Re: Password expiry and freeradius

[Graeme]

thanks guys...
looks like this works
cheers
Graeme
Ali wrote:
or u can use Exec-Program instead of Cron Job. In
Exec-Program script u can
check for Expiration attribute before Expiry time and set the Reply-Message
Attribute accordingly ( to inform user for password change )
- Original Message -
From: "Alexandre Strube" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, June 26, 2002 1:53 AM
Subject: Password expiry and freeradius
> On Tue, 25 Jun 2002 20:39:04 +0200,
[EMAIL PROTECTED] wrote:
>
> >what i'm really looking for is a way to set expiry of a password
to say
> >20 days and then get the user to have to change his password. 
any ideas
>
> This is not so easy to do, and radius itself doesn't do that.
>
> The fact is: if a password is expired (say using the expiration
attribute), radius
> will not let the user get in and this will prevent him from changing
its
own
> password. How can a user change his password if he's unable to log
on?
>
> The solution: use the expiration attribute, but query it peridocally
with
a self-made
> script at your crontab, for instance on a daily basis. This script
would
eventually
> check for users whose password will expire within' some time, and
after a
deadline
> is reached (1 week is a good time), your script will warn the user,
send a
e-mail or
> whatever means, but let the user know that his (or her, sorry for
my bad
english)
> password will expire.
>
> WHEN the user change his password, remember to change the expiration
attribute,
> so the user can log after the initial time of expiration.
>
>
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-- 
Never underestimate the power of stupid people 
in large groups.
 

Re: Embeding Perl in freeradius

[Boian Iliev Jordanov]

На Tuesday 25 June 2002 18:11, Alan DeKok написахте:
> Boian Iliev Jordanov <[EMAIL PROTECTED]> wrote:
> > Does somebody think or have a working version of perl module for
> > freeradius ?  i wrote some code but may be i missed something and
> > radius sometimes makes core dumps. Can somebody help me ? I am ready
> > to provide sources, if some body have interests.
>
>   Use gdb to track down the core dumps.  Post a 'tar' file of the
> module on the web somewhere.
>

Alan at least i try to use gdb but with threads things goes different.  
tar file is located at http://dexie.orbitel.bg/rlm_perl/
see README for details and how to run this module. 
10x in advance.

>   Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html

-- 
--
Best Regards,

Boian Jordanov
SNE
Orbitel - the Internet Company
tel. +359 2 937 07 23


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Proxy radius based on dialled number

[James Taylor]

Thanks Chris, you are a legend!

That config did exactly what I want. :)

However now I have a problem with accounting packets.
They seem to always be proxied off to the default realm no matter what.

I guess this is because the users file is not processed for accounting packets.

Do you or anyone have any idea how I can set a realm for an accounting packet by the 
Called-Station-Id?

Thanks,

James.

On Wed, 19 Jun 2002 21:53, Chris Parker wrote:
> At 01:31 PM 6/19/2002 +0800, James Taylor wrote:
> >Hi all,
> >
> >I wish to set up freeradius to act as a radius proxy but instead of using 
> >the "user@domain" style username for different realms I wish to use the 
> >dialled number (Called-Station-Id) to determine which radius server the 
> >request is sent to.
> >
> >So two people on two different systems can use the exact same 
> >username/password but because they are dialling different numbers the 
> >server is able to tell who they belong to.
> >
> >Has anyone done anything like this before or know how it would be done?
> >
> >I was thinking maybe of checking the Called-Station-Id and then rewriting 
> >the username to add the "@domain" bit for later processing by the proxy 
> >part of the configuration.
> >Anyone know if this can this be done?
> >
> >If not I might consider writing some code to do it.
> 
> No need.
> 
> Configure 'proxy.conf' as you would, creating realm names that make
> sense to you.  Then create entries in your 'users' file like:
> 
> DEFAULT  Called-Station-Id == "5551212", Proxy-To-Realm := "foo"
> 
> DEFAULT  Called-Station-Id == "5553434", Proxy-To-Realm := "bar"
> 
> You could even get really fancy, if you have lots of numbers, but each
> "set" ends in the same last four digits, and use a regexp compare to
> match the phone numbers:
> 
> DEFAULT  Called-Station-Id =~ "*1212$", Proxy-To-Realm := "baz"
> 
> -Chris
> --
> \\\|||///  \  StarNet Inc.  \ Chris Parker
> \ ~   ~ /   \   WX *is* Wireless!\   Director, Engineering
> | @   @ |\   http://www.starnetwx.net \  (847) 963-0116
> oOo---(_)---oOo--\--
>\ Wholesale Internet Services - http://www.megapop.net
> 
> 
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 
> 

