To configure the Duo auth proxy, you must modify the authproxy.cfg file. For example:

vi /opt/duoauthproxy/conf/authproxy.cfg

Below is an example configuration containing the details copied above in addition to the interface address of the LoadMaster which is the RADIUS Client (radius_ip_1) and the RADIUS shared secret to use (radius_secret_1).

The configuration file should contain the following:

 
[main]
debug=true
test_connectivity_on_startup=true
[duo_only_client]
[radius_server_auto]
ikey=DIS1YSDW3KSFRKLX2W1S
skey=eEqgB1BUP7dfasdasdasdhAPDZOSwLvLp
api_host=api-e0c2593d.duosecurity.com
radius_ip=10.1.151.61
radius_secret_1=Hummingbird
client=duo_only_client
port=1812

In the example above:

  • The radius_ip is the LoadMaster's IP address (or the shared IP address in a High Availability (HA) configuration).

    Note: When dealing with RADIUS in LoadMaster HA mode, we recommend adding all three IP addresses (the shared IP address and the individual IP address of both LoadMasters). The LoadMaster might use the shared IP address if the RADIUS server is local, or the individual IP address if the RADIUS server is remote.

  • The radius_secret_1 is a chosen password. This is required to be configured on the LoadMaster as the RADIUS Shared Secret in the SSO Domain configuration of the domain LDAPDUO which is mentioned below.