Azure AD and freeradius
Alan DeKok
aland at deployingradius.com
Thu Mar 31 13:41:00 UTC 2022
On Mar 31, 2022, at 7:08 AM, a.sinnige at sae.edu wrote:
> A bit of an open question about Azure.
>
> I currently have running :
>
> AzureAD->on prem AD->samba/ldap-> freeradius
That is the way.
> Running every type of hardwarePC/Mac/Phones/BYOD for Staff/Students/External Eduroam users.
> Doing user/password type logins for wifi/ethernet/computers etc.. (not certs)
>
> Most users are doing PEAP->mschapv2 by default. All without requiring to provision devices with profiles/certs.
>
> This works quite well and THX to all freeradius staff for this wonderful product :-)
Thanks!
> But we are setting up a new company and I was thinking if there is maybe a way to cut out the onprem/cloud based AD ?
> So AzureAD->freeradius without losing the capability to do TTLS-pap AND Peap-mschapv2 ? (no certificates)
You don't need a cloud AD. You do need an on-premises AD.
Active Directory is very, very, limited. If you use PEAP / MS-CHAP, you need a local Samba / AD server.
If you use TTLS + PAP, you only need a cloud server, and you don't need an on-premises Samba / AD server.
Alan DeKok.
More information about the Freeradius-Users
mailing list