SafeNet Agent for FreeRADIUS
Version Number: 3.3.2
Customer Release Notes (CRN) - This document describes capabilities, resolved issues, limitations, and known issues for different product releases.
Product Description
FreeRADIUS is a customizable, open-source RADIUS server that receives authentication data using the RADIUS protocol (a protocol running over IP/UDP or IP/TCP). The SafeNet Agent for FreeRADIUS is a highly secure, enterprise authentication agent that enables RADIUS clients to communicate with the SafeNet server using the RADIUS protocol.
Release Description
Release Summary – SafeNet Agent for FreeRADIUS 3.3.2
Python Upgrade
Since Python 2 has reached its official end-of-life, the FreeRADIUS agent component code has now been migrated to Python 3.
Security Improvement
This release introduces some security improvements for the most secure version of SafeNet Agent for FreeRADIUS.
Release Summary – SafeNet Agent for FreeRADIUS 3.3.1
The SafeNet Agent for FreeRADIUS v3.3.1 introduces the following feature and resolves a customer-reported issue.
LDAP Secure
The SafeNet Agent for FreeRADIUS v3.3.1 release provides support for LDAP Secure (LDAPS) connection to the LDAP server.
This enables the agent to connect to the LDAP server for user authentication over a secure channel, ensuring that the communication between FreeRADIUS and the LDAP server is encrypted and safe.
Thalesdocs
The SafeNet Agent for FreeRADIUS documentation is now online at https://thalesdocs.com/sta/agents/freeradius/index.html. In future versions, the documentation will only be available on Thalesdocs. PDFs will no longer be a part of the subsequent releases.
Resolved Issues
| Issue | Synopsis |
|---|---|
| SAS-68180 | The FreeRADIUS mount issue is now resolved and documented. |
Release Summary – SafeNet Agent for FreeRADIUS 3.3.0
The SafeNet Agent for FreeRADIUS v3.3.0 introduces Podman support and resolves a customer-reported issue.
Podman
The SafeNet Agent for FreeRADIUS v3.3.0 now supports the agent deployment on the Podman platforms. It enables users to take advantage of its security, flexibility, and performance, along with the existing Docker compatibility.
For more details, refer to the SafeNet FreeRADIUS Agent Install Config Guide here.
Added Operating System
The agent is now compatible with Red Hat Enterprise Linux 9.4, CentOS 9, and Ubuntu 22.04. For supported platforms, click here.
Resolved Issues
| Issue | Synopsis |
|---|---|
| SAS-47272 | FreeRADIUS agent deployment script FreeRADIUSv3.sh does not accept spaces in AD attributes. This issue is now resolved. |
Release Summary – SafeNet Agent for FreeRADIUS 3.2.1
The SafeNet Agent for FreeRADIUS v3.2.1 includes new features listed below:
Added user agent header to comply with GWAF security rules
The reversed proxy GWAF requires HTTP requests to include the User-Agent header in compliance with RFC 7231, Section 5.5.3. Necessary changes have been made in accordance with this requirement.
Added stats to RADIUS requests
RADIUS servers are deployed to capture details regarding incoming traffic. This includes information on the amount of processed traffic, the number of dropped packets, as well as the counts for duplicate and conflicting packets sent.
Release Summary – SafeNet Agent for FreeRADIUS 3.2.0
The SafeNet Agent for FreeRADIUS v3.2.0 includes new features and resolves a customer-reported issue.
FreeRADIUS Agent support for on-prem password validation.
Support for on-prem password validation using concatenated LDAP+OTP as a single field Password for the Authentication. This has been added to enhance security during authentication. Please refer SafeNet FreeRADIUS Agent Install Config Guide here, for prerequisites and other details.
Support for Silent response in case if SafeNet Server is not reachable.
Support for a silent response when SafeNet server is not reachable, this will help customers to switch to failover/secondary SafeNet servers. Instead of authentication failure, it will show the “No response from the server ”. Please refer SafeNet FreeRADIUS Agent Install Config Guide here, for prerequisites and other details.
Resolved Issues
| Issue | Synopsis |
|---|---|
| SAS-41855 | UTF8 encoding is now supported with MS-CHAPv2. |
Release Summary – SafeNet Agent for FreeRADIUS 3.1.1
The SafeNet Agent for FreeRADIUS v3.1.1 resolves some customer-reported issues.
Resolved Issues
| Issue | Synopsis |
|---|---|
| SAS-37881 | The special characters with UTF encoding are now supported in the AD password. |
| SAS-36432 | The FreeRADIUS Agent installer now does not display the private key to its users in the system. |
Release Summary – SafeNet Agent for FreeRADIUS 3.1
The SafeNet Agent for FreeRADIUS v3.1 includes a new feature and resolves a known issue.
Support for Protected Extensible Authentication Protocol
Support for Protected Extensible Authentication Protocol (PEAP) is now added for enhanced security during the authentication.
Release Summary – SafeNet Agent for FreeRADIUS 3.0
The SafeNet Agent for FreeRADIUS 3.0 is a new agent that allows to authenticate against the FreeRADIUS server version 3.0. The new agent is different in technology (it is deployed inside a docker container), and the outcome is far more robust and secure than the previous agent.
Earlier, the agent had three separate components; FreeRADIUS Agent, FreeRADIUS Updater and FreeRADIUS Server. All three components needed to be installed and configured for the agent solution to work.
The new SafeNet Authentication Service Agent for FreeRADIUS 3.0 is deployed using a simple shell script. The script, based on parameter inputs from the end user, helps in quick, hassle-free agent installation and upgrades.
Known Issues
The following table provides a list of known issues as of the latest release.
| Issue | Synopsis |
|---|---|
| SAS-72938 | Summary: While authenticating with the agent, extra error logs displays in the Message-Authenticator string of NTRadPing Test Utility. Workaround: None, it will be fixed in a future release. |
| SAS-46280 | Summary: Few special characters (for example, ü, €) are not supported with UTF encoding. Workaround: None, it will be fixed in a future release. |
Compatibility
The information in this document applies to:
SafeNet Servers
-
SafeNet Authentication Service PCE/SPE 3.13 and later (SAS)
-
SafeNet Trusted Access (STA)
Supported Platforms
Docker
-
Red Hat Enterprise Linux 8.3
-
Red Hat Enterprise Linux 9.4
-
CentOS 9
-
Ubuntu 22.04
Podman
-
Red Hat Enterprise Linux 8.3
-
Red Hat Enterprise Linux 9.4
Supported FreeRADIUS Versions
- FreeRADIUS server version 3.x and above
