On 03/06/2012 02:10 AM, u...@3.am wrote:
On 28/02/12 21:16, u...@3.am wrote:
However, we just noticed that password expiry isn't working. I suspect this is
because we are still using all the original POSIX attributes and none of them
look
like good for mapping to the ones supplied by
On 03/06/2012 02:10 AM, u...@3.am wrote:
On 28/02/12 21:16, u...@3.am wrote:
However, we just noticed that password expiry isn't working. I suspect
this is
because we are still using all the original POSIX attributes and none of
them look
like good for mapping to the ones supplied by
On Tue, Mar 6, 2012 at 9:20 PM, u...@3.am wrote:
++? if (control:Shadow-Current control:Shadow-Expires)
Failed parsing control:Shadow-Expires: Unknown value control:Shadow-Expires
for
attribute Shadow-Current
Try
if (control:Shadow-Current %{control:Shadow-Expires})
--
Fajar
-
List
On Tue, Mar 6, 2012 at 9:20 PM, u...@3.am wrote:
++? if (control:Shadow-Current control:Shadow-Expires)
Failed parsing control:Shadow-Expires: Unknown value control:Shadow-Expires
for
attribute Shadow-Current
Try
if (control:Shadow-Current %{control:Shadow-Expires})
That did it!
On 28/02/12 21:16, u...@3.am wrote:
However, we just noticed that password expiry isn't working. I suspect this
is
because we are still using all the original POSIX attributes and none of them
look
like good for mapping to the ones supplied by FreeRADIUS. I see: checkItem
Expiration
On Tue, Mar 6, 2012 at 9:10 AM, u...@3.am wrote:
I put your 'update control' here, in the authorize :
redundant LDAP{
ldap1
ldap2
update control {ETC
}
}
The above allows us to define two LDAP servers in radiusd.conf.
u...@3.am wrote:
I didn't ignore any response. I have no reason to worry about whether
Expiration
will work in users because A) I'm not using users, I'm using LDAP and B)
expiry
worked fine using rlm_pam and /etc/shadow.
Once again, you completely misunderstand my point. This is rude.
u...@3.am wrote:
I wasn't offended, I was apologetic and tried to offer an explanation for my
current cognitive difficulties (perhaps you missed that part, because it was
removed in your reply). I am a little taken aback by how much I have
apparently
offended you.
It's not that I'm
u...@3.am wrote:
I didn't ignore any response. I have no reason to worry about whether
Expiration
will work in users because A) I'm not using users, I'm using LDAP and B)
expiry
worked fine using rlm_pam and /etc/shadow.
Once again, you completely misunderstand my point. This is rude.
u...@3.am wrote:
checkItem Expiration radiusExpiration
Did you check that the LDAP module is returning this attribute for the
query?
No, I don't expect it to, since I don't have that attribute or anything that
looks
like it might be a good substitute.
So...
On 28/02/12 21:16, u...@3.am wrote:
Hi:
We've been running various versions of FreeRadius for years, currently
2.1.10 in
this application. A while ago, we switched from PAM (unix) auth to LDAP
auth.
Everything worked fine after the switch...POSIX attributes for group
membership
u...@3.am wrote:
checkItem Expiration radiusExpiration
Did you check that the LDAP module is returning this attribute for the
query?
No, I don't expect it to, since I don't have that attribute or anything that
looks
like it might be a good substitute.
So...
On 28/02/12 21:16, u...@3.am wrote:
Hi:
We've been running various versions of FreeRadius for years, currently 2.1.10 in
this application. A while ago, we switched from PAM (unix) auth to LDAP auth.
Everything worked fine after the switch...POSIX attributes for group membership
correctly
Hi:
We've been running various versions of FreeRadius for years, currently 2.1.10 in
this application. A while ago, we switched from PAM (unix) auth to LDAP auth.
Everything worked fine after the switch...POSIX attributes for group membership
correctly allocated the right ippools, etc.
u...@3.am wrote:
However, we just noticed that password expiry isn't working. I suspect this
is
because we are still using all the original POSIX attributes and none of them
look
like good for mapping to the ones supplied by FreeRADIUS. I see:
checkItem Expiration
On Wed, Feb 29, 2012 at 4:16 AM, u...@3.am wrote:
Hi:
We've been running various versions of FreeRadius for years, currently 2.1.10
in
this application. A while ago, we switched from PAM (unix) auth to LDAP auth.
Everything worked fine after the switch...POSIX attributes for group
On Wed, Feb 29, 2012 at 6:11 AM, Fajar A. Nugraha l...@fajar.net wrote:
On Wed, Feb 29, 2012 at 4:16 AM, u...@3.am wrote:
Hi:
We've been running various versions of FreeRadius for years, currently
2.1.10 in
this application. A while ago, we switched from PAM (unix) auth to LDAP
auth.
u...@3.am wrote:
However, we just noticed that password expiry isn't working. I suspect this
is
because we are still using all the original POSIX attributes and none of them
look
like good for mapping to the ones supplied by FreeRADIUS. I see:
checkItem Expiration
On Wed, Feb 29, 2012 at 4:16 AM, u...@3.am wrote:
Hi:
We've been running various versions of FreeRadius for years, currently
2.1.10 in
this application. A while ago, we switched from PAM (unix) auth to LDAP
auth.
Everything worked fine after the switch...POSIX attributes for group
On Wed, Feb 29, 2012 at 8:37 AM, u...@3.am wrote:
On Wed, Feb 29, 2012 at 4:16 AM, u...@3.am wrote:
Our LDAP attributes use the following POSIX attributes to determine expiry:
shadowMax: 90
shadowLastChange: 15215
With the first being the maximum age of the password and the second being
20 matches
Mail list logo