The information of "change password in next logon" is not just a flag or attribuite... it is a mix of both
(...) If this value is set to 0 and the User-Account-Control attribute does not contain the UF_DONT_EXPIRE_PASSWD flag, then the user must set the password at the next logon.
in this microsoft article.
In Radius (here my knowlegde is very limited) you have other code/message to inform the client (in this case, the SA) the user must change the password:
4. New Messages
32 Password Expired
So in order to all this works, should be something like
Radius Client send user credentials to Radius Server
Radius Server check via ldap the credentials of the user and if Pwd-Last-Set attribute is 0 and User-Account-Control has UF_DONT_EXPIRE_PASSWD flag
if true, Radius Server send to radius Cliente the attribute/message 32 to the password be changed.
In comercial products, they implement this... check in freeradius if they do this out-of-box or if you need to code this.