Community discussions

MikroTik App
 
User avatar
dcalanchini
just joined
Topic Author
Posts: 14
Joined: Thu Oct 17, 2019 10:12 pm
Location: Sacramento, Ca

Mikrotik secondary auth user radius/MFA/DUO Help

Thu Nov 10, 2022 2:11 am

Hey all,
So I am tempted to ask if Mikrotik Radius/User Manager supports secondary auth...however my real question is:

Has anyone got Cisco DUO MFA working on a Mikrotik VPN. I have been banging my head against it. I know I need User Manager to act as a radius server to do the primary auth, but I can't figure out how to send the secondary auth to the DUO proxy to fire off the MFA push notification...

If anyone can help me get it working, the beers will be on me!!

Thanks in advance,
Derek
Mikrotik pseudo-guru hoping to graduate
 
RiFF
newbie
Posts: 34
Joined: Sun Apr 29, 2018 9:35 pm

Re: Mikrotik secondary auth user radius/MFA/DUO Help

Thu Nov 10, 2022 1:08 pm

Hi,
To my knowledge, this is not possible because User Manager does not have the functionality to forward requests to other systems. You should move requests directly to external radius (radius server feature in DUO ? ) having local db users or integrated with LDAP / AD and this system should trigger a second authentication (or forward it to the system with this functionality) . Look at this presentation, it's similar solution (using NPS and ADSelfService Plus) - https://mbum.pl/archive/mbum6/Secure_VP ... th_MFA.pdf

Who is online

Users browsing this forum: No registered users and 7 guests