Release notes for ClearBox Enterprise RADIUS 7.5.3

June 24, 2022

Added: 2FA Authentication with TOTP
Added: Attributes parser in FreeRADIUS format
Added: AD host authentication option (adds $ to user names to match samAccountName)
Changed: RADIUS attributes database file raddict2k.mdb moved from \Program Files (x86)\ClearBox Server\RadDict to \Documents and Settings\Public\Documents\XPerience Technologies\ClearBox Server
Fixed: Client Tool doesn't require administrator privileges
Fixed: Proxy in PEAP mode
Fixed: 2FA with AD authentication mode

Added: Any realm can be configured with its own TLS certificate
Changed: Documentation revised and updated
Changed: Tagged attributes (Tunnel-* attributes group) use tag=1 by default when no explicit tag is defined
Fixed: Several remote RADIUS servers may share one host (but different ports)
Fixed: Password-protected SQL connections are validated when entering 'Manage user accounts' panel

Added: You may use HTTP query parameter &ClientIpAddress=... to use instead of NAS-IP-Address (the first will be used internally to send request, the latter will be sent to a RADIUS client)
Changed: LDAP connections may be configured to not to chase for referrals
Added: Automatic MAC addresses format conversion
Fixed: Long passwords for LDAP connections

Added: LDAP-based authorization improvements: user's memberOf attributes may be mapped to sets of response attributes
Added: SQL meta configuration mode now accounts for POD and CoA

Added: Use # in SQL template string to insert hex-symbols formated strings (like '{#Calling-Station-Id}')
Added: Importing user accounts from Excel
Added: Syslog client now supports both legacy RFC 3164 and RFC 5424
Added: Automatic discovery of domain controllers when checking domain group membership
Added: Error-Cause attribute
Fixed: 'All pipe instances busy' error when using Online Logging

Added: When configuring realm rules, you may test if a specified AD user matches the group requirement
Added: Debug logging at level 2 lists group names found for an AD user
Fixed: Pre-defined check-List SQL for internal users database
Fixed: Problems validating client certificates
Fixed: Memory leaks when writing accounting data to files
Fixed: Logging failed request password with $2p both for 'user not found' and 'password is incorrect' cases

Added: Support for client IP ranges using CIDR notation
Added: Option to automatically add Eevent-Timestamp attributes to Packet-of-Disconnect requests
Fixed: SQL editor window is now displayed correctly
Fixed: UserBox SQL execution is now case insensitive when accessing table fields
Fixed: MySQL authorization SQL failures now don't cause the server to crash
Fixed: 'Logon hours limits' SQL command may now be void

Dynamic Authorization (RFC 5176) support, with handling Packet-of-Disconnect and Change-of-Authorization requests via new REST API
Escaping quotes in passwords injected in SQL commands
Fixed: bug with multiple SQL connections
Fixed: Certificates Wizard now doesn't delete .conf, alowing to manually override parameters
Fixed: Crashed with Reject-Response attributes being added during PEAP authentication
Crash report added for the Control Centre app
Fixed: "Error creating file ..." messages occuring in midnight
Added: Separate debug log file with easy separation of requests by thread id
Added: State server can use request RADIUS attributes for 'get sessions count' SQL command

Quick find tool for configuration objects, like realms, clients, etc
MS-MPPE keys are generated for pure MS-CHAPv2 when AD authentication is turned on

TLS 1.2 is fully supported to enhance compatibility with Windows 8 and 10 wireless clients
OpenSSL library version updated to 1.0.2j
New ciphersuites with SHA256 are available for TLS