Want to use Radius with Azure ADDS

Zett zesa0 at outlook.de
Sun Nov 8 12:49:11 CET 2020

Hello guys,

I have Azure ADDS and secureLDAP.
I setup freeRadius and connected to LDAP, it works so far with radtest in a normal way.
I used this for setup <https://www.nasirhafeez.com/freeradius-with-ldaps-on-azure-ad-domain-services/>.
It is PAP method with LDAP bind as user.

But actually it must be mschap, which is only working with ntlm_auth, isn’t it?

When I use: 
radtest -t mschap salihzett password localhost 0 testing123
It doesn’t work.
(184) ldap: WARNING: No "known good" password added. Ensure the admin user has permission to read the password attribute
(184) ldap: WARNING: PAP authentication will *NOT* work with Active Directory (if that is what you were trying to configure)
(184) mschap: WARNING: No Cleartext-Password configured.  Cannot create NT-Password
(184) mschap: Client is using MS-CHAPv1 with NT-Password
(184) mschap: ERROR: FAILED: No NT-Password.  Cannot perform authentication
(184) mschap: ERROR: MS-CHAP2-Response is incorrect

I found this hint <http://lists.freeradius.org/pipermail/freeradius-users/2011-November/057120.html>, but I don’t know how I need to do this for Azure ADDS. To create an user who has permissions to read the cleartext password.
Maybe there is also other ways since 2011.

Actually the way is not important, the goal is important :) So If anyone has a hint for me for using Radius with Azure ADDS, I am very thanksful.


More information about the Freeradius-Users mailing list