HELP FILE

LastPass Universal Proxy RADIUS configuration using command line

    Before you begin:
    Note: Requirements for the configuration process:
    • Microsoft Windows operating system
    • Windows PowerShell 3.0 or higher
    Note: This feature requires an account with the LastPass Business + Advanced MFA add-on. How do I upgrade my LastPass Business account with an add-on?
    Important: In order to use LastPass Universal Proxy 4.0 with the RADIUS protocol, an Active Directory Connector must be installed and an Active Directory must be present.
    Note: Only Password Authentication Protocol (PAP) and Challenge Handshake Authentication Protocol (CHAP) modes are supported by the service.
    1. Configure the following parameters. Available options are in brackets, and default options are in parentheses.

      Select the protocol [LDAP, LDAPS, RADIUS]:
      RADIUS
      Select the challenge mode [LP, PLP, SFA]:
      Enter the server mode of Universal Proxy.
      Would you like to use RADIUS to RADIUS (1) or RADIUS with LDAP authentication (2)? [1, 2] (1)
      The default mode is using RADIUS to RADIUS authentication.
      Note: Using RADIUS with LDAP authentication is recommended only for Sonicwall VPN.

      For more information on server modes, see Server Modes.

    2. Configure the RADIUS server setup.
      • LastPass MFA Authentication [LP]
        Enter the listening port of the Universal Proxy (1812):
        The default value is 1812. This value can be changed. This is the port on which the Universal Proxy listens to for incoming requests.
        Enter the listening accounting port of the Universal Proxy (1813):
        The default value is 1813. This value can be changed.
        Enter the name of your company:
        The company name that appears in the end users MFA application when they receive a push notification from your system.
        Enter the CLS integration key:
        The LastPass CLS integration key that you retrieved from the LastPass new Admin Console. For more information, see How do I find the integration key?.
        Enter the CLS integration secret:
        The LastPass CLS integration secret that you retrieved from the LastPass new Admin Console. For more information, see How do I find the integration key?.
        Enter the RADIUS secret:
        The RADIUS secret of your RADIUS server.
      • LastPass MFA or password authentication [PLP]
        Enter the listening port of the Universal Proxy (1812):
        The default value is 1812. This value can be changed. This is the port on which the Universal Proxy listens to for incoming requests.
        Enter the listening accounting port of the Universal Proxy (1813):
        The default value is 1813. This value can be changed.
        Enter the name of your company:
        The company name that appears in the end users MFA application when they receive a push notification from your system.
        Enter the CLS integration key:
        The LastPass CLS integration key that you retrieved from the LastPass new Admin Console. For more information, see How do I find the integration key?.
        Enter the CLS integration secret:
        The LastPass CLS integration secret that you retrieved from the LastPass new Admin Console. For more information, see How do I find the integration key?.
        Enter the RADIUS server IP address:
        The IP address or a DNS name your RADIUS server.
        Enter the RADIUS server port (1812):
        This is the port on which the RADIUS server listens to for incoming requests.
        Enter the listening accounting port of the Radius server (1813):
        The default value is 1813. This value can be changed.
        Enter the RADIUS secret:
        The RADIUS secret of your RADIUS server.
      • Both LastPass MFA and password authentication [SFA]
        Enter the listening port of the Universal Proxy (1812):
        The default value is 1812. This value can be changed. This is the port on which the Universal Proxy listens to for incoming requests.
        Enter the listening accounting port of the Universal Proxy (1813):
        The default value is 1813. This value can be changed.
        Enter the name of your company:
        The company name that appears in the end users MFA application when they receive a push notification from your system.
        Enter the CLS integration key:
        The LastPass CLS integration key that you retrieved from the LastPass new Admin Console. For more information, see How do I find the integration key?.
        Enter the CLS integration secret:
        The LastPass CLS integration secret that you retrieved from the LastPass new Admin Console. For more information, see How do I find the integration key?.
        Enter the RADIUS server IP address:
        The IP address or a DNS name of your RADIUS server.
        Enter the RADIUS server port (1812):
        This is the port on which the RADIUS server listens to for incoming requests.
        Enter the listening accounting port of the Radius server (1813):
        The default value is 1813. This value can be changed.
        Enter the RADIUS secret:
        The RADIUS secret of your RADIUS server.
    3. Once configured, you must restart the Windows service for the LastPass Universal Proxy as follows:

      Open PowerShell and execute the following command:

      uproxy -restart
      Important: You can check the service status in the following ways:
      • In the Services window, the Status of LastPass Universal Proxy must be listed as Running, and the Startup Type should be listed as Automatic. In case the server must reboot, the LastPass Universal Proxy service will automatically start.
      • In the Task Manager window under the Services tab, the Status of Universal Proxy must be listed ad Running.
      • Open PowerShell and execute the following command:

        uproxy -status

    What to do next: It is highly recommended to restrict access to the configuration file that has been created as a result of configuring the LastPass Universal Proxy. For the specific steps, see How do I restrict access to my configuration file for the LastPass Universal Proxy?