On Wed, 24 Dec 2003 10:28 am, Mike McCauley wrote: but forgot the history extract:
> We are pleased to announce the release of Radiator version 3.8 > > This version contains some new features and bug fixes, including > support for EAP-PEAP Generic Token Card, RSA Mobile, > and AuthBy OTP customisable One-Time-Password system > > As usual, the new version is available free of charge to current > licensees from > http://www.open.com.au/radiator/downloads/ > > and to current evaluators from > http://www.open.com.au/radiator/demo-downloads > > An extract from the history file is attached Revision 3.8 (2003-12-24 New features and bug fixes) Added beta support for EAP Generic Token Card EAP-PEAP Generic Token Card and conventional Radius Access-Accept/Access-Challenge using AuthBy RSAMOBILE and the RSA Mobile authentication system from RSA Security (www.rsasecurity.com) RSA Mobile supports a number of authentication methods, including - username and password - an access code sent by SMS to your mobile phone - RSA SecureID Token Cards and all of these can be configured with AuthBy RSAMOBILE Fixed a problem with SIGHUP on FreeBSD with the Monitor clause, could cause 'Could not bind Monitor socket: Address already in use'. Fixed incorrect references in the documentation to /usr/local/etc/radius.cfg. Changes to Server TACACSPLUS, because some TACACS+ client do not like success packets containing a server message. No server message is ever sent now. Added Redback Acct-Reason VSA to dictionary. Contributed by Kurt Jaeger. Further improvements to Server TACACSPLUS, contributed by Paul Schultz, and confirmed operation with various Cisco and Juniper clients. Added support for CommandAuth, a mechanism for permitting or denying permission fo specific commands requested on the Tacacs client. Added cisco-Policy-Up and cisco-Policy-Down VSAs to dictionary. Added EAPTLS_PEAPVersion parameter to all AuthBy clauses, which allows you to control whoch version of the draft PEAP specification to honour. Defaults to 1. Set it to 0 for unusual clients, such as Funk Odyssey Client 2.22 or later. Fixed a problem with PEAP that could prevent the use of Framed-IP-Address in user records, resulting in an error like: Mon Oct 20 15:57:25 2003: ERR: Could not handle an EAP request: Can't call method "attrByNum" on an undefined value at Radius/Radius.pm line 1440. Fixed problems with Server TACACSPLUS, where some cases of incorrect message packaging were found and fixed by Paul Schultz. Also some special characters like %w and %C did not work correctly with requests originating from Server TACACSPLUS. Reported by Garry Thomas. Added a number of Unisphere VSAs to dictionary. Contributed by Chris Patterson. Fixed a problem with AuthBy RADIUS in Synchronous mode, where if all hosts failed to get a reply, Radiator would stop answering requests until the FailureBackoffTime expired. Fixed problem with incorrect replies to Tacacs accounting requests. Reported by Garry Thomas. Fix for broken Breezenet/Breezecom/Alvarion VSA's. These NASs send Ethernet port data in VSAs (up to 11 per accounting request) but unfortunately dont use the same attribute numbers each time. Instead, the attribute number increments each time, then wraps at 256. Radiator automatically maps the fist one in a packet to Breezecom-Attr1, the second to Breezecom-Attr2 etc through to Breezecom-Attr11. Added Packeteer-AVPair to dictionary. $p->{EAPIdentity} is automatically set to the EAP identity (if known) during EAP processing. Added a number of Altiga attributes to dictionary. Contributed by Karl.Gaissmaier. Added missing documentation for SnmpwalkProg to reference manual. EAP LEAP now honours RewriteUsername to rewrite the LEAP identity before authentication. Added NasType CiscoSessionMIB, which uses the new sessionMIB available in Cisco IOS 12.2.15T. See http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121t/121t3/dt_asmib.htm for more details. EAP TLS authentication did not take notice of the common name in the certificate when checking the users file. Every users certificate Common Name is now required to be in the users file. Some types of errors in initialising the TLS library would only affect the first EAP request. Subsequent ones could succeed where they should not. Added Copper Mountain Networks Vendor Specific Attributes to dictionary Fixed a problem where runt EAP-Message attributes could cause ERR messages like "Could not load EAP module Radius::EAP_;" New argument -rawfileseq added to radpwtst. Contributed by Martin Noha. Added generic, configurable one-time-password module AuthBy OTP that can be used with EAP-OTP, EAP-GTC and standard dialup. Hooks allow you to generate random passwords and deliver them through a back channel such as SMS by calling an external program. Fixed a bug in AuthBy SQLRADIUS where falling back to the secondary would not occur under some circumstances. Added new parameter SQLRecoveryFile so that any SQL clause (such as AuthBy SQL etc can log failed SQL do queries to a file for later recovery. Performance improvements to AuthBy SQL accounting. Suggested by Kenneth Cheung. Fixed some problems with session resumption on Windows XP EAP-TLS and openssl that could cause a crash. Added support for RFC 3576 Error-Cause attribute to dictionary. Also added all recognition for all Radius packet types per RFC 3576. Added Acct-Tunnel-Packets-Lost per RFC 2867 to dictionary. AuthLog is now passed the reason (if there is one) even with accepts. Suggested by Robert Kiessling. Improvements to PEAP, TTLS and TLS error handling. The SLL context is now cleared on EAP failures. Added goodies/multiprofile.txt, which contains a contribution from Matthias Wamser, showing how to provide different sets of reply items for different types of Dialup, DSL services etc. Fixed to Server TACACSPLUS so that special characters that depend on the OriginalUserName like %u will work. Added Propel VSAs to dictionary, contributed by Craig Gittens. In SessionDatabase SQL, username is now always quoted when it is available as %0. Added support for DEC VMS style hashed passwords, in the format {dechpwd}algorithm|salt|hashedpassword eg: {dechpwd}3|1234|85ad61e72a41dec4 Requires Authen-DecHpwd from CPAN. Fixed one case of use of LOG_WARN instead of LOG_WARNING in Server TACACSPLUS. Reported by Robert Kiessling. Fixed problem where <Handler User-Password=xxx> would cause a crash. -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP etc on Unix, Windows, MacOS etc. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
