***************************************************************** RadiusNT and RadiusX change history for versions 5.x, 4.x and 3.x ***************************************************************** Modified: 6/16/2010 Copyright (c) 1999-2010 IEA Software, Inc. All rights reserved worldwide. This file contains important, late-breaking information about changes made within RadiusNT/X. We recommend that you read this file and keep a printed copy with your RadiusNT/X documentation. For updated CHANGES.TXT files and additional information about installing and running RadiusNT/X, please visit our Support Web site for updated documentation at http://www.iea-software.com/support. Tip: If necessary, choose Word Wrap from the Notepad Edit menu or Wrap To Window from the WordPad View/Options menu to wrap the text within the document window. Note: All changes starting with 'UNIX:' are specific to the RadiusX products and do not effect RadiusNT. Any change starting with a version number in brackets '[x.x]' applies only to that version of the product. ---------------------------------------------- CHANGES.TXT CONTENTS ---------------------------------------------- . KNOWN PROBLEMS . RELEASE CHANGES · TECHNICAL SUPPORT ---------------------------------------------- KNOWN PROBLEMS ---------------------------------------------- * None ---------------------------------------------- RELEASE CHANGES ---------------------------------------------- Radius 5.1.66 - 6/16/2010 -- * Fixed tag attributes are not processed properly when applied to VSAs * Added database users service type can be accessed from the variable $accounttype during filter processing * Added Cisco avpair attribute parsing combines portions of variables separated by ':' character Radius 5.1.65, 4.0.88 - 5/10/2010 -- * Added reply attribute management update * Added allow filters using the equal match type to work with string data types * Added changed PEAP v1 PRF magic to match PEAP v0 for Apple compatibility * Fixed thread safe SNMP query functions * Fixed disallow users file default users in database mode Radius 5.1.64, 4.0.88 - 3/5/2010 -- * Added IPv6 transport support for RADIUS messages, rating engine, syslog and RadiusNT/X administrator UI * Added increased maximum UDP listener sockets from 64 to 128 * Added improved attribute indexing system * Added syslog messages can be distributed to multiple syslog servers based on DNS configuration * Added DNS name lookup caching * UNIX: Added when no bind addresses are configured the server now binds separatly to each network interface * Added logging for all transport send operation failures Radius 5.1.63, 4.0.88 - 1/11/2010 -- * [5.1] Fixed single byte overrun when authenticating users with NT hash passwords * Fixed memory leak retrying authentication requests Radius 5.1.62, 4.0.88 - 11/5/2009 -- * [5.1] Added PAP and MSCHAP support for passwords stored in NT hash form * [5.1] Fixed RadiusX restarts on systems with Sparc processors when multi-threaded authentication has been enabled * [5.1] Fixed SHA1 dependent authentication algorithms fail on Solaris platform Radius 5.1.60, 4.0.88 - 9/10/2009 -- * [5.1] Added support for IPv6 prefix attribute types * Fixed IPv6 string representations trailing zeros not properly compressed * Fixed IPv6 encode failure of certain properly formatted IPv6 addresses Radius 5.1.59, 4.0.88 - 6/15/2009 -- * [5.1] Fixed query errors displayed in authentication log file when a new day starts and no authentication requests have been previously sent since server startup Radius 5.1.58, 4.0.88 - 5/1/2009 -- * [5.1] Added support for marshalling attributes of type octets to the calls table as hexidecimal values * [5.1] Added if MSCHAPv2 validation fails with user only portion of user@realm retry with user@realm * [5.1] Added support for authentication reject when auth rating is enabled, default cost is not configured and no rating rules match Radius 5.1.56, 4.0.88 - 2/21/2009 -- * [5.1] Added current data usage for reauthorized sessions count input and output octets instead of output only * [5.1] Added updated supporting encryption routines Radius 5.1.55, 4.0.88 - 12/31/2008 -- * [5.1] Fixed AV caused by EAP inner protocols providing username attributes that contain no value * [5.1] Added filter queries can now convert proxied access reject messages to access accept by returning a query with AttributeID and VendorID set to -1 * [5.1] Fixed rating engine memory leak when reconfiguring active rating rules and a custom classifier query has been associated with a rate Radius 5.1.53, 4.0.88 - 11/22/2008 -- * [5.1] Added support for WISPr-Session data left usage limit VSAs * [5.1] Added 64-bit signed integer data type * [5.1] Added tunnel password and tag tunnel password attribute type configuration * [5.1] Added octets binary data type with ability to enter values in hexadecimal format * [5.1] Fixed TTLS username is not used when identity hiding is enabled via User-Name attribute or EAP-Identity * [5.1] Fixed rating engine when rating requests containing usage for both time and data dimensions data only rates previously required a dummy zero cost time rate to prevent the data only rate from being ignored Radius 5.1.47, 4.0.88 - 8/14/2008 -- * Added workaround for MSSQL 2008 ODBC driver bug causing a numeric overflow error to be displayed when retrieving cached account information * [5.1] Fixed authentication may fail intermittently when large numbers of users are concurrently authenticated using PEAP or TTLS Radius 5.1.46, 4.0.88 - 7/22/2008 -- * [5.1] Added ignore Diameter encoded AVPs containing a zero length payload instead of failing the decode to improve TTLS client compatibility * [5.1] Added startup and shutdown section logging * [5.1] Added updated supporting encryption routines * [5.1] Added support for storage of Emerald database encryption secret key via operating systems secure key store * Fixed when realm service type replacement is enabled and challenge responses are proxied replaced attributes should apply only to the final access accept message * Fixed instances where logging messages were incorrectly classified * Fixed when synchronizing account changes via smart cache the per request authentication query timeout should not apply * Fixed AV may occur during the forced shutdown process which can occur when pending operations take too long to complete Radius 5.1.44, 4.0.87 - 4/25/2008 -- * Added support for excluding a service type from DNIS checking unless reverse DNIS checking is enabled by setting a NULL value for the DNISNumber column of SQLDNIS * Added Vista and Windows 2008 compatibility update to account for missing RRAS API calls in these versions of windows * [5.1] Added support for conversion of string port values to integers to maintain compatibility with older Calls table schemas having an integer NASPort column * Fixed malformed RadiusNT/X admin web server post request may cause AV of the admin configuration server Radius 5.1.42, 4.0.86 - 1/26/2008 -- * [5.1] Added reverse counting of SNMP concurrency violations by exception and substring matching of SNMP values to username * [5.1] Added rating engine support for additional rounding options Radius 5.1.41, 4.0.86 - 12/23/2007 -- * Fixed account expiration should be treated as the minimum of MBR and SA expiration when using an Emerald database * [5.1] Fixed incremental cache updates not being performed at configured interval on the Oracle platform using an Emerald 5 database * Fixed failure to preload server access configuration not logged as an error Radius 5.1.40, 4.0.85 - 12/06/2007 -- * [5.1] Fixed rating engine AV while rating accounting records * [5.1] Fixed possible AV while proxy accounting echo and accounting store and forward mode are both enabled * [5.1] Fixed compatibility problem with version 6.x RSA SecurID clients on the windows platform Radius 5.1.38, 4.0.85 - 9/23/2007 -- * [5.1] Added removed boingo VSA 32 from the tunnel password attribute list * [5.1] Fixed primary database connection