FreeRADIUS 3.0.0版本来了!
这次是即2.0.0后又一个大的改变,主要有,
> 添加了对RadSec的支持(就试试RADIUS over TLS),参考:raddb/sites-available/tls。如果使用这个特性,调试启动不可以再试radiusd -X,因为TLS需要开起一个单独线程,这就是代价。
> 配置文件重新整理,更模块化,可以参考src/raddb/README.rst
> Log更加友好
Solaris的编译版本还没有第三方贡献出,因为编译稍微有些麻烦,需要修改一些编译选项和代码结够。从2.x版本升级需要注意很多事项,尤其是配置结构的调整。同时,由于编译于原来有很大不同,请不要使用旧的编译系统。
更加详细参考,
Feature improvements
Documentation for upgrading from 2.x is in raddb/README.rst Please follow it. It will make the upgrade easier.
Moved configuration entries in radiusd.conf to make more sense.
Added the "integer64" and "ipv4prefix" data types.
Added RADIUS over TLS (i.e. RadSec). See raddb/sites-available/tls
Updated internal API to support new attributes and formats
Added code to send SNMP Traps. See raddb/trigger.conf.
Added preliminary support for Apple's Grand Central Dispatch
Added provisions for raddb/dictionary.local, for local changes. See raddb/dictionary for more details.
Added packet/s tracking. See max_pps in the "listen" section.
The %{} expansions and "unlang" conditions are now parsed at server start. Descriptive errors are produced for syntax and format errors.
Casting is now supported for "unlang" comparisons. See "man unlang" e.g. 127.0.0.1 == Framed-IP-Address.
Direct comparison of attribute references is now supported. e.g. &Foo == &Bar. This avoids stringification of the attributes.
Direct assignment of attributes is now supported. e.g. Foo := &Bar. It also works for "octets" data types.
Comparisons of IPv4 and IPv6 prefixes are now supported. The "<" operator means "within the prefix" for comparisons.
New sha1 xlat expansion (thanks to Alan Buxey)
Colourised log messages when logging to stdout. Look for yellow warnings and red errors. Doing this will save you a LOT of grief.
If the PCRE library is available, use it (insted of the POSIX functions) to process regular expressions (thanks to Phil Mayers).
-xv now displays all the features the server was built with, and the versions of the core libraries (libtalloc, libssl).
Module Changes
Moved raddb/modules/ to raddb/mods-available/, and raddb/mods-enabled/, following the examples of other projects.
Additional files for each module are now in raddb/mods-config/. See raddb/mods-config/README.rst for documentation.
Moved "users" to raddb/mods-config/files/authorize
Moved "hints" and "huntgroups" to raddb/mods-config/preprocess/
Moved eap.conf to mods-available/eap
Moved sql.conf to mods-available/sql
Moved TLS configuration for EAP into a common subsection. See raddb/mods-available/eap, "tls-config" section.
Added for MS-CHAP Change Password from Phil Mayers. See raddb/mods-available/mschap, "passchange" subsection.
Added EAP-PWD implementation from Dan Harkins
Added connection pools for modules. This unifies connection management which was previously different for different modules.
SQL now uses the connection pool. See mods-available/sql
SQL now supports arbitrary Acct-Status-Types. These changes are not compatible with 2.x.
SQL now has full support for SQLite. See raddb/sql/main/sqlite/
SQLite supports auto-creation of new databases on server startup for bootstrapping purposes.
LDAP now uses the connection pool. The LDAP module has been completely re-written for performance and simplicity.
LDAP now caches groups. This makes multiple group checks MUCH faster.
Removed all limitations on 253 octet attributes. RFC 6929 allows for attributes up to 4K in length.
New rlm_idn module providing an expansion for performing IDNA encoding of internationalized domain names. Thanks to 'skids'.
New rlm_yubikey module to validate yubikey OTP tokens. See raddb/modules/yubikey
Internal API Changes
All traces of the old build system have been removed. The new build system is faster and simpler.
clang is fully supported.
We now use "talloc" for memory management. A number of new features required this change. Thanks to the Samba people!
Many internal APIs have been updated to use talloc.
New API for iterating over VALUE_PAIRs. This is in preparation for attributes, in version 3.1.
No new code should directly modify any field of a VALUE_PAIR.
VALUE_PAIRs contain pointers to DICT_ATTR instead of containing attribute and vendor fields. This will allow nested attributes.
Some protocol specific code has been moved out into proto_* modules. More will come in subsequent versions. See proto_dhcp and proto_vmps.
Standardised internal logging macros. radlog() should not be used. See src/include/log.h
Use OpenSSL hashing functions when available.
The server now builds with no warnings on most platforms.
New RADIUS encoder/decoder, to support new formats.
Added RFC 6929 "extended attributes", via the new encoder/decoder.
Added full WiMAX support, via the new encoder/decoder. The old code could not handle some unusual corner cases.
Bug fixes
All known bug fixes from 2.2.x are included.
Removed "addport" functionality.
Removed many unused or duplicate modules. See raddb/README.rst.
官方首页:http://freeradius.org/
免费下载:http://freeradius.org/download.html
来自:开源中国社区
