thx all, i am stuck on this point now:
mschap {
passchange {
local_cpw = "%{xlat:...}
}
Does there exist an "xlat:" that NT-hashs new cleartext password, deletes the
change pass xtrl attribute in users file and then writes the new pass there? or
am I going about this the wrong way?
thx,
Will
-----Original Message-----
From: Fajar A. Nugraha [mailto:[email protected]]
Sent: Wednesday, February 8, 2012 12:42 PM
To: [email protected], 'FreeRadius users mailing list'
Subject: Re: Password change after expire with Cisco ASA to local FR user DB
(text file) Not Working
On Thu, Feb 9, 2012 at 3:38 AM, Will Richmond <[email protected]> wrote:
> Thx alan, I found/read read the docs, but still trying to determine this:
> Which config file contains this setting:
>
> To actually force a client to change passwords, you must set the expiry bit
> in the SMB-Account-Ctrl value - for example:
>
> update control {
> # U == user
> # e == expired
> SMB-Account-Ctrl-Text := '[Ue]'
> }
>
> and how can i control this on a per user basis in teh users file? IOW, i dont
> want to force everyone to change their password. so there must be some sort
> of per-user flag to configure in the users file?
any attribute that you put in the control block should also be able to
go into first line of users file (where you put Expiration earlier),
or radcheck table. see "man 5 users" and doc/rlm_sql.
--
Fajar
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
