Duo Auth Proxy between radius client and windows nps radius server

Egert143 · ‎11-14-2022

Hello

First time trying to setup Duo mfa. Currently i have working solution where radius client connects to Windows NPS Radius server and get authenticated.

I installed Duo Auth Proxy in new server and made the following config:

[radius_client]
host=RadiusSever
secret=pass
port=1812
pass_through_all=true

[radius_server_auto]
ikey=xxx
skey=xxx
api_host=xxx
radius_ip_1=client 1 ip
radius_secret_1=pass
client=radius_client

But when i click validate i get error:

Testing section 'radius_client' with configuration:
[info]  {'host': 'RadiusServer',
	 'pass_through_all': 'true',
	 'port': '1812',
	 'secret': '*****'}
[warn]  We cannot confirm that the Auth Proxy was able to establish a RADIUS connection to RadiusServer:1812. In the case of an actual failure this may be due to a misconfigured secret or network issues. This may also happen if the upstream RADIUS Server does not support the Status-Server message

And in NPS error logs i get:

A RADIUS message with the Code field set to 12, which is not valid, was received on port 1812 from RADIUS client [Duo] Server. Valid values of the RADIUS Code field are documented in RFC 2865.

What could be the problem?

DuoKristina · ‎11-14-2022

NPS doesn’t support the Status-Server message, that’s all. It doesn’t indicate an issue with your configuration.

Why do I see “We cannot confirm that the Auth Proxy was able to establish a RADIUS connection” when using the Duo Authentication Proxy connectivity tool?

When will the MS Server support Radius Code Field 12 (Status-Server)? (someone asking in a Microsoft forum if NPS will ever support it.)

Duo, not DUO.

Egert143 · ‎11-14-2022

Many thanks for the quick replay.