We are pleased to announce the release of Radiator version 2.18.3 This version provides a number of bug fixes and some new features. As usual, the new version is available free of charge to current licensees from http://www.open.com.au/radiator/downloads/Radiator-2.18.3.tgz or http://www.open.com.au/radiator/downloads/Radiator-2.18.3-1.noarch.rpm and to current evaluators from http://www.open.com.au/radiator/demo-downloads/Radiator-Demo-2.18.3.tgz or http://www.open.com.au/radiator/downloads/Radiator-Demo-2.18.3-1.noarch.rpm An extract from the history file is attached ----------------------------- Revision 2.18.3 (30/8/01) Significant new features, some bug fixes Added EAP support for OTP and MD5-Challenge, works with AuthBy OPIE and any authentication database with plaintext passwords (eg AuthBy FILE, AuthBy SQL, etc). Extensible mechanism in EAP.pm permits new EAP protocols to be added. Added support for improvements in RAdmin 1.5, including Service Profiles and arbitrary per-user and per-service RADIUS check and reply items. Caution: the default AuthSelect has changed. Added beta version of AuthBy ACE, permitting authentication direct to a SecureID ACE server, instead of proxying. Certification by RSA is still pending. Example goodies/ace.cfg is included. Requires Authen-ACE4 perl module from Open System Consultants. Default behaviour of Log SYSLOG and AuthLog SYSLOG changed to log via unix sockets by default. This works correctly with more syslog daemons. New parameter LogSock permits this to be changed. Added new comand line argument -rawfile to radpwtst. SessionDatabase SQL DeleteQuery now has the column values of the record to delete passed as %0 to %4. Improvements to RPM packaging suggested by Gustav Foseid ([EMAIL PROTECTED]) Added AuthSQLStatement, similar to AcctSQLStatement: any number of SQL statements that will run before authentication. Patch provided by ([EMAIL PROTECTED]). Thanks! Performance improvements in tunnel password and mppe key encryption and decryption. All port parameters (eg AuthPort, AcctPort, Port, OutPort etc) may contain special formatting characters. A typical use of special formatting characters is with GlobalVar and command line arguments. Fixes to AuthBy EMERALD so that if HonourDNISGroups is defined but there is no DNIS in the request, or if HonourServerPortAccess is defined, but there is no Nas-Port in the request, the constraints are not applied. Improvement to AuthBy LDAP2 so that illegal charcaters in a user name wont cause disconnection from the LDAP server. Identified and patched by Carlos Canau ([EMAIL PROTECTED]) Added support for group check items to AuthBy PAM, for PAM modules that support the notion of a group (such as pam_teleid). Loading database export files now works independently of the export file was generated on Unix or Windows. Logging of 'Handling with $type' now includes the Identifier of the AuthBy moodule. Added example code to goodies/asplog.txt: How to display Radiator SQL accounting logs with an ASP/VB script. Contributed by "Michael Audet" ([EMAIL PROTECTED]) Thanks Michael! Fixed problem with AuthBy RODOPI that was broken by 2.18.1. Added support for Rcrypt reversibly encrypted passwords. Now your user database can contain passwords that are reversibly encrypted with a secret key. Radius::Rcrypt module provides encrypt and decrypt routines that can be used by any other code. Forthcoming version of RAdmin will also support Rcrypt encryption. Structural improvements to AuthGeneric, which allows some modules that previously implemented their own handle_request to piggy-back off AuthGeneric, saving lots of replicated code Added CheckGroupServer and CheckGroup to AuthBy ADSI and AuthBy NT, so that you can set a Class in the reply that depends on which NT group the user is in. Primary key violation in MySQL and unique constraint violation in Oracle now does not cause disconnection. Added example configuration file prepaid.cfg showing how to implement a simple prepaid card system with an SQL database. AuthLDAP* now handles multiple LDAP attributes for check, reply and request AuthAttrDef. Multiple LDAP attribtues will be added as multiple instances of the same Radius attribute. Contributed by Robert Kiessling ([EMAIL PROTECTED]) Thanks Robert. In AuthBy LDAP, HoldServerConnection worked in reverse to the correct behaviour. Added Global and per-Handler UsernameCharset allowing you to easily specify what characters are permitted in a user name. In AuthBy RADIUS, Host names for remote servers can now contain special formatting characaters. Added Acct-Input-Gigawords and Acct-Output-Gigawords to dictionary. Reported by Bruno Tiago Rodrigues ([EMAIL PROTECTED]). Improvements to sample Linux startup script. Now sources /etc/sysconfig/radiator if present, so you can put config file name and arguments there for preference. Suggested by Ted kandell ([EMAIL PROTECTED]). Thanks Ted. Added AuthLog SYSLOG, contributed by Carlos Canau ([EMAIL PROTECTED]). Thanks Carlos! Added example hook to goodies/hooks.txt to extract special Cisco format NAS-Port information. Added Vendor-specific attribute Command-Code for Enterasys, contributed by "Separovic, Jason" ([EMAIL PROTECTED]). Thanks Jason. Fixed a problem whre AuthBy UNIX or AuthBy FILE could fail to refresh a file if it could temporarily be stat'd but not read. Fixed a problem with Ascend binary filter attributes and UUnet: UUnet would only let 24 byte filters through, and not the newer format 26 bytes (and larger) filters. All file appends are now done by Util::append, which will facilitate threading or piping of logging in the future. Fixed a problem in ExcludeRegexFromPasswordLog Fixed Radius::unpack so that Vendor Specific Attributes that contain multiple sub-attributes are unpacked correctly. Patch supplied by Roland Rosenfeld ([EMAIL PROTECTED]). Thanks Roland! In radpwtst, Called-Station-Id and Calling-Station-Id are not sent if -called_station_id or -calling_station_id are set to empty strings. Fixed cosmetics in AddressAllocatorSQL ReclaimQuery, making 'state' uppercase. Suggested by Carlos Canau ([EMAIL PROTECTED]). Date formats recognised by Expiration and ValidFrom now include simple integer Unix epoch dates. Documented all the valid date formats. Added new pseudo check item ValidFrom that can specify the start of a valid time range. AddressAllocatorSQL FindQuery now supports special formatting characters including those from the current packet. RPM files are now 'noarch' instead of i386. Improvements to AuthBy LDAP2, contributed by Valentin Tumarkin ([EMAIL PROTECTED]). NoBindBeforeOp prevents binding before every search operation. Added timeout on 'LDAP BIND' operation in 'sub bind'. Fixes to properly close open LDAP connections after timeouts. Slightly more verbose error messages. Works with perl-ldap-0.24. Thanks Valentin! Timeouts have been generalised and moved to Util::exec_timeout. LDAP, SQL and Finger now use it. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.