Is this hack possible?

[Erling Paulsen]

Hi.

I'm using FreeRADIUS to authenticate Wireless users (WPA) to an LDAP 
backend. FreeRADIUS also rewrites attributes for dynamic Vlan 
assignments. Works like a charm.

Is it possible to make FreeRADIUS rewrite/force an "Access Denied" reply 
into an "Access Accept" reply? Why on earth would I want this? Well, I 
would like to i.e. give a guest-net Vlan back to users that actually 
fail authentication, so that when they try to access the web they will 
instead get connected to a redirected guest-information webpage.

- or does anyone have an idea of how such a functionality can be 
achieved through some kindof magic?

We're using lightweight AP's connected to Cisco WISM controllers.

-
Erling Paulsen