[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Radius 1.3 released.
Radius 1.3 released.
Sat, 20 Nov 2004 21:11:21 +0200
I am pleased to announce the release of GNU Radius 1.3.
GNU Radius is a set of tools for remote user authentication and accounting.
The package includes server daemon, various client utilities, and a set of
For more information on Radius, including links to file downloads,
please see the Radius web page: http://www.gnu.org/software/radius
and the Radius project page http://savannah.gnu.org/projects/radius.
GNU Radius is available from ftp://ftp.gnu.org/gnu/radius and
the mirror sites worldwide (see http://www.gnu.org/order/ftp.html
for the list of those).
The MD5 checksums of the files are:
The list of user-visible changes follows:
* Important compatibility note.
Previous versions of GNU Radius were silently adding an NAS-IP-Address
attribute/value pair to any requests lacking it. Whereas such behavior
is sometimes useful, it is not always needed. Therefore, the new
version of GNU Radius does not automatically add this attribute.
Instead, a rewrite rule is provided for this purpose. The default
raddb/hints file is shipped with this rule enabled. If you are
upgrading from a previously installed version of GNU Radius, you might
wish to add the following rule to the very beginning of your
DEFAULT Rewrite-Function = restore_nas_ip
Fall-Through = Yes
If you chose to do so, add the following statement to the "rewrite"
section of 'raddb/config':
** New constructs in dictionary file
*** BEGIN VENDOR blocks.
These simplify declaration of vendor-specific attributes. Instead of
explicitely specifying vendor name for each VSA, you can enclose all
related declarations in BEGIN VENDOR statement:
BEGIN VENDOR Unix 4
An alternative form BEGIN-VENDOR ... END-VENDOR is supported for
compatibility with FreeRadius
*** Specifying - (dash) for non-VSA attributes that have syntax flags
specifications is no longer obligatory.
** Improved checking for multiple logins. Previous versions relied entirely
on the contents of /var/log/radutmp file. Starting at this version,
radiusd offers at least two methods of checking for multiple logins:
using the traditional radutmp file and using the SQL database. New
keywords has been added to the sqlserver file that declare the SQL
queries to be used when retrieving information about currently
More methods of checking will be added in future versions.
** New methods of querying the NASes about active user sessions: using
guile function and using an external program.
** When an unsupported authentication type is requested, radiusd first
checks if an extension Scheme module is provided that handles that
authentication type. If such module is found, it is invoked to handle
** System accounting can be turned off by specifying `system no;' in
`acct' section of raddb/config.
** New configuration statement 'load-module' allows to load arbitrary
** The file names of detailed log files are configurable via `detail-file-name'
statements in `auth' and `acct' sections of raddb/config.
** Support for Guile versions prior to 1.6 has been withdrawn.
** Implemented support for locking user accounts based on the number
of authentication failures:
*** New attribute Auth-Failure-Trigger specifies an external program or
a Scheme expression to be run upon an authentication failure. It can
update failure counts that subsequently will be used by
Exec-Program-Wait or Scheme-Procedure.
*** New keywords auth_success_query and auth_failure_query set
SQL queries to be executed upon authentication success and failure,
respectively. These may maintain failure counts, that can be
used by group_query to control the authentication.
** Rewrite-Function attributes are handled uniformly in hints and
huntgroups. First, the Rewrite-Function attributes from the RHS list
are processed, then the ones from the LHS list. Notice, that in
contrast with the previous versions, any number of Rewrite-Function
attributes is allowed in both lists.
* SQL support has been modified to use dynamic loading. This allows
for easy integration of third-party SQL drivers. All existing SQL
drivers are now built as loadable modules on systems that support
dynamic loading. You may still compile them statically by giving
--disable-shared option to configure.
* Rewrite language
** Added i18n support
** New built-in functions:
*** Functions to access internal fields of a RADIUS request.
*** Interfaces to the Radius NAS database (raddb/naslist).
*** Interfaces to DNS lookup functions.
This is a library of functions for creation, handling and sending
requests using RADIUS protocol.
All programs have been rewritten to link with libgnuradius. On most
sites this will mean linking against a shared library, which will
reduce the size of the executables.
This is a guile module allowing to use libgnuradius functions. It
supersedes radscm program, which has been removed.
The utility is rewritten from scratch. Now it provides a simple yet
powerful scripting language useful for writing RADIUS client applications.
* New contributions added to contrib/ directory:
php A php module for interfacing with Radius
passcvt Converts system password database to Radius SQL
table on systems with shadow password file (e.g.
passwd_to_db Converts system password database to Radius SQL
table on Free-BSD
radsend Simplified interface to radtest utility
See README files in corresponding directories.
* Testsuite rewritten in autotest. This allows to run it on almost
** Allow to omit port numbers in `listen' statements (raddb/config), as
described in the documentation.
** Fixed several inconsistencies in parsing Ascend-Data-Filter and
** Fixed bugs in SNMP library (CAN-2004-0849)
** Do not use descriptors 0 and 1 for interprocess communications since
user-defined procedures and/or libraries may attempt to write to
stdout and thus interfere in the communication.
** Fixed 'forward' statement in `acct' block. It was incorrectly
enabling forwarding of authentication requests, instead of accounting
|[Prev in Thread]
||[Next in Thread]|
- Radius 1.3 released.,
Sergey Poznyakoff <=