[RADIATOR] Radiator Version 4.11 released

Mike McCauley mikem at open.com.au
Thu Dec 13 21:42:35 CST 2012


We are pleased to announce the release of Radiator version 4.11

This version contains some new features and minor bug fixes.

As usual, the new version is available to current licensees from:
http://www.open.com.au/radiator/downloads/

and to current evaluators from:
http://www.open.com.au/radiator/demo-downloads

Licensees with expired access contracts can renew at:
http://www.open.com.au/renewal.php

An extract from the history file
http://www.open.com.au/radiator/history.html is below:

-----------------------------

Revision 4.11 (2012-12-14)

Typo prevented MS-CHAP-Challenge being correctly added to when
EAP_LEAP_MSCHAP_Convert is enabled.

Changes to continued line parsing in 4.10 broke the ability to
spread a the first line of a clause over multiple lines with the
backslash line continuation operator. Fixed.

AuthBy ACE now supports EnableFastPINChange with EAP-GTC,
contributed by Richard Fairhall.

Fixed a problem that prevented correct operation of
ServerDIAMETER listening when FarmSize was in use: some children
could block waiting for an accept. Listen socket is now
non-blocking. Reported by Rani Assaf.

Fixed a problem that prevented AuthBy RADSEC correctly detection
downstream server failure under some circumstances with
UseStatusServerForFailureDetect. Reported by Paul Dekkers.

Added support for authentication via 3M Standard Interchange
Protocol 2 as used in 3Ms Automated Circulation Systems (ACS) for
book libraries. AuthBy SIP2 supports TCP-IP connection to 3M ACS
systems, and authenticates against library patron name and
password.

SNMPAgent now supports some more items from MIB2: sysDescr (which
returns the Radiator name and version) and sysObjectID (which
returns the Radiator OID 1.3.6.1.4.1.9048.1.1). Also added sample
goodies/snmp.cfg with some documentation about how to configure
and test SNMPAgent.

radiusd has a new function main::addChildInitFn() which can be
used by modules to register a function that is to be called in
each child after it is forked by FarmSize. This can be used by
module authors to defer or redo some intialisation in the child.

Improvements to error detection in Stream handle_socket_read to
detect the possibility of EWOULDBLOCK/EAGAIN, reported by Rani
Assaf.

Added HP-VC-Groups to dictionary.

Further improvements to multiline config file parsing, suggested
by Michael.

Updated comments in HOTP and TOTP examples to clarify the
contents of the 'secret' field. Also fixed a problem in AuthBy
SQLTOTP, which could cause an SQL error if the first ever log-in
attempt involves typing an incorrect PIN. Reported by Roy Badami.

Improvements to PEAP support for Windows failing to work when
PEAP fast reconnect was enabled. EAP Extension TLV/Success is now
exchanged over TLS tunnel between the server and client before
sending final Access-Accept.

Added more Unisphere and Juniper VSAs based on
http://www.juniper.net/techpubs/software/junos/junos114/radius-
dictionary/unisphereDictionary_for_JUNOS_v11-4.dct

Fixed a typo in dictionary for WiMAX-QoS-Descriptor value
Transmission-Policy.

Fixed a problem that could prevent the correct OutPort being used
as the source port for AuthBy RADIUS forwarding.

Nas finger now uses the standard perl Net::Finger module intead
of the internal Finger client in Radius::Finger. The internal
Finger client Radius::Finger is now not shipped with Radiator. If
you wish to use finger to check online users, you must install
the Perl Net::Finger module.

Added OSC VSA for pseudo-attribute PoolHint to dictionary.

Updated all Nas/*.pm modules to use numeric OIDs instead of
sysmbolic, since some recent versions of snmp tools install
without MIBs.

Added DEBUG logging of DHCP replies reeceived by AddressAllocator
DHCP.

Fixed a problem that could cause a crash if AuthBy EAPBALANCE was
used with the KeepaliveTimeout option.

Fixed a problem that caused UseStatusServerForFailureDetect to
not work correctly when defined at the AuthBy RADIUS level
instead of the Host level.

Added new parameter ClientHardwareAddress to AddressAllocator
DHCP. ClientHardwareAddress is the name of an attribute in the
incoming address which contains the hex encoded MAC address of
the client. If present, it will be used as CHADDR in the DHCP
request. If not present, and fake CHADDR based on the request XID
will be used. The DHCP server may use this when allocating an
address for the client. The MAC address can contain extraneous
characters such as . or : as long as it contains the 12 hex
characters (case insensitive) of the MAC address. Special
characters are supported.

Added NetworkPhysics-Attribute to dictionary with the kind
assistance of "Caporossi, Steve G."

Added Procera-Local-User-Name to dictionary with the kind
assistance of Lucas Hazel.

Improvements to consistency of proxiedRequests and proxiedNoReply
statistics counters when the request is proxied by multiple
AuthBy RADIUS or AuthBy RADSEC clauses.

AuthBy RADMIN now supports PostAuthSelectHook.  Enhancements to
support Diameter client and server required for new Diameter Wx
support in Radius-EAP-SIM.

Fixed a problem that caused incorrect RecvTime in tunnelled PEAP
requests.

Implemented checkproc for SuSE in
linux-radiator.init. Contributed by "Aeneas Jaißle (sewikom
GmbH)"

Added support for PostDiaToRadiusConversionHook and
PostRadiusToDiaConversionHook to Server DIAMETER.

Refactoring of md5 and mschapv2 challenge code prior to
integrating Heimdal digest support.

Added new module AuthBy HEIMDALDIGEST with example configuration
and test setup instructions. Authenticates from Heimdal
Kerberos (http://www.h5l.org/). Supports RADIUS-PAP, EAP-MD5,
EAP-MSCHAPV2 (and therefore TTLS-PAP, TTLS-EAP-MD5, PEAP-EAP-MD5,
PEAP-EAP-MSCHAPV2, TTLS-EAP-MSCHAPV2). With the kind assistance
of Fredrik Pettai. Originally written by Klas
Lindfors. Contributed by Stefan Wold of Stockholm University.

Fixed a problem where file:"filename" syntax in configuration
file could cause strange error messages in hooks if the filename
was not found.

Fixed a problem where PidFile could be incorrectly deleted if any
child was killed in a farm. Now it is only deleted if the farm
parent is shut down.

Fixed a problem in server farms where if a child process was
STOPped or hung, the graceful shutdown process could also hang,
resulting in possible failure to restart all children correctly.

Improvement to Linux startup script to better handle the case
where Radiator fails to exit cleanly after stop command.

Improvements to SNMP.pm snmpget, so that failures due to Unknown
Object Identifier are detected. Suggested by Michael.

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd
9 Bulbul Place Currumbin Waters QLD 4223 Australia   http://www.open.com.au
Phone +61 7 5598-7474                       Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.



More information about the radiator mailing list