EAP with FreeRadius and Azure Active Directory
Scott Armitage
S.P.Armitage at lboro.ac.uk
Fri Sep 2 09:06:22 CEST 2016
> On 1 Sep 2016, at 23:09, Graeme Gellatly <graemeg at roof.co.nz> wrote:
>
> Thanks Alan,
>
>
> That guide is for Active Directory, not Azure Active Directory which is very different. I was actually reading it when your mail came in. The auth workflow is oauth2 based for Azure, no NTLM.
>
>
> Guess I'll need to experiment with the new Domain Services feature of Azure and a VPN. There are reports of it working with other radius servers. Bit that sucks is I already had samba authenticating using oauth.
I haven’t used Azure but a quick google suggests RADIUS Authentication and Azure Multi-Factor Authentication Server. This seems to suggest you proxy the inner tunnel (MSCHAPv2) to the Azure MFA server. Doesn’t seem very secure to me proxying MSCHAPv2 across the Internet.
https://azure.microsoft.com/en-gb/documentation/articles/multi-factor-authentication-get-started-server-radius/
Regards
Scott
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 204 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20160902/65c9e33c/attachment.sig>
More information about the Freeradius-Users
mailing list