(RADIATOR) Radiator Version 3.16 released

[Mike McCauley]

We are pleased to announce the release of Radiator version 3.16

This version contains some significant new features, and a number of
fixes. Amongst the new features are support for receiving and handling
Diameter requests, Vasco Virtual Digipass tokens, software for sending SMSs
and ChilliSpot integration. Support for Windows Vista PEAP
wireless clients was added.

As usual, the new version is available to current licensees from:
http://www.open.com.au/radiator/downloads/

and to current evaluators from:
http://www.open.com.au/radiator/demo-downloads

Licensees with expired access contracts can renew at:
http://www.open.com.au/renewal.html

An extract from the history file
http://www.open.com.au/radiator/history.html is appended:

-----------------------------
Revision 3.16 (2006-11-09) Some major new features and a few bug fixes.

Added early release of Diameter support. ServerDIAMETER implements a stateless
Diameter to Radius translation agent. Incoming Diameter requests are converted
to Radius requests which can be served internally by Radiator or proxied to
another Radius server. Includes simple Diameter client for testing (diapwtst)
and sample configuration file. Supports RFCs 3588, 4005, 4072. Supports TLS
encryption, TCP or SCTP transport. Interoperates with OpenDiameter.

AuthBy DIGIPASS now supports Vasco Virtual Digipass. This allows Vasco token
support even of the user does not have a physical token (or has lost
it). AuthBy DIGIPASS generates the correct tokencode and passes it to a hook,
where it can be delivered to the user by SMS etc. Example config file
digipass.cfg shows how to enable it. New versions of Authen-Digipass that
support AAL2GenPassword for Virtual Digipass support.

Added new module for sending SMS messages using the Internode NodeText
Gateway, a commercial SMS gateway available from Internode in Australia. Also
added fully working example configuration file showing how to do
One-Time-Passwords delivered by SMS. The NodeText Gateway is a high
reliability, high performance SMS Gateway for Australian SMS numbers. Works
with GSM, CDMA. Works with Telstra, Optus and Vodafone networks. Billing of
SMS delivery charges can be to the sender, or the receiver. The Internode
NodeText Gateway can also apply a range of special features, such as name to
SMS number translation etc. Multiple recipients, message splitting etc are
supported. They also offer an email-to-SMS gateway. This fully working example
allows your users to be administered with Radmin, using One-Time-Passwords
delivered to the user by SMS. Internode SMS gateway access for Australian SMS
numbers is available from http://www.internode.on.net and
http://www.internode.on.net/products/sms.htm

Added tutorial and config files for installing ChilliSpot, Radiator and RAdmin
to provide a complete, locally administered captive portal wireless hotspot
solution, including prepaid time for users, user statistics, monitoring
etc. See http://www.chillispot.org

Ensured SNMP and Status-Server statistics are correctly updated by requests
received via RADSEC and TACACSPLUS.

Testing on Syllable 0.6. OK, except Any_DBM tie is not implemented on Syllable
so that AuthBy DBFILE does not work, resulting in failed tests 1a, 3a, 3d, 3g,
3h.

Minor cleanups to remove various warnings when -w is used

Special character %z was using a deprecated MD5 hashing routine. Now uses
Digest::MD5::md5_hex.

Fixed a problem that prevented reply attributes from EAP_PEAP_MSCHAP_Convert
converted requests being replied to the client. Reported by Alex Sharaz.

Fixed a problem in ClientListLDAP where attributes that expect a stringarray
(such as IdenticalClients, FramedGroupBaseAddress, RewriteUsername,
DynamicReply) could cause a crash if there were multiple values for that
attribute in the LDAP database. Reported by Lohier, Matthew.

Fixed a problem withe AcctLogFileName where a file name with a leading '|' for
a pipe would incorrectly cause bogus directories to be created. Reported by
Anne Bennett.

Fixed a problem with AuthBy DIGIPASS clauses that are not contained within a
Realm or Handler causing a crash. Reported by Paul Dekkers.

Added a number of Unisphere VSAs to dictionary. Contributed by Gareth Coco.

Testing on Windows Vista Beta build 5384. OK, using ActiveState ActivePerl
5.8.8.

Fixed an error in the definitions of 3GPP2-IP-Technology in
dictionary. Reported by Frank Danielson.

AuthBy LSA and AuthBy NT on Windows now suport Local as well as Global groups
when using the Group parameter.

Fixed a problem with anonymous bind not working correctly, resulting in
LDAP_INAPPROPRIATE_AUTH. Reported by R.H.Hoek.

Fixed a problem with TTLS and PEAP where a proxied reply to the inner request
of a session that has been lost or closed would cause a crash. Reported by
Shahid Khan.

Fixed a problem with goodies/CalledStationId.pm that would cause ERR: Bad
attribute=value pair.

Improvements to goodies/CalledStationId.pm to support regexps in stations.

Added a number of Aruba VSAs to dictionary. Contributed by steven.quek.

In AuthBy RADMIN, changed the default MaxMEsageLength to 200 to comply with
the standard Radmin database size.

Fixed a problem with client certificate verification in EAP TLS that could
cause an error 'EAP TLS No peer certificate'.

Fixed a problem with EAP-TLS authentication when EAPTLS_NoCheckId was
set. reported by Dawn Lovell.

Added various VSA to support ChilliSpot, an open source captive portal for
wireless with Radius support. http://www.chillispot.org/

Testing with ChilliSpot http://www.chillispot.org/ OK. ChilliSpot is a
wireless hotspot portal that authenticates users before letting them get
access to the internet. ChilliSpot can work with both UAM (where the
ChilliSpot hotspotlogin.cgi script solicits a passwords and ChilliSpot sends
Radius/CHAP to Radiator), and with EAP (where ChilliSpot forwards Radius/EAP
requests to Radiator). Tested with UAM, EAP, TTLS, PEAP. Caution: ChilliSpot
1.1.0 has a bug where Radius replies that contain a Service-Type reply
attribute will cause the chilli process to crash. A patch has been submitted
to chillispot.

Enabled SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS in PEAP TLS, to work around a
problem with Vista Beta 2 clients, where the extra empty fragment (sent as a
security measure by OpenSSL) confuses the Vista PEAP supplicant. See
http://www.openssl.org/~bodo/tls-cbc.txt for reasons behind the empty
fragments. Reported by David Spindler.

Improvements to EAP LEAP handling to be compatible with some types of
LEAP-ignorant APs. Reported by Russ Jones.

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia   http://www.open.com.au
Phone +61 7 5598-7474                       Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS, NetWare etc.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.