Re: AD Authentication + radius + foundryAP
Mark Pipkin wrote: > With all of the frustration I nuked all of FreeRadius from the server > using 'aptitude purge freeradius freeradius-common freeradius-utils'. > This cleaned up all of my changes. Then I reinstalled FreeRadius. i.e. start from the default configuration. >>From here I followed the "Updated tutorial" until I got to: Configuring > FreeRADIUS to use ntlm_auth for MS-CHAP. When I reached this section, > and I had everything working, I went back to the original HowTo and read > though it. (note to self: don't just a head just because a HowTo seems > to good to be true. And then follow the documentation. It *will* work. > The "Updated tutorial" doesn't let you know anything about peap, > with_ntdomain_hack, the default setting of eap, or setting up clients. > So it is not, in my opinion a complete walk though. Sure. It documents one piece of the server functionality. For the rest, documentation generally exists. > Currently everything is working. I'm able to authenticate though radius > using Windows 2000 AD. > > Resolved. Exactly. The frustration I generally show is people (a) butchering the default configs, (b) refusing to follow the docs, and (c) arguing when told "don't do that". It's really not hard. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Active directory groups
That is the fun i am having. The baseDN of dc=AD,dc=ne,dc=gov DOES work
from ldapsearch and these are actually the credentials i have received
from our LDAP admins. One of the more specific options I received must
be wrong
That all being said though you are responding with an answer that at
least lets me know that my syntax is correct, even if the information I
am receiving from the local LDAP folks is not. Thanks for your help.
On Fri, 2011-05-20 at 17:03 +0100, Phil Mayers wrote:
> On 20/05/11 16:27, Doty, Seth wrote:
> > I changed my baseDN to: basedn = ou=test,dc=AD,dc=ne,dc=gov and this
> > results in the same failure in the group section.
> > rlm_ldap: object not found
> > rlm_ldap::ldap_groupcmp: search failed
> >
> >
> > I cant remove the ou=test portion or authentication fails completely and
> > i get a reject:
> > [ldap] performing user authorization for seth.doty
> > [ldap] expand: %{Stripped-User-Name} ->
> > [ldap] expand: %{User-Name} -> seth.doty
> > [ldap] expand: (CN=%{%{Stripped-User-Name}:-%{User-Name}}) ->
> > (CN=seth.doty)
> > [ldap] expand: dc=ad,dc=ne,dc=gov -> dc=ad,dc=ne,dc=gov
> > rlm_ldap: ldap_get_conn: Checking Id: 0
> > rlm_ldap: ldap_get_conn: Got Id: 0
> > rlm_ldap: attempting LDAP reconnection
> > rlm_ldap: closing existing LDAP connection
> > rlm_ldap: (re)connect to ad.ne.gov:389, authentication 0
> > rlm_ldap: bind as stn\seth.doty/ to stone.ne.gov:389
> > rlm_ldap: waiting for bind result ...
> > rlm_ldap: Bind was successful
> > rlm_ldap: performing search in dc=ad,dc=ne,dc=gov, with filter
> > (CN=seth.doty)
> > rlm_ldap: ldap_search() failed: Operations error
>
> You're just putting random things into the ldap config and hoping it
> will work.
>
> Go and speak to the people who run your LDAP service. Ask them for the
> correct base DN, bind DN and credentials, group filters and so forth.
>
> Try these LDAP parameters from the command line using ldapsearch. When
> it's working, try them with FreeRADIUS.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Active directory groups
On 20/05/11 16:27, Doty, Seth wrote:
I changed my baseDN to: basedn = ou=test,dc=AD,dc=ne,dc=gov and this
results in the same failure in the group section.
rlm_ldap: object not found
rlm_ldap::ldap_groupcmp: search failed
I cant remove the ou=test portion or authentication fails completely and
i get a reject:
[ldap] performing user authorization for seth.doty
[ldap] expand: %{Stripped-User-Name} ->
[ldap] expand: %{User-Name} -> seth.doty
[ldap] expand: (CN=%{%{Stripped-User-Name}:-%{User-Name}}) ->
(CN=seth.doty)
[ldap] expand: dc=ad,dc=ne,dc=gov -> dc=ad,dc=ne,dc=gov
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: closing existing LDAP connection
rlm_ldap: (re)connect to ad.ne.gov:389, authentication 0
rlm_ldap: bind as stn\seth.doty/ to stone.ne.gov:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in dc=ad,dc=ne,dc=gov, with filter
(CN=seth.doty)
rlm_ldap: ldap_search() failed: Operations error
You're just putting random things into the ldap config and hoping it
will work.
