8950 AAA(TM) Version 6.1.10 Change Log New Features: -=6.1.10 Release== 2008/11/07 ID: 4886 WiMAX W4: Create a cron-based PF that automatically refreshes the Blocked MAC list. ID: 4921 SMT: Change Stop Session and Disconnect Button. ID: 4961 Peform: Modify TLS stack to take advantage of the MAU on Sun T1/T2 CPUs. Use internal digest code when appropriate. -=6.1.9 Release== 2008/10/20 ID: 4869 Add Local-Address server property to better support redundant ethernet interfaces. ID: 4899 Engine: Allow reload/reset of Radius listeners. ID: 4900 Engine: Expand * to all specific interfaces for RADIUS listeners. ID: 4904 Allow TLS based EAP test clients to not verify trust of server certificate. ID: 4905 Setup: Don't override alu_utilities.pf is user has modified it. ID: 4917 Engine: Add sub-queues to WorkQueue to prioritize work. ID: 4921 SMT: Change Stop Session and Disconnect Button. ID: 4922 Add provis_ws user to security_users file to ease use of SOAP interface. ID: 4924 SMT: Use concurrent mark sweep garbage collection. ID: 4935 W3/W4 WiMAX: Set default for Policy-Maximum-EAP-Fragment-Size to 1024. ID: 4937 User Provisioning System: Increase size of avp columns from 4000 to 8000. ID: 4940 Engine: Try to early detect item-too-old in radius item subclass initialized. ID: 4948 Perform: Reduce use of IAIK ASN decode for certificates. ID: 4956 Perform: Reduce contention in TLS stack by avoiding some uses of the JCE provider framework. -=6.1.8 Release== 2008/09/26 ID: 4582 SMT: SQLTool enhanced to support executing scripts with SQL statements, separated by the ';' character. ID: 4682 SMT: Admin Interface, reload panel to show tooltip for more information about files. ID: 4846 WiMAX W3/W4: Add support for alternate formats of the Calling-Station-Id attribute. ID: 4849 WiMAX W4: Provisioning Tool customization for WiMax W4 for Check & Reply AVPs. ID: 4859 WiMAX W4: View all WiMax DB fields with SMT Table Tool. ID: 4864 WiMAX W4: Use original user-name with non-compliant client during handover. ID: 4865 WiMAX W4: Add inactive records in search for MIP keys for HA during MIP dereg. ID: 4866 WiMAX W4: Add standalone features to compact WAC. ID: 4872 EapIdentity plug-in: Make EapIdentity-Prompt and EapIdentity-Force properties dynamic. ID: 4873 WiMAX W4: Support obsolete WiMAX decorations with EAP-TLS. ID: 4882 AuthEapTls plug-in: An error occurs if AuthEapTls-ClientCertMode=Disabled and AuthEapTls-TrustFile is not set to "". ID: 4884 WiMAX W4: Support static Home Agent for a user record. ID: 4887 Web Provisioning: Add quick user search based on 1st digit. -=6.1.7 Release== 2008/09/16 ID: 4827 WiMAX W3/W4: Remove device limit check on handovers/roaming. ID: 4828 Maps: Add 'RemoveDuplicates' modifier for lists of scalar values. ID: 4831 WiMAX W4: Support EAP-TLS without OLS. ID: 4832 WiMAX W4: Missing accounting in handover causes AAA session entry to timeout. ALU WAC bug work-around. ID: 4836 WiMAX W4: Add OLS support for non-WiMAX signed certificates. ID: 4837 WiMAX W4: Support device authentication with Non-WiMAX signed certificates. ID 4838 WiMAX W4: Use single property for maximum EAP fragment size. ID: 4841 SMT: Sort File Lists. ID: 4842 SMT: Enable Tail Panel for All Users. ID: 4843 SMT: Fix database import function. Data was run through an unquote function an extra time. ID: 4851 USS: Change default inactive timeout to 5 minutes. ID: 4852 StateServer plug-in: Allow processing by work items that are not protocol types radius or diameter. In this case, only event 'auto' is unsupported. -=6.1.6 Release== 2008/09/04 -=6.1.5 Release== 2008/08/29 Enhancements made between 6.0.5 and 6.0.6 are included. ID: 4489 Log Channels: Convert Thread, Area and Plugin format properties from FALSE/TRUE to OFF/AUTO/ON. TRUE values get mapped to AUTO, which now indicates to display only for debug output. ID: 4782 WiMAX W4: Return WiMAX-Session-Id to Home Agent. ID: 4783 WiMAX W3/W4: Change WiMAX-AAA-Session-ID to WiMAX-Session-Id. ID: 4793 Allow tunnel passwords to be sent to USS. ID: 4794 Maps: Add 'logValueClass' modifier for map debugging. ID: 4795 WiMAX W4: Rework limit checking to better handle handovers. ID: 4803 USS AI save/load: Add return status to command output. ID: 4806 WiMAX W4: Encrypt EMSK when sent to remote USS. -=6.1.4 Release== 2008/07/29 ID: 4665 Dictionary: Update ALU 7750SR VSAs. ID: 4737 Generate Policy-HA-RK-Seed during WiMAX W4 installation ID: 4734 Add policy property for USS inactive timer for WiMAX W3 and W4 -=6.1.3 Release== 2008/07/07 ID: 4729 AI: Add 'derby shutdown ' command. -=6.1.2 Release== 2008/06/27 ID: 4647 Create a policy set that implements ALU WiMAX W4.1 pkg 2 AAA requirements. ID: 4691 Maps: Add ${system.engine-threads}, a variable giving the actual number of engine threads allocated. ID: 4693 SMT: Server Stats USS Requests to display graph in packets/second values. ID: 4702 WiMAX W3: Added property for EAP-TTLS fragment size. ID: 4707 Derby: Added support to derby admin commands to turn off autocommit mode. ID: 4709 WimaxCCConvert plug-in: Add WimaxCCConvert-SubscriptionIdData property. ID: 4718 SMT: Add ability to edit policyflow.msg files. -=6.1.1 Release== 2008/05/23 ID: 4649 StateServer plug-in/IPAMv2: Allow transfer of address to new session. ${ipam.address} is now available on the left-hand-side of StateServer-RequestMap. ID: 4650 Dictionary: Add additional values for NAS-Port-Type. ID: 4657 Engine: Add ${system.elapsed-time} variable. This variable is in units of nano-seconds and indicates the ammount of wall time spent since work item creation. ID: 4615 Admin Interface: Clarify output in 'uss counter' command. ID: 4676 Admin Interface: Increase the maximum command line image from 1K to 1M bytes. ID: 4679 Setup: Ask whether to include test data during a WiMAX install. ID: 4680 Setup: Set Client-Dictionary to ALU-WiMAX during Wimax install. ID: 4685 Dictionary: Allow additional dictionaries that won't be over-written during an upgrade install. 'custom.dict' is a stub example. -=6.1.0 Release== 2008/04/30 ID: 3777 SMT: Add "Reset Port" option to indexed search results. ID: 4502 Provisioning Tool: Add server property to enable the provisioning servlet. ID: 4560 Installer: Allow installation from a read-only directory. ID: 4562 Admin Interface: Add 'call method []' command to invoke policy flow from the command line interface. ID: 4565 Tomcat server: Add axis2 service to support remote provisioning. ID: 4576 Engine performance: Avoid thread task switch overhead when invoking and returning from called inner policy flows. ID: 4588 Maps: Add a 'LettersOrDigits' modifier which removes allow characters from a value except letters or digits. This uses the Java Character.isLetterOrDigit method and is unicode aware. ID: 4597 Security ACLs: Add a new Access-Rule type 'client' to the security users AAA-Access-Rule attribute. This allows restricting which host a client connects from for TELNET, SSH, or RMI access. ID: 4613 WiMAX: Provide tool to create PEM or PKCS12 file from parts. ID: 4630 Diameter: Improve heuristics for announcing application IDs in the Capabilities-Exchange message. ID: 4646 Create a policy set that meets ALU WiMAX W4.1 Pkg 1. ID: 4648 WimaxCCConvert: Add a RADIUS Pre-Paid to Diameter Credit-Control conversion plug-in. -=6.0.7 Release== 2008/08/27 -=6.0.6 Release== 2008/08/18 Enhancements made between 5.2.9 and 5.2.11 are included. -=6.0.5 Release== 2008/07/29 -=6.0.4 Release== 2008/05/19 ID: 4674 Classic Plug-in: Don't use the Classic-BodyTemplate if it is configured as or evaluates to the empty string. -=6.0.3 Release== 2008/05/02 ID: 3701 SMT: Allow users to be ordered with the the user file editor. ID: 3702 SMT: Remove expert mode. -=6.0.2 Release== 2008/04/22 ID: 4623 Radius: Enhance response caching feature for performance, and to work around memory growth issues with radius clients that use many UDP source ports. Server property 'radius-cache-response=' enables the feature. (Default TRUE). 'radius-response-cache-timeout' sets an time the response will be available for restransmission before becoming eligible for removal. (Default 60s). -=6.0.1 Release== 2008/04/09 ID: 4564 Dictionary: Update dictionary to WiMAX Forum Release 1, Version 1.2. ID: 4569 MIBs: Add radius dynamic authorization MIBs to release. ID: 4574 SMT: Add ability to view certficates even without password in Certificate Manager panel. ID: 4575 Dictionary(WiMAX): Update dictionary to use new values for prepaid. ID: 4589 WiMAX W3: Allow for client generated pseudonyms. ID: 4590 Launcher: Change unix(script) version to exec java process. ID: 4601 WiMAX W3: Support remote primary and secondary USS. ID: 4602 WiMAX W3: Support WriteDelimitedFile plug-in for accounting. ID: 4603 Dictionary: Add support for shared Diameter commands ID: 4604 WiMAX W3: Externalize MAP gateway address. ID: 4606 Doc: Add 8950AAA/WiMAX Installation Guide. ID: 4607 Installer: Disable Diameter port for WiMAX Installations. -=6.0.0 Release== 2008/02/29 ID: 2727 Database: Add supporting utilities for the embedded database. This includes both admin interface commands, and external access to stand-alone tools for Derby access. ID: 2998 SMT: Add Previous and Next functionality in the PolicyFlow Editor. ID: 2999 SMT: Add ability to follow the method chains in the PolicyFlow Editor. ID: 3000 SMT: Add an Insert New button to the PolicyFlow Editor and the Plugin Dialog. ID: 3066 Web Server: Replace old Acme web server with Tomcat. Supports 4519 HTTP 1.1, and provides a framework for the provisioning system. ID: 3378 Admin interface: Add the 'diag pending stats' command for a specialized view of client-centric pending RADIUS queries. ID: 3387 PolicyAssistant: Generalize the policy selection mechanism 4402 beyond simple realm or dnis matching. ID: 3430 PolicyAssistant: Add Support to enter PEM or PKCS #12 cert and combine them. ID: 3548 SMT: Certificate Services: x.509 Import Utility. Allows the merging of various certificates into the trusted.pem file. ID: 3638 OCSP plug-in: Add a plug-in that allows checking for revoked certificates using the OCSP protocol. ID: 3661 SMT: Add a certificate Tool option to populate from the license like upon install. ID: 3662 SMT: Add a browse option for a picking file in certificate manager to view. ID: 3669 CheckX509Crl plug-in: Move the storage of the cached certificates to the cache manager to allow the SMT or admin interface to clear the cached values. ID: 3684 Radius and TACACS+ clients: Allow specifying clients by address ranges. ID: 3697 Remote Configuration: Allow reading shared configuration for the policy server from a remote configuration server. ID: 3894 SMT: Save Private Key from certificate request. ID: 3908 SNMP: Support RFC 4672, 4673 RADIUS Dynamic Authorization MIBs. ID: 3997 RMI: support SSL/PlainText RMI simultaneously with mulitple registries per virtual machine. ID: 4014 SMT: PolicyFlow Editor - Support copying entries from one file to another. ID: 4069 SMT: Add the ability to pause the SMT Log panel. ID: 4094 SMT: Add Export to File to the Database Panels. ID: 4146 Support file reload for the file 'security_properties'. This only works for access to the security variable group in maps. ID: 4243 Embedded database: Replace Hypersonic database with Derby. ID: 4263 SMT stats: Add JVM Garbage collect button to java memory panel. ID: 4269 SMT stats: Add "run again" on report window. ID: 4281 Ldap plug-in: Rework to use the non-blocking API to improve performance. ID: 4299 SMT: Add ability to select "Secure" connection to Config Server. ID: 4304 SMT: Add various toolbars to Admin Interface Panel. ID: 4306 SMT: Add keyboard accelerators to table editors. ID: 4310 SMT: Enhance duplicating entries within tables (PF editor, clients, peers, ...). ID: 4330 GenerateWimaxMipKeys plug-in: Create key generator plug-in for WiMAX. ID: 4331 AuthEapMsChapV2 plug-in: Support key mapping for Diameter. ID: 4335 Engine: Add a server property 'Client-Dictionary' to provide a global default codec over-ride. ID: 4337 Dictionary: Support Starent VSA format. ID: 4339 Maps: Add a length modifier to perform a strlen operation. ID: 4343 RadiusTool NasLoad scenario: Add support for duplicate users in the -userFile option. ID: 4345 AuthEapFast plug-in: Allow client certificate chain to be verified inside of the tunnel policy flow. ID: 4346 SMT: Add log channel wizard to insert Channel Entries. ID: 4348 Certificates: Sort and verify certificate chains. Feature lost during library changes. ID: 4352 Launchers: Add support for generic meta-options in the configuration file 'aaa-exec.cfg'. ID: 4353 Maps: Add get( n ) modifier for list values. ID: 4354 Admin Interface: Change the default listener for the telnet style connection to bind the loopback interface. ID: 4358 SMT: Add #auto method stats to Server Statistics Panel. ID: 4361 Maps: Add the 'if' modifier. ID: 4363 TLS: Allow trust to be based on a subordinate CA certificate. ID: 4365 EAP-AKA/EAP-SIM: Use pseudonym generation per 3GPP TS 33.234. ID: 4367 EAP: Support expanded types per RFC 3748. ID: 4371 Stats: Add 'Garbage Collection' statistics group. ID: 4373 SMT: Add reload button to Stats Collector panel. ID: 4378 SMT: Add Replication Stats to the Server Statistics Panel. ID: 4382 CheckMandatory plug-in: Add new plug-in to allow ensuring all mandatory AVPs are checked in the current policy flow. Useful for Diameter or TACACS+. ID: 4384 Tools: Regularize tool names for consistancy. ID: 4395 AuthEapDS2460 plug-in: Add a new plug-in to support the femto project. ID: 4396 Dictionary: Update Juniper Unisphere 4874 VSAs. ID: 4397 AuthEapTls, AuthEapTtls, AuthEapPeap, and AuthEapFast plug-ins: Support PKCS11 Key Stores with TLS based plug-ins. ID: 4398 Cipher plug-in: Support PKCS11 key store and providers. ID: 4400 Http server: Convert to use Tomcat. Allows deployment of internal servlets for provisioning, etc. ID: 4409 Maps: Add Thread-Name and Worker-Number attributes to system variable group. ID: 4434 USSv2: Add a second generation implmentation of the USS. Allows 4468 for multiple database instances, and an active-active deployment 4538 scenarios. ID: 4435 Change the product name from VitalAAA to 8950 AAA. 4464 ID: 4442 Maps: Add keepStructure modifier. ID: 4459 aaa Launcher: Make the wait time for server startup or shutdown configurable in 'aaa-exec.cfg'. Change the default from 90 to 180 seconds. ID: 4499 Engine: Change default realm parsing to just '@'. ID: 4501 Radius engine: Support reponse caching for re-transmitted requests after a lost response. ID: 4504 Maps: Add 'getPlaintextPassword' modifier. Works against the internal security system. (security_users, etc). ID: 4506 Admin Interface: Add commands to access stats collector data. ID: 4508 AuthEapTls plug-in: Make client authentication optional. ID: 4522 Dictionary: Add Omniswitch VSAs. ID: 4527 Dictionary: Add 5750 SCC VSAs. ID: 4539 QueryUss plug-in: Generalize eligible state property. ID: 4541 StateClient plug-in / Radius engine: Send error dispositions from policy flow as a +3 packet type, rather than discarding. ID: 4556 SMT: Database panels to work with Derby schemas. (provision, aaa, log). -=5.2.11 Release=- 2008/08/17 ID: 4787 USS Index Manager: Reduce memory footprint, especially for single entries. -=5.2.10 Release=- 2008/08/13 ID: 4767 Ldap plugin: Add ReuseOnTimeout property per Jdbc pattern. ID: 4770 AI: Add '-reset' option to 'diag engine stats' command. ID: 4774 Ldap/Jdbc plug-ins: Add maximum age property for cached connections. ID: 4775 Ldap plug-in: Add logging about socket(local port) is being used in a server connection. ID: 4781 Ldap/Jdbc plug-ins: Add method properties XXXX-ConnectingLimit which allow concurrent connection creation for the same server. -=5.2.9 Release=- 2008/04/03 ID: 4564 WiMAX: Update dictionary to WiMAX Forum Release 1, Version 1.2 ID: 4575 WiMAX: Update dictionary to use new values for prepaid. ID: 4584 Admin Interface: Add 'diag engine status -reset' command. ID: 4596 SMT: Enhance formatting of grouped values in USS entries in the LiveAdministrator panel. -=5.2.8 Release=- 2008/02/15 ID: 4487 Dictionary: Add