We are pleased to announce that Radiator 2.13 is now available.

2.13 includes lots of new features and some bug fixes. Below is an extract from
the history file. (If you think you have seen this before, look again, because
there have been some additions since 2.13beta)

Existing customers and current testers can download the new version
from http://www.open.com.au/radiator/downloads/Radiator-2.13.tar.gz

>From the history file:

Revision 2.13 (17/2/99) Lots of new features, some bug
Added SNMP Agent. Now supports SNMP V1
requests as per
draft-ietf-radius-servmib-04.txt. That means that you can get
various types of server statistics, and even reset the server using
SNMP. You might want to use MRTG or similar for monitoring your
Added AuthBy RODOPI and example rodopi.cfg. Rodopi is quite a
mature NT/MS-SQL based billing system with a Java/web GUI.

Added new configurable and subclassable logging modules: Log
FILE, Log SYSLOG and Log SQL. You can now log to any and all
places at the same time, plus easily add your own logging modules.

Simultaneous use check with finger for Portslave, Ascend, Shiva or
Computone now defaults to using an internal perl finger client. You
can still force it to use an external finger program by specifying
FingerProg in the config file. The internal client improves portability
to NT, and will improve performance, since it avoids the cost of
starting an external program.

Rationalised reporting and logging of rejections:
Auth*::handle_request now also returns a reason message, which
can optionally be replied to the user with the new Handler keyword

All AuthBy modules now do their logging through a virtual log()
function in AuthGeneric, which allows you to override with your own
AuthBy specific error logging function. Suggested by Andrea Campi
([EMAIL PROTECTED]). Thanks Andrea.

Added AuthTACACSPLUS to authenticate from Tacacs Plus server.
requires Authen::TacacsPlus module from CPAN. We used the
version in TacacsPlus-0.15.tar.gz. If its not on CPAN, its available
from the author here.

Status-Server message now returns all server and per-client

AuthBy NT can now authenticate from an NT domain controller, even
when Radiator is running on Unix. Requires the Authen::Smb package
from CPAN.

Testing with Security Dynamics ACE/Server Radius (also known as
SecurID). Their radius server is very limited, but Radiator can proxy
to it fine, and handles the Access-Challenges that are used to set
and change PINs etc.

Testing with Freeside, a free Unix based ISP billing package.
Example freeside.cfg created.

Forgot to mention previously the addition of several hooks that allow
you to get control with your own perl code during authentication:
PreClientHook, PreHandlerHook and PreAuthHook, PostAuthHook.

Changed the default Framed-IP-Address in radpwtst.

Fixed problem with cached attributes that meant that when a
username was rewritten, it was not actually changed in the packet,
which made the detail file log incorrectly.

Added "delete session" link to radwho.cgi so that bogus sessions
can be manually deleted.

Added AuthBy GROUP, which allows authentication clauses to be
bundled and grouped to any depth. Its intended for experimenters and
early adopters. It only understands AuthByPolicy, StripFromReply,
AddToReply, DefaultReply so far. Feedback is solicited.

Fixed some bugs in radpwtst -gui mode that caused locked
windows, false timeouts etc. Now works with Perl 5.005 and
Tk800.011 on Unix. Still doesnt work on Win95 (looks like Tk file
handlers are still not right on Win95).

Fixed problems with wtmp format on Linux that prevented who and
last from working.

Created mysqlCreate.sql which correctly builds indexes for mysql.

Added indexes to all SQL scripts in goodies

Can now define AuthBy clauses at the top level, and refer to them
and reuse them with the AuthBy parameter. Good for reusing
complicated SQL database definitions (and reducing the number of
SQL licenses required. From a suggeestion by Stephen Roderick
([EMAIL PROTECTED]). Thanks Steve.

Added support for binary data type in dictionaries. Especially for use
in Proxy-State which can otherwise get trailing NULs stripped off.
radwho.cgi now shows the total number of users online, and
optionally presents a hotlink to force a user off a NAS, by calling an
external progam you specify (not supplied).

Added NoForwardAuthentication and NoForwardAccounting to
AuthBy RADIUS. From patches supplied by Vincent Gillet
([EMAIL PROTECTED]). Thanks Vincent.

Makefile.PL can now do installation on Win95 hosts. No need to use
make any more on Win95 (many people don't have it).

Added LocalAddress to AuthRADIUS, which forces the proxy
forwarding port to bind to a particular address. Defaults to the same
as BindAddress. Useful for multi-homed hosts. Patch supplied by
Lars Marowsky-Bre ([EMAIL PROTECTED]). Thanks Lars.

Improved performance of all Hooks by precompiling the code. From a
suggestion by Lars Marowsky-Bre ([EMAIL PROTECTED]).
Thanks Lars.

Improved robstness of the session databases in the face of lost stop
packets. Now a stop packet will always remove any previous session
that we thought was on that NAS/Port combination. This will make
the session database "self-healing". Your existing DBM session
database will have to be deleted: the database format for DBM is
changed. The table format for the SQL session database is the same,
but the indexes have changed: you should probably recreate them if
you are using SQL. Also changed radwho.cgi to be compatible with
new DBM database format.

Expiration now understands dates of the form dd/mm/yy(yy), since
some SQL databases produce dates in that form.

Improved robustness of SQL connections, and reconnection during
database outages. Prevent crashes when MS-SQL disconnects.

SQL does not use ping anymore, and will therefore work with
DBD-ODBC 0.20 and MS-SQL. Its also faster.

