On 1 Sep 2016, at 23:09, Graeme Gellatly <graemeg@roof.co.nz> wrote:
Thanks Alan,
That guide is for Active Directory, not Azure Active Directory which is very different. I was actually reading it when your mail came in. The auth workflow is oauth2 based for Azure, no NTLM.
Guess I'll need to experiment with the new Domain Services feature of Azure and a VPN. There are reports of it working with other radius servers. Bit that sucks is I already had samba authenticating using oauth.
I haven’t used Azure but a quick google suggests RADIUS Authentication and Azure Multi-Factor Authentication Server. This seems to suggest you proxy the inner tunnel (MSCHAPv2) to the Azure MFA server. Doesn’t seem very secure to me proxying MSCHAPv2 across the Internet. https://azure.microsoft.com/en-gb/documentation/articles/multi-factor-authen... Regards Scott