New Features
- Live log viewer from admin interface
- Fully tenant-aware admin interface
- Support for MS-CHAP authentication for CLI/VPN access
- New pfcertmanager service that generates certificate files from configuration
Enhancements
- EAP configuration template - add a way to define multiples EAP profiles in FreeRADIUS
- New action for AD/LDAP sources to set role when user is not found
- Provide an advanced LDAP condition to allow custom LDAP queries
- The captive portal can now feed HTTP client hints to the Fingerbank collector
- Added ability to enable/disable a network anomaly detection policy (#5403)
- Return the portal IP if the QNAME matches one of the portal FQDN for registered devices using inline enforcement
- Individual source rules can be disabled
- Support for Dell N1500 starting from 6.6.0.10
- CoA support for Ubiquiti Unifi AP
- Added a way to define the Unifi AP by IP or IP range
- Use the value of an LDAP attribute as a role
- Added the return of the LDAP/RADIUS attributes to use them in RADIUS filter
- The /api/v1/radius_attributes endpoint is now searchable
- Proxy the captive portal detection URL when the device is registered
- Choose which EAP profile to use based on the realm
- LDAP's basedn can be defined in the authentication sources rules
- New hooks for the RADIUS filter engine in eduroam virtual server
- Redefined "restart" in the service manager to allow "PartOf" in systemd scripts
- Set role from source authentication rule option (needs #5459)
- Flatten the RADIUS request for the authentication sources (attributes like radius_request.User-Name)
- RADIUS request attributes / username are part of the common attributes
- Support of multiples LDAP servers in FreeRADIUS ldap_packetfence configuration file
- Copy outer User-Name attribute in PacketFence-Outer-User attribute to be able to use it in the authentication rules
- Copy the LDAP-UserDN attribute in PacketFence-UserDN attribute to be able to use it in the authentication rules
- Added a way to extend the LDAP filter for searchattributes configuration
- Documentation for EAP profile selection
- Documentation for regex realm
- Documentation for new action/condition in LDAP authentication
- Moved the VLAN filters example as default disabled VLAN filter
- Use PUT for node reevaluate_access to fix issue with admin_role actions mapping
- OpenID pid mapping is now configurable
- Can map OpenID attributes to a person attributes
- Allow to create authentication rules based on OpenID attributes
Bug Fixes
- Fixes Fortinet Fortigate returnAuthorizeVPN function (#5409)
- Barracuda NG firewall SSO SSH fails (#4828)
- Impossible to set multiple access level in administration rule (#5440)
- Fixed pf-maint.pl when its running behind a proxy (#3425 )
- Fix vendor attributes not being sent from Switch Template (#5453)
- Fixed issue authorizing a user in web-auth on Unifi when the node has its date set to '0000-00-00 00:00:00'