3.57. <AuthBy INTERNAL>

This clause allows you permanently pre-define how to reply to a request, depending only on the type of request. You can specify whether to ACCEPT, REJECT, IGNORE or CHALLENGE each type of request. The default behaviour is to IGNORE all requests.
The following result codes are recognised. They are not case sensitive, and may be embedded within a longer string:
This clause can be useful in a number of cases:
Tip
The RADIUS protocol does not define an accounting reject message. For accounting requests, REJECT and CHALLENGE are the same as IGNORE.
This example clause will ACCEPT all Access Requests, ACCEPT Accounting Starts and Stops, and REJECT everything else:
<AuthBy INTERNAL>
      AuthResult ACCEPT
      AcctStartResult ACCEPT
      AcctStopResult ACCEPT
      DefaultResult REJECT
</AuthBy>
<AuthBy INTERNAL> also supports a number of hooks. You can define a Perl hook to handle some or all requests. Requests that are not handled by a hook will be handled according to the result code defined for that type of request. See goodies/internalhook.cfg for sample hooks.
Hooks are passed information about the request and the hook is expected to return a list of two values.The values are result code, one of:
$main::ACCEPT
$main::REJECT
$main::IGNORE
$main::CHALLENGE
$main::REJECT_IMMEDIATE
to indicate the result of the request, and textual reason message providing information about the result. All hooks in <AuthBy INTERNAL> are passed the same arguments in this order:
Tip
<AuthBy INTERNAL> cannot be used to authenticate any EAP-TLS, TTLS or PEAP protocols directly, but it can be used in conjunction with AuthBy FILE to achieve the same thing:
<AuthBy INTERNAL>
      Identifier myinternal
      .....
</AuthBy>
<Realm DEFAULT>
      <AuthBy FILE>
            Filename %D/users
            EAPType TLS
            .....
and in the users file:
DEFAULT Auth-Type=myinternal
This has the effect of using <AuthBy FILE> to do the EAP authentication handling, certificates etc., and the <AuthBy INTERNAL> to just authenticate the user name.
<AuthBy INTERNAL> understands also the same parameters as <AuthBy xxxxxx>. For more information, see Section 3.32. <AuthBy xxxxxx>.

3.57.1. DefaultResult

Specifies how to reply to any request for which there is no more specific result. The default is to IGNORE.
# Accept everything not otherwise specified
DefaultResult ACCEPT

3.57.2. AuthResult

Specifies how to reply to all Access Requests. There is no default.

3.57.3. AcctResult

Specifies how to reply to all Accounting Requests for which there is no more specific parameter. There is no default.

3.57.4. AcctStartResult

Specifies how to reply to all Accounting Start Requests. There is no default.

3.57.5. AcctStopResult

Specifies how to reply to all Accounting Stop Requests. There is no default.

3.57.6. AcctAliveResult

Specifies how to reply to all Accounting Alive Requests. There is no default.

3.57.7. RequestHook

This optional parameter allows you to define a Perl program that will handle all requests passed to this AuthBy INTERNAL. For more information about the arguments and the required return value, see Section 3.57. <AuthBy INTERNAL>.

3.57.8. AuthHook

This optional parameter allows you to define a Perl program that will handle all Access-Request requests passed to this AuthBy INTERNAL. For more information about the arguments and the required return value, see Section 3.57. <AuthBy INTERNAL>.

3.57.9. AcctHook

This optional parameter allows you to define a Perl program that will handle all Accounting-Request requests passed to this AuthBy INTERNAL. For more information about the arguments and the required return value, see Section 3.57. <AuthBy INTERNAL>.

3.57.10. AcctStartHook

This optional parameter allows you to define a Perl program that will handle all Accounting-Request requests with an Acct-Type of Start passed to this AuthBy INTERNAL. For more information about the arguments and the required return value, see Section 3.57. <AuthBy INTERNAL>.

3.57.11. AcctStopHook

This optional parameter allows you to define a Perl program that will handle all Accounting-Request requests with an Acct-Type of Stop passed to this AuthBy INTERNAL. For more information about the arguments and the required return value, see Section 3.57. <AuthBy INTERNAL>.

3.57.12. AcctAliveHook

This optional parameter allows you to define a Perl program that will handle all Accounting-Request requests with an Acct-Type of Alive passed to this AuthBy INTERNAL. For more information about the arguments and the required return value, see Section 3.57. <AuthBy INTERNAL>.

3.57.13. AcctOtherHook

This optional parameter allows you to define a Perl program that will handle all Accounting-Request requests with an Acct-Type other than Start, Stop and Alive passed to this AuthBy INTERNAL. For more information about the arguments and the required return value, see Section 3.57. <AuthBy INTERNAL>.

3.57.14. OtherHook

This optional parameter allows you to define a Perl program that will handle all requests other than Access-Request and Accounting-Request passed to this AuthBy INTERNAL. For more information about the arguments and the required return value, see Section 3.57. <AuthBy INTERNAL>.

3.57.15. StripFromRequest

Strips the named attributes from the request before it's processed by the AuthBy. The value is a comma separated list of attribute names. StripFromRequest removes attributes from the request before AddToRequest adds any to the request. There is no default.
# Remove any NAS-IP-Address and NAS-Port attributes
StripFromRequest NAS-IP-Address,NAS-Port

3.57.16. AddToRequest

Adds attributes to the request before it's processed by the AuthBy. Value is a list of comma separated attribute value pairs all on one line, exactly as for any reply item. StripFromRequest removes attributes from the request before AddToRequest and AddToRequestIfNotExist adds any to the request. You can use any of the special % formats in the attribute values. There is no default.
# Append a Filter-ID and host name
AddToRequest Calling-Station-Id=1,Login-IP-Host=%h

3.57.17. AddToRequestIfNotExist

Adds attributes to the request before it's processed by the AuthBy. Unlike AddToRequest, an attribute will only be added if it does not already exist in the request. Value is a list of comma separated attribute value pairs all on one line, exactly as for any reply item. StripFromRequest removes attributes from the request before AddToRequest and AddToRequestIfNotExist adds any to the request. You can use any of the special % formats in the attribute values. There is no default.
# Append a Filter-ID and host name if they are not there already
AddToRequestIfNotExist Calling-Station-Id=1,Login-IP-Host=%h