This repository has been archived by the owner on Nov 9, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 95
Release Notes
rbest-bt edited this page Sep 25, 2019
·
29 revisions
Copyright (C) 2019 by BeyondTrust Software, Inc. All Rights Reserved.
Thank you for selecting BeyondTrust AD Bridge. This file contains important information regarding the current version of this product including new features and changes. Further details can be found in the AD Bridge Services manuals.
This document is current as of the date of publication. The most current version is available from https://github.com/BeyondTrust/pbis-open/wiki/Release-Notes
BeyondTrust welcomes your comments and suggestions. Please use the information provided at the end of this file to contact us.
- Releases
- Features
- Bug Fixes
- Notices
Released: Sept 2019
Platform support
- 194302 - Support MacOS 10.15 (Catalina)
- 193653 - Solaris 11.4: ssh authentication is not working
- 190164 - Solaris 11.4: provide a 64-bit version of pam_lsass.so
- 190163 - Solaris 11.4: provide a 64-bit version of nss_lsass.so
- 189972 - Solaris 11.4: Unknown Pam Module when doing a domainjoin
- 189659 - Solaris 11.4: [CS0756997] Wrap svccfg in extra double quotes
- 168215 - SLES 15 can not start lwsmd after install
ADTool
- 191225 - Adtool not handling Unicode characters - returns binary data in search/lookups
Integration
- 193595 - Segfault on domain join with Password Safe configfile
- 121113 - [CS0794627][EDR-45401] Upgrade the WinBind interface - fix `WBCLIENT_0.13' not found
- Addresses issues with the latest version of winbind 4.6.2+ when integrating with Samba
Status
- 190203 - Domain GUID is not displayed correctly in get-status
Released: July 2019
Platform support
- 181342 - SElinux policy for RHEL 8
- Allows for installs with SElinux enforcing. Still need to install libnsl first to have a smooth experience.
Support pack
- 188402 - Support pack: Improve autoenroll logging
Authentication
- 186922 - [CS0441719] After going offline, requiremembership with cache expiration of not respected
- This will prevent authentication and can prevent requiremembership validating even if machine goes back online.
Support pack
- 185282 - Support pack: Not running on 9.0+
Released: May 2019
-
177697 - [EDR-50472] SElinux: Patch for rhel 7.6 Nova-api
- Fixes issues with the latest version of openstack and SElinux
-
172407 - Remotehomedir: Add info on how to test mount
Authenication
-
143014 - [EDR-44550] Use cache for AD user login when domain is offline
- In some scenarios lsass will fail to use the available cache when the system is offline
-
96588 - [EDR-43449] No group membership is returned when a domain is offline
- Added behavior to ignore the offline domain and proceed to enumerate the other online domains.
- Product Rename to AD Bridge Open
Released: December 2018
DOMAINJOIN
- 166129 - [EDR-49175] Unable to join Zlinux servers to a domain
SERVICES
- 165997 - [EDR-48890] Release global container lock before dispatching tasks
- Resolves lwsmd hangs under a number of rare scenarios
- 161238 - [EDR-48600] netlogon segmentation fault on certain SLES configurations
- 163764 - Dropped HPUX PA-RISC installers
- Discontinuing PA-RISC as a supported platform for current and future releases due to limited hardware availability
Released: October 2018
- 157347 - Reduce log level for NERR_SetupNotJoined message
- 157346 - adtool man page
- 162008 - OSX 10.14: Domainjoin not working
- 159453 - Domainjoin-cli --assumeDefaultDomain yes no longer works
- 159161 - lwsm double free
- 158572 - regshell !!text history command incorrectly builds command
- 157292 - Domainjoin: Better error when moving the computer account and OU doesn't exist
- 67459 - FED24+: Install error on system with ncurses6
- 113326 - libedit replaced with linenoise
- regshell history format has changed, previous history format included a history format version entry, e.g. HiStOrY_V2, and suffixed each entry with \012. While these can be read by the current regshell, they can't be replayed. It is recommended users delete their existing .regshell_history file.
