Help on adding Azure MFA Push
Alexander Noack
alex at netpbx.de
Fri Mar 14 15:12:24 UTC 2025
For quite some time we are using Microsoft's Network Protection Services
(aka Radius Server) with the Azure MFA extension
(https://learn.microsoft.com/en-us/entra/identity/authentication/howto-mfa-nps-extension).
Recently we had the requirement to run the same with FreeRadius. I
therefore replicated the MFA push behavior in a shell script.
After reading that the rlm_exec module is a very bad place to run long
running shell code, I re-implemented the code in perl for use with
rlm_perl.
You can find my code here:
https://github.com/adn77/freeradius-azuremfapush-perl
According to this
https://wiki.freeradius.org/guide/2FA-Active-Directory-plus-Proxy#freeradius-configuration_virtual-server-configuration
I was hoping to add a conditional in the authenticate section. That's
why I only implemented that function in my main.pm. I also looked at
this https://github.com/jimdigriz/freeradius-oauth2-perl for
inspiration.
I am only starting with FreeRadius and was hoping to get some guidance
on how to properly integrate this as an MFA option.
Hopefully I have already done 90% of the work and somebody here finds
this useful as well.
Please reply here or on Github Issues of my project.
Looking forward to making this work :)
Alex
More information about the Freeradius-Devel
mailing list