On 2 Sep 2016, at 08:06, Scott Armitage <S.P.Armitage@lboro.ac.uk> wrote:
I haven’t used Azure but a quick google suggests RADIUS Authentication and Azure Multi-Factor Authentication Server. This seems to suggest you proxy the inner tunnel (MSCHAPv2) to the Azure MFA server. Doesn’t seem very secure to me proxying MSCHAPv2 across the Internet.
https://azure.microsoft.com/en-gb/documentation/articles/multi-factor-authen...
I can't find the code right now but it was fairly easy to write a shim that authenticated against Azure AD using OAUTH or SAML. Off the top of my head, I created a dummy native application and used C# ADAL to obtain a token or assertion using the users credentials (via TTLS/PAP) and verify the validity. FreeRADIUS just called the binary in the same way as ntlm_auth. Regards, Adam Bishop gpg: E75B 1F92 6407 DFDF 9F1C BF10 C993 2504 6609 D460 jisc.ac.uk Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339, VAT No. GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill, Bristol, BS2 0JA. T 0203 697 5800. Jisc Services Limited is a wholly owned Jisc subsidiary and a company limited by guarantee which is registered in England under company number 2881024, VAT number GB 197 0632 86. The registered office is: One Castle Park, Tower Hill, Bristol BS2 0JA. T 0203 697 5800.