Connect Users registered on a ldaps (azure ad ds with hashed passwords ) via a local freeradius server
Alan Buxey
alan.buxey at gmail.com
Mon Feb 20 12:05:00 UTC 2023
hi,
thought you'd had an answer from Alan? basically, with PEAP this
couldnt work as the password is never sent to you so you couldnt check
against Azure AD - however, you are using EAP-TTLS/PAP which means the
client does provide password....and so you can do an LDAP bind using
those details to check its okay (LDAP in this case being a way of
checking the password by using it rather than an oracle supplying it.
you need to look in the config (sites-available/* for those places
where ldap is mentioned....especially in the AuthZ part, not just
AuthN part basically, tell the server that Auth-Type := LDAP
alan
More information about the Freeradius-Users
mailing list