[RADIATOR] 2FA Duo Security w/ Radiator

Tuure Vartiainen vartiait at open.com.au
Tue May 23 07:10:09 UTC 2017


Hello,

> On 23 May 2017, at 2.16, LaPorte, David <david_laporte at harvard.edu> wrote:
> 
> For us, the Auth Proxy worked fine, but the change was about being able to seamlessly leverage the other capabilities of Radiator without having to link in another authentication box.  We ran it for 3+ years without issue.  
> 
> On 5/22/17, 6:21 PM, "radiator on behalf of Jennifer Mehl" <radiator-bounces at lists.open.com.au on behalf of jennifer.mehl at ucsb.edu> wrote:
> 
> I wanted to know if there was general guidance and opinions (pros, cons, use cases etc.) on when to use the AuthByDuo clause built-in to Radiator vs. installing and deploying the Duo Authentication Proxy package from Duo Security, and setting Radiator RADIUS as the primary authenticator there.
> 

I second David, AuthBy DUO integrates Duo’s 2FA more tightly with Radiator.

Pros for AuthBy DUO:

+ Same Log/AuthLog with a rest of an authentication chain (a special char ‘%1’ will contain a result reason or an error message from Duo’s API)
+ Works with all EAP methods

Pros for Duo’s Authentication Proxy:

+ Offers onboarding and Duo’s method selection GUI through Radius Reply-Message AVP for devices supporting that.


BR
-- 
Tuure Vartiainen <vartiait at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.



More information about the radiator mailing list