Freeradius: Force user to change password on first login
Hello, I'm running FreeRADIUS for authenticating and assigning IP addresses to users connected to a SSLVPN server (OCserv). As an authentication source for FreeRADIUS I am using an LDAP server. The setup is working fine and users can connect successfully using RADIUS+LDAP authentication and receive an IP address. After I create the user account on the LDAP server I want to force the user to change its assigned password on first login or if the account has already expired and he is trying to connect to VPN. Is this possible to be done using Freeradius ? I did not find any information in the documentation or solution to explain if this can be done or if it is supported when using RADIUS+LDAP authentication Thank you and kind regards,
On Nov 30, 2022, at 2:01 PM, Cristian Ciobanu <cioby.service@gmail.com> wrote:
After I create the user account on the LDAP server I want to force the user to change its assigned password on first login or if the account has already expired and he is trying to connect to VPN.
Is this possible to be done using Freeradius ?
The RADIUS protocol does not support password change. Alan DeKok.
participants (2)
-
Alan DeKok -
Cristian Ciobanu