20 Mar
2014
20 Mar
'14
8:26 a.m.
For more details -- setting up WPA enterprise wifi network, and we require our LDAP users to be part of certain groups to get on ("wirelessfaculty," and "wirelessstudents"). If they fail to authenticate due to bad password it'd be nice to give them a 169.254.0.1 address.
That's not possible. If they fail authentication then they will be disassociated from the access point. Depending on the EAP method you can send back an Access-Aceept, but assign them into a 'quarantine' VLAN. This will not work with methods such as EAP-PEAP, only EAP-TTLS. Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS Development Team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2