I'm using MAC address authentication against a FreeRADIUS Version 3.0.20 (RHEL8) server. My WLAN controller sends the MAC in the format 2c-7b-a0-2f-bb-f1 but FR seems to convert it to 2c7ba02fbbf1. My SQL database has the MACs in the 2c-7b-a0-2f-bb-f1 format. I added this to sites-enabled/default in the authorize section. I've tried many formats but can't seem to get it right. Can it be fixed or am I crazy and should just update the database with the expected format? # Check if User-Name is a MAC address in the correct format if ("%{User-Name}" =~ /^([0-9A-Fa-f:-]{12,17})$/) { update request { # Convert to lowercase (optional) Tmp-String-0 := "%{tolower:%{User-Name}}" # Remove non-alphanumeric characters (colons, dashes) using expr Tmp-String-1 := "%{expr:%{Tmp-String-0}:s/[-:]//g}" # Assign cleaned MAC address to User-Name User-Name := "%{Tmp-String-1}" } } The debug output is: (0) suffix: Checking for suffix after "@" (0) suffix: No '@' in User-Name = "2c7ba02fbbf1", looking up realm NULL (0) suffix: No such realm "NULL" (0) [suffix] = noop (0) if ("%{User-Name}" =~ /^([0-9A-Fa-f:-]{12,17})$/) { (0) EXPAND %{User-Name} (0) --> 2c7ba02fbbf1 (0) if ("%{User-Name}" =~ /^([0-9A-Fa-f:-]{12,17})$/) -> TRUE (0) if ("%{User-Name}" =~ /^([0-9A-Fa-f:-]{12,17})$/) { (0) update request { (0) EXPAND %{tolower:%{User-Name}} (0) --> 2c7ba02fbbf1 (0) Tmp-String-0 := 2c7ba02fbbf1 (0) Expected operator at "c7ba02fbbf1:s/[-:]//g" (0) EXPAND %{expr:%{Tmp-String-0}:s/[-:]//g} (0) --> (0) Tmp-String-1 := (0) EXPAND %{Tmp-String-1} (0) --> (0) User-Name := (0) } # update request = noop (0) } # if ("%{User-Name}" =~ /^([0-9A-Fa-f:-]{12,17})$/) = noop (0) eap: No EAP-Message, not doing EAP (0) [eap] = noop (0) [files] = noop (0) sql: EXPAND %{User-Name} -Mike