We are pleased to announce the release of Radiator version 4.11 This version contains some new features and minor bug fixes.
As usual, the new version is available to current licensees from: http://www.open.com.au/radiator/downloads/ and to current evaluators from: http://www.open.com.au/radiator/demo-downloads Licensees with expired access contracts can renew at: http://www.open.com.au/renewal.php An extract from the history file http://www.open.com.au/radiator/history.html is below: ----------------------------- Revision 4.11 (2012-12-14) Typo prevented MS-CHAP-Challenge being correctly added to when EAP_LEAP_MSCHAP_Convert is enabled. Changes to continued line parsing in 4.10 broke the ability to spread a the first line of a clause over multiple lines with the backslash line continuation operator. Fixed. AuthBy ACE now supports EnableFastPINChange with EAP-GTC, contributed by Richard Fairhall. Fixed a problem that prevented correct operation of ServerDIAMETER listening when FarmSize was in use: some children could block waiting for an accept. Listen socket is now non-blocking. Reported by Rani Assaf. Fixed a problem that prevented AuthBy RADSEC correctly detection downstream server failure under some circumstances with UseStatusServerForFailureDetect. Reported by Paul Dekkers. Added support for authentication via 3M Standard Interchange Protocol 2 as used in 3Ms Automated Circulation Systems (ACS) for book libraries. AuthBy SIP2 supports TCP-IP connection to 3M ACS systems, and authenticates against library patron name and password. SNMPAgent now supports some more items from MIB2: sysDescr (which returns the Radiator name and version) and sysObjectID (which returns the Radiator OID 1.3.6.1.4.1.9048.1.1). Also added sample goodies/snmp.cfg with some documentation about how to configure and test SNMPAgent. radiusd has a new function main::addChildInitFn() which can be used by modules to register a function that is to be called in each child after it is forked by FarmSize. This can be used by module authors to defer or redo some intialisation in the child. Improvements to error detection in Stream handle_socket_read to detect the possibility of EWOULDBLOCK/EAGAIN, reported by Rani Assaf. Added HP-VC-Groups to dictionary. Further improvements to multiline config file parsing, suggested by Michael. Updated comments in HOTP and TOTP examples to clarify the contents of the 'secret' field. Also fixed a problem in AuthBy SQLTOTP, which could cause an SQL error if the first ever log-in attempt involves typing an incorrect PIN. Reported by Roy Badami. Improvements to PEAP support for Windows failing to work when PEAP fast reconnect was enabled. EAP Extension TLV/Success is now exchanged over TLS tunnel between the server and client before sending final Access-Accept. Added more Unisphere and Juniper VSAs based on http://www.juniper.net/techpubs/software/junos/junos114/radius- dictionary/unisphereDictionary_for_JUNOS_v11-4.dct Fixed a typo in dictionary for WiMAX-QoS-Descriptor value Transmission-Policy. Fixed a problem that could prevent the correct OutPort being used as the source port for AuthBy RADIUS forwarding. Nas finger now uses the standard perl Net::Finger module intead of the internal Finger client in Radius::Finger. The internal Finger client Radius::Finger is now not shipped with Radiator. If you wish to use finger to check online users, you must install the Perl Net::Finger module. Added OSC VSA for pseudo-attribute PoolHint to dictionary. Updated all Nas/*.pm modules to use numeric OIDs instead of sysmbolic, since some recent versions of snmp tools install without MIBs. Added DEBUG logging of DHCP replies reeceived by AddressAllocator DHCP. Fixed a problem that could cause a crash if AuthBy EAPBALANCE was used with the KeepaliveTimeout option. Fixed a problem that caused UseStatusServerForFailureDetect to not work correctly when defined at the AuthBy RADIUS level instead of the Host level. Added new parameter ClientHardwareAddress to AddressAllocator DHCP. ClientHardwareAddress is the name of an attribute in the incoming address which contains the hex encoded MAC address of the client. If present, it will be used as CHADDR in the DHCP request. If not present, and fake CHADDR based on the request XID will be used. The DHCP server may use this when allocating an address for the client. The MAC address can contain extraneous characters such as . or : as long as it contains the 12 hex characters (case insensitive) of the MAC address. Special characters are supported. Added NetworkPhysics-Attribute to dictionary with the kind assistance of "Caporossi, Steve G." Added Procera-Local-User-Name to dictionary with the kind assistance of Lucas Hazel. Improvements to consistency of proxiedRequests and proxiedNoReply statistics counters when the request is proxied by multiple AuthBy RADIUS or AuthBy RADSEC clauses. AuthBy RADMIN now supports PostAuthSelectHook. Enhancements to support Diameter client and server required for new Diameter Wx support in Radius-EAP-SIM. Fixed a problem that caused incorrect RecvTime in tunnelled PEAP requests. Implemented checkproc for SuSE in linux-radiator.init. Contributed by "Aeneas Jaißle (sewikom GmbH)" Added support for PostDiaToRadiusConversionHook and PostRadiusToDiaConversionHook to Server DIAMETER. Refactoring of md5 and mschapv2 challenge code prior to integrating Heimdal digest support. Added new module AuthBy HEIMDALDIGEST with example configuration and test setup instructions. Authenticates from Heimdal Kerberos (http://www.h5l.org/). Supports RADIUS-PAP, EAP-MD5, EAP-MSCHAPV2 (and therefore TTLS-PAP, TTLS-EAP-MD5, PEAP-EAP-MD5, PEAP-EAP-MSCHAPV2, TTLS-EAP-MSCHAPV2). With the kind assistance of Fredrik Pettai. Originally written by Klas Lindfors. Contributed by Stefan Wold of Stockholm University. Fixed a problem where file:"filename" syntax in configuration file could cause strange error messages in hooks if the filename was not found. Fixed a problem where PidFile could be incorrectly deleted if any child was killed in a farm. Now it is only deleted if the farm parent is shut down. Fixed a problem in server farms where if a child process was STOPped or hung, the graceful shutdown process could also hang, resulting in possible failure to restart all children correctly. Improvement to Linux startup script to better handle the case where Radiator fails to exit cleanly after stop command. Improvements to SNMP.pm snmpget, so that failures due to Unknown Object Identifier are detected. Suggested by Michael. -- Mike McCauley [email protected] Open System Consultants Pty. Ltd 9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au Phone +61 7 5598-7474 Fax +61 7 5598-7070 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
