We are pleased to announce Radiator version 2.16.2 This release addresses some minor fixes and a few new parameters. As usual, existing customers can download the new version from http://www.open.com.au/radiator/downloads/Radiator-2.16.2.tgz An extract from the history file is attached: Revision 2.16.2 (21/8/00) Minor fixes Added support for encryption type MD5, which is MD5 and Mime, eg: Password = {MD5}qP0OV/oViFka8YbFMWEWeg== Contributed by Robin Gruyters ([EMAIL PROTECTED]). Thanks Robin. radconfig.cgi incorrectly only allowed one Accounting log file name entry in a handler. Testing with MacPerl on PPC iBook with MacOS 9. The default config file under MacPerl is now 'MacintoshHD:Applications:Radiator:etc:radius.cfg'. Fixed minor problems with date parsing on MacPerl. On Mac, times are based on 1904, not 1970. Created a clickable MacPerl droplet for radiusd containing command line arguments: MacRadiusd. You can edit this with MacPerl and set up your own command line args. Useful for running with a config file in a non-standard place. As delivered, it uses the radius.cfg in the current folder. Changes to configuration file processing in 2.16.1 meant that values for SnmpgetProg, FingerProg and some similar parameters were being overridden. Added new check item Client-Identifier that matches the Identifier parameter in the Client clause that received the request. Fixed an error in the documentation concerning the use of GENERIC in LDAP AuthAttrDef parameters. Added support for new SNMP Radius Authentication and Accounting server MIBs as specified by RFC 2619 and RFC 2621. The old draft MIB is still supported. Fixed a problem with AuthAttrDef not working properly in AuthBy LDAP and LDAP2. Fixed a problem with AuthBy TEST that prevented it from honouring the Identifier parameter. Reported by Matt Nichols ([EMAIL PROTECTED]). Thanks Matt. Added new parameter CaseInsensitivePasswords to all AuthBy clauses that support plaintext password checking. This involved some rationalisation of the password checking code in Radius.pm too, with resulting performance improvements. Dictionary now permits data type of 'text' in line with RFC 2865, and is treated the same as 'string'. Duplicate checking now takes the client port into account, as required by RFC 2865. Tested the config file "include" directive with external scripts, at the suggestion of Simon Hackett ([EMAIL PROTECTED]). For example: include %D/myScript.pl| this allows you to generate some or all of your Radiator configuration programatically. Added SearchFilter to AuthBy LDAP*, allowing you to fully control the search filter used to find users. This will allow you to select or reject users based on arbitrarily complicated LDAP search filters. Added RejectEmptyPassword to AuthBy to handle some broken remote Radius servers that foolishly always accept logins with empty passwords (eg VMS)! Suggested by Simon Hackett ([EMAIL PROTECTED]) Added UsernameMatchesWithoutRealm to AuthBy to permit matching on the bare user name without rewriting the username and therefore affecting accounting too. Suggested by Simon Hackett ([EMAIL PROTECTED]) Added missing -h flag to radpwtst Improved handling of MD5 passwords so that it supports both hex digests and base64 encodes. This also makes it compatible with Infranet billing passwords. Contributed by Johnathan Ingram ([EMAIL PROTECTED]). Thanks Johnathan. Added some fixes to AuthLDAP.pm to prevent Radiator running out of file handles in some circumstances. Rationalised check_plaintext_password and check_encrypted_password into a single function check_password in AuthGeneric to save lots of duplicate code. Modifications to AuthBy RADIUS so that it will create a separate socket for each distinct LocalAddress. This will make sure the right LocalAddress is used for each proxied request, even if there are multiple LocalAddresses in use. From a report by Ivan Brawley ([EMAIL PROTECTED]). Thanks Ivan. Fixed a problem with timeouts in Select.pm. The timeout list was not always sorted properly, which would sometimes cause timeouts to go off too late. This was especially significant if very long timeouts were used (as in AddressAllocatorSQL and others). Added special characters %q, %Q, %v, %V for days of weeks and months of the year. Added new strftime compatible date formatter Added DateFormat attribute to all SQL derived objects to control how to format dates for insertion. Can use any of of the special characters supported by strftime Added new Description parameter to all objects, mainly for use by radconfig.cgi. Suggested by Matt Nichols ([EMAIL PROTECTED]). Thanks Matt. Fixed a problem with Proxy-State. Only the first one would be included in the reply. Now all are included, and kept in the same order as in the incoming request. Reported by Thorsten Wystrychowski. Thanks Thorsten. Improved error reporting when an SQL connection fails. Testing with Informix. Created goodies/informixCreate.sql and added documentation. ClientListSQL now permits the FramedGroupBaseAddress column to contain multiple comma-separated addresses. Incorporated a patch to goodies/hooks.txt to allow getProfiles to have profiles that span multiple lines. Contributes by Christian Hammers ([EMAIL PROTECTED]). Thanks Christian. Added LimitQuery to AuthBy PORTLIMITCHECK, so that the session limit can also be got from the database, instead of being fixed. This allows you to easily get port limits from, say, a customers table in your SQL database. Special formatting now supports %{Client:parmname} which is replaced by the parmname parameter from the Client clause that accepted the current packet. Special formatting now supports %{Handler:parmname} which is replaced by the parmname parameter from the Handler clause that is handling the current packet. Fixed a problem with AuthBy RADIUS that resulted in a Tunnel-Password received from the remote radius or added with AddToReply would not be be encrypted properly. Found and fixed by Christophe Wolfhugel ([EMAIL PROTECTED]). Thanks Christophe. Fixed a problem with ClientListSQL, where an empty string in the NoIgnoreDuplicates column would cause a crash. AuthBy RADIUS now permits multiple comma host names in the Host parameter. Fixed some typos in the RADPOOL table creation in some goodies/*.sql scripts. The unique index creation was wrong. Altered evaluation expiry mechanism. radpwtst now takes notice of the Class in any access replies, and uses it in subsequent accounting requests. -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
