Connect Users registered on a ldaps (azure ad ds with hashed passwords ) via a local freeradius server
Alan DeKok
aland at deployingradius.com
Mon Mar 13 18:00:03 UTC 2023
On Mar 13, 2023, at 1:50 PM, Chris Nzengue - dejamobile externe <chris.nzengue at dejamobile.com> wrote:
> i can't add "Auth-Type := LDAP" in the authorize section.
Yes, you can. See "man unlang".
You can't just put random things into the configuration and expect them to work. When you do attribute editing, you have to use an "update" statement. This is documented everywhere, and is also shown in all of the examples in the virtual servers.
> I changed my default file and my inner-tunnel file to the default configuration. I also added/checked the module eap in the authtorize section. i changed and checked some elements steps by steps like recommended.
> Unfortunaly my configuration still doesn't work.
> ...
> (11) eap_md5: ERROR: Cleartext-Password is required for EAP-MD5 authentication
> (11) eap: ERROR: Failed continuing EAP MD5 (4) session. EAP sub-module failed
You can't use EAP-MD5 with Azure.
https://networkradius.com/articles/2021/10/08/authentication-system-and-protocol-compatibility.html
You must use TTLS + PAP.
Alan DeKok.
More information about the Freeradius-Users
mailing list