EAP with FreeRadius and Azure Active Directory
Graeme Gellatly
graemeg at roof.co.nz
Thu Sep 1 23:32:26 CEST 2016
Sorry original got bounced, must have been delay between subscription.
Hi,
I don't normally mail lists, preferring to work things out myself but I'm a bit out of my depth here and looking for some help.
Required result.
Ubuquiti Unifi Wireless AP's/Controller authenticating with Azure Active Directory using WPA2-Enterprise.
Progress to date.
Ubiquiti talking to FreeRadius - I can see requests - the message hits Radius and is passed to inner tunnel
FreeRadius talking to pam, which calls pam_exec and triggers a node call to Azure. i.e. radtest passes for both ports 1812 and 18120.
I feel the issue is in eap.conf, particularly where it picks up MSCHAP but I don't really understand the conf files. Is there anyway I can send a cleartext password to PAM via an EAP request?
Happy to post whatever config, but really atm its just standard Ubuntu, with the following entry in users.
DEFAULT Auth-Type=PAM
Pam-Auth="radiusd"
This will be a big use case, using freeradius to authenticate clients against Azure for wireless network access, and all work will be made public if I get it to / it can work.
Thanks
Graeme
More information about the Freeradius-Users
mailing list