We are in the process of setting up our Duo 2FA environment.
Our main priority is to use Duo for our Sonicwall SRA SSL VPN.
We have configured Duo and the Sonicwall with a radius domain, and have setup the Duo proxy authenticator. This part tested successfully.
Here is our issue… we restrict VPN access based on Active Directory groups. We also restrict what servers/applications people have access to based on AD groups and Sonicwall policies as well.
We are now seeing this setup does not apply the AD groups.
Is there any way to get our AD groups to apply within the radius/duo setup? We were told to setup LDAP application in duo for the Sonicwall and duo, but that does not seem to resolve this issue.
Any other suggestions out there?
I am starting to think rather than using the Duo Proxy authenticator we need to have “real” radius server in our AD environment. Is this the only solution to our issue?
Thanks for the help!