FreeRADIUS 2.0.6 ; $Date$ , urgency=medium Feature improvements * Clients may now be defined dynamically. See raddb/sites-available/dynamic-clients. * SNMP statistics have been replaced by statistics gathered via Status-Server. See raddb/sites-available/status * SNMP support has been removed from the server. Since it has not worked for a while, this should not affect anyone. * Added more Microsoft attributes from bug #568. Bug fixes * Parse "security" section in radiusd.conf. This was accidentally deleted in 2.0.5. Closes bug #566. * Bind to interface before IP, which allows DHCP sockets to listen on "*" for multiple interfaces. * Fix handling of giaddr in DHCP responses. * Corrected parsing of status_check in home_server so that it works. FreeRADIUS 2.0.5 ; Date: 2008/06/07 17:17:00 , urgency=medium Feature improvements * Permit SQL authorize_reply_query to be empty. * Allow setting response packet type in Post-Proxy-Type Fail handler. * Added install-chown target to set correct permission and ownership make RADMIN=radmin RGROUP=radius install-chown * Support for LDAP-Group and other dynamic comparison attributes in unlang. Developed from a patch by Jason Alderfer. * Added chroot support. See radiusd.conf for comments. * Allow clients of 0/0. We do not recommend using this, though. * Moved many module configurations into raddb/modules/* Bug fixes * Allow proxying to virtual servers for accounting packets, too. * Added "num fields" function to PostgreSQL client. * Updated proxy fallback mechanism to validate fallback servers, and to process fallback requests in a child thread. * rlm_realm returns "ok" for LOCAL realms, not "noop". * Fixed some DHCP code handling. The examples should now work. FreeRADIUS 2.0.4 ; Date: 2008/04/30 08:56:40 , urgency=medium Feature improvements * Allow "virtual_server" in "realm" and "home_server" sections. See raddb/proxy.conf and raddb/sites-available/virtual.example.com. * Allow "passwd" module to be listed in "accounting" and "post-auth". * Added "fallback" to "home_server_pool" configuration, to handle the case of all home servers being dead. See raddb/proxy.conf. * Added sample text to raddb/sites-available/inner-tunnel which can simplify debugging of inner tunnel configurations. * Added regular expression matching in realm names. See raddb/proxy.conf for examples. * Added simple DHCP server functionality. For comments, see raddb/sites-available/dhcp. * Added file globbing capabilities to detail file reader * Added sample raddb/sites-available/robust-proxy-accounting * Clients in SQL can now refer to a virtual server. Patch from Michael Bretterklieber. * Added some examples of creating RADIUS administrator in SQL, and assigning appropriate access rights. Bug fixes * Install all files in raddb/sites-available * Allow non-threaded builds. * Don't treat '0x' as special for known attributes that are not of type "octets". * Fix log error in rlm_pap. * Remove documentation about non-existent functionality. * Updated warning messages in debug output. * Fix handling of timeouts in rlm_ldap that affected 64-bit systems. This fix was supposed to go into 2.0.3, but did not make it. * Fix event handling in debug mode for failed proxy requests. * Fix memleak in fifos. Closes #537. * Fix memleak on blocked threads. Closes #538. * Perform additional checks on NULL realms. Closes #541. * Fix handling of "clients" in "listen" section. * When detail file cannot process a packet, sleep for longer to let the rest of the server do something. * Add missing table to raddb/sql/mssql/schema.sql. Closes #545. * Updated rlm_sql_postgresql to build with PostgreSQL 7.x. Closes #533. * Fix "postauth" of rlm_ldap to look for LDAP-UserDn in the correct place. * Update rlm_attr_filter for some corner cases. Closes #543. * Fixed memory leak in libfreeradius event handler. * In the SQL Accounting on/off queries, remove the restriction that the session time had to be zero. FreeRADIUS 2.0.3 ; Date: 2008/03/17 09:22:17 , urgency=medium Feature improvements * Updated raddb/certs/ca.cnf with extensions to allow ca.der to be imported as a CA on Symbian and Windows Mobile devices. Closes bug #524 * Enable multiple matches in "hints" via Fall-Through = Yes. Closes bug #477 * Added preliminary SQLite driver, contibuted by Apple. Untested, with no sample configuration. This address bug #470. * Updated logging sub-system