Plans for the next few releases

Isaac Boukris iboukris at gmail.com
Tue Nov 11 22:18:33 CET 2014


Hi Alan,

On Sun, Nov 9, 2014 at 3:47 PM, Alan DeKok wrote:
>   We're continuing to develop the server, so I'd like to clarify the
> policy around releases.
>
> Version 2.2.x:  Long term stable release.
>
>   No new features.
>   Minor bug fixes.
>   The goal is long-term stability.
>   We will maintain it 2-3 years.

Is there a 'known limitation' page which reflects behavior changes
between version 2.x and 3.x?
I am asking as I spent many hours last weened to figure out why a
given case was failing with v3.x while it succeeded with v2.x (latest
git).

The case was with a proprietary NAS device authenticating via MSCHAP-2
protocol when the password contains a UTF-8 multi-byte character such
as €, £, я, א, etc (locally with MYSQL back end - not via ntlm_auth).

After lots of debugs (including dumping nt-hashes from windows server
and testing with MS radius) it appears that v3.x was actually correct
(the NT-hash matched what I was expecting).

The reason the NAS worked only with v2.x was because it was doing the
conversion as if the password was plain ASCII similar to the way it is
done in FR v2.x:
https://github.com/FreeRADIUS/freeradius-server/blob/v2.x.x/src/modules/rlm_mschap/mschap.c#L48
Compare to FR v3:
https://github.com/FreeRADIUS/freeradius-server/blob/v3.0.x/src/modules/rlm_mschap/mschap.c#L50

I tried to look up information on this difference in behavior but with
no luck so maybe it could be nice to state such changes in behavior
somewhere (even correct changes which aren't ported back).

Apologize if this comment isn't appropriate.

Thank you,
Isaac B.


More information about the Freeradius-Users mailing list