pool too shallow to handle worse case query load * [5.1] Fixed possible AV during long term cache maintenance shortly after midnight * [5.1] Added support for EAP-TTLS PAP/CHAP/MSCHAPv1/MSCHAPv2 * [5.1] Added compatibility with Emerald v5 on the Oracle database platform * [5.1] Added option to customize reply attributes sent in response to an authentication failure * [5.1] Added RFC 4590 SIP/HTTP Digest authentication in addition to draft-sterman-aaa-sip-01 Radius 5.1.35, 4.0.85 - 6/27/2007 -- * [5.1] Fixed the attribute filtering system may not act on requests that determine an authentication response should be rejected or ignored * [5.1] Added rating engine updates supporting InitialCost and StaticCost attributes if avaliable in the rating request * [5.1] Added Req/Resp Code RadFilterTypeID (5) to attribute filtering system to match the RADIUS request or response packet code * [5.1] Fixed disable day + 1 for service expirations only when used with Emerald v5 as this is now controlled via Emerald * [5.1] Added improved zero value port filtering while the "Add virtual NAS-Port if missing" advanced option is enabled * Fixed SHA password hash formats are not properly recognized Radius 5.1.29, 4.0.84 - 4/4/2007 -- * [5.1] Fixed rating engine accounting rating decision was incorrectly controlled by the "Enforce cost-based session limits" advanced option instead of "Allow rating of accounting call records" * [5.1] Added support for Cisco encrypted AVPair attribute * [5.1] Fixed rating engine data only rate with session limit should reject authentication after credit limit has been exhausted * [5.1] Fixed rating engine AV when specific ordered combinations of duplicate attributes of different types are received * [5.1] Added filter out authorization attributes before passing request attributes to the rating engine when rating of authentication requests is enabled * [5.1] Added "data banking" feature to enforce data remaining restrictions similiar to "time banking" * [5.1] Fixed when uploading call records the Emerald5 Calls.CallID column must be excluded from column discovery to prevent attributes of the same name from setting a CallID value * [5.1] Added "amountleft" and "dataleft" variables for "auth out" and "auth req+resp" attribute filters * [5.1] Fixed rating engine AV while loading numeric rating rules having a "less than" match type Radius 5.1.25, 4.0.83 - 12/22/2006 -- * [5.1] Added optional "RadCheck" field to second attribute result set of RadGetUser * [5.1] Fixed rating engine requests with null or 0 default cost must still be rated * [5.1] Fixed rating engine zero cost rules were being ignored and assigned default cost * [5.1] Fixed rating engine ~3 sec shutdown delay caused by not waking queue manager * [5.1] Fixed rating engine assert when totals are required by max cost but not any applicable rating rules * [5.1] Fixed rating engine rates with data and time rating rules did not link data starting period costs for enforcement of max charge amount Radius 5.1.24, 4.0.83 - 11/22/2006 -- * [5.1] Added allow conversion of rating engine upload attributes to RADIUS reply attributes * [5.1] Fixed allow Emerald 5 RADIUS enterprise and professional license features * [5.1] Fixed rating engine time indexing error * [5.1] Fixed rating engine authentication failure condition and uploaded reply attributes were not enforced * [5.1] Added allow rating engine data dimension tracking for authentication reauthorization requests * Fixed escape accounting username and nasid * [5.1] Fixed rating engine time remaining calculations now influenced by data rates * [5.1] Fixed rating engine was recording only the first historical update when rating a request * [5.1] Fixed display of invalid AES decryption warnings * [5.1] Added Emerald decryption support for results of query based data filters * Added Boingo encrypted attribute support * [5.1] Added MS Vista PEAP bug workaround for vista client compatibility Radius 5.1.19, 4.0.82 - 9/18/2006 -- * Added support for 16-bit Alcatel VSAs * Added when NAS-Port equals 0 and NAS-Port-ID or another port identifier is avaliable use this instead of NAS-Port * Added preference internal class attribute least when using attribute filter variables with multiple class attributes * [5.1] Fixed rating engine update Radius 5.1.17, 4.0.81 - 7/6/2006 -- * Fixed Password replace feature would incorrectly set password blank when password was ANY or WINNT/UNIX and CHAP authentication is used * Added SecureRandom configuration option to allow disabling the use of operating system provided random numbers * [5.1] Fixed incorrect secret when sending outgoing proxy requests using Emerald v5 password encryption with encrypted shared secrets * [5.1] Added support for online port clear stored procedure RadClearNAS and database configuration option SQLClearNAS * [5.1] Fixed authentication rating engine errors * Added expiration dates now include time of day information * [5.1] Added support for UNIX MD5 encrypted passwords Radius 5.1.16, 4.0.80 - 3/9/2006 -- * [5.1] Added support for limiting total time a proxy accounting record can remain queued (QueueMaxTime) Radius 5.1.15, 4.0.80 - 2/15/2006 -- * [5.1] Added support for a virtual NAS-Port if one is not provided by the RADIUS client * Fixed AV caused by external authentication API attribute checking * [5.1] Added accounting upload query timeout setting * Fixed allow proxy of initial request when all roam servers in group are over max rate in store and forward mode * Fixed load balanced retries may prevent proxy servers that are not responding from being quickly detected * Fixed allow delayed response removal for authentication requests * Fixed allow proxy authenticator history for authentication requests * Fixed roam server reconfigure requests did not transfer current state for all members of a roam domain * [5.1] Fixed substring attribute filter and proxy attribute match types are now case insensitive * Fixed proxy retry rate for down proxy servers was not restricted to the proxy check interval * Fixed do not allow proxy request duplication when one or more servers are unavaliable * Fixed increase retry partitioning for store and forward proxy mode * [5.1] Fixed rating engine classifier database errors were being reported as memory allocation errors * Fixed entering 0 in auth or accounting port field of a roam server now causes authentication or accounting messages to be ignored * Fixed remove delay between detection of a down accounting server in store and forward mode and resetting of the effected proxy records retry counters * Fixed AV introduced in 5.1.6 while processing unrecoverable malformed packets * Fixed allow processing of packets containing unknown attributes with unknown proprietary VSA formats Radius 5.1.10, 4.0.79 - 1/31/2006 -- * [5.1] Fixed AV caused by use of auth req + resp attribute filter with a destination type of Reject containing destination data * [5.1] Fixed when using an attribute filter of source type Auth Proxy Out and a destination type of Reject the destination data field is not passed in the reply-message attribute of the access-reject * Fixed RADIUS messages with no attributes were ignored as invalid * [5.1] Added custom logging auth out source type now has access to many local access reject messages * [5.1] Added support for request nak conversion via sql query merge type when VID and AID are 0 Data becomes reply-message * [5.1] Added include connection group name with accounting spooler related messages * [5.1] Added proxy queue updates * [5.1] Added default proxy rate limiting for store and forward accounting mode. It is still recommended proxy forwarding rates be defined while using this mode * [5.1] Added authenticator history to validate multiple responses to the same request * [5.1] Added delay for proxy response removal to allow for secondary responses * [5.1] Fixed add Acct-Delay-Time attribute with local delay if attribute is not included with accounting record * [5.1] Fixed ADIF logging