VSAs. ID: 4494 ReadStanzaText plug-in: Add a plugin that reads an entire stanza (user) file into a variable for use by an subsequent Iterate plug-in. ID: 4544 Maps: Add 'contains' and 'within' modifiers. -=5.2.7 Release=- 2008/01/28 ID: 4491 Iterate plug-in: Add support for Iterate-AuthDispScope (authorative disposition scope) method property. -=5.2.6 Release=- 2008/01/21 ID: 4451 Dictionary: Change WiMAX-NAP-ID and WiMAX-BS-ID to hex. ID: 4452 Added new WiMAX attributes to dictionary as defined in WiMAX Forum NGW 1.1.2 Stage 3 specification. ID: 4453 Added location checking based on WiMAX-BS-ID to Evolium W3 sample. ID: 4467 Added reverse modifier to mapping language. ID: 4475 AuthLocal plug-in: Externalize user name attribute used for MS-CHAP-V2. ID: 4477 Derby: Provide default derby.properties file to ease turning on database authentication. ID: 4481 ReadSectionText plug-in: Back port to version 5.2 ID: 4482 Policyflow Message catalog: Back port to 5.2 -=5.2.5 Release== 2007/11/19 ID: 4422 Evolium-W3 sample: Add concurrent session enforcement. ID: 4423 Evolium-W3 sample: Ignore empty values for profiles. ID: 4429 Maps: Add MissingIsError, EmptyIsMissing, and EmptyIsError modifiers. ID: 4430 TLS: Exception thrown for bad server name in ServerName extension. Remove fixed check and allow policy flow to check. -=5.2.4 Release== 2007/10/23 -=5.2.3 Release== 2007/10/19 ID: 4290 Dictionary: Update Media-Flow-Type in WiMAX-QoS-Descriptor VSA. ID: 4377 Dictionary: Add Alcatel-Billing-Mode VSA. ID: 4381 TACACS+: Make the decoding of ARGs more lenient, to allow interoperability with non-draft 1.78 compatible devices. Also decode the arguments into separate AVPs in the form TACACSPLUS-Arg- = . These AVPs will be ignored during any encode operations. ID: 4405 ReadColumnarText, ReadDelimitedText, Compare, and Branch plug-ins: Add prefixOf, suffixOf, and within operators to compare operations. -=5.2.2 Release== 2007/07/27 ID: 4302 SMT: Add better confirmation of removing all records from tables and databases. ID: 4257 Diameter: Deal with a SSLv2 client hello in the TLS link exchange. ID: 4283 Maps: Add the 'vaAVPair' modifier. Simplifies creation of the VA-AVPair attribute in policy flow. -=5.2.1 Release== 2007/06/22 ID: 3698 SMT: Restore dictionary editor functionality and add Diameter application support. ID: 4194, 4195, 4196, 4197, 4199, 4200, 4201, 4203, 4204, 4205, 4206, 4210, 4211, 4212, 4213, 4217, 4218, 4219, 4252, 4253, 4254 Perform various optimizations to reduce contention on shared memory data structures. This allows better scaling on multi-processor (multi-core) servers such as the T2000. ID: 4229 Support RFC 4849: RADIUS Filter Rule Attribute. ID: 4230 Support RFC 4818: Delegated-IPv6-Prefix Attribute. ID: 4238 Radius plug-in: Log received responses at VERBOSE if the authenticator check fails. ID: 4262 AuthEapPeap, AuthEapTtls plug-ins: Allow optional client certificate authentication. ID: 4268 Dictionary: RFC 4679: Add DSL Forum VSAs. ID: 4272 GetNMASPwd pluglet: Provide access to userPassword attribute for Novell eDirectory. ID: 4274 Maps: Add fromList, toList modifiers. ID: 4275 Dictionary: Add Lucent-VID-Home-Area VSA. ID: 4276 Java plug-in: Support '*' syntax in reply map. ID: 4279 EAP plug-ins: Remove code that resends EAP-Message when an error occurs. ID: 4286 AuthEapFast plug-in: Support RFC 4851: EAP-FAST -=5.2.0 Release== 2007/04/30 ID: 2184 Core: Add an interal cron-like function. This allows the injection of new work items based on the current time. ID: 3327 AuthEapTtls plug-in: Support TLS session resumption. ID: 3328 AuthEapPeap plug-in: Support TLS session resumption. ID: 3635 PolicyAssistant: Add a second LDAP Server option for LDAP User Source. ID: 3715 SMT: add ability to define codec when adding client. ID: 3796 Dhcpv6 plug-in: Add a plug-in to support DHCP access over IPv6. ID: 3905 SNNP MIBs: Support IPv6 radius MIBs. RFC 4668 on RADIUS Authentication Client MIB for IPv6. RFC 4669 on RADIUS Authentication Server MIB for IPv6. RFC 4670 on RADIUS Accounting Client MIB for IPv6. RFC 4671 on RADIUS Accounting Server MIB for IPv6. ID: 4032 AuthEapTls, AuthEapTtls, AuthEapPeap plug-ins: Support 4038 configuring the cipher-suites negotiation. ID: 4054 AuthEapTls, AuthEapTtls, AuthEapPeap plug-ins: Support mapping the AuthorityInfoAccess field in the certifcate map. ID: 4055 Engine, dictionary: Add WiMAX QoS attributes to support Evolium W3 release. ID: 4085 Add config parameter to AkaXor class to truncate XRES. ID: 4093 SMT: Hide Passwords on DB Panels. ID: 4100 Stats: Restore the experimental statistics/instrumentation collector/visualization. Requires a special license. ID: 4109 Support AKA algorithm specified in 3GPP2 S.S0055-A. ID: 4135 Jdbc plug-in: Add Jdbc-ExtraConnectionProperties method property. ID: 4157 Dictionary: Add new 3GPP attributes from TS 29.061 v7.3.0. ID: 4168 Dictionary: Add four VSAs for CIO. -=5.1.12 Release== 2007/11/16 -=5.1.11 Release== 2007/11/09 ID: 4420 USS: Implement work striping for replication queues. Back port concurrency optimizations for the index and counter managers. -=5.1.10 Release== 2007/10/29 ID: 4414 SDHLR: Support wildcard cache delete message handling. Honor the 'LAST' flag sent in cache updates for reload event injection. -=5.1.9 Release== 2007/10/26 ID: 4410 StateServer plug-in: Add IgnoreMap property. Allows reading of data from the USS even when the current event is being ignored. ID: 4411 Squelch plug-in: Add new plug-in. Allows checking of recently handled activities. -=5.1.8 Release== 2007/10/09 ID: 4389 Engine: Execute shutdown handlers when the JVM is signal terminated. (quit,term) ID: 4390 Admin interface: Add 'diag slots' command to dump Radius plug-in slot tables. ID: 4393 Launcher scripts: Handle '-d32', '-d64' java options, in order to support 64 bit JVMs. (va, vaexec) ID: 4412 Engine: Improve performance when rescheduling work. -=5.1.7 Release== 2007/06/13 -=5.1.6 Release== 2007/05/30 ID: 4215 SDHLR: Remove queue names from list when not available. This compensates for missing queue deregisration messages if the DAG crashes. ID: 4216 Perform: Lock contention in FieldMapper class. ID: 4234 SMT: Add Queue Average Depth to SMT Statistics panel. ID: 4235 AI: Enhance output of 'diag queue list' command. ID: 4239 Perform: Add cache for FieldMappers in MapValue class. ID: 4243 LDAP/USS: Improve performence and error reporting. -=5.1.5 Release== 2007/04/17 ID: 4170 Instrumentation: Add statistics to the methods group to support timing how a long a method is suspended, or waiting for a challenge response. ID: 4173 GenerateAkaQuintet plug-in: Remove invalid SQN jump check. ID: 4174 RolloverManager: Support custom patterns when using special rollover periods. (Ones that require patching the output of the pattern). ID: 4176 TACACS+: Incorporate initial customer feedback on feature. -=5.1.4 Release== 2007/04/05 ID: 4143 TACACS+: Change variable names of PPP identifier in CHAP and MSCHAP outbound scenarios. ID: 4160 AttributeFilter plug-in: Add method property AsciiAlphaNumOnly. ID: 4163 USS triggers: Add information about the HA-USS state to the trigger meta-data. -=5.1.3 Release=- 2007/03/16 ID: 4117 Iterate plug-in: Add SortOrder and SortType method properties. This enables executing the input lists in a given order. The Shuffle property has been subsumed into SortOrder. ID: 4126 Maps: Add asString, isName, Convert, Multiply, aned Divide modifiers. ID: 4127 TACACS+: Rework variable name mapping. See TacacsPlusVariables.html for details. ID: 4128 Challenge plug-in: Add MergeMap property. Needed to support TacacsPlus. ID: 4129 WriteX733OmLog plug-in: Added for USDS integration. ID: 4130 WriteOmLog plug-in: Added for USDS integration. -=5.1.2 Release=- 2007/02/21 ID: 4005 AI commands: Add IPAM diagnostic commands 'ipam lease' and 'ipam dump'. ID: 4011 Maps: Add toUTF8 and fromUTF8 modifiers. ID: 4022 IPAMv2: Add additional pool allocation strategies. ID: 4031 SMT: Add addition well-known properties to the diameter peer editor. ID: 4039 AuthSafeword plug-in: Update