Skip to content

v10.1.0

Choose a tag to compare

View all tags
@cgx cgx released this 17 Jun 19:38
· 12090 commits to devel since this release
v10.1.0
034ea42

New Features

  • Live log viewer from admin interface
  • Fully tenant-aware admin interface
  • Support for MS-CHAP authentication for CLI/VPN access
  • New pfcertmanager service that generates certificate files from configuration

Enhancements

  • EAP configuration template - add a way to define multiples EAP profiles in FreeRADIUS
  • New action for AD/LDAP sources to set role when user is not found
  • Provide an advanced LDAP condition to allow custom LDAP queries
  • The captive portal can now feed HTTP client hints to the Fingerbank collector
  • Added ability to enable/disable a network anomaly detection policy (#5403)
  • Return the portal IP if the QNAME matches one of the portal FQDN for registered devices using inline enforcement
  • Individual source rules can be disabled
  • Support for Dell N1500 starting from 6.6.0.10
  • CoA support for Ubiquiti Unifi AP
  • Added a way to define the Unifi AP by IP or IP range
  • Use the value of an LDAP attribute as a role
  • Added the return of the LDAP/RADIUS attributes to use them in RADIUS filter
  • The /api/v1/radius_attributes endpoint is now searchable
  • Proxy the captive portal detection URL when the device is registered
  • Choose which EAP profile to use based on the realm
  • LDAP's basedn can be defined in the authentication sources rules
  • New hooks for the RADIUS filter engine in eduroam virtual server
  • Redefined "restart" in the service manager to allow "PartOf" in systemd scripts
  • Set role from source authentication rule option (needs #5459)
  • Flatten the RADIUS request for the authentication sources (attributes like radius_request.User-Name)
  • RADIUS request attributes / username are part of the common attributes
  • Support of multiples LDAP servers in FreeRADIUS ldap_packetfence configuration file
  • Copy outer User-Name attribute in PacketFence-Outer-User attribute to be able to use it in the authentication rules
  • Copy the LDAP-UserDN attribute in PacketFence-UserDN attribute to be able to use it in the authentication rules
  • Added a way to extend the LDAP filter for searchattributes configuration
  • Documentation for EAP profile selection
  • Documentation for regex realm
  • Documentation for new action/condition in LDAP authentication
  • Moved the VLAN filters example as default disabled VLAN filter
  • Use PUT for node reevaluate_access to fix issue with admin_role actions mapping
  • OpenID pid mapping is now configurable
  • Can map OpenID attributes to a person attributes
  • Allow to create authentication rules based on OpenID attributes

Bug Fixes

  • Fixes Fortinet Fortigate returnAuthorizeVPN function (#5409)
  • Barracuda NG firewall SSO SSH fails (#4828)
  • Impossible to set multiple access level in administration rule (#5440)
  • Fixed pf-maint.pl when its running behind a proxy (#3425 )
  • Fix vendor attributes not being sent from Switch Template (#5453)
  • Fixed issue authorizing a user in web-auth on Unifi when the node has its date set to '0000-00-00 00:00:00'
Assets 2
Loading