Gary, Thanks for your swift reply. As said, i am completely new to radius so trying to figure it all out now.
We have an AD forest with over 1,000 users, with only a few of them needing access to the devices. Are there possibilities to acheive this? On the AD domain there are already password policies in place, so that would be covered. J Op 23 mrt. 2011 om 20:58 heeft Gary Gatten <ggat...@waddell.com> het volgende geschreven: > Will you be using some backend database; LDAP, AD, eDirectory, etc.? > > "Typically" RADIUS either permits or denies based on a query reply it > receives from the backend system. I don't *think* you would be allowed to > change your password via RADIUS (it typically only has RO access to the DB, > and I'm not even sure the RADIUS protocol supports it), but I *believe* it > will pass attributes to your client that will indicate if the password is > expired or not. > > And yes, typical password policy requires a change every n days; sometimes as > often as 30 days, sometimes every 180+ > > Gary > > > -----Original Message----- > From: freeradius-users-bounces+ggatten=waddell....@lists.freeradius.org > [mailto:freeradius-users-bounces+ggatten=waddell....@lists.freeradius.org] On > Behalf Of Jeffrey Belles > Sent: Wednesday, March 23, 2011 2:37 PM > To: freeradius-users@lists.freeradius.org > Subject: Network authentication and password policy > > Hello, > I am new to this list and planning to deploy a radius-server. > Sole purpose will be to authenticate against network equipment. Mainly > Juniper and cisco and Sonicwall. > > I am looking for best practice solutions for password policy. Is there any > way to force network engineers to change their passwords after either first > login or expiry date? > Having everybody manually submit passwords on the server and/or having them > change it every x weeks seems a bad plan. > > Anyone any ideas? > > Thx > Rgds, > Jeffrey > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > > > > > <font size="1"> > <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in > 0in 1.0pt 0in'> > </div> > "This email is intended to be reviewed by only the intended recipient > and may contain information that is privileged and/or confidential. > If you are not the intended recipient, you are hereby notified that > any review, use, dissemination, disclosure or copying of this email > and its attachments, if any, is strictly prohibited. If you have > received this email in error, please immediately notify the sender by > return email and delete this email from your system." > </font> > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html