Duo Auth Proxy between radius client and windows nps radius server


First time trying to setup Duo mfa. Currently i have working solution where radius client connects to Windows NPS Radius server and get authenticated.

I installed Duo Auth Proxy in new server and made the following config:


radius_ip_1=client 1 ip

But when i click validate i get error:

Testing section 'radius_client' with configuration:
[info]  {'host': 'RadiusServer',
	 'pass_through_all': 'true',
	 'port': '1812',
	 'secret': '*****'}
[warn]  We cannot confirm that the Auth Proxy was able to establish a RADIUS connection to RadiusServer:1812. In the case of an actual failure this may be due to a misconfigured secret or network issues. This may also happen if the upstream RADIUS Server does not support the Status-Server message

And in NPS error logs i get:

A RADIUS message with the Code field set to 12, which is not valid, was received on port 1812 from RADIUS client [Duo] Server. Valid values of the RADIUS Code field are documented in RFC 2865.

What could be the problem?

NPS doesn’t support the Status-Server message, that’s all. It doesn’t indicate an issue with your configuration.

Why do I see “We cannot confirm that the Auth Proxy was able to establish a RADIUS connection” when using the Duo Authentication Proxy connectivity tool?

When will the MS Server support Radius Code Field 12 (Status-Server)? (someone asking in a Microsoft forum if NPS will ever support it.)

Many thanks for the quick replay.