AW: tolower seems to result in unneeded reject of mac address, or I am using it wrong

Schaatsbergen, Chris Chris.Schaatsbergen at
Tue Dec 21 15:08:51 CET 2010

Hi again all,

Sorry, stupid me.

Not key = %{tolower:"%{Calling-Station-ID}"}
But key = "%{tolower:%{Calling-Station-ID}}"

Now it works again properly.


Chris Schaatsbergen

Von: at [ at] Im Auftrag von Schaatsbergen, Chris
Gesendet: Dienstag, 21. Dezember 2010 15:01
An: freeradius-users at
Betreff: tolower seems to result in unneeded reject of mac address, or I am using it wrong

Hi all,

I am not very used to working with freeradius unfortunately and I am using the Mac Auth solution<> as described on your website and other then the case sensitivity it was working correctly.

I was looking for a way to change the Calling station id to lowercase, or to make the comparison case insensitive as some of our switches return mac addresses in uppercase, others in lowercase. Then I discovered a brand new function "tolower" had been added to the 2.1.10 version of freeradius and we were still at 2.1.8. So after an update I could run freeradius with the added function without errors. Unfortunately it seems not to work correctly.

Now, if a known mac address is authorized, it is rejected

[authorized_macs]       expand: "%{Calling-Station-ID}" -> "00-17-42-1C-44-68"
[authorized_macs]       expand: %{tolower:"%{Calling-Station-ID}"} -> "00-17-42-1c-44-68"
+++++[authorized_macs.authorize] returns noop

00-17-42-1c-44-68 does actually exist in the authorized_macs file. This used to return a match and ok when the calling station id was matched, case sensitive.

Unfortunately I do not have permission from my superiors to utilize a MySQL database yet (which would solve all of this), so I am stuck with the files for now.

Can any of you see what I am doing wrong?

files authorized_macs {
        # The default key attribute to use for matches.  The content
        # of this attribute is used to match the "name" of the
        # entry.
        key = %{tolower:"%{Calling-Station-ID}"}

        usersfile = ${confdir}/authorized_macs

        #  If you want to use the old Cistron 'users' file
        #  with FreeRADIUS, you should change the next line
        #  to 'compat = cistron'.  You can the copy your 'users'
        #  file from Cistron.
        compat = no

post-auth {
# output surpressed
       if(control:Auth-Type == 'CSID'){
              # Authorization happens here
              # %{Calling-Station-ID} = %{tolower:%{Calling-Station-ID}} # here the function does not work (like this)
              if (!ok) {
                     if (!ok) {
                            if (notfound) { # notfound construction used to overcome false rejects
                            else {
                                   update reply {
                                          Cisco-AVPair = "tunnel-type=vlan"
                                          Cisco-AVPair = "tunnel-medium-type=802"
                                          Cisco-AVPair = "tunnel-private-group-id=4"
                            update reply {
                                   Cisco-AVPair = "tunnel-type=vlan"
                                   Cisco-AVPair = "tunnel-medium-type=802"
                                   Cisco-AVPair = "tunnel-private-group-id=1"
                     update reply {
                            Cisco-AVPair = "device-traffic-class=voice"

Chris Schaatsbergen

aleo solar Deutschland GmbH
Chris Schaatsbergen
IT Projekte / IT Projects
Osterstr. 15, 26122 Oldenburg

T +49 441 21988­-288
F +49 441 21988­-150
M +49 162 2552288
chris.schaatsbergen at<mailto:chris.schaatsbergen at>

Geschäftsführer/Management Board: York zu Putlitz, Dr. Jens Sabotke, Norbert Schlesiger
Sitz der Gesellschaft/Registered Office: Oldenburg (Oldb), Germany
Handelsregister/Companies´ Register: Oldenburg, Germany, HRB 4947

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list