Duo is super fast and easy to deploy - well it depends ;)
Got two boxes of CentOS Linux to setup Duo Radius Proxies, started the setup process with some prerequisites
[root@v***duo01 ~]# yum install gcc make liffi-devel per zlib-devel
Loaded plugins: fastestmirror
base | 3.6 kB 00:00:00
extras | 2.9 kB 00:00:00
updates | 2.9 kB 00:00:00
(1/4): base/7/x86_64/group_gz | 153 kB 00:00:00
(2/4): extras/7/x86_64/primary_db | 194 kB 00:00:00
(3/4): updates/7/x86_64/primary_db | 1.3 MB 00:00:00
(4/4): base/7/x86_64/primary_db | 6.1 MB 00:00:01
Determining fastest mirrors
* base: centos.anexia.at
* extras: centos.anexia.at
* updates: centos.anexia.at
No package liffi-devel available.
No package per available.
Resolving Dependencies
--> Running transaction check
---> Package gcc.x86_64 0:4.8.5-39.el7 will be installed
------------------------------------snip--------------------------
Dependency Updated:
glibc.x86_64 0:2.17-307.el7.1 glibc-common.x86_64 0:2.17-307.el7.1 libgcc.x86_64 0:4.8.5-39.el7 libgomp.x86_64 0:4.8.5-39.el7
zlib.x86_64 0:1.2.7-18.el7
Complete!
Got two boxes of CentOS Linux to setup Duo Radius Proxies, started the setup process with some prerequisites
[root@v***duo01 ~]# yum install gcc make liffi-devel per zlib-devel
Loaded plugins: fastestmirror
base | 3.6 kB 00:00:00
extras | 2.9 kB 00:00:00
updates | 2.9 kB 00:00:00
(1/4): base/7/x86_64/group_gz | 153 kB 00:00:00
(2/4): extras/7/x86_64/primary_db | 194 kB 00:00:00
(3/4): updates/7/x86_64/primary_db | 1.3 MB 00:00:00
(4/4): base/7/x86_64/primary_db | 6.1 MB 00:00:01
Determining fastest mirrors
* base: centos.anexia.at
* extras: centos.anexia.at
* updates: centos.anexia.at
No package liffi-devel available.
No package per available.
Resolving Dependencies
--> Running transaction check
---> Package gcc.x86_64 0:4.8.5-39.el7 will be installed
------------------------------------snip--------------------------
Dependency Updated:
glibc.x86_64 0:2.17-307.el7.1 glibc-common.x86_64 0:2.17-307.el7.1 libgcc.x86_64 0:4.8.5-39.el7 libgomp.x86_64 0:4.8.5-39.el7
zlib.x86_64 0:1.2.7-18.el7
Complete!
Next step is downloading the latest package and start the make process
[root@v***duo01 ~]# wget https://dl.duosecurity.com/duoauthproxy-latest-src.tgz
--2020-05-26 17:14:00-- https://dl.duosecurity.com/duoauthproxy-latest-src.tgz
Connecting to 10.133.21.140:8080... connected.
