Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1469
Views
0
Helpful
1
Replies

Duo AuthProxy as RADIUS Server and Vendor Specifics

FPBPC
Level 1
Level 1

‎07-01-2021 11:03 AM

Setting up Duo for my switches and am running into an issue when using the DuoAuthProxy as my RADIUS server. I have the LDAP Proxy pulling one AD group of users into Duo, then the RADIUS allows only those group members.

My Cisco switches (5548) work ok, I get the push and I get logged in. The issue is I am logged in at “Level 1” and have no command set. i want to be logged in at “Level 15” so I am a full admin. This seems to require the use of vendor-specific return codes but I cannot find where these are or are not supported within Duo itself.

If I need to do this does it require I set up an separate NPS server? I don’t use NPS right now, the wireless goes to the Internet and no-where else, and the rest of my environment is very simple (small company so not the most involved environment…)

Thanks in advance,

FPBPC

Labels:
0 Helpful
1 Reply 1

DuoKristina
Cisco Employee
Cisco Employee

‎07-07-2021 09:28 AM

It’s not possible to define VSAs on the Duo Authentication Proxy itself, but it can pass through VSAs received from an upstream RADIUS server (like NPS) back to the device that initiated the access-request. This would require configuring the Duo proxy to use a radius_client instead of an ad_client.

Duo, not DUO.
0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents