We are pleased to announce the release of Radiator version 2.18.1
Version provides a number of bug fixes and some new features.
As usual, the new version is available free of charge to current
licensees from
http://www.open.com.au/radiator/downloads/Radiator-2.18.1.tgz
and to current evaluators from
http://www.open.com.au/radiator/demo-downloads/Radiator-Demo-2.18.1.tgz
An extract from the history file is attached
--------------------------
Revision 2.18.1 (26/4/01) Bug fixes, some new features
In AuthBy PORTLIMITCHECK, the type of the SessionLimit parameter was
incorrectly set to integer instead of string, preventing special
formatting characters being used. Reported by Valentin Tumarkin
([EMAIL PROTECTED]).
Added AcctFailedLogFileName and AcctLogFileFormat parameters to AuthBy
RADIUS and subclasses, which work in the same way as for AuthBy SQL.
Testing with Hawk-i ISP Billing and customer management
system. Required slight changes to AuthSQL.pm, because MS-SQL and ODBC
can return strings of NULs for nullable nvarchar columns. Empty
strings and all-NULL strings are now ignored by AuthColumnDef. Sample
config file in hawki.cfg.
Fixed typos in ServerConfig .pm and Nas.pm that broke Livingston SNMP
sim-use checking.
Added IgnoreAccountingResponse and OutPort parameters to AuthBy
RADIUS. Contributed by "Arjan Waardenburg"
([EMAIL PROTECTED]). Thanks Arjan. OutPort allows you to
control the origin port number for forwarding packets, which can be
helpful for implementing strict firewall rules.
Fixed a problem with Handlers where a MaxSessions denial would still
permit AuthBys to run and perhaps 2 replies to be returned. Reported
by Frederic Gargula ([EMAIL PROTECTED]).
Added PostSearchHook to AuthBy LDAP, LDAP2 and LDAPSDK, which allows
you to do things with the LDAP search results after the AuthBy has
finished with them.
Fixed a problem with logging that would cause the default file logger
to stop working after a SIGHUP.
Fixed a problem where a Synchronous AuthBy RADIUS that was chained
after another AuthBy RADIUS would not actually wait for the reply.
Added CacheReplyHook which runs when a cached reply is about to be
sent back to the NAS. Useful for removing previously allocated IP
addresses from the cached reply.
Fixed a problem with Session-Timeout 'until Time' where you could get
a negative Session-Timeout in the one minute following the end of a
permitted time interval.
Fixed some problems that prevented Log SYSLOG actually doing any
logging.
Altered AuthBy NT so that on windows it checks passwords without
changing them. It now uses Win32::AuthenticateUser and also has much
better performance. Built and tested with the kind assistance of Kent,
Ashley ([EMAIL PROTECTED]). Thanks Ash.
Added support for Redback 64 bit integers with new dictionary data
type of integer8. Used for RB-Acct-Input-Octets-64,
RB-Acct-Output-Octets-64, RB-Acct-Input-Packets-64 and
RB-Acct-Output-Packets-64 in dictionary.redback. Such values are
decoded in hex format only, with a leading 0x. Values can be encoded
as hex (with leading 0x) or decimal.
Added support for new AuthBy parameter AllowInReply, which lists the
attributes that are permitted in the reply. Useful for applying strict
limits to attributes in replies from proxy servers.
Finished code and documentation for NasType of Hiper for Hiper Arcs,
using algorithms contributed by [EMAIL PROTECTED]
Fixed a typo in goodies/emerald.cfg
Added new parameters to AuthBy EMERALD to optionally enable Emerald
Servers, Server Port Access, DNIS Groups Roam Servers and Roam
Domains. Works with Emerald 2.5 and RadiusNT 2.5 and 3. New version of
goodies/emerald.cfg shows how to use them.
All findUser functions now get the reply packet passed which means
that you can use the %{Reply:xxx} macros in more places than before.
Extensive patches to SNMPAgent contributed by Charly Gaissmaier add
ROCommunity, RWCommunity and Managers parameters for more selective
access control. Thanks Charly!
Testing SNMP Agent with SNMP_Session-0.83. OK. Functions
receive_request and decode_request that have been subsumed into
SNMP_Session have now been removed which means SNMP Agent now requires
at least SNMP_Session-0.68.
Added AuthBy OPIE for one-time password authentication via OPIE (one
time passwords in everything) from Craig Metz, www.inner.net/opie
Fixed a problem in AuthBy ADSI where new AD users with a default logon
times setup would not be able to login and get the message Outside
allowed login hours.
Removed a forgotten print statement from AddressAllocator SQL that
would cause a message like "deallocate 203.10.203.193" for each
deallocation.
Fixed a typo in Log SQL that caused an SQL syntax error.
Added the reason string as the fourth argument to
PostAuthHook. Contributed by Robert Kiessling
([EMAIL PROTECTED]). Thanks Robert.
Added PostProcessingHook to Handler, contributed by Robert Kiessling
([EMAIL PROTECTED]). Thanks Robert.
Added a number of experimental attributes from RFC 2869 to dictionary.
Implemented timeout around the search in AuthBy LDAP2 to work around
broken LDAP servers that just hang in the search.
More testing with Active Directory. Updates to AuthBy ADSI so it will
work under a wider variety of conditions, allowing distinct control
over how to authenticate and where to get account details from, also
added more docs and examples on using with Windows 2000 AD
server. Also new example goodies/ad-ldap.cfg shows how to access AD
via LDAP from Unix or Windows.
Fixed a problem where AccountingHandled had no effect if the result
was a REJECT.
Found a problem with SNMPAgent where a BindAddress had no
effect. There is a bug in SNMP_Session 0.83 that prevents the fix
being deployed.
Added new check item MS-Login-Hours, which is exactly compatible with
the LoginHours user attribute in Microsoft Active Directory, and can
therefore be used when accessing Active Directory via LDAP.
New special character %r for literal newlines.
Fixed a problem with RejectEmptyPassword where a CHAP login could
incorrectly trigger rejection. Reported by "Andy De Petter"
([EMAIL PROTECTED]).
Reinstated NoForwardAuthentication and NoForwardAccounting to AuthBy
RADIUS, as the old behaviour was not exactly equivalent to
IgnoreAuthentication and IgnoreAccounting.
Minor improvements to error reporting in AuthBy NT.
--
Mike McCauley [EMAIL PROTECTED]
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
Phone +61 3 9598-0985 Fax +61 3 9598-0955
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc
on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
