https://community.extremenetworks.com/t5/extremecloud-iq-site-engine/azuread-and-dot1x/m-p/95239#M9797 <P>There are many flavors of 802.1X.</P><UL><LI>EAP-TLS can still be used with Azure, certificates are independent of Azure.</LI><LI>The PEAP with MsChapv2 can not be used with Azure cloud as NTLM is not supported there and NTLM can not be translated to SAML/API calls.</LI><LI>If customers want to use PEAP, they deploy local AD with Azure connector to synchronize. Local AD can be used for NTLM or NPS.</LI><LI>We are investigating EAP-TTLS with PAP option as it can be used with Azure cloud as the password can be translated to SAML/API calls to Azure. This is not available with the current version of ExtremeControl.</LI></UL><P>&nbsp;</P> Mon, 20 Mar 2023 13:44:30 GMT Zdeněk_Pala 2023-03-20T13:44:30Z https://community.extremenetworks.com/t5/extremecloud-iq-site-engine/azuread-and-dot1x/m-p/95236#M9795 <P>About to start looking for other solutions now.</P><P>We have been using ExtremeControl for some years for .1x logon with both wireless and wired network.</P><P>But now we are moving towards AzureAD&nbsp; (currently hybrid). So for now we see a lot of problems with</P><P>logins.&nbsp;</P><P>1: AzureAD joined PC's are not visible to the NAC.</P><P>2: UserAuth works, but it is far from flawless. (had to install NPS proxy because of UPN)</P><P>3: Intune plugin is useless because it only does mac-auth based on the wifi mac address on the device. so there will be no workable wired auth. (apart from userAuth).</P><P>This has been a problem now since 2019. What are ExtremeNetworks going to do with this ?</P><P>Has anybody found a good soloution on this problem ? (I see that sombody asked question as early as 2018)</P><P>&nbsp;</P> Mon, 20 Mar 2023 11:33:21 GMT https://community.extremenetworks.com/t5/extremecloud-iq-site-engine/azuread-and-dot1x/m-p/95236#M9795 faste 2023-03-20T11:33:21Z https://community.extremenetworks.com/t5/extremecloud-iq-site-engine/azuread-and-dot1x/m-p/95239#M9797 <P>There are many flavors of 802.1X.</P><UL><LI>EAP-TLS can still be used with Azure, certificates are independent of Azure.</LI><LI>The PEAP with MsChapv2 can not be used with Azure cloud as NTLM is not supported there and NTLM can not be translated to SAML/API calls.</LI><LI>If customers want to use PEAP, they deploy local AD with Azure connector to synchronize. Local AD can be used for NTLM or NPS.</LI><LI>We are investigating EAP-TTLS with PAP option as it can be used with Azure cloud as the password can be translated to SAML/API calls to Azure. This is not available with the current version of ExtremeControl.</LI></UL><P>&nbsp;</P> Mon, 20 Mar 2023 13:44:30 GMT https://community.extremenetworks.com/t5/extremecloud-iq-site-engine/azuread-and-dot1x/m-p/95239#M9797 Zdeněk_Pala 2023-03-20T13:44:30Z https://community.extremenetworks.com/t5/extremecloud-iq-site-engine/azuread-and-dot1x/m-p/95248#M9799 <P>Problem with PEAP /Local AD is that upn is not supported and i've also seen other users having problem with authentication. And as you said. NPS Might be a solution. But in my experience the devices tend to try to authenticate with host/xxx instead of user/xxx and then the user does not get access.</P><P>EAP-TLS might be a solution, but then that will only give us the host-id (And it will require a step in installing dev-certs to azure ad joined devices before they are present on network ) .</P><P>When will the EAP TTLS/PAP solution be ready, and what will it require of the azure account ? E3/E5 ?&nbsp;</P> Tue, 21 Mar 2023 08:31:51 GMT https://community.extremenetworks.com/t5/extremecloud-iq-site-engine/azuread-and-dot1x/m-p/95248#M9799 faste 2023-03-21T08:31:51Z