Proxy request sent, awaiting response... 200 OK
Length: 43046700 (41M) [application/x-tar]
Saving to: ‘duoauthproxy-latest-src.tgz’
100%[===============================================================================================================>] 43,046,700 93.0MB/s in 0.4s
2020-05-26 17:14:00 (93.0 MB/s) - ‘duoauthproxy-latest-src.tgz’ saved [43046700/43046700]
[root@v***duo01 ~]# tar xzf duoauthproxy-latest-src.tgz
[root@v***duo01 ~]# cd duoauthproxy-4.0.0-3ff5a4b-src/
[root@v***duo01 duoauthproxy-4.0.0-3ff5a4b-src]# ls
conf config.mk doc _fipscustomize.py Makefile pkgs pkgs.mk sitecustomize.py
[root@v***duo01 duoauthproxy-4.0.0-3ff5a4b-src]# make
pushd /root/duoauthproxy-4.0.0-3ff5a4b-src/pkgs/openssl-fips-2.0.16 && \
make -f Makefile.duo all && \
make -f Makefile.duo install && \
------------------------------------snip--------------------------
~/duoauthproxy-4.0.0-3ff5a4b-src/pkgs/setuptools-42.0.2
~/duoauthproxy-4.0.0-3ff5a4b-src
adding minimal entry_points
Regenerating egg_info
Traceback (most recent call last):
File "setup.py", line 9, in <module>
import setuptools
File "/root/duoauthproxy-4.0.0-3ff5a4b-src/pkgs/setuptools-42.0.2/setuptools/__init__.py", line 20, in <module>
from setuptools.dist import Distribution, Feature
File "/root/duoauthproxy-4.0.0-3ff5a4b-src/pkgs/setuptools-42.0.2/setuptools/dist.py", line 36, in <module>
from setuptools import windows_support
File "/root/duoauthproxy-4.0.0-3ff5a4b-src/pkgs/setuptools-42.0.2/setuptools/windows_support.py", line 2, in <module>
import ctypes
File "/root/duoauthproxy-4.0.0-3ff5a4b-src/duoauthproxy-build/usr/local/lib/python3.8/ctypes/__init__.py", line 7, in <module>
from _ctypes import Union, Structure, Array
ModuleNotFoundError: No module named '_ctypes'
Traceback (most recent call last):
File "bootstrap.py", line 64, in <module>
__name__ == '__main__' and main()
File "bootstrap.py", line 61, in main
run_egg_info()
File "bootstrap.py", line 54, in run_egg_info
subprocess.check_call(cmd)
File "/root/duoauthproxy-4.0.0-3ff5a4b-src/duoauthproxy-build/usr/local/lib/python3.8/subprocess.py", line 364, in check_call
raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['/root/duoauthproxy-4.0.0-3ff5a4b-src/duoauthproxy-build/usr/local/bin/python3', 'setup.py', 'egg_info']' returned non-zero exit status 1.
make: *** [duoauthproxy-build/usr/local/lib/python3.8/site-packages/setuptools-42.0.2-py3.8.egg] Error 1
[root@v***duo01 ~]# wget https://dl.duosecurity.com/duoauthproxy-latest-src.tgz
--2020-05-26 17:14:00-- https://dl.duosecurity.com/duoauthproxy-latest-src.tgz
Connecting to 10.133.21.140:8080... connected.
Proxy request sent, awaiting response... 200 OK
Length: 43046700 (41M) [application/x-tar]
Saving to: ‘duoauthproxy-latest-src.tgz’
100%[===============================================================================================================>] 43,046,700 93.0MB/s in 0.4s
2020-05-26 17:14:00 (93.0 MB/s) - ‘duoauthproxy-latest-src.tgz’ saved [43046700/43046700]
[root@v***duo01 ~]# tar xzf duoauthproxy-latest-src.tgz
[root@v***duo01 ~]# cd duoauthproxy-4.0.0-3ff5a4b-src/
[root@v***duo01 duoauthproxy-4.0.0-3ff5a4b-src]# ls
conf config.mk doc _fipscustomize.py Makefile pkgs pkgs.mk sitecustomize.py
[root@v***duo01 duoauthproxy-4.0.0-3ff5a4b-src]# make
pushd /root/duoauthproxy-4.0.0-3ff5a4b-src/pkgs/openssl-fips-2.0.16 && \
make -f Makefile.duo all && \
make -f Makefile.duo install && \
------------------------------------snip--------------------------
~/duoauthproxy-4.0.0-3ff5a4b-src/pkgs/setuptools-42.0.2
~/duoauthproxy-4.0.0-3ff5a4b-src
adding minimal entry_points
Regenerating egg_info
Traceback (most recent call last):
File "setup.py", line 9, in <module>
import setuptools
File "/root/duoauthproxy-4.0.0-3ff5a4b-src/pkgs/setuptools-42.0.2/setuptools/__init__.py", line 20, in <module>
from setuptools.dist import Distribution, Feature
