Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
202
Views
0
Helpful
1
Replies

NetExtender with admin bypass code

Go to solution
ChrisRoberts
Level 1
Level 1

‎02-26-2024 01:17 PM

Hello, I'm having a difficult time getting anything other than a Duo Mobile Push notification or placing the VPN user in bypass mode to work with NetExtender VPN. The VPN functions normally with the password field containing only a password, but when I try to use the option to control the Duo factor option (Duo Two-Factor Authentication with RADIUS and Primary Authentication | Duo Security - "Alternatively you may add a comma (",") to the end of your password and append a Duo factor option") I only get "Incorrect username or password." What I would prefer is to use [password],[bypass code] so that only a single-use bypass code is needed. The use case is to remotely join new computers to the domain, so creating a single-use bypass code is preferred to putting the user in bypass. Testing further with [password].phone and [password].[Yubikey code] do not work either. Is there a setting in the Auth Proxy that is required to allow this functionality?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Ken Stieers
VIP
VIP

‎02-27-2024 07:02 AM

Take a look a this https://duo.com/docs/authproxy-reference#server-sections
Specifically the section on RADIUS Auto.
Depending upon how your NetExtender is encrypting passwords, you may not be able to use
Pretty sure it has to be PAP... Also check your Delimiter, Allow_concat settings

Or if you're using Radius_Concat (which requires the comma and code), again, you have to use PAP.






________________________________

This email is intended solely for the use of the individual to whom it is addressed and may contain information that is privileged, confidential or otherwise exempt from disclosure under applicable law. If the reader of this email is not the intended recipient or the employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited.
If you have received this communication in error, please immediately notify us by telephone and return the original message to us at the listed email address.
Thank You.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Ken Stieers
VIP
VIP

‎02-27-2024 07:02 AM

Take a look a this https://duo.com/docs/authproxy-reference#server-sections
Specifically the section on RADIUS Auto.
Depending upon how your NetExtender is encrypting passwords, you may not be able to use
Pretty sure it has to be PAP... Also check your Delimiter, Allow_concat settings

Or if you're using Radius_Concat (which requires the comma and code), again, you have to use PAP.






________________________________

This email is intended solely for the use of the individual to whom it is addressed and may contain information that is privileged, confidential or otherwise exempt from disclosure under applicable law. If the reader of this email is not the intended recipient or the employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited.
If you have received this communication in error, please immediately notify us by telephone and return the original message to us at the listed email address.
Thank You.
0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents