Bot releases are visible (Hide)
rlm_ldap
and rlm_sql
modules now have a max_retries
configuration item in the pool section. This sets a limit on how many times an operation will be retried if it fails indicating a connection issue.check_crl
configuration to rlm_ldap
. This only works with OpenSSL. Many Linux distributions use other TLS libraries, which won't work.rlm_ldap
does not support -=
operators. The documentation disagreed with the code, so we fixed the documentation.checkrad
is called from SQL Simultaneous-Use checks it will now be passed NAS-Port-Id
(as stored in the database), rather than NAS-Port
.max_retries
for connection pools. Fixes #4908. Patch from Nick Porter.dictionary.ciena
, dictionary.huawei
, dictionary.wifialliance
and dictionary.wispr
; add dictionary.eleven
.eap
in the pre-proxy
section. If the packet contains a malformed EAP message, then the request will be rejected. The home server will either reject (or discard) this packet anyways, so this change can only help with large proxy scenarios.--with-radiusv11
to the configure script. For now, this is for testing interoperability.rlm_files
. Patch from Nick Porter.rlm_cache_redis
is now included in the freeradius-redis
packages.freeradius-python2
and freeradius-python3
packages where possible.Status-Server
checks for TLS connectionsPost-Auth-Type
. Helps with #4980NAS-Port-Id
instead of NAS-Port
during SQL simultaneous-use checks. Helps with #5010Published by mcnewton over 1 year ago
linelog
module now has a header
configuration item, which places a header in any new file it creates.ldap
module now supports setting cipher_list
. See mods-available/ldap
.connect_timeout
for outgoing TLS sockets. Helps with #3501.Operator-Name
and Called-Station-Id
in attr_filter when proxying. Helps with less work in eduroam configurations.AcctUpdateTime
field in SQL is always updated. This is so that we can track when the last packet arrived.configure
process now gives a much clearer report when it's finished. Patches by Matthew Newton.uname -n
on missing hostname
. Fixes #4771stats threads
. Fixes #4770dictionary.juniper
dictionary.calix
dictionary.rfc6519
DS-Lite-Tunnel-Name
to be octets
README.md
files in the source.%{listen:TLS-PSK-Identity}
is now set when using PSK and psk_query. This helps the server track the identity of the client which is connecting.Status-Server
attributes. Fixes #4870.rlm_unbound
stable and add to packages. Patches by Nick Porter.isalpha()
etc. so broken configurations have less impact on the server.%{listen:TLS-...}
is used.Status-Server
can now be done within a virtual server. Fixes #4868Published by mcnewton about 2 years ago
dictionary.ciena
, dictionary.nile
, and DHCPv4 dictionaries,stats pool <module-name>
which prints out statistics about the connection pools.queries.conf
you should also add the new nasreload
table and corresponding GRANTs to your DB schema.TLS-Client-Cert-X509v3-Certificate-Policies
, which helps with eduroam. Suggested by Stefan Winter.rlm_cache_redis
. See raddb/mods-available/cache
for details.rlm_sqlhpwippool
. There was no documentation, no configuration, and the module was ~15 years old with no one using it.rlm_python3
as stable.sigalgs_list
. See raddb/mods-available/eap
. Patch from Boris Lytochkin.rlm_linelog
, when opening files in /dev
, look at "permissions" to see whether to open them r/w.doc/configuration/dynamic_home_servers.md
and raddb/home_servers/README.md
.mods-available/sql
./dev/stdout
in "write-only" mode if the permissions are set to "u+w" (0002).rlm_unbound
from Nick Porter.Post-Auth-Type Accept
.TLS-Cert-*
for outbound RadSec, instead of TLS-Client-Cert-*
. Fixes #4698. See sites-available/tls
, and fix_cert_order
.rlm_python3
build with Python >= 3.10. Fixes #4441Published by mcnewton about 2 years ago
dictionary.mellanox
, dictionary.netelastic
, dictionary.ciena
, dictionary.nile
dictionary.aruba
, dictionary.roaringpenguin
%{concat:foo[*] ;}
, which concatenates a set of attributes, separated by a character.raduat
script to the freeradius-utils
package.freeradius-freetds
package.closedir()
when reading certificates from a directory. Found by Antonio Torres. Fixes #4378.compute_password_element()
function of EAP-PWD. Found by Mohamed Sabt./dev/stdout
Published by mcnewton over 2 years ago
correct_escapes
