Software-update: Radiator 4.1

Voor het verlenen van toegang tot het netwerk kan gebruik worden gemaakt van radius om gebruikers te authenticeren. Dit is een aaa-protocol, dat door veel isp's en netwerkbeheerders wordt ingezet. Radiator is een complete radius-server voor Linux, Mac OS X, Unix en Windows met ondersteuning aanboord voor verschillende authenticatie methoden zoals ldap, active directory en tacacs+. Ook kan er gebruik worden gemaakt van tokens van onder andere RSA Securid, Safeword en Vasco Digipass. Voor meer informatie verwijzen we jullie door naar deze pagina en een overzicht van de prijzen is op deze pagina terug te vinden. De ontwikkelaars hebben Radiator 4.1 uitgebracht met de volgende lijst van aanpassingen:

Version 4.1:

• Fixed a problem where anonymous logins to ServerHTTP would not get a Privilege Level. Reported by Dominic J. Eidson.
• Fixed a significant memory leak that affected certain installations with multiple clients.
• Fixed a problem where the Configuration Edit link was not displayed on the ServerHTTP GUI in the Locked version.
• Improved configuration file saving for the case where AuthBy objects are referred to by Identifier. Reported by Dominic J. Eidson.
• OSC now provides precompiled Net::SSLeay+OpenSSL+EAP-FAST-patches bundles for Linux and Windows. Updated documentation in goodies/eap_fast.txt describing how to install these precompiled bundles.
• Added new function Radius::AuthWIMAX::get_cached_keys to fetch $sessionid, $mip_rk, $mip_spi, $fa_rk from the database given the outer nai. Requested by Ian Forster.
• SimpleClient now correctly generates a random authenticator instead of a fixed one.
• Reinstated support for EAPErrorReject which was accidentally lost from some modules.
• Fixed a problem where EAPTLS_CAPath would not be set correctly if EAPTLS_CAFile was not defined. Reported by Jan Tomasek.
• Fixed documentation of EAPTLS_CertificateVerifyHook. The list of arguments passed was incorrect, and out by an index of one. Reported by Jan Tomasek.
• Added new special character %K, which is replaced with the realm name after the last @ in the user name. Requested by Michael Kwan.
• Added to dictionary 2 new values for Error-Cause defined in RFC 5176.
• Fixed a problem with fideliosim.pl not working correctly with serial ports.
• AuthBy PAM now supports AuthenticateAttribute. Contributed by Markus Moeller.
• A number of improvements to Diameter support, contributed by José Borges Ferreira: In Handler clauses you can catch Diameter attributes: <Handler DiaRequest:Auth-Application-Id=NASREQ> or <Handler DiaRequest:Disconnect-Cause=CREDIT_CONTROL>. Added extra methods to allow vendorByName (returns vendor data from a given vendor name) grouped_attr (allows easy manipulations of grouped attributes). Added avp type vendor, witch is a Unsigned32 variant (like enumerated) that tries to translate vendorname to vendornum and vice-versa. Grouped attributes within grouped attributes are logged with alignments. New attribute SupportedVendorIds for Server DIAMETER. This optional parameter allows you to define the Supported Vendor Ids announced in CER. Defaults to BASE(0). Thanks José.
• AuthBy PAM now supports PasswordPrompt, parameter, which specifies the password prompt string asked for by PAM. Contributed by Markus Moeller.
• Improvements to Server TACSCSPLUS. Now uses Client statements for RewriteUsername, StripFromRequest, AddToRequest, AddToRequestIfNotExist and PreHandlerHook. There will be two PreHandlers called. First the one form the Client statement and second the one defined inside the Server definition. Contributed by Markus Moeller.
• Improvements to special character handling, and to enable multi-char special character names in the future. Now, any of the special single-character (and, in future, mutiple character) special characters can be accessed with, for example, the format %{Special:x} as well as just %x.
• Added functions ntptime2systime and systime2ntptime for converting between NTP and systime, useful for Diameter. Contributed by José Borges Ferreira.
• EAP-FAST was not correctly REJECTING with an EAP failure after a RESULT FAILURE message was received from the clinet, causing retransmissions of the original RESULT FAILURE message. Reported by Jim Veneskey.
• Added support for AuthLog in Server HTTP. Suggested by Markus Moeller.
• AuthBy TEST did not correctly support the Identifier parameter. Reported by Ian Forster.
• Changes to Server HTTP so that manually edited configuration files are saved with the correct line endings appropriate for the local machine. Reported by Jin Tao.
• When running as a service under Windows, did not correctly restart when a 'restart server' command was given by either Monitor or ServerHTTP. Reported by Jin Tao.
• Improvements to ServerHTTP, adding some attributes to the Radius packet used to authenticate Server HTTP access, including NAS-IP-Address and Calling-Station-Id. Contributed by Markus Moeller.
• Added support for EAPTLS_CertificateChainFile wherever EAPTLS_CertificateFile is supported, and added support for TLS_CertificateChainFile wherever TLS_CertificateFile is supported. The ChainFile parameter specifies the name of a file containing a certificate chain for the Radius server certificate. Suggested by Jan Tomasek.
• Added more detail to WARNING log when AuthBy HASHBALANCE declines to break up an EAP stream.
• AuthBy RADSEC would not always reply with the correct type of packet. Reported by Paul Dekkers.
• Fixed problems when Server RADSEC or Server DIAMETER were in use and a SIGHUP was received. Reported by Paul Dekkers.