*****************************************************************
RadiusNT and RadiusX change history for versions 5.x, 4.x and 3.x
*****************************************************************
Modified: 1/11/2010

Copyright (c) 1999-2010 IEA Software, Inc. All rights reserved worldwide.

This file contains important, late-breaking information about changes
made within RadiusNT/X. We recommend that you read this file and keep a
printed copy with your RadiusNT/X documentation. For updated CHANGES.TXT
files and additional information about installing and running
RadiusNT/X, please visit our Support Web site for updated documentation
at http://www.iea-software.com/support. 

Tip: If necessary, choose Word Wrap from the Notepad Edit menu or Wrap
To Window from the WordPad View/Options menu to wrap the text within the
document window.

Note: All changes starting with 'UNIX:' are specific to the RadiusX
products and do not effect RadiusNT. Any change starting with a version
number in brackets '[x.x]' applies only to that version of the product.

----------------------------------------------
CHANGES.TXT CONTENTS
----------------------------------------------
. KNOWN PROBLEMS
. RELEASE CHANGES
 TECHNICAL SUPPORT

----------------------------------------------
KNOWN PROBLEMS
----------------------------------------------

* None

----------------------------------------------
RELEASE CHANGES
----------------------------------------------
Radius 5.1.63, 4.0.88 - 1/11/2010
--
* [5.1] Fixed single byte overrun when authenticating users with NT hash passwords
* Fixed memory leak retrying authentication requests

Radius 5.1.62, 4.0.88 - 11/5/2009
--
* [5.1] Added PAP and MSCHAP support for passwords stored in NT hash form
* [5.1] Fixed RadiusX restarts on systems with Sparc processors when multi-threaded authentication has been enabled
* [5.1] Fixed SHA1 dependent authentication algorithms fail on Solaris platform

Radius 5.1.60, 4.0.88 - 9/10/2009
--
* [5.1] Added support for IPv6 prefix attribute types
* Fixed IPv6 string representations trailing zeros not properly compressed
* Fixed IPv6 encode failure of certain properly formatted IPv6 addresses

Radius 5.1.59, 4.0.88 - 6/15/2009
--
* [5.1] Fixed query errors displayed in authentication log file when a new day starts and no authentication requests have been previously sent since server startup

Radius 5.1.58, 4.0.88 - 5/1/2009
--
* [5.1] Added support for marshalling attributes of type octets to the calls table as hexidecimal values
* [5.1] Added if MSCHAPv2 validation fails with user only portion of user@realm retry with user@realm
* [5.1] Added support for authentication reject when auth rating is enabled, default cost is not configured and no rating rules match

Radius 5.1.56, 4.0.88 - 2/21/2009
--
* [5.1] Added current data usage for reauthorized sessions count input and output octets instead of output only
* [5.1] Added updated supporting encryption routines

Radius 5.1.55, 4.0.88 - 12/31/2008
--
* [5.1] Fixed AV caused by EAP inner protocols providing username attributes that contain no value
* [5.1] Added filter queries can now convert proxied access reject messages to access accept by returning a query with AttributeID and VendorID set to -1
* [5.1] Fixed rating engine memory leak when reconfiguring active rating rules and a custom classifier query has been associated with a rate

Radius 5.1.53, 4.0.88 - 11/22/2008
--
* [5.1] Added support for WISPr-Session data left usage limit VSAs
* [5.1] Added 64-bit signed integer data type
* [5.1] Added tunnel password and tag tunnel password attribute type configuration
* [5.1] Added octets binary data type with ability to enter values in hexadecimal format
* [5.1] Fixed TTLS username is not used when identity hiding is enabled via User-Name attribute or EAP-Identity
* [5.1] Fixed rating engine when rating requests containing usage for both time and data dimensions data only rates previously required a dummy zero cost time rate to prevent the data only rate from being ignored

Radius 5.1.47, 4.0.88 - 8/14/2008
--
* Added workaround for MSSQL 2008 ODBC driver bug causing a numeric overflow error to be displayed when retrieving cached account information
* [5.1] Fixed authentication may fail intermittently when large numbers of users are concurrently authenticated using PEAP or TTLS

Radius 5.1.46, 4.0.88 - 7/22/2008
--
* [5.1] Added ignore Diameter encoded AVPs containing a zero length payload instead of failing the decode to improve TTLS client compatibility
* [5.1] Added startup and shutdown section logging
* [5.1] Added updated supporting encryption routines
* [5.1] Added support for storage of Emerald database encryption secret key via operating systems secure key store
* Fixed when realm service type replacement is enabled and challenge responses are proxied replaced attributes should apply only to the final access accept message
* Fixed instances where logging messages were incorrectly classified
* Fixed when synchronizing account changes via smart cache the per request authentication query timeout should not apply
* Fixed AV may occur during the forced shutdown process which can occur when pending operations take too long to complete

Radius 5.1.44, 4.0.87 - 4/25/2008
--
* Added support for excluding a service type from DNIS checking unless reverse DNIS checking is enabled by setting a NULL value for the DNISNumber column of SQLDNIS
* Added Vista and Windows 2008 compatibility update to account for missing RRAS API calls in these versions of windows
* [5.1] Added support for conversion of string port values to integers to maintain compatibility with older Calls table schemas having an integer NASPort column
* Fixed malformed RadiusNT/X admin web server post request may cause AV of the admin configuration server

Radius 5.1.42, 4.0.86 - 1/26/2008
--
* [5.1] Added reverse counting of SNMP concurrency violations by exception and substring matching of SNMP values to username
* [5.1] Added rating engine support for additional rounding options

Radius 5.1.41, 4.0.86 - 12/23/2007
--
* Fixed account expiration should be treated as the minimum of MBR and SA expiration when using an Emerald database
* [5.1] Fixed incremental cache updates not being performed at configured interval on the Oracle platform using an Emerald 5 database
* Fixed failure to preload server access configuration not logged as an error

Radius 5.1.40, 4.0.85 - 12/06/2007
--
* [5.1] Fixed rating engine AV while rating accounting records
* [5.1] Fixed possible AV while proxy accounting echo and accounting store and forward mode are both enabled
* [5.1] Fixed compatibility problem with version 6.x RSA SecurID clients on the windows platform

Radius 5.1.38, 4.0.85 - 9/23/2007
--
* [5.1] Added removed boingo VSA 32 from the tunnel password attribute list
* [5.1] Fixed primary database connection pool too shallow to handle worse case query load
* [5.1] Fixed possible AV during long term cache maintenance shortly after midnight
* [5.1] Added support for EAP-TTLS PAP/CHAP/MSCHAPv1/MSCHAPv2
* [5.1] Added compatibility with Emerald v5 on the Oracle database platform
* [5.1] Added option to customize reply attributes sent in response to an authentication failure
* [5.1] Added RFC 4590 SIP/HTTP Digest authentication in addition to draft-sterman-aaa-sip-01

Radius 5.1.35, 4.0.85 - 6/27/2007
--
* [5.1] Fixed the attribute filtering system may not act on requests that determine an authentication response should be rejected or ignored 
* [5.1] Added rating engine updates supporting InitialCost and StaticCost attributes if avaliable in the rating request
* [5.1] Added Req/Resp Code RadFilterTypeID (5) to attribute filtering system to match the RADIUS request or response packet code
* [5.1] Fixed disable day + 1 for service expirations only when used with Emerald v5 as this is now controlled via Emerald
* [5.1] Added improved zero value port filtering while the "Add virtual NAS-Port if missing" advanced option is enabled
* Fixed SHA password hash formats are not properly recognized

