(RADIATOR) Radiator version 3.1 released

Mike McCauley mikem at open.com.au
Fri May 24 02:17:49 CDT 2002 

We are pleased to announce the release of Radiator version 3.1
This version provides some new features and 
some bug fixes.

As usual, the new version is available free of charge to current 
licensees from 
http://www.open.com.au/radiator/downloads/Radiator-3.1.tgz
and
http://www.open.com.au/radiator/downloads/Radiator-3.1-1.noarch.rpm

and to current evaluators from 
http://www.open.com.au/radiator/demo-downloads/Radiator-Demo-3.1.tgz
and
http://www.open.com.au/radiator/downloads/Radiator-Demo-3.1-1.noarch.rpm

An extract from the history file is attached

-----------------------------
Revision 3.1 (23/5/02 New features and fixes) 
Added and documented UseSSL for AuthBy LDAP2. 

Monitor clause did not permit multiple instances on different Ports. 

Fixed a problem with DefaultSimultaneousUse that did not correctly
detect users affected by RewriteUsername. Reported by "Scott
Rothgaber" (scott at easley.net). Thanks Scott.

Added all Radiator pseudo-attributes to the dictionary for reference,
and also to facilitate use by packages like RAdmin.

Changes to AddressAllocatorDHCP.pm and DHCP.pm to support the User
Class Option (option 77) in the ISC DHCP server (www.isc.org).

Additional changes to comply with RFC3011 (Subnet Selection Option)
and to simplify and streamline the code.  radwho.pl did not separate
lines with a newline when showing SQL. Reported by "Stephen Malenshek"
(stephen at valuelinx.net).

In Nas/AscendSNMP.pm, there is alternative code for MAX6000 (TAOS
8.0.1+), suggested by Pavel A Crasotin (pavel at ctk.ru)

Added support for HTTP Digest Authentication per RFC2617. QOP's of
auth and unspecified are supported. Algorithm of MD5 and unspecified
are supported. QOP of auth-int and algorithm of md5-sess are not
supported. Also provided patch file
goodies/Apache-AuthenRadius-0.3-digest.patch which adds Digest
authentication to Apache-AuthenRadius, plus
goodies/RadiusPerl-0.05-0.06.patch for RadiusPerl-0.05 to fix long
password problems.

New flag for buildsql, -f Force DB update for non defined
fields. Contributed by Jorge Morgado
(jorge.morgado at kpnqwest.com). Thanks Jorge.

ClientListSQL now lists its clients in the ServerConfig Client list,
so they can be seen by Radar. Reported by "Romain Vergniol"
(romain.vergniol at cegedim.fr). 

ClientListSQL now permits a trailing column that contains a list of
comma separated flag parameter names. Contributed by "Tony B"
(tonyb at go-concepts.com). Thanks Tony. 

At 3.0 ClientListSQL (correctly) complains if there is no password for
a Client. The error message now says which Client has the problem.

AuthGeneric now emits an error If MD4 is not present but is required
for an MSCHAP request. Suggested by niceman at att.net.

RewriteFunction was broken, resulting in messages like: ERR: Error in
RewriteFunction(mikem): Can't use string ("sub {print "hello
world\n"}") as a subroutine ref while "strict refs" in use at (eval
23) line 1 Reported by "Andy De Petter"
(adepette at krameria.net). Thanks Andy.

AuthBy NT and AuthBy TEST had typos that prevented keywords being
recognised.

Fixed further problems with special character handling. Could get
incorrect behaviour if the resulting transformation resulted in %0, %1
etc.  Now single char and positional args are all converted in one
operation. Reported by "Tristan Woerth"
(tristan.woerth at securalis.com). Thanks Tristan.

Fixed problems with sending SNMP requests for NasType iff the
community contained whitespace or shell special characters. Reported
by "Rolando Riley" (rriley at ayayai.com). Thanks Rolando.

LogFile, AcctLogFileName and PasswordLogFileName now support pipes. If
the first character if the filename is |, then the output is sent to
the pipe, else it is appended to the named file. Suggested by "Sergey
Y. Afonin" (asy at kraft-s.ru). Thanks Sergey.

Fixed an infinite recursion problem with Trace 4 in Log SQL and Log
EMERALD.

Fixed a problem with log dates in Log EMERALD.

Log EMERALD now has configurable LogQuery, defaults to: insert into
RadLogs (RadLogMsgID, LogDate, Username, Data) values (%4, \'%5\', %6,
%2)

Added example config file for working with Advanced ISP Billing.

Added AuthBy EMERALD4 to work with IEA Emerald 4 or later. Also an
example config file in goodies/emerald4.cfg.

Exec-Program now logs the command and the result at DEBUG
level. Suggested by "Dave Kitabjian" (dave at netcarrier.com).

AuthBy NT now does not crash if attempting to do group checking on Unix. 
Found and patched by "neil d. quiogue"
(quioguen at cpcnet-hk.com). Thanks Neil.

Testing with Vasco VACMAN Radius middleware software. Vacman is a very
interesting and easy way to add token-based authentication to an
existing Radius infrastructure.

The value for integer Radius attributes can now be specified as hex,
with a leading 0x.

handlerFork and safeFork now take an optional subroutine ref that will
be called when the child is reaped. The PID of the reaped child will
be passed to the function. This is only of interest to code
customisers.

SqlDb::quote now automatically reconnects to the database if
necessary.

AddressAlocatorSQL default AllocateQuery was changes, since %2 (the
username) is now automatically quoted. This fixes a problem with SQL
syntax errors in the event of a disconnect/reconnect. Reported by Eric
Lackey (eric at isdn.net). Thanks Eric.

Fixed a problem with AuthLogSQL, where SQL errors could cause
recursive calls to the log function. This involved changing the name
of the log function in all the AuthLog modules from 'log' to
'authlog'. Reported by "Dan Melomedman"
(dmelomed at devonitnet.com). Thanks Dan.

Added TRACE_USERNAME command to Monitor clause to support
user-specific tracing in Radar.

Added TraceOnly flag to Monitor clause. If you set TraceOnly,
connections through this Monitor are prevented from getting
statistics, or getting or setting configuration data, or restarting
the server.

AddressAllocatorDHCP incorrectly always defaulted
SubnetSelectionOption to SUBNET_SELECTION. This should only happen if
SubnetSelectionOption is specified as an empty string.

Added IgnoreAccountDisable and IgnoreAccountLockout flags to AuthBy
NT. On Windows, these parameters stop AuthBy NT from taking notice of
the NT account flags.

Added NAS-Port-Type xDSL to dictionary. Provided by
Thomas.Krumm at tesion.de. Thanks Thomas.

Added CVX-Terminate-Cause, CVX-Reject-Reason and Level 3 VSAs to the
dictionary. Contributed by briand at Level3.net. Thanks Brian.

Added beta support for EAP TLS. Requires Net::SSLeay 1.15 plus patches
or later. Requires openssl 0.9.8 or later. See example in
goodies/eap_tls.cfg. Tested with xsupplicant and Aironet wireless card
on Linux.

Added sample utility for importing accounting data from a detail file
into and SQL database. See goodies/radimportacct

Added sample command line utility for adding users to an SQL
database. See goodies/raduseradd

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
Phone +61 3 9598-0985                       Fax   +61 3 9598-0955

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc 
on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X etc etc
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list