EAP with FreeRadius and Azure Active Directory

[Alan Buxey]

If you cannot have the password then Oauth is out.  Ie peap is out.  There is an option available where you proxy the RADIUS to an NPS instance in the azure system.  That'd work for PEAP.

Better option is use EAP-TLS. Have some web system which uses Azure Auth to generate TLS profiles then leave Azure alone for the EAP clients.  Your RADIUS  can Auth the TLS clients directly

alan