Connect Users registered on a ldaps (azure ad ds with hashed passwords ) via a local freeradius server

Alan DeKok aland at
Mon Mar 13 18:00:03 UTC 2023

On Mar 13, 2023, at 1:50 PM, Chris Nzengue - dejamobile externe <chris.nzengue at> wrote:
> i can't add "Auth-Type := LDAP" in the authorize section.

  Yes, you can.  See "man unlang".

  You can't just put random things into the configuration and expect them to work.  When you do attribute editing, you have to use an "update" statement.  This is documented everywhere, and is also shown in all of the examples in the virtual servers.

> I changed my default file and my inner-tunnel file to the default configuration. I also added/checked the module eap in the authtorize section.  i changed and checked  some elements steps by steps like recommended.
> Unfortunaly  my configuration still  doesn't  work.
> ...
> (11) eap_md5: ERROR: Cleartext-Password is required for EAP-MD5 authentication
> (11) eap: ERROR: Failed continuing EAP MD5 (4) session.  EAP sub-module failed

  You can't use EAP-MD5 with Azure.

  You must use TTLS + PAP.

  Alan DeKok.

More information about the Freeradius-Users mailing list