<AuthBy RADIUSBYATTR> sends a RADIUS message to remote RADIUS peers based on the attributes defined in the message. This AuthBy can be used for proxying to RADIUS servers or sending RFC 5176 dynauth requests to RADIUS clients. The dynauth requests are typically created by <AuthBy DYNAUTH>. For more information, see Section 3.98. <AuthBy DYNAUTH>.
<AuthBy RADIUSBYATTR> is a subclass of <AuthBy RADIUS> and handles retransmissions automatically.
<AuthBy RADIUSBYATTR> is currently experimental and not fully documented.

3.99.1. HostsInfoAttribute

This attribute contains Host information in a request. The default is the pseudo-attribute RadiusHosts. If the attribute name is empty, HostParamDef values are used instead. For more information, see Section 3.99.2. HostParamDef. Format for the attribute value is below. The value must be on one line:
Here is an example of using HostsInfoAttribute:
# Get the next hop host info from HostParmDef parameters

3.99.2. HostParamDef

This is a list of parameter definitions for Radius Hosts. Format is: HostParamDef hostkeyword,radiusattributename[,defaultvalue]
# Set some parameters for sending from pseudo attributes in the request
HostParamDef Retries,x-retries,1
HostParamDef RetryTimeout,x-retry-timeout,2

3.99.3. <Host xxxxxx> within <AuthBy RADIUSBYATTR>

This clause can be used to specify the name and details of RADIUS peers inside <AuthBy RADIUSBYATTR>. The <Host xxxxxx> clause further allows you to customise details for individual peers. <AuthBy RADIUSBYATTR> permits one or more Host clauses.
In the <Host xxxxxx> clause header, the xxxxxx is the Host name or IP address of the remote RADIUS peer to proxy to. The Host name can contain special formatting characters, which are resolved at startup. Here is an example of using Host clause within <AuthBy RADIUSBYATTR>:
      <Host server1.test.com>
            Secret xyzzy
            AuthPort 1645
            AcctPort 1646
      <Host server2.test.com>
            Secret xyzzy
            AuthPort 1645
            AcctPort 1646
The following parameters can be used within a Host clause. They have the same meaning and default values as the parameter of the same name in the enclosing <AuthBy RADIUSBYATTR>: DynauthPort

This string defines the destination port to which RADIUS dynamic authorisation requests are sent to. This can be overridden for an individual host inside its Host clause. This parameter has no default value. DynAuthSecret

This string defines the shared secret that is used for encrypting RADIUS dynamic authorisation requests that are sent to this host. The default value is the host's Secret.