Expired Active Directory Passwords & Wireless Authentication

Jason Agress Jason_Agress at newton.k12.ma.us
Wed Oct 10 04:21:08 CEST 2012


Will that allow successful RADIUS authentication - and, therefore wireless
access - before the password change is initiated? Because our clients are
Macs that won't prompt for password change until after they are connected
to the wireless and authenticating against AD.

Alan DeKok Wrote:
Jason Agress wrote:
> I've read lots about this problem with FreeRADIUS and have seen some
> implied solutions, but nothing concrete. So here's my question: With
> FreeRADIUS, is there a way to allow successful RADIUS authentication
> with an expired password? This way the AD login process can commence and
> the user can be prompted to change his/her password wirelessly.

  Use the git "master" branch.  It supports changing passwords via PEAP.

  See raddb/mods-available/mschap

  Alan DeKok.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20121009/219bc553/attachment.html>


More information about the Freeradius-Users mailing list