According to Alan DeKok <al...@deployingradius.com> on Thu, 01/20/11 at 04:09: > > > > This was changed by an adminstrator to --username=%{mschap:User-Name:-None} > > except that the leading left brace ("{") was omitted... :-( > > That's a run-time expansion. Checking the config won't help.
I got that. See below. > > My question: is there any way to parse and check the "value" of the > > ntlm_auth variable in the modules/mschap file for valid syntax? > > No. It can only be checked by running the server. You are partly right. See below. > > It doesn't seem that this ntlm_auth variable was expanded when the config > > file was read. > > It's not. It's expanded at *run time*, when the server receives a packet. True. The variable expansion can only occur at run time. > No. "-XC" succeeding means that the configuration is *superficially* > OK. It's not a substitute for doing functional tests. Clearly. :-) > The ntlm_auth line is expanded at run time, using data taken from the > packet. That is the *only* time that the server can discover an error. > It can't discover the error when it loads the configuration, because > the server core doesn't know which strings should be expanded, and what > data should be put in the expansion. This it true: the ntlm_auth line is expanded at run time. My question in this thread is for the consideration of more throrough _syntax_ checking - without expansion - during the -XC process. Proper _syntax_ checking would have caught this gnarly typo. Discovering the actual problem was made more difficult by admins assuming that -XC was more than the above described superficial configuration test. Thank you for your repsonses. Regards, web... -- William Bulley Email: w...@umich.edu 72 characters width template ----------------------------------------->| - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html