-- 
James Taylor BSc (Computer Science)
Systems Administrator - Commerce Australia
Phone: +618 9226 0011 Fax: +618 9226 0033


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Radius and mysql crypt-password and php.

[Alexandre Strube]

I was talking about this on a previous thread, but thought that it would
require one for itself.

Looking for the password encryption schema, what I saw was that
any password generated using the php's function crypt() is correctly
read by radius. 

However, this is strange. As crypt() is a one-way encryption function,
when radius would check for it, I think that it would need to generate
EXACTLY the same hash for querying the database, wouldn't it?

Well, it doesn't look like. For example, look at the following three lines:
all of them are hashes for the word 'test'. Any of them are valid, that is,
if I log and type the password 'test' (without the quotes), any of these
lines will return a access-accept. 

$1$2zGHwN5F$ytHiyCHtFgKkXU6opsHI3/
$1$I61qcigH$kSds2z.MAvRpQqSC70VXp0
$1$xofKQZIU$cc6n6NjIpaE42itF3QK431

That's where I and the password testing function from Dialup_admin fails:
crypting a password with the crypt() funcion without the $salt parameter
will generate a different hash, and the query will eventually fail.

My question is: HOW radius finds the correct password? It will not try
every hash until it finds the correct one, or it checks only for a small size
of the hash?

If I understand this, I can eventually repair dialup_admin so it can test
crypt-passwords correctly... If someone from radius team could help me
with this, I would thank you all!



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Freeradius and ISPD

[Gonzalo Ivan Lozano Hoyos]

Hello freeradius users,

My question is: 
If somebody has tried to use the freeradius with the ISPD 
(http://ispd.eburg.com).. If somebody did please can mail me.

thanks.


Besides that can somebody tell me if there are more modules to add to the 
dialup_admin. Right now Im trying to configure it.



-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Password expiry and freeradius

[Alexandre Strube]

On Tue, 25 Jun 2002 20:39:04 +0200, [EMAIL PROTECTED] wrote:

>i wrote a php frontend to add/remove users as well as change
>passwords... your solution should work and i'll give it an try... but
>will the radius server send a warning to the user to tell him that his
>password has expired ???

What's the password crypting schema? I have some trouble to make
crypt-password work on php... If you use only the php's crypt() function,
it will randomly generate a password.

In fact, its now only me that has this problem. The dialup admin program
which comes with freeradius, fails on testing the crypted-password. Anyway,
it can succesfully generate passwords for radius.

  As opiniões formuladas neste e-mail são de caráter
  exclusivamente pessoal. Minha opinião não necessariamente
representa a opinião do meu Moto Grupo nem da empresa onde
trabalho.

Mene Sakkhet ur-seveh
  Alexandre Ganso - Diretor Steel Goose Moto Group
6, 7 e 8 de setembro - Aniversario 10 anos Steel Goose - Ouro Branco - MG
500 Four Vermelha
[EMAIL PROTECTED]
  ICQ# 3778773






-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

user/group switching behaviour changed

[Chris Parker]

The default behaviour of the server has been changed with respect to the
handling of user/group switching changes.

Previously, when run in debug mode, the server would not switch to the
user/group specified in the config, but would switch when run in daemon
mode.  This could cause problems with the server at times being able
or unable to write information out to the .log and other files.

The server will now switch to the user/group specified in the config file
regardless of whether it is in debug mode or not.  If no user/group are
specifed, then the server will continue to run with the user/group it was
started under.  The config file by default now has the 'user' and 'group'
options commented out.

If you are running the server as a non-root user please take note of this
change as upgrading may require you to make changes to your config.

This takes effect in the latest CVS builds and will be incorporated into
the next release version.

-Chris
--
\\\|||///  \  StarNet Inc.  \ Chris Parker
\ ~   ~ /   \   WX *is* Wireless!\   Director, Engineering
| @   @ |\   http://www.starnetwx.net \  (847) 963-0116
oOo---(_)---oOo--\--
   \ Wholesale Internet Services - http://www.megapop.net



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

How to Run RAdius Server

[Alexandre Strube]

First you need to know what type of authentication you need. 
You can lookup the user/password from the passwd/shadow
files, you can set a plain-text 'users' file, you can look this information
on a sql table, or even inside a ldap server (which I would not
recommend for a newbie on radius, as I see so many people
having trouble with this kind of authentication). The 'users' file
should be the better choice for you to start on radius...

>I have installed free radius in RH 7.1 and how can i able to check for user name and 
>password . how can i able to login inside the radius Server. please let me 
know about that




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Password expiry and freeradius

[Alexandre Strube]

On Tue, 25 Jun 2002 20:39:04 +0200, [EMAIL PROTECTED] wrote:

>what i'm really looking for is a way to set expiry of a password to say
>20 days and then get the user to have to change his password.  any ideas

This is not so easy to do, and radius itself doesn't do that.

The fact is: if a password is expired (say using the expiration attribute), radius
will not let the user get in and this will prevent him from changing its own
password. How can a user change his password if he's unable to log on?

The solution: use the expiration attribute, but query it peridocally with a self-made
script at your crontab, for instance on a daily basis. This script would eventually
check for users whose password will expire within' some time, and after a deadline
is reached (1 week is a good time), your script will warn the user, send a e-mail or
whatever means, but let the user know that his (or her, sorry for my bad english)
password will expire.

WHEN the user change his password, remember to change the expiration attribute,
so the user can log after the initial time of expiration.



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

rlm_unix file not found

[Alexandre Strube]

On Tue, 25 Jun 2002 06:26:09 +0200, [EMAIL PROTECTED] wrote:

Mega-dumb question: did you run ldconfig? And is there a line containing
"/usr/local/lib" inside the /etc/ld.so.conf file (or wherever your system puts
this information)?

>I'm new to freeradius and have a problem.. when I run
>"check-radiusd-config" I get the error:
>radiusd.conf[426] Failed to link to module 'rlm_unix': file not found..
>however the rlm_unix.a and rlm_unix.la are in the /usr/local/lib/
>directory.  'radiusd' doesn't seem to have a problem finding the other
>libraries??




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Who's connected on radius.log?

[Alexandre Strube]

On Tue, 25 Jun 2002 06:26:09 +0200, [EMAIL PROTECTED] wrote:

>I did it and at now, everything is working more or less fine but i'm not able to see 
>in the radius.log file who is connected as it is show
>with cistron radius. It's a way to view in a log who was connected, whose connection 
>failed and why?

To make radius.log look the same as the one from cistron radius, I needed to change 
some things:

Try changing this sections in your radiusd.conf to look like this, and it will do the 
job for you:

#  Log authentication requests to the log file.
#
#  allowed values: {no, yes}
log_auth = yes

#  Log passwords with the authentication requests.
#  log_auth_badpass  - logs password if it's rejected
#  log_auth_goodpass - logs password if it's correct
#
#  allowed values: {no, yes}
log_auth_badpass = yes
log_auth_goodpass = no

  As opiniões formuladas neste e-mail são de caráter
  exclusivamente pessoal. Minha opinião não necessariamente
representa a opinião do meu Moto Grupo nem da empresa onde
trabalho.

