We are pleased to announce the release of Radiator 2.15. 2.15 adds mostly new features, and includes a few fixes. Extract from the history file is below. Existing customers and current testers can download the new version from http://www.open.com.au/radiator/downloads/Radiator-2.15.tgz ----------------------------- Revision 2.15 (15/2/00) Many new features and some fixes. Added new check item Request-Type. This is mostly useful in Handlers, to allow you to trigger on different types of requests. Fixed a problem with handling escaped octal characters in attribute strings. Contributed by Mike Biesele ([EMAIL PROTECTED]). Thanks Mike. DynamicCheck and DynamicReply were always doing special character replacements of in all check and reply items, instead of just the ones named. DynamicReply was incorrectly doing special character replacements from the reply packet instead of the incoming packet. The special character %a has been modifed to be replaced with Framed-IP-Address from the reply packet instead of the incoming packet. AuthBy clauses did not honour the "include" keyword. Added some more USR attributes to dictionary.usr Fixed a problem with Tunnel-Password on Intel where it would sometimes produce a non-compliant encrypted password. SQL timeouts while doing a select or an insert did not trigger the backoff period. Added Synchronous flag to AuthBy RADIUS, which will cause the AuthBy RADIUS to block until a reply is received from the remote radius server (or it times out). Rolled the AddToReplyIfNotExist.patch into the base code. This code was contributed by Vincent Gillet , and implements the AddToReplyIfNotExist parameter, which will append an attribute to a reply if and only if it the attribute is not already present. The include keyword for including other files inline is now case insensitive. Radius standards rfc2138.txt and rfc2139.txt are now included in the doc directory. Added some additional username info to some WARNING and INFO level messages, as suggested by Wim Biemolt ([EMAIL PROTECTED]). Incorporated significant performance improvements to AuthBy UNIX, contributed by Jamie Hill ([EMAIL PROTECTED]). Thanks Jamie! If you explicitly undefine AuthPort or AcctPort, Radiator will not bind a socket. Same effect if you specify -auth_port "" or -acct_port "" on the command line. Fixed a problem with compatibility with proxying to Merit server with passwords of exactly 16 octets. Merit incorrectly assumes that passwords are always NUL terminated. Fixed typos with MSN style RewriteUsername regexps, that incorrectly assumed the seprator was a forward slash (/) not a backslash (\). Affected documentation and example radius.cfg Added new parameter HoldServerConnection to AuthBy LDAP, so LDAP servers that support it can be used to do as many authentications as possible from the same LDAP connection. Added details about how to use Radiator with AFS Kerberos to goodies directory. Contributed by Roland Hofmann ([EMAIL PROTECTED]). Thanks Roland. Fixed a problem with radacct.cgi where an Acct-Session-Id that contained a dot character was not recognised Added to the goodies an alternative version of radacct.cgi that supports some sorting of users by time, logins, total octets in or out. Contributed by Andrew Aken. Thanks Andrew. AuthBy RADIUS now returns IGNORE if a request is not forwarded due to NoForwardAuthentication or NoForwardAccounting. This is thought to be more correct, but existing users of multiple AuthBy RADIUS with NoForward* may need to use AuthByPolicy ContinueWhileIgnore. AuthBy LDAP, LDAP2 and LDAPSDK now supports AuthAttrDef, which allows you to easily define check and reply items in your LDAP database, similar to the way its done with SQL. Based on code contributed by Steven E Ames. Thanks Steven. AuthBy RADIUS now passes some additional arguments to ReplyHook: ${$_[0]} The reply received from the remote server ${$_[1]} The reply packet to be sent back to the original requester ${$_[2]} The original request ${$_[3]} The request sent to the remote server Added support for old style Ascend password encryption algorithms, new parameter UseOldAscendPasswords for both Client and AuthBy RADIUS. Also added -useoldascendpasswords flag to radpwtst. Added Microsoft vendor-sepcific attributes to dictionary. Contributed by [EMAIL PROTECTED] (Scott Adkins). Thanks Scott. Suffix and Prefix incorrectly took notice of regexp special characters (such as +, ., * etc) in them. Changed so that Prefix and Suffix only ever do exact literal matches. AuthBy NT did not hounour AddToReply or DefaultReply on Unix. Testing with Apache and Apache::AuthenRadius. Item added to the FAQ. Workaround for a bug with FreeTDS where a datetime set like '12-31-1999 12:01:01.000' comes back as '2000-01-00 12:01:01'. Added radiatorctl sinmple Radiator management script to goodies. Contributed by Ragnar Kurm ([EMAIL PROTECTED]). Implements start, stop restart, reload, inc, dec operations. Thanks Ragnar. SessDBM has more sensible mode for new files. Suggested by Ragnar Kurm ([EMAIL PROTECTED]). Thanks Ragnar. DefaultRealm processing was moved to after PreHandlerHook to allow easier manipulation of user names.Suggested by Ragnar Kurm ([EMAIL PROTECTED]). Thanks Ragnar. Added GRIC roaming attributes, including Timestamp to a number of dictionaries that did not have