Sonicwall RADIUS with DUO - Invalid User


#1

While testing communication/authentication between a Sonicwall and a RADIUS server authenticating to active directory, I cannot get the Sonicwall to authenticate any users. The Connectivity Tool checks out (all green results), but the authproxy log shows “Primary credentials rejected - Invalid User” even though I am using the same service account that is used to bind the RADIUS to AD.

Any advice?


#2

Did you enroll a user in Duo with a valid auth device?

If you’re using this config: SonicWALL SRA SSL with RADIUS Auto Push for VPN Client Access | Duo Security

The overview says…

This configuration doesn’t support inline self-service enrollment. You’ll need to create your users in Duo ahead of time using one of our other enrollment methods, like directory sync or CSV import. Read the enrollment documentation to learn more.

It might also help you to look a the Duo Authentication proxy log output to see what is happening. Here’s a guide: https://help.duo.com/s/article/2953