File "/root/duoauthproxy-4.0.0-3ff5a4b-src/pkgs/setuptools-42.0.2/setuptools/dist.py", line 36, in <module>
from setuptools import windows_support
File "/root/duoauthproxy-4.0.0-3ff5a4b-src/pkgs/setuptools-42.0.2/setuptools/windows_support.py", line 2, in <module>
import ctypes
File "/root/duoauthproxy-4.0.0-3ff5a4b-src/duoauthproxy-build/usr/local/lib/python3.8/ctypes/__init__.py", line 7, in <module>
from _ctypes import Union, Structure, Array
ModuleNotFoundError: No module named '_ctypes'
Traceback (most recent call last):
File "bootstrap.py", line 64, in <module>
__name__ == '__main__' and main()
File "bootstrap.py", line 61, in main
run_egg_info()
File "bootstrap.py", line 54, in run_egg_info
subprocess.check_call(cmd)
File "/root/duoauthproxy-4.0.0-3ff5a4b-src/duoauthproxy-build/usr/local/lib/python3.8/subprocess.py", line 364, in check_call
raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['/root/duoauthproxy-4.0.0-3ff5a4b-src/duoauthproxy-build/usr/local/bin/python3', 'setup.py', 'egg_info']' returned non-zero exit status 1.
make: *** [duoauthproxy-build/usr/local/lib/python3.8/site-packages/setuptools-42.0.2-py3.8.egg] Error 1
Seems there is an issue with Python. I figured out that CentOS runs on Python2 per default, but Duo needs to run Python3.
I quickly fixed that with
[root@v***duo01 ~]# python --version
Python 2.7.5
[root@v***duo01 ~]# yum install -y python3
------------------------------------snip--------------------------
[root@v***duo01 ~]# ln -fs /usr/bin/python3 /usr/bin/python
I quickly fixed that with
[root@v***duo01 ~]# python --version
Python 2.7.5
[root@v***duo01 ~]# yum install -y python3
------------------------------------snip--------------------------
[root@v***duo01 ~]# ln -fs /usr/bin/python3 /usr/bin/python
Now the make process finishes without errors, let's install
[root@v***duo01]# cd duoauthproxy-build/
[root@v***duo01]# ./install
In what directory do you wish to install the Duo Authentication Proxy?
[/opt/duoauthproxy]
Enter the name of a user account under which the Authentication Proxy should be run. We recommend a non-privileged and locked down account.
Or you can press <Enter> and our default locked down user will be created for you:
[duo_authproxy_svc]
Enter the name of a group under which the Authentication Proxy logs will be readable. Or press <Enter> and a default group will be created for you:
[duo_authproxy_grp]
Copying files... Done.
Create an initialization script to run the proxy upon startup? [Yes/no] yes
Created symlink from /etc/systemd/system/multi-user.target.wants/duoauthproxy.service to /etc/systemd/system/duoauthproxy.service.
Created service script at /etc/systemd/system/duoauthproxy.service
Installation completed. Before starting the Authentication Proxy,
Please edit the configuration file at:
/opt/duoauthproxy/conf/authproxy.cfg
[root@v***duo01]# cd duoauthproxy-build/
[root@v***duo01]# ./install
In what directory do you wish to install the Duo Authentication Proxy?
[/opt/duoauthproxy]
Enter the name of a user account under which the Authentication Proxy should be run. We recommend a non-privileged and locked down account.
Or you can press <Enter> and our default locked down user will be created for you:
[duo_authproxy_svc]
Enter the name of a group under which the Authentication Proxy logs will be readable. Or press <Enter> and a default group will be created for you:
[duo_authproxy_grp]
Copying files... Done.
Create an initialization script to run the proxy upon startup? [Yes/no] yes
Created symlink from /etc/systemd/system/multi-user.target.wants/duoauthproxy.service to /etc/systemd/system/duoauthproxy.service.
Created service script at /etc/systemd/system/duoauthproxy.service
Installation completed. Before starting the Authentication Proxy,
Please edit the configuration file at:
/opt/duoauthproxy/conf/authproxy.cfg