them. AuthBy EMERALD was not taking into account the masteraccounts.overdue column. Reported by Ray Carpenter ([EMAIL PROTECTED]). Thanks Ray. Session-Timeout reply attribute now supports a new syntax. If you have for example: Session-Timeout="until 1800" Then the Session-Timeout in the reply will be calculated as the number of seconds up until the time of day specified AddToReply and DefaultReply did not honour special processing for Session-Timeout="until 1234", Tunnel-Password, Ascend-Send-Secret or Framed-Group. Encrypted-Password can now be in a variety of encrypted password formats: SHA, MD5 and standard Unix crypt. Suggested by Ragnar Kurm ([EMAIL PROTECTED]). Thanks Ragnar. Added ExcludeRegexFromPasswordLog to Handlers. Suggested by Ragnar Kurm ([EMAIL PROTECTED]). Thanks Ragnar. NasType TigrisOld has new improved performance code contributed by Ragnar Kurm ([EMAIL PROTECTED]). Thanks Ragnar. Added ServerHasBrokenPortNumbers parameter to handle broken 3rd party radius servers that reply from a different port number than the one the request was sent to. Required for proxying to GRIC on NT. Added -v flag to radiusd to print version number. Also version is printed on startup INFO line. Improvements to restartWrapper to show more information about why the child died. Fixed a problem with AuthBy LDAP2, where recent versions of Net::LDAP do not support ldap_error_message. Added StartupHook which is called during startup and restarts Fixed a problem with broken VSAs which casued an entire packet to be ignored. Reported by Steve Suehring ([EMAIL PROTECTED]). %M, %H, %S macros always produce 2 digits. Reqested by Daniel Senie ([EMAIL PROTECTED]) Fixed a problem with %y and %e that produced only one digit in 2000. Reported by Thomas Voss ([EMAIL PROTECTED]). Thanks Robert. AuthBy NT now optionally honours the User Manager Dialin Permission flag. Only available on NT, and requires Win32-RasAdmin package to be installed. Fixed a problem with some check attributes. When used to check attributesin a clause, could get a crash with a message like: Can't call method "log" on unblessed reference at Radius/AuthGeneric.pm line 644. Added support to Auth By NT for Lockout and Account Expiry flags (supported when Radiator tuns on NT). Contributed by [EMAIL PROTECTED] Thank you! Fixed a problem with FramedGroupBaseAddress and RewriteUserName not being properly assigned by ClientList SQL. Fix contributed by [EMAIL PROTECTED] Improved documentation about hooks and when they are called. Suggested by Richi Plana ([EMAIL PROTECTED]) Added dictionary.usr.merit to the distribution. This is a copy of http://totalservice.usr.com/ISP/rad/dictnary.dat, and can be used as a source for missing VSA's or it can be used directly as the Radiator dictionary. Further fixes to zombie child reaping, so that we should not miss zombies, even if there is a sigchld collision Added StatusServerShowClientDetails to Client to optionally enable full Cleint statistics in the Status-Server reply. This changes the default behaviour, which used to be to always send the statistics for all Clients. The default is now to not send details for any Clients. Added new Nas-Type Portmaster4 which is suitable for use by Portmaster 4's running ComOS 4.1 or later. Uses pmwho. Fixed a problem with using AcctColumnDef with AuthBy PLATYPUS that would cause an SQL syntax error. Reported by Simon Woodward ([EMAIL PROTECTED]). Thanks Simon. Workarounds added to radwho.cgi and radacct.cgi. When used with FreeTDS, messages that FreeTDS prints to stderr would confuse Apache and other web servers. Stderr is redirected to /dev/null on unix during database setup when its FreeTDS. Connect-Rate now supports attributes called USR-Connect-Speed if there is no Connect-Info in the incoming packet. Fixed a typo with incorrect definition of Connect-Info attribute in Radius.pm Added globalvarname=value command line arguments and DefineGlobalVar to the config file. Can now use special formatting like: %{GlobalVar:globalvarname}. Suggested by Christophe Wolfhugel ([EMAIL PROTECTED]). Thanks Christophe. Added "Time On" column to radwho.cgi, with formatted time interval since they logged in. Added Debug parameter to AuthBy LDAP2, to assist debugging the Net::LDAP module. The global BindAddress and AuthBy RADIUS BindAddress parameters now permit special formatting macros. All the AuthBy LDAP modules now support special formatting characters in the Host parameter. All classes now have an optional Identifier parameter All classes now honour the "include" keyword. Added NoDefault parameter to AuthBy. When set, it stop Radiator from ever looking for a DEFAULT user entry. Radiator failed to complain if an integer reply item specified a value name that was not in the dictionary. Historical my_crypt was removed from radiusd. It was required for compatibility with the Gursamy Sarathy port of perl on Win 95. New module Util.pm added for general purpose utility routines. main::format_special and a number of other functions were moved there. Added ServerChecksPassword to AuthBy LDAP2, so that servers that implement proprietary encryption algorithms in their passwords (notably Open Directory from Platinum) can be used. Testing with Open Directory. Added opendirectory.cfg to goodies. -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
