Howdy,
We have user VPN setup and working tied to AD. Unfortunately I am having hell getting it to work with DUO. It seems the request is never sent to the DUO side based on what I can tell.
Are there any issues with have the DUO proxy service installed on the same server that hosts NPS and Active Directory (single DC environment for the moment).
You can change the listening port in DUO auth proxy config to a different port than the default radius ports of 1812 and 1813. Then set the radius port in the Fortigate radius server config to point to the new port. Make sure that the new port is open in the windows firewall.
We never could get it working on our HA pairs at the same time. We had to switch everyone to Duo and remove the ldap groups and config all together. I believe it is supposed to work with either at the same time but I failed to find much documentation to support that.
I forgot to mention that you will also need to adjust remoteauthtineout in config system global to give users more time to approve DUO push.
Thanks! I will try to make these changes today and report back.
So I could be simply seeing a port conflict between NPS and DUO proxy basically?
in DUO auth proxy
This did the trick, thanks!!
You are welcome. I am glad it all worked out for you. MFA everything!!!
How is your config looking, im having trouble doing the exact same?
My issue was that Radius (NPS) was already using the port. After I configured DUO to use a different port it started working.
Could i get a copy paste of your duo config? With important stuff removed ofcourse