errors * [5.1] Fixed authenticator validation error is incorrectly displayed when validating proxy accounting retry response where retry has changed since initial request * [5.1] Fixed authentication input attribute filters with a merge type of filter replace may cause an AV * [5.1] Fixed connection group specific accounting upload queues will eventually incorrectly switch to the default accounting datasource * [5.1] Fixed allow attribute filter data fields to contain values exceeding the RADIUS per attribute size limit Radius 5.1.6, 4.0.77 - 12/30/2005 -- * [5.1] Added 'distribution key' search type for attribute filtering and attribute proxy to allow attribute-based deterministic load balancing * [5.1] Added separate accounting queues for each connection group * [5.1] Added merge type of 'log query to accounting' which queues filter SQL queries into the accounting spooler * [5.1] Fixed show contents of attribute filter queries while ODBC debugging is enabled * [5.1] WIN32: Fixed background database test may not report the correct status information when more than one type of ODBC datasource is used * [5.1] Added custom logging only attribute filter source types * [5.1] Default Oracle procedure calls no longer use package syntax. Existing Oracle installations still using the Radius package should choose the 'RadiusNT/X 5.0 compatibility for Oracle' profile from the custom settings menu within the RadiusNT/X administrator to maintain compatibility with existing stored procedures * [5.1] Added ability to log unknown attributes via the attribute filtering system * [5.1] Added rating engine updates to support rating outside of RateHistory * [5.1] Fixed accounting query retries should not be attempted after an ODBC error with a state class of 37 Radius 5.1.5, 4.0.76 - 11/22/2005 -- * [5.1] Fixed sequence conflict when initially decrypting Emerald v5 AES encrypted shared secrets * [5.1] Fixed while sending a proxied access-accept message with a configured proxy source port the configured port may be used as the source port instead of the origional destination port of the associated request * Fixed proxy responses with a matched proxy state having an invalid authenticator should not count as receiving a response to an outstanding request Radius 5.1.4, 4.0.75 - 9/26/2005 -- * [5.1] Added support for Emerald v5 AES password encryption * [5.1] Added global attribute filtering variable change option Radius 5.1.3, 4.0.75 - 8/3/2005 -- * [5.1] Added real-time rating engine * Fixed require exclusive rather than shared access to all authentication and accounting UDP listen ports * Fixed time stamp of call records logged to a MySQL database are incorrectly formatted * Fixed passivly detecting when a proxy server has recovered from a failure may not occur in some cases * Fixed allow per-user concurrency control logon limits to exceed 253 concurrent sessions * Fixed when text and database mode is enabled logging accounting records to local files should be disabled * Fixed command line option '-f' to test all database connections and exit was not displaying the database status * Fixed removed unecessary service type reloads while caching is disabled * Fixed attempting to locate internal proxy state for records without a proxy state attribute should only be done while the request does not contain a Proxy-State attribute with a local prefix * Fixed proxy authenticator validation may fail intermittently while proxying accounting records * Fixed while proxying requests under high load packets may occasionally be routed to the wrong destination * Fixed removed possibility of responding with an authentication ack if the Session-Limit attribute is zero * Fixed treat-as-local roam server setting was not enforced for requests routed using proxy-attributes * Fixed using Tunnel-Password in a reply attribute can lead to a malformed response * Fixed using tag attributes in proxied reply can lead to a malformed proxy response * Fixed when proxying a response containing Tunnel-Password the attribute is decrypted incorrectly in some cases Radius 5.0.58, 4.0.74 - 7/3/2005 -- * Fixed DNS should not be used to discover NAS-IP-Address when only NAS-Identifier is avaliable for concurrency enforcement * Added year 2038 workaround Radius 5.0.57, 4.0.73 - 6/5/2005 -- * Fixed enabling logged accounting may decrease maximum accounting upload rate by ~60% * Fixed logged accounting did not cover queue backlogs * [5.0] Added user selectable source port for all outgoing proxy authentication and accounting requests * [5.0] Added custom attribute filtering extensions Radius 5.0.55, 4.0.72 - 5/2/2005 -- * Fixed sensitive data should not be reported to syslog servers * [5.0] Added allow log file locations to change without requiring RadiusNT/X to be restarted * Fixed cases of general messages being incorrectly routed to the authentication log file * [5.0] Added support for multiple listen addresses and listen ports * Added options to control interface from which to proxy authentication and accounting requests * [5.0] Added server now listens on ports 1645 and 1646 for authentication and 1646 and 1813 for accounting by default * Fixed when not specified default pathnames for authentication and accounting logs are now assigned * Fixed account expiration in some cases may occur several hours before or after midnight * Added improved debug output for packet codes and packet source address * Fixed possible conflicts with attributes of the same name and vendor while displaying RADIUS dictionary values * Fixed EAP-MSCHAPv2 password retry failure on subsequent password retries after password is entered incorrectly on first attempt Radius 5.0.54, 4.0.71 - 4/8/2005 -- * [5.0] Fixed when using a custom authentication query and the TimeLeft column is NULL limits must not be enforced rather than reflecting the account has no time remaining * Fixed additional exemptions for constraint error filter for MSSQL and Sybase when recording accounting data * [5.0] Added maximum store and forward accounting mode retention setting * Fixed validate proxied response authenticator for authentication and accounting responses * Fixed validate proxied message authenticator for authentication responses * Fixed message signature validation fails when 'always use digitial signatures' is disabled and EAP authentication is not used * Fixed prevent sending multiple signature attributes when proxying EAP auth responses with 'always use digital signatures' enabled * Added improved minimized memory usage behavior on low memory * Added sequence numbering for proxy state attributes * Added improved authenticator related error messages * Fixed prevent accounting upload retry for non connection oriented classes of errors * Fixed VSA sub-attributes containing one byte or less may incorrectly be marked as malformed * Fixed when proxying auth requests containing the signature attribute the signature is incorrectly based on the client secret rather than the remote RADIUS servers secret * [5.0] Fixed when rejecting an authentication request based on an authentication input filter the reject message contains an invalid response authenticator Radius 5.0.50, 4.0.70 - 3/4/2005 -- * [5.0] Fixed removed special check used to reject accounting records with a username of 'Reject' * [5.0] Added when setting an accounting table such as the Calls table to 'none' logging is disabled for that table however the accounting request is still acknolwedged * [5.0] Added index and marshalling optimizations Radius 5.0.49, 4.0.70 - 2/24/2005 -- * Added when recording accounting Call records ignore Acct-Delay-Time in CallDate calculation where Acct-Delay-Time is greater than a year * [5.0] Fixed custom queries and attribute filter definitions containing variables may in rare cases become corrupt until their configuration is refreshed * [5.0] Fixed oracle default account lookup query error * [5.0] Added 'Auth Proxy Resp' filter source option allowing authentication proxy responses to be matched and modified * [5.0] Fixed second result set of a custom configured SQLRadGetUser query was ignored * [5.0] Added 'Virtual class attribute' feature allowing RadiusNT to correlate accounting requests with authentication responses for clients not supporting the 'Class' attribute * Fixed include a partition ID in IEA Class attribute to prevent proxied local attributes from being decoded by other organizations also using RadiusNT Radius 5.0.45, 4.0.69 - 2/3/2005 -- * Fixed number of proxy retries for authentication and non-store-and-forward accounting proxy modes were sometimes more than the configured retry count * Fixed request authenticator was resent on the first retried proxy authentication response instead of the new authenticator sent with the initial response * [5.0] Added request replay now works for proxied requests improving performance over unreliable links * [5.0] Added 'Ignore client retry policy' proxy option allowing RadiusNT to discard unecessary retransmission attempts from the requesting client * Fixed accounting records should not be acknowledged while column information for the accounting Calls table is unavaliable * [5.0] Fixed packet replay system did not work for accounting records * [5.0] Added improved packet replay checking and raised minimum possible replay history size * [5.0] Fixed authentication responses may in a rare case be delayed by 15 seconds Radius 5.0.43, 4.0.68 - 1/14/2005 -- * [5.0] While starting in database mode and no database server is avaliable RadiusNT should refresh its configuration as soon as the database becomes avaliable while persistant caching is enabled * Added more descriptive error text for EAP-PEAP errors * [5.0] Fixed RadGetUser parameter discovery is not retried on failure, default parameters were assumed should discovery fail during startup * Fixed while restoring presistant cache in database mode the use of service type default attributes were always assumed ignoring any user specific attributes Radius 5.0.42, 4.0.67 - 12/08/2004 -- * [5.0] Fixed while reconfiguring RadiusNT with SNMP polling enabled, realtime concurrency checking is not automatically disabled * Fixed EAP-MSCHAPv2 authentication fails if authenticating clients provide a realm while domain trimming is disabled * [5.0] Added support for including only dynamically added filter attributes to subsequently used attribute variables * Fixed RADIUS authentication proxy may retry more than configured number if store and forward proxy mode is enabled * Added EAP authentication requests may now be proxied * Fixed while proxying a request containing a message signature the signature is now recalculated * Fixed challenge responses could not be forwarded to remote proxies * Fixed access challenge responses were not forwarding Proxy-State attributes from remote proxies * Fixed EAP-GTC method will no longer send password field description unless challenged for improved compatibility with Cisco clients * Fixed EAP-PEAP v1 version negotiation failure * Fixed EAP inner authentication identity must be authoratative when avaliable * Fixed EAP now allows responses of type identity to authentication requests of other methods provided a response is forthcoming * UNIX: Fixed proxy retry timer may hang until next incoming request is received * Fixed while proxying an authentication response containing tunnel encrypted attributes the attributes were not being correctly re-encrypted * Added clearer error messages for external authentication and cases where multiple auth attempts are made * Fixed possible AV while loading a specific service types attribute list where no attributes are present for that service type Radius 5.0.39, 4.0.63 - 10/11/2004 -- * Fixed while proxying a CHAP request containing CHAP-Challenge this attribute is sent twice during the authentication request to the remote server * Fixed Rad Rejects may not match attributes having a string data type Radius 5.0.38, 4.0.62 - 8/18/2004 -- * Fixed AV displaying attribute debug having timestamp data * [5.0] Added support for HostIP attribute filter source type * [5.0] Fixed AV when Active field is present using v5 RadGetUser result sets * [5.0] Fixed packet replay does not work correctly when used with proxied responses Radius 5.0.36, 4.0.60 - 6/20/2004 -- * [5.0] Added support for calculating session limit to reflect an accounts expiration date * Added support for 3GPP2 session encryption keys * Win32: Fixed bind IP address listing in RadiusNT admin did not show multiple addresses per interface Radius 5.0.35, 4.0.59 - 6/3/2004 -- * [5.0] Added support for SIP proxies (HTTP digest authentication) * Added option to allow or deny concurrency enforcement on a per RADIUS client basis * Changed some NASes behave incorrectly while reply-message is sent in access-accept, removed reply-message for this case * [5.0] Added allow attribute filters of destination type auth/acct proxy out to modify the outgoing User-Name attribute * [5.0] Added support for destip in the destination group of output attribute filters * Added support for explicitly denying server port access Radius 5.0.31, 4.0.57 - 4/12/2004 -- * Fixed proxy attribute matching problem which could cause requests to be routed to the wrong roam server * Added additional format checking to proxy store and forward ADIF logging * Fixed possible AV when processing proxy out attribute filters with a destination type of merge replace * Added informational debug for LDAP authentication * Fixed LDAP authentication failure using internal comparison of password attributes Radius 5.0.29, 4.0.56 - 2/16/2004 -- * [5.0] Fixed SQL query destination merge type should use SQL variable encoding rules * Fixed increased VSA format error checking to prevent errors from leading to unnecessary attribute decoding problems * Fixed problem finding port information for IP pooling and server port access * Fixed LDAP authentication failure using bind to auth with the netscape/sun directory server * Added preference for NAS-Port over NAS-Port-ID for accounting record port selections Radius 5.0.27, 4.0.55 - 11/17/2003 -- * Fixed response string conversion errors while processing an external auth methods mapped attributes * Fixed attribute mapping system incorrectly required at least one attribute value before it can initialize * Added support for NAS-Port-ID as NASPort * Fixed NASIdentifier and NASPort fields in Calls were not being restricted by size * Fixed removed incorrect ignore for 22xxx class of errors from accounting spooler * [5.0] Fixed incorrect AVP value matching in Proxy attribute and attribute filtering system * [5.0] Added $serverip variable to destination data field of the attribute filtering system * Fixed unmatched proxy domain causes an auth trim regardless of the global trim setting * Fixed when loading RADIUS clients from a database and the IP Address field has trailing or leading spaces that client entry is ignored * Added use hardware sources for random numbers when possible * [5.0] Added attribute filter source to allow searching request attributes to conditionally modify response attributes * UNIX: Fixed when using Sybase ASE accounting and authentication performance is diminished after receiving a duplicate accounting request * [5.0] Fixed error reading RadGetUser procedure parameters with Sybase ASE 11.9.2 * [5.0] Fixed Auth Proxy Req+Resp source type 'destination ip' and 'client ip' reversed * Fixed when time banking is enabled and an account has no time limit smart caching should be allowed Radius 5.0.22, 4.0.54 - 10/16/2003 -- * Fixed supporting crypto and database driver updates * [5.0] Fixed RadGetUser Password parameter passed even when the parameter is not part of this stored procedure * Fixed allow treat as local to completely override the global trim setting * Fixed malformed response while sending tag integer attributes * Fixed timestamp datatypes not being sent in auth response * [5.0] Added $timetstamp filtering variable to report current time in RADIUS datetime format * [5.0] Added destination