Hi, The expiry Module still does not work; Let me show you my LDAP Attribute
Attribute name Values
shadowLastChange 13284
uid tmolise cn Thato Molise
homeDirectory /home/tmolise
uidNumber 501
objectClass posixAccount , shadowAccount , account , top
shadowExpire 13269
gidNumber 100
gecos Thato Molise
userPassword {encryp}
I dont see the actual expiry date attribute but I see shadowExpire! Maybe
the above attributes may help to see whats wrong.....
In my ldap.attrmap I still have: checkItem Expiration radiusExpiration----- Original Message ----- From: "Phil Mayers" <[EMAIL PROTECTED]>
To: "FreeRadius users mailing list" <[email protected]> Sent: Wednesday, July 12, 2006 7:43 PM Subject: Re: RADIUS , LDAP Authentication Problem
Thato Molise wrote:How do I tell freeRADIUS to use LDAP expiration in my Configuration files. That's Exactly what to tell the server to do... Please help...There is no built-in way, because this is not a standardised config. What format does the ldap expiration attribute have?There's an "rlm_expiration" in CVS (and possibly >1.1.0) versions of the server. If your expiration attribute is a unix timestamp (seconds since 1970) you could simply do this in ldap.attrmap:checkItem Expiration myLdapExpiryAttribute...alternatively you could use rlm_exec to do it - for example if you have:dn: cn=username,blah objectClass: inetOrgPerson expiryDate: Wed 12 Jul 2006 ...then in ldap.attrmap do this: checkItem Expiration expiryDate ...and in radiusd.conf: modules { exec expiry { wait = yes program = "/path/to/expiry.sh" input_pairs = config output_pairs = reply } } authorize { preprocess ldap expiry # maybe other stuff } ...and make "expiry.sh" be this: #!/bin/sh EXPIRY_IN_LDAP=`date -d "$EXPIRATION" +%s` NOW=`date +%s` if [ $EXPIRY -lt $NOW ] then echo "Auth-Type := Reject" echo "Reply-Message = \"Your account has expires\"" fi This is untested, but I don't see why it shouldn't work.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
