EAP-PEAP + Windows 7 with SSO and Password change
Phil Mayers
p.mayers at imperial.ac.uk
Wed Jun 13 00:00:46 CEST 2012
On 06/12/2012 06:47 PM, CD DD wrote:
> Exec-Program output: Must change password (0xc0000224)
> Exec-Program-Wait: plaintext: Must change password (0xc0000224)
Ok. ntlm_auth is returning something different to what I saw in testing.
Have you set the "must change password at next login" bit, as opposed to
"expired" bit?
Try this:
1. Edit src/modules/rlm_mschap/rlm_mschap.c about line 1100, where it
says:
if (strstr(buffer, "Password expired")) {
...to read:
if (strstr(buffer, "Password expired") ||
strstr(buffer, "Must change password")) {
2. Re-compile and re-install
3. Test again
There's no great way to parse the output of ntlm_auth. I guess we could
make the string a regexp comparison against the output, and at least
make it an item in the config file (with a sensible default) so that if
more such cases come up, or Samba change their output, it can be fixed
without a recompile.
More information about the Freeradius-Users
mailing list