Hi All,
Answering my own post, I ended up putting some sort of check in
post_proxy (match for MS-CHAP-Error 648), which then sets the username
that I need to assign a different IP ranges because the account is set
on the IAS as 'change password' in a db file. I return from post_proxy
with HANDLED; This means indeed that the client times out. Durint the
authorize phase I then check whether this is the username I need to
allow, delete it from the db_file and rewrite the request to a default
user with the parameters that I need.
Now just need to figure out how to do the DNS. Worst case I can use a
split-dns based on the different IP ranges.
Cheers
Eric
Johan Meiring wrote:
Ivan Kalik wrote:
And how is user supposed to open that "topup page" if he is looking for
Google, for instance?
Instead of Google's IPs your DNS servers would return your web server,
with
the "topup page".
What you want *is* a captive portal - it will
capture the user and redirect him from the requested page onto the one
you
want him to see.
I didn't say I agree with the DNS scheme.
I do agree that a captive portal is the best solution.
I was simply mentioning that it is not always possible.
It is possible - that's what you are making. DNS scheme is not going to
work. All user has to do to defeat that is to change the assigned DNS
servers - and he can surf the net. You need a proper captive portal where
user can't simply change DNS info and/or assigned IP and escape.
Our local telco includes a filter for you as well, with the DNS scheme,
so the client can only reach your topup server.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
