Azure AD and freeradius
Mathieu Simon (Lists)
matsimon.lists at simweb.ch
Thu Mar 31 11:28:43 UTC 2022
Hi Arjan
>
> But we are setting up a new company and I was thinking if there is
> maybe a way to cut out the onprem/cloud based AD ?
> So AzureAD->freeradius without losing the capability to do TTLS-
>pap AND Peap-mschapv2 ? (no certificates)
Based on what I recently read in the PacketFence documentation - which
integrates FreeRADIUS - you could only do EAP-TTLS PAP with plain Azure
AD, but I lack actual experience to tell you how well it works.
Based on shortly skimming through the PacketFence repository, they seem
to have integrated freeradius-oauth2-perl, so you might be able to get
that without a full-blown PacketFence setup.
However if you want to do PEAP-MSCHAPv2 to, I'm guessing you'd still
need an actual Active Directory Directory Services which Azure AD isn't.
However you could add Azure Active Directory Domain Services (Azure AD DS).
This way a Azure VM with FreeRADIUS could be used to join your Azure AD
DS to have PEAP-MSCHAPv2. But again: I have no experience in actually
using something like that.
Also there are other limitations over a on-premises AD DS, such as not
having the ability to extend the LDAP schema. It's more or less a AD DS
as a service if I'm understanding it correctly.
-- Mathieu
More information about the Freeradius-Users
mailing list