Allow password change to work again

author Alan T. DeKok <aland@freeradius.org>

Tue, 15 Dec 2015 19:42:28 +0000 (14:42 -0500)

committer Alan T. DeKok <aland@freeradius.org>

Tue, 15 Dec 2015 19:42:28 +0000 (14:42 -0500)
author Alan T. DeKok <aland@freeradius.org>
Tue, 15 Dec 2015 19:42:28 +0000 (14:42 -0500)
committer Alan T. DeKok <aland@freeradius.org>
Tue, 15 Dec 2015 19:42:28 +0000 (14:42 -0500)
diff --git a/src/modules/rlm_mschap/rlm_mschap.c b/src/modules/rlm_mschap/rlm_mschap.c

index 1d648ad3a7abcb814a1c5e5a3821ebe8db5a1bf9..d65cf6354d4be4ce2f79151b510acb270e071dc5 100644 (file)
--- a/src/modules/rlm_mschap/rlm_mschap.c
+++ b/src/modules/rlm_mschap/rlm_mschap.c
@@ -1408,7 +1408,11 @@ static rlm_rcode_t mschap_error(rlm_mschap_t *inst, REQUEST *request, unsigned c
             (smb_ctrl && ((smb_ctrl->vp_integer & ACB_PW_EXPIRED) != 0))) {
                 REDEBUG("Password has expired.  User should retry authentication");
                 error = 648;
-               retry = inst->allow_retry;
+
+               /*
+                *      A password change is NOT a retry!  We MUST have retry=0 here.
+                */
+               retry = 0;
                 message = "Password expired";
                 rcode = RLM_MODULE_REJECT;
author	Alan T. DeKok <aland@freeradius.org>
	Tue, 15 Dec 2015 19:42:28 +0000 (14:42 -0500)
committer	Alan T. DeKok <aland@freeradius.org>
	Tue, 15 Dec 2015 19:42:28 +0000 (14:42 -0500)