Included Vincent Gillet's AddToReplyIfNotExist.patch to the goodies
directory. This patch adds attributes to a reply _only_ if they dont
already exist. Thanks Vincent.

Testing on Red Hat 5.2. No changes required.

Testing with Interbiller 98, a resonable, inexpensive ISP billing
package. goodies/interbiller.cfg created.

Added FramedGroup for all AuthBy clauses, similar in behaviour to
Framed-Group, but applying to all requests accepted by an AuthBy
clause. Contributed by Garry Shtern ([EMAIL PROTECTED]). Thanks

Testing on Rhapsody. OK, but building MD5 is non-standard. See
the FAQ for details.

Fixed problem where accounting info would be stored twice if the
Handler forked (such as AuthBy IPASS)

Fixed typo in AuthBy IPASS that prevented Acct-Session-Time
being properly sent to IPASS.

Fixed a problem in SessSQL.pm, where if a session proved to be
bogus, SessSQL tried to delete a different session. Reported by
Andrea Campi ([EMAIL PROTECTED]). Thanks Andrea.

Added contribution from Todd A. Green ([EMAIL PROTECTED]): a new
sorter in radwho.cgi that will sort by IP addresses and mixed
Alpha-numeric NAS-Ports (eg for USR/3COM ). Thanks Todd.

AuthBy UNIX now correctly uses the password file and group file
when checking for primary group membership, instead of using
getpwnam etc.

AuthBy PLATYPUS now honours AcctColumnDef. It allows you to
log extra columns from Accounting Stops in the same was as AuthBy
SQL. Suggested by Ricardo Freire ([EMAIL PROTECTED]). Thanks

Testing with DBI Proxy from Unix to NT. OK.

Added AccpetIfMissing paramter to AuthBy FILE and AuthBy
DBFILE. it will automatically accept a user if they are not in the
users file. If they are in the users file, it will accpet them if and only if
their check items pass in the ususal way. Useful for applying
additional checks on a subset of your user population.
Added FramedGroupMaxPortsPerClassC to Client, so you can
compute Framed-IP-Address on a NAS with more than 255 ports.

AuthBy SQL and PLATYPUS now use the DBI quote function to
correctly handle quotes embedded in string data that is inserted with
an AcctColumnDef.

Support Shiva LanRover sim-use detection using finger. Also added
detection of config errors for all uses of finger, and runtime errors with

Fixed a problem with Ascend binary filters: if the 'drop' keyword was
used, it would build an invalid filter.

AcctColumnDef will not insert attributes that are not present in the
request. Previously, it would insert NULL, which upset peoples
ability to define column defaults, and to build indexes.

Added VSAs for ACC to dictionary. Courtesy Ingvar Berg (ERA)
([EMAIL PROTECTED]). Thanks Ingvar.

Added NasType AscendSNMP that will check Ascend with SNMP
instead of finger.

Added nasclear.cgi to goodies directory. Its a CGI script that shows
all the unique NASs in your SQL Session Database, and allows you
to clear all sessions for a NAS. Contributed by Aaron Holtz
([EMAIL PROTECTED]). Thanks Aaron.

Default behaviour when no handler is found changed from IGNORE to

Auth-Type=Reject now correctly propagates properly back through
chains of authenticators. Previously if the chain was more than 1
deep, an immediate reject would be turned back to an ordinary
rejection. Thanks to Aaron Holtz for reporting this one.

Fixed a problem with AuthEXTERNAL that prevented it working
properly on NT. Also made example config file and example external
program for EXTERNAL in goodies, demonstrating the protocol for
passing and receiving attributes.

Added optional format argument to AcctColumnDef, so you can set
up SQL-specific conversions etc.

PostAuthHook is now given a third arg saying what the result of the
authentication is.

Completed support for SHA encrypted password. Contributed by
Justin Daminato ([EMAIL PROTECTED])

Quoted Check and reply items can now have escaped octals in them
Tunnel-Server-Endpoint = "\000191.165.126.240 fr:20"
(thats a NULL as the first octet in the string) Which is useful for
adding tags to the front of Tunnel attributes like the above.

Added AuthBy LDAP2, which uses Net::LDAP from perl-ldap-0.09
or better. The previous version AuthBy LDAP is now deprecated
(since the Net::LDAPapi it uses is now deprected).

Added DecryptPassword parameter to AuthBy EXTERNAL, which
makes it decrypt User-Password before passing it to the external

Testing with Bay Annex Server and tunelling, with the help of
Stephen Ollis. Thanks Stephen.

Now handle Prefix and Suffix check items.

Added now AcctColumnDef type "formatted-date" that uses
Date::Format to build arbitrary date formats. Especially useful for
Oracle's odd date behaviour:
   AcctColumnDef   TIME_STAMP,Timestamp,formatted-date,to_date('%e %m %Y
%H:%M:%S', 'DD MM YYYY HH24:MI:SS')

AcctColumnDef type integer-date now formats dates in the format
'Sep 3, 1995 13:37', ie the full year including the century is now
included. Previously it would do 'Sep 3, 99 13:37' and was not Y2K
compliant. If this breaks your accounting table, consider using the new
formatted-date type described above.

Mike McCauley                                [EMAIL PROTECTED]
Open System Consultants Pty. Ltd             Unix, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia    Consulting and development
Phone, Fax: +61 3 9598-0985                  http://www.open.com.au

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, external, etc etc etc on Unix, Win95, NT, Rhapsody

To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Reply via email to