has been removed, and is always set to "true" internally. Configuration changes may be required if you are using configurations from before 3.0.5. Other than this difference, 3.2.x is compatible with 3.0.x, and configurations from 3.0.x can be simply copied into a system running 3.2.x.reset_day
and %%r
parameter for rlm_sqlcounter
to specify which day of the month the counter should be reset.rlm_json
from v4, providing the json_encode
xlat. See mods-available/json
for documentation.sites-available/tls
, proxy_protocol
and doc/antora/modules/howto/pages/protocols/proxy/
sites-available/tls-cache
for more information.cram
module. It was undocumented, and used old and insecure authentication methods.otp
module. The otpd
program it needs is no longer available, and the module has not been usable since at least 2015.Published by mcnewton about 3 years ago
correct_escapes
back into default configurationPublished by mcnewton about 3 years ago
Published by mcnewton over 3 years ago
set home_server state ... down
in order to mark the home server as administratively down. Use alive
to bring it back to life.Post-Auth-Type Client-Lost
which should make it easier to log when clients stop responding.sites-available/totp
as an example of how to use TOTP.%{mschap:Domain-Name}
, fixes #3944.cipher_list = "DEFAULT@SECLEVEL=1"
Published by mcnewton over 3 years ago
make docsite
and then see build/docsite/freeradius-server/*/index.html
proxy.conf
and doc/configuration/dynamic_home_servers.md
^=
. See "man unlang" for for details.rlm_totp
, for use with the Google Authenticator app. See mods-available/totp
.tls_min_version
, and updating cipher_list
.configurable_client_cert=yes
for EAP-TLS. This should only be used for a "walled garden". See mods-available/eap
ca_path_reload_interval
option for TLS. See mods-available/eap
. Fixes #1831. Patch from Boris Lytochkin.tls_min_version
to ldap module configuration.sites-available/default
, "New-TLS-Connection".rlm_sql_map
, which can handle multiple columns from an SQL query. See raddb/mods-available/sql_map
.rlm_always
instances and new resource-check example virtual server for manipulating control flow in unlang policies based on status of some external resource. Patches from Terry Burton.show home_server list all
.rlm_eap_pwd
. Patch from Michael Braun.show client list verbose
, which gives a lot more information about each client.rlm_rest
support for HTTP/2.REST-HTTP-Status-Code
attribute holding HTTP status code.src/tests/unit/rfc4849.txt
FreeRADIUS-Stats-Client-IPv6-Address
and FreeRADIUS-Stats-Server-IPv6-Address
User-Name
to identify users.Stripped-User-Name
and/or Class
for user sessions. See sites-available/default
User-Name
, etc. See radiusd.conf
, "suppress_secrets"proxy_tunneled_request_as_eap
is now configurable at runtime with Proxy-Tunneled-Request-As-EAP
.log_reject
configuration item in more places. Fixes #3352. This lowers the number of "Login incorrect" messages when "log_reject = no".rlm_cache
, among other places. Fixes #3491-frecord-gcc-switches
from rlm_python3 configure build. Fixes #3693ENV LD_PRELOAD
function.tls_min_version
versus disable_tlsv1rlm_rest
post decoder which could lead to the value of a post attribute being lost in the case where the output buffer was completely full after writing an attribute value, and more attributes needed to be encoded. Reported by Adrian Smith.rlm_yubikey
. Fixes #4012.Published by mcnewton over 4 years ago
raddb/mods-config/sql/ippool/postgresql/procedure.sql
Patch from Terry Burton.raddb/mods-config/sql/ippool/mssql/
Patch from Terry Burton.TLS-Client-Cert-Valid-Since
attribute holding notBefore date. Patch from Boris Lytochkin. Fixes #3157.raddb/sites-available/tls
. Patch from Boris Lytochkin.raddb/certs/xpextensions
Patch from Stefan Winter.mods-config/sql/main/*/process-radacct.sql
Many patches from Terry Burton.%C
(time now in seconds) and %c
(microsecond component of now) back-ported from the "master" branch.nasportid
SQL field for varchar(32)
. #3141python_path
paths in sys.path
, It fixes the expected behaviour to use the existing Python modules. Fixes #3180NOW()
in accounting queries so that these are stable when replayed from a file buffer. Patches from Terry Burton.Published by mcnewton almost 5 years ago
Published by alandekok over 6 years ago
%{client:}
xlat, for clients loaded from SQL.make install
.detail.work
file. Fixes #1398