We are pleased to announce the release of Radiator 2.16. 2.16 includes some significant new features such as IP address allocation, and a number of fixes. Existing customers can download the new version from http://www.open.com.au/radiator/downloads/Radiator-2.16.tgz Current evaluators can download the new version from http://www.open.com.au/radiator/demo-downloads/Radiator-Demo-2.16.tgz Excerpt from the history file follows: Revision 2.16 (19/5/00) Added totals of sessions, time, octets and packets to the user page in radacct.cgi. Session-Timeout as a reply item can now takes a value "until Time" which calculates the session timeout until the end the permitted time period defined by a Time check item. Added Auth-Type=Accept, code contributed by David Daney ([EMAIL PROTECTED]). Thanks David. Added PreProcessingHook to Handlers, which fires before accounting log files etc are written. Code contributed by David Daney ([EMAIL PROTECTED]). Thanks David. AddToReplyIfNotExist parameter with multiple attr=val, and with white space before the attribute namew would not be parsed properly, resulting in a "Bad attribute=value pair:" error message. Simultaneous-Use would sometimes check the wrong user name for excess sessions when RewriteUsername or Prefix or Suffix was involved. Fixes so that multiple DEFAULT users with Prefixes and/or Suffixes wont strip the the user name for the following DEFAULT. Contributed by David Daney ([EMAIL PROTECTED]) Added new module that does logging to a Platypus and RadiusNT compatible message log table. Testing with Windows 2000. Fixed radpwtst -gui to work with Tk800.018 and better. Fixed a bug in AuthLDAPSDK.pm, that produces the following error: Global symbol "@vals" requires explicit package name at Radius/AuthLDAPSDK.pm line 256, <FILE> chunk 39. Reported by Bradley Clayton ([EMAIL PROTECTED]) Workaround in AuthRADKEY.pm for problems with password lengths on some MAXen. Reinstated the changes that make %a get the Framed-IP-Address from the reply packet instead of the request, and to take ma.overdue into account in in AuthBy EMERALD. These changes were inadvertently lost from the 2.15 distribution. Changes to all SQL based modules to fix an infrequent problem with Sybase on some platforms, and in some environments. Some versions would sometimes hang during the SQL finish operation, which was not protected by timeout. DefaultRealm now only adds the realm if there actually was a User-Name present in the request. Requests without a User-Name will not now have a fake User-Name added. Added cisco-h323* entries to the standard dictionary for Cisco VOIP. The password log for CHAP logins now shows "UNKNOWN-CHAP", instead of "UNKNOWN", to help distinguish form the case where there is no password in the request. Added SessNULL.pm to the distribution, contributed by Daniel Senie ([EMAIL PROTECTED]). Thanks Daniel. SessNULL.pm provides a session database that does not store any session details and always permits multiple logins. Useful for very large user populations where ther is no multiple-login prevention required: this will require much less memory than SessINTERNAL. Added support for HoldServerConnection, plus disconnection after each request to AuthBy LDAPSDK, at the request of Thomas Braber ([EMAIL PROTECTED]). Special formatting can now refer to any attribute in the current reply with %{Reply:attributename} Check items can now refer to attributes in the currently constructed reply. This can be useful for adding more reply items, depending on the reply items that are already there. For example, you might set a Profile psuedo attribute in an AuthBy and in a following AuthBy, add some real reply attributes that depend on the value of the Profile you added before Added support for IP address allocation, and a specific SQL implementation. See goodies/addressallocator.cfg for examples on how to use. STOP PRESS: minor changes in database schema since the 2.16 alpha release. Alpha testers will have to recreate their RADPOOL table. Fixed algorithm for computing port index for Total Control SNMP access checking. Contributed by Aaron Nabil ([EMAIL PROTECTED]). Thanks Aaron. Fixed a problem with AuthAttrDef in AuthBy LDAP and LDAP2. Added the -p switch to builddbm to print out a flat file equivalent. Contributed by Joost Stegeman ([EMAIL PROTECTED]). Thanks Joost. ipaddr type attributes can now be specified as a 4 byte string, as well as dotted-quad notation. Useful for putting IP addresses and netmasks in databases as binary instead of strings. Suggested by Mike Nerone ([EMAIL PROTECTED]). Updated GRIC Roaming attributes in various dictionaries. Log SQL and AuthBy RADMIN now permit LogQuery parameters configure the query used to insert into the log table database. AuthBy DBFILE and SessionDatabase DBM now support a DBType parameter, allowing you to specify the type of DBM database to use. AuthBy RADMIN was incorrectly logging all level log messages. Now it honours the global Trace level. Fixed a problem with MD5 password encryption when encrypted passwords had a zero length salt. Fixed a bug in Client.pm that prevented the client list used by SNMP and StatusServer being cleared during a HUP. Added new Bay Annex attributes to dictionary Pushed the permitted perl revision level back to 5.003 Testing on Cobalt CacheQube. OK. Fixed a bug in the radwho.cgi and radacct.cgi sort routines that affected user name sorting with mixed alpha and numeric names. Reported by Larry Vaden. Thanks Larry. Fixed a problem with apparent floating point attibutes in AuthBy EMERALD. Fixed some problems in getProfiles example hook in goodies/hooks.txt. Contributed by Christian Hammers ([EMAIL PROTECTED]). Thanks Christian. Added NoReplyHook to AuthBy RADIUS, called if no reply is heard from any remote servers. Useful for storing accounting to an SQL database for later delivery or retransmission (see goodies/reliableaccounting.cfg for example) Testing with InterBase 6.0 and DBD-Interbase-0.021. OK. Note that Interbase 6.0 requires /etc/hosts.equiv to contain the name of each client host, so you may need to add 'localhost' to /etc/hosts.equiv to enable you to start the Interbase server and access it. Also note that InterBase requires a custom AuthSelect since it does not permit columns named PASSWORD. interbaseCreate.sql creates it as PASS_WORD. Due to changes in policy by iPASS, the preferred method of interoperating with iPASS outbound is now to proxy to the iPASS radius server. Altered documentation to suit. Added some improvements to extensibility and customisability: The reinitialize and find functions for Client, Handler, Realm et al are now registered at startup. This allows you to add new subclasses of Client and Handler with new ways of finding the right Client or Handler to use. You can also register your own reinitialise function with main. Added examples csid.cfg and CalledStationId.pm to goodies to demonstrate use of all these features, using the example of fast, exact matching on Called-Station-Id. radpwtst now takes notice of the Framed-IP-Address in the reply and uses it in subsequent accounting starts and stops, unless -framed_ip_address has been used to force a particular address. Added initial version of new radconfig.cgi, a CGI script that will manage a Radiator configuration file. Added new Nas Type of Ping, which will attempt to check simultaneous use by pinging the dialup users Framed-IP-Address. This is not foolproof as the Framed-IP-Address may have been reallocated, but its better than nothing, which is what you may have without finger or snmp access to the NAS. Added missing documentation for SessionDatabase parameter for Realm and Handler, which allows you to control which Session Database a Realm or Handler will use. Fixed a spurious WARNING message if AuthPort or AcctPort was defined as empty (ie no socket to be set up). Reported by Antonio Coloma. Added new Scope parameter that allows you to control the LDAP search scope in LDAP2 and LDAPSDK. Suggested by [EMAIL PROTECTED] -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, 2000, NT, MacOS X === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
