Hi Marc, At least the logic of what you are trying to do sounds reasonable. Could you share the relevant config? (of course without secrets, and feel free to remove or obfuscate the IP addresses as well). Best regards, Fabian -- SWITCH Fabian Mauchle, Network Engineer Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland Phone +41 44 268 15 30, direct +41 44 268 15 39 fabian.mauchle(a)switch.ch, http://www.switch.ch On 11.02.20, 08:50, "Marc Sauer" <m.sauer(a)khm.de> wrote: Hello, I need to setup a rewrite, that removes the realm when forwarded to the local Radius server. I've already set up a rewrite with the following content: modifyAttribute 1:/^(.*)@mydomain.de$/\1/ My local radius server only accept usernames without the realm. When I include the realm in the server block of the config file nothing is changing. The only way it works is when I include it in the client block. There is a problem when including it in the client block, though: Since the realm is removed so early, radsecproxy thinks that it's a user from another organization and forwards it to the top level radius server. That's not what I want. So I need the following setup: User tries to log in with realm @example.com -> Radsecproxy sees thats it's coming from my organization -> Radsecproxy looks into the server block of my local radius -> Before sending the request to my local radius, it removes the @example.com from the username. Can anyone help me with that setup? I hope my explanation was clear enough. Thank you and greetings from Cologne, Germany. -- Marc Sauer Linux Systems Administrator Kunsthochschule für Medien Köln/ Academy of Media Arts Cologne Peter-Welter-Platz 2 50676 Köln https://www.khm.de https://en.khm.de