EAP with FreeRadius and Azure Active Directory

Graeme Gellatly graemeg at roof.co.nz
Thu Sep 1 23:32:26 CEST 2016


Sorry original got bounced, must have been delay between subscription.




Hi,


I don't normally mail lists, preferring to work things out myself but I'm a bit out of my depth here and looking for some help.


Required result.

Ubuquiti Unifi Wireless AP's/Controller authenticating with Azure Active Directory using WPA2-Enterprise.


Progress to date.

Ubiquiti talking to FreeRadius - I can see requests - the message hits Radius and is passed to inner tunnel

FreeRadius talking to pam, which calls pam_exec and triggers a node call to Azure.  i.e. radtest passes for both ports 1812 and 18120.


I feel the issue is in eap.conf, particularly where it picks up MSCHAP but I don't really understand the conf files.  Is there anyway I can send a cleartext password to PAM via an EAP request?


Happy to post whatever config, but really atm its just standard Ubuntu, with the following entry in users.

DEFAULT    Auth-Type=PAM
    Pam-Auth="radiusd"


This will be a big use case, using freeradius to authenticate clients against Azure for wireless network access, and all work will be made public if I get it to / it can work.


Thanks

Graeme



More information about the Freeradius-Users mailing list