Configuring Duo authentication server support
You can configure FortiADC to support a Duo RADIUS authentication server.
Basic steps:
- Configure a connection to a RADIUS server that can authenticate administrator or user logins.
- Select the RADIUS server configuration when you add administrator users or user groups.
Before you begin:
- You must know the IP address, port, authentication protocol, and shared secret used to access the RADIUS server.
- You must have Read-Write permission for System settings.
To configure duo authentication support:
- Go to User Authentication > Remote Server.
- Select the RADIUS Server tab.
- Click Create New to display the configuration editor.
- Complete the configuration as described in Configuring Duo authentication server support.
- Save the configuration.
| Settings | Guidelines |
|---|---|
|
Name |
Name the configuration to something like "Duo RADIUS" to differentiate it from other RADIUS server configurations. |
|
Server |
Enter the IP address or DQDN of the Duo RADIUS proxy. |
|
Port |
Specify the listening port of the Duo RADIUS proxy. |
|
Shared Secret |
Enter the RADIUS secret configured on the Duo RADIUS proxy. |
|
Authentication Protocol |
Be sure to select PAP for Duo RADIUS support. |
|
Timeout |
Specify the amount of time that FortiADC must wait for responses from the remote RADIUS server before it times out the connection. Valid values are from 5 to 60 seconds. For Duo RADIUS support, we recommend using 60 seconds. |
You can also configure a Duo RADIUS server using the following commands from the Console:
config user radius
edit <name>
set auth-type {chap|ms_chap|ms_chapv2|pap}
set port <integer>
set secret <password>
set server <string>
set timeout <integer>
set vdom <datasource>
next
end