Safeword SDK to version 4.0. ID: 4064 Maps: Add LocalRadiusSockets modifier. ID: 4073 SMT: Diameter Request/Answer Map Dialog Wizard enhancements. -=5.1.1 Release=- 2006/12/29 ID: 3382 AuthHttpDigest plug-in: Add support for the server choosing nonces. ID: 3562 Radius, StateClient plug-in: Add a property to force signing request packets with the Message-Authenticator attribute. ID: 3563 Engine: Change client and server properties 'check-authentictors' syntax to allow forcing received packets to be signed. ID: 3637 HA-USS: Detect primary down more quickly. ID: 3646 ReadHlrAuth plug-in: Add quintet to triplet downgrade support. ID: 3666 AuthEapTls: Support reading CRL-Distribution-Point field from certificate. ID: 3674 Diameter: Permit setting of Origin-Host as a server property. ID: 3675 Diameter: Allow access to the local Origin-Host value in policy flow as ${system.origin-host}. ID: 3679 Diameter: Make realmroutes and peers file reloadable. ID: 3738 Admin Interface: add command, 'state stop all', to purge state server (USS) entries. ID: 3748 AuthHttpDigest plug-in: Allow use of Digest-HA1 instead of Password. ID: 3761 ConfigServer: Add SSH Interface to secure access to admin interface. ID: 3816 CALEA/Lawful Intercept support. Add support for Lawful Intercept with SS8 WDDF as provisioning tool and destination for IRI messages. ID: 3859 Engine: Add ability to create EAP-Message in policy flow. EAP-Message AVP is now a structured (group) value. ID: 3879 Engine: Various changes to improve multi-thread concurrency. This improves scaling on multi-CPU systems. ID: 3903 Dictionary: Add the Diameter Cx appliction. ID: 3904 Dictionary: Add the Diameter Sh appliction. ID: 3906 RFC4590: RADIUS Extension for Digest Authentication ID: 3907 RFC4675: RADIUS Attributes for Virtual LAN and Priority Support. ID: 3929 USS: Allow setting (and remembering) timeout values for any state, not just the 'next state'. ID: 3930 Maps: Add timestamp modifiers millisBeforeNow and millisAfterNow. ID: 3932 Support RFC 4284 - Identity Selection Hints for EAP. ID: 3948 ReadXml plug-in: Add new plug-in to support parsing XML text. ID: 3952 SMT: Write a message to the Configuration Server log when reading and writing files. ID: 3965 SMT: Diameter Plugin wizard for entering request/success map attributes. ID: 3967 SMT: Add log messages in database panels for auditing. ID: 3971 Diameter: Change realm-route key elements. ID: 3981 SMT USS Address Mgr: Add better validation when adding or modifying Pool entries. ID: 3982 SMT USS Address Mgr: Change Pool entry modification to not allow changing of pool name. ID: 3983 SMT USS Address Mgr: Separate stats into own panel under Monitoring section in SMT. ID: 3984 SMT USS Address Mgr: Change stats panel to have a list of selector instead of tabs. ID: 3985 SMT USS Address Mgr: Add threshold and percent of addresses used to stats. ID: 3986 SMT USS Address Mgr: Add searching ability to USS Address Mgr configuration panel. ID: 3988 SMT USS Address Mgr: Add printing ability to USS Address Mgr statistics panel. ID: 4001 AI commands: Cleanup of 'state' commands. Renamed to 'uss'. Add 'uss status'. Remove 'state repl secstate'. -=5.1.0 Release=- 2006/11/22 ID: 3693 Ldap Plug-in: Support returning multiple entries returned in searches. ID: 3694 Ldap Plug-in: Support referrals. -=5.0.11 Release=- 2006/11/06 ID: 3878 SMT: Port stats panel: add ability to display multi-line values in table. ID: 3912 Ldap plug-in: Hide the bind password in debug output unless the server property Reveal-Hidden-Attributes is enabled. ID: 3912 Jdbc plug-in: Hide the password and url in debug output unless the server property Reveal-Hidden-Attributes is enabled. ID: 3938 SMT: Add support for the Diameter OriginHost server property. -=5.0.10 Release=- 2006/09/29 ID: 3813 Dictionary: Update Juniper VSAs. ID: 3856 Compare plug-in: Allow specifying input types, which can improve performance if known in advance. ID: 3858 ldap.jar: Use code from openldap.org repository. ID: 3862 PolicyGraph: Support splitting the graph into mulitple outputs, one per policy flow file. ID: 3869 Maps: Add isAuth & isAcct modifiers. ID: 3871 SMT: Don't escape system properties in system information dialog unless absolutely required. ID: 3881 QueryUss plugin: Add support for retrieving USS entries either by the primary or nas key indices. Uses or instead of the normal index name. -=5.0.9 Release=- 2006/08/26 ID: 3785 Call, Fork, Iterate plug-ins: Add Success, Failure, and Challenge maps ID: 3835 Pluglet API: Add a way to write multi-value outputs ID: 3837 TestClient NasLoad: Add option to condionally copy AVPs from Accept ID: 3840 Maps: Add modifiers that can format timestamp with millisecond precision (FormatLocalTimestampWithMillis and FormatGmtTimestampWithMillis) ID: 3841 Maps: Add the following modifiers: dright(delim), dleft(delim), nright(count), nleft(count), require(value), prohibit(value), require-range(low,high), prohibit-range(low,high), isNumeric ID: 3844 Allow nasBaseAddress to be a IPv6 address and increment last last four bytes to allow for different NAS-IPv6-Adddresses to be sent to match nasCount setting. ID: 3845 Dictionary: Add support for CIsco Airspace attributes ID: 3846 AuthEapSim/AuthEapAka: Have better log key generation for fast reauthentication ID: 3847 Add new modes to file rollover for the following times In minutes: 1,2,3,4,5,6,10,12,15,20,30 In hours: 2,3,4,6,8,12 In months: 2,3,4,6 In years: 1 -=5.0.8 Release=- 2006/07/18 ID: 3829 Maps: Support the 'Exists' modifier. -=5.0.7 Release=- 2006/07/15 ID: 3819 Maps: Support the 'ToCode' modifier for boolean value type. ID: 3825 Security subsystem: Allow the ability to specify file rules in VA-Access-Rule that allow escaping from the install run directory. -=5.0.6 Release=- 2006/07/11 ID: 3729 ReadDelimitedText/ReadColumnarText plug-ins: Add LIST mode. ID: 3791 Maps: Add logic to convert a map-formatted string to a real group value after the first sub-element is referenced. ID: 3792 ReplyGenerator plug-in: Add new plug-in. ID: 3794 ReadDelimitedText/ReadColumnarText plug-ins. Add PREFIX and REALM modes. ID: 3797 Maps: Add SHUFFLE modifier, which randomizes the contents of a list value. ID: 3798 AllowList/DenyList plug-ins: Optimize data structures to deal with many non-wildcard entries. ID: 3799 SubString plug-in: Add new plug-in. ID: 3800 Split plug-in: Add the ability to return the split input value as a complete list value using '${*}' syntax. ID: 3801 Dictionary: Update Ericsson VSAs. ID: 3802 Dictionary: Update Aruba VSAs. ID: 3803 AllowList/DenyList plug-ins: Allow the the input file to be dynamic. ID: 3806 ReadDelimitedText/ReadColumnarText plug-ins. Add RANGE mode. ID: 3807 Maps: Support the 'ToCode' modififer for various enumeration value types. ID: 3809 Maps: Add the 'Session-Id' variable to the SYSTEM variable group. This allows one to generate a unique session ID for policy flow. ID: 3810 CheckCondition plug-in: Add new plug-in. -=5.0.5 Release=- 2006/06/14 ID: 3755 Challenge plug-in: Make the 'Challenge-ReplyMsg' property optional. ID: 3760 va, vaexec: Add support for new options, '-path/p', '-path/a' '-native/p', '-native/a'. These allow additional ability when setting up either the PATH or LD_LIBRARY_PATH environment variables. (The native options are not available on Windows). ID: 3763 ReadCache plug-in: Add support for 'ReadCache-Remove' method property. This allows one to remove an entry after reading it. ID: 3764 WriteCache plug-in: Add support for the 'WriteCache-Replace' method property. This property defaults to 'TRUE' (the old behavior), but if set to 'FALSE', the entry will only be written if it doesn't already exist. If it does exist, a Method-On-Failure dispositon will be returned. ID: 3776 Dictionary: Add the '3GPP-IMEISV' attribute. ID: 3790 Dictionary: Add the 'Chargeable-User-Identity' attribute per RFC 4372. -=5.0.4 Release=- 2006/05/17 ID: 3545 Dictionary: Added new IS-835-D 3GPP2 RADIUS VSAs. ID: 3686 Add protocol value to packet variable group with value of radius or