Freeradius: Force user to change password on first login

Cristian Ciobanu cioby.service at
Wed Nov 30 19:01:28 UTC 2022


I'm running FreeRADIUS for authenticating and assigning IP addresses to
users connected to a SSLVPN server (OCserv).

As an authentication source for FreeRADIUS I am using an LDAP server. The
setup is working fine and users can connect successfully using RADIUS+LDAP
authentication and receive an IP address.

After I create the user account on the LDAP server I want to force the user
to change its assigned password on first login or if the account has
already expired and he is trying to connect to VPN.

Is this possible to be done using Freeradius ?

I did not find any information in the documentation or solution to explain
if this can be done or if it is supported when using RADIUS+LDAP

Thank you and kind regards,

More information about the Freeradius-Users mailing list