Go and speak to the people who run your LDAP service. Ask them for the
correct base DN, bind DN and credentials, group filters and so forth.
Try these LDAP parameters from the command line using ldapsearch. When
it's working, try them with FreeRADIUS.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Active directory groups
I changed my baseDN to: basedn = ou=test,dc=AD,dc=ne,dc=gov and this
results in the same failure in the group section.
rlm_ldap: object not found
rlm_ldap::ldap_groupcmp: search failed
I cant remove the ou=test portion or authentication fails completely and
i get a reject:
[ldap] performing user authorization for seth.doty
[ldap] expand: %{Stripped-User-Name} ->
[ldap] expand: %{User-Name} -> seth.doty
[ldap] expand: (CN=%{%{Stripped-User-Name}:-%{User-Name}}) ->
(CN=seth.doty)
[ldap] expand: dc=ad,dc=ne,dc=gov -> dc=ad,dc=ne,dc=gov
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: closing existing LDAP connection
rlm_ldap: (re)connect to ad.ne.gov:389, authentication 0
rlm_ldap: bind as stn\seth.doty/ to stone.ne.gov:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in dc=ad,dc=ne,dc=gov, with filter
(CN=seth.doty)
rlm_ldap: ldap_search() failed: Operations error
[ldap] search failed
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns fail
On Fri, 2011-05-20 at 15:26 +0100, Phil Mayers wrote:
> On 20/05/11 15:14, Doty, Seth wrote:
> > I must be doing something wrong in my filtering because it keeps dumping
> > me into unclassified instead of passing the group I assigned. I have
> > setup a security group specifically for this test and i am indeed in the
> > group.
> >
> > I set it up like this in sites-enabled/inner-tunnel because it seemed
> > this manner was a little more flexible for our needs:
> >
> > post-auth {
> > if (Ldap-Group == "CN=STNE_Wireless_Authentication,ou=Security
> > Groups,ou=test,ou=test,dc=AD,dc=ne,dc=gov") {
>
> This is wrong. You don't give the group DN. You give the value of
> "groupname_attribute" in the ldap module, defaults to "cn", i.e.
>
> post-auth {
>if (Ldap-Group == STNS_Wireless_Authentication) {
> ..
>}
> }
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: AD Authentication + radius + foundryAP
I don't like leaving things unresolved and just laying around like so
many other post that I have ran across. I guess Alan DeKok scares them
off with the "It's in plain view dumb ass" attitude. I'm sure after
answering the questions over and over again, it is about the only
response that someone can give who it just tired of the same old
questions and wants a challenge.
With that being said...
On Ubuntu 10.04 w/ updates, FreeRadius 2.1.8, Windows XP/7, and W2K AD
The wiki has a HowTo on AD
http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO
At the very top of this page there is:
Updated tutorial for freeradius 2.x is at:
http://deployingradius.com/documents/configuration/active_directory.html
This is all well and good, but I jumped straight to that link. There
seems to be some information that is left out and that is important in
the "Updated tutorial."
With all of the frustration I nuked all of FreeRadius from the server
using 'aptitude purge freeradius freeradius-common freeradius-utils'.
This cleaned up all of my changes. Then I reinstalled FreeRadius.
>From here I followed the "Updated tutorial" until I got to: Configuring
FreeRADIUS to use ntlm_auth for MS-CHAP. When I reached this section,
and I had everything working, I went back to the original HowTo and read
though it. (note to self: don't just a head just because a HowTo seems
to good to be true.
The "Updated tutorial" doesn't let you know anything about peap,
with_ntdomain_hack, the default setting of eap, or setting up clients.
So it is not, in my opinion a complete walk though.
There is light though. Once you I got to the point where ntlm_auth was
working for me, I started back on the wiki HowTo and went to the section
'Configuration of clients.conf'.
Set the client up.
Client foundryAP {
Ipaddr = 192.168.0.1
Secret = testing123
}
In the Configuration of radius.conf section (this parts seems more like
the 1. Config) the 'with_ntdomain_hack = yes' this was found in the
~/modules/mschap file. You don't need 'auth-type = MS-CHAP'.
For ntlm_auth I'm using:
ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
--username=%{mschap:User-Name} --challenge=%{mschap:Challenge:-00}
--nt-response=%{mschap:NT-Response:-00}
--require-membership-of=DOMAIN+group"
The eap.conf section of the HowTo was spot on. I also set the clients
up, this was pointed out to me earlier in this tread twice, so make sure
your client is setup correctly as well.
