According to Alan DeKok <aland@deployingradius.com> on Thu, 01/20/11 at 04:09:
This was changed by an adminstrator to --username=%{mschap:User-Name:-None} except that the leading left brace ("{") was omitted... :-(
That's a run-time expansion. Checking the config won't help.
I got that. See below.
My question: is there any way to parse and check the "value" of the ntlm_auth variable in the modules/mschap file for valid syntax?
No. It can only be checked by running the server.
You are partly right. See below.
It doesn't seem that this ntlm_auth variable was expanded when the config file was read.
It's not. It's expanded at *run time*, when the server receives a packet.
True. The variable expansion can only occur at run time.
No. "-XC" succeeding means that the configuration is *superficially* OK. It's not a substitute for doing functional tests.
Clearly. :-)
The ntlm_auth line is expanded at run time, using data taken from the packet. That is the *only* time that the server can discover an error. It can't discover the error when it loads the configuration, because the server core doesn't know which strings should be expanded, and what data should be put in the expansion.
This it true: the ntlm_auth line is expanded at run time. My question in this thread is for the consideration of more throrough _syntax_ checking - without expansion - during the -XC process. Proper _syntax_ checking would have caught this gnarly typo. Discovering the actual problem was made more difficult by admins assuming that -XC was more than the above described superficial configuration test. Thank you for your repsonses. Regards, web... -- William Bulley Email: web@umich.edu 72 characters width template ----------------------------------------->|
William Bulley wrote:
This it true: the ntlm_auth line is expanded at run time. My question in this thread is for the consideration of more throrough _syntax_ checking - without expansion - during the -XC process.
How does the server now that some random module will expand some random string in the configuration file? FYI, it's possible to have "%{...}" in a string which *isn't* dynamically expanded.
Proper _syntax_ checking would have caught this gnarly typo. Discovering the actual problem was made more difficult by admins assuming that -XC was more than the above described superficial configuration test. Thank you for your repsonses.
The only way to test run-time expansions is by running packets through the server. If you have a *patch* which helps, great. Until then... Alan DeKok.
participants (2)
-
Alan DeKok -
William Bulley