[RADIATOR] DYNADDRESS and multiple Authby

[Jim]

Hi,

I need to configure Radiator to allocate Dynamic IP's but we are already 
using multiple AuthBy's with ContinueWhileReject.  Our current handler 
would be:

<Realm>
    AuthByPolicy ContinueWhileReject
    AuthBy LdapAuthenticator
    AuthBy TooManyFail
</Realm>

Where if the request is rejected it will check the "TooManyFail" AuthBy 
which connect the user in a walled garden if they have spammed too many 
failed auths.

Now for DYNADDRESS we would need to use ContinueWhileAccept instead 
which would break our current TooManyFail auth check:

<Realm>
    AuthByPolicy ContinueWhileAccept
    AuthBy LdapAuthenticator
    <AuthBy DYNADDRESS>
         AddressAllocator SQLAllocator
    </AuthBy>
</Realm>

How would I go about implementing Dynamic IP allocation and a 2nd authby 
to return a generic walled garden answer when they have too many 
failures?  I was thinking either:

1. Put a PostAuthHook or PostProcessingHook (not sure which) in our 
current Realm which checks to see if the reply is an ACCEPT with no 
Framed-IP-Address, and if so allocate a Dynamic IP.  Would also require 
config in accounting handler to deallocate IP.

2. Setup our realm as in the 2nd example and have a PostAuthHook or 
PostProcessingHook which checks to see if the response is a REJECT.  If 
it is then check to see if they are in our 'badlist' and if so modify 
the access response to an Accept with the walled garden attributes?

Are both of these 2 solutions valid?  If so what are your thoughts on 
the them - is one much better than the other?  I have not implemented 
any hooks so far (or any Perl programming for that matter) so any advice 
and pointers appreciated.

Thanks.

Jim.