redirecting REJECTed users
Alan Batie
alan at peak.org
Fri Feb 12 23:34:24 CET 2016
On 2/12/16 2:12 PM, Matthew Newton wrote:
> Auth-Type is an internal attribute. It's not sent back to the NAS.
> It should be 'Accept'.
>
> You need to send something else to your NAS to tell it to
> quarantine the user. For example it if is a switch you might set a
> different VLAN by sending back a different Tunnel-Private-Group-Id.
That's what specifying a different ip pool does - it then gives the user
a non-routable ip address (e.g. 10.99.x.x). At the moment, the main
goal is keeping some misconfigured/suspended modems from spamming the
logfile (they retry at relatively high rates on rejection), but
eventually we'll use the mechanism to redirect users to a web site like
most wireless hotspots do.
More information about the Freeradius-Users
mailing list