Overriding proxy response

Ivan Kalik tnt at kalik.net
Mon Oct 5 10:54:06 CEST 2009


>>> What I need to do is look for MS-CHAP-Error 648 (which means the
>>> password needs to be changed) and then add a different IP address and
>>> filter + DNS server information in order for the end-user to be
>>> redirected to a webserver.
>>
>>   Right now, the server can't change a proxied Access-Reject to an
>> Access-Accept.  Even if it could, RADIUS doesn't support sending DNS
>> information.
>
> Captive portal is not always possible.
>
> E.g. our local telco (Telkom) supports the above scheme for capped
> accoutings.
> You may supply DNS servers via Radius attibutes to the NAS.
>
> The NAS will then assign your DNS servers to the client in stead of the
> standard telco DNS servers.
>
> You then setup your DNS servers to fake it, and supply your "topup page"
> IP
> address for and DNS request.
>
> It is a silly scheme, but it is all they support.

And how is user supposed to open that "topup page" if he is looking for
Google, for instance? What you want *is* a captive portal - it will
capture the user and redirect him from the requested page onto the one you
want him to see.

Ivan Kalik
Kalik Informatika ISP




More information about the Freeradius-Users mailing list