merge type of SQL query to attribute filtering system * [5.0] Fixed incorrectly restricting application of destination filters based on their filter type * Fixed domain not stripped for auth when global trim is disabled and a proxy server with 'treat as local' enables strip domain * Fixed disable accounting despooler in text-only mode * Fixed ServerID/AccountID columns may appear multiple times in Calls update due to a NAS incorrectly sending duplicate Class attributes Radius 5.0.17, 4.0.51 - 9/27/2003 -- * Fixed EAP-GTC does not work in conjunction with PEAP * UNIX: fixed AV while generating PEAP session encryption keys * Added -X4 option to enable EAP packet level debug * Added support for restricting PEAP version negotiation to v0 for improved client compatibility * Fixed EAP authentication was incorrectly disabled in text only mode Radius 5.0.15b, 4.0.49 - 9/16/2003 -- * Fixed rare condition when multiple accounts have the same username not all may be able to authentication after the server has been running for quite some time * Fixed ServerPorts clear may not work in some roaming environments where NASIdentifier is avaliable in ServerPorts * [5.0] Added LDAP password attribute option to allow authentication without re-binding to the directory * [5.0] Added configuration option to set 'ServerPorts' table name * [5.0] Added support for SMD5 and SSHA passwords * Fixed proxy attributes should be concidered for proxy before realm * [5.0] Fixed attribute proxy groups may not all be concidered for proxy * Improved SNMP client, support for loading multiple mib files, improved error reporting and thread safety * Fixed SNMPTimeout configuration option was in microseconds instead of milliseconds * [5.0] Fixed auth work thread lockout when a malformed packet is received * Fixed existance of expired keys may incorrectly cause RadiusNT/X to stop working at midnight * Fixed attribute proxy should be enabled if auth or acct proxy is enabled * [5.0] Fixed AV with invalid directory/file when writing persistent auth log to disk * Fixed command triggers can fire in text-only mode * Fixed ignore #CACHE hint parameters in text-only mode Radius 5.0.13b, 4.0.47 - 8/28/2003 -- * Fixed memory leak during auth when class and timebanking are enabled * [5.0] Fixed AV processing proxy reject attributes with specific orders of proxy state * Fixed User-Password attribute was limited to first 16 characters while proxying a request * Fixed reply attributes not being sent for rejected proxied requests * [5.0] Fixed double reload of proxy clients database at startup or reconfigure * UNIX: Fixed IP pooling may not return reply attributes Radius 5.0.10b, 4.0.44 - 8/12/2003 -- * Fixed after reloading the users file, accounts no longer in the users file may still authenticate * [5.0] Fixed deadlock updating the user database under heavy load Radius 5.0.9b, 4.0.43 - 8/8/2003 -- * UNIX: Replaced Merant ODBC manager and database drivers * Added Client IP checking to server access and allow matching on any combination of null parameters * [5.0] Fixed AV while refreshing DNIS information * [5.0] Fixed a problem logging cached data when persistent auth is enabled Radius 5.0.8b, 4.0.41 - 7/17/2003 -- * Fixed AV when class server/account tracking is enabled and no other attributes are sent during an auth response * Added refresh of roam clients list whenever the roam server profile is refreshed * [5.0] Allow multiple concurrent requests for LDAP, NT, token and TACACS+ clients * [5.0] Added alternate profile support for bad authentication requests * [5.0] Added option for reloading the Servers table/clients file at regular intervals * [5.0] Fixed deadlock while reconfiguring server under heavy load * [5.0] Fixed rare 'user not found' response while refreshing a database user who has multiple authentication requests pending * [5.0] Fixed AV shutting down under heavy load with packet replay enabled * [5.0] Added nasid,port,null service type check and null,null,null to server port access Radius 5.0.7a, 4.0.40 - 7/8/2003 -- * Fixed attributes with no data do not display in attribute debug messages * Fixed parsing bug which may incorrectly assign attributes after encountering certain types of malformed VSAs * Fixed a rare concurrency problem updating the internal user database * [5.0] Added support for several new IP filtering fields * Fixed user session limits were being concidered in some cases even if time banking is disabled * Fixed cases where special attributes were being processed without first checking vendor ID * Fixed unknown attribute error text for db account attributes Radius 5.0.4a, 4.0.39 - 5/29/2003 -- * [5.0] Added RadGetUser support for $serverid and $serverip * [5.0] Fixed attribute filtering attempts to load, if enabled while operating in text only mode * Fixed configuring a calls table named something other than "Calls" still references "Calls" in some cases * Fixed long attribute or attribute value names fail to load from text dictionary * Fixed using Oracle with RadiusNT may not reconnect if database connection is lost * Fixed display database error message if column information for accounting table fails to load * Improved handling of multiple accounts with the same username and password * Fixed force database lookup when smart caching is enabled, time banking is enabled and the user has a set time limit * Fixed lookup problems where complete dictionary does not load Radius 4.0.38 -- * Fixed rare database connection pool leaks * Fixed better transaction handling for backlogged accounting data * Debug message updates * Proxy state messages may be confused with other attributes of the same id * Fixed don't try second result set in RadGetUser if query fails * Fixed sql escape causes AV with configured RadGetUser * Log warning message if attribute data is truncated to fit length restrictions of the Calls table * Fixed memory leak and loss of proxy state information while proxying requests that timeout * Fixed proxy store and forward mode was not limiting resend of queued messages while all destination servers are down * Fixed proxying date attributes such as Event-Time cause malformed packets * Fixed inaccurate auth/acct statistics while proxying specific types of requests Radius 4.0.35 -- * Fixed malformed packet proxying RADIUS requests with tag attributes Radius 4.0.34 -- * Fixed text dictionary does not load correctly if it contains attributes with an id of zero Radius 4.0.33 -- * Fixed changing RadiusNT/X web admin password now sets the common configuration password * EAP-PEAP, EAP-LEAP and EAP-MSCHAPv2 updates * Added support for PEAP session encryption keys * Fixed error in encryption of tunnel/MPPE attributes corrupted keys after first 16 bytes * Fixed proxy not using stored authenticator for retried requests * MSCHAPv1/2 updates * Fixed MSCHAPv2 authentication now sends MPPE keys Radius 4.0.32 -- * Fixed false no attributes error when only VSA's having an Attribute-ID of 0 are used * Fixed error parsing vsa attributes with a VSA lenght of less than two * Fixed EAP ID for ack/nak based on received packet instead of RADIUS ID * Fixed EAP-LEAP now sends access-challenge after authenticating the client instead of access-accept * Fixed EAP sequence problem Radius 4.0.31 -- * EAP-PEAP updates * Added support for Emerald express license keys Radius 4.0.30 -- * DNIS and server port updates * Added support for EAP-MSCHAPv2 * Added checking to prevent downloading incomplete DNIS access lists * EAP-PEAP updates Radius 4.0.29 -- * Fixed memory leak decoding some types of malformed attributes * Fixed possible AV while using EAP authentication * Added support for EAP-GTC Radius 4.0.28 -- * Added support for RSA SecureID v5 two-step auth * Fixed various EAP memory leaks * Added support for Cisco EAP-LEAP Radius 4.0.27 -- * Fixed EAP state problem when EAP is never used * Support for checking radius request attributes against multiple check attributes * Added support for EAP fragments Radius 4.0.26 -- * Fixed Attribute proxy