Re: [RADIATOR] 2FA Duo Security w/ Radiator

2017-06-01 Thread Jennifer Mehl 
Thank you both for the information on this.

Jennifer


> On May 23, 2017, at 12:10 AM, Tuure Vartiainen  wrote:
> 
> Hello,
> 
>> On 23 May 2017, at 2.16, LaPorte, David  wrote:
>> 
>> For us, the Auth Proxy worked fine, but the change was about being able to 
>> seamlessly leverage the other capabilities of Radiator without having to 
>> link in another authentication box.  We ran it for 3+ years without issue.  
>> 
>> On 5/22/17, 6:21 PM, "radiator on behalf of Jennifer Mehl" 
>>  
>> wrote:
>> 
>> I wanted to know if there was general guidance and opinions (pros, cons, use 
>> cases etc.) on when to use the AuthByDuo clause built-in to Radiator vs. 
>> installing and deploying the Duo Authentication Proxy package from Duo 
>> Security, and setting Radiator RADIUS as the primary authenticator there.
>> 
> 
> I second David, AuthBy DUO integrates Duo’s 2FA more tightly with Radiator.
> 
> Pros for AuthBy DUO:
> 
> + Same Log/AuthLog with a rest of an authentication chain (a special char 
> ‘%1’ will contain a result reason or an error message from Duo’s API)
> + Works with all EAP methods
> 
> Pros for Duo’s Authentication Proxy:
> 
> + Offers onboarding and Duo’s method selection GUI through Radius 
> Reply-Message AVP for devices supporting that.
> 
> 
> BR
> -- 
> Tuure Vartiainen 
> 
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
> DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
> NetWare etc.
> 
> ___
> radiator mailing list
> radiator@lists.open.com.au
> http://lists.open.com.au/mailman/listinfo/radiator

___
radiator mailing list
radiator@lists.open.com.au
http://lists.open.com.au/mailman/listinfo/radiator

Re: [RADIATOR] 2FA Duo Security w/ Radiator

2017-05-23 Thread Tuure Vartiainen 
Hello,

> On 23 May 2017, at 2.16, LaPorte, David  wrote:
> 
> For us, the Auth Proxy worked fine, but the change was about being able to 
> seamlessly leverage the other capabilities of Radiator without having to link 
> in another authentication box.  We ran it for 3+ years without issue.  
> 
> On 5/22/17, 6:21 PM, "radiator on behalf of Jennifer Mehl" 
>  
> wrote:
> 
> I wanted to know if there was general guidance and opinions (pros, cons, use 
> cases etc.) on when to use the AuthByDuo clause built-in to Radiator vs. 
> installing and deploying the Duo Authentication Proxy package from Duo 
> Security, and setting Radiator RADIUS as the primary authenticator there.
> 

I second David, AuthBy DUO integrates Duo’s 2FA more tightly with Radiator.

Pros for AuthBy DUO:

+ Same Log/AuthLog with a rest of an authentication chain (a special char ‘%1’ 
will contain a result reason or an error message from Duo’s API)
+ Works with all EAP methods

Pros for Duo’s Authentication Proxy:

+ Offers onboarding and Duo’s method selection GUI through Radius Reply-Message 
AVP for devices supporting that.


BR
-- 
Tuure Vartiainen 

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.

___
radiator mailing list
radiator@lists.open.com.au
http://lists.open.com.au/mailman/listinfo/radiator