Duo Authentication Proxy is an on-premises software service that acts as a RADIUS or LDAP intermediary, bridging the gap between your local applications and Duo’s cloud-based MFA. It’s installed and configured on an operating system which then creates some future work that you’ll want to be comfy with. You’ll need to keep the OS updated but the application requires updating as well.
This guide provides insights on both installation and application maintenance.
Preliminary Installation & Upgrades
Note: Upgrades follow this same procedure and will automatically update the existing installation.
- Update System Packages
sudo apt update && sudo apt upgrade -y - Elevate privilege
sudo-i - Install Prerequisites
apt-get install -y build-essential libffi-dev perl zlib1g-dev - Download and Extract Installer
mkdir ~/folder1cd ~/folder1wget --content-disposition https://dl.duosecurity.com/duoauthproxy-latest-src.tgztar xzfduoauthproxy-latest-src.tgzcd duoauthproxy-*-src - Build and Install
makecd duoauthproxy-build./install
Accept installation defaults and enter Yes when prompted to create the initialization script.
Managing the Proxy Service
Use the following commands to control the Duo Auth Proxy service:
| Action | Command |
| Start | sudo /opt/duoauthproxy/bin/authproxyctl start |
| Status | sudo /opt/duoauthproxy/bin/authproxyctl status |
| Restart | sudo /opt/duoauthproxy/bin/authproxyctl restart |
| Stop | sudo /opt/duoauthproxy/bin/authproxyctl stop |
Configuration & Troubleshooting
- Configure the Proxy:
sudo nano /opt/duoauthproxy/conf/authproxy.cfg - Validate Configuration & Connectivity:
sudo /opt/duoauthproxy/bin/authproxy_connectivity_tool - Live Log Monitoring:
sudo tail -f /opt/duoauthproxy/log/authproxy.log
Verification
- To verify the installed version and ensure the service initialized correctly, run:
grep "Init Complete" /opt/duoauthproxy/log/authproxy.log | tail -n 1
Expected Output: Duo Security Authentication Proxy 6.4.x - Init Complete
