Actually, the more we get into integrated suites for ISP usages, the
more interesting this gets. I was talking to a company who writes a
popular proxy for NT. With a little cooperation, we could easily
write some rules into the proxy server to do this.
It would go a little something like this:
When a user logs on, Radius passes the IP information to the proxy
server. The proxy server resets a counter for that IP address. Now
when the IP address comes in, if the counter is zero it sends the
home page. Else, it respects the request. We even talked about some
cool things like if the user runs out of time, give them 10 minutes
to go to a bank, but allow NO web inteface, except a page that would
come up and explain what was going on. ISPs get countless calls
on "why doesn't it work" when it was something like "your account
expired".
RadiusNT optionally has the ability to tack on a filter for the
portmaster if the user is out of time. In this respect you can make
it so that ONLY your web page works. We have dynamic home pages that
lists specific information about the users, including time left,
account expiration, etc. This has saved quite a bit of tech support
to the users explaining "no payment" and what those two words mean. :)
Proxying also has some good bandwidth benfits if done correctly,
including being able to get to popular sites when the net is down.
-- Dale E. Reed Jr. Internet Engineering Associates Providing Internet Solutions for Today