EAP with FreeRadius and Azure Active Directory
A.L.M.Buxey at lboro.ac.uk
Fri Sep 2 11:01:17 CEST 2016
If you cannot have the password then Oauth is out. Ie peap is out. There is an option available where you proxy the RADIUS to an NPS instance in the azure system. That'd work for PEAP.
Better option is use EAP-TLS. Have some web system which uses Azure Auth to generate TLS profiles then leave Azure alone for the EAP clients. Your RADIUS can Auth the TLS clients directly
More information about the Freeradius-Users