Release notes for ClearBox Enterprise RADIUS 8.3.1

June 23, 2025

Fixed: regex-base name rewriting handles empty user name correctly
Certificates Wizard can now issue a new server certificate.
Extra Certificate Revocation List (CRL) file extra.crl is considered when checking cliwnt TLS certificates.

TLS 1.3 support added
Added distributed tracing mechanism (via Jaeger integration) for tracking RADIUS requests as they flow from RADIUS clients to backend systems
All log files are now placed in C:\ProgramData\XPerience Technologies\ClearBox Server\Logs
New libraries and codebase
RADIUS accounting packets can be forwarded to several remote servers
Removed support for Windows versions prior to Windows Vista
Removed 'Online logging' tool for better performance
'Search' in the 'Configure the server' window can quickly find any objects from any place in the objects tree
Added extra logging options during setup
Improved 'Client tool' appearance
Debug messages are written only to one dedicated 'debug.log' file
Server statistics requires no password
Connection password is used only for remote connections
Users sessions statistics is not loaded automatically for large volumes
Separate section in 'Event Viewer'
RADIUS attributes parser can be run from Control Centre
Fixed: xslt template for 'meta configuration'
Folder with server log files can be open from the 'Service control' window
Service startup errors are written to a simple list in the 'Service control' window
OpenSSL 1.1.1w

Added: 2FA Authentication with TOTP
Added: Attributes parser in FreeRADIUS format
Added: AD host authentication option (adds $ to user names to match samAccountName)
Changed: RADIUS attributes database file raddict2k.mdb moved from \Program Files (x86)\ClearBox Server\RadDict to \Documents and Settings\Public\Documents\XPerience Technologies\ClearBox Server
Fixed: Client Tool doesn't require administrator privileges
Fixed: Proxy in PEAP mode
Fixed: 2FA with AD authentication mode

Added: Any realm can be configured with its own TLS certificate
Changed: Documentation revised and updated
Changed: Tagged attributes (Tunnel-* attributes group) use tag=1 by default when no explicit tag is defined
Fixed: Several remote RADIUS servers may share one host (but different ports)
Fixed: Password-protected SQL connections are validated when entering 'Manage user accounts' panel

Added: You may use HTTP query parameter &ClientIpAddress=... to use instead of NAS-IP-Address (the first will be used internally to send request, the latter will be sent to a RADIUS client)
Changed: LDAP connections may be configured to not to chase for referrals
Added: Automatic MAC addresses format conversion
Fixed: Long passwords for LDAP connections

Added: LDAP-based authorization improvements: user's memberOf attributes may be mapped to sets of response attributes
Added: SQL meta configuration mode now accounts for POD and CoA

Added: Use # in SQL template string to insert hex-symbols formated strings (like '{#Calling-Station-Id}')
Added: Importing user accounts from Excel
Added: Syslog client now supports both legacy RFC 3164 and RFC 5424
Added: Automatic discovery of domain controllers when checking domain group membership
Added: Error-Cause attribute
Fixed: 'All pipe instances busy' error when using Online Logging

Added: When configuring realm rules, you may test if a specified AD user matches the group requirement
Added: Debug logging at level 2 lists group names found for an AD user
Fixed: Pre-defined check-List SQL for internal users database
Fixed: Problems validating client certificates
Fixed: Memory leaks when writing accounting data to files
Fixed: Logging failed request password with $2p both for 'user not found' and 'password is incorrect' cases

Added: Support for client IP ranges using CIDR notation
Added: Option to automatically add Eevent-Timestamp attributes to Packet-of-Disconnect requests
Fixed: SQL editor window is now displayed correctly
Fixed: UserBox SQL execution is now case insensitive when accessing table fields
Fixed: MySQL authorization SQL failures now don't cause the server to crash
Fixed: 'Logon hours limits' SQL command may now be void

Dynamic Authorization (RFC 5176) support, with handling Packet-of-Disconnect and Change-of-Authorization requests via new REST API
Escaping quotes in passwords injected in SQL commands
Fixed: bug with multiple SQL connections
Fixed: Certificates Wizard now doesn't delete .conf, alowing to manually override parameters
Fixed: Crashed with Reject-Response attributes being added during PEAP authentication
Crash report added for the Control Centre app
Fixed: "Error creating file ..." messages occuring in midnight
Added: Separate debug log file with easy separation of requests by thread id
Added: State server can use request RADIUS attributes for 'get sessions count' SQL command

Quick find tool for configuration objects, like realms, clients, etc
MS-MPPE keys are generated for pure MS-CHAPv2 when AD authentication is turned on

TLS 1.2 is fully supported to enhance compatibility with Windows 8 and 10 wireless clients
OpenSSL library version updated to 1.0.2j
New ciphersuites with SHA256 are available for TLS