Version 2.0.2 has been released.
People using EAP should definitely upgrade. Feature improvements * Added notes on how to debug the server in radiusd.conf * Moved all log_* in radiusd.conf to log{} section. The old configurations are still accepted, though. * Added ca.der target in raddb/certs/Makefile. This is needed for importing CA certs into Windows. * Added ability send raw attributes via Raw-Attribute = 0x0102... This is available only debug builds. It can be used to create invalid packets! Use it with care. * Permit unlang policies inside of Auth-Type{} sub-sections of the authenticate{} section. This makes some policies easier to implement. * listen sections can now have type = proxy. This lets you control which IP is used for sending proxied requests. * Added note on SSL performance to raddb/certs/README Bug fixes * Fixed reading of detail files. * Allow inner EAP tunneled sessions to be proxied. * Corrected MySQL schemas * syslog now works in log{} section. * Corrected typo in raddb/certs/client.cnf * Updated raddb/sites-available/proxy-inner-tunnel to permit authentication to work. * Ignore zero-length attributes in received packets. * Correct memcpy when dealing with unknown attributes. * Corrected debugging messages in attr_rewrite. * Corrected generation of State attribute in EAP. This fixes the failed to remember handler issues. * Fall back to DEFAULT realm if no realm was found. Based on a patch from Vincent Magnin. * Updated example raddb/sites-available/proxy-inner-tunnel * Corrected behavior of attr_filter to match documentation. This is NOT backwards compatible with previous versions! See man rlm_attr_filter for details. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Version 2.0.2 has been released.
With 2.0.2 I tried a performance test with eap authentications. At one point I get : Thu Feb 14 15:10:30 2008 : Error: rlm_eap: No EAP session matching the State variable. Thu Feb 14 15:10:30 2008 : Error: rlm_eap: Either EAP-request timed out OR EAP-response to an unknown EAP-request Is this the normal message when the server is too busy? Norbert Wegener Alan T DeKok schrieb: People using EAP should definitely upgrade. Feature improvements * Added notes on how to debug the server in radiusd.conf * Moved all log_* in radiusd.conf to log{} section. The old configurations are still accepted, though. * Added ca.der target in raddb/certs/Makefile. This is needed for importing CA certs into Windows. * Added ability send raw attributes via Raw-Attribute = 0x0102... This is available only debug builds. It can be used to create invalid packets! Use it with care. * Permit unlang policies inside of Auth-Type{} sub-sections of the authenticate{} section. This makes some policies easier to implement. * listen sections can now have type = proxy. This lets you control which IP is used for sending proxied requests. * Added note on SSL performance to raddb/certs/README Bug fixes * Fixed reading of detail files. * Allow inner EAP tunneled sessions to be proxied. * Corrected MySQL schemas * syslog now works in log{} section. * Corrected typo in raddb/certs/client.cnf * Updated raddb/sites-available/proxy-inner-tunnel to permit authentication to work. * Ignore zero-length attributes in received packets. * Correct memcpy when dealing with unknown attributes. * Corrected debugging messages in attr_rewrite. * Corrected generation of State attribute in EAP. This fixes the failed to remember handler issues. * Fall back to DEFAULT realm if no realm was found. Based on a patch from Vincent Magnin. * Updated example raddb/sites-available/proxy-inner-tunnel * Corrected behavior of attr_filter to match documentation. This is NOT backwards compatible with previous versions! See man rlm_attr_filter for details. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Version 2.0.2 has been released.
Hey Alan, is the LDAP_DEPRECATED stuff all fixed in 2.0.2? just wanna double check before i compile it and don't pass that option myself... Thanks, Joe Vieira UNIX Systems Administrator Clark University - ITS Norbert Wegener wrote: With 2.0.2 I tried a performance test with eap authentications. At one point I get : Thu Feb 14 15:10:30 2008 : Error: rlm_eap: No EAP session matching the State variable. Thu Feb 14 15:10:30 2008 : Error: rlm_eap: Either EAP-request timed out OR EAP-response to an unknown EAP-request Is this the normal message when the server is too busy? Norbert Wegener Alan T DeKok schrieb: People using EAP should definitely upgrade. Feature improvements * Added notes on how to debug the server in radiusd.conf * Moved all log_* in radiusd.conf to log{} section. The old configurations are still accepted, though. * Added ca.der target in raddb/certs/Makefile. This is needed for importing CA certs into Windows. * Added ability send raw attributes via Raw-Attribute = 0x0102... This is available only debug builds. It can be used to create invalid packets! Use it with care. * Permit unlang policies inside of Auth-Type{} sub-sections of the authenticate{} section. This makes some policies easier to implement. * listen sections can now have type = proxy. This lets you control which IP is used for sending proxied requests. * Added note on SSL performance to raddb/certs/README Bug fixes * Fixed reading of detail files. * Allow inner EAP tunneled sessions to be proxied. * Corrected MySQL schemas * syslog now works in log{} section. * Corrected typo in raddb/certs/client.cnf * Updated raddb/sites-available/proxy-inner-tunnel to permit authentication to work. * Ignore zero-length attributes in received packets. * Correct memcpy when dealing with unknown attributes. * Corrected debugging messages in attr_rewrite. * Corrected generation of State attribute in EAP. This fixes the failed to remember handler issues. * Fall back to DEFAULT realm if no realm was found. Based on a patch from Vincent Magnin. * Updated example raddb/sites-available/proxy-inner-tunnel * Corrected behavior of attr_filter to match documentation. This is NOT backwards compatible with previous versions! See man rlm_attr_filter for details. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Version 2.0.2 has been released.
Joe Vieira wrote: Hey Alan, is the LDAP_DEPRECATED stuff all fixed in 2.0.2? just wanna double check before i compile it and don't pass that option myself... I committed it, and it should be there. Check for it in the Makefile after ./configure. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Version 2.0.2 has been released.
Norbert Wegener wrote: With 2.0.2 I tried a performance test with eap authentications. At one point I get : Thu Feb 14 15:10:30 2008 : Error: rlm_eap: No EAP session matching the State variable. Thu Feb 14 15:10:30 2008 : Error: rlm_eap: Either EAP-request timed out OR EAP-response to an unknown EAP-request Is this the normal message when the server is too busy? Only if there is an interval of 60 seconds between EAP packets for one session. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html