EAP with FreeRadius and Azure Active Directory

Scott Armitage S.P.Armitage at lboro.ac.uk
Fri Sep 2 09:06:22 CEST 2016

> On 1 Sep 2016, at 23:09, Graeme Gellatly <graemeg at roof.co.nz> wrote:
> Thanks Alan,
> That guide is for Active Directory, not Azure Active Directory which is very different.  I was actually reading it when your mail came in.  The auth workflow is oauth2 based for Azure, no NTLM.
> Guess I'll need to experiment with the new Domain Services feature of Azure and a VPN.  There are reports of it working with other radius servers.  Bit that sucks is I already had samba authenticating using oauth.

I haven’t used Azure but a quick google suggests RADIUS Authentication and Azure Multi-Factor Authentication Server.  This seems to suggest you proxy the inner tunnel (MSCHAPv2) to the Azure MFA server.  Doesn’t seem very secure to me proxying MSCHAPv2 across the Internet.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 204 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20160902/65c9e33c/attachment.sig>

More information about the Freeradius-Users mailing list