Proxying based on substring in username

[markcapelle at pcmc.com]

I am currently knee deep in an Active Directory domain collapse and need to
figure out how to get FreeRADIUS to authenticate users as they are moved
between domains.  During the AD migration process users accounts are
disabled in the source domain(where FreeRADIUS currently points) and
enabled in the target domain.  What I need to do is figure out a way to
determine if a user has been moved and if they have, proxy the requests to
the new domain.

I see two possible ways to do this -

1 - If the user is in AD group "X" proxy the request

2 - If the username has string "m_", then remove the "m_" string and proxy
the request

My questions are these:  which is the easiest to implement and how do I
implement each?

I have looked at rlm_attr_rewrite a bit and think this may be the module
for the second situation.  I have googled and searched the lists, unable to
find anything of much help.
 CONFIDENTIALITY NOTICE:  This e-mail may contain trade secrets or
privileged, undisclosed or otherwise confidential information. If you have
received this e-mail in error, you are hereby notified that any review,
copying or distribution of this message in whole or in part is strictly
prohibited. Please inform the sender immediately and destroy the original
transmittal. Thank you for your cooperation.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20051214/542c084d/attachment.html>