Hello All. I am looking for ideas/experiences that members may have on the following problem.

I have an end user who authenticates their PPP session via a RADIUS (Radiator - Linux talking to a Cisco LNS). I have complete control over their user profiles in RADIUS. Normally when then Auth ok their session will be established and off the go. Now, say the user has not paid their bill for love nor money and I just cannot contact them. I'd like to suspend the account but should they try to login again some time later have them redirected to a web page that says "Hey, where have you been? I'v been trying to contact you etc., please call me.". All they can do is browse there and nowhere else. I'd like this ability so selectively point users to pages as I see fit. As I have no way to control what they type into their browser I think I'll have to make do with the default page on whatever webserver I use?

One solution I am considering is to return a special limited pair of Primary/Secondrary DNS attributes from RADIUS which point to a specially comissioned Name Server. Each resolve would yield the same IP address, the web server I want them to get to. I've read this suggestion elsewhere.

A second idea is to do something with my default routes but that is as far as I have thought that one thus far.

Has anyone done anything similar or have any suggestions on any of this. Apologies is this is the wrong formum as well. Pleas feel free to rell me where to go, in any sense of the phrase.

Many thanks in advance.
Dave.

You probably give the users a specific ip address when they authenticate with radius.
Just give the users you want to block a special ip address and redirect that ip with some firewall rules to a specific server where you have those "Hey, where have you been? I'v been trying to contact you etc., please call me." webpages.