This repository was archived by the owner on Nov 9, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 95
Release Notes
rbest-bt edited this page Oct 21, 2016
·
29 revisions
Released: September 2016
- 41074 - [EDR-40857] lsass sometimes fails to load the AD provider on multi-NIC systems
- 50398 - [EDR-40702] When using Pam faillock on domain join pam files must be moved in and out to allow the join.
- 64463 - Domainjoin setname Cent 7.1 returns ERROR_BAD_COMMAND
- 65001 - Rebranding to new BT Logo
- 70422 - Fedora 22+ - PBIS can not parse krb5.conf includedir by default
- MAC 10.11
- Users are currently not able to receive group policies from AD
- Inconsistent results with various group policies on Mac 10.11 and 10.10
- Issue after upgrade where the domain information is not retained
- HP-UX
- Uninstalling while using ssh into the machine may prevent the libraries from being removed as they are still in use. This can be corrected by reconnecting, installing then uninstalling.
- HP-UX 11.2i
- Support dropped for 11.2 itanium in 8.1.0. Domainjoins will result in the following error: LW_ERROR_NOT_HANDLED
- RHEL
- Gui based logins not working currently with selinux enforcing
- Gui based login can generate a segfault
- ad-tool
- When using the adtool command in a script to modify settings in Active Directory in a multi-DC Environment, use the --server option to indicate a specific DC on which to make the modifications.
- The name of the DC being used by PBIS for authentication is recommended and can be determined through the use of the get-dc-name command.
- Adtool is unstable on AIX
- IPv6
- NFS mount is not supported in this release for UNIX systems using IPv6. This will be in a future release.
Released: August 2016
- 54545 - Sign ppc64le packages
- 54544 - Sign ppc64 packages
- 47079 - [EDR-40156] Add option to LWSM to persist logging settings
- 46766 - [EDR-40156] Need the ability to permanently set log level on service
- 30198 - [EDR-39747] Support for Mac OSX 10.11
- 29006 - [EDR-39680] Blacklist specific DCs
- 65452 - ad-cache --delete-all should succeed when a zero way trust domain is offline
- 65217 - lwsmd is running under unconfined_exec_t and should be bin_t
- 64974 - CentOS 6.x machines semodule pbis version not correct
- 59474 - [EDR-41016] AIX: Duplicate Files in different packages
- 57751 - Remove error messages from Debian install logs: regshell (error = 87 - ERROR_INVALID_PARAMETER)
- 54930 - Fix exit status when calling domainjoin-cli with invalid options
- 54929 - Allow PBIS Local Provider groups and users to be provisioned with IDs under 1000
- 54876 - [EDR-40778] Installing on RHEL7 PPC64 fails when CPUs are offline
- 54766 - [EDR-40773] SUCCESS message should be included in the logs that domainjoin-cli creates
- 54456 - [EDR-40751] Support for Single Label Domains (SLD) in domainjoin-cli
- 54205 - remove RHEL specific naming from the PPC64 package folders
- 54033 - Update OpenSSL Libraries to latest version
- 53630 - PBIS agent installs should not include administration documentation
- 53613 - Fix the lock file location on AIX
- 53509 - [EDR-40671] Fix file permissions for lwsmd service file - 755
- 52096 - [EDR-40787] Clearing cache takes domain offline in one-way trust scenario
- 51701 - [EDR-40534] Fix for various SELinux error messages for /var/lib/pbis/.lsassd and postfix
- 51416 - Update adtool reset-user-password --password - to correctly accept STDIN input
- 50387 - [EDR-40451] AIX lsuser ALL only shows local users
- 50249 - On 8.3.4 local users on Debian systems could not change their password
- 50089 - [EDR-40388] Use the Default Domain Separator Character when processing Policies like RequireMembershipOf
- 50083 - [EDR-40378] Allow local users to login if lsass is in a hung state
- 48939 - Correction to the pam-auth-update list to refer to Powerbroker Identity Services
- 48055 - Fix the lsa usage description to list modes in alphabetical order
- 48054 - Fix the find-objects help usage to include all available modes
- 46504 - Updated Java SSO support
- 46313 - [EDR-40140] Fix adtool to set the correct attributes to allow domain join to succeed for computer accounts
- 46260 - [EDR-40067] LWSMD Hangs during shutdown
- 46079 - TrustEnumerationWait setting is missing in Platform 7
- 46076 - Ensure invalid values for config parameters (e.g. CacheEntryExpiry) do not crash the AD Provider
- 46004 - [EDR-40078,EDR-40434,EDR-40572] Ensure user-ignore, group-ignore, user-override and group-override are not overwritten when upgrade is performed
- 46003 - [EDR-40182] Fix issue with adtool reset-user-password returning error 700086
- 46076 - Ensure invalid values for config parameters do not crash the AD Provider
- 47681 - systemd: Ignoring invalid environment
- 40778 - [EDR-39902] RHEL7: "logger 2>&-" generates a coredump when pbis is installed
- 30216 - [EDR-39748] Fix excessive syslog messages on RHEL pam stack with unix_chkpwd
- Documentation has been removed from the agent installs.