Mene Sakkhet ur-seveh
  Alexandre Ganso - Diretor Steel Goose Moto Group
6, 7 e 8 de setembro - Aniversario 10 anos Steel Goose - Ouro Branco - MG
500 Four Vermelha
[EMAIL PROTECTED]
  ICQ# 3778773






-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Password expiry and freeradius

[Asad Manzur]

Set the response in RadGroup. That'll send a message to the user, but if 
the user is on Microsoft products, the implementation doesnt support messages 
coming in from the radius server.
Regards,
Asad

  -Original Message-From: 
  [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED]]On Behalf Of 
  GraemeSent: Tuesday, June 25, 2002 1:31 PMTo: 
  [EMAIL PROTECTED]Subject: Re: Password expiry and 
  freeradiusi wrote a php frontend to add/remove users as 
  well as change passwords... your solution should work and i'll give it an 
  try... but will the radius server send a warning to the user to tell him that 
  his password has expired ???   
  cheers 
  Graeme   
  Asad Manzur wrote: 
  Hi,How do you add accounts? do you add them manually? 
You could write a simple script doing something like insert into radcheck (username, attribute, value) 
values ('username','Expiration',now()+20);Regards,Asad 

  -Original Message- From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On 
  Behalf Of Graeme Sent: Tuesday, June 25, 2002 12:07 PM 
  To: 
  [EMAIL PROTECTED] Subject: Re: Password expiry and 
  freeradiusthanks. 
  what i'm really looking for is a way to set expiry of a password to say 
  20 days and then get the user to have to change his password.  any 
  ideas   
  cheers 
  Graeme 
  Asad Manzur wrote: 
  Hi,Use 'Expiration' as a 
check field with the date format as "01 July 2002" for the expiry 
date.Regards,Asad 

  -Original Message- From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On 
  Behalf Of Graeme Sent: Monday, June 24, 2002 3:16 PM 
  To: 
  [EMAIL PROTECTED] Subject: Password expiry and 
  freeradiusHi guys 
  here is a quick description of my setup. 
  i have a squid box that people proxy to.  It hands the 
  authentication off to a freeradius daemon on the same box.  The 
  free radius the queries a mysql server (on the same box) for user name 
  and password. 
  os - Redhat linux 7.2 freeradius - 0.5 mysql -  Ver 
  11.18 Distrib 3.23.51, for pc-linux-gnu (i686)   
  every thing is working fine.  but i now need to expire user 
  passwords and enable them to change them (this is first prize of 
  course). 
  Does any body know of some documentation on this or has experience 
  doing it in the past.   
  cheers 
  Graeme -- 
Never underestimate the power of stupid people 
in large groups. -- 
Never underestimate the power of stupid people 
in large groups. -- 
Never underestimate the power of stupid people 
in large groups.  

Regular expressions syntax in users file

[Administrateur]

Hi,
I would like to know what is the exact syntax of 
regular expressions in the users file.
What would be the right one?
 
    attribute =~ 
"regexp"
 
    attribute =~ 
"/regexp/"
 
    attribute =~ regexp
 
    attribute =~ 
/regexp/
 
Need help.
thank you
 
    Roonui
 
 

Re: Embeding Perl in freeradius

[Alan DeKok]

Boian Iliev Jordanov <[EMAIL PROTECTED]> wrote:
> Does somebody think or have a working version of perl module for
> freeradius ?  i wrote some code but may be i missed something and
> radius sometimes makes core dumps. Can somebody help me ? I am ready
> to provide sources, if some body have interests.

  Use gdb to track down the core dumps.  Post a 'tar' file of the
module on the web somewhere.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Newbie -- need help

[Alan DeKok]

"BORCHERS,JASON (HP-Roseville,ex1)" <[EMAIL PROTECTED]> wrote:
> I'm really at a loss here, and since I'm so new to RADIUS I have no idea
> what to do next.  I suspect I've missed an important step in setting up the
> server.  Does anyone have any ideas?

  Read the FAQ?