diameter. ID: 3693 Ldap Plug-in: Support multiple search result entries. ID: 3693 Ldap Plug-in: Support referrals. ID: 3736 Add resultcode property to NasLoad callback used by RADIUS test client. ID: 3737 Add resultcount property to RADIUS and Diameter test clients. -=5.0.3 Release=- 2006/04/27 -=5.0.2 Release=- 2006/04/24 -=5.0.1 Release=- 2006/04/03 ID: 3432 Dictionary: Update Juniper-Unisphere VSAs. ID: 3610 Dictionary: Update Juniper VSAs. ID: 3615 Dictionary: Add Riverstone VSAs. ID: 3526 Certificate tool: Allow setting of subjectAltName value dNSName to generated certificates. ID: 3643 EAP-SIM and EAP-AKA: Add support for Milenage algorithms that use OP_C rather than OP. ID: 3645 Dictionary: Add Ericsson Datacom Access VSAs. ID: 3648 Setup: Give better diagnostics if trying to install with an unsupported JVM. ID: 3652 Dictionary: Add support for a new data type, Salted Integer. ID: 3653 Dictionary: Add support for a new data type, Salted IPv4Address. ID: 3657 Setup: Automatically upgrade 4.x policy flow files when installing. -=5.0.0 Release=- ID: 1864 Security: Add SSL support to RMI and HTTP servers. ID: 2966 Snmp plug-in: Added. The Snmp plug-in can send an SNMP Get, Set, Trap or Inform PDU using SNMP version 1, 2c or 3. ID: 3079 Admin Interface: Add SSH access. ID: 3301 AuthDefender plug-in: This deprecated plug-in has been removed. ID: 3302 ReadLdap plug-in: This deprecated plug-in has been removed. ID: 3351 Engine: Enhance nested policy flow. Now able to arbitrarily nest call, fork and tunnel policy flows. ID: 3409 Diameter plug-in added. This plug-in can be used in diameter policy flows as a proxy client, or in radius policy flow to perform protocol translation. ID: 3515 Admin inteface: The 'state fastlist' command has been removed. ID: 3541 Engine: Support receiving RADIUS packets on an IPv6 interface. ID: 3568 Exec plug-in: Add support for working dir, redirect errors, and environment setup. ID: 3623 WriteDelimitedFile plug-in added. An alternative to the Classic plug-in in body template mode. ID: 3639 If plug-in added. This plug-in simplifies policy flow branching on boolean values. -=4.5.7 Release=- ID: 3629 ReadHlrAuth plug-in: Add property to flatten vectors for the AuthEapSim and AuthEapAka plug-ins. -=4.5.6 Release=- -=4.5.5 Release=- ID: 3607 Dictionary: Add Azaire VSAs. ID: 3611 Server: Add server property RADIUS_Traffic_Class which when configured, sets the TOS socket option on the radius listener sockets. Radius plug-in: Add method property Radius-TrafficClass, as above. -=4.5.4 Release=- ID: 2816 Added simple sample for IS-835-C support. ID: 3565 StateServer plug-in: Add special map variable to set new state when processing events of type NONE. ID: 3570 PolicyAssistant: added support for new AuthRsaAce plug-in. ID: 3574 AuthRsaAce plug-in: Removed experimental status. ID: 3579 AuthEapSim and AuthEapAka plug-ins. Change debug trace to not give the impression an ERROR disposition isn't supported from the inner (vector retrieval) policy flow. -=4.5.3 Release=- ID: 3494 Dictionary: Add IS-835-D VSA for 3G QoS. ID: 3522 Engine: tighten input parsing rules on various password types to only allow lengths on full block boundaries. ID: 3530 nrexec: Set DYLD_LIBRARY_PATH for Mac OS X (Darwin) platform. -=4.5.2 Release=- ID: 3285 AuthEapAak and GenerateAkaQuintet plug-ins: Add experimental plug-ins to support AKA authentication over EAP. Requires a special license. ID: 3465 CheckItems plug-in: Suport check items that are structured or grouped. ID: 3476 Admin interface: Add commands 'eap sim cache' and 'eap aka cache' to allow access to the fastreauth cache. ID: 3482 AuthRsaAce plug-in: Support multiple ACE servers. ID: 3505 Dictionary: Add Acme VSAs. ID: 3506 Maps: Make mapping langauge support more consistent when dealing with grouped or structured variables. ID: 3510 AuthHttpDigest plug-in: Experimental status has been removed. ID: 3512 SMT: Don't remove experimental plug-ins from the editor. -=4.5.1 Release=- ID: 3012 AuthEapSim plug-in: Added to support SIM authencation over EAP. Requires a special license. ID: 3119 AuthRsaAce: Add an experimental version of the AuthSecurId plug-in that uses all native java code. ID: 3355 PolicyAssistant: Support the mapping of EAP-Identity back from tunnel methods. ID: 3363 Dictionary: Add VSAs to support sending SIM/HLR data over RADIUS. ID: 3376 SMT: The certificate panel UI has been improved. ID: 3379 AuthLocal plug-in: Add support for a new Auth-Type, VON. ID: 3384 ReadMapGateway: Added to support reading data from a HLR through an Ulticom MAP gateway. ID: 3402 PolicyAssistant: Add support for determining User-Name for EAP-MSCHAPv2. Try both User-Name and User-Name@Realm. ID: 3403 SMT/HAUSS: Support RMI operations on hosts with multiple network interfaces. ID: 3408 USS: Add flow control to triggered events. ID: 3415 AuthSecurId plug-in: Update native libraries to version 5.0.3.2. ID: 3435 SnmpTrap channel: Add properties to support splitting log text 3436 by EOLs into separate traps. Add a property to specify the EOL characters sent when the message isn't split on EOL. ID: 3450 Engine/Radius plug-in: Add properties to tune UDP send/recv buffer sizes. ID: 3454 Dictionary: Add HRPD AT Identifier attribute. ID: 3460 QipDhcpUpdate plug-in: an experimental plug-in has been added to support updating the QIP DHCP product. ID: 3461 Jdbc plug-in: Add a CacheConnections property. ID: 3470 Logging: Add properties to various log channels to format the name of the thread issueing the log output. -=4.5.0 Release=- ID: 2849 Ldap plug-in: Add SSL support for secure communications with an LDAP server. ID: 2853 Support RFC 3576. This includes the following features: Add a boolean server property, Cache_Nas_Routes, which enables remembering which client to send NAS requests packets to. Add the ReadClient plug-in, needed to look up a client secret in policy flow. The sample 'dynamic-auth' has been added showing how to uses this feature. ID: 2953 Add a sample script that shows how to implement a sequential rollover scheme for log files. ID: 2954 SMT: support stopping/clearing an active USS session. ID: 3040 Improve compliance with RFC 3579 (Radius/EAP). NavisRadius does not comply with forbidding role reversal, as that would break Cisco LEAP support. ID: 3070 Add 3GPP VSAs 12-19 to the dictionary. ID: 3099 Maps: Add modifiers ToUnicodeBigUnmarked, FromUnicodeBigUnmarked, ToUnicodeLittleUnmarked, FromUnicodeLittleUnmarked. These allow byte to/from string conversions in the indicated character sets. ID: 3164 PolicyAssistant: Allow the internal certificate tool to be invoked while creating a policy that requires certificates. ID: 3173 Engine: Allow the client timeout property to be specified independently for AUTH and ACCT policy flows. ID: 3198 ReadClient plug-in: Allows reading client properties given a client address. ID: 3218 Address plug-in: Add a simple IP address pool manager. ID: 3220 AuthDefender plug-in: Mark as deprecated. The prefered Defender solution is to use RADIUS proxy. ID: 3226 USS: Add trigger support to allow execution of arbitrary actions on USS state transitions, and missed events. ID: 3247 Dictionary: Update 3GPP2 attributes 79, 80, 114, 116. 