kesm0724 wrote: > Is there anything special (ntlm_auth, ldap_attr,etc) that I need to configure > for FreeRadius to recognize that an active directory account has expired and > the user needs to be prompted to change his/her password?
The server doesn't support "change password" requests. The MS-CHAP extensions are undocumented && Microsoft proprietary. Even if FreeRADIUS implemented them, Samba would need to implement them, too. > I am not even > receiving the "user needs to change password" dialogue box from the Cisco > VPN client. I'm not even sure it's possible to do that without using undocumented Microsoft extensions. You could try adding a Reply-Message attribute, and maybe the VPN will show them to the user. Or maybe not. It's up to the VPN if it shows messages, and many don't. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html