Crosspost [hostap, freeradius] Can I send "temporary failure" or "wpa tls has failed, so shove them on a vlan" ?

Christ Schlacta aarcane at
Tue Dec 7 03:58:07 CET 2010

On 12/6/2010 6:31 PM, Alan DeKok wrote:
> Christ Schlacta wrote:
>> 1) the user has bad or no credentials
>> in this case the user should be sent to a captive vlan where all they
>> can do is connect to the registration webpage to acquire a certificate
>> and bind it to their wifi MAC address.
>    You want a captive portal.  This has very little to do with RADIUS.
>    Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
I know i'll be developing a custom captive portal to run, what I need to 
know is how a) freeradius needs to interact with the portal software 
(can freeradius run scripts as hooks? or similar?, or does freeradius 
need to use some complex configuration to make updates to the backend 
(probably sql or ldap), and b) what does hostapd need to allow users 
with failed authentication to connect, but to a different vlan?  is that 
even possible.

in the grand scheme of things, captivating clients on any given vlan 
will be a very simple task.

More information about the Freeradius-Users mailing list