(RADIATOR) Version 2.19 released

Mike McCauley mikem at open.com.au
Sat Oct 27 22:08:17 CDT 2001 

We are pleased to announce the release of Radiator version 2.19
This version provides native RSA SecurID certification, some
significant new features for proxying, many minor new features and 
some bug fixes.

As usual, the new version is available free of charge to current 
licensees from 
http://www.open.com.au/radiator/downloads/Radiator-2.19.tgz
or
http://www.open.com.au/radiator/downloads/Radiator-2.19-1.noarch.rpm

and to current evaluators from 
http://www.open.com.au/radiator/demo-downloads/Radiator-Demo-2.19.tgz
or
http://www.open.com.au/radiator/downloads/Radiator-Demo-2.19-1.noarch.rpm

An extract from the history file is attached

--------------------------------------------------
Revision 2.19 (27/10/01) RSA SecurID certification, SQL->Radius proxying 

Received RSA SecurID Certification, based on 2.19alpha. 

New AuthBy SQLRADIUS provides proxying based on an SQL table. Looks up
the target radius server from an SQL table that can depend on Realm,
Called-Station-Id etc. Complictated indirect target mapping is also
suported. Useful for managing large number of remotes servers, such as
in a wholesale ISP. Example tables in goodies/*.sql, plus example
config file in goodies/sqlradius.cfg. Obsoletes
goodies/AuthSQLRadius.pm.

New AuthBy INTERNAL allows you to handle different types of requests
in fixed, parameterised ways.

Ships with a beta version of command line utility radwho.pl

New version of PPM package for Authen-ACE4 works on NT and Win 2000
with AceAgent 4.4.

Detailed install and test instructions for AuthBy ACE in
goodies/ace.txt

Added MainLoopHook which is called once per second during the main
dispatch loop.

New NASType of Portmaster3 uses SNMP. Contributed by "Griff Hamlin,
III" (griff3 at quik.com). Thanks Griff.

Fixed a problem with timers persisting through a HUP or
reset. Identified by "Mariano Absatz" (radiator at lists.com.ar).

Improvements to Linux startup script so it can be used with chkconfig
on RH7.1. Contributed by Levent Sarikaya (levents at de.colt.net).

Added -interactive flag to radpwtst, allowing easy testing with
authentication methods like AuthBy ACE that use multiple
Access-Challenge and State attribtues to manage an authentication
conversation.

Test Oracle radius authentication: Oracle 8 can authenticate Oracle
users through Radius. Note: Oracle always upper-cases user names. See
the Radiator FAQ for more details.  goodies/sybaseCreate.sql did not
drop RADLOG.

In SessionDatabase SQL, empty DeleteQuery is now handled properly.

Fixed a problem with AuthBy EMERALD, where user and service radius
attributes were not properly extracted from the database.

Fixed a problem with EAP that prevented correct operation with Windows
XP. Found and fixed by Travis Hume (travis.hume at tenzing.com).  Thanks
Travis.

Added ShutdownHook which is run just before exiting after a
SIGTERM. Suggested by Robert Thomson (sirrmt at dingoblue.net.au).

Testing with BillMax 1.5.4 on RedHat 7.1. Added example
goodies/billmax.cfg and goodies/billmax.txt.

Fixed problems with EAP code that caused requests with
Message-Signature and no EAP-Message to not be handled properly.

In Handler.pm, removed an unnecessary call to time, use $p->{RecvTime}
instead.

In AuthBy EMERALD, all SQL queries are now configurable.

Reply item MS-CHAP-MPPE-Keys previously was assumed to contain an
encoded and encypted session key. Now, if the legth is not exactly 24
octets, Radiator will generate, encode and encrypt 2 session keys
based on the given value. Tested with the patient assistance of "Andre
D.  Henry" (andre at go-net.com). Requires Digest::MD4.

Added AutoMPPEKeys parameter to AuthBy, so that if you are doing
MS-CHAP authentication with plaintext passwords, and your NAS requires
MS-CHAP-MPPE-Keys in the reply, then setting this parameter will force
Radiator to automatically reply with MS-CHAP-MPPE-Keys set from the
plaintext password.

AuthBy RADMIN now understands and honours EncryptedPassword parameter,
so it can be used with Radmin Unix encryption.

Added StripFromRequest and AddToRequest parameters to Handler and
Realm.

Added new SQL AcctColumnDef type 'literal' that lets you build columns
literally. No quotes are applied.

AuthBy NT now hounrs the Fork paramter, which can be useful on
Windows, where checking bad passwords is deliberately slowed down by
Microsoft. Contributed by Robert Thomson
(sirrmt at dingoblue.net.au). Thanks Robert.

AuthRADIUS.pm now has virtual function noreply() that is called if
there is no reply from any target hosts. Default behaviour is to call
the NoReplyHook if there is one.

Added new global parameter DefineFormattedGlobalVar like
DefineGlobalVar but which honours special formatting
characters. DefineGlobalVar is now deprecated, and will be removed one
day.

In AuthBy SYSTEM, numeric Group check items are now permitted as well
symbolic group names.

AuthBy LDAPSDK, LDAP and LDAP2, in PostSearchHook the reply packet is
now passed as $_[5].

Added VALUE definitions for MS-MPPE-Encryption-Policy and
MS-MPPE-Encryption-Types values to dictionary.

In AuthBy SQL, improved recovery after a failed AcctSQLStatement.

Added Tunnel-Client-Auth-ID and Tunnel-Server-Auth-ID and
IETF-Token-Immediate to dictionary.

Added AddToRequestIfNotExist parameter to Handlers and Realms AuthBy
RADIUS now also honours AccountingStartsOnly, AccountingStopsOnly and
AccountingAlivesOnly.

Added new pseudo reply item Exec-Program which runs an external
program only if the user successfully authenticates. Similar to
Exec-Program in Cistron. Suggested by "Klaas Koopman"
(klaas at isd-holland.nl).

Improved text of error message for unknown standard attributes.

Improved duplicate detection in the case (such as Lucent TNT) where
the Nas-IP-Address is not necessarily constant. Patch contributed by
b.grange at libertysurf.fr.

hostname.pl utility renamed to radhostname.pl, due to naming conflict
with standard hostname.pl library file detected during make install.

dictionary.redback had DOS CRLF characters in it. Removed.

Improved detection of NAS reboots, and correctly add the session even
if it is session ID 00000000.

Improvements to test.pl allow selection of individual test sets with
the -tests flag.

More liberal prerequisite for Digest::MD5. Version 2.02 tested OK.

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
Phone +61 3 9598-0985                       Fax   +61 3 9598-0955

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc 
on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list