Password Policy - Expired Password - mschap
Garber, Neal
Neal.Garber at energyeast.com
Thu Aug 12 05:32:07 CEST 2010
> if you enable the ldap/(opendirectory) option to "require user to change
> password on next login" the client is unable to connect.
FreeRADIUS doesn't support password changes via MSCHAP. Historically, Samba didn't even support it until a couple of years ago. I believe support for this functionality was added to Samba 3.0.24 using a new helper protocol called ntlm-change-password-1.
I posted something to the list asking if there was interest quite a while ago. Implementing this new helper protocol is not a trivial change to FreeRADIUS. Unfortunately, I haven't had enough free time to devote to implementing it yet. If you have the time to create the patch, I'll be one of the testers ;-)
More information about the Freeradius-Users
mailing list