We're running BMAS 3.5 on NW 5.1 support 2a and have been for quite
some
time. We just recently noticed (this could of been the case since the

beginning) RADIUS
is not decrementing grace logins when the account has expired,
therfore all
our expired users are still able to authenticate.

Our Radius environment is configured as follows.
LPO - One LPO rule is defined with a defined user group and the
authentication method of "NDS Password, Mandatory". We have two DAS's
set
up in two different trees. A generic proxy is set up to for certain
users
authenticate to a different tree. All has worked well for years.

TID 2963216 states that BM35ADM7.exe includes a fix from BM35ADM3.exe
that
is similar in nature. We are currently using adm.nlm version 3.63
dated
2/3/2001 that was included in the BM35ADM3.exe. We are using
radius.nlm
version 3.24 dated 5/7/2001. TID 10064965 recommends a fix of
deleting the
Login Policy Object, which I fear will cause other problems. This
TID also
indicates a defect was created and submitted to engineering on
adm.nlm.

I did try the latest adm.nlm from the BM35ADM7.exe in my similiarly
configured test tree for kicks and it did not fix the problem.

Any suggestions?

Thank you.
Robb