We are pleased to announce the release of Radiator version 3.0 Version 3.0 contains many signicant architectural and performance features, support for our new Radar real-time monitoring and graphing package, new statistics logging and gathering modules and many other new features.
As usual, the new version is available free of charge to current licensees from http://www.open.com.au/radiator/downloads/Radiator-3.0.tgz and http://www.open.com.au/radiator/downloads/Radiator-3.0-1.noarch.rpm and to current evaluators from http://www.open.com.au/radiator/demo-downloads/Radiator-Demo-3.0.tgz and http://www.open.com.au/radiator/downloads/Radiator-Demo-3.0-1.noarch.rpm An extract from the history file is attached ----------------------------- Revision 3.0 (25/3/02) Significant architectural changes, new features, Radar 1.0 compatibility Significant architectural changes to support remote monitoring, introspection, remote debugging, remote tracing, local and remote stats gathering, improve performance, simplify some code, remove duplicated code etc. Any clause may now have any number of private <Log xxx> clauses, which will be used to log errors and messages originating from within that clause before being logged by any global loggers. Can also use 'Log identifier' to refer to an already existing <Log xxxx> clause from within any other clause. Improved and expanded statistics gathering mechanisms. Many more statistics are collected, including average response time for the server as a whole and for each Client, Realm, Handler, AuthBy and Host. Added new statistics logging clauses that will log various server and 'per-clause' statistics with StatsLog FILE and StatsLog SQL. Example configuration in goodies/statslog.cfg. Example tables for StatsLog SQL in goodies/*.sql. New Monitor class permits an (authenticated) TCP connection to the server allowing telnet and specialised clients to inspect, alter, and collect statistics and tracing etc. Improved support for tagged tunnel attributes. Can now have things like: Tunnel-Type=1:L2F and Tunnel-Password=2:1234. Tagged attribues that dont use the n:value syntax default to a tag of 0. New module AuthBy POP3 allows authentication from a POP3 server, includes APOP support. PAP only. On Unix, you can now control the effective user ID and group ID that the server runs as with the new User and Group parameters. New type of special formatting character %{Eval:expression} is replaced by the value of the perl expression. Merges latest Livingston attributes into dictionary, and converted latest Ascend dictionary to dictionary.ascend2 New type for AcctColumnDef in AuthBy SQL. inet_aton formats a dotted quad IP address as an unsigned 32 bit integer. Contributed by Benoit Grange ([EMAIL PROTECTED]) and Jerome Fleury ([EMAIL PROTECTED]). Thanks. Client, Realm, Handler, and AuthBy clauses now all support a PacketTrace parameter that can turn up the trace level for packets passing 'through' that clause. Added discussion of how to use "daemontools" (http://cr.yp.to/daemontools.html) with Radiator to goodies/highavail.txt. Contributed by "Mariano Absatz" ([EMAIL PROTECTED]). Additional features in AuthSQLRADUS.pm, permits customisation of the columns returned from HostSelect, including per-host RewriteUsername. Contributed by Steve Roderick . Thanks Steve. In AuthLog SQL SuccessQuery and FailureQuery did not quote the reason string. %1 is now quoted and escaped. Caution: Existing users of AuthLogSQL will need to remove any quotes from around %1. Added KarlNet VSA'a to dictionary. Parameter values in configuration file now permit escaped octal characters. Testing with DBD::CSV. OK with octal character patch described above. Added goodies/dbd-csv.txt discussion of how to configure Radiator to use a DBD::CSV database. Added documentation for Handler HandleAscendAccessEventRequest. Fixed a problem with handlerResult not handling HandleAscendAccessEventRequest correctly. Select::remove_file now takes extra args to indicate whether its read, write or exception callbacks to remove. Performance improvements in Select::select. Sample profiling code in ddprof.pm, contributed by Damir Dzeko . Thanks Damir. In SessSQL sub delete, $session_id and $framed_ip_address were not passed to format_special. Found and fixed by Damir Dzeko . Thanks Damir. radiusd in daemon mode now no longer attempts to detach from the controlling terminal: not portably supported on most platforms. New global parameter ForkClosesFDs makes radiusd close file descriptors 3 to 20 inclusive in the child after a Fork. This fixes a problem with some versions of Oracle where the connection to the database would be lost after a Fork with the message ORA-03113: end-of-file on communication channel (DBD ERROR: OCIStmtExecute). Error message for 'Unknown keyword ....' was incorrect. Found and fixed by Stephen Frede ([EMAIL PROTECTED]). Thanks Stephen. Fixed CPU hog problem when proxying with AuthBy RADIUS, with Synchronous and there was a network error. Found and fixed by Damir Dzeko . Thanks Damir. In AddressAllocator SQL, a new Step parameter for AddressPool allows the step size between consecutive addresses to be controlled, permitting the allocation of subnets as well as host addresses. Suggested by "Jes?ús M D?