Released: August 2018
- 151345 - ADTool: keytabs file creation succeeds even if SPN fails
- 149676 - ADTool: New spn option for new-user and reset-user-password
- 149674 - Hide User if they do not have permissions to the computer
- 146328 - Solaris 10: rsh/rlogin support
- 151748 - ADTool: new-computer --password stdin not working
- 149880 - Adtool: new-user keytab fails to create when upn/samAccount mismatch
- 144687 - RPM: Remove sh-utils dependency
- 140897 - Adtool: Core dump via any command without options
- 139976 - [EDR-47017] segfault on domainjoin-cli configure --enable ssh
- 132102 - [EDR-45699] Cron Jobs created as AD Users run as root
- 153853 - Solaris 8 installs no longer supported
- 132660 - Legacy packages are no longer supported or provided
- 133032 - Versions of AIX before 6.1 are no longer supported
- 126503 - Deprecated Domainjoin-gui
Released: March 2018
- 125622 - Upgrade to OpenSSL 1.0.2n
- 118578 - Debug logging capability added for bootstrap service
- 116659 - [EDR-45310] Support for macOS 10.13 High Sierra
- 116655 - Installer: Path to EULA displayed
- 116600 - Domainjoin: add history support to prompts
- 92912 - [EDR-43173] offline-join.pl script added to agent installer
- 70651 - [EDR-41687] Extend usage of user-ignore and group-ignore to support IDs
- 64301 - Improved README on the Agent installers
- 133693 - [GH-103] SLES: ERROR_BAD_COMMAND when joining with dhcp
- 129466 - [EDR-46150] Adtool: Constraint Violation When Using Non-Unique Default Home Directory
- 125225 - [EDR-45791] HPUX: Incorrect PAM Configuration can prevent root access
- 94195 - [EDR-43408] Empty lsass-adcache.filedb causes lsass startup issues
- 75694 - [BZ12896] Improve performance for pre-staged domainjoins
Released: December 2017
- 124445 - [EDR-45699] Disable Cron Jobs Created as AD Users on AIX
- 121417 - Update OpenSSL Library 1.0.2m
- 115994 - [EDR-44961] Password change does not check the user-ignore
- 94195 - [EDR-43408] Empty lsass-adcache.filedb causes lsass startup issues
Released: October 2017
- 120257 - domainjoin-gui is not being built
- 117866 - [EDR-44928-44848] Unable to connect to samba share with hostname
- 117374 - Solaris: pbis fails when the FIFOFS inode exceeds UINT_MAX. Switch to use Fstat64 if available
Released: October 2017
- 110163 - Enable ldap debugging messages for LSASS
- Set level to TRACE
- 107332 - Consolidate all 3rd Party License files into a data folder
- 101019 - ADTool: new-computer - new --spn option
- 100070 - Config tool: New ServicePrincipalName (SPN) option
- 92911 - [EDR-42774] Allow syslog facility to be configured
- 91702 - Domainjoin-cli prompts for missing parameters
- 91701 - Simplified pbis install
- 106865 - [EDR-43991] enum-members along with --user option is returning the user objects multiple times
- 104880 - [EDR-43991] Expired cache causes duplicate members to be listed
- 95452 - [EDR-43370-43645] connection resets when adding users via adtool en masse
- 85698 - OpenSSL library update - 1.0.2l
- 77390 - Connection refused during startup causes PBIS join status Unknown
- 53278 - [EDR-40667] Adjust lwsmd shutdown sequence to occur after sshd
Released: June 2017
- 98512 - update-dns: added option to specify dnsserver
- 87581 - [EDR-42787] Add support for Suse 11 PPC
- 75481 - Add a switch to adtool to output a keytab file for computer accounts
- 54837 - Add a switch to adtool to output a keytab file for user accounts
- 45519 - Apache 2.4 Support
- 100591 - OpenSuse 13.2: Domainjoin resumable host name error
- 91964 - [EDR-42899] AIX EventLog Getting error: lsass: [eventlog] Failed to write records. Error code [5]
