top of page

Duo Authentication Proxy failmode

Writer: Diniz MartinsDiniz Martins

The Duo Authentication Proxy is an on-premises software service that receives authentication requests from your local devices and applications via RADIUS or LDAP, optionally performs primary authentication against your existing LDAP directory or RADIUS authentication server, and then contacts Duo to perform secondary authentication. Once the user approves the two-factor request (received as a push notification from Duo Mobile, or as a phone call, etc.), the Duo proxy returns access approval to the requesting device or application.


In addition to providing two-factor authentication, the Duo Authentication Proxy is a required component for importing Active Directory or OpenLDAP users into Duo via sync, Active Directory authentication for Duo Single Sign-On, and can also act as an HTTP proxy itself for other systems that also need to contact Duo's cloud service.


Configuration:


The Duo Authentication Proxy configuration file is named authproxy.cfg, and located in the conf subdirectory of the proxy installation.


Windows:

C:\Program Files\Duo Security Authentication Proxy\conf

Linux:

/opt/duoauthproxy/conf

Failmode:


The Duo Authentication Proxy can be configured to follow one of the following failmode behaviors:

  • Safe: If the Authentication Proxy cannot communicate to Duo's cloud service, you will be allowed through based on your primary credentials. This is the default behavior.

  • Secure: If the Authentication Proxy cannot communicate to Duo's cloud service, you will not be allowed to authenticate.


For example:

[radius_server_auto] 
ikey=DIXXXXXXXXXXXXXXXXXX 
skey=XXXXXXXXXXXXXXXXXXXX 
api_host=api-XXX.duosecurity.com 
failmode=secure 
radius_ip_1=5.6.7.8 
radius_secret_1=XXX
client=radius_client

Check your configuration and keep safe!



Recent Posts

See All

Understanding CIMC for Cisco ISE

Cisco Integrated Management Controller (CIMC) is a crucial component for managing and monitoring Cisco UCS servers, including those used...

Securing IOS-XE Routing Protocols

Securing the routing information prevents an attacker from introducing false routing information into the network, which could be used as...

Cisco Duo Log Sync (DLS)

Duologsync (DLS) is a utility written by Duo Security that supports fetching logs from Duo endpoints and ingesting them to different...

Comments


Programming and IT solutions guide on STENGE.info blog
Cybersecurity and Networking tutorials on STENGE.info
IT infrastructure solutions and technology tutorials
STENGE.info logo - Tech Blog for IT Solutions and Tutorials
bottom of page