3377 ID: 3253 PolicyAssistant: Add a user source of NONE in order to simplify configuration of tunneled EAP auth types. ID: 3287 AuthHttpDigest plug-in: Added to support http://www.ietf.org/internet-drafts/draft-sterman-aaa-sip-04.txt This initial version only supports the mode where the RADIUS client chooses the nonces. ID: 3298 WriteCache plug-in: Make the 'Map' property optional. ID: 3304 Cache plug-ins and AI: Add support for named caches. ID: 3320 StateServer plug-in: Add a new property, 'StateServer-NasAttribute', which allows the primary key to not contain the Nas information. ID: 3321 State AI: Remove the ability to set arbitrary values to counters. The 'state stop' command should be used to remove stuck entries. This will update/fix the counters by side effect, and leave the cache in a consistent state. ID: 3323 AuthEapTls, AuthEapTtls, and AuthEapPeap plug-in: Verify that the public key in the certificate and private encrypted key in a file match each other. ID: 3326 AuthEapTls plug-in: Support TLS session resumption to speed up reauthentication. ID: 3330 Logging: Remove the confusing use of the 'OFF' log level. Add levels 'ALWAYS' and 'NEVER' to be used by log generators WriteLog and Return. ID: 3331 Exists plug-in added: Allows a straight forward check of variable existence in policy flow. ID: 3334 Dictionary: Add 'Framed' as an alias to 'Framed-User' for attribute 'Service-Type'. ID: 3360 AuthEricssonH235 plug-in added. ID: 3361 Dictionary: Add Ericsson-Vig attributes. ID: 3366 QueryUss experimental plug-in added. This allows the USS to be queried for entries given an index value, rather than the primary key. ID: 3380 Empty plug-in added. Allows checking for an empty variable group in policy flow. ID: 3393 USS and SMT: Change the statistical model of the USS to capture finer grain and more exact events. Have the SMT display them. -=4.4.4 Release=- ID: 3293 Launcher: Add support for platform specific options to be be specified in the nrexec.cfg file. -=4.4.3 Release=- ID: 3245 Make the plug-in documentation available through the internal HTTP server. ID: 3270 Add Starent VSAs to the dictionary. ID: 3271 Engine: Allow an optional map to be executed when populating the request variable group from the wire decode. This allows, for example, the ability to process a request with two Nas-Port attributes. This map is specified by server property Wire_Decode_Map. ID: 3274 Engine: A safety check to prevent setting the number of worker threads higher than 50 has been added. ID: 3276 Add Nokia GGSN VSAs to the dictionary. ID: 3283 Add WISPr VSAs to the dictionary. -=4.4.2 Release=- ID: 3244 SMT/PolicyAssistant: Improve and clarify the relation between transports and tunnel types. ID: 3258 CertificateManager: Add -rcf command line option to allow setting the root certificate file. ID: 3261 nrtest(RadiusClient): Add a -si command line option to allow the periodic dumping of statistics. -=4.4.1 Release=- ID: 3059 Add Foundry Networks VSAs to the dictionary. ID: 3142 Add Colubris VSA to the dictionary. ID: 3161 Add Trapeze Networks VSAs to the dictionary. ID: 3162 PolicyAssistant: Attributes retrieved from inner (tunnel) policy are now available to the outer processing path. ID: 3166 SNMP: Index numbers for RADIUS MIB clients and servers are now consistent between server reboots. ID: 3178 JDBC plugin: Add property JDBC-ReuseOnTimeout to allow a connection to be reused after an execution timeout. ID: 3181 JDBC plugin: Replace property JDBC-Timeout with JDBC-ConnectionTimeout and JDBC-StatementTimeout. ID: 3183 Maps: Add new read-only mapping variables system.seconds and system.milliseconds. (In units since the epoch(1970)). ID: 3185 LDAP plugin: Replace property LDAP-Timeout with LDAP-ConnectionTimeout and LDAP-OperationTimeout. ID: 3187 nrexec: Change JVM garbage collection parameters for the radius server. ID: 3188 SMT: Proxy statistics were rearranged to make clear the distinction between requests and answers. ID: 3193 EAP plugins: Rather than sending a EAP-MSCHAPV2 Failure Request with a rety count of 0 as described in Section 2.5 of Kamath EAP-MSCHAPV2 draft, NavisRadius now terminates the authentication conversation with an EAP-Failure. This change was made to accommodate certain Windows supplicants that could not process EAP-MSCHAPV2 Failure Requests with a retry count of 0. See sections 2.8 and 2.9 of http://www.ietf.org/internet-drafts/draft-kamath-pppext-eap-mschapv2-01.txt for more detail. ID: 3196 Update Redback VSAs in the dictionary. ID: 3202 Update the LDAP libraries with newest code from Novell. This may help with an unreproducable hang condition. ID: 3203 WebServer: Add a command servlet. Allows commands to be injected into the admin interface by means of web forms. ID: 3204 Iterate plugin: Add an experimental plugin to aid writing policy flow loops. Subject to change without upgrade support. ID: 3206 Set plugin: Improve support for set operations on multi-valued values. ID: 3216 HAUSS: Support state save file when running as a secondary. -=4.4.0 Release=- ID: 2637 Comply with IS-835B. ID: 2751 IS-835-B: Add CIDR mode to ReadColumnarText, ReadDelimitedText, and Branch XXXXX-SearchKey method property. ID: 2752 Create the ReadDns plug-in. ID: 2753 Create the UpdateDns plug-in. ID: 2804 SMT: The live adminstrator panel now shows the results of a 'script exec' command. ID: 2810 SMT: Add ability to filter file names by extention in the SQL panel. ID: 2871 SMT: Add 'NEW' button to log rules panel. ID: 2873 SMT: Changing Sample time should reset timer. ID: 2878 SMT: Validate Method Select "Value" field depending on "Type". ID: 2921 SMT: Merge Active Log Rules with Other Log Rules. ID: 2922 SMT: Add "Save As Startup Log Rules" to Active Log Rules Panel. ID: 2929 Stats: Add method chain invocation counter. ID: 2930 SMT: Add Cache manager/viewer like the StateServer panel. ID: 2952 Classic plug-in: Add variable name map for output processing. ID: 2972 Branch, ReadDelimitedText, ReadColumnarText: Add HASHCODE select mode. ID: 2973 Add security and system variable groups to maps. ID: 2978 Add sever property 'Log_By_Item' to log outside of work item. ID: 2986 SMT: Add/Improve support for graphical PolicyFlow viewing. ID: 2987 Logging: Add an option to continue or terminate after matching log rule. ID: 2993 PolicyAssistant: Make Database Accounting Schema selectable. ID: 2995 SMT: Add a certificate tool panel. ID: 3011 Logging: Support both an area and item condition in the same log rule. ID: 3014 SMT: Add type specific inputs for attribute editors. ID: 3056 Call plug-in: Add support for method property 'Call-CopyMode', similiar to the copy mode in the Radius plug-in. ID: 3065 All the INDIRECT modifier to retrieve modifier information as well as the variable name. ID: 3068 Split the 'chrono list' command into 'chrono list' and 'chrono dump'. The dump version output a more detailed version of the timer list. ID: 3075 Relax the section order requirements of certificates needed by various AuthEap plug-ins. ID: 3094 Add the EVAL modifier to the mapping language. Allows a full reference expression to be indirectly evaluated on the right hand side of an assignment. ID: 3103 Add ToGmtTimeStamp, FromGmtTimestamp modifiers. Add aliases to ToDate and FromDate as ToLocalTimestamp and FromLocalTimestamp. ID: 3111 Add EMPTY data type to dictionary. ID: 3124 Dhcp plug-in: Allow setting of dhcp-message-type in the request map. ID: 3127 Reorganize Admin Interface command tree. Many commands have changed. See the online help for futher information. ID: 3128 Change the Windows service launcher to honor configuration options set in nrexec.cfg. ID: 3131 Dictionary: Mark various Ascend attributes as internal in the max and taos16 codecs. -=4.3.12 Release=- ID: 3121 State: Add ability to save state cache in text format. -=4.3.11 Release=- No New Features -=4.3.10 Release=- ID: 2913 Add 'Windows-Dialin' to the attribute list available in the user file editor in the SMT when the PolicyAssistant has been installed. ID: 3008 Add support to enable decoding VSAs with the vendor number set to zero. Only needed with certain non-compliant RADIUS clients. ID: 3009 Add a new data type to the dictionary: Aligned-AFilter. This version of AFILTER is padded to the next 32 bit boundary past the minimum. ID: 3010 Add the ability to read PKCS#7 certificates by plug-ins that require configured certificates. ID: 3021 Nas Simulator supports a mode that send pre-auth requests. ID: 3023 Reduce overhead when examining MIB variables by the SMT. ID: 3028 Reduce overhead and cache contention when performing a 'cache list' AI command. ID: 3030 The AI command 'cache list' has been split into two commands, 'cache list' and 'cache dump'. The list version gives a summary, while the dump version give a complete dump. -=4.3.9 Release=- ID: 2906 NT-LocalGroup and NT-GlobalGroup have been added to the default