Freeradius a openldap password policy

Angel L. Mateo amateo at
Thu Mar 12 09:58:36 CET 2015


	I am developing a freeradius3 server for eduroam authentication. My 
users are in a openldap directory where I have ppolicy to ensure that 
users change their password.

	When authenticating from radius, I can use ldap as an authenticate 
module, so it does a ldap bind as the user trying to connect and 
password policy is handle correctly.

	My problem is with EAP-PEAP using MSCHAP authentication. Is this 
scenario, I can't use ldap to authenticate, only as authorize module 
retrieving nt and lm passwords. So, is there any way to check that the 
password used is not expired?

Angel L. Mateo Martínez
Sección de Telemática
Área de Tecnologías de la Información
y las Comunicaciones Aplicadas (ATICA)
Tfo: 868887590
Fax: 868888337

More information about the Freeradius-Users mailing list