>>> What I need to do is look for MS-CHAP-Error 648 (which means the >>> password needs to be changed) and then add a different IP address and >>> filter + DNS server information in order for the end-user to be >>> redirected to a webserver. >> >> Right now, the server can't change a proxied Access-Reject to an >> Access-Accept. Even if it could, RADIUS doesn't support sending DNS >> information. > > Captive portal is not always possible. > > E.g. our local telco (Telkom) supports the above scheme for capped > accoutings. > You may supply DNS servers via Radius attibutes to the NAS. > > The NAS will then assign your DNS servers to the client in stead of the > standard telco DNS servers. > > You then setup your DNS servers to fake it, and supply your "topup page" > IP > address for and DNS request. > > It is a silly scheme, but it is all they support.
And how is user supposed to open that "topup page" if he is looking for Google, for instance? What you want *is* a captive portal - it will capture the user and redirect him from the requested page onto the one you want him to see. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