list of attributes available in the SMT for the user/template editor. ID: 2965 Ldap plugin: In order to retrieve certain fields in a query variables used in the Ldap-Map are added to the actual query sent to the ldap server. ID: 2969 A new tool, nrcert, has been added to allow the creation of certificates needed by certain EAP plug-ins. -=4.3.8 Release=- ID: 2910 The WriteMail plug-in now supports multiple recipients. ID: 2911 Add attributes to dictionary to support 3Com PSDN. ID: 2912 Add attributes to dictionary to support Juniper. ID: 2916 Improve 'cache list' output formatting. ID: 2920 The CacheManager now supports writing the contents of the cache at server shutdown, and reading the contents at server startup. Admin interface commands 'cache save FILE' and 'cache load FILE' were also introduced. ID: 2924 Return plug-in: Support specifying a log channel. (The Return-LogChannel method property). ID: 2931 Support socket address syntax with a wildcard port number. For example; *:* or 127.0.0.1:*. Add some additional syntax error detection. ID: 2933 SMT: The about dialog now links to 3rd party credits. ID: 2941 Add support for new client properties Client-Auth-Dictionary and Client-Acct-Dictionary. This allows one to use different dictionaries with a client depending on wheter the AUTH or ACCT policy flow is used. This is needed to support the IS-835A specificiation. -=4.3.7 Release=- No New Features -=4.3.6 Release=- ID: 2881 Support NavisRadius on the Windows Server 2003 platform. ID: 2796 Setup: Do not allow installing if Path has an ! in the path name. ID: 2824 Ldap: Support for attributes with binary data. ID: 2840 AttributeFilter: Minimum length check support. ID: 2859 nr and nrexec: Support java assertions and java VM selection. ID: 2861 HA-USS: Add support for RMI Timeout configuration. ID: 2867 Engine: Inactive items that exit with an ERROR dispositon are now logged at DEBUG level and not WARNING level. -=4.3.5 Release=- No New Features -=4.3.4 Release=- No New Features -=4.3.3 Release=- ID: 2750 EapNotification, a plug-in to send an EAP Notification message. ID: 2775 AuthNt-LookupServer, a new method property to support auto-detection of the server, given a domain. -=4.3.2 Release=- ID: 2694 AuthNt: Support for MS-CHAP-V2. -=4.3.1 Release=- ID: 2732 Dictionary/IS-878: Support MN ID values for attribute Callback-Id. ID: 2733 Dictionary/IS-878: Add 3GPP2-HRPD-Access-Authentication attribute. ID: 2734 Dictionary: Add 3GPP2 attributes 79, 80, 81 to dictionary. ID: 2735 Dictionary: Support KTF attribute 3GPP2-IN-Infornation. ID: 2736 Dictionary: Change True/False & On/Off 3GPP2 dictionary attributes to use type Boolean. ID: 2738 Core: Add AutoChecks methods to methodstats. ID: 2742 Core: Add COUNT and RANDOM map modifiers. ID: 2745 WriteUmtsCdr: Change limit on IMSI field to 15 digits. ID: 2746 WriteUmtsCdr: Change default value for WriteUmtsCdr-CauseForRecordClosing. ID: 2747 Core: Add Method-On-Eap-Nak to EAP plug-ins. -=4.3.0 Release=- ID: 1225 DHCP: Disable broadcast address server support. ID: 1662 Logging: Log Channelizer to direct logging to specific logging sources. ID: 1739 SNMP: RADIUS client MIBs support (RFC 2618 & 2620). ID: 1834 DHCP: Allow maps to support all DHCP options. ID: 1901 ReadLdap: Support socket address style Host:Port addresses. ID: 1939 SMT: Read SMT Properties from user's home directory. ID: 1975 SMT: Generic Database Panel for editing database contents. ID: 2004 SMT: Ability to generate zip file containing information needed for Technical Support. ID: 2131 AuthNative: Ability to be used in the accounting PolicyFlow. ID: 2251 AuthSecurId: Support for version 5 of the SecurId server. ID: 2298 SMT: Support hashing of password values in User File entries. ID: 2331 ReadUserFile: add prefix and suffix variables to map. ID: 2343 SMT: Add Radius Client MIB Stats to SMT. ID: 2413 PolicyAssistant: Add EAP support ID: 2442 SMT: Add Engine Stats to Statistics Panel. ID: 2456 Install: Add command line option for PolicyAssistant Install. ID: 2481 Core: Support for Windows XP ID: 2531 CheckX509Crl: Plug-in to check the serial number of a X.509 cert in a CRL. ID: 2554 PolicyAssistant: Redesign with all User Sources and Authentication types segmented into logical and distinct groups. ID: 2557 Support MS-CHAP2 in AuthLocal and autoCheckPassword. ID: 2558 Dictionary: ms-chap-mppe-keys type added. ID: 2563 AuthEapMsChapV2: plug-in for Microsoft EAP CHAP Extensions Protocol, Version 2, which encapsulates the MS-CHAP-V2 protocol within EAP. ID: 2568 Admin Interface: Add property argument to system command to retrieve a single system property. ID: 2581 Dictionary: Added Salted-Timestamp and Salted-Opaque data types. ID: 2588 Ldap: Plug-in to Search, Bind, Update, Write to a Ldap directory. ID: 2598 SMT: Change Admin Interface Panel to have Helper Panels. ID: 2609 SMT: Add ability to start/stop NavisRadius server from toolbar. ID: 2610 SMT: Add ability to hide Log Panel at bottom of window. ID: 2612 SMT: Remember All Hosts Connected in the SMT. ID: 2615 WriteUmtsCdr: Plug-in for Umts billing. ID: 2622 SMT: Add ability to view help for a Panel in SMT while editing panel. ID: 2625 AuthPeap: Plug-in for Protected EAP Protocol (PEAP) support. ID: 2628 SMT: Add Ability to Hide columns in Database Editor Panel. ID: 2629 SMT: Change Database Editor Panel to show all Columns in table format. ID: 2638 AuthEapTtls: Support for the EAP Tunneled TLS Authentication Protocol ID: 2641 Classic plug-in: All method properties are dynamic. ID: 2642 SMT: Add Searching Ability to PolicyFlow Editor. ID: 2645 WriteSnmpTrap: Add the ability to send an SNMP trap to a management system from PolicyFlow. ID: 2651 SMT: Method comment editable on a tab in plug-in configuration dialog ID: 2652 SMT: Context popup menu when viewing methods list for assigning control properties. ID: 2657 SMT: Have predictable order when writing file for method properties. ID: 2659 SMT: Ability to add and edit global comments to Auth and Acct methods files ID: 2661 AuthEapTls: Method properties are now dynamic. ID: 2662 PatternMatch: Allow multiple search modes (Key, Glob, and Regex) and branching. ID: 2663 Engine: Display variable group contents after each method when logging at debug level. ID: 2668 Open Snmp: Add support for the basic system group from MIB-2 ID: 2669 SMT: SQL Panel - Add Button To Open Script Files. ID: 2673 ReadGetpwnam: Allow load time of library to be configurable. ID: 2676 SMT: Add Additional Packet Type Enumerations to TestClient ID: 2677 SNMP: SNMP Access to the server is not logged. ID: 2698 Core: Parse EAP-Identity like User-Name. ID: 2700 SMT/StateServer - RMI: change port usage to be firewall friendly. ID: 2702 Engine: Support IPv6 prefix value type. ID: 2703 ReadLdap: Accented characters not escaped. ID: 2710 StateServer: Default Request MAP not invoked correctly. ID: 2714 JDBC: Add method properties for user and password. ID: 2720 QueueManager: unregister does not remove queue -=4.2.9 Release=- ID: 2693 AuthEapLeap: Support Leap authentication using Windows DOMAIN and ActiveDirectory users. -=4.2.8 Release=- No New Features -=4.2.7 Release=- No New Features -=4.2.6 Release=- ID: 2656 Radius: Allow inauthentic response packets to cause Failure disposition. -=4.2.5 Release=- ID: 2631 WriteSyslog: Plug-in to send messages to Syslog server -=4.2.4 Release=- No New Features -=4.2.3 Release=- No New Features -=4.2.2 Release=- ID: 2571 WriteFixedFile: Ability to specify padding character ID: 2574 EAP plug-ins now return error when EAP NAK received to a EAP request they do not support. -=4.2.1 Release=- ID: 2529 AuthEapTls: Add output property for certificate validation. ID: 2532 AuthEapMd5: Add ability to proxy as standard CHAP rather than authenticate locally. -=4.2.0 Release=- ID: 1438 Dhcp: Access to UDP port 67 verified at server initialization. ID: 1889 Core: Allow setting of Session-Timeout on Access-Challenge RADIUS packets and how long the server will maintain state for an Access-Challenge. ID: 1970 Core: All servers use server_properties