Version 3.0.16 has been released

Stefan Winter stefan.winter at restena.lu
Mon Jan 22 14:22:05 CET 2018


Hello again,

here's something else that is a bit strange in 3.0.16: radsqlrelay never
gets done with transmitting a .work file to our DB server. This looks like:

ll

-rw-r-----  1 radiusd radiusd   314 Jan 22 14:08 sql-relay-postauth

Started radsqlrelay to get the three lines of SQL insisde done:

/usr/local/freeradius/current/bin/radsqlrelay -1 -d mysql -f [...] -b
[...] -h [...] -u [...] /var/log/radius/radacct/sql-relay-postauth

... and then that command hangs forever, never getting me back to the
command-prompt.

Eventually hitting Ctrl+C, I get:

^Cerror: Couldn't lock /var/log/radius/radacct/sql-relay-postauth.work:
Interrupted system call

Which is like... huh?

The file did get its rename to .work though:

-rw-r-----  1 radiusd radiusd   314 Jan 22 14:08 sql-relay-postauth.work

The same worked fine with 3.0.15.

Any clue?

Greetings,

Stefan Winter

Am 11.01.2018 um 19:20 schrieb Alan DeKok:
>   Lots of fixes!
> 
> 
> FreeRADIUS 3.0.16 Thu 11 Jan 2018 12:00:00 EST urgency=low
> 	Feature improvements
> 	* rlm_python now supports multiple lists.  From #2031.
> 	* Add trust router re-keying.  From #2007.
> 	* Add support for Samba / AD LDAP schema.
> 	  See doc/schemas/ldap/samba/README.txt and
> 	  doc/schemas/ldap/samba/
> 	* Add "tls_min_version" and "tls_max_version" to EAP module
> 	  for Debian OpenSSL issues.
> 	* Better documentation for client certificates in PEAP and TTLS:
> 	  it usually doesn't work.  Fixes #2068.
> 	* Distinguish login failure from AD unavailable.  Fixes #2069.
> 	* Update RH spec files.  Fixes #2070.
> 	* Run Post-Proxy-Type if all home servers are dead.
> 	  Fixes #2072.
> 	* Print offending IP addresses when EAP sessions come from
> 	  two upstream home servers, and rate-limit the messages.
> 	* Minor packaging updates.
> 	* Better documentation for rlm_rest.
> 	* EAP-FAST now has it's own "cipher_list", so that it is
> 	  easier to configure.
> 	* EAP-FAST now forcibly disables TLS1.2, until such time
> 	  as we implement the new keying mechanism from TLS1.2.
> 	* Add documentation for allow_expired_crl.
> 	* Update Debian logrotation.  #2093 and #2101.
> 	* DHCP relay can now drop responses.  #2095.
> 	* rlm_sqlippool can now assign Delegated-IPv6-Prefix.
> 	  It also now can assign any IPv4 or IPv6 address.
> 	  Based on patches from maximumG.  #2094.
> 	  See raddb/mods-available/sqlippool for changes.
> 	* radeapclient can now use EAP-SIM-Ki to dynamically
> 	  create the necessary triplets.
> 	* Explain why many LDAP connections are closed.
> 	  Fixes #1969.
> 	* Debian build / package issues fixed by Matthew Newton.
> 	* dictionary.patton updates from Brice Schaffner.  Fixes #2137.
> 	* Added scripts to build "inner-server.pem", and updated
> 	  mods-config/inner-eap and certs/README to match.
> 	* Added provisions for using an external CA.  See raddb/certs/
> 	* Include dhcpclient binary in freeradius-dhcp debian packge.
> 
> 	Bug fixes
> 	* Bind the lifetime of program name and python path to the module
> 	  FR-AD-002 (redone)
> 	* Pass correct statement length into sqlite3_prepare[_v2]
> 	  FR-AD-003 (redone)
> 	* Allow 100-Continue responses with additional headers in rlm_rest.
> 	* fix corner case where detail files were not being locked
> 	  correctly.
> 	* Fix (SQL-Group == "%{...}") checks, and same for LDAP-Group.
> 	  Fixes #1947
> 	* Clean up exfile code.  Which should help to avoid issues
> 	  with reading / writing 100's of detail files.
> 	* Fix build for winbind.  Patch from Alex Clouter.
> 	* Fix checkrad for Mikrotik.  Patch from Muchael Ducharme.
> 	* Fix home server stats lookup.  Patch from Phil Mayers.
> 	* Add libjson-c3 as an optional dependency.
> 	* Require LTB OpenLDAP on CentOS / Redhat, to avoid linking
> 	  against NSS, which breaks the server.  Fixes #2040.
> 	* rlm_python fixes.  Fixes #2041
> 	* Typos in "man" pages.  Fixes #2045
> 	* Expand "next" in %{%{...}:-%{...}}.  Fixes #2048
> 	* Don't add TLS attributes twice.  Fixes #2050.
> 	* Fix memory allocation in rlm_rest.  Fixes #2051.
> 	* Update trustrouter for new API. Fixes #2059.
> 	* Fix SQLite issues on FreeBSD.  Fixes #2060
> 	* Don't do debug logging of bad passwords.  Fixes #2064.
> 	* More graceful handling of "die" in rlm_perl.  Fixes #2073.
> 	* Fix occasional crash when using
> 	  cisco_accounting_username_bug = yes
> 	* EAP-FAST fixes from Isaac Boukris.
> 	  #2078, #2076, and #2082, #2126.
> 	* DHCP fixes, relay, #2092, add run-time check, #2028
> 	* Decode multiple RADIUS packets at a time in highly loaded
> 	  RadSec connections.  Patch from Jan Tomasek.  #2106.
> 	* TunnelPassword is not "single value" in LDAP schema.
> 	  Fixes #2061.
> 	* sql log now opens the expanded filename, not the input one.
> 	  This was a regression introduced in 3.0.15.
> 	* Remove unnecessary UNIQUE constrain in Oracle schemas.
> 	* Fix SSL thread and locking issues when modules also use SSL.
> 	  Fixes #2125 and #2129.
> 	* Re-add dhcpclient "raw packet" changes.  Patches from
> 	  Nicolas Chaigne and Matthew Newton.  Fixes #2155.
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 


-- 
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
2, avenue de l'Université
L-4365 Esch-sur-Alzette

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20180122/26e8257c/attachment.sig>


More information about the Freeradius-Users mailing list