switch to that once we get it working.
Based on conversations with others, I think this will work for me:
1) Under this section, this is the host IP is the Radius server (we're using Microsoft NPS):
[radius_client]
host=1.2.3.4
secret=radiusclientsecret
2) Under this section for the radius IP, we will point to the Meraki MX firewall.
radius_server_auto]
ikey=DIXXXXXXXXXXXXXXXXXX
skey=XXXXXXXXXXXXXXXXXXXXX
api_host=api-XXXXXXXX.duos
radius_ip_1=5.6.7.8
radius_secret_1=radiussecr
client=ad_client
port=1812
failmode=safe
and my client line should be "client=radius_client".
Let me know if you this is not correct. I got this from this URL here: https://duo.com/docs/meraki-radius.
Thank you!
That was a comment concerning the AD Sync requirement. We will switch to that once we get it working.
Based on conversations with others, I think this will work for me:
1) Under this section, this is the host IP is the Radius server (we're using Microsoft NPS):
[radius_client]
host=1.2.3.4
secret=radiusclientsecret
2) Under this section for the radius IP, we will point to the Meraki MX firewall.
radius_server_auto]
ikey=DIXXXXXXXXXXXXXXXXXX
skey=XXXXXXXXXXXXXXXXXXXXX
api_host=api-XXXXXXXX.duos
radius_ip_1=5.6.7.8
radius_secret_1=radiussecr
client=ad_client
port=1812
failmode=safe
and my client line should be "client=radius_client".
Let me know if you this is not correct. I got this from this URL here: https://duo.com/docs/meraki-radius.
Thank you!
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
VPN
A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.
26K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
Heres me doing the same setting up RADIUS for a Cisco ASA but the Duo procedure is the same.
</P>