Password change after expire with Cisco ASA to local FR user DB (text file) Not Working

Will Richmond will at bootit.com
Thu Feb 9 01:49:21 CET 2012


thx all, i am stuck on this point now:

  mschap { 
      passchange { 
       local_cpw = "%{xlat:...} 
  } 

Does there exist an "xlat:" that NT-hashs new cleartext password, deletes the change pass xtrl attribute in users file and then writes the new pass there? or am I going about this the wrong way?

thx,

Will


-----Original Message-----
From: Fajar A. Nugraha [mailto:list at fajar.net]
Sent: Wednesday, February 8, 2012 12:42 PM
To: will at bootit.com, 'FreeRadius users mailing list'
Subject: Re: Password change after expire with Cisco ASA to local FR user DB (text file) Not Working

On Thu, Feb 9, 2012 at 3:38 AM, Will Richmond <will at bootit.com> wrote:
> Thx alan, I found/read read the docs, but still trying to determine this: Which config file contains this setting:
>
> To actually force a client to change passwords, you must set the expiry bit in the SMB-Account-Ctrl value - for example:
>
>  update control {
>  # U == user
>  # e == expired
>  SMB-Account-Ctrl-Text := '[Ue]'
> }
>
> and how can i control this on a per user basis in teh users file? IOW, i dont want to force everyone to change their password. so there must be some sort of per-user flag to configure in the users file?

any attribute that you put in the control block should also be able to
go into first line of users file (where you put Expiration earlier),
or radcheck table. see "man 5 users" and doc/rlm_sql.

-- 
Fajar







More information about the Freeradius-Users mailing list