*****************************************************************
RadiusNT and RadiusX change history for versions 5.x, 4.x and 3.x
*****************************************************************
Modified: 3/4/2005

Copyright (c) 1999-2005 IEA Software, Inc. All rights reserved worldwide.

This file contains important, late-breaking information about changes
made within RadiusNT/X. We recommend that you read this file and keep a
printed copy with your RadiusNT/X documentation. For updated CHANGES.TXT
files and additional information about installing and running
RadiusNT/X, please visit our Support Web site for updated documentation
at http://www.iea-software.com/support. 

Tip: If necessary, choose Word Wrap from the Notepad Edit menu or Wrap
To Window from the WordPad View/Options menu to wrap the text within the
document window.

Note: All changes starting with 'UNIX:' are specific to the RadiusX
products and do not effect RadiusNT. Any change starting with a version
number in brackets '[x.x]' applies only to that version of the product.

----------------------------------------------
CHANGES.TXT CONTENTS
----------------------------------------------
. KNOWN PROBLEMS
. RELEASE CHANGES
 TECHNICAL SUPPORT

----------------------------------------------
KNOWN PROBLEMS
----------------------------------------------

. RadiusX using a Sybase ASE database may display the following error
when writing to Calls or RadLogs 'Attempt to initiate a new SQL Server
operation with results pending' - this error occurs when a duplicate
request is received and can be safely ignored. Note: this problem does
not occur with RadiusNT or any other database platform.

----------------------------------------------
RELEASE CHANGES
----------------------------------------------

Radius 5.0.50, 4.0.70 - 3/4/2005
--
* [5.0] Fixed removed special check used to reject accounting records with a username of 'Reject'
* [5.0] Added when setting an accounting table such as the Calls table to 'none' logging is disabled for that table however the accounting request is still acknolwedged
* [5.0] Added index and marshalling optimizations

Radius 5.0.49, 4.0.70 - 2/24/2005
--
* Added when recording accounting Call records ignore Acct-Delay-Time in CallDate calculation where Acct-Delay-Time is greater than a year
* [5.0] Fixed custom queries and attribute filter definitions containing variables may in rare cases become corrupt until their configuration is refreshed
* [5.0] Fixed oracle default account lookup query error
* [5.0] Added 'Auth Proxy Resp' filter source option allowing authentication proxy responses to be matched and modified
* [5.0] Fixed second result set of a custom configured SQLRadGetUser query was ignored
* [5.0] Added 'Virtual class attribute' feature allowing RadiusNT to correlate accounting requests with authentication responses for clients not supporting the 'Class' attribute
* Fixed include a partition ID in IEA Class attribute to prevent proxied local attributes from being decoded by other organizations also using RadiusNT

Radius 5.0.45, 4.0.69 - 2/3/2005
--
* Fixed number of proxy retries for authentication and non-store-and-forward accounting proxy modes were sometimes more than the configured retry count
* Fixed request authenticator was resent on the first retried proxy authentication response instead of the new authenticator sent with the initial response
* [5.0] Added request replay now works for proxied requests improving performance over unreliable links
* [5.0] Added 'Ignore client retry policy' proxy option allowing RadiusNT to discard unecessary retransmission attempts from the requesting client
* Fixed accounting records should not be acknowledged while column information for the accounting Calls table is unavaliable
* [5.0] Fixed packet replay system did not work for accounting records
* [5.0] Added improved packet replay checking and raised minimum possible replay history size
* [5.0] Fixed authentication responses may in a rare case be delayed by 15 seconds

Radius 5.0.43, 4.0.68 - 1/14/2005
--
* [5.0] While starting in database mode and no database server is avaliable RadiusNT should refresh its configuration as soon as the database becomes avaliable while persistant caching is enabled
* Added more descriptive error text for EAP-PEAP errors
* [5.0] Fixed RadGetUser parameter discovery is not retried on failure, default parameters were assumed should discovery fail during startup
* Fixed while restoring presistant cache in database mode the use of service type default attributes were always assumed ignoring any user specific attributes

Radius 5.0.42, 4.0.67 - 12/08/2004
--
* [5.0] Fixed while reconfiguring RadiusNT with SNMP polling enabled, realtime concurrency checking is not automatically disabled
* Fixed EAP-MSCHAPv2 authentication fails if authenticating clients provide a realm while domain trimming is disabled
* [5.0] Added support for including only dynamically added filter attributes to subsequently used attribute variables
* Fixed RADIUS authentication proxy may retry more than configured number if store and forward proxy mode is enabled
* Added EAP authentication requests may now be proxied
* Fixed while proxying a request containing a message signature the signature is now recalculated
* Fixed challenge responses could not be forwarded to remote proxies
* Fixed access challenge responses were not forwarding Proxy-State attributes from remote proxies
* Fixed EAP-GTC method will no longer send password field description unless challenged for improved compatibility with Cisco clients
* Fixed EAP-PEAP v1 version negotiation failure
* Fixed EAP inner authentication identity must be authoratative when avaliable
* Fixed EAP now allows responses of type identity to authentication requests of other methods provided a response is forthcoming
* UNIX: Fixed proxy retry timer may hang until next incoming request is received
* Fixed while proxying an authentication response containing tunnel encrypted attributes the attributes were not being correctly re-encrypted
* Added clearer error messages for external authentication and cases where multiple auth attempts are made
* Fixed possible AV while loading a specific service types attribute list where no attributes are present for that service type

Radius 5.0.39, 4.0.63 - 10/11/2004
--
* Fixed while proxying a CHAP request containing CHAP-Challenge this attribute is sent twice during the authentication request to the remote server
* Fixed Rad Rejects may not match attributes having a string data type

Radius 5.0.38, 4.0.62 - 8/18/2004
--
* Fixed AV displaying attribute debug having timestamp data
* [5.0] Added support for HostIP attribute filter source type
* [5.0] Fixed AV when Active field is present using v5 RadGetUser result sets
* [5.0] Fixed packet replay does not work correctly when used with proxied responses

Radius 5.0.36, 4.0.60 - 6/20/2004
--
* [5.0] Added support for calculating session limit to reflect an accounts expiration date
* Added support for 3GPP2 session encryption keys
* Win32: Fixed bind IP address listing in RadiusNT admin did not show multiple addresses per interface

Radius 5.0.35, 4.0.59 - 6/3/2004
--
* [5.0] Added support for SIP proxies (HTTP digest authentication)
* Added option to allow or deny concurrency enforcement on a per RADIUS client basis
* Changed some NASes behave incorrectly while reply-message is sent in access-accept, removed reply-message for this case
* [5.0] Added allow attribute filters of destination type auth/acct proxy out to modify the outgoing User-Name attribute
* [5.0] Added support for destip in the destination group of output attribute filters
* Added support for explicitly denying server port access

Radius 5.0.31, 4.0.57 - 4/12/2004
--
* Fixed proxy attribute matching problem which could cause requests to be routed to the wrong roam server
* Added additional format checking to proxy store and forward ADIF logging
* Fixed possible AV when processing proxy out attribute filters with a destination type of merge replace
* Added informational debug for LDAP authentication
* Fixed LDAP authentication failure using internal comparison of password attributes

Radius 5.0.29, 4.0.56 - 2/16/2004
--
* [5.0] Fixed SQL query destination merge type should use SQL variable encoding rules
* Fixed increased VSA format error checking to prevent errors from leading to unnecessary attribute decoding problems
* Fixed problem finding port information for IP pooling and server port access
* Fixed LDAP authentication failure using bind to auth with the netscape/sun directory server
* Added preference for NAS-Port over NAS-Port-ID for accounting record port selections

Radius 5.0.27, 4.0.55 - 11/17/2003
--
* Fixed response string conversion errors while processing an external auth methods mapped attributes
* Fixed attribute mapping system incorrectly required at least one attribute value before it can initialize
* Added support for NAS-Port-ID as NASPort
* Fixed NASIdentifier and NASPort fields in Calls were not being restricted by size
* Fixed removed incorrect ignore for 22xxx class of errors from accounting spooler
* [5.0] Fixed incorrect AVP value matching in Proxy attribute and attribute filtering system
* [5.0] Added $serverip variable to destination data field of the attribute filtering system
* Fixed unmatched proxy domain causes an auth trim regardless of the global trim setting
* Fixed when loading RADIUS clients from a database and the IP Address field has trailing or leading spaces that client entry is ignored
* Added use hardware sources for random numbers when possible
* [5.0] Added attribute filter source to allow searching request attributes to conditionally modify response attributes
* UNIX: Fixed when using Sybase ASE accounting and authentication performance is diminished after receiving a duplicate accounting request
* [5.0] Fixed error reading RadGetUser procedure parameters with Sybase ASE 11.9.2
* [5.0] Fixed Auth Proxy Req+Resp source type 'destination ip' and 'client ip' reversed
* Fixed when time banking is enabled and an account has no time limit smart caching should be allowed

Radius 5.0.22, 4.0.54 - 10/16/2003
--
* Fixed supporting crypto and database driver updates
* [5.0] Fixed RadGetUser Password parameter passed even when the parameter is not part of this stored procedure
* Fixed allow treat as local to completely override the global trim setting
* Fixed malformed response while sending tag integer attributes
* Fixed timestamp datatypes not being sent in auth response
* [5.0] Added $timetstamp filtering variable to report current time in RADIUS datetime format
* [5.0] Added destination merge type of SQL query to attribute filtering system
* [5.0] Fixed incorrectly restricting application of destination filters based on their filter type
* Fixed domain not stripped for auth when global trim is disabled and a proxy server with 'treat as local' enables strip domain
* Fixed disable accounting despooler in text-only mode
* Fixed ServerID/AccountID columns may appear multiple times in Calls update due to a NAS incorrectly sending duplicate Class attributes

