This repository was archived by the owner on Nov 9, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 95
Release Notes
rbest-bt edited this page Dec 7, 2016
·
29 revisions
Copyright (C) 2016 by BeyondTrust Software, Inc. All Rights Reserved.
Thank you for selecting PowerBroker Identity Services. This file contains important information regarding the current version of this product including new features and changes. Further details can be found in the PowerBroker Identity Services manuals.
This document is current as of the date of publication. The most current version is available from https://github.com/BeyondTrust/pbis-open/wiki/Release-Notes
BeyondTrust welcomes your comments and suggestions. Please use the information provided at the end of this file to contact us.
- Releases
- Bug Fixes
- New Features
- Known Issues
Released: December 2016
- 72263 - ADTool does not handle commas in user arguments
- 71797 - UserMonitorCheckInterval range is incorrectly mentioned in config tool
- 71767 - Update OpenSSL Libraries to 1.0.2i
- 71762 - [EDR-41732] Creating users with adtool does not set "require password at next login"
- 70096 - Add support for Samba 4.x
- 74987 - gpagentd does not tell user monitor when refresh interval changes
- 68080 - [EDR-40067] - Group policy agent hangs during upgrade
- 65836 - Mac: Upgrade from 8.3.4 to 8.5 doesn't retain the domain join state
- 52726 - adtool search-user also returns computer accounts
- 40410 - [EDR-39888] Usermonitor exits on all issues
- 72602 - Mac OSX 10.12 Sierra Support
- 66917 - ADTool add option to set/un-set any attribute on an entity
- MAC 10.11
- Users are currently not able to receive group policies from AD
- Inconsistent results with various group policies on Mac 10.11 and 10.10
- Issue after upgrade where the domain information is not retained
- HP-UX
- Uninstalling while using ssh into the machine may prevent the libraries from being removed as they are still in use. This can be corrected by reconnecting, installing then uninstalling.
- HP-UX 11.2i
- Support dropped for 11.2 itanium in 8.1.0. Domainjoins will result in the following error: LW_ERROR_NOT_HANDLED
- RHEL
- Gui based logins not working currently with selinux enforcing
- Gui based login can generate a segfault
- Ubuntu/Debian
- lwsmd crashes sometimes after a reboot - investigating
- ad-tool
- When using the adtool command in a script to modify settings in Active Directory in a multi-DC Environment, use the --server option to indicate a specific DC on which to make the modifications.
- The name of the DC being used by PBIS for authentication is recommended and can be determined through the use of the get-dc-name command.
- Adtool is unstable on AIX
- config tool
- Problem executing '/opt/pbis/bin/ad-cache --delete-all >/dev/null 2>/dev/null'
- added detection of offline domains before clearing cache which is not handled within config tool
- work around is to run ad-cache manually after all the config options
- IPv6
- NFS mount is not supported in this release for UNIX systems using IPv6. This will be in a future release.
Released: September 2016
- 41074 - [EDR-40857] lsass sometimes fails to load the AD provider on multi-NIC systems
- 50398 - [EDR-40702] When using Pam faillock on domain join pam files must be moved in and out to allow the join.
