> u...@3.am wrote: >> However, we just noticed that password expiry isn't working. I suspect this >> is >> because we are still using all the original POSIX attributes and none of them >> look >> like good for mapping to the ones supplied by FreeRADIUS. I see: >> >> checkItem Expiration radiusExpiration > > Did you check that the LDAP module is returning this attribute for the > query?
No, I don't expect it to, since I don't have that attribute or anything that looks like it might be a good substitute. > Did you check that Expiration works if you put it into the "users" file? I'm not worried about that...expiry worked with the old rlm_pam using Unix expiry. When exporting Unix to LDAP, the expiry data was exported from /etc/shadow to the two LDAP attributes mentioned. I was hoping that perhaps there was a module that could calculate between the two and figure out that the password was expired and take it from there. I figured it a long shot but worth asking. Thanks! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html