Want to use Radius with Azure ADDS

Alan DeKok aland at deployingradius.com
Sun Nov 8 14:18:32 CET 2020

> On Nov 8, 2020, at 6:49 AM, Zett <zesa0 at outlook.de> wrote:
> Hello guys,
> I have Azure ADDS and secureLDAP.
> I setup freeRadius and connected to LDAP, it works so far with radtest in a normal way.
> I used this for setup <https://www.nasirhafeez.com/freeradius-with-ldaps-on-azure-ad-domain-services/>.
> It is PAP method with LDAP bind as user.
> But actually it must be mschap, which is only working with ntlm_auth, isn’t it?

  Yes.  Due to limitations Microsoft added to AD.

  You can configure 

> When I use: 
> radtest -t mschap salihzett password localhost 0 testing123
> It doesn’t work.
> (184) ldap: WARNING: No "known good" password added. Ensure the admin user has permission to read the password attribute
> (184) ldap: WARNING: PAP authentication will *NOT* work with Active Directory (if that is what you were trying to configure)
> (184) mschap: WARNING: No Cleartext-Password configured.  Cannot create NT-Password
> (184) mschap: Client is using MS-CHAPv1 with NT-Password
> (184) mschap: ERROR: FAILED: No NT-Password.  Cannot perform authentication
> (184) mschap: ERROR: MS-CHAP2-Response is incorrect
> I found this hint <http://lists.freeradius.org/pipermail/freeradius-users/2011-November/057120.html>, but I don’t know how I need to do this for Azure ADDS. To create an user who has permissions to read the cleartext password.
> Maybe there is also other ways since 2011.
> Actually the way is not important, the goal is important :) So If anyone has a hint for me for using Radius with Azure ADDS, I am very thanksful.

  It's not clear that it's possible at all.

  Alan DeKok.

More information about the Freeradius-Users mailing list