Well... I can see on the source code (auth.c) that FR send the reply. static int check_expiration(REQUEST *request) { VALUE_PAIR *check_item; VALUE_PAIR *vp; check_item = pairfind(request->config_items, PW_EXPIRATION); if (!check_item) return 0; /* * Has this user's password expired? * * If so, remove ALL reply attributes, * and add our own Reply-Message, saying * why they're being rejected. */ if (((time_t) check_item->lvalue) <= request->timestamp) { vp = pairmake("Reply-Message", "Password Has Expired\r\n", T_OP_ADD); pairfree(&request->reply->vps); request->reply->vps = vp; return -1; } Or... should I check another file ? CMIIW PD On 3/14/2007, "Alan DeKok" <aland@deployingradius.com> wrote:
PD wrote:
I think the same too... cause expiration is not the new attribute.
The expiration attribute itself working fine, the only problem is no explanation to user when the system reject him/her.
You can edit the code to produce the message, or run the CVS head.
Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html