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: rlm_unix file not found

[HenkP]

radiusd.conf[426]is the line number in the radiusd.conf file where the
problem occurs
this is a reference to module "unix" change one of those settings that has
to do with caching passwords or the shadow file setting
try different settings
I would suggest you have there:
cache = yes
shadow = /etc/shadow

the # are comments make sure you remove them from in front of those lines

Regards

Henk Pretorius



   

"Stefan Immel" <[EMAIL PROTECTED]>   

Sent by:To: 
<[EMAIL PROTECTED]>
freeradius-users-admin@lists.   cc:

cistron.nl  Subject: RE: rlm_unix file 
not found   
   

   

2002/06/25 02:32 PM

Please respond to  

freeradius-users   

   

   





> Hey All,
>
> I'm new to freeradius and have a problem.. when I run
> "check-radiusd-config" I get the error:
> radiusd.conf[426] Failed to link to module 'rlm_unix': file
> not found..
> however the rlm_unix.a and rlm_unix.la are in the /usr/local/lib/
> directory.  'radiusd' doesn't seem to have a problem finding the other
> libraries??
>
> Any suggestions?
Which version do you use ??? I had the problem too but it was fixed in a
recent snapshot.


-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html





- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: rlm_unix file not found

[fernando velasco]

sorry 
I don't read carefully  

check the variable
find / -name "rlm_unix*" and edit radiusd.conf 
libdir = /usr/local/lib  #with the correct path 


--- BlUz <[EMAIL PROTECTED]> wrote:
> Hey All, 
> 
> I'm new to freeradius and have a problem.. when I
> run
> "check-radiusd-config" I get the error:
> radiusd.conf[426] Failed to link to module
> 'rlm_unix': file not found..
> however the rlm_unix.a and rlm_unix.la are in the
> /usr/local/lib/
> directory.  'radiusd' doesn't seem to have a problem
> finding the other
> libraries??
> 
> Any suggestions?
> 
> Thanks. 
> 
> 
> 
> 
> 
> - 
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html


=
|-|
|  Ser Joven Y No Ser Revolucionario, |
| |
|  Es Una Contradiccion Hasta Biologica...|
|-|

__
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: rlm_unix file not found

[fernando velasco]

Yes, uncoment the line where says


#shadow = /etc/shadow
by
shadow = /etc/shadow


--- Stefan Immel <[EMAIL PROTECTED]> wrote:
> > Hey All, 
> > 
> > I'm new to freeradius and have a problem.. when I
> run
> > "check-radiusd-config" I get the error:
> > radiusd.conf[426] Failed to link to module
> 'rlm_unix': file 
> > not found..
> > however the rlm_unix.a and rlm_unix.la are in the
> /usr/local/lib/
> > directory.  'radiusd' doesn't seem to have a
> problem finding the other
> > libraries??
> > 
> > Any suggestions?
> Which version do you use ??? I had the problem too
> but it was fixed in a recent snapshot.
> 
> 
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html


=
|-|
|  Ser Joven Y No Ser Revolucionario, |
| |
|  Es Una Contradiccion Hasta Biologica...|
|-|

__
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: rlm_unix file not found

[Stefan Immel]

> Hey All, 
> 
> I'm new to freeradius and have a problem.. when I run
> "check-radiusd-config" I get the error:
> radiusd.conf[426] Failed to link to module 'rlm_unix': file 
> not found..
> however the rlm_unix.a and rlm_unix.la are in the /usr/local/lib/
> directory.  'radiusd' doesn't seem to have a problem finding the other
> libraries??
> 
> Any suggestions?
Which version do you use ??? I had the problem too but it was fixed in a recent 
snapshot.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Embeding Perl in freeradius

[Boian Iliev Jordanov]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi all,
Does somebody think or have a working version of perl module for freeradius ?
i wrote some code but may be i missed something and radius sometimes makes 
core dumps. Can somebody help me ? I am ready to provide sources, if somebody 
have interests.

