Feature improvements
- Add
dictionary.ciena
,dictionary.nile
, and DHCPv4 dictionaries, - Add simultaneous-use queries for MS SQL.
- Add radmin command for
stats pool <module-name>
which prints out statistics about the connection pools. - Client statistics now shows "conflicts", to count conflicting packets.
- New optional "lightweight accounting-on/off" strategy. When refreshing
queries.conf
you should also add the newnasreload
table and corresponding GRANTs to your DB schema. - Add
TLS-Client-Cert-X509v3-Certificate-Policies
, which helps with eduroam. Suggested by Stefan Winter. - Allow auth+acct for TCP sockets, too.
- Add
rlm_cache_redis
. Seeraddb/mods-available/cache
for details. - Allow radmin to look up home servers by name, too.
- Ensure that dynamic clients don't create loops on duplicates. Reported by Sam Yee.
- Removed
rlm_sqlhpwippool
. There was no documentation, no configuration, and the module was ~15 years old with no one using it. - Marked
rlm_python3
as stable. - Add
sigalgs_list
. Seeraddb/mods-available/eap
. Patch from Boris Lytochkin. - For
rlm_linelog
, when opening files in/dev
, look at "permissions" to see whether to open them r/w. - More flexibility for dynamic home servers. See
doc/configuration/dynamic_home_servers.md
andraddb/home_servers/README.md
. - Allow setting of application_name for PostgreSQL. See
mods-available/sql
.
Bug fixes
- Correct test for open sessions in radacct for MS SQL.
- The linelog module now opens
/dev/stdout
in "write-only" mode if the permissions are set to "u+w" (0002). - Various fixes to
rlm_unbound
from Nick Porter. - PEAP now correctly runs
Post-Auth-Type Accept
. - Create
TLS-Cert-*
for outbound RadSec, instead ofTLS-Client-Cert-*
. Fixes #4698. Seesites-available/tls
, andfix_cert_order
. - Minor updates and fixes to CI, Dockerfiles and packaging.
- Fix
rlm_python3
build with Python >= 3.10. Fixes #4441