18-Feb-2022 02:22
Hello i'm facing this issue and I could only find this solution.
Solved: AD password expired - DevCentral (f5.com)
if "pwdLastSet" + "Max-Pwd-Age" >= "now" "password is expired"
How can we translate this into the expr ?
expr {[mcget {session.logon.last.pwdLastSet + session.logon.last.maxPwdAge }] equals session.logon.last.LastLogonTimeStamp }
Is this expr correct ?
Kind regards
22-Feb-2022 01:25
Hi,
The expressión is wrong because you are trying to call some variables that doesn´t exist:
1.session.logon.last.pwdLastSet = session.ad.last.attr.pwdLastSet
2.session.logon.last.maxPwdAge= session.logon.last.attr.maxPwdAge
3.session.logon.last.LastLogonTimeStamp= session.user.starttime
So, the next step is to create an AD Query before Ad Auth and Required Attributes:
1.pwdLastSet
2.maxPwdAge
Could you try to configure the Ad Query and see if you receive the values from the AD? I´m trying to do it in my lab but for some reason, I don´t receive the maxPwdAge and I think that the problem is my AD