Ivan Kalik wrote: >> That sounds nice. But he still needs some attributes and the NAS has to >> think that he is authenticated... > > Then you should have a NAS with fascility to place unauthenticated users > into a guest VLAN. And you don't need a captive portal.
I explain a little bit more what I like to do ... I have a Cisco LNS which terminates L2TP Tunnels. This cisco makes the Radius request to my freeradius. Normal Users get authenticated normaly, get Static or dynamic ip's and so on. User not in the sql database should get assigned a vrf group and a ip pool for assigning ip's (I know how to do that with Cisco-AVPairs). This vrf has a default route to a linux box doing some magic stuff with iptables and apache (not done jet). Hope that clears up some things. Regards Matthias -- Matthias Cramer / mc322-ripe Senior Network & Security Engineer iWay AG Phone +41 43 500 1111 Josefstrasse 225 Fax +41 44 271 3535 CH-8005 Zürich http://www.iway.ch/ GnuPG 1024D/2D208250 = DBC6 65B6 7083 1029 781E 3959 B62F DF1C 2D20 8250 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
