We are pleased to announce the release of Radiator version 4.19
This version contains new features and bug fixes described below. The
main enhancements are a fix for a memory leak and logging and debugging
enhancements for unfinished EAP and other authentications.
As usual, the new version is available to current licensees
and evaluators from:
Licensees with expired access contracts can renew at:
An extract from the history file
https://www.open.com.au/radiator/history.html is below:
Revision 4.19 (2017-06-29) new features and bug fixes
Selected compatibility notes, enhancements and fixes
Fixed a memory leak in TLS based EAP methods. This affected
configurations that disable session resumption.
Unfinished EAP authentications are now logged
Ignored authentications are now available for AuthLog logging
Known caveats and other notes
PEAP session resumption sometimes fails on Windows and reverts back to
full authentication. A fix is known and planned for future releases.
Initial testing with OpenSSL 1.1.0. EAP-FAST is not yet functional.
Enhanced log messages generated by TLS based EAP methods. More details
are now logged and available with AuthLog reason information.
Added two new Context module functions: fetch returns an existing
context and resets its timeout. If there's no existing context, returns
nothing. timeout_callback sets a callback function for a context that is
called when the context times out.
Enhanced EAP logging: EAP authentications that do not finish are now
logged both to Radiator log and authentication log. Authentication log
entries are logged as rejected authentications. Suggested by David Zych
EAP contexts are now freed when the authentication finishes instead of
always waiting for context timeout
TLS based EAP methods were leaking memory when EAPTLS_SessionResumption
was disabled. This option is enabled by default.
Added VENDOR Airespace 14179 VSA Airespace-IPv6-ACL-Name to dictionary
Application was misspelled in
DiaAttrList::REDIRECT_HOST_USAGE_REALM_AND_APPLICATION and Diameter
application name 'SIP Application'
Fixed AuthBy SIP2 that rejected both valid and invalid authentication
attempts with EAP-GTC. Enhanced SIP2 logging and updated AuthBy SIP2 to
more reliably handle unsupported EAP methods.
An error message is now logged when quote method is called for a module
that is not a SqlDb. Single quotes are now stripped from quoted value.
Any custom modules that log this message need to be fixed to use a
correct SqlDb derived module when calling quote.
Added support for polling a message queue in Gossip. Added a new
configuration sample radius-dynauth.cfg in goodies that uses AuthBy
DYNAUTH to send RADIUS dynamic authentiation requests. Handler.pm now
passes reference to result reason to replyFn it calls. Minor fixes to
trace id passing and Gossip.
New check items RecvPort, RecvAddress and RecvName match requests based
on the local port or address. For example, if Radiator listens on Radius
port 1645 and 1812 <Handler RecvPort=1645> selects only those requests
that were received by port 1645.
Enhanced Monitor for integrating with other systems. Implemented the
following Monitor commands:
ASCII: change both object and line separators to "\n"
DEFAULT: change both object and line separators back to their default
values ASCII SOH and NUL, respectively
GET: Get a single attribute from an object
With the kind assistance of Kilian Krause
Fixed a crash in SessionDatabase REDIS simultaneous use check
Updated Gossip encryption documentation, logging, invalid key handling
and changed key index 0 to reserved.
StatsLog proxiedNoReply counter is now incremented for Hosts within
AuthBy RADIUS and RADSEC and their derived clauses. Previously the
counter was incremented only for the AuthBy after all retries had been
exhausted. Status-Server timeouts do not increment Host proxiedNoReply
All AuthLog clauses now support LogIgnore flag parameter. This parameter
defaults to not set and when set, allows logging ignored autentication
attempts. An attempt is typically ignored when a user database fails or
Radiator can not return a definitive answer for some other reason.
Proxied requests that return immediate ignore are not logged because a
reply with final result is expected later.
Fixes to GossipUDP server farm and peer discovery messaging
When User or Group global parameter is set, both effective and real user
or group id is set instead of just effective ids.
Fixed a problem where advanced debugging, for example with Monitor's
trace predicates, could cause a crash.
DynAuthPort in Client now defaults to not set instead of 3799. This
allows clauses such as AuthBy DYNAUTH to provide a per request value
that is not overwritten by Client's DynAuthPort.
radiusd now supports multiple -I command line parameters.
Heikki Vatiainen <h...@open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
radiator mailing list