Você pode tentar usar o perl no REJECT do Post-Auth-Type
post-auth {
# Login successful: get an address from the IP pool.
ippool
Post-Auth-Type REJECT {
# Login failed
perl
}
}
referencia Freeradius FAQ , Documentos do tipo" Post-Auth-Type ", rlm_perl .