Active Directory Sync


#1

I am having a problem with setting up Active Directory with Duo. I have configured the settings as well as installed and configured the Duo Authentication Proxy on the DC. I can see there is some sort of communication as when I disable the service and try to save the config in the web portal I get different error messages.

The main error I get and can’t bypass is - Status: The directory server was unreachable.

The following entries are from the log file on the server -

 2018-02-26T17:23:27+1100 [Uninitialized] AD Connection failed: <twisted.python.failure.Failure twisted.internet.error.TCPTimedOutError: TCP connection timed out: 10060: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond..>
2018-02-26T17:23:27+1100 [Uninitialized] LDAP connection failed
	Traceback (most recent call last):
	Failure: duoauthproxy.lib.ldap.client.ADClientError: AD Connection failed: [Failure instance: Traceback (failure with no frames): <class 'twisted.internet.error.TCPTimedOutError'>: TCP connection timed out: 10060: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond..
	]
	
2018-02-26T17:23:27+1100 [duoauthproxy.lib.ldap.client.ADClientFactory#info] Stopping factory <duoauthproxy.lib.ldap.client.ADClientFactory object at 0x02530470>

Any help here would be greatly appreciated.


#2

The log indicates that the Duo proxy wasn’t able to make an LDAP connection to your Active Directory (even though those are both the same server).

There are some configuration items you can verify in this KB article.

If these don’t help, please contact Duo Support. They’ll review your directory configuration and have you enable debug logging on your authentication proxy server to review the output when you try to connect.

Be aware that we don’t usually recommend running the Duo proxy on your domain controller.