- 64463 - Domainjoin setname Cent 7.1 returns ERROR_BAD_COMMAND
- 65001 - Rebranding to new BT Logo
- 70422 - Fedora 22+ - PBIS can not parse krb5.conf includedir by default
Released: August 2016
- 54545 - Sign ppc64le packages
- 54544 - Sign ppc64 packages
- 47079 - [EDR-40156] Add option to LWSM to persist logging settings
- 46766 - [EDR-40156] Need the ability to permanently set log level on service
- 30198 - [EDR-39747] Support for Mac OSX 10.11
- 29006 - [EDR-39680] Blacklist specific DCs
- 65452 - ad-cache --delete-all should succeed when a zero way trust domain is offline
- 65217 - lwsmd is running under unconfined_exec_t and should be bin_t
- 64974 - CentOS 6.x machines semodule pbis version not correct
- 59474 - [EDR-41016] AIX: Duplicate Files in different packages
- 57751 - Remove error messages from Debian install logs: regshell (error = 87 - ERROR_INVALID_PARAMETER)
- 54930 - Fix exit status when calling domainjoin-cli with invalid options
- 54929 - Allow PBIS Local Provider groups and users to be provisioned with IDs under 1000
- 54876 - [EDR-40778] Installing on RHEL7 PPC64 fails when CPUs are offline
- 54766 - [EDR-40773] SUCCESS message should be included in the logs that domainjoin-cli creates
- 54456 - [EDR-40751] Support for Single Label Domains (SLD) in domainjoin-cli
- 54205 - remove RHEL specific naming from the PPC64 package folders
- 54033 - Update OpenSSL Libraries to latest version
- 53630 - PBIS agent installs should not include administration documentation
- 53613 - Fix the lock file location on AIX
- 53509 - [EDR-40671] Fix file permissions for lwsmd service file - 755
- 52096 - [EDR-40787] Clearing cache takes domain offline in one-way trust scenario
- 51701 - [EDR-40534] Fix for various SELinux error messages for /var/lib/pbis/.lsassd and postfix
- 51416 - Update adtool reset-user-password --password - to correctly accept STDIN input
- 50387 - [EDR-40451] AIX lsuser ALL only shows local users
- 50249 - On 8.3.4 local users on Debian systems could not change their password
- 50089 - [EDR-40388] Use the Default Domain Separator Character when processing Policies like RequireMembershipOf
- 50083 - [EDR-40378] Allow local users to login if lsass is in a hung state
- 48939 - Correction to the pam-auth-update list to refer to Powerbroker Identity Services
- 48055 - Fix the lsa usage description to list modes in alphabetical order
- 48054 - Fix the find-objects help usage to include all available modes
- 46504 - Updated Java SSO support
- 46313 - [EDR-40140] Fix adtool to set the correct attributes to allow domain join to succeed for computer accounts
- 46260 - [EDR-40067] LWSMD Hangs during shutdown
- 46079 - TrustEnumerationWait setting is missing in Platform 7
- 46076 - Ensure invalid values for config parameters (e.g. CacheEntryExpiry) do not crash the AD Provider
- 46004 - [EDR-40078,EDR-40434,EDR-40572] Ensure user-ignore, group-ignore, user-override and group-override are not overwritten when upgrade is performed
- 46003 - [EDR-40182] Fix issue with adtool reset-user-password returning error 700086
- 46076 - Ensure invalid values for config parameters do not crash the AD Provider
- 47681 - systemd: Ignoring invalid environment
- 40778 - [EDR-39902] RHEL7: "logger 2>&-" generates a coredump when pbis is installed
- 30216 - [EDR-39748] Fix excessive syslog messages on RHEL pam stack with unix_chkpwd
- Documentation has been removed from the agent installs.
Released: February 2016
- 47174 - Solaris 11.2 - Automatic Mode fails to persist nsswitch.conf changes
- 45008 - User-Override example is incorrect
- 15272 - whoami: cannot find name for user ID - Failure to establish an SSH session after the job load reaches a certain limit
- 15268 - solaris 11.3 - authentication is not working
- 15238 - Run lwsmd under SELinux as unconfined_t
- 15235 - Local users are unable to login when there is a time skew difference between agent and DC
- 15234 - Local users restricted from logging in when PBIS license has expired
- 15196 - PBIS SElinux policy refers to obsolete alias clamav
- 15179 - Solaris 11 - lwsmd fails to start initially
- 15129 - Solaris - Change krb5.keytab file location from /etc to /etc/krb5
- 15111 - Suse, SLED, SLES: Resumable error upon domain join
- 15104 - Debian - Password prompt doesn't work
- 15061 - Solaris - LW_ERROR_NOT_HANDLED on NEW Zones created after PBIS install
- 15046 - machine password fails to update against RODC
- 14952 - Solaris 10 with zones in multitenancy - Enterprise upgrade can leave system in unusable state
- 14931 - Domainjoin when NETBIOS domain name is lowercase results in "The OU format is invalid"
- 12029 - Solaris 10 - Failed to upgrade the builds in the child zones
- New Distro Support
- RHEL PPC64 6+
- RHEL PPC64LE 7
- New builds for Mac dmg. Allows for better support of newer OSX releases (10.9+)
- Freebsd - installer has been dropped due to lack of demand. Can still be built from open source
- Fedora - Selinux support dropped
- SElinux - In order to improve the flexibility and reliability of the Group Policy feature, PBIS has been modified to run under the unconfined_t domain
Released: Enterprise only
Released: August 2015
- 15176 - Credentials cache keyring 'persistent:xxxxxxxxx:xxxxx' not found - default_ccache_name
- 15174 - systemd based systems create kerberos tickets in PrivateTmp location
- 14964 - nscd cores/crashes on Solaris 10u10
- lwsmd.service now gets copied to systemdsystemunitdir on systems running systemd
- Better support for distros using systemd
Released: June 2015
- Samba support for 4.0 - 4.2
Released: June 2015
- 15147 - AIX heap memory fragmentation
- 15125 - Unable to install on Fedora 21-64
- 15110 - Fedora 21: Resumeable error upon domain join
- 15102 - Fedora 21: Error in querying lwsmd when doing domain join on Fedora with SELinux enabled
- 15090 - ad-cache shouldn't run without verification from end-user when a domain with objects in the cache is offline
- 15047 - LSASS high CPU usage with no cause
- 15033 - PBIS fails renewing expired krb5 ticket, can't come online, appears hung
- 14999 - broken symlinks in /etc/pam.d cause domainjoin-cli to fail with ERROR_FILE_NOT_FOUND
- 14998 - domainjoin-cli --enable PAM incorrectly reports success after attempted configuration.
- 14997 - Domain join process fails when encountering pam_sss.so
- 14652 - Memory Leak (lwio connect2)
- 14651 - Memory Leak (LSASS)
- 14649 - Memory Leak (Packet Allocation)
- 14648 - Memory Leak (Data marshal leak)
- 14645 - SIGABRTs and SIGSEGVs when copying remote files in parallel
- 14644 - Occasional lwio crash when chasing referrals
- 14454 - LWSMD hangs when restarting LSASS with a tap-log connected
- Account Override
- AD cache code update
- Autoenrollment can now just enroll certificates
- wifi GPO is stilll needed but set to disabled
- Autoenrollment and Wifi support
- RHEL 6.6
- RHEL 7.0
- Centos 6.6
- Centos 7.0
- Openssl updated to 1.0.2a
- semodule check on uninstall
- SaslMaxBufSize can be changed with the config tool
Released: Mar 2015
- 15100- Password Prompt: Other accounts are reported as local
- 15089- If lwsmd daemon is stopped, localuser can login with incorrect password or no password
Released: Nov 2014
- 15050- users in ignore-user file not ignored by lsass
- 15048- Mac OSX 10.10 support
- 14989- Solaris 11.2 support
Released: Sep 2014
- 15025- Build installation is not successfull when SElinux is enabled in Fedora 20
- 15023- RHEL4 lsass sigfaults on ad authenication
- 14948- RHEL4 install/gpagent is broken due to SELinux change in 7.1.2
- 14922- RPM Installer doesn't install lwsmd into service startup
- 14921- Fedora 18+ / RHEL 7 plus use new hostname function "hostnamectl"
- 14920- selinux not supported in latest Fedora or RHEL versions
- 11434- ubuntu PAM configuration blocks later session modules
- autoenroll daemon - configurable with the config tool
- automatically enrolls certificate from windows CA
- automatically configures wireless for wpa2 enterprise tls authenication
Released: Jun 2014
- 14561- Mac OS - Domainjoin hangs at "Resumable error" preventing pbis functionality
- OpenSSL libraries updated
- RPM and Debian installers now have signed packages
Released: May 2014
- 14958- If lsass is stopped or dead, root can't log in
- 14957- OpenSSL Heartbleed vulnerability
- 14907- Installer fails when selinux-policy-targeted RPM is not installed
Released: Jan 2014
- 14901- Solaris - After upgrade from platform-6.1/Platform-7.1/Platform-7.5 lwsm list throws error
- 14477- Authentication is failing in Solaris-11.1 machines
- 14903- macuninstall.sh can break a system accidentally
-
MAC 10.9 Support
-
PBIS Enterprise 8.0 is not dependent on setfile.