now works with accounting requests * Added EAP/MD5 support * Fixed Server proxy was recording accounting locally while local proxy was disabled. Radius 4.0.24 -- * Added support for Message-Authenticator (RFC 2869) checking * UNIX: Fixed high CPU usage while any proxy options are enabled Radius 4.0.23 -- * Fixed prefer roaming trim settings over global trim when using treat as local Radius 4.0.21 -- * Fixed AV when trying external auth methods assigned to a domain. * Fixed external auth not associating domains if the method matches on domain and no user domain is defined. Radius 4.0.20 -- * Fixed no attributes error with service types longer than 15 characters * UNIX: Fixed sig_pipe on rdbms connection error causing radius to restart * UNIX: Fixed sql cursor state errors after reconnecting to Sybase * Fixed AV while populating ServerPorts table in custom (-D1) mode only * UNIX: Fixed AV while displaying acct queue warning message for non Calls data Radius 4.0.17 -- * Fixed Radius gets cought in a loop using 100% CPU time after receiving certain types of malformed VSA attributes. Radius 4.0.15 -- * Fixed AV and data corruption while responding to some proxy requests Radius 4.0.14 -- * Fixed Radius odbc connection error if it's using the Emerald common dsn config and a read only Emerald dsn is defined. * Fixed accounting pre trims don't work while proxy is disabled. * Fixed Radius packet corruption when sending VSA ascend data filter attribute in access accept Radius 4.0.13 -- * Fixed sync problems in the DNIS cache also don't cache DNIS if DNIS access is disabled * Fixed Include blank ('') Username in Calls query when the Username attribute does not exist in an accounting record * Fixed overflow displaying values of large unknown attributes Radius 4.0.12 -- * Fixed multiple attributes of the same name from an accounting request cause the ServerPorts update query to fail. Radius 4.0.11 -- * Fixed Extra ',' in ServerPorts update query when AccountID exists in ServerPorts, manual calls update is enabled and an AccountID is passed via the Class attribute to ServerPorts. Radius 4.0.10 -- * Fixed authentication query errors if the accounting RDBMS type is different from the auth source. * Fixed query updates for manual ServerPorts update. Radius 4.0.9 -- * Fixed in most cases wrong Service Type information is passed to the IP pooling stored procedure. This can lead to assigning addresses from the wrong pool. * UNIX: Oracle updates to prevent database errors calling stored procedures. Radius 4.0.8 -- * Fixed per roam domain disabling accounting or authentication for proxy prevented Radius from trying the remaining roam servers. * Fixed some per roam server configurations were being confused with other roam servers. Radius 4.0.7 -- * Fixed non-common ODBC passwords not being pse decrypted. * Fixed radlogin update to support tag attribute types in the latest dictionary file. * Fixed LDAP search password was not being pse decrypted causing non-anonymous LDAP searches to fail. Radius 4.0.6 -- * Fixed if accounting proxy is enabled and an accounting record with a realm is not proxyable it should be recorded locally * Updated dictionary file and added support for reading new types (attribute tags) Radius 4.0.5 -- * [3.0.205] While using auth-any auth requests are rejected when CHAP is used. Radius 4.0.3 -- * Fixed time of day restrictions wouldn't allow 0 start or stop times. Radius 4.0.2 -- * Fixed auth-API should send user->msg in the reply message attribute on auth reject * Fixed not loading odbc username and password when using Radius vs common configuration Radius 4.0.1 -- * Fixed database error while caching DNIS prevents other queries from running Radius 4.0.193 -- * Fixed Radius using incorrect AccountTypeID * Fixed default auth/acct roam server ports should be the Radius servers default * Fixed GlobalSecret not working for authentication requests * UNIX: Fixed in trend mode stop records without port numbers cause RadiusX to crash/restart * Merant licensing updates * 3.1 is now 4.0 Radius 3.0.191 -- * Fixed when caching is disabled cached accounts that are in-active accounts are still able to login * [3.1] Fixed several odbc compatibility problem with Sybase against a 3.0 Radius database * Added enable AuthAPI and Proxy via License key feature flags Radius 3.0.190 -- * Fixed can now read AccountType labels up to 30 characters * Fixed account out of time logging message did not include a username * Fixed smart cache loosing overlimit and startdate[3.1] attributes for updated users after a cache update * [3.1] Fixed concurrancy control checking using new concurrancy proc without AccountID does not work * Improved smart cache memory usage Radius 3.0.189 -- * Fixed concurrancy control checking against the accounting DSN, not the authentication DSN * [3.1] Added global DNIS reverse option (Accept is default, listed numbers are denied access) * [3.1] Added pwcheck routine to external auth API * [3.1] Added daily license checking to periodically print expiration warnings Radius 3.0.188 -- * (RQST10063) Fixed AV while loading incorrect Ascend binary filter attributes * Fixed Ascend binary filter attributes passed in reverse order * [3.1] Fixed Oracle load rejects not using an Oracle stored procedure * Fixed missing terminating ';' character in oracle serverports update query * Fixed Oracle should not report some types of query errors * Fixed non-mssql accounting was able to send more than one accounting record per query * [3.1] Fixed port field in Online Update restricted to numeric values * (RQST9862) WINNT Fixed unix password file lookup leaks one handle per lookup * [3.1] Added improved tacacs+ error messages * [3.1] Fixed when authenticating database users externally - log any external database errors * [3.1] Fixed tacacs+ authentication causes AV when tacacs hostname not specified * Fixed when cache write is enabled possible AV while dumping RadReject information to disk * (RQST9816) Fixed ServerAccess checking may incorrectly allow/deny port access Radius 3.0.186 -- * (RQST9707) Fixed expiration dates took effect one day after they should have * [3.1] Added support for time-banking with second accuracy Radius 3.0.185 -- * [3.1] Added 'pairappend' to external auth api * [3.1] Added smart cache support for account start date and inactive accounts * [3.1] Added MSChap V2 support * Fixed Attribute handling to better handle string types containing binary data * Fixed SHA-1 password checking always fails * [3.1] Added contents of unknown attributes to debug output * [3.1] Added MSChap V1 support * Fixed date attribute is always set to 0 after receiving a date attribute * Fixed radius date to rdbms specific date conversion error while logging accounting data * [3.1] Added support for RFC2548 MS-MPPE-Send-Key and MS-MPPE-Recv-Key attribute encryption * Fixed when clearing server ports via accounting on/off no ports are actually cleared * [3.1] Added RadgetPoolConfigs now passes AccountTypeID instead of AccountType if avaliable * Fixed not proxying Accounting when server proxy is enabled, client doesen't have a Roam server defined and the request should be proxied via a domain match * Added VSID support to proxy attribute checking * [3.1] Fixed retried proxy requests were always sent from the auth port * [3.1] Fixed load balancing bug which drops proxy requests when recv rate is over RateMax in store and forward mode * [3.1] Fixed rate limiting causing packet flood while all proxy servers are down * [3.1] Added proxy store and forward optimization * [3.1] Fixed proxy store and forward when moving from at least one good server to all down not all retry counters on current requests were being reset Radius 3.0.184 -- * [3.1] IP Pools can send previous attributes in result set before nack. * [3.1] Removed NASPortName * [3.1] Added proxy load balancing * [3.1] Added Store and forward log * [3.1] Added Tunnel attribute support (RFC 2868) * NASPort now also handles string values provided the NASPort column in