- 91918 - 32 bit rpm upgrade package are not signed - fails to install
- 88932 - [EDR-42814] Install should continue with warning after SELinux issues when not running enforcing
- 88248 - [EDR-42809] lwsmd daemon performance improvements on AIX with large numbers of users
- 80555 - adtool move-object missing new-line from stdout message
- 76688 - Endless loop in LWIO list handling
- 74998 - gpagentd starts up eventfwd but doesn't set it to autostart
- 71764 - [EDR-41766] DB2 crashing with PBIS
- 65617 - [EDR-41313] /opt/pbis/bin/config throws an error if the configuration is done prior to the domain join
- 60433 - joining a different domain without leave can breaks future upgrades
- 54811 - Computer name 15 character limit should not be applied on all attributes
Released: March 2017
- 71766 - [EDR-41773] support for RHEL on IBM System z (z/linux s390)
- 85373 - Solaris: EULA doesn't appear when running the .sh file without install as a parameter
- 84274 - fix group membership lookup for ldap queries in PBIS Open
- 82902 - [EDR-42510] can not change root passwd with PBIS 8.5 installed on Solaris 10
- 81441 - [EDR-42389] Password reset not workong on Solaris 11
- 77365 - Update OpenSSL to 1.0.2j
- 77146 - Adtool core dumps with Solaris 10
- 59472 - [EDR-41023] wrong value for $LOGNAME
- 59471 - [EDR-41022] Problems with AIX LPM crashing lwsmd
Released: December 2016
- 72602 - Mac OSX 10.12 Sierra Support
- 66917 - ADTool add option to set/un-set any attribute on an entity
- 77505 - [EDR-42142] Issues migrating PBIS agent to RODC site - netlogon plugin
- 72263 - ADTool does not handle commas in user arguments
- 71797 - UserMonitorCheckInterval range is incorrectly mentioned in config tool
- 71767 - Update OpenSSL Libraries to 1.0.2i
- 71762 - [EDR-41732] Creating users with adtool does not set "require password at next login"
- 70096 - Add support for Samba 4.x
- 74987 - gpagentd does not tell user monitor when refresh interval changes
- 68080 - [EDR-40067] - Group policy agent hangs during upgrade
- 65836 - Mac: Upgrade from 8.3.4 to 8.5 doesn't retain the domain join state
- 52726 - adtool search-user also returns computer accounts
- 40410 - [EDR-39888] Usermonitor exits on all issues
Released: September 2016
- 41074 - [EDR-40857] lsass sometimes fails to load the AD provider on multi-NIC systems
- 50398 - [EDR-40702] When using Pam faillock on domain join pam files must be moved in and out to allow the join.
- 64463 - Domainjoin setname Cent 7.1 returns ERROR_BAD_COMMAND
- 65001 - Rebranding to new BT Logo
- 70422 - Fedora 22+ - PBIS can not parse krb5.conf includedir by default
Released: August 2016
- 54545 - Sign ppc64le packages
- 54544 - Sign ppc64 packages
- 47079 - [EDR-40156] Add option to LWSM to persist logging settings
- 46766 - [EDR-40156] Need the ability to permanently set log level on service
- 30198 - [EDR-39747] Support for Mac OSX 10.11
- 29006 - [EDR-39680] Blacklist specific DCs
- 65452 - ad-cache --delete-all should succeed when a zero way trust domain is offline
- 65217 - lwsmd is running under unconfined_exec_t and should be bin_t
- 64974 - CentOS 6.x machines semodule pbis version not correct
- 59474 - [EDR-41016] AIX: Duplicate Files in different packages
- 57751 - Remove error messages from Debian install logs: regshell (error = 87 - ERROR_INVALID_PARAMETER)
- 54930 - Fix exit status when calling domainjoin-cli with invalid options
- 54929 - Allow PBIS Local Provider groups and users to be provisioned with IDs under 1000
- 54876 - [EDR-40778] Installing on RHEL7 PPC64 fails when CPUs are offline
- 54766 - [EDR-40773] SUCCESS message should be included in the logs that domainjoin-cli creates