Currently everything is working. I'm able to authenticate though radius
using Windows 2000 AD.
Resolved.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Active directory groups
On 20/05/11 15:14, Doty, Seth wrote:
I must be doing something wrong in my filtering because it keeps dumping
me into unclassified instead of passing the group I assigned. I have
setup a security group specifically for this test and i am indeed in the
group.
I set it up like this in sites-enabled/inner-tunnel because it seemed
this manner was a little more flexible for our needs:
post-auth {
if (Ldap-Group == "CN=STNE_Wireless_Authentication,ou=Security
Groups,ou=test,ou=test,dc=AD,dc=ne,dc=gov") {
This is wrong. You don't give the group DN. You give the value of
"groupname_attribute" in the ldap module, defaults to "cn", i.e.
post-auth {
if (Ldap-Group == STNS_Wireless_Authentication) {
..
}
}
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Active directory groups
I must be doing something wrong in my filtering because it keeps dumping
me into unclassified instead of passing the group I assigned. I have
setup a security group specifically for this test and i am indeed in the
group.
I set it up like this in sites-enabled/inner-tunnel because it seemed
this manner was a little more flexible for our needs:
post-auth {
if (Ldap-Group == "CN=STNE_Wireless_Authentication,ou=Security
Groups,ou=test,ou=test,dc=AD,dc=ne,dc=gov") {
update reply {
Filter-Id := networking
}
}
else {
update reply {
Filter-Id := secure-unclassified
}
}
here is my radius -X:
FreeRADIUS Version 2.1.7, for host x86_64-redhat-linux-gnu, built on Mar
31 2010 at 00:14:28
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /etc/raddb/radiusd.conf
including configuration file /etc/raddb/proxy.conf
including configuration file /etc/raddb/clients.conf
including files in directory /etc/raddb/modules/
including configuration file /etc/raddb/modules/policy
including configuration file /etc/raddb/modules/sql_log
including configuration file /etc/raddb/modules/detail.log
including configuration file /etc/raddb/modules/logintime
including configuration file /etc/raddb/modules/linelog
including configuration file /etc/raddb/modules/preprocess
including configuration file /etc/raddb/modules/krb5
including configuration file /etc/raddb/modules/etc_group
including configuration file /etc/raddb/modules/attr_rewrite
including configuration file /etc/raddb/modules/mschap
including configuration file /etc/raddb/modules/echo
including configuration file /etc/raddb/modules/ldap
including configuration file /etc/raddb/modules/acct_unique
including configuration file /etc/raddb/modules/smsotp
including configuration file /etc/raddb/modules/chap
including configuration file /etc/raddb/modules/cui
including configuration file /etc/raddb/modules/detail.example.com
including configuration file /etc/raddb/modules/always
including configuration file /etc/raddb/modules/perl
including configuration file /etc/raddb/modules/ntlm_auth
including configuration file /etc/raddb/modules/mac2vlan
including configuration file /etc/raddb/modules/expiration
including configuration file /etc/raddb/modules/radutmp
including configuration file /etc/raddb/modules/checkval
including configuration file /etc/raddb/modules/inner-eap
including configuration file /etc/raddb/modules/exec
including configuration file /etc/raddb/modules/passwd
including configuration file /etc/raddb/modules/mac2ip
including configuration file /etc/raddb/modules/sradutmp
including configuration file /etc/raddb/modules/ldap.save
including configuration file /etc/raddb/modules/wimax
including configuration file /etc/raddb/modules/smbpasswd
including configuration file /etc/raddb/modules/expr
including configuration file /etc/raddb/modules/otp
including configuration file /etc/raddb/modules/unix
including configuration file /etc/raddb/modules/counter
including configuration file /etc/raddb/modules/detail
including configuration file /etc/raddb/modules/ippool
including configuration file /etc/raddb/modules/digest
including configuration file /etc/raddb/modules/pap
including configuration file /etc/raddb/modules/files
including configuration
file /etc/raddb/modules/sqlcounter_expire_on_login
including configuration file /etc/raddb/modules/realm
including configuration file /etc/raddb/modules/attr_filter
including configuration file /etc/raddb/modules/pam
including configuration file /etc/raddb/eap.conf
including configuration file /etc/raddb/policy.conf
including files in directory /etc/raddb/sites-enabled/
including configuration file /etc/raddb/sites-enabled/control-socket
including configuration file /etc/raddb/sites-enabled/default
including configuration file /etc/raddb/sites-enabled/inner-tunnel
group = radiusd
user = radiusd
including dictionary file /etc/raddb/dictionary
main {
prefix = "/usr"
localstatedir = "/var"
logdir = "/var/log/radius"
libdir = "/usr/lib64/freeradius"
radacctdir = "/var/log/radius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
