If using the Duo Proxy as both and ad_client and ldap_server is it possible to pass group membership back to original requesting device as well the notification of authentication?
DuoKristina:
allow_searches_after_bind=true
allow_unlimited_binds=true
Thanks, was just about to update that I found the issue. I was using the ip of the DC and not the hostnames. Once I specified the hostname it worked perfectly.
A million thank you’s!!! That worked like a charm and I’m able to connect now.
Now to troubleshoot why the proxy is failing to do LDAPS to the domain controllers when their certs were signed by the same CA.
Thanks for this information. I tried adding both
allow_unlimited_binds=true
and
allow_searches_after_bind=true
in the ldap_server_auto section, but it’s still failing and when I go to the requesting device (Pulse Secure) it appears no group membersh...