file for configuration information. ID: 2000 RadiusClient: Support for adding Hex and Unicode values in strings using escaping. ID: 2010 Jdbc: Allow Jdbc-URL and Jdbc-Driver to be specified dynamically. ID: 2014 SMT: Preserve comments in the clients file. ID: 2068 SMT: Allow processing of uss_indexes file. ID: 2103 Engine: Method-Timeout creates replacement thread for "zombie" thread. ID: 2127 AuthSecurId: Ability to map user's shell as returned from the SecurId server to NavisRadius variables. ID: 2165 PolicyAssistant: Allow configuration of USS Server and Jdbc Server. ID: 2177 All Servers now accept -logLevel to set the initial logging level of the server. ID: 2203 AuthEapMd5: Plug-in support for EAP MD5 challenge. ID: 2204 AuthEapTls: Plug-in support for EAP-TLS as defined by the Internet RFC 2716. ID: 2205 EapIdentity: Plug-in support for getting the EAP identity from an authenticating peer. ID: 2208 SMT: Preferences Dialog - Display Color bar with colors used for selected color schema. ID: 2218 AuthNt: Support for using MS-CHAP to Authenticate Users. ID: 2221 Dictionary: Support for 64 bit integer and IPv6 address data types. ID: 2223 SMT: Radius TestClient: Statistics Summary Outputted when test is Aborted ID: 2232 USS: Add support for running USS as plug-in inside of PolicyFlow ID: 2234 SMT: Better Validation when Entering Methods in PolicyFlow Editor. ID: 2235 Optimize: Various local optimizations to speed up NavisRadius performance. ID: 2236 RadiusClient: Output reply packet to a file. ID: 2242 SMT: Allow non-dictionary attributes to be added to Attribute Pick Lists ID: 2249 Maps: Support First and Last Attribute Modifiers on Delete command. ID: 2254 SMT: Allow Comments in USS Counters to be viewed and edited ID: 2257 Core: User-Password can be used as Alias where Password can be used ID: 2266 SMT: log to smt.log when SMT is in local mode. ID: 2283 Add Support Cisco EAP-LEAP. ID: 2285 SMT: Local errors are logged to smt.log for all connection types. ID: 2294 Admin Interface: "fuse list" Command to view active fuses. ID: 2309 SMT: Allow configuration of fixed width font ID: 2320 PolicyAssistant: support for Prefix and Suffix entries in users files using system authentication. ID: 2335 Logging: Cause of discard added to discard messages ID: 2339 Core: Add stats for item processing time min, max, and average. ID: 2341 Core: localhost entry not counted against client count ID: 2341 Core: If authenticating using MS-CHAP return MS-CHAP-MPPE-Keys ID: 2363 StateServer: Support save and load state data. ID: 2365 Cipher: Ability to perform symmetric encryption/decryption of variables. ID: 2366 StateClient: Plug-in for use talking to new StateServer plug-in ID: 2367 Allow clients and client_properties files to be reloaded at run time. Allow Attribute Value Pairs to be specified on a client entry in the clients file. ID: 2370 Admin Interface: support reload of method_select file at run time. ID: 2372 Proxy support for Cisco-AVPair with value of leap:session-key. ID: 2378 PolicyAssistant: independent configuration of proxy of accounting and authentication packets. ID: 2381 PolicyAssistant: Templating is available for all user sources except user files and functions the same for all sources. ID: 2382 PolicyAssistant: All configuration of handling of unknown realms. ID: 2383 PolicyAssistant: If an unknown Config-Token is specified for Proxy realms the default token for the realm will be used. ID: 2384 Allow configuration of global Challenge and Continue timeout properties. ID: 2386 Dictionary: Support for signed-integer and signed-long value types ID: 2390 PolicyAssistant: Include template file with common services. ID: 2400 PolicyAssistant: Support for Windows 2000 Active Directory. ID: 2403 Server Property: Auto_Remove_Check_Items to remove all check items ID: 2406 Classic: Support for server property TZ_In_Accounting_Records Removed ID: 2410 Jdbc: Revised connection management to scheme. ID: 2412 Continue: Plug-in for statefull Access-Accepts ID: 2426 SMT: Disabling of unsupported control properties in GUI ID: 2438 Dhcp: Support for DHCP option 118 to set subnet of pool. ID: 2439 nrcert: Certificate Request Tool ID: 2440 Core: Support for 1_2_3_3 Ascend-NAS-Port-Format NAS-Port Normalization ID: 2451 Dictionary: Add addition Cisco attributes to dictionary ID: 2453 CheckItems: Fail if check item is a wire attribute and not in request. ID: 2459 ConfigServer: Change Default RMI Port to 9097. ID: 2460 RMI Registry: Remove RMI Registry server from NavisRadius and each server will create independent RMI Registry. ID: 2468 Dictionary: Add AccessPoint VSA to dictionary. ID: 2474 Dictionary: Add Alcatel Attributes to dictionary ID: 2477 ReadLdap: Don't reauthenticate if user and password are same. ID: 2489 AuthNt: Add AuthNt-LoadLibrary property -=4.1.3 Release=- None -=4.1.2 Release=- ID: 2304 ReadLdap: new LDAP library to avoid a deadlock issue in the old library. ID: 2308 Core: VSAs received in a non-RFC format that use an unimplemented encoding format are passed as an opaque Vendor-Specific attribute. ID: 2329 Core: Request variable group is now updated with CHAP-Password and CHAP-Challenge attributes on Access-Challenge responses. ID: 2330 Engine: Added ability to modify the type of packet the RADIUS server responds with (non-RFC packet types). ID: 2336 Admin Interface: Added High Water Mark to "engine stats" for thread count. ID: 2352 When authenticating using MS-CHAP MS-CHAP-MPPE-Keys will be returned to the client. ID: 2357 SMT: Ability to encrypt (hash) passwords in User File Editor Panel. ID: 2358 SMT: Display default values on TestClient Panel. ID: 2407 Radius Plug-in: Radius-DictionaryCodec Plug-in Property -=4.1.1 Release=- ID: 2256 Jdbc: Allow Plug-in to use drivers that don't support Auto Commit. ID: 2260 AuthLocal: Support for {SSHA}, {MD5}, and {SMD5} LDAP passwords. -=4.1.0 Release=- ID: 1190 SMT: Ability to set Method-Disabled Method Control Property ID: 1740 Dictionary: Support for UTF8 strings in Radius packet encoding and decoding ID: 1891 WriteFixedFile: Plug-in to write to a file with fixed length fields ID: 1938 RadiusClient: Compute and add Acct-Delay-Time to requests on retransmission ID: 1946 Core: Add ability to set code point of reply packet ID: 2015 SMT: Added ability to create a new users file from the User file Editor ID: 2112 PolicyAssistant: Add AuthSafeWord to PolicyAssistant ID: 2113 ReadLdap: Connection Pooling with multiple socket connections to remote LDAP servers ID: 2115 Dictionary: TAOS attributes updated to release 9.x ID: 2116 RADIUS Server: Admin Interface command to dump duplicate table entries ID: 2118 SMT: File Manager ID: 2122 Admin Interfaces: logging of commands executed ID: 2124 Dictionary: HEX modifier to convert bytes to hex and back ID: 2137 USS/SMT: Add option to List Command to get Keys ID: 2141 USS: add command to display individual fields ID: 2144 Dictionary: Added Nortel Shasta SSG-5000 VSA Support ID: 2152 Install: Accept USS User and Pass as Command Line Parameters ID: 2159 Maps: Added conversion modifiers for hex, ipaddr, int, and date to and from on-the-wire format ID: 2180 SMT: Confirm file delete ID: 2185 Support the proxy of EAP-Message and generation of Message-Authenticator ID: 2186 Hmac plug-in for use with 3GPP2 applications ID: 2187 Method_select: Add support for * value for code keyword ID: 2190 toBase64 and fromBase64 Map Modifiers ID: 2200 Windows: Use javaw to run classes if background mode is specified in order to not create a console window _______________________________________________________________________ Copyright and Trademarks Copyright 2006-2007 Alcatel-Lucent. All rights reserved. Other trademarks, service marks, and trade names mentioned in this publication belongs to their respective owners. Notices Alcatel-Lucent Inc., makes no representations or warranties with respect to the contents or use of this publication, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Alcatel-Lucent reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes.