Erling Paulsen wrote:
Hi.
Is it possible to make FreeRADIUS rewrite/force an "Access Denied" reply
into an "Access Accept" reply? Why on earth would I want this? Well, I
would like to i.e. give a guest-net Vlan back to users that actually
fail authentication, so that when they try to access the web they will
instead get connected to a redirected guest-information webpage.
- or does anyone have an idea of how such a functionality can be
achieved through some kindof magic?
We do a similar thing, but the logic is a little more complicated. I had to write a
module to do what I wanted, which I call from the Post Auth phase. Our module retrieves a
"Captive Portal" network access profile out of LDAP and sets the response code
to Access-Accept.
The major problem with modifying the response code in the post-auth section is
that the authentication result has already been written to radiusd.log at that
stage (in version 1.0.1) so it starts to make the log files difficult to
interpret.
So, its definitely possible to do what you want, make it may take a reasonable
amount of effort.
cheers,
Mike
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html