- 54456 - [EDR-40751] Support for Single Label Domains (SLD) in domainjoin-cli
- 54205 - remove RHEL specific naming from the PPC64 package folders
- 54033 - Update OpenSSL Libraries to latest version
- 53630 - PBIS agent installs should not include administration documentation
- 53613 - Fix the lock file location on AIX
- 53509 - [EDR-40671] Fix file permissions for lwsmd service file - 755
- 52096 - [EDR-40787] Clearing cache takes domain offline in one-way trust scenario
- 51701 - [EDR-40534] Fix for various SELinux error messages for /var/lib/pbis/.lsassd and postfix
- 51416 - Update adtool reset-user-password --password - to correctly accept STDIN input
- 50387 - [EDR-40451] AIX lsuser ALL only shows local users
- 50249 - On 8.3.4 local users on Debian systems could not change their password
- 50089 - [EDR-40388] Use the Default Domain Separator Character when processing Policies like RequireMembershipOf
- 50083 - [EDR-40378] Allow local users to login if lsass is in a hung state
- 48939 - Correction to the pam-auth-update list to refer to Powerbroker Identity Services
- 48055 - Fix the lsa usage description to list modes in alphabetical order
- 48054 - Fix the find-objects help usage to include all available modes
- 46504 - Updated Java SSO support
- 46313 - [EDR-40140] Fix adtool to set the correct attributes to allow domain join to succeed for computer accounts
- 46260 - [EDR-40067] LWSMD Hangs during shutdown
- 46079 - TrustEnumerationWait setting is missing in Platform 7
- 46076 - Ensure invalid values for config parameters (e.g. CacheEntryExpiry) do not crash the AD Provider
- 46004 - [EDR-40078,EDR-40434,EDR-40572] Ensure user-ignore, group-ignore, user-override and group-override are not overwritten when upgrade is performed
- 46003 - [EDR-40182] Fix issue with adtool reset-user-password returning error 700086
- 46076 - Ensure invalid values for config parameters do not crash the AD Provider
- 47681 - systemd: Ignoring invalid environment
- 40778 - [EDR-39902] RHEL7: "logger 2>&-" generates a coredump when pbis is installed
- 30216 - [EDR-39748] Fix excessive syslog messages on RHEL pam stack with unix_chkpwd
- Documentation has been removed from the agent installs.
Released: February 2016
- New Distro Support
- RHEL PPC64 6+
- RHEL PPC64LE 7
- New builds for Mac dmg. Allows for better support of newer OSX releases (10.9+)
- 47174 - Solaris 11.2 - Automatic Mode fails to persist nsswitch.conf changes
- 45008 - User-Override example is incorrect
- 15272 - whoami: cannot find name for user ID - Failure to establish an SSH session after the job load reaches a certain limit
- 15268 - solaris 11.3 - authentication is not working
- 15238 - Run lwsmd under SELinux as unconfined_t
- 15235 - Local users are unable to login when there is a time skew difference between agent and DC
- 15234 - Local users restricted from logging in when PBIS license has expired
- 15196 - PBIS SElinux policy refers to obsolete alias clamav
- 15179 - Solaris 11 - lwsmd fails to start initially
- 15129 - Solaris - Change krb5.keytab file location from /etc to /etc/krb5
- 15111 - Suse, SLED, SLES: Resumable error upon domain join
- 15104 - Debian - Password prompt doesn't work
- 15061 - Solaris - LW_ERROR_NOT_HANDLED on NEW Zones created after PBIS install
- 15046 - machine password fails to update against RODC
- 14952 - Solaris 10 with zones in multitenancy - Enterprise upgrade can leave system in unusable state
- 14931 - Domainjoin when NETBIOS domain name is lowercase results in "The OU format is invalid"
- 12029 - Solaris 10 - Failed to upgrade the builds in the child zones