-
Customizable password prompts
-
Three prompts can be configured via the configuration tool
-
ActiveDirectoryPasswordPrompt
-
LocalPasswordPrompt
-
OtherPasswordPrompt
-
Solaris 11.1 Support for SPARC and x86 platforms
Released: Nov 2013
- 14472 - LW_ERROR_KRB5KRB_AP_ERR_ILL_CR_TKT when authenticating users across Forest Trust
- 14572 - After upgrade from 6.1 authentication is not working.
- 14896 - upgrade from 6.0.277 > Trunk fails to preserve domain join state
- 14857 - MacOS: Domain joined information is not retained on 7.5 upgrades
- 14666 - Memory leak observed during the execution of domainjoin-cli command
Released: Sep 2013
- 14866 - No PAC recieved error logging in
Released: Jul 2013
- 14500 - extended attributes are not copied during profile copy on login
Released: Jun 2013
- 14320 - Authentication failing after upgrade from 6.0
- 14710 - Domain join fails in 32bit Mac10.6 machine
- 14695 - In Solaris8 machine, lwsmd core is dumped while installing the platform
- 14693 - Domainjoin fails with an error "LW_ERROR_LDAP_NO_SUCH_ATTRIBUTE"
- 14679 - Authentication is failing with Platform
- 14782 - Update-dns tool is not validated for link local addresses
- 14522 - Observing "Pam" related warning while doing domain join in fedora 18/Opensuse12.3 machines
- Enhanced IPv6 Support
- PBIS Command: First version of offering a single command to access all tools offered by PowerBroker Identity Services. The "/opt/pbis/bin/get-status" command can be accessed by simply entering "pbis status"
- Operating Mode Name Changes
- "Schema Mode" has been replaced with "Directory Integrated Mode"
Released: Aug 2013
- 7072 - LWIS - Need option to NOT sync system clock
- 14718 - nss2 support on Solaris 10
- 14661 - Installer has no "upgrade from 7.0" routines
- 14847 - "purge" uninstall doesn't actually purge
- 14678 - Authentication after upgrade from 7.0/7.1(old) to 7.1 is not happening as expected
- 14673 - Re-Installation of the pbis fails
- 14607 - Debian upgrade doesn't recognize /var/lib/likewise-open and /etc/likewise-open as valid upgrade locations
- 14457 - Upgrade from 5.3 to 7.0 is broken
- 14036 - Remove local provider from default settings
- 14736 - conf2reg crashes badly if lsassd.conf is misformed
- 14463 - 7.0 installer doesn't uninstall Likewise 6.0 build 239
- 13599 - Legacy installation does not include "lwsm" command in /opt/likewise/bin
- 14800 - domainjoin-cli overwrites the Description field in AD
Released: May 2013
- 14363 - dcerpc daemon is in running state after installation of 6.5#780 and domain join.
- 14195 - Installation fails with an error postinstall or postremove scripts failed.
- 14600 - Linux (RPM/DEB) installers do not set "conflicts" or "requires" lines properly
- 14659 - Installation fails with dependency errors.
- 14663 - Re-installation is failing after uninstallation followed by purge of the build.
- 13469 - lsass missed Domain Local group membership for cross-forest users
- 14333 - lwsmd crash when server is slow to respond
Released: Mar 2013
- 14370 - PBIS "failover" to alternate DC is slow
- 14331 - cron stops working on AIX
- 14488 - Solaris - adding a "+" to /etc/pbis/group-ignore or /etc/pbis/user-ignore causes a segfault in "id"
- 14405 - adding a "+" to /etc/pbis/group-ignore causes a segfault in "id"
- SELinux Policy
- This version will support SELinux in Fedora 13 - 17 and RedHat 6
- Continued support in future releases
GitHub: https://github.com/BeyondTrust/pbis-open/ Company : http://www.beyondtrust.com
© 2019 Powerbroker Open Project. All Rights Reserved.