Greetings, I have a FR system that performs local auth and then does some extra policy checks (unlang) in post-auth. I am looking to proxy all my auth to a remote system (not FR), but I'd still like to sanity check if the remote system does not reject the auth. Do folks put policy unlang into post-proxy? I see from the docs: "Once the post-proxy section has finished executing, any existing attributes in the reply list are discarded, and the post-proxy attributes are copied to the reply list. This behavior allows a home server to define the default reply sent back to the NAS." that the local attributes are discarded. Is there a way to update the reply in post-proxy? For instance, this is a snippet of my current post-auth: post-auth { if (User-Name == "foo") { update reply { Reply-Message := "bar" } reject } } Thanks for any hints! -m