- Freebsd - installer has been dropped due to lack of demand. Can still be built from open source
- Fedora - Selinux support dropped
- SElinux - In order to improve the flexibility and reliability of the Group Policy feature, PBIS has been modified to run under the unconfined_t domain
Released: Enterprise only
Released: August 2015
- lwsmd.service now gets copied to systemdsystemunitdir on systems running systemd
- Better support for distros using systemd
- 15176 - Credentials cache keyring 'persistent:xxxxxxxxx:xxxxx' not found - default_ccache_name
- 15174 - systemd based systems create kerberos tickets in PrivateTmp location
- 14964 - nscd cores/crashes on Solaris 10u10
Released: June 2015
- Samba support for 4.0 - 4.2
Released: June 2015
- Account Override
- AD cache code update
- Autoenrollment can now just enroll certificates
- wifi GPO is stilll needed but set to disabled
- Autoenrollment and Wifi support
- RHEL 6.6
- RHEL 7.0
- Centos 6.6
- Centos 7.0
- Openssl updated to 1.0.2a
- semodule check on uninstall
- SaslMaxBufSize can be changed with the config tool
- 15147 - AIX heap memory fragmentation
- 15125 - Unable to install on Fedora 21-64
- 15110 - Fedora 21: Resumeable error upon domain join
- 15102 - Fedora 21: Error in querying lwsmd when doing domain join on Fedora with SELinux enabled
- 15090 - ad-cache shouldn't run without verification from end-user when a domain with objects in the cache is offline
- 15047 - LSASS high CPU usage with no cause
- 15033 - PBIS fails renewing expired krb5 ticket, can't come online, appears hung
- 14999 - broken symlinks in /etc/pam.d cause domainjoin-cli to fail with ERROR_FILE_NOT_FOUND
- 14998 - domainjoin-cli --enable PAM incorrectly reports success after attempted configuration.
- 14997 - Domain join process fails when encountering pam_sss.so
- 14652 - Memory Leak (lwio connect2)
- 14651 - Memory Leak (LSASS)
- 14649 - Memory Leak (Packet Allocation)
- 14648 - Memory Leak (Data marshal leak)
- 14645 - SIGABRTs and SIGSEGVs when copying remote files in parallel
- 14644 - Occasional lwio crash when chasing referrals
- 14454 - LWSMD hangs when restarting LSASS with a tap-log connected
Released: Mar 2015
- 15100- Password Prompt: Other accounts are reported as local
- 15089- If lwsmd daemon is stopped, localuser can login with incorrect password or no password
Released: Nov 2014
- 15050- users in ignore-user file not ignored by lsass
- 15048- Mac OSX 10.10 support
- 14989- Solaris 11.2 support
Released: Sep 2014
- autoenroll daemon - configurable with the config tool
- automatically enrolls certificate from windows CA
- automatically configures wireless for wpa2 enterprise tls authenication
- 15025- Build installation is not successfull when SElinux is enabled in Fedora 20
- 15023- RHEL4 lsass sigfaults on ad authenication
- 14948- RHEL4 install/gpagent is broken due to SELinux change in 7.1.2
- 14922- RPM Installer doesn't install lwsmd into service startup
- 14921- Fedora 18+ / RHEL 7 plus use new hostname function "hostnamectl"
- 14920- selinux not supported in latest Fedora or RHEL versions
- 11434- ubuntu PAM configuration blocks later session modules
Released: Jun 2014
- OpenSSL libraries updated
- RPM and Debian installers now have signed packages
- 14561- Mac OS - Domainjoin hangs at "Resumable error" preventing pbis functionality
Released: May 2014
- 14958- If lsass is stopped or dead, root can't log in
- 14957- OpenSSL Heartbleed vulnerability
- 14907- Installer fails when selinux-policy-targeted RPM is not installed
Released: Jan 2014
-
MAC 10.9 Support
-
PBIS Enterprise 8.0 is not dependent on setfile.
