02-18-2022 10:23 AM
We currently have the DAP implemented for multiple applications and services.
An in all those cases DAP is responsible for the Primary and Secondary Authentication.
Now we want to add Citrix NetScaler, but this time DAP will be responsible only for the Secondary AuthC.
Will I be able to configure DAP with both the [ad_client] and [duo_only_client] options configured?
for example:
[duo_only_client]
[ad_client]
host=x.x.x.x
host2=x.x.x.x
service_account_username=
service_account_password=
seach_dn=DC=xxx,DC=xxx;For existing Application
[radius_server_auto]
ikey=xxxxxx
skey_protected=xxxxx
api_host=■■■■■■■■■■■■■■■■■■■■■■■■■■
radius_ip_1=x.x.x.x
#radius_ip_2=x.x.x.x
radius_secret_protected_1=xxxxxxxxx
#radius_secret_protected_2=xxxxxxxxx
client=ad_client
port=1812
failmode=safe;For the Citrix implementation
[radius_server_auto]
ikey=xxxxxxx
skey_protected=xxxxx
api_host=■■■■■■■■■■■■■■■■■■■■■■■■■■
radius_ip_1=x.x.x.x
#radius_ip_2=x.x.x.x
radius_secret_protected_1=xxxxxxxxx
#radius_secret_protected_2=xxxxxxxxx
client=duo_only_client
port=1812
failmode=safe
Solved! Go to Solution.
02-18-2022 11:26 AM
Hi @BrLima ,
Yes, you can have a single Auth Proxy configured to support both ad_client
and duo_only_client
. Please see https://help.duo.com/s/article/2216.
For the Citrix integration, you would need to either name the server section radius_server_auto2
or use radius_server_duo_only
as mentioned in Duo for Citrix Gateway Basic Secondary Authentication Instructions | Duo Security. You would also need to specify a different port for the RADIUS request to listen on as this is how the Auth Proxy maps authn requests to the appropriate application (Duo Authentication Proxy Reference | Duo Security). Otherwise, you would have a port conflict and the Auth Proxy service would not start.
Please also see https://help.duo.com/s/article/1124
Hope this helps!
02-18-2022 11:26 AM
Hi @BrLima ,
Yes, you can have a single Auth Proxy configured to support both ad_client
and duo_only_client
. Please see https://help.duo.com/s/article/2216.
For the Citrix integration, you would need to either name the server section radius_server_auto2
or use radius_server_duo_only
as mentioned in Duo for Citrix Gateway Basic Secondary Authentication Instructions | Duo Security. You would also need to specify a different port for the RADIUS request to listen on as this is how the Auth Proxy maps authn requests to the appropriate application (Duo Authentication Proxy Reference | Duo Security). Otherwise, you would have a port conflict and the Auth Proxy service would not start.
Please also see https://help.duo.com/s/article/1124
Hope this helps!
02-19-2022 04:48 AM
Thanks Pablo!
My bad, when I was making the example I forgot to write the second one to [radius_server_auto2]. And thanks also for the heads up regarding the port, I totally forgot it.
I’m following this guide, as our NetScaler is on version 12.0:
Best regards!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide