RADIUS Server 2.0 Release Notes Introduction A complete description of RADIUS Server 2.0 functionality can be found in the RADIUS Administrator's Guide. This guide is shipped with many Lucent products; if it was not shipped with your unit, it is available: Via anonymous FTP at ftp://ftp.livingston.com/pub/le/doc/manuals At Lucent's www site at http://www.livingston.com/ (After November 6th) By calling Lucent InterNetworking Systems at (800) 458-9966 within the USA (including Hawaii), Canada and the Caribbean or by dialing +1 (510) 737-2100 from outside these areas This release note describes RADIUS server 2.0 functionality not covered in the RADIUS Administrator's Guide. In addition to the features described in the RADIUS Administrator's Guide, RADIUS server 2.0 includes the following enhancements: UNIX systems that use * and *NP* in their /etc/passwd files as a reference to the /etc/shadow file are now supported. A series of attributes have been renamed for clarity purposes. Old attribute names are accepted in RADIUS server 2.0 for backward compatibility, however, they may not be accepted in future RADIUS server releases. Old Attribute New Attribute ---------------------------------------- Client-Id NAS-IP-Address Client-Port-Id NAS-Port-Id User-Service-Type Service-Type Framed-Address Framed-IP-Address Framed-Netmask Framed-IP-Netmask Framed-Filter-Id Filter-Id Login-Host Login-IP-Host Login-Port Login-TCP-Port Port-Message Reply-Message Dialback-No Callback-Number Dialback-Name Callback-Id Challenge-State State Password = "UNIX" Auth-Type = System Three dictionary values have been renamed for clarity purposes. Old value names are accepted in RADIUS 2.0 for backward compatibility, however, they may not be accepted in future RADIUS releases. Attribute Old Value New Value --------------------------------------------------------- Service-Type Dialback-Login-User Callback-Login-User Service-Type Dialback-Framed-User Callback-Framed-User Framed-Compress.Van-Jacobsen-TCP-IP Van-Jacobson-TCP-IP RADIUS-related Bugs Fixed The following RADIUS-related bugs have been fixed: If a menu user entered a username and incorrect password in ComOS 3.3.1 and earlier, an incorrect menu was displayed. This problem has been corrected in ComOS 3.3.2; an Invalid Login message is displayed when this occurs. The RADIUS server now caches IP addresses for greater efficiency. In ComOS 3.3.1 or earlier, Filter-Ids longer than 12 characters caused the PortMaster to reboot. This problem has been corrected in ComOS 3.3.2. In RADIUS 1.16, if a user record contained an incorrectly formatted Expiration date (for example, the Expiration check item was "Oct 1 1996", rather than "Oct 01 1996"), the user would be authenticated even after this expiration date. With RADIUS server 2.0, attempts on or after the expiration date display an Account has expired message. Incorrectly formatted expiration dates are now logged. Password expiration specified with the Expiration check item in a user record now occurs at exactly midnight on the specified date. In RADIUS 1.16, password expiration could occur at any time on the specified date. Previously, when the PortMaster received an access-challenge message from the RADIUS server, the PortMaster would permit the PPP client to connect. This has been corrected in ComOS 3.3.3; the PortMaster now sends a PAP NAK to the PPP client to prompt the user for additional input. RADIUS source code is now ANSI C compliant. Additional Notes If a Termination-Menu is defined in a menu, an extra Stop record is generated when a user exits the termination menu. In the RADIUS accounting logs, 2 Stop records appear; one for the act of exiting the menu, and one for the termination of the user's session. Both Stop records will have the same Acct-Session-Id; this Acct-Session-Id will match the corresponding Start record. Copyright and Trademarks © 1996 Lucent Technologies, Inc. All rights reserved. The product names "ChoiceNet," "ComOS," "IRX," "PortMaster," "PMconsole," "RADIUS," and "True Digital" are trademarks belonging to Lucent Technologies, Inc. All other trademarks are the property of their respective owners. Notices Lucent Technologies, Inc. makes no representations or warranties with respect to the contents or use of this manual, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Lucent Technologies, Inc. reserves the right to revise this publication and to make changes to its content, any time, without obligation to notify any person or entity of such revisions or changes. Contacting Lucent InterNetworking Systems Technical Support Every Lucent PortMaster or IRX product comes with a one year hardware warranty. Lucent Technologies provides technical support via voice, FAX, and electronic mail. Technical support is available Monday through Friday 6am-5pm Pacific Time (GMT-8). To contact Lucent InterNetworking Systems technical support by voice, dial 1-800-458-9966 within the US or 1-510-737-2100 outside the US, by FAX, dial 1-510-737-2110, by electronic mail, send mail to support@livingston.com, and through the World Wide Web at http://www.livingston.com/.