This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Converting from LDAP to Radius Authentication for DUO MFA with Sophos SSL-VPN

We were testing DUO MFA with LDAP authentication to our Active Directory using the Sophos SSL-VPN.  Tan into the "timeout" problem and created a Radius login and server to fix this.   Now we are seeing: 

1. Initial validation appears to work,   

2. DUO MFA request is sent to the phone for authentication .

3. Once returned, the authorization fails at final login. 

I'm wondering if this is because of something changed in the way groups our handled?  

All users are members of our AD Group "VPN Users

What's the missing link?   


Thanks.   



This thread was automatically locked due to age.
Parents Reply
  • Hi....LuCar, Toni....many thanks for your note.   Yes, we've specified that in the Radius server setup under "Domain name" we have our AD domain.   One thing I was wondering whether the Radius server name needs to be something specific..... is that what you are referring to?   For the Server IP we have our authproxy server. This is set using the  ad_client in the [radius_server_auto] of the authproxy.cfg file.  

Children
No Data