thx all, i am stuck on this point now: mschap { passchange { local_cpw = "%{xlat:...} } Does there exist an "xlat:" that NT-hashs new cleartext password, deletes the change pass xtrl attribute in users file and then writes the new pass there? or am I going about this the wrong way? thx, Will -----Original Message----- From: Fajar A. Nugraha [mailto:list@fajar.net] Sent: Wednesday, February 8, 2012 12:42 PM To: will@bootit.com, 'FreeRadius users mailing list' Subject: Re: Password change after expire with Cisco ASA to local FR user DB (text file) Not Working On Thu, Feb 9, 2012 at 3:38 AM, Will Richmond <will@bootit.com> wrote:
Thx alan, I found/read read the docs, but still trying to determine this: Which config file contains this setting:
To actually force a client to change passwords, you must set the expiry bit in the SMB-Account-Ctrl value - for example:
update control { # U == user # e == expired SMB-Account-Ctrl-Text := '[Ue]' }
and how can i control this on a per user basis in teh users file? IOW, i dont want to force everyone to change their password. so there must be some sort of per-user flag to configure in the users file?
any attribute that you put in the control block should also be able to go into first line of users file (where you put Expiration earlier), or radcheck table. see "man 5 users" and doc/rlm_sql. -- Fajar