Will Richmond wrote: > special thx to phil and alex for inital help testing FR with password change. > With some help today, I managed to download, compile and install the latest > copy of FR source code on centOS server. I cannot however get a password > change prompt to appear on my calling-station device. any ideas?
Did you follow the instructions in doc/mschap.rst? Did you read the mods-available/mschap file, the "passchange" section? > I am running this in test lab with cisco ASA, which is sending MS-CHAPv2 > request to FR server, as some debug output shows: > > MS-CHAP-Challenge = 0x0d786b3e916d7e (shortened) > MS-CHAP2-Response = 0x008ebeb5e7b5 (shortened) That doesn't matter. > My local user account in users file is configured with NT-LM Hash, and set to > expire: > > wrichmond NT-Password :="64f12cddaa88057e06a81b54e73b949b", Expiration > :="Dec 04 1994" That is NOT what the documentation says to do. > I can login fine when Expiration filed is commented out. Because the expiration attribute enforces ACCOUNT expiration. Again, this is documented. > I have configured dictionary file for password expiration: > > VALUE Server-Config Password-Expiration 30 > VALUE Server-Config Password-Warning 5 Why the heck did you do that? NOTHING in the documentation says to do this. You might as well have typed random words into the dictionaries for all the good it will do. Follow the documentation. Honestly, it isn't hard. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
