Windows Server Summit 2024
Mar 26 2024 08:00 AM - Mar 28 2024 04:30 PM (PDT)
Microsoft Tech Community
LIVE

Radius authentication from Duo Proxy

Copper Contributor

Hello...I have been working with Duo support on this, and we are at the point where they have told me to start investigating on the MS side.

 

I am currently running a Radius server for my company on a Windows 19 VM by using the Network Policy Server role .  It is separate from my DC's.  I am using this server to provide Radius authentication for various pieces of equipment through out my environment.  I have successfully configured it to authenticate logins on our Cisco routers and switches.  We are now to the point where we would also like to leverage Duo MFA on these logins.  

 

I have set up a Duo Radius Proxy server on one of my DC's that takes the Radius request from a Cisco device and passes that request to The NPS server.  The problem I am running into is these Radius requests are being rejected with access-reject packets, and I cannot figure out why.  The key and username/passwords are all verified correct as I can use the same cisco device and credentials to hit the NPS server directly with the radius request and it processes fine.  Something is going on with the Duo request being sent.  The event log is little help and I cannot figure out how to gain relevant information on why these requests are being rejected.  I can provide screen shots and examples of my NPS and Duo setup if needed.

 

Thank you.

1 Reply

@hyknmt06 

I had this running just fine with my network switches. Sometime this month (I believe) it stopped working. I'm not sure if it's a DUO issue or a Microsoft Issue. 

 

1. Are NPS and DUO proxy colocated (IE same server)?

2. What authentication method are you using?