RadiusNT 2.5 Updates and Changes ------------------------------- v2.5.213 - 3/16/00 * Ascend abinary attributes would cause a DW when loading from the users file (RQST00000007584). * Server Based proxy would cause a DW, for an accounting request. (RQST00000007603) * Vendor Specific Attributes with multiple attributes encoded with the VSA data segment where not being handled correctly (RQST00000007623) v2.5.212 - 2/8/00 * Some CHAP authentications would fail when the CHAP-Challenge was in the attribute, not not packet vector. (RQST00000007312) * The trimname feature has been changed to give control over what is trimed and what is not. The trimname option now has two values that control locally when a domain is trimmed. This option has NO affect on proxied requests, as each RoamServer has its own trim domain option. (This is a Professional/Enterprise feature only. RadiusNT will still trim spaces from around the username automatically in any version). (RQST00000007204) Trimname: 1 - Trim Domains from Local Authentication requests 2 - Trim Domains from Local Accounting requests 3 - Both 1 and 2. Note: The older Admin only sets the first option. You will need to update your RadiusNT admin or edit the trimname value in the reigstry. v2.5.211 - 2/7/00 * If you enabled trimname=3 (trimdomain) to trim domain or extraneous information from the username before putting the accounting record into the calls table, and proxy accounting was not enabled, the original username was being stored in the calls table, not the trimmed one. (RQST00000007405) * Accounting Proxy was still sending two acks on an accounting request. (RQST00000007204) v2.5.210 - 1/27/00 * Added the ability for RadiusNT to determine a duplicate accounting record for Oracle and ACK the request, rather than treat it as a db insert failure. (RQST00000007348) * Accounting Proxy was not being sent if trimnames was not set for either 2 or 3. (RQST00000007122) * Accounting Proxy was sending an ack before sending the request to the next server (as sending and ack when it received the response). It will now not send the ack back to the requesting server, until it receives an ack from the authenticating server. (RQST00000007204) v2.5.208 - 12/15/99 * Certain kinds of requests with Proxy-State could cause RadiusNT to crash. * AcctSessionID and several other fields were not being updates in the Manual Calls Update or Stop records only option (which caused Ascend/ASID based SNMP Concurrency control to fail). * A new flag to Allow Malformed was added, to tell RadiusNT whether to accept passwords not based on a 16 byte set, as per the RFC. The default is to allow it, *HOWEVER* if you have an AllowMalformed registry value set to 1, RadiusNT will not allow incorrect password lengths. * The RadiusNT Admin was updated to handle the Malformed options. The file/debug configuration was moved to its own tab as well. v2.5.178 - 5/24/99 * License key algorithm updated. * Radius -install and -remove. Adding and removing a service. Radius no longer modifies the registry when installed or removed. * Installation Program - Radius Items are checked during program installation. ODBC installed. Abort installation if ODBC is not found. * CHAP proxy was not re-creating the password as CHAP, which was causing any forwarded requessts with CHAP to fail. * Two new fields, AcctSessionID and ServerType are required in the RadCheckSNMPOnline Stored proc. The ServerType is an int. The full lists of servers can be found in the FAQ at: www.iea-software.com/radiusnt/faqs/SNMP-Concurrency.html as well as the new stored procedure. Note, that this requires an update to the ServerPorts table to add the AcctSessionID field to it, and an update to the calls table trigger to update the AcctSessionID in the ServerPorts table while its updating the other fields. v2.5.176 - 5/17/99 * RadiusNT now requires both ExpireDate and OverLimit to be Good, if they are non-NULL. It used to not check ExpireDate if OverLimit was not NULL. * Log entries to the logfile were not being ended with with linefeed, causing the logfile to contain one long line. v2.5.175 - 5/14/99 * Updated validity checking for requests to be more strict about what requests RadiusNT will accept and from whom. * RadiusNT was just truncating names larger than 128 chatacres. It will now just immediately reject any request with a username longer than 128 characters. * Updated Logging to try and cleanup and make the log entries more consistent and easier to read. v2.5.167 - 3/15/99 * Strip Username when used with Treat as local was not removing the domain from the user request. * The Overlimit/Balance was comparing the values opposite of what they should have. v2.5.165 - 3/1/99 * RadiusNT now puts the Proxy-State Attributes ahead of reply attributes to improve interoperability with those (broken) proxy implementatations that request the Proxy-State in front of the reply attributes. * The Ascend-Max-Time was not being sent correctly as noted below and should now work. v2.5.162 - 2/25/99 * RadiusNT now sends both the Session-Timeout and Ascend-Max-Time attributes for time banking if the Ascend Max Time option is set. * Fixed problem with access not support the Query Timeout option. * It two or more users had the same login, RadiusNT would return the AccountID of the next user rather than the user with the correct password. v2.5.160 - 2/18/99 * Corrected problems with invalid cursor state with newer ODBC drivers when RadiusNT was starting. * When starting in foreground debug mode, the logfile definitions are ignored. This should help those people who define the logfiles in the admin and then don't understand why they are not seeing debug. You should NOT define the logfiles in the admin in most cases. * Fixed a problem where the database date was not beging calculated and in eval mode the Enterprise fatures were not allowed, although they should have been. * Added registry option AcctFormat. If this is set to 1, then RadiusNT uses a new, numerical based accounting file format that is one line per record. This format is MUCH more compact than the previous, and uses the numbers of the values rather than the names. It is designed for backend processing by a program and not meant to be easily readable by a person. Any other value besides 1 makes the format the old way (0, the old way, is the default). * The accounting log files now use a name format of YYMMDD.log in a directory based on the clients IP address. Also, if the accounting directory doesn't exist, RadiusNT will try to create it as well. It use to just error if the accounting directory did not exist (although it would make the client directory inside the accounting directory). * Corrected problems with the ODBC Text Backup mode. RadiusNT was not timing out fast enough on the DB problem causing the requests to be delayed. For ODBC Text backup to work correctly, you need to set two registry variables: ODBCTimeout You need to set this between 1-3 seconds. The lower the better, but you may run into problems if you don't have an ultra-fast SQL Server and you set this to 1. ODBCRetry You need to set this to the number of reqs allowed between each auth request. If set to 0 or 1, RadiusNT retries at each request. For heavy servers, this should be between 5-20. (What this does is force RadiusNT to automatically use the text file for x-1 requests, so that it doesn't get overwhelmed with requests, and each x request to re-check the SQL Serer). * If you have user proxy enabled and a DEFAULT roam server, RadiusNT will proxy all unknown users to that server. Currently these are NOT logged to Radlogs as unknown users used to be. (This will be addressed in a future update). * RadiusNT could get into a loop were it reported those users with NULL expiration dates as being expired after authenticating a user with an expiration date that was truely expired.