Overriding proxy response

[Eric]

Hello,

You are right, that's why I also plan to set a filter on the connection 
to make sure that those IP's (the portal and the DNS servers) are the 
only one the customer can reach.
My thought when I woke up this morning is to check in rlm_perl whether 
the response was a 'change password' MS-CHAP-Error value (648), note 
down the name, then return a HANDLED. I seem to have noticed that 
freeradius will not send a reply when you return HANDLED. If so, the 
client will most likely retry the request, at which point you can catch 
the same username in pre-auth or pre-proxy and redo the request into a 
default user that goes to the top up page.

Does that seem like a work-around or not?

Cheers

Eric

Ivan Kalik wrote:
>>> And how is user supposed to open that "topup page" if he is looking for
>>> Google, for instance?
>> Instead of Google's IPs your DNS servers would return your web server,
>> with
>> the "topup page".
>>
>> What you want *is* a captive portal - it will
>>> capture the user and redirect him from the requested page onto the one
>>> you
>>> want him to see.
>>>
>> I didn't say I agree with the DNS scheme.
>> I do agree that a captive portal is the best solution.
>> I was simply mentioning that it is not always possible.
> 
> It is possible - that's what you are making. DNS scheme is not going to
> work. All user has to do to defeat that is to change the assigned DNS
> servers - and he can surf the net. You need a proper captive portal where
> user can't simply change DNS info and/or assigned IP and escape.
> 
> Ivan Kalik
> Kalik Informatika ISP
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html