We are pleased to announce the release of Radiator version 2.18. 2.18 contains some major new features like load balancing modules and DHCP address allocation, many minor new features, and a few bug fixes. Full details of changes are excerpted from the history file below. As usual, existing customers may download the new version from http://www.open.com.au/radiator/downloads/Radiator-2.18.tgz. Current testers may download the new version from http://www.open.com.au/radiator/demo-downloads/Radiator-Demo-2.18.tgz Revision 2.18 (9/3/01) Added a full suite of Radius load balancing modules that allow you to distribute your Radius load over multiple servers. Round Robin, Volume balancing and Load balancing are supported, along with variable backoffs when remote servers fail to answer. Added DHCP address allocation via new module AddressAllocatorDHCP.pm. Added support for Nortel/Aptis CVX 4-byte attributes (the ones between 0x84000000 and 0x85ffffff. These are non-standard undocumented VSAs of a special format only used by Nortel. Also added new dictionary data type 'boolean' as some CVX attributes require only single byte values. Thanks to assistance of Lisa Goulet ([EMAIL PROTECTED]) Dave Salaman ([EMAIL PROTECTED]) and others. Added LogFormat to Log FILE, allowing customised log file format. Suggested by Paul Oshea ([EMAIL PROTECTED]). Added LogMicroseconds to Log FILE, which makes it log microseconds (requires the Perl Time::Hires module from CPAN or ActiveState). Fixed a problem with Time check item spanning midnight when used with Session-Timeout="until Time". Reported by Deepak Shrestha ([EMAIL PROTECTED]). Added called and calling station IDs to radpwtst (and the GUI). Contributed by Bruno Tiago Rodrigues ([EMAIL PROTECTED]). Thanks Bruno. Added attributes for Unisphere and Nortel (Aptis) CVX VSA to dictionary. Contributed by Ralf Weber ([EMAIL PROTECTED]). Added support for NasType of Cyclades. Contributed by Dave Close ([EMAIL PROTECTED]). Thanks Dave. Modifications to AddressAllocatorSQL so that address allocation is more robust when multiple servers allocate from the same table. Fixes to AuthBy RADIUS so it uses the new AuthLog features to log details of proxied requests. Identified by Carlos Canau (canau@[EMAIL PROTECTED]) and Dave Lloyd ([EMAIL PROTECTED]). Thanks. Added a number of new Livingston attributes to dictionary. Contributed by Keith Olmstead ([EMAIL PROTECTED]). Thanks Keith. Added ServerHasBrokenAddresses parameter to AuthBy RADIUS. Added Nortel CVX 1800 VSAs to dictionary. Added the retransmission address to the "No reply after..." message in AuthBy RADIUS. Contributed by Kaj J. Niemi ([EMAIL PROTECTED]). Thanks Kaj. Fixed a typo in AuthBy LDAPSDK that caused a crash. Reported by "Russell Wilton" ([EMAIL PROTECTED]). Thanks Russell. Fixed a problem with initialisation that caused -db_dir command line argument (and others) to be handled inconsistently. Acct-Link-Count changed from string to integer in some dictionaries to be consistent with others and the correct value. Reported by Steinar Haug, Nethelp consulting ([EMAIL PROTECTED]). Thanks Stienar Added attributes for Altiga to dictionary Added IgnoreReplySignature parameter to AuthBy RADIUS to permit operation with remote servers that implement incorrect signature algorithms. Fixed some problems with the standard internal session database that could cause incorrect simultaneous use limits when there are lost stop records. Found and fixed with the welcome assistance of Dave Close ([EMAIL PROTECTED]) Added Ravlin RedCreek VSA attributes to dictionary. Added IgnoreErrors parameter to AuthBy PORTLIMITCHECK at the suggestion of Steve Roderick ([EMAIL PROTECTED]). In SessionDatabase SQL, can now set AddQuery, DeleteQuery ClearNasQuery, CountQuery to be empty strings to prevent the query being executed. Implemented with the assistance of Paul Oshea ([EMAIL PROTECTED]). Added FindQuery, AllocateQuery, CheckPoolQuery, AddAddressQuery, DeallocateQuery, ReclaimQuery to AddressAllocator SQL to permit customisation of the SQL queries that module uses. Added new special character %s, replaced by microseconds in the current second (requires the Perl Time::Hires module from CPAN or ActiveState). Changed AuthSelect in SQL so that %0 is now replaced by the quoted escaped user name. Some time in the future, the special handling that makes %n temporarily quoted and escaped will be removed. We recommend converting any custom AuthSelect you may have, and replacing '%n' (including the quotes) with %0 (no quotes). Added platradacct.cgi to goodies, a