allow_core_dumps = no
pidfile = "/var/run/radiusd/radiusd.pid"
checkrad = "/usr/sbin/checkrad"
debug_level = 0
proxy_requests = yes
log {
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
}
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
}
radiusd: Loading Realms and Home Servers
proxy server {
retr
Re: /etc/raddb/radiusd.conf[249]: Error binding to port for :: port 1812
Hi, You can recheck the same with ps-ef with grep, may be some process is still there, if you get then kill it or you can try netstat to check for which service 1812 is used for. Regards, Pradyumna On Fri, May 20, 2011 at 3:02 PM, Dougan, Linda A wrote: > I just upgraded to net-dialup/freeradius-2.1.7 on a* gentoo* linux > server. > > I have already checked to see if there is anything listening on port 1812 > including freeradius and there is nothing on that port. Any help would be > greatly appreciated. > > > > This is my radiusd-X output. > > > > FreeRADIUS Version 2.1.7, for host i686-pc-linux-gnu, built on May 12 2011 > at 10:43:07 > > Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. > > There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A > > PARTICULAR PURPOSE. > > You may redistribute copies of FreeRADIUS under the terms of the > > GNU General Public License v2. > > Starting - reading configuration files ... > > including configuration file /etc/raddb/radiusd.conf > > including configuration file /etc/raddb/proxy.conf > > including configuration file /etc/raddb/clients.conf > > including files in directory /etc/raddb/modules/ > > including configuration file /etc/raddb/modules/cui > > including configuration file /etc/raddb/modules/pam > > including configuration file /etc/raddb/modules/pap > > including configuration file /etc/raddb/modules/otp > > including configuration file /etc/raddb/modules/chap > > including configuration file /etc/raddb/modules/echo > > including configuration file /etc/raddb/modules/exec > > including configuration file /etc/raddb/modules/expr > > including configuration file /etc/raddb/modules/ldap > > including configuration file /etc/raddb/modules/krb5 > > including configuration file /etc/raddb/modules/perl > > including configuration file /etc/raddb/modules/unix > > including configuration file /etc/raddb/modules/inner-eap > > including configuration file /etc/raddb/modules/radutmp > > including configuration file /etc/raddb/modules/counter > > including configuration file /etc/raddb/modules/acct_unique > > including configuration file /etc/raddb/modules/files > > including configuration file /etc/raddb/modules/realm > > including configuration file /etc/raddb/modules/wimax > > including configuration file /etc/raddb/modules/mac2vlan > > including configuration file /etc/raddb/modules/linelog > > including configuration file /etc/raddb/modules/sqlcounter_expire_on_login > > including configuration file /etc/raddb/modules/detail.example.com > > including configuration file /etc/raddb/modules/checkval > > including configuration file /etc/raddb/modules/logintime > > including configuration file /etc/raddb/modules/sql_log > > including configuration file /etc/raddb/modules/sradutmp > > including configuration file /etc/raddb/modules/always > > including configuration file /etc/raddb/modules/attr_rewrite > > including configuration file /etc/raddb/modules/krb5 > > including configuration file /etc/raddb/modules/perl > > including configuration file /etc/raddb/modules/unix > > including configuration file /etc/raddb/modules/inner-eap > > including configuration file /etc/raddb/modules/radutmp > > including configuration file /etc/raddb/modules/counter > > including configuration file /etc/raddb/modules/acct_unique > > including configuration file /etc/raddb/modules/files > > including configuration file /etc/raddb/modules/realm > > including configuration file /etc/raddb/modules/wimax > > including configuration file /etc/raddb/modules/mac2vlan > > including configuration file /etc/raddb/modules/linelog > > including configuration file /etc/raddb/modules/sqlcounter_expire_on_login > > including configuration file /etc/raddb/modules/detail.example.com > > including configuration file /etc/raddb/modules/checkval > > including configuration file /etc/raddb/modules/logintime > > including configuration file /etc/raddb/modules/sql_log > > including configuration file /etc/raddb/modules/sradutmp > > including configuration file /etc/raddb/modules/always > > including configuration file /etc/raddb/modules/attr_rewrite > > including configuration file /etc/raddb/modules/detail > > including configuration file /etc/raddb/modules/digest > > including configuration file /etc/raddb/modules/ippool > > including configuration file /etc/raddb/modules/mac2ip > > including configuration file /etc/raddb/modules/mschap > > including configuration file /etc/raddb/modules/smbpasswd > > including configuration file /etc/raddb/modules/passwd > > including configuration file /etc/raddb/modules/policy > > including configuration file /etc/raddb/modules/smsotp > > including configuration file /etc/raddb/modules/etc_group > > including configuration file /etc/raddb/modules/preprocess > > including configuration file /etc/raddb/modules/attr_filter > > including configuration file /etc/raddb/modules/detail.log > > including configuration file /etc/raddb/modu