the database supports it. * (RQST9545) Fixed memory leak while updating calls online when NASIP does not exist. Radius 3.0.183 -- * (RQST9293) Fixed database usernames were restricted to 32 characters Radius 3.0.182 -- * (RQST9294) Server Port Access no longer requires Port to be present in * [3.1] Fixed external auth name memeory error while starting radius * (RQST9295) Fixed AV reading large column labels from RadAttributes * (RQST9117) Fixed if attribute name of nasidentifier is changed it is not logged if the column exists in the Calls table as other attributes * (RQST9009) Fixed don't resend our proxy state while replying to requests * (RQST9296) Added proxy loop detection * [3.1] Fixed NASPortName should be converted to NASPort if NASPort doesen't exist when creating call records * [3.1] ACE: Fixed support for next token code and pin changing Radius 3.0.179 -- * (RQST9297) Fixed radius was not preferring odbc accounts over a user file account * [3.1] RadGetPoolConfigs now processes multiple result sets Radius 3.0.178 -- * [3.1] (Desktalk) Added NASPortName for voip * (RQST9138) Fixed AV while receiving accounting records * (RQST8648) Shared secrets can now be larger than 15 characters while proxying requests Radius 3.0.177 -- * (RQST9056) UNIX: Fixed Radius restarts itself on auth if concurrancy control is enabled. Radius 3.0.176 -- * (RQST8878) Fixed proxy unknown local users to default proxy not working. * (RQST8875) [3.1] Fixed database accounts using external authentication sources for password validation was not working. * (RQST8876) Fixed RadGetProxyAttributes is called several times per minute if no proxy attribute entries exist. * (RQST8726) [3.0] Fixed memory leak while proxying requests. * (RQST8648) Shared secrets can now be larger than 15 characters. Radius 3.0.175 -- * (RQST8707) UNIX: Fixed radius restarts while printing query error messages. * (RQST8311) Fixed append '\0' to the end of Cisco AVPair attributes. * (RQST8619) Fixed write integer datatypes as unsigned to display/database. * (RQST8621) Fixed Access mode ServerPort update query was incorrect. * (RQST8493) Fixed AV while logging usernames as not found. * Switched to native ODBC transaction routines. * [3.1] Added Oracle support for stored procedures. * (RQST8634) [3.1] Fixed add to AccountDelayTime if it exists for delayed (proxy forwarded) accounting requests. * (RQST8624) Fixed while forwarding proxy requests Radius does not forward known VSAs. * (RQST8623) [3.1] Fixed external Auth load messages were not appearing in debug mode. * (RQST8427) Fixed try to update the database when password replace is enabled and authenticating from a different source. * (RQST8428) Fixed Remove associated users from the cache after password replace runs successfully. * (RQST8429) [3.1] Fixed password replace did not work with external auth modules. * (RQST8436) Fixed time banking cache update was subtracting the smart cache view of timeleft as seconds instead of minutes. * (RQST8438) DB License updates. * (RQST8439) [3.1] Rework external auth api to provide pointers to radius memory allocation routines. Radius 3.0.174 -- * (RQST8280) Fixed manual calls update wasn't falling back to using NASID if a NASIP wasn't sent. * (RQST8279) Fixed workaround for missing LastModifyDate column in SubAccounts in MSAccess mode when time banking is enabled. * (RQST8278) NT: Fixed Radius Administrator would not allow editing datasource names. * (RQST8277) Fixed when manual calls update is enabled (Using MSSQLServer or Oracle databases) a malformed query causes ServerPorts update to fail. * (RQST8276) Fixed ignore primary key constraint errors when recording call records in MSAccess mode. * Fixed truncate data when over column size in manual calls update. * [3.1] (RQST8275) Fixed LDAP Auth doesen't reconnect after LDAP server problem when using direct key searches. * [3.1] (RQST8274) Fixed when enterprise key is detected say 'Enterprise features enabled' instead of 'Professional'. * (RQST8273) Radius with manual calls update was double accounting for Account Delay time in the update decision. ServerPorts does keep correct time. * [3.1] Added support for IP Pooling * (RQST8116) Fixed database test routines would take an unreasonable amount of time to mark connections bad. (Floor was sum of connection slots vs distinct datasources) * (RQST) Fixed reply attribute memory leak when authentication is rejected for some reasons. * [3.1] (RQST8164) Fixed LDAP search now removes 'attribute=$domain' entirely instead of 'attribute=*' in direct lookup mode. Radius 3.0.173 -- * (RQST7983) Fixed crash caused by attribute-pair copy routine corrupting some types of string data. * (RQST8126) Fixed generic (Non IP) Ascend data filters were not being processed. * (RQST8119) Fixed crash while proxying accounting by server proxy and no username in request. * (RQST8104) Fixed manual Calls update query for MSAccess was wrong, would not update server ports. * (RQST8096) Fixed Maximum number of Calls and ServerPorts table columns to populate raised to 150 from 40. * (RQST8098) Fixed memory leak while receiving non accounting packets on accounting port. * (RQST8099) Fixed when AcctMaxBatchItems is 1 (Default) and the despooler is backlogged two items can be sent in a single batch. * (RQST8100) Fixed turn off XACT_ABORT in accounting despooler when explicit transactions are disabled. * Fixed radius packet corruption sending non-usr VSA's of type Integer or IP Address. * Logging Updates Radius 3.0.172 -- * (RQST8015) Fixed Global trim was being used over the trim option defined for roam servers. * (RQST8016) Fixed manual Calls update query for MSAccess was wrong, would not update server ports. * Fixed Manual Calls update now nulls unused columns in the ServerPorts table during acct start/stop. * Fixed non ODBC database users can be removed by the smart cache. * (RQST8000) Fixed When the ignore case option is not set to 1 or 0 SNMP concurrancy checking always fails. * Fixed Concurrancy online debug output was showing incorrect number of users online. * Added Manual service update now also subtracts time from the smart caches time left. * Fixed roam server with treat as local enabled would not ack accounting records. Radius 3.0.171 -- * Fixed Accounting proxy required the trim domain option to forward accounting requests to a proxy server. * Added Interrupt startup database test after reciving shutdown signal. * 2.5 style dictionary load stats. * (RQST8014) Fixed username not getting trimed correctly when trim domain is enabled and the username contains leading and trailing white-spaces. * Fixed a possible memory leak in proxy roam checking. * Accounting call date now takes AcctDelayTime into concideration. Emerald 2.5 users should modify their calls trigger to not account for AcctDelayTime in the ServerPorts table. * Fixed problem where last used time is initially not set causing most entries to be expired from the cache. * Maximum port session time wasn't being concidered calculating a session limit. * (RQST 7795) Fixed session timeouts were not being set when time banking is enabled. * Added support for multiple VSA attributes encoded in a single radius attribute. * Fixed a proxy problem who could cause radius to crash. * If all odbc datasources are not avaliable and the user isn't found in the smart cache radius will ignore the request before testing it against external authentication such as a UNIX password file or NT SAM. * Fixed manual ServerPorts update query for MSAccess was wrong and therefore would not update server ports. * UNIX: Workaround for odbc driver memory leak on Solaris. * Added CacheDisable registry option to require a database check on every authentication. * Added VSAMap registry option to enable VSA Attribute mapping for accounting. Radius 3.0.168 -- * Manual service update now uses the authentication datasource over accounting. * If RAS isn't loaded don't print RAS warning during NT authentication. Radius 3.0.167 -- * Fixed sending VSA string