version of radacct.cgi that works with Platypus Calls table. Contributed by "Leigh Spiegel" ([EMAIL PROTECTED]). Thanks Leigh. Added VSAs for Foundry and Unisphere to dictionary. If RejectHasReason is set, only one Reply-Message is set in the reply. Previously, 2 would be set. Suggested by Pavel A Crasotin ([EMAIL PROTECTED]). Added index on POOL to all RADPOOL creation scripts in goodies to improve address allocate performance. Made AuthSelect and AcctSQLStatement configurable for AuthBy RODOPI. Permitted bind variables to be passed to SQL prepareAndExecute and do functions. This might be useful for custom SQL code that requires high performance. Rationalised sub keyword in all modules, so that permitted keywords are looked up in a table. Saves lots of if/else code and will permit stronger type checking in future. Fixed a problem with AuthBy RADIUS that prevented retransmission when ServerHasBrokenPortNumbers is set. Added IgnoreAuthentication and IgnoreAccounting to all AuthBy clauses. In the case of AuthBy RADIUS, they are now equivalent to the older (and deprecated) NoForwardAuthentication and NoForwardAccounting. Removed snmp_port from command line arguments in radiusd, because it breaks encapsulation. Improved ServerConfig intialisation and removed lots of excessive code. Moved reply caching from AuthBy RADIUS to AuthGeneric for future use with other authenticators. Rationalised AuthRADIUS.pm to allow definition of Host objects and easier subclassing. Added lots more Nortel CVX VSAs Added special case for SQL Timeout of 0 so it will never issue alarms at all. This is mostly a workaround for Sybase ODBC libraries that muck around with SIGALRM. Added Cisco VENDORATTR Control-Info to dictionary, contributed by Gareth Coco ([EMAIL PROTECTED]). Added Timeout and FailureBackoffTime parameters to AuthBy LDAP and LDAP2 so that failed LDAP servers timeout quickly. Timeout defaults to 10 seconds, instead of the standard 120 seconds coded into perl_ldap. Improved docs to make clear that SHA passwords also require Mime::Base64 Improved evaluation version so the reason for a radiusd die will be obvious. builddbm now detects attributes not connected to a user. Reported by Jamie Orzechowski ([EMAIL PROTECTED]). Performance improvements to the main loop and packet packing and unpacking. Added UseGetspnamf option to AuthBy SYSTEM, which will honour the password expiration date, if there is one. UseGetspnam is now deprecated. Added synonyms for a number of attributes to the dictionary for the convenience of users with old standard users files, such as is generated by Optigold by default. Testing with Optigold ISP 2.6.7. OK. Added details to FAQ about interfacing, also created sample goodies/optigold.cfg. Fixed AuthBy RADIUS Synchronous so it will work on Windows in the event of a Timeout. AuthBy PAM now honours password and account expiration, and verifies access hour restrictions. Suggestion and code contributed by Richard Lennerts ([EMAIL PROTECTED]). Testing with Digest-MD4 from ActiveState for Windows ActivePerl build 623. OK: MSCHAP passwords work fine. Trace level 5 now does a byte dump of outgoing as well as incoming packets. Removed instructions to install MD5 for ActiveState: its installed automatically on all recent 6xx releases. Also altered Unix installation instructions to use Digest-MD5 instead. Fixed a typo with LAS-Code attributes in dictionary.cisco At the suggestion and with the assistance of Michael Audet , AuthBy ADSI now does a direct authentication of the user. Administrators username and passwrod are no longer required, performance is improved, and there is no need to to disable password checking in AD. Also added support for Group membership checking. AuthBy PORTLIMITCHECK now permits special formatting characters in the SessionLimit parameter. Contributed by Valentin Tumarkin ([EMAIL PROTECTED]). Thanks Valentin! In AuthBy LDAP*, and AuthBy SQL, added support for AuthAttrDef/AuthColumnDef type of 'request' which adds the attribute to the current request from where it can be accessed in later checks with %{attributename}. Contributed by Valentin Tumarkin ([EMAIL PROTECTED]). Thanks Valentin! Valentin says "Very usefull for chaining LDAPSDK lookups (first lookup user, push group attribute into the request, then lookup the group. Works wonders when combined with 'Auth-Type')." Added special character %z which is replaced with the User-Name in the current packet, hashed with MD5. Contributed by Nick Donaldson ([EMAIL PROTECTED]). Thanks Nick. -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