Radius 5.1.29, 4.0.84 - 4/4/2007
--
* [5.1] Fixed rating engine accounting rating decision was incorrectly controlled by the "Enforce cost-based session limits" advanced option instead of "Allow rating of accounting call records"
* [5.1] Added support for Cisco encrypted AVPair attribute
* [5.1] Fixed rating engine data only rate with session limit should reject authentication after credit limit has been exhausted
* [5.1] Fixed rating engine AV when specific ordered combinations of duplicate attributes of different types are received
* [5.1] Added filter out authorization attributes before passing request attributes to the rating engine when rating of authentication requests is enabled
* [5.1] Added "data banking" feature to enforce data remaining restrictions similiar to "time banking"
* [5.1] Fixed when uploading call records the Emerald5 Calls.CallID column must be excluded from column discovery to prevent attributes of the same name from setting a CallID value
* [5.1] Added "amountleft" and "dataleft" variables for "auth out" and "auth req+resp" attribute filters
* [5.1] Fixed rating engine AV while loading numeric rating rules having a "less than" match type

Radius 5.1.25, 4.0.83 - 12/22/2006
--
* [5.1] Added optional "RadCheck" field to second attribute result set of RadGetUser
* [5.1] Fixed rating engine requests with null or 0 default cost must still be rated
* [5.1] Fixed rating engine zero cost rules were being ignored and assigned default cost
* [5.1] Fixed rating engine ~3 sec shutdown delay caused by not waking queue manager
* [5.1] Fixed rating engine assert when totals are required by max cost but not any applicable rating rules
* [5.1] Fixed rating engine rates with data and time rating rules did not link data starting period costs for enforcement of max charge amount

Radius 5.1.24, 4.0.83 - 11/22/2006
--
* [5.1] Added allow conversion of rating engine upload attributes to RADIUS reply attributes
* [5.1] Fixed allow Emerald 5 RADIUS enterprise and professional license features
* [5.1] Fixed rating engine time indexing error
* [5.1] Fixed rating engine authentication failure condition and uploaded reply attributes were not enforced
* [5.1] Added allow rating engine data dimension tracking for authentication reauthorization requests
* Fixed escape accounting username and nasid
* [5.1] Fixed rating engine time remaining calculations now influenced by data rates
* [5.1] Fixed rating engine was recording only the first historical update when rating a request
* [5.1] Fixed display of invalid AES decryption warnings
* [5.1] Added Emerald decryption support for results of query based data filters
* Added Boingo encrypted attribute support
* [5.1] Added MS Vista PEAP bug workaround for vista client compatibility

Radius 5.1.19, 4.0.82 - 9/18/2006
--
* Added support for 16-bit Alcatel VSAs
* Added when NAS-Port equals 0 and NAS-Port-ID or another port identifier is avaliable use this instead of NAS-Port
* Added preference internal class attribute least when using attribute filter variables with multiple class attributes
* [5.1] Fixed rating engine update

Radius 5.1.17, 4.0.81 - 7/6/2006
--
* Fixed Password replace feature would incorrectly set password blank when password was ANY or WINNT/UNIX and CHAP authentication is used
* Added SecureRandom configuration option to allow disabling the use of operating system provided random numbers
* [5.1] Fixed incorrect secret when sending outgoing proxy requests using Emerald v5 password encryption with encrypted shared secrets
* [5.1] Added support for online port clear stored procedure RadClearNAS and database configuration option SQLClearNAS
* [5.1] Fixed authentication rating engine errors
* Added expiration dates now include time of day information
* [5.1] Added support for UNIX MD5 encrypted passwords

Radius 5.1.16, 4.0.80 - 3/9/2006
--
* [5.1] Added support for limiting total time a proxy accounting record can remain queued (QueueMaxTime)

Radius 5.1.15, 4.0.80 - 2/15/2006
--
* [5.1] Added support for a virtual NAS-Port if one is not provided by the RADIUS client
* Fixed AV caused by external authentication API attribute checking
* [5.1] Added accounting upload query timeout setting
* Fixed allow proxy of initial request when all roam servers in group are over max rate in store and forward mode
* Fixed load balanced retries may prevent proxy servers that are not responding from being quickly detected
* Fixed allow delayed response removal for authentication requests
* Fixed allow proxy authenticator history for authentication requests
* Fixed roam server reconfigure requests did not transfer current state for all members of a roam domain
* [5.1] Fixed substring attribute filter and proxy attribute match types are now case insensitive
* Fixed proxy retry rate for down proxy servers was not restricted to the proxy check interval
* Fixed do not allow proxy request duplication when one or more servers are unavaliable
* Fixed increase retry partitioning for store and forward proxy mode
* [5.1] Fixed rating engine classifier database errors were being reported as memory allocation errors
* Fixed entering 0 in auth or accounting port field of a roam server now causes authentication or accounting messages to be ignored
* Fixed remove delay between detection of a down accounting server in store and forward mode and resetting of the effected proxy records retry counters
* Fixed AV introduced in 5.1.6 while processing unrecoverable malformed packets
* Fixed allow processing of packets containing unknown attributes with unknown proprietary VSA formats

Radius 5.1.10, 4.0.79 - 1/31/2006
--
* [5.1] Fixed AV caused by use of auth req + resp attribute filter with a destination type of Reject containing destination data
* [5.1] Fixed when using an attribute filter of source type Auth Proxy Out and a destination type of Reject the destination data field is not passed in the reply-message attribute of the access-reject
* Fixed RADIUS messages with no attributes were ignored as invalid
* [5.1] Added custom logging auth out source type now has access to many local access reject messages
* [5.1] Added support for request nak conversion via sql query merge type when VID and AID are 0 Data becomes reply-message
* [5.1] Added include connection group name with accounting spooler related messages
* [5.1] Added proxy queue updates
* [5.1] Added default proxy rate limiting for store and forward accounting mode.  It is still recommended proxy forwarding rates be defined while using this mode
* [5.1] Added authenticator history to validate multiple responses to the same request
* [5.1] Added delay for proxy response removal to allow for secondary responses
* [5.1] Fixed add Acct-Delay-Time attribute with local delay if attribute is not included with accounting record
* [5.1] Fixed ADIF logging errors
* [5.1] Fixed authenticator validation error is incorrectly displayed when validating proxy accounting retry response where retry has changed since initial request
* [5.1] Fixed authentication input attribute filters with a merge type of filter replace may cause an AV
* [5.1] Fixed connection group specific accounting upload queues will eventually incorrectly switch to the default accounting datasource
* [5.1] Fixed allow attribute filter data fields to contain values exceeding the RADIUS per attribute size limit

Radius 5.1.6, 4.0.77 - 12/30/2005
--
* [5.1] Added 'distribution key' search type for attribute filtering and attribute proxy to allow attribute-based deterministic load balancing
* [5.1] Added separate accounting queues for each connection group
* [5.1] Added merge type of 'log query to accounting' which queues filter SQL queries into the accounting spooler
* [5.1] Fixed show contents of attribute filter queries while ODBC debugging is enabled
* [5.1] WIN32: Fixed background database test may not report the correct status information when more than one type of ODBC datasource is used
* [5.1] Added custom logging only attribute filter source types
* [5.1] Default Oracle procedure calls no longer use package syntax. Existing Oracle installations still using the Radius package should choose the 'RadiusNT/X 5.0 compatibility for Oracle' profile from the custom settings menu within the RadiusNT/X administrator to maintain compatibility with existing stored procedures
* [5.1] Added ability to log unknown attributes via the attribute filtering system
* [5.1] Added rating engine updates to support rating outside of RateHistory
* [5.1] Fixed accounting query retries should not be attempted after an ODBC error with a state class of 37

Radius 5.1.5, 4.0.76 - 11/22/2005
--
* [5.1] Fixed sequence conflict when initially decrypting Emerald v5 AES encrypted shared secrets
* [5.1] Fixed while sending a proxied access-accept message with a configured proxy source port the configured port may be used as the source port instead of the origional destination port of the associated request
* Fixed proxy responses with a matched proxy state having an invalid authenticator should not count as receiving a response to an outstanding request

Radius 5.1.4, 4.0.75 - 9/26/2005
--
* [5.1] Added support for Emerald v5 AES password encryption
* [5.1] Added global attribute filtering variable change option

Radius 5.1.3, 4.0.75 - 8/3/2005
--
* [5.1] Added real-time rating engine
* Fixed require exclusive rather than shared access to all authentication and accounting UDP listen ports
* Fixed time stamp of call records logged to a MySQL database are incorrectly formatted
* Fixed passivly detecting when a proxy server has recovered from a failure may not occur in some cases
* Fixed allow per-user concurrency control logon limits to exceed 253 concurrent sessions
* Fixed when text and database mode is enabled logging accounting records to local files should be disabled
* Fixed command line option '-f' to test all database connections and exit was not displaying the database status
* Fixed removed unecessary service type reloads while caching is disabled
* Fixed attempting to locate internal proxy state for records without a proxy state attribute should only be done while the request does not contain a Proxy-State attribute with a local prefix
* Fixed proxy authenticator validation may fail intermittently while proxying accounting records
* Fixed while proxying requests under high load packets may occasionally be routed to the wrong destination
* Fixed removed possibility of responding with an authentication ack if the Session-Limit attribute is zero
* Fixed treat-as-local roam server setting was not enforced for requests routed using proxy-attributes
* Fixed using Tunnel-Password in a reply attribute can lead to a malformed response
* Fixed using tag attributes in proxied reply can lead to a malformed proxy response
* Fixed when proxying a response containing Tunnel-Password the attribute is decrypted incorrectly in some cases

Radius 5.0.58, 4.0.74 - 7/3/2005
--
* Fixed DNS should not be used to discover NAS-IP-Address when only NAS-Identifier is avaliable for concurrency enforcement
* Added year 2038 workaround

Radius 5.0.57, 4.0.73 - 6/5/2005
--
* Fixed enabling logged accounting may decrease maximum accounting upload rate by ~60%
* Fixed logged accounting did not cover queue backlogs
* [5.0] Added user selectable source port for all outgoing proxy authentication and accounting requests
* [5.0] Added custom attribute filtering extensions

Radius 5.0.55, 4.0.72 - 5/2/2005
--
* Fixed sensitive data should not be reported to syslog servers
* [5.0] Added allow log file locations to change without requiring RadiusNT/X to be restarted
* Fixed cases of general messages being incorrectly routed to the authentication log file
* [5.0] Added support for multiple listen addresses and listen ports
* Added options to control interface from which to proxy authentication and accounting requests
* [5.0] Added server now listens on ports 1645 and 1646 for authentication and 1646 and 1813 for accounting by default
* Fixed when not specified default pathnames for authentication and accounting logs are now assigned
* Fixed account expiration in some cases may occur several hours before or after midnight 
* Added improved debug output for packet codes and packet source address
* Fixed possible conflicts with attributes of the same name and vendor while displaying RADIUS dictionary values
* Fixed EAP-MSCHAPv2 password retry failure on subsequent password retries after password is entered incorrectly on first attempt

Radius 5.0.54, 4.0.71 - 4/8/2005
--
* [5.0] Fixed when using a custom authentication query and the TimeLeft column is NULL limits must not be enforced rather than reflecting the account has no time remaining
* Fixed additional exemptions for constraint error filter for MSSQL and Sybase when recording accounting data
* [5.0] Added maximum store and forward accounting mode retention setting
* Fixed validate proxied response authenticator for authentication and accounting responses
* Fixed validate proxied message authenticator for authentication responses
* Fixed message signature validation fails when 'always use digitial signatures' is disabled and EAP authentication is not used
* Fixed prevent sending multiple signature attributes when proxying EAP auth responses with 'always use digital signatures' enabled
* Added improved minimized memory usage behavior on low memory
* Added sequence numbering for proxy state attributes
* Added improved authenticator related error messages
* Fixed prevent accounting upload retry for non connection oriented classes of errors
* Fixed VSA sub-attributes containing one byte or less may incorrectly be marked as malformed
* Fixed when proxying auth requests containing the signature attribute the signature is incorrectly based on the client secret rather than the remote RADIUS servers secret
* [5.0] Fixed when rejecting an authentication request based on an authentication input filter the reject message contains an invalid response authenticator

Radius 5.0.50, 4.0.70 - 3/4/2005
--
* [5.0] Fixed removed special check used to reject accounting records with a username of 'Reject'
* [5.0] Added when setting an accounting table such as the Calls table to 'none' logging is disabled for that table however the accounting request is still acknolwedged
* [5.0] Added index and marshalling optimizations

Radius 5.0.49, 4.0.70 - 2/24/2005
--
* Added when recording accounting Call records ignore Acct-Delay-Time in CallDate calculation where Acct-Delay-Time is greater than a year
* [5.0] Fixed custom queries and attribute filter definitions containing variables may in rare cases become corrupt until their configuration is refreshed
* [5.0] Fixed oracle default account lookup query error
* [5.0] Added 'Auth Proxy Resp' filter source option allowing authentication proxy responses to be matched and modified
* [5.0] Fixed second result set of a custom configured SQLRadGetUser query was ignored
* [5.0] Added 'Virtual class attribute' feature allowing RadiusNT to correlate accounting requests with authentication responses for clients not supporting the 'Class' attribute
* Fixed include a partition ID in IEA Class attribute to prevent proxied local attributes from being decoded by other organizations also using RadiusNT

Radius 5.0.45, 4.0.69 - 2/3/2005
--
* Fixed number of proxy retries for authentication and non-store-and-forward accounting proxy modes were sometimes more than the configured retry count
* Fixed request authenticator was resent on the first retried proxy authentication response instead of the new authenticator sent with the initial response
* [5.0] Added request replay now works for proxied requests improving performance over unreliable links
* [5.0] Added 'Ignore client retry policy' proxy option allowing RadiusNT to discard unecessary retransmission attempts from the requesting client
* Fixed accounting records should not be acknowledged while column information for the accounting Calls table is unavaliable
* [5.0] Fixed packet replay system did not work for accounting records
* [5.0] Added improved packet replay checking and raised minimum possible replay history size
* [5.0] Fixed authentication responses may in a rare case be delayed by 15 seconds

Radius 5.0.43, 4.0.68 - 1/14/2005
--
* [5.0] While starting in database mode and no database server is avaliable RadiusNT should refresh its configuration as soon as the database becomes avaliable while persistant caching is enabled
* Added more descriptive error text for EAP-PEAP errors
* [5.0] Fixed RadGetUser parameter discovery is not retried on failure, default parameters were assumed should discovery fail during startup
* Fixed while restoring presistant cache in database mode the use of service type default attributes were always assumed ignoring any user specific attributes

Radius 5.0.42, 4.0.67 - 12/08/2004
--
* [5.0] Fixed while reconfiguring RadiusNT with SNMP polling enabled, realtime concurrency checking is not automatically disabled
* Fixed EAP-MSCHAPv2 authentication fails if authenticating clients provide a realm while domain trimming is disabled
* [5.0] Added support for including only dynamically added filter attributes to subsequently used attribute variables
* Fixed RADIUS authentication proxy may retry more than configured number if store and forward proxy mode is enabled
* Added EAP authentication requests may now be proxied
* Fixed while proxying a request containing a message signature the signature is now recalculated
* Fixed challenge responses could not be forwarded to remote proxies
* Fixed access challenge responses were not forwarding Proxy-State attributes from remote proxies
* Fixed EAP-GTC method will no longer send password field description unless challenged for improved compatibility with Cisco clients
* Fixed EAP-PEAP v1 version negotiation failure
* Fixed EAP inner authentication identity must be authoratative when avaliable
* Fixed EAP now allows responses of type identity to authentication requests of other methods provided a response is forthcoming
* UNIX: Fixed proxy retry timer may hang until next incoming request is received
* Fixed while proxying an authentication response containing tunnel encrypted attributes the attributes were not being correctly re-encrypted
* Added clearer error messages for external authentication and cases where multiple auth attempts are made
* Fixed possible AV while loading a specific service types attribute list where no attributes are present for that service type

Radius 5.0.39, 4.0.63 - 10/11/2004
--
* Fixed while proxying a CHAP request containing CHAP-Challenge this attribute is sent twice during the authentication request to the remote server
* Fixed Rad Rejects may not match attributes having a string data type

Radius 5.0.38, 4.0.62 - 8/18/2004
--
* Fixed AV displaying attribute debug having timestamp data
* [5.0] Added support for HostIP attribute filter source type
* [5.0] Fixed AV when Active field is present using v5 RadGetUser result sets
* [5.0] Fixed packet replay does not work correctly when used with proxied responses

Radius 5.0.36, 4.0.60 - 6/20/2004
--
* [5.0] Added support for calculating session limit to reflect an accounts expiration date
* Added support for 3GPP2 session encryption keys
* Win32: Fixed bind IP address listing in RadiusNT admin did not show multiple addresses per interface

Radius 5.0.35, 4.0.59 - 6/3/2004
--
* [5.0] Added support for SIP proxies (HTTP digest authentication)
* Added option to allow or deny concurrency enforcement on a per RADIUS client basis
* Changed some NASes behave incorrectly while reply-message is sent in access-accept, removed reply-message for this case
* [5.0] Added allow attribute filters of destination type auth/acct proxy out to modify the outgoing User-Name attribute
* [5.0] Added support for destip in the destination group of output attribute filters
* Added support for explicitly denying server port access

Radius 5.0.31, 4.0.57 - 4/12/2004
--
* Fixed proxy attribute matching problem which could cause requests to be routed to the wrong roam server
* Added additional format checking to proxy store and forward ADIF logging
* Fixed possible AV when processing proxy out attribute filters with a destination type of merge replace
* Added informational debug for LDAP authentication
* Fixed LDAP authentication failure using internal comparison of password attributes

Radius 5.0.29, 4.0.56 - 2/16/2004
--
* [5.0] Fixed SQL query destination merge type should use SQL variable encoding rules
* Fixed increased VSA format error checking to prevent errors from leading to unnecessary attribute decoding problems
* Fixed problem finding port information for IP pooling and server port access
* Fixed LDAP authentication failure using bind to auth with the netscape/sun directory server
* Added preference for NAS-Port over NAS-Port-ID for accounting record port selections

Radius 5.0.27, 4.0.55 - 11/17/2003
--
* Fixed response string conversion errors while processing an external auth methods mapped attributes
* Fixed attribute mapping system incorrectly required at least one attribute value before it can initialize
* Added support for NAS-Port-ID as NASPort
* Fixed NASIdentifier and NASPort fields in Calls were not being restricted by size
* Fixed removed incorrect ignore for 22xxx class of errors from accounting spooler
* [5.0] Fixed incorrect AVP value matching in Proxy attribute and attribute filtering system
* [5.0] Added $serverip variable to destination data field of the attribute filtering system
* Fixed unmatched proxy domain causes an auth trim regardless of the global trim setting
* Fixed when loading RADIUS clients from a database and the IP Address field has trailing or leading spaces that client entry is ignored
* Added use hardware sources for random numbers when possible
* [5.0] Added attribute filter source to allow searching request attributes to conditionally modify response attributes
* UNIX: Fixed when using Sybase ASE accounting and authentication performance is diminished after receiving a duplicate accounting request
* [5.0] Fixed error reading RadGetUser procedure parameters with Sybase ASE 11.9.2
* [5.0] Fixed Auth Proxy Req+Resp source type 'destination ip' and 'client ip' reversed
* Fixed when time banking is enabled and an account has no time limit smart caching should be allowed

Radius 5.0.22, 4.0.54 - 10/16/2003
--
* Fixed supporting crypto and database driver updates
* [5.0] Fixed RadGetUser Password parameter passed even when the parameter is not part of this stored procedure
* Fixed allow treat as local to completely override the global trim setting
* Fixed malformed response while sending tag integer attributes
* Fixed timestamp datatypes not being sent in auth response
* [5.0] Added $timetstamp filtering variable to report current time in RADIUS datetime format
* [5.0] Added destination merge type of SQL query to attribute filtering system
* [5.0] Fixed incorrectly restricting application of destination filters based on their filter type
* Fixed domain not stripped for auth when global trim is disabled and a proxy server with 'treat as local' enables strip domain
* Fixed disable accounting despooler in text-only mode
* Fixed ServerID/AccountID columns may appear multiple times in Calls update due to a NAS incorrectly sending duplicate Class attributes

Radius 5.0.17, 4.0.51 - 9/27/2003
--
* Fixed EAP-GTC does not work in conjunction with PEAP
* UNIX: fixed AV while generating PEAP session encryption keys
* Added -X4 option to enable EAP packet level debug
* Added support for restricting PEAP version negotiation to v0 for improved client compatibility
* Fixed EAP authentication was incorrectly disabled in text only mode

