We had / have the same problem. Besides radiator, we also have our own radius server (but we're trying to get rid of it, VPN by VPN). The subscribers have an attribute 'radiusProfile' in their object. Whenever the value equals "1" they should have normal access, "0" no access and for instance "2" some different set of attributes: eg. a set of ip-filters.
We forgot about the 2 for now. Somebody suggested to use the PreAuthHook to add an NV pair: add_attribute("radiusProfile", "1") and add another attribute in the directory, radiusCheck. An object now looks like this:
radiusProfile = "1"
radiusCheck = "radiusProfile=1"
The first attribute is still necessary for the other Radius server, and the second to make it work with Radiator. I think it would be a nice feature to be able to check the retrieved attributes in a hook like PostAuthHook, and be able to reject or accept it based on the vlaue (or even better, select a profile at that point.)
But anyway, this mechanisms does the job perfect for us.