I had a read of this but unfortunately my issue is different:
So, I have 2 servers.
One is an AD/ADFS/LDAP Server, and another is the DUO Proxy server. DUO is working via ADFS SSO but now I am moving on to setting it up for LDAP for the Solarwinds dashboard.
I have set everything up down to a tee following DUOs guide, added the ldap_server_auto, set up all keys, api etc. I set up a duoservices account (read-only and no admin rights) for duo to use.
The proxy server connects fine and I am not seeing any issues between the proxy and the main DC server.
Internally, 389/636 both connect, 443 is allowed on both server in bound and outbound, 636 is allowed through the firewall which I can see it being allowed. Windows firewall is activated, so I added 636 as an inbound port to this, but I cannot telnet over to the server still from my own PC on port 389 or 636, which is strange.
While Solarwinds nable dashboard uses port 443, I was told to open inbound 636 which is, on the firewall its coming in, the logs are showing me hitting the server on both ports. I have also disabled Windows FW and still can’t telnet.
This is what I have of DUO support:
So, the app would need to be able to reach the authentication proxy through your firewall to port 636 - Done this. Nothings listening on 636 so its possibly why I can’t telnet? Do I need to purchase SSLs for this, or would Lets Encrypt work or better yet, does duo proxy installer not bring SSLs with it?
The authentication proxy will need to communicate on either port 389/636 to your AD server depending on whether ldap/ldaps is used on your internal network. - This works fine.
The authentication proxy will need to be able to communicate outbound via port 443 to the Duo API. - This works fine.
Once this is set up, because the dashboard utilities LDAP and is pointing directly to the DC server, would I need to change it so it points to the proxy server so it authenticates against DUO?
I thought I would ask here instead of going back to support as someone here may have a better understanding of connecting it all so I can use duo to authenticate in to the solarwinds dashboard.
Sorry for my all my questions, still learning duo and just want to get good at it