Radius 5.0.17, 4.0.51 - 9/27/2003
--
* Fixed EAP-GTC does not work in conjunction with PEAP
* UNIX: fixed AV while generating PEAP session encryption keys
* Added -X4 option to enable EAP packet level debug
* Added support for restricting PEAP version negotiation to v0 for improved client compatibility
* Fixed EAP authentication was incorrectly disabled in text only mode

Radius 5.0.15b, 4.0.49 - 9/16/2003
--
* Fixed rare condition when multiple accounts have the same username not all may be able to authentication after the server has been running for quite some time
* Fixed ServerPorts clear may not work in some roaming environments where NASIdentifier is avaliable in ServerPorts
* [5.0] Added LDAP password attribute option to allow authentication without re-binding to the directory
* [5.0] Added configuration option to set 'ServerPorts' table name
* [5.0] Added support for SMD5 and SSHA passwords
* Fixed proxy attributes should be concidered for proxy before realm
* [5.0] Fixed attribute proxy groups may not all be concidered for proxy
* Improved SNMP client, support for loading multiple mib files, improved error reporting and thread safety
* Fixed SNMPTimeout configuration option was in microseconds instead of milliseconds
* [5.0] Fixed auth work thread lockout when a malformed packet is received
* Fixed existance of expired keys may incorrectly cause RadiusNT/X to stop working at midnight
* Fixed attribute proxy should be enabled if auth or acct proxy is enabled
* [5.0] Fixed AV with invalid directory/file when writing persistent auth log to disk
* Fixed command triggers can fire in text-only mode
* Fixed ignore #CACHE hint parameters in text-only mode

Radius 5.0.13b, 4.0.47 - 8/28/2003
--
* Fixed memory leak during auth when class and timebanking are enabled
* [5.0] Fixed AV processing proxy reject attributes with specific orders of proxy state
* Fixed User-Password attribute was limited to first 16 characters while proxying a request
* Fixed reply attributes not being sent for rejected proxied requests
* [5.0] Fixed double reload of proxy clients database at startup or reconfigure
* UNIX: Fixed IP pooling may not return reply attributes

Radius 5.0.10b, 4.0.44 - 8/12/2003
--
* Fixed after reloading the users file, accounts no longer in the users file may still authenticate
* [5.0] Fixed deadlock updating the user database under heavy load

Radius 5.0.9b, 4.0.43 - 8/8/2003
--
* UNIX: Replaced Merant ODBC manager and database drivers
* Added Client IP checking to server access and allow matching on any combination of null parameters
* [5.0] Fixed AV while refreshing DNIS information
* [5.0] Fixed a problem logging cached data when persistent auth is enabled

Radius 5.0.8b, 4.0.41 - 7/17/2003
--
* Fixed AV when class server/account tracking is enabled and no other attributes are sent during an auth response
* Added refresh of roam clients list whenever the roam server profile is refreshed
* [5.0] Allow multiple concurrent requests for LDAP, NT, token and TACACS+ clients
* [5.0] Added alternate profile support for bad authentication requests
* [5.0] Added option for reloading the Servers table/clients file at regular intervals
* [5.0] Fixed deadlock while reconfiguring server under heavy load
* [5.0] Fixed rare 'user not found' response while refreshing a database user who has multiple authentication requests pending
* [5.0] Fixed AV shutting down under heavy load with packet replay enabled
* [5.0] Added nasid,port,null service type check and null,null,null to server port access

Radius 5.0.7a, 4.0.40 - 7/8/2003
--
* Fixed attributes with no data do not display in attribute debug messages
* Fixed parsing bug which may incorrectly assign attributes after encountering certain types of malformed VSAs
* Fixed a rare concurrency problem updating the internal user database
* [5.0] Added support for several new IP filtering fields
* Fixed user session limits were being concidered in some cases even if time banking is disabled
* Fixed cases where special attributes were being processed without first checking vendor ID
* Fixed unknown attribute error text for db account attributes

Radius 5.0.4a, 4.0.39 - 5/29/2003
--
* [5.0] Added RadGetUser support for $serverid and $serverip
* [5.0] Fixed attribute filtering attempts to load, if enabled while operating in text only mode
* Fixed configuring a calls table named something other than "Calls" still references "Calls" in some cases
* Fixed long attribute or attribute value names fail to load from text dictionary
* Fixed using Oracle with RadiusNT may not reconnect if database connection is lost
* Fixed display database error message if column information for accounting table fails to load
* Improved handling of multiple accounts with the same username and password
* Fixed force database lookup when smart caching is enabled, time banking is enabled and the user has a set time limit
* Fixed lookup problems where complete dictionary does not load

Radius 4.0.38
--
* Fixed rare database connection pool leaks
* Fixed better transaction handling for backlogged accounting data
* Debug message updates
* Proxy state messages may be confused with other attributes of the same id
* Fixed don't try second result set in RadGetUser if query fails
* Fixed sql escape causes AV with configured RadGetUser
* Log warning message if attribute data is truncated to fit length restrictions of the Calls table
* Fixed memory leak and loss of proxy state information while proxying requests that timeout
* Fixed proxy store and forward mode was not limiting resend of queued messages while all destination servers are down
* Fixed proxying date attributes such as Event-Time cause malformed packets
* Fixed inaccurate auth/acct statistics while proxying specific types of requests

Radius 4.0.35
--
* Fixed malformed packet proxying RADIUS requests with tag attributes

Radius 4.0.34
--
* Fixed text dictionary does not load correctly if it contains attributes with an id of zero

Radius 4.0.33
--
* Fixed changing RadiusNT/X web admin password now sets the common configuration password
* EAP-PEAP, EAP-LEAP and EAP-MSCHAPv2 updates
* Added support for PEAP session encryption keys
* Fixed error in encryption of tunnel/MPPE attributes corrupted keys after first 16 bytes
* Fixed proxy not using stored authenticator for retried requests
* MSCHAPv1/2 updates
* Fixed MSCHAPv2 authentication now sends MPPE keys

Radius 4.0.32
--
* Fixed false no attributes error when only VSA's having an Attribute-ID of 0 are used
* Fixed error parsing vsa attributes with a VSA lenght of less than two
* Fixed EAP ID for ack/nak based on received packet instead of RADIUS ID
* Fixed EAP-LEAP now sends access-challenge after authenticating the client instead of access-accept
* Fixed EAP sequence problem

Radius 4.0.31
--
* EAP-PEAP updates
* Added support for Emerald express license keys

Radius 4.0.30
--
* DNIS and server port updates
* Added support for EAP-MSCHAPv2
* Added checking to prevent downloading incomplete DNIS access lists
* EAP-PEAP updates

Radius 4.0.29
--
* Fixed memory leak decoding some types of malformed attributes
* Fixed possible AV while using EAP authentication
* Added support for EAP-GTC

Radius 4.0.28
--
* Added support for RSA SecureID v5 two-step auth
* Fixed various EAP memory leaks
* Added support for Cisco EAP-LEAP

Radius 4.0.27
--
* Fixed EAP state problem when EAP is never used
* Support for checking radius request attributes against multiple check attributes
* Added support for EAP fragments

Radius 4.0.26
--
* Fixed Attribute proxy now works with accounting requests
* Added EAP/MD5 support
* Fixed Server proxy was recording accounting locally while local proxy was disabled.

Radius 4.0.24
--
* Added support for Message-Authenticator (RFC 2869) checking
* UNIX: Fixed high CPU usage while any proxy options are enabled

Radius 4.0.23
--
* Fixed prefer roaming trim settings over global trim when using treat as local

Radius 4.0.21
--
* Fixed AV when trying external auth methods assigned to a domain.
* Fixed external auth not associating domains if the method matches on domain and no user domain is defined.

Radius 4.0.20
--
* Fixed no attributes error with service types longer than 15 characters
* UNIX: Fixed sig_pipe on rdbms connection error causing radius to restart
* UNIX: Fixed sql cursor state errors after reconnecting to Sybase
* Fixed AV while populating ServerPorts table in custom (-D1) mode only
* UNIX: Fixed AV while displaying acct queue warning message for non Calls data

Radius 4.0.17
--
* Fixed Radius gets cought in a loop using 100% CPU time after receiving certain types of malformed VSA attributes.

Radius 4.0.15
--
* Fixed AV and data corruption while responding to some proxy requests

Radius 4.0.14
--
* Fixed Radius odbc connection error if it's using the Emerald common dsn config and a read only Emerald dsn is defined.
* Fixed accounting pre trims don't work while proxy is disabled.
* Fixed Radius packet corruption when sending VSA ascend data filter attribute in access accept

Radius 4.0.13
--
* Fixed sync problems in the DNIS cache also don't cache DNIS if DNIS access is disabled
* Fixed Include blank ('') Username in Calls query when the Username attribute does not exist in an accounting record
* Fixed overflow displaying values of large unknown attributes

Radius 4.0.12
--
* Fixed multiple attributes of the same name from an accounting request cause the ServerPorts update query to fail.

Radius 4.0.11
--
* Fixed Extra ',' in ServerPorts update query when AccountID exists in ServerPorts, manual calls update is enabled and an AccountID is passed via the Class attribute to ServerPorts.

Radius 4.0.10
--
* Fixed authentication query errors if the accounting RDBMS type is different from the auth source.
* Fixed query updates for manual ServerPorts update.

Radius 4.0.9
--
* Fixed in most cases wrong Service Type information is passed to the IP pooling stored procedure.  This can lead to assigning addresses from the wrong pool.
* UNIX: Oracle updates to prevent database errors calling stored procedures.

Radius 4.0.8
--
* Fixed per roam domain disabling accounting or authentication for proxy prevented Radius from trying the remaining roam servers.
* Fixed some per roam server configurations were being confused with other roam servers.

Radius 4.0.7
--
* Fixed non-common ODBC passwords not being pse decrypted.
* Fixed radlogin update to support tag attribute types in the latest dictionary file.
* Fixed LDAP search password was not being pse decrypted causing non-anonymous LDAP searches to fail.

Radius 4.0.6
--
* Fixed if accounting proxy is enabled and an accounting record with a realm is not proxyable it should be recorded locally
* Updated dictionary file and added support for reading new types (attribute tags)

Radius 4.0.5
--
* [3.0.205] While using auth-any auth requests are rejected when CHAP is used.

Radius 4.0.3
--
* Fixed time of day restrictions wouldn't allow 0 start or stop times.

Radius 4.0.2
--
* Fixed auth-API should send user->msg in the reply message attribute on auth reject
* Fixed not loading odbc username and password when using Radius vs common configuration

Radius 4.0.1
--
* Fixed database error while caching DNIS prevents other queries from running

Radius 4.0.193
--
* Fixed Radius using incorrect AccountTypeID
* Fixed default auth/acct roam server ports should be the Radius servers default
* Fixed GlobalSecret not working for authentication requests
* UNIX: Fixed in trend mode stop records without port numbers cause RadiusX to crash/restart
* Merant licensing updates
* 3.1 is now 4.0

Radius 3.0.191
--
* Fixed when caching is disabled cached accounts that are in-active accounts are still able to login
* [3.1] Fixed several odbc compatibility problem with Sybase against a 3.0 Radius database
* Added enable AuthAPI and Proxy via License key feature flags

Radius 3.0.190
--
* Fixed can now read AccountType labels up to 30 characters
* Fixed account out of time logging message did not include a username
* Fixed smart cache loosing overlimit and startdate[3.1] attributes for updated users after a cache update
* [3.1] Fixed concurrancy control checking using new concurrancy proc without AccountID does not work
* Improved smart cache memory usage

Radius 3.0.189
--
* Fixed concurrancy control checking against the accounting DSN, not the authentication DSN
* [3.1] Added global DNIS reverse option (Accept is default, listed numbers are denied access)
* [3.1] Added pwcheck routine to external auth API
* [3.1] Added daily license checking to periodically print expiration warnings

Radius 3.0.188
--
* (RQST10063) Fixed AV while loading incorrect Ascend binary filter attributes
* Fixed Ascend binary filter attributes passed in reverse order
* [3.1] Fixed Oracle load rejects not using an Oracle stored procedure
* Fixed missing terminating ';' character in oracle serverports update query
* Fixed Oracle should not report some types of query errors
* Fixed non-mssql accounting was able to send more than one accounting record per query
* [3.1] Fixed port field in Online Update restricted to numeric values
* (RQST9862) WINNT Fixed unix password file lookup leaks one handle per lookup
* [3.1] Added improved tacacs+ error messages
* [3.1] Fixed when authenticating database users externally - log any external database errors
* [3.1] Fixed tacacs+ authentication causes AV when tacacs hostname not specified
* Fixed when cache write is enabled possible AV while dumping RadReject information to disk
* (RQST9816) Fixed ServerAccess checking may incorrectly allow/deny port access

Radius 3.0.186
--
* (RQST9707) Fixed expiration dates took effect one day after they should have
* [3.1] Added support for time-banking with second accuracy

Radius 3.0.185
--
* [3.1] Added 'pairappend' to external auth api
* [3.1] Added smart cache support for account start date and inactive accounts
* [3.1] Added MSChap V2 support
* Fixed Attribute handling to better handle string types containing binary data
* Fixed SHA-1 password checking always fails
* [3.1] Added contents of unknown attributes to debug output
* [3.1] Added MSChap V1 support
* Fixed date attribute is always set to 0 after receiving a date attribute
* Fixed radius date to rdbms specific date conversion error while logging accounting data
* [3.1] Added support for RFC2548 MS-MPPE-Send-Key and MS-MPPE-Recv-Key attribute encryption
* Fixed when clearing server ports via accounting on/off no ports are actually cleared
* [3.1] Added RadgetPoolConfigs now passes AccountTypeID instead of AccountType if avaliable
* Fixed not proxying Accounting when server proxy is enabled, client doesen't have a Roam server defined and the request should be proxied via a domain match
* Added VSID support to proxy attribute checking
* [3.1] Fixed retried proxy requests were always sent from the auth port
* [3.1] Fixed load balancing bug which drops proxy requests when recv rate is over RateMax in store and forward mode
* [3.1] Fixed rate limiting causing packet flood while all proxy servers are down
* [3.1] Added proxy store and forward optimization
* [3.1] Fixed proxy store and forward when moving from at least one good server to all down not all retry counters on current requests were being reset

Radius 3.0.184
--
* [3.1] IP Pools can send previous attributes in result set before nack.
* [3.1] Removed NASPortName
* [3.1] Added proxy load balancing
* [3.1] Added Store and forward log
* [3.1] Added Tunnel attribute support (RFC 2868)
* NASPort now also handles string values provided the NASPort column in the database supports it.
* (RQST9545) Fixed memory leak while updating calls online when NASIP does not exist.

Radius 3.0.183
--
* (RQST9293) Fixed database usernames were restricted to 32 characters

Radius 3.0.182
--
* (RQST9294) Server Port Access no longer requires Port to be present in
* [3.1] Fixed external auth name memeory error while starting radius
* (RQST9295) Fixed AV reading large column labels from RadAttributes
* (RQST9117) Fixed if attribute name of nasidentifier is changed it is not logged if the column exists in the Calls table as other attributes
* (RQST9009) Fixed don't resend our proxy state while replying to requests
* (RQST9296) Added proxy loop detection
* [3.1] Fixed NASPortName should be converted to NASPort if NASPort doesen't exist when creating call records
* [3.1] ACE: Fixed support for next token code and pin changing

Radius 3.0.179
--
* (RQST9297) Fixed radius was not preferring odbc accounts over a user file account
* [3.1] RadGetPoolConfigs now processes multiple result sets

Radius 3.0.178
--
* [3.1] (Desktalk) Added NASPortName for voip
* (RQST9138) Fixed AV while receiving accounting records
* (RQST8648) Shared secrets can now be larger than 15 characters while proxying requests

Radius 3.0.177
--
* (RQST9056) UNIX: Fixed Radius restarts itself on auth if concurrancy control is enabled.

Radius 3.0.176
--
* (RQST8878) Fixed proxy unknown local users to default proxy not working.
* (RQST8875) [3.1] Fixed database accounts using external authentication sources for password validation was not working.
* (RQST8876) Fixed RadGetProxyAttributes is called several times per minute if no proxy attribute entries exist.
* (RQST8726) [3.0] Fixed memory leak while proxying requests.
* (RQST8648) Shared secrets can now be larger than 15 characters.

Radius 3.0.175
--
* (RQST8707) UNIX: Fixed radius restarts while printing query error messages.
* (RQST8311) Fixed append '\0' to the end of Cisco AVPair attributes.
* (RQST8619) Fixed write integer datatypes as unsigned to display/database.
* (RQST8621) Fixed Access mode ServerPort update query was incorrect.
* (RQST8493) Fixed AV while logging usernames as not found.
* Switched to native ODBC transaction routines.
* [3.1] Added Oracle support for stored procedures.
* (RQST8634) [3.1] Fixed add to AccountDelayTime if it exists for delayed (proxy forwarded) accounting requests.
* (RQST8624) Fixed while forwarding proxy requests Radius does not forward known VSAs.
* (RQST8623) [3.1] Fixed external Auth load messages were not appearing in debug mode.
* (RQST8427) Fixed try to update the database when password replace is enabled and authenticating from a different source.
* (RQST8428) Fixed Remove associated users from the cache after password replace runs successfully.
* (RQST8429) [3.1] Fixed password replace did not work with external auth modules.
* (RQST8436) Fixed time banking cache update was subtracting the smart cache view of timeleft as seconds instead of minutes.
* (RQST8438) DB License updates.
* (RQST8439) [3.1] Rework external auth api to provide pointers to radius memory allocation routines.

Radius 3.0.174
--
* (RQST8280) Fixed manual calls update wasn't falling back to using NASID if a NASIP wasn't sent.
* (RQST8279) Fixed workaround for missing LastModifyDate column in SubAccounts in MSAccess mode when time banking is enabled.
* (RQST8278) NT: Fixed Radius Administrator would not allow editing datasource names.
* (RQST8277) Fixed when manual calls update is enabled (Using MSSQLServer or Oracle databases) a malformed query causes ServerPorts update to fail.
* (RQST8276) Fixed ignore primary key constraint errors when recording call records in MSAccess mode.
* Fixed truncate data when over column size in manual calls update.
* [3.1] (RQST8275) Fixed LDAP Auth doesen't reconnect after LDAP server problem when using direct key searches.
* [3.1] (RQST8274) Fixed when enterprise key is detected say 'Enterprise features enabled' instead of 'Professional'.
* (RQST8273) Radius with manual calls update was double accounting for Account Delay time in the update decision. ServerPorts does keep correct time.
* [3.1] Added support for IP Pooling
* (RQST8116) Fixed database test routines would take an unreasonable amount of time to mark connections bad.  (Floor was sum of connection slots vs distinct datasources)
* (RQST) Fixed reply attribute memory leak when authentication is rejected for some reasons.
* [3.1] (RQST8164) Fixed LDAP search now removes 'attribute=$domain' entirely instead of 'attribute=*' in direct lookup mode.

Radius 3.0.173
--
* (RQST7983) Fixed crash caused by attribute-pair copy routine corrupting some types of string data.
* (RQST8126) Fixed generic (Non IP) Ascend data filters were not being processed.
* (RQST8119) Fixed crash while proxying accounting by server proxy and no username in request.
* (RQST8104) Fixed manual Calls update query for MSAccess was wrong, would not update server ports.
* (RQST8096) Fixed Maximum number of Calls and ServerPorts table columns to populate raised to 150 from 40.
* (RQST8098) Fixed memory leak while receiving non accounting packets on accounting port.
* (RQST8099) Fixed when AcctMaxBatchItems is 1 (Default) and the despooler is backlogged two items can be sent in a single batch.
* (RQST8100) Fixed turn off XACT_ABORT in accounting despooler when explicit transactions are disabled.
* Fixed radius packet corruption sending non-usr VSA's of type Integer or IP Address.
* Logging Updates

Radius 3.0.172
--
* (RQST8015) Fixed Global trim was being used over the trim option defined for roam servers.
* (RQST8016) Fixed manual Calls update query for MSAccess was wrong, would not update server ports.
* Fixed Manual Calls update now nulls unused columns in the ServerPorts table during acct start/stop.
* Fixed non ODBC database users can be removed by the smart cache.
* (RQST8000) Fixed When the ignore case option is not set to 1 or 0 SNMP concurrancy checking always fails.
* Fixed Concurrancy online debug output was showing incorrect number of users online.
* Added Manual service update now also subtracts time from the smart caches time left.
* Fixed roam server with treat as local enabled would not ack accounting records.

Radius 3.0.171
--
* Fixed Accounting proxy required the trim domain option to forward accounting requests to a proxy server.
* Added Interrupt startup database test after reciving shutdown signal.
* 2.5 style dictionary load stats.
* (RQST8014) Fixed username not getting trimed correctly when trim domain is enabled and the username contains leading and trailing white-spaces.
* Fixed a possible memory leak in proxy roam checking.
* Accounting call date now takes AcctDelayTime into concideration.  Emerald 2.5 users should modify their calls trigger to not account for AcctDelayTime in the ServerPorts table.
* Fixed problem where last used time is initially not set causing most entries to be expired from the cache.
* Maximum port session time wasn't being concidered calculating a session limit.
* (RQST 7795) Fixed session timeouts were not being set when time banking is enabled.
* Added support for multiple VSA attributes encoded in a single radius attribute.
* Fixed a proxy problem who could cause radius to crash.
* If all odbc datasources are not avaliable and the user isn't found in the smart cache radius will ignore the request before testing it against external authentication such as a UNIX password file or NT SAM.
* Fixed manual ServerPorts update query for MSAccess was wrong and therefore would not update server ports.
* UNIX: Workaround for odbc driver memory leak on Solaris.
* Added CacheDisable registry option to require a database check on every authentication.
* Added VSAMap registry option to enable VSA Attribute mapping for accounting.

Radius 3.0.168
--
* Manual service update now uses the authentication datasource over accounting.
* If RAS isn't loaded don't print RAS warning during NT authentication.

Radius 3.0.167
--
* Fixed sending VSA string attributes causes packet corruption.
* Trend: ta_period is now computed internally to make seconds and milliseconds 0.
* Accounting was not reporting some types of constraint violations.
* Fixed a Microsoft ODBC? problem where fetching a row could cause data corruption.
* Logging updates.
* Fixed Cache root directories now default to DataDirectory then the internal default.
* Fixed Several radius directories were not defaulting to the internal default.
* UNIX: Fixed several problems who could cause unix versions of radius to crash.
* UNIX: Removed 90% of ODBC 3.5 bug workarounds - Solaris versions now use ODBC 3.6 multi-threaded drivers.
* UNIX: Radius Administrator updates.

* Fixed small memory leak when the message 'Authentication/Accounting proxy mode disabled' is logged.
* Fixed proxy deadlock when proxying out both accounting and authentication.
* Fixed several server-proxy related problems.  In most cases auto-proxy crashes radius.
* Fixed potential logging problems.

* (RQST 74007) Fixed problem where radius could crash if it receives a null username in an accounting record.
* Roaming auth/accounting descision is now based on the radius request code.
* Radlogs displays *CHAP_SIZE* when there is a chap size problem and *CHAP* otherwise on password compare failures.
* Trim flags for global and proxy trims are now either 1 for auth, 2 for accounting, or 3 to trim both.

* AVP Updates
* Disable cache double check when db password is external auth (WINNT,UNIX..etc) to prevent double checking external sources.

* Fixed attribute debug shows the \0 character in it's output.
* Fixed dbpool better handling of local driver manager and connection limit errors.
* (DEFECT000000007) Fixed proxy attributes to use string length not the length from the radius packet /w chap requests.
* (DEFECT000000006) Fixed RadRoamDomains would not proxy accounting data if the AccountType column is null.

Radius 3.0.162
--
* Fixed NT Sam auth no longer requires special privledges to authenticate.
* (DEFECT000000005) Fixed NT auth /w no domain can cause radius to crash.
* Error message updates.

* Added SNMP Concurrancy backoff when a request times out. SNMPRetry (in seconds) controls how long to wait before retrying the server.
* Fixed startup wait on initial good database connection should depend on the value of NVFlag.
* Added -f command line flag to test database connectivity and exit.
* Fixed not enough connections avaliable sometimes during startup when authenticating /w concurrency checking.
* Manual service update now uses internal time offsets vs getdate() database function.
* SNMP checking shouldn't retry on some types of connection errors.
* Improved Online sync logging to show weather or not the update really effected the ServerPorts table.
* Fixed Online sync & SNMP concurrancy to take the trim domain options into concideration.

* Fixed memory leak in the SNMP Online sync feature (introduced in 3.0.158)
* Fixed SNMP Online sync when account session id's are being used the user should be marked offline when the oid is not found.

* Fixed a problem where Radius would not proxy accounting.
* Fixed proxy list should be thread safe.
* If recording accounting locally and proxying do not ack on local writes.
* Proxy-state now includes an extra 4 random characters to keep proxy states unique.

Radius 3.0.158
--
* Fixed dbpool not rolling back uncommited transactions on db disconnect.
* Fixed a bug who causes unpredictable results when more than one proxy-attribute group is used.
* SNMP faster handling of connection refused.
* Added SNMP ServerPorts sync.
* SNMP logging updates.
* Fixed a minor bug in dynamic ServerPorts update query.

* Fixed accounts in text users file when odbc is enabled should not be checked for login limit or server port access.
* UNIX: AgentX SNMP Stats bug fixes.
* Added SNMPTimeout (In MS) registry entry to control concurrancy check timeouts.
* Fixed on invalid attribute lengths - ignore only the current attribute.
* AA library updates.

Radius 3.0.154
--
* Fixed Y2k bug, using text file accounting logs files were being named in yymmdd format as 1001010 instead of 001010.
* Fixed radius was ignoring stop records only option.
* Added AccountID to manual service update.
* When the -x flag is used all logging to stdout only.
* Fixed bug where a blank username attribute in accounting records would cause radius to crash.
* Fixed double logging of RadGetUser query when odbc debug mode is enabled.
* Fixed SNMP concurrancy check should not count a user as being online if the snmp query fails.
* Manual Calls update is now a dynamic query based on the contents of the ServerPorts table and avaliable attributes.
* Removed double checking by login limit.  Especially with SNMP concurrency enabled it's too expensive.
* Fixed bug in RadGetUser in radiusnt.sql, rad25_up.sql and radiusnt_sybase.sql which prevented users who have not been cached from authenticating.

Radius 3.0.150
--
* Log more queries when odbc debug is enabled.
* Fallback to old RadValues query and log an error when RadVendorID and RadVendorType doesen't exist in an MS Access db.
* When running against an msaccess database the format yyyy-mm-dd is used instead of yyymmdd.
* Added SpoolErrorIntervalSecs to prevent log flooding on low memory or acct queue full conditions.
* Several Oracle specific bug-fixes.
* radius -v works while another copy of radius is running.
* radius -v prints out a complete list of configuration settings.
* Fixed deadlock while refreshing the Server Port Access cache.

Radius 3.0.149
--
* Improved backup datasource ordering to better prefer primary datasources over backups.
* emer25_up.sql Added a 'NULL' default to Calls.Username to allow Radius v3 to accept accounting records without a username attribute.
* Fixed concurrancy checking and serveraccess should be ignored in text only mode.
* Fixed ignore_case option always ignores case even when the option is disabled.

Radius 3.0.147
--
* All dates passed to the database server are now in (iso) yyyymmdd hh:mm:ss format.
* Fixed bug where running 'radius -install' would cause ODBC mode to be changed to text only.
* Sql logging updates.

Radius 3.0.145
--
* Fixed bug where accounting may not be proxyed provided trim domain is enabled.
* RadReject fixes to allow non-string values to be rejected.
* RadRejects fixed problem that could cause radius to crash while checking for rejected attributes.
* Radius Adminstrator now accepts Radius v3 keys.

----------------------------------------------
RELEASE NOTES
----------------------------------------------




----------------------------------------------
TECHNICAL SUPPORT
----------------------------------------------

Should you experience any trouble installing or using RadiusNT/X, please
consider the following technical support options:

Please read the readme.txt and changes.txt files that are included with
your distribution archive. These files contain pertinent up-to-date
information on the software noting any changes, feature enhancements or
known problems.

The documentation manual has much of the information you need to solve
problems. Please re-read the pertinent section to ensure that something
wasn't overlooked. 

Please check out our Web site at http://www.iea-software.com for
announcements, troubleshooting tips, Frequently Asked Questions (FAQs)
and more.

IEA Software hosts a mailing list for RadiusNT/X. This is a
user-supported list and is a great resource for conversing with others
who own the product. You can learn more about the mailing lists at
http://www.iea-software.com/support/maillists/liststart. We host a
searchable archive of the list on our Web site as well.

You can reach our Technical Support Team at (509) 444-BILL (2455) or
support@iea-software.com.

If you still require assistance, we have a variety of support contract
options available via our Web site at
http://www.iea-software.com/support.

You can reach our Sales Team at (509) 444-2455 or sales@iea-software.com.


******************
End of CHANGES.TXT
******************