Released: February 2016
- 47174 - Solaris 11.2 - Automatic Mode fails to persist nsswitch.conf changes
- 45008 - User-Override example is incorrect
- 15272 - whoami: cannot find name for user ID - Failure to establish an SSH session after the job load reaches a certain limit
- 15268 - solaris 11.3 - authentication is not working
- 15238 - Run lwsmd under SELinux as unconfined_t
- 15235 - Local users are unable to login when there is a time skew difference between agent and DC
- 15234 - Local users restricted from logging in when PBIS license has expired
- 15196 - PBIS SElinux policy refers to obsolete alias clamav
- 15179 - Solaris 11 - lwsmd fails to start initially
- 15129 - Solaris - Change krb5.keytab file location from /etc to /etc/krb5
- 15111 - Suse, SLED, SLES: Resumable error upon domain join
- 15104 - Debian - Password prompt doesn't work
- 15061 - Solaris - LW_ERROR_NOT_HANDLED on NEW Zones created after PBIS install
- 15046 - machine password fails to update against RODC
- 14952 - Solaris 10 with zones in multitenancy - Enterprise upgrade can leave system in unusable state
- 14931 - Domainjoin when NETBIOS domain name is lowercase results in "The OU format is invalid"
- 12029 - Solaris 10 - Failed to upgrade the builds in the child zones
- New Distro Support
- RHEL PPC64 6+
- RHEL PPC64LE 7
- New builds for Mac dmg. Allows for better support of newer OSX releases (10.9+)
- Freebsd - installer has been dropped due to lack of demand. Can still be built from open source
- Fedora - Selinux support dropped
- SElinux - In order to improve the flexibility and reliability of the Group Policy feature, PBIS has been modified to run under the unconfined_t domain
Released: Enterprise only
Released: August 2015
- 15176 - Credentials cache keyring 'persistent:xxxxxxxxx:xxxxx' not found - default_ccache_name
- 15174 - systemd based systems create kerberos tickets in PrivateTmp location
- 14964 - nscd cores/crashes on Solaris 10u10
- lwsmd.service now gets copied to systemdsystemunitdir on systems running systemd
- Better support for distros using systemd
Released: June 2015
- Samba support for 4.0 - 4.2
Released: June 2015
- 15147 - AIX heap memory fragmentation
- 15125 - Unable to install on Fedora 21-64
- 15110 - Fedora 21: Resumeable error upon domain join
- 15102 - Fedora 21: Error in querying lwsmd when doing domain join on Fedora with SELinux enabled
- 15090 - ad-cache shouldn't run without verification from end-user when a domain with objects in the cache is offline
- 15047 - LSASS high CPU usage with no cause
- 15033 - PBIS fails renewing expired krb5 ticket, can't come online, appears hung
- 14999 - broken symlinks in /etc/pam.d cause domainjoin-cli to fail with ERROR_FILE_NOT_FOUND
- 14998 - domainjoin-cli --enable PAM incorrectly reports success after attempted configuration.
- 14997 - Domain join process fails when encountering pam_sss.so
- 14652 - Memory Leak (lwio connect2)
- 14651 - Memory Leak (LSASS)
- 14649 - Memory Leak (Packet Allocation)
- 14648 - Memory Leak (Data marshal leak)
- 14645 - SIGABRTs and SIGSEGVs when copying remote files in parallel
- 14644 - Occasional lwio crash when chasing referrals
- 14454 - LWSMD hangs when restarting LSASS with a tap-log connected
- Account Override
- AD cache code update
- Autoenrollment can now just enroll certificates
- wifi GPO is stilll needed but set to disabled
- Autoenrollment and Wifi support
- RHEL 6.6
- RHEL 7.0
- Centos 6.6
- Centos 7.0
- Openssl updated to 1.0.2a
- semodule check on uninstall
- SaslMaxBufSize can be changed with the config tool
Released: Mar 2015
- 15100- Password Prompt: Other accounts are reported as local
- 15089- If lwsmd daemon is stopped, localuser can login with incorrect password or no password
Released: Nov 2014
- 15050- users in ignore-user file not ignored by lsass
- 15048- Mac OSX 10.10 support
- 14989- Solaris 11.2 support
Released: Sep 2014
- 15025- Build installation is not successfull when SElinux is enabled in Fedora 20
- 15023- RHEL4 lsass sigfaults on ad authenication
- 14948- RHEL4 install/gpagent is broken due to SELinux change in 7.1.2
- 14922- RPM Installer doesn't install lwsmd into service startup
- 14921- Fedora 18+ / RHEL 7 plus use new hostname function "hostnamectl"
- 14920- selinux not supported in latest Fedora or RHEL versions
- 11434- ubuntu PAM configuration blocks later session modules
- autoenroll daemon - configurable with the config tool
- automatically enrolls certificate from windows CA
- automatically configures wireless for wpa2 enterprise tls authenication
Released: Jun 2014
- 14561- Mac OS - Domainjoin hangs at "Resumable error" preventing pbis functionality
- OpenSSL libraries updated
- RPM and Debian installers now have signed packages
Released: May 2014
- 14958- If lsass is stopped or dead, root can't log in
- 14957- OpenSSL Heartbleed vulnerability
- 14907- Installer fails when selinux-policy-targeted RPM is not installed
Released: Jan 2014
- 14901- Solaris - After upgrade from platform-6.1/Platform-7.1/Platform-7.5 lwsm list throws error
- 14477- Authentication is failing in Solaris-11.1 machines
- 14903- macuninstall.sh can break a system accidentally
-
MAC 10.9 Support
-
PBIS Enterprise 8.0 is not dependent on setfile.
