Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ; Complete documentation about the Duo Auth Proxy can be found here:
- ; https://duo.com/docs/authproxy_reference
- ; MAIN: Include this section to specify global configuration options.
- ; All settings are optional.
- ; Reference: https://duo.com/docs/authproxy_reference#main-section
- ;[main]
- ; CLIENTS: Include one or more of the following configuration sections.
- ; To configure more than one client configuration of the same type, append a
- ; number to the section name (e.g. [ad_client2])
- ; Include ad_client if you want to use an Active Directory domain controller
- ; for primary auth.
- [ad_client]
- ; The hostname or IP address of your domain controller
- host=
- ; Username of the account that will read from your Active Directory database
- service_account_username=
- ; Password corresponding to service_account_username
- service_account_password=
- ; The LDAP distinguished name of an AD or OU containing all of the users you
- ; wish to permit to log in
- search_dn=
- ; Include radius_client if you want the Auth Proxy to contact another RADIUS
- ; server to perform primary auth
- ; Config Options: https://duo.com/docs/authproxy_reference#radius_client
- ;[radius_client]
- ; Include duo_only_client if your device supports separate configurations for
- ; primary and secondary authentication and you wish to use the Auth Proxy for
- ; secondary authentication and let the device handle primary authentication.
- ; Reference: https://duo.com/docs/authproxy_reference#duo_only_client
- ;[duo_only_client]
- ; SERVERS: Include one or more of the following configuration sections.
- ; To configure more than one server configuration of the same type, append a
- ; number to the section name (e.g. radius_server_auto1, radius_server_auto2)
- ; radius_server_auto is recommended for most applications and is compatible
- ; with almost all systems that support RADIUS auth. User's device and factor
- ; is automatically selected for each login
- ; Config options: https://duo.com/docs/authproxy_reference#radius-auto
- [radius_server_auto]
- ; Your Duo integration key
- ikey=
- ; Your Duo secret key
- skey=
- ; Your Duo API hostname (e.g. "api-XXXX.duosecurity.com")
- api_host=
- ; The IP address or IP range of the device(s) or application(s) that will be
- ; contacting the authentication proxy via RADIUS
- radius_ip_1=
- ; A shared secret that you'll enter both here and in the configuration of the
- ; device(s) or application(s) with the corresponding radius_ip_x value. We
- ; recommend as strong a password as possible. (max 128 chars)
- radius_secret_1=
- ; Protocol followed in the event that Duo services are down.
- ; Safe: Authentication permitted if primary authentication succeeds
- ; Secure: All authentication attempts will be rejected
- failmode=safe
- ; Mechanism the Auth Proxy should use to perform primary auth. Should correspond
- ; with a "client" section elsewhere in this configuration file
- client=ad_client
- ; Port on which to listen for incoming RADIUS Access Requests
- port=1812
- ; radius_server_iframe shows users a web-based authentication prompt. This mode
- ; is only available on supported devices.
- ; Config Options: https://duo.com/docs/authproxy_reference#radius-iframe
- ;[radius_server_iframe]
- ; radius_server_challenge presents users with a textual challenge after entering
- ; their existing passwords
- ; Config Options: https://duo.com/docs/authproxy_reference#radius-challenge
- ;[radius_server_challenge]
- ; radius_server_concat has users append a Duo passcode to their existing passwords
- ; Config Options: https://duo.com/docs/authproxy_reference#radius-concat
- ;[radius_server_concat]
- ; Include radius_server_duo_only when primary auth is handled elsewhere and you want
- ; to submit the passcode or factor choice as the RADIUS password field
- ; Config Options: https://duo.com/docs/authproxy_reference#radius-duo-only
- ;[radius_server_duo_only]
- ; Include ldap_server_auto to use with an LDAP integration. The passcode or factor
- ; will be appended to the password or a default factor can be selected
- ; Config Options: https://duo.com/docs/authproxy_reference#ldap-auto
- ;[ldap_server_auto]
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement