Version 1.1.4 has been released, with a few notable improvements. The server has been updated to be compatible with Microsoft Vista clients for 802.1x. This feature should prove to be of significant interest in many deployments. The "rlm_pap" module has been updated, which should make many configurations much simpler. A new attribute has been added, called Cleartext-Password. This attribute should be used to hold the "known good" password, where configurations previously had used the "User-Password" attribute. Historically, User-Password has been used both as the users password in the Access-Request packet, and also for the "known good" password in the servers configuration ("users" file or SQL database). Having two meanings for one attribute is problematic, so we have modified the server to separate the meanings of the two attributes. Existing configurations will not be affected by this change. However, we recommend that everyone reads the "README" and "man rlm_pap" documentation once the server is installed. The ChangeLog is included below: Feature improvements * Major enhancements to rlm_pap, that make "encryption_scheme" a think of the past. See "man rlm_pap" for details. * Added SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS flag to use work-arounds that enable Windows Vista clients to work. * Added preliminary code to support Firebird. (closes: #378) Use at your own risk! * Send MS-CHAP2-Success, which makes EAP-TTLS/MSCHAP work on more platforms. (closes: #402) * Add a new "reply-name" directive in rlm_sqlcounter to define the name of the reply attribute. (closes: #403) * Added more dictionaries and attributes (closes: #408, among others) * Print ntlm_auth failure reason in Module-Failure-Message (closes: #398) * radsqlrelay is able to get the DB password from a file instead of command line. (closes: #395) Bug fixes * Fix a parse error in the digest module, where malformed digest requests would result in the user being accepted. Oops... * VALUEs can only be defined for 'integer', to catch mistakes with setting VALUEs for type 'string'. * Better parsing of VALUE names, so that values starting with a digit work correctly. * Check return from malloc (closes: #407) * Fix a double free() in rlm_eap_tls.c (closes: #404) * Check return code of malloc() during initialization. (closes: #407) * Fix a corner case where the proxy port isn't set either in radiusd.conf or in proxy.conf. NOT in this release * Threading issues with SSL and EAP on some systems. * MS-CHAP UTF-8 fixes. We expect both those fixes to be in a future release. Alan DeKok. FreeRADIUS Project Leader -- Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog