Re: [RadiusNT] radius.exe 2.5.175

Dale E. Reed Jr. ( (no email) )
Mon, 17 May 1999 10:47:22 -0700

David Sovereen wrote:
> I threw 2.5.175 in this morning. None of the bug fixes in the release note
> appeared relevent to us, but I figured it was a good idea to upgrade to the
> latest.
> 2.5.175 immediately started complaining about security breeches. We have a
> monitoring system that connects to the RADIUS server every 5 minutes to make
> sure it properly responds. It's not in the server table. I didn't see
> anything in the release note about a change like this, but this is
> definitely different operation from 2.5.162.

There was a re-order in the way RadiusNT checks the validity of a
request coming in (from a legit ip, valid username, etc). However,
I don't see how any client could make a request without being in
the servers table, unless it previuosly was failing the validity
check ABOVE where it checks to see if its from a legit IP (although,
checking the IP is one of the first things it does).

> Second is user Not Found messages in the log file. There are no carriage
> returns at the end of these messages, so the lines get exceedingly long.
> Certain lines in the log file (maximum simultaneous login messages, for
> example) had two carriage returns at the end, putting in extra blank lines
> which were not necessary. I'm all for getting rid of those. But there
> should be one carriage return at the end of Not Found messages.

We've been working on trying to cleanup/reformat a lot of the uneeded
debugging and make sure its under the correct section. I'll see about
correcting these.


Dale E. Reed Jr. Emerald and RadiusNT__________________________________________IEA Software, Inc.