Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2398
Views
1
Helpful
4
Replies

DUO with AD LDAPS

Go to solution
manvik
Level 3
Level 3

‎03-03-2021 09:29 PM

Currently DUO is authenticated to LDAP via plaintext. We would like to change it to LDAPS, ie connect DUO to AD via LDAPS.
Can someone tell what are the changes to be done in DUO config file for this.
Also, any downtime required for this?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Ken Stieers
VIP
VIP

‎03-04-2021 06:50 AM

Assuming you’re using the Authentication Proxy, look here, especially the Optional section: Duo Authentication Proxy Reference | Duo Security
You’ll need to change or add “transport”, add “ssl_ca_certs_file” and have the CA root cert and chain that issued the cert on your DC in a file for that entry to point at.

You have to restart the proxy, so yes to downtime…

View solution in original post

4 Replies 4

Go to solution
Ken Stieers
VIP
VIP

‎03-04-2021 06:50 AM

Assuming you’re using the Authentication Proxy, look here, especially the Optional section: Duo Authentication Proxy Reference | Duo Security
You’ll need to change or add “transport”, add “ssl_ca_certs_file” and have the CA root cert and chain that issued the cert on your DC in a file for that entry to point at.

You have to restart the proxy, so yes to downtime…

Go to solution
manvik
Level 3
Level 3

‎03-05-2021 01:53 AM

Thank you @kstieers
Currently authentication is requested from Cisco ASA and DUO sends to AD.
Will there be any change in ASA to Duo config too ?

0 Helpful

Go to solution
Ken Stieers
VIP
VIP
In response to manvik

‎03-05-2021 07:50 AM

So if already doing LDAPS from ASA to the DUO Authentication Proxy, then no, no change needed…

0 Helpful

Go to solution
manvik
Level 3
Level 3

‎04-12-2021 05:00 AM

For Duo LDAPS, should any change be done in Duo Admin panel as mentioned in this link ?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents