WARNING: Unknown module "tolower" in string expansion "%"
Юра Фролов
prostovrn at gmail.com
Thu Aug 6 13:28:13 CEST 2015
Hello!
I installed freeradius version 2.2.5 on debian 8.1 (latest version in
repository). For authentification users accept mix 802.1x and mab.
List stored in the files: mac-address in mac_db, name users in name_db (no
sql database accepted)
I also copied all files (configuration files, files users authentification
) with a previously installed and successfully operates freeradius (debian
7.8 freeradius 2.1.12). But when a user tries to authenticate MAC address
(or 802.1x) on an error occurs: "Invalid user".
The logs present a strange record: "WARNING: Unknown module "tolower" in
string expansion "%""
Log failed authentification:
rad_recv: Access-Request packet from host 1.1.1.1 (not real) port 1645,
id=66, length=209
User-Name = "host/user.mycompany.com"
Service-Type = Framed-User
Framed-MTU = 1500
Called-Station-Id = "00-21-56-D6-EA-9F"
Calling-Station-Id = "8C-73-6E-D9-41-1D"
EAP-Message =
0x0201002a01686f73742f5042333030303037303234384e422e77773630302e7369656d656e732e6e6574
Message-Authenticator = 0x2c614fd14a05671b890772dabf25d62f
NAS-Port-Type = Ethernet
NAS-Port = 50031
NAS-Port-Id = "FastEthernet0/31"
NAS-IP-Address = 1.1.1.1 (not real)
server snx-auth {
# Executing section authorize from file
/etc/freeradius/sites-enabled/snx-auth
+group authorize {
++[preprocess] = ok
++? if (!EAP-Message)
? Evaluating !(EAP-Message) -> FALSE
++? if (!EAP-Message) -> FALSE
++? elsif ((User-Name == "OpenStagePhone") || (User-Name =~ /^001a/) ||
(User-Name =~ /^0004/) )
?? Evaluating (User-Name == "OpenStagePhone") -> FALSE
?? Evaluating (User-Name =~ /^001a/) -> FALSE
?? Evaluating (User-Name =~ /^0004/) -> FALSE
++? elsif ((User-Name == "OpenStagePhone") || (User-Name =~ /^001a/) ||
(User-Name =~ /^0004/) ) -> FALSE
++else else {
+++policy rewrite.host_name {
++++update request {
*WARNING: Unknown module "tolower" in string expansion "%"*
++++} # update request = noop
+++} # policy rewrite.host_name = noop
[authorized_name] expand: %{Tmp-String-0} ->
+++[authorized_name] = noop
+++? if (ok)
? Evaluating (ok) -> FALSE
+++? if (ok) -> FALSE
+++else else {
++++[reject] = reject
+++} # else else = reject
++} # else else = reject
+} # group authorize = reject
Invalid user: [host/user.mycompany.com/<no User-Password attribute>] (from
client domain port 50031 cli 8C-73-6E-D9-41-1D)
The problem is conversion (uppercase - lowercase)? Feature works freeradius
version 2.2.5 (undocumented error)? Or something else?
More information about the Freeradius-Users
mailing list