Radius 5.0.15b, 4.0.49 - 9/16/2003
--
* Fixed rare condition when multiple accounts have the same username not all may be able to authentication after the server has been running for quite some time
* Fixed ServerPorts clear may not work in some roaming environments where NASIdentifier is avaliable in ServerPorts
* [5.0] Added LDAP password attribute option to allow authentication without re-binding to the directory
* [5.0] Added configuration option to set 'ServerPorts' table name
* [5.0] Added support for SMD5 and SSHA passwords
* Fixed proxy attributes should be concidered for proxy before realm
* [5.0] Fixed attribute proxy groups may not all be concidered for proxy
* Improved SNMP client, support for loading multiple mib files, improved error reporting and thread safety
* Fixed SNMPTimeout configuration option was in microseconds instead of milliseconds
* [5.0] Fixed auth work thread lockout when a malformed packet is received
* Fixed existance of expired keys may incorrectly cause RadiusNT/X to stop working at midnight
* Fixed attribute proxy should be enabled if auth or acct proxy is enabled
* [5.0] Fixed AV with invalid directory/file when writing persistent auth log to disk
* Fixed command triggers can fire in text-only mode
* Fixed ignore #CACHE hint parameters in text-only mode

Radius 5.0.13b, 4.0.47 - 8/28/2003
--
* Fixed memory leak during auth when class and timebanking are enabled
* [5.0] Fixed AV processing proxy reject attributes with specific orders of proxy state
* Fixed User-Password attribute was limited to first 16 characters while proxying a request
* Fixed reply attributes not being sent for rejected proxied requests
* [5.0] Fixed double reload of proxy clients database at startup or reconfigure
* UNIX: Fixed IP pooling may not return reply attributes

Radius 5.0.10b, 4.0.44 - 8/12/2003
--
* Fixed after reloading the users file, accounts no longer in the users file may still authenticate
* [5.0] Fixed deadlock updating the user database under heavy load

Radius 5.0.9b, 4.0.43 - 8/8/2003
--
* UNIX: Replaced Merant ODBC manager and database drivers
* Added Client IP checking to server access and allow matching on any combination of null parameters
* [5.0] Fixed AV while refreshing DNIS information
* [5.0] Fixed a problem logging cached data when persistent auth is enabled

Radius 5.0.8b, 4.0.41 - 7/17/2003
--
* Fixed AV when class server/account tracking is enabled and no other attributes are sent during an auth response
* Added refresh of roam clients list whenever the roam server profile is refreshed
* [5.0] Allow multiple concurrent requests for LDAP, NT, token and TACACS+ clients
* [5.0] Added alternate profile support for bad authentication requests
* [5.0] Added option for reloading the Servers table/clients file at regular intervals
* [5.0] Fixed deadlock while reconfiguring server under heavy load
* [5.0] Fixed rare 'user not found' response while refreshing a database user who has multiple authentication requests pending
* [5.0] Fixed AV shutting down under heavy load with packet replay enabled
* [5.0] Added nasid,port,null service type check and null,null,null to server port access

Radius 5.0.7a, 4.0.40 - 7/8/2003
--
* Fixed attributes with no data do not display in attribute debug messages
* Fixed parsing bug which may incorrectly assign attributes after encountering certain types of malformed VSAs
* Fixed a rare concurrency problem updating the internal user database
* [5.0] Added support for several new IP filtering fields
* Fixed user session limits were being concidered in some cases even if time banking is disabled
* Fixed cases where special attributes were being processed without first checking vendor ID
* Fixed unknown attribute error text for db account attributes

Radius 5.0.4a, 4.0.39 - 5/29/2003
--
* [5.0] Added RadGetUser support for $serverid and $serverip
* [5.0] Fixed attribute filtering attempts to load, if enabled while operating in text only mode
* Fixed configuring a calls table named something other than "Calls" still references "Calls" in some cases
* Fixed long attribute or attribute value names fail to load from text dictionary
* Fixed using Oracle with RadiusNT may not reconnect if database connection is lost
* Fixed display database error message if column information for accounting table fails to load
* Improved handling of multiple accounts with the same username and password
* Fixed force database lookup when smart caching is enabled, time banking is enabled and the user has a set time limit
* Fixed lookup problems where complete dictionary does not load

Radius 4.0.38
--
* Fixed rare database connection pool leaks
* Fixed better transaction handling for backlogged accounting data
* Debug message updates
* Proxy state messages may be confused with other attributes of the same id
* Fixed don't try second result set in RadGetUser if query fails
* Fixed sql escape causes AV with configured RadGetUser
* Log warning message if attribute data is truncated to fit length restrictions of the Calls table
* Fixed memory leak and loss of proxy state information while proxying requests that timeout
* Fixed proxy store and forward mode was not limiting resend of queued messages while all destination servers are down
* Fixed proxying date attributes such as Event-Time cause malformed packets
* Fixed inaccurate auth/acct statistics while proxying specific types of requests

Radius 4.0.35
--
* Fixed malformed packet proxying RADIUS requests with tag attributes

Radius 4.0.34
--
* Fixed text dictionary does not load correctly if it contains attributes with an id of zero

Radius 4.0.33
--
* Fixed changing RadiusNT/X web admin password now sets the common configuration password
* EAP-PEAP, EAP-LEAP and EAP-MSCHAPv2 updates
* Added support for PEAP session encryption keys
* Fixed error in encryption of tunnel/MPPE attributes corrupted keys after first 16 bytes
* Fixed proxy not using stored authenticator for retried requests
* MSCHAPv1/2 updates
* Fixed MSCHAPv2 authentication now sends MPPE keys

Radius 4.0.32
--
* Fixed false no attributes error when only VSA's having an Attribute-ID of 0 are used
* Fixed error parsing vsa attributes with a VSA lenght of less than two
* Fixed EAP ID for ack/nak based on received packet instead of RADIUS ID
* Fixed EAP-LEAP now sends access-challenge after authenticating the client instead of access-accept
* Fixed EAP sequence problem

Radius 4.0.31
--
* EAP-PEAP updates
* Added support for Emerald express license keys

Radius 4.0.30
--
* DNIS and server port updates
* Added support for EAP-MSCHAPv2
* Added checking to prevent downloading incomplete DNIS access lists
* EAP-PEAP updates

Radius 4.0.29
--
* Fixed memory leak decoding some types of malformed attributes
* Fixed possible AV while using EAP authentication
* Added support for EAP-GTC

Radius 4.0.28
--
* Added support for RSA SecureID v5 two-step auth
* Fixed various EAP memory leaks
* Added support for Cisco EAP-LEAP

Radius 4.0.27
--
* Fixed EAP state problem when EAP is never used
* Support for checking radius request attributes against multiple check attributes
* Added support for EAP fragments

Radius 4.0.26
--
* Fixed Attribute proxy now works with accounting requests
* Added EAP/MD5 support
* Fixed Server proxy was recording accounting locally while local proxy was disabled.

Radius 4.0.24
--
* Added support for Message-Authenticator (RFC 2869) checking
* UNIX: Fixed high CPU usage while any proxy options are enabled

Radius 4.0.23
--
* Fixed prefer roaming trim settings over global trim when using treat as local

Radius 4.0.21
--
* Fixed AV when trying external auth methods assigned to a domain.
* Fixed external auth not associating domains if the method matches on domain and no user domain is defined.

Radius 4.0.20
--
* Fixed no attributes error with service types longer than 15 characters
* UNIX: Fixed sig_pipe on rdbms connection error causing radius to restart
* UNIX: Fixed sql cursor state errors after reconnecting to Sybase
* Fixed AV while populating ServerPorts table in custom (-D1) mode only
* UNIX: Fixed AV while displaying acct queue warning message for non Calls data

Radius 4.0.17
--
* Fixed Radius gets cought in a loop using 100% CPU time after receiving certain types of malformed VSA attributes.

Radius 4.0.15
--
* Fixed AV and data corruption while responding to some proxy requests

Radius 4.0.14
--
* Fixed Radius odbc connection error if it's using the Emerald common dsn config and a read only Emerald dsn is defined.
* Fixed accounting pre trims don't work while proxy is disabled.
* Fixed Radius packet corruption when sending VSA ascend data filter attribute in access accept

Radius 4.0.13
--
* Fixed sync problems in the DNIS cache also don't cache DNIS if DNIS access is disabled
* Fixed Include blank ('') Username in Calls query when the Username attribute does not exist in an accounting record
* Fixed overflow displaying values of large unknown attributes

Radius 4.0.12
--
* Fixed multiple attributes of the same name from an accounting request cause the ServerPorts update query to fail.

Radius 4.0.11
--
* Fixed Extra ',' in ServerPorts update query when AccountID exists in ServerPorts, manual calls update is enabled and an AccountID is passed via the Class attribute to ServerPorts.

Radius 4.0.10
--
* Fixed authentication query errors if the accounting RDBMS type is different from the auth source.
* Fixed query updates for manual ServerPorts update.

Radius 4.0.9
--
* Fixed in most cases wrong Service Type information is passed to the IP pooling stored procedure.  This can lead to assigning addresses from the wrong pool.
* UNIX: Oracle updates to prevent database errors calling stored procedures.

Radius 4.0.8
--
* Fixed per roam domain disabling accounting or authentication for proxy prevented Radius from trying the remaining roam servers.
* Fixed some per roam server configurations were being confused with other roam servers.

Radius 4.0.7
--
* Fixed non-common ODBC passwords not being pse decrypted.
* Fixed radlogin update to support tag attribute types in the latest dictionary file.
* Fixed LDAP search password was not being pse decrypted causing non-anonymous LDAP searches to fail.

Radius 4.0.6
--
* Fixed if accounting proxy is enabled and an accounting record with a realm is not proxyable it should be recorded locally
* Updated dictionary file and added support for reading new types (attribute tags)

Radius 4.0.5
--
* [3.0.205] While using auth-any auth requests are rejected when CHAP is used.

Radius 4.0.3
--
* Fixed time of day restrictions wouldn't allow 0 start or stop times.

Radius 4.0.2
--
* Fixed auth-API should send user->msg in the reply message attribute on auth reject
* Fixed not loading odbc username and password when using Radius vs common configuration

Radius 4.0.1
--
* Fixed database error while caching DNIS prevents other queries from running

Radius 4.0.193
--
* Fixed Radius using incorrect AccountTypeID
* Fixed default auth/acct roam server ports should be the Radius servers default
* Fixed GlobalSecret not working for authentication requests
* UNIX: Fixed in trend mode stop records without port numbers cause RadiusX to crash/restart
* Merant licensing updates
* 3.1 is now 4.0

Radius 3.0.191
--
* Fixed when caching is disabled cached accounts that are in-active accounts are still able to login
* [3.1] Fixed several odbc compatibility problem with Sybase against a 3.0 Radius database
* Added enable AuthAPI and Proxy via License key feature flags

Radius 3.0.190
--
* Fixed can now read AccountType labels up to 30 characters
* Fixed account out of time logging message did not include a username
* Fixed smart cache loosing overlimit and startdate[3.1] attributes for updated users after a cache update
* [3.1] Fixed concurrancy control checking using new concurrancy proc without AccountID does not work
* Improved smart cache memory usage

Radius 3.0.189
--
* Fixed concurrancy control checking against the accounting DSN, not the authentication DSN
* [3.1] Added global DNIS reverse option (Accept is default, listed numbers are denied access)
* [3.1] Added pwcheck routine to external auth API
* [3.1] Added daily license checking to periodically print expiration warnings

Radius 3.0.188
--
* (RQST10063) Fixed AV while loading incorrect Ascend binary filter attributes
* Fixed Ascend binary filter attributes passed in reverse order
* [3.1] Fixed Oracle load rejects not using an Oracle stored procedure
* Fixed missing terminating ';' character in oracle serverports update query
* Fixed Oracle should not report some types of query errors
* Fixed non-mssql accounting was able to send more than one accounting record per query
* [3.1] Fixed port field in Online Update restricted to numeric values
* (RQST9862) WINNT Fixed unix password file lookup leaks one handle per lookup
* [3.1] Added improved tacacs+ error messages
* [3.1] Fixed when authenticating database users externally - log any external database errors
* [3.1] Fixed tacacs+ authentication causes AV when tacacs hostname not specified
* Fixed when cache write is enabled possible AV while dumping RadReject information to disk
* (RQST9816) Fixed ServerAccess checking may incorrectly allow/deny port access

Radius 3.0.186
--
* (RQST9707) Fixed expiration dates took effect one day after they should have
* [3.1] Added support for time-banking with second accuracy

Radius 3.0.185
--
* [3.1] Added 'pairappend' to external auth api
* [3.1] Added smart cache support for account start date and inactive accounts
* [3.1] Added MSChap V2 support
* Fixed Attribute handling to better handle string types containing binary data
* Fixed SHA-1 password checking always fails
* [3.1] Added contents of unknown attributes to debug output
* [3.1] Added MSChap V1 support
* Fixed date attribute is always set to 0 after receiving a date attribute
* Fixed radius date to rdbms specific date conversion error while logging accounting data
* [3.1] Added support for RFC2548 MS-MPPE-Send-Key and MS-MPPE-Recv-Key attribute encryption
* Fixed when clearing server ports via accounting on/off no ports are actually cleared
* [3.1] Added RadgetPoolConfigs now passes AccountTypeID instead of AccountType if avaliable
* Fixed not proxying Accounting when server proxy is enabled, client doesen't have a Roam server defined and the request should be proxied via a domain match
* Added VSID support to proxy attribute checking
* [3.1] Fixed retried proxy requests were always sent from the auth port
* [3.1] Fixed load balancing bug which drops proxy requests when recv rate is over RateMax in store and forward mode
* [3.1] Fixed rate limiting causing packet flood while all proxy servers are down
* [3.1] Added proxy store and forward optimization
* [3.1] Fixed proxy store and forward when moving from at least one good server to all down not all retry counters on current requests were being reset

Radius 3.0.184
--
* [3.1] IP Pools can send previous attributes in result set before nack.
* [3.1] Removed NASPortName
* [3.1] Added proxy load balancing
* [3.1] Added Store and forward log
* [3.1] Added Tunnel attribute support (RFC 2868)
* NASPort now also handles string values provided the NASPort column in the database supports it.
* (RQST9545) Fixed memory leak while updating calls online when NASIP does not exist.

Radius 3.0.183
--
* (RQST9293) Fixed database usernames were restricted to 32 characters

Radius 3.0.182
--
* (RQST9294) Server Port Access no longer requires Port to be present in
* [3.1] Fixed external auth name memeory error while starting radius
* (RQST9295) Fixed AV reading large column labels from RadAttributes
* (RQST9117) Fixed if attribute name of nasidentifier is changed it is not logged if the column exists in the Calls table as other attributes
* (RQST9009) Fixed don't resend our proxy state while replying to requests
* (RQST9296) Added proxy loop detection
* [3.1] Fixed NASPortName should be converted to NASPort if NASPort doesen't exist when creating call records
* [3.1] ACE: Fixed support for next token code and pin changing

Radius 3.0.179
--
* (RQST9297) Fixed radius was not preferring odbc accounts over a user file account
* [3.1] RadGetPoolConfigs now processes multiple result sets

Radius 3.0.178
--
* [3.1] (Desktalk) Added NASPortName for voip
* (RQST9138) Fixed AV while receiving accounting records
* (RQST8648) Shared secrets can now be larger than 15 characters while proxying requests

Radius 3.0.177
--
* (RQST9056) UNIX: Fixed Radius restarts itself on auth if concurrancy control is enabled.

Radius 3.0.176
--
* (RQST8878) Fixed proxy unknown local users to default proxy not working.
* (RQST8875) [3.1] Fixed database accounts using external authentication sources for password validation was not working.
* (RQST8876) Fixed RadGetProxyAttributes is called several times per minute if no proxy attribute entries exist.
* (RQST8726) [3.0] Fixed memory leak while proxying requests.
* (RQST8648) Shared secrets can now be larger than 15 characters.

Radius 3.0.175
--
* (RQST8707) UNIX: Fixed radius restarts while printing query error messages.
* (RQST8311) Fixed append '\0' to the end of Cisco AVPair attributes.
* (RQST8619) Fixed write integer datatypes as unsigned to display/database.
* (RQST8621) Fixed Access mode ServerPort update query was incorrect.
* (RQST8493) Fixed AV while logging usernames as not found.
* Switched to native ODBC transaction routines.
* [3.1] Added Oracle support for stored procedures.
* (RQST8634) [3.1] Fixed add to AccountDelayTime if it exists for delayed (proxy forwarded) accounting requests.
* (RQST8624) Fixed while forwarding proxy requests Radius does not forward known VSAs.
* (RQST8623) [3.1] Fixed external Auth load messages were not appearing in debug mode.
* (RQST8427) Fixed try to update the database when password replace is enabled and authenticating from a different source.
* (RQST8428) Fixed Remove associated users from the cache after password replace runs successfully.
* (RQST8429) [3.1] Fixed password replace did not work with external auth modules.
* (RQST8436) Fixed time banking cache update was subtracting the smart cache view of timeleft as seconds instead of minutes.
* (RQST8438) DB License updates.
* (RQST8439) [3.1] Rework external auth api to provide pointers to radius memory allocation routines.

Radius 3.0.174
--
* (RQST8280) Fixed manual calls update wasn't falling back to using NASID if a NASIP wasn't sent.
* (RQST8279) Fixed workaround for missing LastModifyDate column in SubAccounts in MSAccess mode when time banking is enabled.
* (RQST8278) NT: Fixed Radius Administrator would not allow editing datasource names.
* (RQST8277) Fixed when manual calls update is enabled (Using MSSQLServer or Oracle databases) a malformed query causes ServerPorts update to fail.
* (RQST8276) Fixed ignore primary key constraint errors when recording call records in MSAccess mode.
* Fixed truncate data when over column size in manual calls update.
* [3.1] (RQST8275) Fixed LDAP Auth doesen't reconnect after LDAP server problem when using direct key searches.
* [3.1] (RQST8274) Fixed when enterprise key is detected say 'Enterprise features enabled' instead of 'Professional'.
* (RQST8273) Radius with manual calls update was double accounting for Account Delay time in the update decision. ServerPorts does keep correct time.
* [3.1] Added support for IP Pooling
* (RQST8116) Fixed database test routines would take an unreasonable amount of time to mark connections bad.  (Floor was sum of connection slots vs distinct datasources)
* (RQST) Fixed reply attribute memory leak when authentication is rejected for some reasons.
* [3.1] (RQST8164) Fixed LDAP search now removes 'attribute=$domain' entirely instead of 'attribute=*' in direct lookup mode.

Radius 3.0.173
--
* (RQST7983) Fixed crash caused by attribute-pair copy routine corrupting some types of string data.
* (RQST8126) Fixed generic (Non IP) Ascend data filters were not being processed.
* (RQST8119) Fixed crash while proxying accounting by server proxy and no username in request.
* (RQST8104) Fixed manual Calls update query for MSAccess was wrong, would not update server ports.
* (RQST8096) Fixed Maximum number of Calls and ServerPorts table columns to populate raised to 150 from 40.
* (RQST8098) Fixed memory leak while receiving non accounting packets on accounting port.
* (RQST8099) Fixed when AcctMaxBatchItems is 1 (Default) and the despooler is backlogged two items can be sent in a single batch.
* (RQST8100) Fixed turn off XACT_ABORT in accounting despooler when explicit transactions are disabled.
* Fixed radius packet corruption sending non-usr VSA's of type Integer or IP Address.
* Logging Updates

Radius 3.0.172
--
* (RQST8015) Fixed Global trim was being used over the trim option defined for roam servers.
* (RQST8016) Fixed manual Calls update query for MSAccess was wrong, would not update server ports.
* Fixed Manual Calls update now nulls unused columns in the ServerPorts table during acct start/stop.
* Fixed non ODBC database users can be removed by the smart cache.
* (RQST8000) Fixed When the ignore case option is not set to 1 or 0 SNMP concurrancy checking always fails.
* Fixed Concurrancy online debug output was showing incorrect number of users online.
* Added Manual service update now also subtracts time from the smart caches time left.
* Fixed roam server with treat as local enabled would not ack accounting records.

Radius 3.0.171
--
* Fixed Accounting proxy required the trim domain option to forward accounting requests to a proxy server.
* Added Interrupt startup database test after reciving shutdown signal.
* 2.5 style dictionary load stats.
* (RQST8014) Fixed username not getting trimed correctly when trim domain is enabled and the username contains leading and trailing white-spaces.
* Fixed a possible memory leak in proxy roam checking.
* Accounting call date now takes AcctDelayTime into concideration.  Emerald 2.5 users should modify their calls trigger to not account for AcctDelayTime in the ServerPorts table.
* Fixed problem where last used time is initially not set causing most entries to be expired from the cache.
* Maximum port session time wasn't being concidered calculating a session limit.
* (RQST 7795) Fixed session timeouts were not being set when time banking is enabled.
* Added support for multiple VSA attributes encoded in a single radius attribute.
* Fixed a proxy problem who could cause radius to crash.
* If all odbc datasources are not avaliable and the user isn't found in the smart cache radius will ignore the request before testing it against external authentication such as a UNIX password file or NT SAM.
* Fixed manual ServerPorts update query for MSAccess was wrong and therefore would not update server ports.
* UNIX: Workaround for odbc driver memory leak on Solaris.
* Added CacheDisable registry option to require a database check on every authentication.
* Added VSAMap registry option to enable VSA Attribute mapping for accounting.

Radius 3.0.168
--
* Manual service update now uses the authentication datasource over accounting.
* If RAS isn't loaded don't print RAS warning during NT authentication.

