Radius IAS or NPS on a Microsoft server platform

Hi I require an IAS / NPS Server (Microsoft Radius Server) Guru to do some work on my Microsoft Raduis server. I want to be able to do the following on a currently working IAS environment or an upgraded 2008 server running NPS. I am happy to add a Linux host into the equation, but the front of radius must stay as the Microsoft IAS or NPS server. I know that this can be done in Linux, but I do not have the luxury of using Linux. I can use a third party product on Windows or point radius off to a Linux server as long as the main security access point is IAS or NPS server for Cisco VPN, direct VPN and wireless access point radius authentication. IAS currently authenticates my remote access VPN and Wireless users from Active Directory. I want to do the following; 1. If the user's active directory account that is trying to authenticate using radius has expired, or is expiring within 1 day, is locked out, or has entered the wrong password more than 5 times. Do the following; A. Give the user access with very limited access. B. The user will be given an IP address and will only be able to get to one web server of port 443. C. When they open a browser and choose any address, it will bring up only one internal site that is our web based password changing system. The site is in currently in existence and working on my internal network. NOTE: It is like the sort of system that when I am in a hotel room and connect to their network, I can only get to their billing system till I pay for access, once I have paid, I can then get full access to the net and other services. Please respond to this job if you have strong experience with IAS or have a way to make this happen with Microsoft IAS as the front end then going to Linux or some other solution. I look forward to your responses; please feel free to ask questions.