[RADIATOR] configuration validation
Heikki Vatiainen
hvn at open.com.au
Mon Mar 13 13:23:50 UTC 2017
On 12.3.2017 15.42, Eric W. Bates wrote:
> Is there a recommended technique to validate a radius.cfg? Something
> like named-checkconf.
There's -c option for radiusd. It will read the configuration and checks
what it can. It does not, for example, attempt to connect to SQL
databases, so it will not catch those types of problems.
Unknown parameters, unbalanced clause starts, for example <Handler>
closed with </AuthBy> and various other things are reported with log
messages.
> I'm asking because I'm trying to use ansible to synchronize multiple
> servers. Best-practice recommends running a config validation as a
> pre-condition for daemon restart.
There's actually work ongoing to enhance configuration checking.
Currently the output from -c is more for human consumption, so the exit
code, for example, does not reflect the check results. We are looking at
returning different exit codes depending of level of problem (warning,
error) from -c run.
What you could do now is to wrap radiusd -c invocation with a script
that greps errors and warnings and then returns non-zero exit code.
Thanks,
Heikki
--
Heikki Vatiainen <hvn at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
More information about the radiator
mailing list