AD Bridge 10.0.0 Release Notes

February 25, 2020

New Features and Enhancements:

  • ID Range
    • Added a new storage mode, ID Range, that defines a range available to the domain; it is configurable at the forest root, via GPO, or locally, using the config tool.

Enabling this feature requires deleting all cells in the forest. Please consult BeyondTrust Technical Support before making this change.

  • Kerberos Library Update
    • Updated Kerberos libraries to version 1.17.
  • Platform Support
    • CentOS 8 can now install with SELinux enabled.
    • When attempting the installation on FED 28+ or RHEL 8+, AD Bridge detects the absence of libnsl libraries and stops the installation, posting a message that libnsl is required for the install.

Issues Resolved:

  • Resolved an issue where Lsass encounters a segmentation fault when Host Access is configured.
  • Added additional logging for Failed to validate GPO Security Descriptor.
  • Remote home directory mount to dock issue resolved on Mac systems. Mac 10.15 GPO Use UNC path from Active Directory to create home location will not work. We recommend the use of Force home directory on start up disk: true with the UNC Path policy to have it mount the share in the user's dock.

Notes:

  • This is the last release to include the Mac OSX installer.
  • This is the last release to include 32-bit versions of the deb and rpm installers.
  • This is the last release to include the HPUX Installer.
  • Smartcards will not work with this release. This functionality will be provided in a later version.
  • Downgrading from AD Bridge 10.0.0 to a previous release requires leaving the domain before uninstalling, or the previous release may not run properly.
  • An upgrade to AD Bridge 10.0 is required in order to work properly with Microsoft's LDAP channel binding and LDAP signing requirements.

For more information, please see ADV190023 | Microsoft Guidance for Enabling LDAP Channel Binding and LDAP Signing.

  • The GPO Use UNC path from Active Directory to create home location does not work with MacOS 10.15. We recommend using Force home directory on start up disk: true with the UNC Path policy to have it mount the share in the user’s dock.
  • RPM packages have been signed with a new key, 7237d0ac.
  • RPM x86_32 install is not available with this release. We will look into providing it in a future release, pending feedback.