Azure AADDS and Azure RADIUS migration

Eduardo ll Juntilla Garganera 1 Reputation point
2021-10-25T11:20:01.937+00:00

Hi, Currently, we have an on-premises Radius, DHCP, Active Directory server, and a Cisco Wireless Lan controller with an SSID for an enterprise connection pointing to an on-premises radius for authentication. Now that we are planning to migrate to the cloud, we created an AADDS and an Azure radius, and we tried to ping from our on-premises to the new radius to see if there was a connection; we were glad we could ping the new Azure radius we also joined this server to our domain using our new AD, and we also added a tunnel to make it possible, on Cisco WLC we created a separate SSID pointing to the new Azure Radius, but when we tried to connect to that SSID, we were unable to authenticate. By the way, were still using the on-prem DHCP server and having a DNS server pointing to old AD cause our DNS server was there. Do you have any idea whats our mistake was?

Microsoft Security | Microsoft Entra | Microsoft Entra ID
Microsoft Security | Microsoft Entra | Other
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Eddie Fan 5 Reputation points
    2023-05-19T10:09:21.87+00:00

    for me, I found a work around by input a Regedit key in the Azure NPS vm server. Hope can help anybody in this world.

    EnableNTLMv2 Compatibility = 1

    1 person found this answer helpful.
    0 comments No comments

  2. Shashi Shailaj 7,631 Reputation points Microsoft Employee Moderator
    2021-10-25T13:03:21.903+00:00

    @Eduardo ll Juntilla Garganera

    In this case i assume you have created a Azure AD domain Services instance . Also You have created windows server with NPS role to act as a RADIUS server in azure . Pinging will work but I do not think authentication will work because Azure AD DS does not support registering the NPS server hence this may not work . At this point this is a requested feature but this is on hold internally and we do not have any update for now. However you can directly setup authentication with Azure AD using your on-pre RADIUS server by installing Azure MFA NPS extension. Please check https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension. This should help . Should you have any further queries , please let us know and we will be happy to help .

    ----------------------------------------------------------------------------------------------------------------------------------------------------------

    • Please don't forget to click on 130616-image.png or upvote 130671-image.png button whenever the information provided helps you. Original posters help the community find answers faster by identifying the correct answer. Here is how
    • Want a reminder to come back and check responses? Here is how to subscribe to a notification
    • If you are interested in joining the VM program and help shape the future of Q&A: Here is how you can be part of Q&A Volunteer Moderators
    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.