Authenticating wireless access points \ RADIUS through Azure AD
I would like to see Authenticating wireless access points \ RADIUS servers through Azure AD , not having to store user accounts in local active directory
Filip Herman commented
Let's do this! Anyone a good article on how to implement FreeRadius with AADDS and MSCHAPv2/.1x ?
What is the best way to authenticate our users computers to a meraki without having a on-premise server running datacenter edition?
Hasling, Sean commented
This seems to fall under what would be current licensing too, not as an add-on Azure pricing model. RADIUS is a similar concept to OAUTH in that, if this device or person is this, then allow xyz resources. I know RADIUS is old and if people are updating their tech, then they have other options available. However, the ability to upgrade is not always present, due to various reasons.
Garrett Wood commented
Yes, native Azure AD RADIUS authentication should be a thing. Just include all the options of NPS.
Andreas T. commented
cmon Microsoft, GSuite with Meraki already can do this
Christophe D. commented
We are investigating in Aruba ClearPass integration with Intune and Azure AD :
Aruba ClearPass Extensions: Microsoft Intune Integration
Dooooooo it gawd damned!!!!
Tom Plant commented
Please... Having to use AADDS and hosted NPS is far from ideal.
DENILSON TOBAL - MANZANOS commented
Hi Microsoft Azure Team! 04 years to attend this suggestion?! Reading and researching, I can only understand that Microsoft does not want to attend this! They will lost sells of Windows Servers. But... they will lost clients migrating to another plattform anyway! So... please, consider our request! Our clients does not accept to buy local servers anymore. They want to move to the cloud, and not to be HYBRID!
Jason Tenpenny commented
This would be huge for us. We have abandoned our on-prem AD and servers altogether and only use Azure AD. Right now we have no way to utilize RADIUS against AAD without reintroducing servers to the network. Would love to be able to use RADIUS directly with AAD.
I wondering why the Azure AD Team is not giving the necessary attention to this feature request. No response or comment, even It’s one of the most requested features.
Do we have any other options when we want to autenticate against Azure AD?
Now we have that normal PSK authetication method to get school devices to network. Now we are planning to get Aruba Clearpass to do NAC. In wireless network we use Ruckus virtual controller. How we can use Azure ad and groups in there ? Is it possible to make and use user groups from azure?
Yes we have an IPSec tunnel directly to Azure from our on-prem environment. So we point the Access Points to the internal address of the NPS server located in Azure.
If you have any other questions just ask! One issue I noticed so far is that it does not authenticate users on the "AzureAD\" domain.
[Deleted User] commented
And you have VPN connection to Azure? You send radius request over vpn to nps that is located in Azure
Just a quick update, I have this working now with AADDS and an NPS server as an Azure VM.
The solution is NOT to try and register the NPS server in the directory (which is impossible with AADDS at the moment). But instead just to join the NPS server to AADDS and start using the NPS server. I tested with RADIUS authentication and it is working. I fear that one day microsoft will close this loophole but for now this will work.
@Antonio Soares, I tried this method but it won't allow me to register the NPS services into AADDS. It won't allow me to use Enterprise admin group or RAS and IAS Servers group. Tried the command line 'netsh ras add registeredserver' as well. Access Denied. :(
Can you share with us how you registered the NPS service into AAD/AADDS?
António Soares commented
I would like to post again the solution I'm currently using.
Check the link below, that refers to a previous post in this thread:
YES.. Guys. lets DO it!