Re: /etc/raddb/radiusd.conf[249]: Error binding to port for :: port 1812
Dougan, Linda A wrote: > I just upgraded to net-dialup/freeradius-2.1.7 Upgrade to 2.1.10. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Max-Octets
Brent wrote: > However it is not disconecting the user from the network once limmit has > been reached , RADIUS doesn't disconnect users. Most NAS softwtware doesn't pay attention to any "max octets" attribute in the Access-Accept. For chillispot, see the chillispot documentation and/or mailing lists for how to debug it. > Any ideas on how i can disconect the user , Run a script that disconnects the user. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Max-Octets
Please help i`ve configured the follow to enforce data limmits per user ,
sqlcounter noresetBytecounter {
counter-name = Total-Max-Octets
check-name = Max-Octets
reply-name = ChilliSpot-Max-Total-Octets
sqlmod-inst = sql
key = User-Name
reset = never
query = "SELECT (SUM(AcctInputOctets)+SUM(AcctOutputOctets))
FROM radacct WHERE UserName='%{%k}'"
}
However it is not disconecting the user from the network once limmit has
been reached , however if i log the user out and back in it then says user
limmit reached ,
Any ideas on how i can disconect the user ,
PS : i have added chillispots dictionary to freeradius dictionary
Many Thanks
Brent
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/Max-Octets-tp4412382p4412382.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ntlm_auth authentication results logging messages
On 05/19/2011 08:04 PM, John Douglass wrote:
Now, the actual ntlm_auth command within the $RADIUS/modules/mschap does
read:
ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
--username=%{%{Stripped-User-Name}:-%{User-Name:-None}}
--challenge=%{mschap:Challenge:-00}
--nt-response=%{mschap:NT-Response:-00}"
So it's not doing necessarily the same kind of authentication command as
I was doing above but I have no idea how to simulate a challege request
on command line to verify :)
You can just run FreeRADIUS in debug mode and capture any ntlm_auth
command line - they're re-usable, the "response" value is the same every
time for a given challenge, username and password. Security revolves
around the challenge being random and not re-used.
(I have some utilities for generating the response that I keep meaning
to stick in an AppEngine page at some point)
Login incorrect (mschap: External script says Logon failure
(0xc06d)): [asdf/] (from client LAWN-WiSM port
29 cli 00-25-00-f5-a3-2b via TLS tunnel)
However, "Logon failure" is nebulous when it could be either "bad
password", "account disabled", or "no such user" that comes out of the
"ntlm_auth" command (at least when I run it by hand).
Is this the fault of the results of ntlm_auth being vague or is
something else at play?
The former. As you noted above, you were testing with username/password
auth as opposed to challenge/response auth. The latter gives a much
smaller, less interesting (but arguably more secure) set of error codes.
About all you get other than "Login failure" is "Password expired"
(which the recent MS-CHAP password change patch I wrote looks for and
acts on)
This is for boring reasons to do with the way Samba makes the RPC call
against the domain, and gradual changes in Windows about what error
codes it leaks (if you think about it, leaking the difference between
"invalid user" and "invalid password" makes user/pass dictionary attacks
easier)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius on windows server 2008
Thanks for your post. I know I can solve the problem by bypassing it. But it's not what I'm looking for. I just want to understand what is going wrong here in this particular case. It's just a test server on which I try some stuff. I'm sure a Linux VM will work just fine :) -- View this message in context: http://freeradius.1045715.n5.nabble.com/Freeradius-on-windows-server-2008-tp4411813p4412001.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius on windows server 2008
heavysilence wrote: > Running FreeRadius.net version 1.1.7 r0.0.2 on Windows Server 2008 That hasn't been updated for a *long* time. > Authentication works fine in Debug mode.But starting the service normally, > nothing happens. No response from the radius server.Tried to set user = > nobody group = shadow user = root and all stuff thats looks like that in > every combination I could imagine. Still not working Run it on a Linux VM, on Windows. That way you can use a recent version of the server, with all of the bug fixes && new features. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
