Hello, You are right, that's why I also plan to set a filter on the connection to make sure that those IP's (the portal and the DNS servers) are the only one the customer can reach. My thought when I woke up this morning is to check in rlm_perl whether the response was a 'change password' MS-CHAP-Error value (648), note down the name, then return a HANDLED. I seem to have noticed that freeradius will not send a reply when you return HANDLED. If so, the client will most likely retry the request, at which point you can catch the same username in pre-auth or pre-proxy and redo the request into a default user that goes to the top up page. Does that seem like a work-around or not? Cheers Eric Ivan Kalik wrote:
And how is user supposed to open that "topup page" if he is looking for Google, for instance? Instead of Google's IPs your DNS servers would return your web server, with the "topup page".
What you want *is* a captive portal - it will
capture the user and redirect him from the requested page onto the one you want him to see.
I didn't say I agree with the DNS scheme. I do agree that a captive portal is the best solution. I was simply mentioning that it is not always possible.
It is possible - that's what you are making. DNS scheme is not going to work. All user has to do to defeat that is to change the assigned DNS servers - and he can surf the net. You need a proper captive portal where user can't simply change DNS info and/or assigned IP and escape.
Ivan Kalik Kalik Informatika ISP
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html