Untitled

; Complete documentation about the Duo Auth Proxy can be found here:
; https://duo.com/docs/authproxy_reference

; MAIN: Include this section to specify global configuration options.
; All settings are optional.
; Reference: https://duo.com/docs/authproxy_reference#main-section
;[main]


; CLIENTS: Include one or more of the following configuration sections.
; To configure more than one client configuration of the same type, append a
; number to the section name (e.g. [ad_client2])

; Include ad_client if you want to use an Active Directory domain controller
; for primary auth.
[ad_client]
; The hostname or IP address of your domain controller
host=
; Username of the account that will read from your Active Directory database
service_account_username=
; Password corresponding to service_account_username
service_account_password=
; The LDAP distinguished name of an AD or OU containing all of the users you
; wish to permit to log in
search_dn=

; Include radius_client if you want the Auth Proxy to contact another RADIUS
; server to perform primary auth
; Config Options: https://duo.com/docs/authproxy_reference#radius_client
;[radius_client]

; Include duo_only_client if your device supports separate configurations for
; primary and secondary authentication and you wish to use the Auth Proxy for
; secondary authentication and let the device handle primary authentication.
; Reference: https://duo.com/docs/authproxy_reference#duo_only_client
;[duo_only_client]


; SERVERS: Include one or more of the following configuration sections.
; To configure more than one server configuration of the same type, append a
; number to the section name (e.g. radius_server_auto1, radius_server_auto2)

; radius_server_auto is recommended for most applications and is compatible
; with almost all systems that support RADIUS auth. User's device and factor
; is automatically selected for each login
; Config options: https://duo.com/docs/authproxy_reference#radius-auto
[radius_server_auto]
; Your Duo integration key
ikey=
; Your Duo secret key
skey=
; Your Duo API hostname (e.g. "api-XXXX.duosecurity.com")
api_host=
; The IP address or IP range of the device(s) or application(s) that will be
; contacting the authentication proxy via RADIUS
radius_ip_1=
; A shared secret that you'll enter both here and in the configuration of the
; device(s) or application(s) with the corresponding radius_ip_x value. We
; recommend as strong a password as possible. (max 128 chars)
radius_secret_1=
; Protocol followed in the event that Duo services are down.
; Safe: Authentication permitted if primary authentication succeeds
; Secure: All authentication attempts will be rejected
failmode=safe
; Mechanism the Auth Proxy should use to perform primary auth. Should correspond
; with a "client" section elsewhere in this configuration file
client=ad_client
; Port on which to listen for incoming RADIUS Access Requests
port=1812

; radius_server_iframe shows users a web-based authentication prompt. This mode
; is only available on supported devices.
; Config Options: https://duo.com/docs/authproxy_reference#radius-iframe
;[radius_server_iframe]

; radius_server_challenge presents users with a textual challenge after entering
; their existing passwords
; Config Options: https://duo.com/docs/authproxy_reference#radius-challenge
;[radius_server_challenge]

; radius_server_concat has users append a Duo passcode to their existing passwords
; Config Options: https://duo.com/docs/authproxy_reference#radius-concat
;[radius_server_concat]

; Include radius_server_duo_only when primary auth is handled elsewhere and you want
; to submit the passcode or factor choice as the RADIUS password field
; Config Options: https://duo.com/docs/authproxy_reference#radius-duo-only
;[radius_server_duo_only]

; Include ldap_server_auto to use with an LDAP integration. The passcode or factor
; will be appended to the password or a default factor can be selected
; Config Options: https://duo.com/docs/authproxy_reference#ldap-auto
;[ldap_server_auto]