I have an R80.30 environment with the latest hotfix 111. I am attempting to get DUO with Radius authentication working. I have gone through many articles and followed many guides but the firewall doesn't seem to be reading the Radius Attribute correctly. I have attached document with screenshot of all settings.
It clearly shows in output below that user is authenticated the attributes are sent to firewall, however in the document (image 😎 it clearly also shows the fw fails to associate user to correct radius group.
FW to DUO Server
11:27:19.014685 IP (tos 0x0, ttl 64, id 29050, offset 0, flags [DF], proto UDP (17), length 91)
192.168.50.1.50289 > 192.168.50.55.1812: [udp sum ok] RADIUS, length: 63
Access-Request (1), id: 0xfc, Authenticator: d13ddb2daa9348b74f4b9e18515ed201
User-Name Attribute (1), length: 13, Value: jconcepcion (user)
0x0000: 6a63 6f6e 6365 7063 696f 6e
User-Password Attribute (2), length: 18, Value:
0x0000: d77c 4ddb c4cb 6a4a 6e8b a1b7 0281 d6ae
Service-Type Attribute (6), length: 6, Value: Login
0x0000: 0000 0001
NAS-IP-Address Attribute (4), length: 6, Value: 192.168.50.1 (fw)
0x0000: c0a8 3201
DUO response to FW
11:27:19.019777 IP (tos 0x0, ttl 128, id 22638, offset 0, flags [DF], proto UDP (17), length 123)
192.168.50.55.1812 > 192.168.50.1.50289: [udp sum ok] RADIUS, length: 95
Access-Accept (2), id: 0xfc, Authenticator: 978072888ab55bad85d2d3ce987d21f1
Vendor-Specific Attribute (26), length: 17, Value: Vendor: Unknown (2620)
Vendor Attribute: 229, Length: 9, Value: DuoVpnGrp (confirmation user group being sent back to fw)
0x0000: 0000 0a3c e50b 4475 6f56 706e 4772 70
Framed-Protocol Attribute (7), length: 6, Value: PPP
0x0000: 0000 0001
Service-Type Attribute (6), length: 6, Value: Framed
0x0000: 0000 0002
Class Attribute (25), length: 46, Value: m...
0x0000: 6d90 059e 0000 0137 0001 0200 c0a8 3237
0x0010: 0000 0000 0000 0000 0000 0000 01d5 b81a
0x0020: b34d b82f 0000 0000 0000 0002