attributes causes packet corruption. * Trend: ta_period is now computed internally to make seconds and milliseconds 0. * Accounting was not reporting some types of constraint violations. * Fixed a Microsoft ODBC? problem where fetching a row could cause data corruption. * Logging updates. * Fixed Cache root directories now default to DataDirectory then the internal default. * Fixed Several radius directories were not defaulting to the internal default. * UNIX: Fixed several problems who could cause unix versions of radius to crash. * UNIX: Removed 90% of ODBC 3.5 bug workarounds - Solaris versions now use ODBC 3.6 multi-threaded drivers. * UNIX: Radius Administrator updates. * Fixed small memory leak when the message 'Authentication/Accounting proxy mode disabled' is logged. * Fixed proxy deadlock when proxying out both accounting and authentication. * Fixed several server-proxy related problems. In most cases auto-proxy crashes radius. * Fixed potential logging problems. * (RQST 74007) Fixed problem where radius could crash if it receives a null username in an accounting record. * Roaming auth/accounting descision is now based on the radius request code. * Radlogs displays *CHAP_SIZE* when there is a chap size problem and *CHAP* otherwise on password compare failures. * Trim flags for global and proxy trims are now either 1 for auth, 2 for accounting, or 3 to trim both. * AVP Updates * Disable cache double check when db password is external auth (WINNT,UNIX..etc) to prevent double checking external sources. * Fixed attribute debug shows the \0 character in it's output. * Fixed dbpool better handling of local driver manager and connection limit errors. * (DEFECT000000007) Fixed proxy attributes to use string length not the length from the radius packet /w chap requests. * (DEFECT000000006) Fixed RadRoamDomains would not proxy accounting data if the AccountType column is null. Radius 3.0.162 -- * Fixed NT Sam auth no longer requires special privledges to authenticate. * (DEFECT000000005) Fixed NT auth /w no domain can cause radius to crash. * Error message updates. * Added SNMP Concurrancy backoff when a request times out. SNMPRetry (in seconds) controls how long to wait before retrying the server. * Fixed startup wait on initial good database connection should depend on the value of NVFlag. * Added -f command line flag to test database connectivity and exit. * Fixed not enough connections avaliable sometimes during startup when authenticating /w concurrency checking. * Manual service update now uses internal time offsets vs getdate() database function. * SNMP checking shouldn't retry on some types of connection errors. * Improved Online sync logging to show weather or not the update really effected the ServerPorts table. * Fixed Online sync & SNMP concurrancy to take the trim domain options into concideration. * Fixed memory leak in the SNMP Online sync feature (introduced in 3.0.158) * Fixed SNMP Online sync when account session id's are being used the user should be marked offline when the oid is not found. * Fixed a problem where Radius would not proxy accounting. * Fixed proxy list should be thread safe. * If recording accounting locally and proxying do not ack on local writes. * Proxy-state now includes an extra 4 random characters to keep proxy states unique. Radius 3.0.158 -- * Fixed dbpool not rolling back uncommited transactions on db disconnect. * Fixed a bug who causes unpredictable results when more than one proxy-attribute group is used. * SNMP faster handling of connection refused. * Added SNMP ServerPorts sync. * SNMP logging updates. * Fixed a minor bug in dynamic ServerPorts update query. * Fixed accounts in text users file when odbc is enabled should not be checked for login limit or server port access. * UNIX: AgentX SNMP Stats bug fixes. * Added SNMPTimeout (In MS) registry entry to control concurrancy check timeouts. * Fixed on invalid attribute lengths - ignore only the current attribute. * AA library updates. Radius 3.0.154 -- * Fixed Y2k bug, using text file accounting logs files were being named in yymmdd format as 1001010 instead of 001010. * Fixed radius was ignoring stop records only option. * Added AccountID to manual service update. * When the -x flag is used all logging to stdout only. * Fixed bug where a blank username attribute in accounting records would cause radius to crash. * Fixed double logging of RadGetUser query when odbc debug mode is enabled. * Fixed SNMP concurrancy check should not count a user as being online if the snmp query fails. * Manual Calls update is now a dynamic query based on the contents of the ServerPorts table and avaliable attributes. * Removed double checking by login limit. Especially with SNMP concurrency enabled it's too expensive. * Fixed bug in RadGetUser in radiusnt.sql, rad25_up.sql and radiusnt_sybase.sql which prevented users who have not been cached from authenticating. Radius 3.0.150 -- * Log more queries when odbc debug is enabled. * Fallback to old RadValues query and log an error when RadVendorID and RadVendorType doesen't exist in an MS Access db. * When running against an msaccess database the format yyyy-mm-dd is used instead of yyymmdd. * Added SpoolErrorIntervalSecs to prevent log flooding on low memory or acct queue full conditions. * Several Oracle specific bug-fixes. * radius -v works while another copy of radius is running. * radius -v prints out a complete list of configuration settings. * Fixed deadlock while refreshing the Server Port Access cache. Radius 3.0.149 -- * Improved backup datasource ordering to better prefer primary datasources over backups. * emer25_up.sql Added a 'NULL' default to Calls.Username to allow Radius v3 to accept accounting records without a username attribute. * Fixed concurrancy checking and serveraccess should be ignored in text only mode. * Fixed ignore_case option always ignores case even when the option is disabled. Radius 3.0.147 -- * All dates passed to the database server are now in (iso) yyyymmdd hh:mm:ss format. * Fixed bug where running 'radius -install' would cause ODBC mode to be changed to text only. * Sql logging updates. Radius 3.0.145 -- * Fixed bug where accounting may not be proxyed provided trim domain is enabled. * RadReject fixes to allow non-string values to be rejected. * RadRejects fixed problem that could cause radius to crash while checking for rejected attributes. * Radius Adminstrator now accepts Radius v3 keys. ---------------------------------------------- RELEASE NOTES ---------------------------------------------- ---------------------------------------------- TECHNICAL SUPPORT ---------------------------------------------- Should you experience any trouble installing or using RadiusNT/X, please consider the following technical support options: Please read the readme.txt and changes.txt files that are included with your distribution archive. These files contain pertinent up-to-date information on the software noting any changes, feature enhancements or known problems. The documentation manual has much of the information you need to solve problems. Please re-read the pertinent section to ensure that something wasn't overlooked. Please check out our Web site at http://www.iea-software.com for announcements, troubleshooting tips, Frequently Asked Questions (FAQs) and more. IEA Software hosts a mailing list for RadiusNT/X. This is a user-supported list and is a great resource for conversing with others who own the product. You can learn more about the mailing lists at http://www.iea-software.com/support/maillists/liststart. We host a searchable archive of the list on our Web site as well. You can reach our Technical Support Team at (509) 444-BILL (2455) or support@iea-software.com. If you still require assistance, we have a variety of support contract options available via our Web site at http://www.iea-software.com/support. You can reach our Sales Team at (509) 444-2455 or sales@iea-software.com. ****************** End of CHANGES.TXT ******************