I think I'm not describing our goal well enough. I'm trying to use MS-CHAP v2 because of it's ability to make passwords expire after a certain time. In the dictionary file, there's an attribute called "Expiration". I'm not 100% sure but this to me seems like an attribute to say that the account is expired?
How is this judged, if the date given on that attribute is less tan the date the user connects? We could jerry rig something if this is possible? Or, is there anyway to configure MS-CHAP authentication to prompt the user for a password change after x amount of log-ins. I believe the first way would be the best personally. From what I can tell we could have the users log on with a default password, and inform them that they have 5 days to go to this URL which we provide. That website has a password change webfront using PHP, and the string inputted is then passed into the mySQL backend. This would automate the process very nicely and make the Administration of 3000 passwords a bit easier =)
Let me know what you think, thanks!
Chris DeRamus
HQ VPN Administrator
Verizon
301-903-2093
-----Original Message-----
From: 3APA3A [mailto:[EMAIL PROTECTED]]
Sent: Friday, June 21, 2002 2:52 AM
To: Deramus, Chris
Subject: Re[6]: MS-CHAP V2 Question
Dear Deramus, Chris,
Behavior like this is not intended to be RADIUS feature. You can
implement it be the means of you database (set the trigger on accounting
table and lock account in database then accounting record inserted).
--Thursday, June 20, 2002, 10:01:49 PM, you wrote to [EMAIL PROTECTED]:
DC> Thanks again, this is the last issue I'm running into.
DC> We're trying to implement a password feature that redirects users to a
DC> website to change their password upon first logging in. Is there a way to
DC> set the password usage limit to once, and then that password is null and
DC> void, or, just as good can I set a time limit on that password's validity of
DC> lets say 1-2 days?
DC> I've been looking at the counter module and I guess maybe it's possible in
DC> that but something tells me I'm looking in the wrong places. Where should I
DC> begin?
DC> Appreciate it,
DC> Chris DeRamus
DC> HQ VPN Administrator
DC> Verizon
DC> 301-903-2093
DC> -----Original Message-----
DC> From: 3APA3A [mailto:[EMAIL PROTECTED]]
DC> Sent: Thursday, June 20, 2002 10:33 AM
DC> To: Deramus, Chris
DC> Subject: Re[4]: MS-CHAP V2 Question
DC> Dear Deramus, Chris,
DC> --Thursday, June 20, 2002, 6:19:46 PM, you wrote to
DC> [EMAIL PROTECTED]:
DC>> Thanks for your fast reply. I downloaded
DC> freeradius-snapshot-20020620.tar.gz
DC>> from the CVS ftp mirror. Do I have to reconfigure the entire server? It
DC>> seems that this is going to over-write all my current configuration
DC> files,
DC>> so I should just back them up and I should be okay correct?
DC> do not make install, only make
DC>> Do I have to add any special configure options such as --static modules
DC>> (rlm_mschap) or anything? Thanks!
DC> Just make the project and obtain smbencrypt from src/modules/rlm_mschap
DC> directory
DC>> Chris DeRamus
DC>> HQ VPN Administrator
DC>> Verizon
DC>> 301-903-2093
DC>> -----Original Message-----
DC>> From: 3APA3A [mailto:[EMAIL PROTECTED]]
DC>> Sent: Thursday, June 20, 2002 10:09 AM
DC>> To: Deramus, Chris
DC>> Subject: Re[2]: MS-CHAP V2 Question
DC>> Dear Deramus, Chris,
DC>> smbecrypt is command line tool. You can use it to generate SQL script
DC>> with something like:
DC>> echo "INSERT INTO radcheck VALUES ('testacct', '"`smbencrypt
DC> testing1|cut
DC>> -f2`"');" > script.sql
DC>> to execute this script from file.
--
~/ZARAZA
Пишите еще. И если в вашей петиции имелся какой-нибудь
смысл, то, не стесняясь, разъясните в чем дело. (Твен)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
