duo_2fa_setup.sh

# https://duo.com/docs/radius

apt-get install build-essential libssl-dev python-dev libffi-dev

cd /tmp
wget -Oduoauthproxy-latest-src.tgz https://dl.duosecurity.com/duoauthproxy-latest-src.tgz

tar xzf duoauthproxy-latest-src.tgz
cd duoauthproxy-version-src
export PYTHON=python
make

cd duoauthproxy-build
./install

# Config: /opt/duoauthproxy/conf/authproxy.cfg

# Active Directory:
# [ad_client]
# host=1.2.3.4
# host_2=1.2.3.5 # optional
# service_account_username=duoservice
# service_account_password=password1
# search_dn=DC=example,DC=com # OU containing user accounts to authenticate
# security_group_dn=CN=DuoVPNUsers,OU=Groups,DC=example,DC=com # optional group containing users who may authenticate

# RADIUS
# [radius_client]
# host=1.2.3.4
# secret=thisisaradiussecret
# port # optional, default 1812
# pass_through_all # optional

# [radius_server_auto]
# ikey=DIXXXXXXXXXXXXXXXXXX
# skey=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
# api_host=api-XXXXXXXX.duosecurity.com
# radius_ip_1=5.6.7.8
# radius_secret_1=thisisalsoaradiussecret
# client=ad_client # radius_client, duo_only_client
# port=1812 # optional
# failmode=safe # optional

# Start the Proxy
/opt/duoauthproxy/bin/authproxyctl start # status, restart