-
Customizable password prompts
-
Three prompts can be configured via the configuration tool
-
ActiveDirectoryPasswordPrompt
-
LocalPasswordPrompt
-
OtherPasswordPrompt
-
Solaris 11.1 Support for SPARC and x86 platforms
Released: Nov 2013
- 14472 - LW_ERROR_KRB5KRB_AP_ERR_ILL_CR_TKT when authenticating users across Forest Trust
- 14572 - After upgrade from 6.1 authentication is not working.
- 14896 - upgrade from 6.0.277 > Trunk fails to preserve domain join state
- 14857 - MacOS: Domain joined information is not retained on 7.5 upgrades
- 14666 - Memory leak observed during the execution of domainjoin-cli command
Released: Sep 2013
- 14866 - No PAC recieved error logging in
Released: Jul 2013
- 14500 - extended attributes are not copied during profile copy on login
Released: Jun 2013
- 14320 - Authentication failing after upgrade from 6.0
- 14710 - Domain join fails in 32bit Mac10.6 machine
- 14695 - In Solaris8 machine, lwsmd core is dumped while installing the platform
- 14693 - Domainjoin fails with an error "LW_ERROR_LDAP_NO_SUCH_ATTRIBUTE"
- 14679 - Authentication is failing with Platform
- 14782 - Update-dns tool is not validated for link local addresses
- 14522 - Observing "Pam" related warning while doing domain join in fedora 18/Opensuse12.3 machines
- Enhanced IPv6 Support
- PBIS Command: First version of offering a single command to access all tools offered by PowerBroker Identity Services. The "/opt/pbis/bin/get-status" command can be accessed by simply entering "pbis status"
- Operating Mode Name Changes
- "Schema Mode" has been replaced with "Directory Integrated Mode"
Released: Aug 2013
- 7072 - LWIS - Need option to NOT sync system clock
- 14718 - nss2 support on Solaris 10
- 14661 - Installer has no "upgrade from 7.0" routines
- 14847 - "purge" uninstall doesn't actually purge
- 14678 - Authentication after upgrade from 7.0/7.1(old) to 7.1 is not happening as expected
- 14673 - Re-Installation of the pbis fails
- 14607 - Debian upgrade doesn't recognize /var/lib/likewise-open and /etc/likewise-open as valid upgrade locations
- 14457 - Upgrade from 5.3 to 7.0 is broken
- 14036 - Remove local provider from default settings
- 14736 - conf2reg crashes badly if lsassd.conf is misformed
- 14463 - 7.0 installer doesn't uninstall Likewise 6.0 build 239
- 13599 - Legacy installation does not include "lwsm" command in /opt/likewise/bin
- 14800 - domainjoin-cli overwrites the Description field in AD
Released: May 2013
- 14363 - dcerpc daemon is in running state after installation of 6.5#780 and domain join.
- 14195 - Installation fails with an error postinstall or postremove scripts failed.
- 14600 - Linux (RPM/DEB) installers do not set "conflicts" or "requires" lines properly
- 14659 - Installation fails with dependency errors.
- 14663 - Re-installation is failing after uninstallation followed by purge of the build.
- 13469 - lsass missed Domain Local group membership for cross-forest users
- 14333 - lwsmd crash when server is slow to respond
Released: Mar 2013
- 14370 - PBIS "failover" to alternate DC is slow
- 14331 - cron stops working on AIX
- 14488 - Solaris - adding a "+" to /etc/pbis/group-ignore or /etc/pbis/user-ignore causes a segfault in "id"
- 14405 - adding a "+" to /etc/pbis/group-ignore causes a segfault in "id"
- SELinux Policy
- This version will support SELinux in Fedora 13 - 17 and RedHat 6
- Continued support in future releases
© 2019 Powerbroker Open Project. All Rights Reserved.