íaz" ([EMAIL PROTECTED]). Added long discussion about how Cisco VOIP and accounting works with examples, contributed by Simon Hackett to goodies/voip.txt Calling convention for the constructor for a number of classes changed to come into line with all other constructors. Affects Log::addModule, ClientListSQL, Client, Handler, LogGeneric, Realm etc. AuthBy* is unaffected. Removed many redundant 'new' constructors. Rationalised many 'sub object' config handlers. Uniform argument standards, streamlined code etc. Simplified and streamlined package initialisation in all packages for load-time performance improvement. All loggers can now receive logs of packet dumps, independent of the the global logging level. As previously indicated, UseHint as an alias for UseAddressHint and Dynamic as an alias for DynamicReply in AuthGeneric are now now longer supported. Most classes now have all their configurable keywords defined in a ConfigKeywords hash. You can stil override sub keyword if you need specialised keyword handling. Simplifies and speeds up object initialisation. Legacy classes that still use the sub keyword interface are unaffected. Fixed a problem with the NoBindBeforeOp parameter. Test was round the wrong way. Found by Christophe Wolfhugel ([EMAIL PROTECTED]). Thanks Christophe. In AuthBy ADSI, GroupBindString and GroupUserBindString did not have access to special characters from the current packet. AcceptIfMissing is now a generic AuthBy parameter, available in most AuthBy clauses. Added documentation for IgnoreErrors in AuthBy PORTLIMITCHECK. In AuthBy DYNADDRESS, the parameter Allocator has been renamed AddressAllocator for consistency. Allocator is still supported, but support will be removed in the future. When searching for a Handler to use, Realms are not now re-considered. Realms are only considered one. Previously they were re-considered when the Handlers were considered. This meakes it easier and faster to mix Realms and Handlers. No changes should be required to configuration files. Rationalised away many sub object and sub keyword functions, removing much duplicated and similar code. Configurable now automatically tries to load an object for any subclause found in a clause: you can now invent and create your own clause types and packages without changing a single line of standard code. The current reply packet is now always available as $p->{rp}. All internal APIs changed so that $rp is not passed as an argument. External APIs such as handle_request are unchanged. format_special now does not need $rp passed to it: its deduced from $p->{rp}. Significant performance improvements in format_special for special character formatting. CAUTION: APIs for Handler::handlerResult and Client::replyTo changed. DefineGlobalVar and DefineFormattedGlobalVar can now have embedded spaces. Contributed by [EMAIL PROTECTED] Thanks Ruud. Fixed a problem when proxying requests that already contain an Acct-Delay-Time: the delay time in the proxied request now takes into account the delay time in the originally received request. Found and fixed by Nuno Nunes ([EMAIL PROTECTED]). Thanks Nuno. Fixed a problem with 0 source mask and dest mask in Ascend binary filters. Found and fixed by Inglesant Philip ([EMAIL PROTECTED]). Thanks Philip. Workaround for broken Breezecom VSA's, where the VSA length is incorrectly set by Breezecom to 2, irrespective of the actual length. Also added some generic names for Breezecom VSAs to dictionary. AuthBy RADMIN now has configurable queries IncrementBadloginsQuery and ClearBadloginsQuery. Fixed some problems with secure mode in radacct.cgi, reported by various people. If SocketQueueLength was set, the socket length was set for both auth and accounting sockets, even if only one was created. Reported by [EMAIL PROTECTED] Thanks Jamie. Added Colubris-AVPAIR VSA to dictionary. Sent by "Tito Macapinlac" ([EMAIL PROTECTED]). Thanks Tito. radpwtst now takes an optional trace level to the -trace flag. If you just use -trace, you get effectively trace level 4. -trace 5 gets hex packet dumps of incoming and outgoing packets. Can now have DefaultReply, FramedGroup, StripFromReply, AllowInReply, AddToReply, AddToReplyIfNotExist and DynamicReply parameters for Client, Realm and Handler, as well as AuthBy. Also optionally supported by ClientListSQL. AuthLog FILE now creates the path to the log file if necessary. RPM package now includes all dictionaries in the doc area. Improved error reporting in SNMP module. NAS support has been separated out into a module per NAS-type, in Radius/Nas/*.pm. This makes it easier to add suport for new NAS types and to submit new NAS type modules for distribution. get_port moved from Radius to Util for consistency. AuthBy GROUP now honours DefaultSimultaneousUse. AuthBy LDAP2 now supports Version and Deref parameters. Suggested by Eli Tovbeyn ([EMAIL PROTECTED]). Thanks Eli. Changes to Radiator.spec so that RPM files will be compatible with SuSE Linux and similar. Suggested by Alfredo Sola ([EMAIL PROTECTED]) Thanks Alfredo. Changed the order of replacement of special characters in format_special. Previously, %0, %1 etc were replaced first, but this would cause problems of any of the replaced values had % special chars in them. %0, %1 etc are now done after the spoecial chars, but before GlobalVar etc. Reported by David Miller ([EMAIL PROTECTED]). Thanks David. Fixed a bug in AuthBy RODOPI that prevented AcctSQLStatement being changed. AuthBy RADMIN now permits a validfrom time of 0 to mean the beginning of time, and a validto time of 0 to mean the end of time. In AuthBy DYNADDRESS, if the PoolHint resolves to an empty string, no address will be allocated. This way you can let the NAS allocate addresses for some users. AuthBy RODOPI now quotes usernames, protecting it from problems where a username is the same as an SQL keyword. Reported by "Hector Lopez" ([EMAIL PROTECTED]) In AuthBy NISPLUS, the Query now has the username being authenticated available as %0. %n will be phased out in a future revision. -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X etc etc === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.