product icon

LastPass Universal Proxy v5.x RADIUS configuration using command line

    Before you begin:
    Note: LastPass Universal Proxy v5.x uses a Linux-based docker image that runs in a docker container. For more information about the minimum system requirements for Docker, view Minimum software requirements for LastPass Universal Proxy.
    About this task:
    Note: This feature requires an account with the LastPass Business + Advanced MFA add-on. How do I upgrade my LastPass Business account with an add-on?
    Note: Only Password Authentication Protocol (PAP) and Challenge Handshake Authentication Protocol (CHAP) modes are supported by the service.
    1. Configure the following parameters. Available options are in brackets, and default options are in parentheses.
      Select the protocol [LDAP, LDAPS, RADIUS]:
      RADIUS
      Select the challenge mode [LP, PLP, SFA]:
      Enter the server mode of Universal Proxy.
      Would you like to use RADIUS to RADIUS (1) or RADIUS with LDAP authentication (2)? [1, 2] (1)
      The default mode is using RADIUS to RADIUS authentication.
      Note: Using RADIUS with LDAP authentication is recommended only for Sonicwall VPN.

      For more information on server modes, see Server Modes.

    2. Configure the RADIUS server setup.
      • LastPass MFA Authentication [LP]
        Enter the name of your company:
        The company name that appears in the end users MFA application when they receive a push notification from your system.
        Enter the CLS integration key:
        The LastPass CLS integration key that you retrieved from the LastPass new Admin Console. For more information, see Find the integration key.
        Enter the CLS integration secret:
        The LastPass CLS integration secret that you retrieved from the LastPass new Admin Console.
        Enter the preferred method of default authentication [push, call] (push):
        The default authentication factor. The default factor is push.
        Enter the RADIUS secret:
        The RADIUS secret of your RADIUS server.
      • LastPass MFA or password authentication [PLP]
        Enter the name of your company:
        The company name that appears in the end users MFA application when they receive a push notification from your system.
        Enter the CLS integration key:
        The LastPass CLS integration key that you retrieved from the LastPass new Admin Console. For more information, see Find the integration key.
        Enter the CLS integration secret:
        The LastPass CLS integration secret that you retrieved from the LastPass new Admin Console.
        Enter the RADIUS server IP address:
        The IP address or a DNS name your RADIUS server.
        Enter the RADIUS server port (1812):
        This is the port on which the RADIUS server listens to for incoming requests.
        Enter the listening accounting port of the Radius server (1813):
        The default value is 1813. This value can be changed.
        Enter the RADIUS secret:
        The RADIUS secret of your RADIUS server.
      • Both LastPass MFA and password authentication [SFA]
        Enter the name of your company:
        The company name that appears in the end users MFA application when they receive a push notification from your system.
        Enter the CLS integration key:
        The LastPass CLS integration key that you retrieved from the LastPass new Admin Console. For more information, see Find the integration key.
        Enter the CLS integration secret:
        The LastPass CLS integration secret that you retrieved from the LastPass new Admin Console.
        Enter the preferred method of default authentication [push, call] (push):
        The default authentication factor. The default factor is push.
        Enter the RADIUS server IP address:
        The IP address or a DNS name of your RADIUS server.
        Enter the RADIUS server port (1812):
        This is the port on which the RADIUS server listens to for incoming requests.
        Enter the listening accounting port of the Radius server (1813):
        The default value is 1813. This value can be changed.
        Enter the RADIUS secret:
        The RADIUS secret of your RADIUS server.
    3. Once configured, run the docker image in a container for LastPass Universal Proxy v5.x by executing the following command in the terminal:
      Important: As RADIUS uses UDP ports, it must be indicated in the command.
      docker run --name=<friendlyname> -v <nameofthevolume>:usr/local/universalproxy/volume -p <RADIUSserverport>:1812/udp -p <listeningaccountingportofRADIUS>:1813/udp -dit -e TZ=UTC <dockerimagerepository>:<dockerimagetag>
      Command example:
      docker run --name=universalproxy -v universalproxy:/usr/local/universalproxy/volume -p 1812:1812/udp -p 1813:1813/udp -dit -e TZ=UTC lastpass/universalproxy:5.0.0
    Results: LastPass Universal Proxy v5.x is now configured.