Want to use Radius with Azure ADDS
Alan DeKok
aland at deployingradius.com
Sun Nov 8 14:18:32 CET 2020
> On Nov 8, 2020, at 6:49 AM, Zett <zesa0 at outlook.de> wrote:
>
> Hello guys,
>
> I have Azure ADDS and secureLDAP.
> I setup freeRadius and connected to LDAP, it works so far with radtest in a normal way.
> I used this for setup <https://www.nasirhafeez.com/freeradius-with-ldaps-on-azure-ad-domain-services/>.
> It is PAP method with LDAP bind as user.
>
> But actually it must be mschap, which is only working with ntlm_auth, isn’t it?
Yes. Due to limitations Microsoft added to AD.
You can configure
> When I use:
> radtest -t mschap salihzett password localhost 0 testing123
> It doesn’t work.
> (184) ldap: WARNING: No "known good" password added. Ensure the admin user has permission to read the password attribute
> (184) ldap: WARNING: PAP authentication will *NOT* work with Active Directory (if that is what you were trying to configure)
> (184) mschap: WARNING: No Cleartext-Password configured. Cannot create NT-Password
> (184) mschap: Client is using MS-CHAPv1 with NT-Password
> (184) mschap: ERROR: FAILED: No NT-Password. Cannot perform authentication
> (184) mschap: ERROR: MS-CHAP2-Response is incorrect
>
> I found this hint <http://lists.freeradius.org/pipermail/freeradius-users/2011-November/057120.html>, but I don’t know how I need to do this for Azure ADDS. To create an user who has permissions to read the cleartext password.
> Maybe there is also other ways since 2011.
>
> Actually the way is not important, the goal is important :) So If anyone has a hint for me for using Radius with Azure ADDS, I am very thanksful.
It's not clear that it's possible at all.
Alan DeKok.
More information about the Freeradius-Users
mailing list