Powered by Jitbit .Net Forum free trial version. dismiss

HomeInteroperability

Interoperability with RADIUS clients & servers

Windows Auth. Proxy - Azure AD Directory Services Messages in this topic - RSS

sergei
sergei
Posts: 2


8 days ago
sergei
sergei
Posts: 2
Hello!

Can TekRADIUS communicate with Azure AD Directory Services if AADDS is accessible via port 636?

In general, can Windows Auth. Proxy use both LDAP (389) and LDAPS (636) ports for Active Directory connections?

In case TekRADIUS runs in a machine that is not domain-joined, is it possible that TekRADIUS uses some username/password to connect to the AD?


Thank you in advance!
0 link
Admin
Admin
Administrator
Posts: 5028


8 days ago
Admin
Admin
Administrator
Posts: 5028
Hi,

Please download and install the latest built at https://www.kaplansoft.com/tekradius/release/TekRADIUS.zip or https://www.kaplansoft.com/tekradius/release/TekRADIUSLT.zip

Add following attributes to user or group profiles as Check attributes;

Authentication-Method = LDDAP
Directory-Server = ldap://yourAADDSdomain.onmicrosoft.com/OU=AADDC Users,dc=yourAADDSdomain,dc=onmicrosoft,dc=com(userPrincipalName=%uid%)

or for secure LDAP;

Directory-Server = ldaps://yourAADDSdomain.onmicrosoft.com/OU=AADDC Users,dc=yourAADDSdomain,dc=onmicrosoft,dc=com(userPrincipalName=%uid%)

You need to replace userPrincipalName with samaccountname if you do not use UPN.

Best regards,

Yasin KAPLAN
0 link
sergei
sergei
Posts: 2


2 days ago
sergei
sergei
Posts: 2
Thank you, Yasin!

A couple of more questions:

1. Where should I setup binding for the LDAPS in AADDS? I mean TekRADIUS cannot anonymously send LDAPS requests to AADDS, so some account must be used.
Or during the authentication phase RADIUS automatically uses the account of the user who is trying to authenticate? (We are trying to implement it for wireless clients with UniFi).

2. To use LDAPS and AADDS, would it only work with the Enterprise version of TekRADIUS?
0 link
Admin
Admin
Administrator
Posts: 5028


2 days ago
Admin
Admin
Administrator
Posts: 5028
TekRADIUS uses the account information of the user who is trying to authenticate to setup the binding. You need to implement PAP authenticaiton method in you access server (RADIUS client)

Yes, Ldaps requires Enterprise license. We can provide you a trial key.
0 link






Powered by Jitbit Forum 8.3.8.0 © 2006-2013 Jitbit Software