Crosspost [hostap, freeradius] Can I send "temporary failure" or "wpa tls has failed, so shove them on a vlan" ?
Mon Dec 6 15:55:20 PST 2010
I want an option to do some sort of "your authentication is pending
administrative approval. a message has been sent to the administrators,
please try again in a few minutes". AND an option to sya "your
authentication has failed completely, I'm sending you to a separate
vlan" namely, the situation is as follows:
I've got an interface available on a separate AP to allow users to
register for and acquire a certificate. The certificate is bound to a
single hostname and mac address. THere are two failure conditions:
1) the user has bad or no credentials
in this case the user should be sent to a captive vlan where all they
can do is connect to the registration webpage to acquire a certificate
and bind it to their wifi MAC address.
2) the user has good credentials but fails "MAC" authentication.
The mac address will go through some level of processing, which will
result in either "adding" the mac address to their account and
succeeding, or triggering a "We have to send a request for review to the
administrators" and sending the user to a separate vlan with a "explain
why you have so many MAC addresses" website.
Not sure how to configure hostapd and freeradius together to do this.
More information about the Hostap