- --
- --
Best Regards,

Boian Jordanov
SNE
Orbitel - the Internet Company
tel. +359 2 937 07 23
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE9GFYNeYpFgymJ6RARAmp+AJ9h1jxPeo4UUmi8KJMdic9QzVgCuACbBkhx
zjAv+2qWVnhbRbbscl53meE=
=GK0C
-END PGP SIGNATURE-


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Password expiry and freeradius

[Graeme]

i wrote a php frontend to add/remove users as well as change passwords...
your solution should work and i'll give it an try... but will the radius
server send a warning to the user to tell him that his password has expired
???
 
cheers
Graeme
 
Asad Manzur wrote:
Hi,How
do you add accounts? do you add them manually? You could write a simple
script doing something like insert
into radcheck (username, attribute, value) values ('username','Expiration',now()+20);Regards,Asad

-Original
Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Graeme
Sent: Tuesday, June 25, 2002
12:07 PM
To: [EMAIL PROTECTED]
Subject: Re: Password expiry
and freeradius
thanks.
what i'm really looking for is a way to set expiry of a password to
say 20 days and then get the user to have to change his password. 
any ideas
 
cheers
Graeme
Asad Manzur wrote:
Hi,Use
'Expiration' as a check field with the date format as "01 July 2002" for
the expiry date.Regards,Asad

-Original
Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On
Behalf Of Graeme
Sent: Monday, June 24, 2002
3:16 PM
To: [EMAIL PROTECTED]
Subject: Password expiry and
freeradius
Hi guys
here is a quick description of my setup.
i have a squid box that people proxy to.  It hands the authentication
off to a freeradius daemon on the same box.  The free radius the queries
a mysql server (on the same box) for user name and password.
os - Redhat linux 7.2
freeradius - 0.5
mysql -  Ver 11.18 Distrib 3.23.51, for pc-linux-gnu (i686)
 
every thing is working fine.  but i now need to expire user passwords
and enable them to change them (this is first prize of course).
Does any body know of some documentation on this or has experience doing
it in the past.
 
cheers
Graeme
-- 
Never underestimate the power of stupid people 
in large groups.
 


-- 
Never underestimate the power of stupid people 
in large groups.
 


-- 
Never underestimate the power of stupid people 
in large groups.
 

RE: Password expiry and freeradius

[Asad Manzur]

Hi,
How do you add accounts? do you add them manually? You could write a 
simple script doing something like 
insert into radcheck (username, attribute, value) values 
('username','Expiration',now()+20);
 
Regards,
Asad

  -Original Message-From: 
  [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED]]On Behalf Of 
  GraemeSent: Tuesday, June 25, 2002 12:07 PMTo: 
  [EMAIL PROTECTED]Subject: Re: Password expiry and 
  freeradiusthanks. 
  what i'm really looking for is a way to set expiry of a password to say 20 
  days and then get the user to have to change his password.  any ideas 
    
  cheers 
  Graeme 
  Asad Manzur wrote: 
  Hi,Use 'Expiration' as a check field with the date 
format as "01 July 2002" for the expiry date.Regards,Asad 

  -Original Message- From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On 
  Behalf Of Graeme Sent: Monday, June 24, 2002 3:16 PM To: 
  [EMAIL PROTECTED] Subject: Password expiry and 
  freeradiusHi guys 
  here is a quick description of my setup. 
  i have a squid box that people proxy to.  It hands the 
  authentication off to a freeradius daemon on the same box.  The free 
  radius the queries a mysql server (on the same box) for user name and 
  password. 
  os - Redhat linux 7.2 freeradius - 0.5 mysql -  Ver 11.18 
  Distrib 3.23.51, for pc-linux-gnu (i686)   
  every thing is working fine.  but i now need to expire user 
  passwords and enable them to change them (this is first prize of course). 
  Does any body know of some documentation on this or has experience 
  doing it in the past.   
  cheers 
  Graeme -- 
Never underestimate the power of stupid people 
in large groups. -- 
Never underestimate the power of stupid people 
in large groups.