Hi Matt, and thanks for the tip. "Walled Garden" sounds fine. I followed the link you send me; as far I understood, a captive portal is a kind of gateway with transparent proxy that redirects the client browser; so, when the customer tries any address, it's source is verified from an auth system (if it has already authenticated, he can pass-through an go anywhere). It should work for me, even with no auth - simply sending a default webpage to the client with a cookie.
Yet, my problem remains: not all my customers should fall in this system - they will (or will not) fit in this rule according some criteria - and the Radius is my first choice, since everybody's must dial-in and auth in Radius. If I let anyone auth in Radius and force anyone to authenticate in browser to access the web, it will be a great pain for regular customers (90% of the total users); this is the pattern used by free-ISP in Brazil, and it makes this services so boring. Most important, you answered my main question: there's no way to redirect clients homepage with any of Radius features, right? Radius "talks" only with RAS, and not with the end-user. So, any solution will require web-proxy redirecting. No other way? Thanks again, Fernando. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