-
Customizable password prompts
-
Three prompts can be configured via the configuration tool
-
ActiveDirectoryPasswordPrompt
-
LocalPasswordPrompt
-
OtherPasswordPrompt
-
Solaris 11.1 Support for SPARC and x86 platforms
- 14901- Solaris - After upgrade from platform-6.1/Platform-7.1/Platform-7.5 lwsm list throws error
- 14477- Authentication is failing in Solaris-11.1 machines
- 14903- macuninstall.sh can break a system accidentally
Released: Nov 2013
- 14472 - LW_ERROR_KRB5KRB_AP_ERR_ILL_CR_TKT when authenticating users across Forest Trust
- 14572 - After upgrade from 6.1 authentication is not working.
- 14896 - upgrade from 6.0.277 > Trunk fails to preserve domain join state
- 14857 - MacOS: Domain joined information is not retained on 7.5 upgrades
- 14666 - Memory leak observed during the execution of domainjoin-cli command
Released: Sep 2013
- 14866 - No PAC recieved error logging in
Released: Jul 2013
- 14500 - extended attributes are not copied during profile copy on login
Released: Jun 2013
- Enhanced IPv6 Support
- PBIS Command: First version of offering a single command to access all tools offered by PowerBroker Identity Services. The "/opt/pbis/bin/get-status" command can be accessed by simply entering "pbis status"
- Operating Mode Name Changes
- "Schema Mode" has been replaced with "Directory Integrated Mode"
- 14320 - Authentication failing after upgrade from 6.0
- 14710 - Domain join fails in 32bit Mac10.6 machine
- 14695 - In Solaris8 machine, lwsmd core is dumped while installing the platform
- 14693 - Domainjoin fails with an error "LW_ERROR_LDAP_NO_SUCH_ATTRIBUTE"
- 14679 - Authentication is failing with Platform
- 14782 - Update-dns tool is not validated for link local addresses
- 14522 - Observing "Pam" related warning while doing domain join in fedora 18/Opensuse12.3 machines
Released: Aug 2013
- 7072 - LWIS - Need option to NOT sync system clock
- 14718 - nss2 support on Solaris 10
- 14661 - Installer has no "upgrade from 7.0" routines
- 14847 - "purge" uninstall doesn't actually purge
- 14678 - Authentication after upgrade from 7.0/7.1(old) to 7.1 is not happening as expected
- 14673 - Re-Installation of the pbis fails
- 14607 - Debian upgrade doesn't recognize /var/lib/likewise-open and /etc/likewise-open as valid upgrade locations
- 14457 - Upgrade from 5.3 to 7.0 is broken
- 14036 - Remove local provider from default settings
- 14736 - conf2reg crashes badly if lsassd.conf is misformed
- 14463 - 7.0 installer doesn't uninstall Likewise 6.0 build 239
- 13599 - Legacy installation does not include "lwsm" command in /opt/likewise/bin
- 14800 - domainjoin-cli overwrites the Description field in AD
Released: May 2013
- 14363 - dcerpc daemon is in running state after installation of 6.5#780 and domain join.
- 14195 - Installation fails with an error postinstall or postremove scripts failed.
- 14600 - Linux (RPM/DEB) installers do not set "conflicts" or "requires" lines properly
- 14659 - Installation fails with dependency errors.
- 14663 - Re-installation is failing after uninstallation followed by purge of the build.
- 13469 - lsass missed Domain Local group membership for cross-forest users
- 14333 - lwsmd crash when server is slow to respond
Released: Mar 2013
- SELinux Policy
- This version will support SELinux in Fedora 13 - 17 and RedHat 6
- Continued support in future releases
- 14370 - PBIS "failover" to alternate DC is slow
- 14331 - cron stops working on AIX
- 14488 - Solaris - adding a "+" to /etc/pbis/group-ignore or /etc/pbis/user-ignore causes a segfault in "id"
- 14405 - adding a "+" to /etc/pbis/group-ignore causes a segfault in "id"
Github: https://github.com/BeyondTrust/pbis-open/ Company : http://www.beyondtrust.com
© 2019 Powerbroker Open Project. All Rights Reserved.