Radius 3.0.167
--
* Fixed sending VSA string attributes causes packet corruption.
* Trend: ta_period is now computed internally to make seconds and milliseconds 0.
* Accounting was not reporting some types of constraint violations.
* Fixed a Microsoft ODBC? problem where fetching a row could cause data corruption.
* Logging updates.
* Fixed Cache root directories now default to DataDirectory then the internal default.
* Fixed Several radius directories were not defaulting to the internal default.
* UNIX: Fixed several problems who could cause unix versions of radius to crash.
* UNIX: Removed 90% of ODBC 3.5 bug workarounds - Solaris versions now use ODBC 3.6 multi-threaded drivers.
* UNIX: Radius Administrator updates.

* Fixed small memory leak when the message 'Authentication/Accounting proxy mode disabled' is logged.
* Fixed proxy deadlock when proxying out both accounting and authentication.
* Fixed several server-proxy related problems.  In most cases auto-proxy crashes radius.
* Fixed potential logging problems.

* (RQST 74007) Fixed problem where radius could crash if it receives a null username in an accounting record.
* Roaming auth/accounting descision is now based on the radius request code.
* Radlogs displays *CHAP_SIZE* when there is a chap size problem and *CHAP* otherwise on password compare failures.
* Trim flags for global and proxy trims are now either 1 for auth, 2 for accounting, or 3 to trim both.

* AVP Updates
* Disable cache double check when db password is external auth (WINNT,UNIX..etc) to prevent double checking external sources.

* Fixed attribute debug shows the \0 character in it's output.
* Fixed dbpool better handling of local driver manager and connection limit errors.
* (DEFECT000000007) Fixed proxy attributes to use string length not the length from the radius packet /w chap requests.
* (DEFECT000000006) Fixed RadRoamDomains would not proxy accounting data if the AccountType column is null.

Radius 3.0.162
--
* Fixed NT Sam auth no longer requires special privledges to authenticate.
* (DEFECT000000005) Fixed NT auth /w no domain can cause radius to crash.
* Error message updates.

* Added SNMP Concurrancy backoff when a request times out. SNMPRetry (in seconds) controls how long to wait before retrying the server.
* Fixed startup wait on initial good database connection should depend on the value of NVFlag.
* Added -f command line flag to test database connectivity and exit.
* Fixed not enough connections avaliable sometimes during startup when authenticating /w concurrency checking.
* Manual service update now uses internal time offsets vs getdate() database function.
* SNMP checking shouldn't retry on some types of connection errors.
* Improved Online sync logging to show weather or not the update really effected the ServerPorts table.
* Fixed Online sync & SNMP concurrancy to take the trim domain options into concideration.

* Fixed memory leak in the SNMP Online sync feature (introduced in 3.0.158)
* Fixed SNMP Online sync when account session id's are being used the user should be marked offline when the oid is not found.

* Fixed a problem where Radius would not proxy accounting.
* Fixed proxy list should be thread safe.
* If recording accounting locally and proxying do not ack on local writes.
* Proxy-state now includes an extra 4 random characters to keep proxy states unique.

Radius 3.0.158
--
* Fixed dbpool not rolling back uncommited transactions on db disconnect.
* Fixed a bug who causes unpredictable results when more than one proxy-attribute group is used.
* SNMP faster handling of connection refused.
* Added SNMP ServerPorts sync.
* SNMP logging updates.
* Fixed a minor bug in dynamic ServerPorts update query.

* Fixed accounts in text users file when odbc is enabled should not be checked for login limit or server port access.
* UNIX: AgentX SNMP Stats bug fixes.
* Added SNMPTimeout (In MS) registry entry to control concurrancy check timeouts.
* Fixed on invalid attribute lengths - ignore only the current attribute.
* AA library updates.

Radius 3.0.154
--
* Fixed Y2k bug, using text file accounting logs files were being named in yymmdd format as 1001010 instead of 001010.
* Fixed radius was ignoring stop records only option.
* Added AccountID to manual service update.
* When the -x flag is used all logging to stdout only.
* Fixed bug where a blank username attribute in accounting records would cause radius to crash.
* Fixed double logging of RadGetUser query when odbc debug mode is enabled.
* Fixed SNMP concurrancy check should not count a user as being online if the snmp query fails.
* Manual Calls update is now a dynamic query based on the contents of the ServerPorts table and avaliable attributes.
* Removed double checking by login limit.  Especially with SNMP concurrency enabled it's too expensive.
* Fixed bug in RadGetUser in radiusnt.sql, rad25_up.sql and radiusnt_sybase.sql which prevented users who have not been cached from authenticating.

Radius 3.0.150
--
* Log more queries when odbc debug is enabled.
* Fallback to old RadValues query and log an error when RadVendorID and RadVendorType doesen't exist in an MS Access db.
* When running against an msaccess database the format yyyy-mm-dd is used instead of yyymmdd.
* Added SpoolErrorIntervalSecs to prevent log flooding on low memory or acct queue full conditions.
* Several Oracle specific bug-fixes.
* radius -v works while another copy of radius is running.
* radius -v prints out a complete list of configuration settings.
* Fixed deadlock while refreshing the Server Port Access cache.

Radius 3.0.149
--
* Improved backup datasource ordering to better prefer primary datasources over backups.
* emer25_up.sql Added a 'NULL' default to Calls.Username to allow Radius v3 to accept accounting records without a username attribute.
* Fixed concurrancy checking and serveraccess should be ignored in text only mode.
* Fixed ignore_case option always ignores case even when the option is disabled.

Radius 3.0.147
--
* All dates passed to the database server are now in (iso) yyyymmdd hh:mm:ss format.
* Fixed bug where running 'radius -install' would cause ODBC mode to be changed to text only.
* Sql logging updates.

Radius 3.0.145
--
* Fixed bug where accounting may not be proxyed provided trim domain is enabled.
* RadReject fixes to allow non-string values to be rejected.
* RadRejects fixed problem that could cause radius to crash while checking for rejected attributes.
* Radius Adminstrator now accepts Radius v3 keys.

----------------------------------------------
RELEASE NOTES
----------------------------------------------




----------------------------------------------
TECHNICAL SUPPORT
----------------------------------------------

Should you experience any trouble installing or using RadiusNT/X, please
consider the following technical support options:

Please read the readme.txt and changes.txt files that are included with
your distribution archive. These files contain pertinent up-to-date
information on the software noting any changes, feature enhancements or
known problems.

The documentation manual has much of the information you need to solve
problems. Please re-read the pertinent section to ensure that something
wasn't overlooked. 

Please check out our Web site at http://www.iea-software.com for
announcements, troubleshooting tips, Frequently Asked Questions (FAQs)
and more.

IEA Software hosts a mailing list for RadiusNT/X. This is a
user-supported list and is a great resource for conversing with others
who own the product. You can learn more about the mailing lists at
http://www.iea-software.com/support/maillists/liststart. We host a
searchable archive of the list on our Web site as well.

You can reach our Technical Support Team at (509) 444-BILL (2455) or
support@iea-software.com.

If you still require assistance, we have a variety of support contract
options available via our Web site at
http://www.iea-software.com/support.

You can reach our Sales Team at (509) 444-2455 or sales@iea-software.com.


******************
End of CHANGES.TXT
******************
