Freeradius, Eduroam, AzureAD ldaps authentication

Tanya Stawicki tanyastawicki at gmail.com
Wed Jun 9 12:24:13 CEST 2021


Hello,

We have a Freeradius server two years long successfully providing EduRoam
connectivity for our customer.
Local Identity provider is  Microsoft Server 2016 AD.  WiFi clients are
most Windows 10 clients and phones.

However the customer wants to switch to Azure AD and ( in time)  get rid of
their Windows servers.  They want to authenticate with Azure AADDS Ldaps

I doubt if it is possible with (Free)Radius, I guess the combination is not
in the compatibility matrix, but I’m not sure:  It’s not 100% clear to me,
which encryption method Azure uses for storing passwords in LDAPs.


Question 1.   is it possible FreeRadius for wifi-auth. with Azure AD as IP?

I have set up an other EduRoam FreeRadius server anyway:

What works:

   - ldapsearch -H ldaps.mydomain.nl -x -b “dc=mydomain,dc=nl”
   - radtest abba.king at mydomain <userpassword> 127.0.0.1 -1 testing123 -
   "Received Access-Accept"


  What doesnt work:

   -   Authentication with WiFi  (on windows 10 PC  with native eap-peap /
   mschapv2 )   error:


eap_mschapv2:   authenticate {

(8) mschap: WARNING: No Cleartext-Password configured.  Cannot create
NT-Password

(8) mschap: WARNING: No Cleartext-Password configured.  Cannot create
LM-Password

(8) mschap: Creating challenge hash with username: abba.king at mydomain.nl

(8) mschap: Client is using MS-CHAPv2

(8) mschap: ERROR: FAILED: No NT/LM-Password.  Cannot perform authentication

(8) mschap: ERROR: MS-CHAP2-Response is incorrect

(8)     [mschap] = reject







Did I make a mistake?   Or is it not possible?


Greetings and thanks for FreeRadius,


Tanya


More information about the Freeradius-Users mailing list