so that log messages from libfreeradius can go to the log file, and not stdout. * Added dictionary.rfc5176 * EAP module now checks for instance name, and uses that for authentication. This avoids the need to set Auth-Type when there are multiple instances of the EAP module. * Added Module-Return-Code attribute, which contains the value returned by the previous module (ok/fail/update/etc.) Bug fixes * Corrected typos in rlm_dbm. Closes bugs #521 and #522. * Detail file "listen" sections now work much better. * Don't allow old "log_*" to over-ride new format. Closes bug #525 * Initialize allocated memory in Oracle SQL driver. This fixes occasional crashes on some systems. Closes bug #518 * Call correct function in rlm_protocol_filter. This enables the module to build. Closes bug #512. * Added deprecated flag to build for rlm_krb5. This allows it to run on 64-bit systems. Closes bug #491 * Corrected error message when parsing invalid configurations so it doesn't crash. Closes bug #527 * Fix handling of timeouts in rlm_ldap that affected 64-bit systems. * Handle $INCLUDE's in "instantiate" section. Closes #528. * Format updates to "man" pages from Stephen Gran. FreeRADIUS 2.0.2 ; Date: 2008/02/14 11:13:48 , urgency=medium Feature improvements * Added notes on how to debug the server in radiusd.conf * Moved all "log_*" in radiusd.conf to log{} section. The old configurations are still accepted, though. * Added ca.der target in raddb/certs/Makefile. This is needed for importing CA certs into Windows. * Added ability send raw attributes via "Raw-Attribute = 0x0102..." This is available only debug builds. It can be used to create invalid packets! Use it with care. * Permit "unlang" policies inside of Auth-Type{} sub-sections of the authenticate{} section. This makes some policies easier to implement. * "listen" sections can now have "type = proxy". This lets you control which IP is used for sending proxied requests. * Added note on SSL performance to raddb/certs/README Bug fixes * Fixed reading of "detail" files. * Allow inner EAP tunneled sessions to be proxied. * Corrected MySQL schemas * syslog now works in log{} section. * Corrected typo in raddb/certs/client.cnf * Updated raddb/sites-available/proxy-inner-tunnel to permit authentication to work. * Ignore zero-length attributes in received packets. * Correct memcpy when dealing with unknown attributes. * Corrected debugging messages in attr_rewrite. * Corrected generation of State attribute in EAP. This fixes the "failed to remember handler" issues. * Fall back to DEFAULT realm if no realm was found. Based on a patch from Vincent Magnin. * Updated example raddb/sites-available/proxy-inner-tunnel * Corrected behavior of attr_filter to match documentation. This is NOT backwards compatible with previous versions! See "man rlm_attr_filter" for details. FreeRADIUS 2.0.1 ; Date: 2008/01/22 13:29:37 , urgency=low Feature improvements * "unlang" has been expanded to do less run-time expansion, and to have better handling of typed data. See "man unlang" for documentation and new examples. Bug fixes * The 'acct_unique' module has been updated to understand the deprecated (but still used) Client-IP-Address attribute. * The EAP-MSCHAPv2 module no longer leaks MS-CHAP2-Success in packets. * Fixed crash in rlm_dbm. * Fixed parsing of syslog configuration. FreeRADIUS 2.0.0 ; Date: 2007/11/24 08:33:09 , urgency=low Feature improvements * Debugging mode is much clearer and easier to read. * A new policy language makes many configurations trivial. See "man unlang" for a complete description. * Virtual servers are now supported. This permits clear separation of policies. See raddb/sites-available/README * EAP-TLS (PEAP, EAP-TTLS) and OpenSSL certificates "just work". See raddb/certs/README for details. * Proxying is much more configurable than before. See proxy.conf for documentation on pools, and new config items. * Full support for IPv6. * Much more complete support for the RADIUS SNMP MIBs. * HUP now works. Only some modules are re-loaded, and the server configuation is *not* reloaded. * "check config" option now works. See "man radiusd" * radrelay functionality is now included in the server core. See raddb/sites-available/copy-acct-to-home-server * VMPS support. It is minimal, but functional. * Cleaned up internal API's and names, including library names. Bug fixes * Many.