AD Bridge 23.3 Release Notes

December 7, 2023

Aarch64 systems to install adbridge-23.3.0.XXX.linux.aarch64.rpm.sh
SLES or RHEL with FIPS enabled to install adbridge-23.3.0.XXX.linux-fips.x86_64.rpm.sh

For installation requirements, please see the following:

For the AD Bridge agent, Install Requirements for the AD Bridge Agent.
For the management console, Requirements to Use AD Bridge with Active Directory.
For a list of supported platforms for the latest version of AD Bridge, please see the Supported Platforms Guide.
Supported Platforms Guides for previous versions of AD Bridge can be found in the AD Bridge Documentation Archive.

AD Bridge can now be installed and used on rpm aarch64. The aarch64 build can be used on AWS Graviton systems.
The new installer is adbridge-23.3.0.XXX.linux.aarch64.rpm.sh

A new installer is available to install on FIPS enabled RPM systems.
The installer is adbridge-23.3.0.XXX.linux-fips.x86_64.rpm.sh
There is a new installer option to set ‘update-crypto-policies --set FIPS:AD-SUPPORT'. This is required for any RHEL9 system that wants to communicate with Active Directory.

Usage output has been cleaned up.
A new -examples option has been added to display examples of ADTool commands.

Default values for cells (Login Shell and Home Directory) can now accept blank/empty values.
When the shell/home directory is empty on the shell, the user inherits the values from Group Policy, then local policy.

Tomcat/Java files were removed from the downloads in v10.1. We will not be building or providing these to customers.

Resolved an issue where the tenant rejoin error log message was incorrect. The error is now correct.
Resolved an issue where the tenant would not be joined if the nic card was left offline for several hours. Now when an agent machine goes offline, the tenant join will be retained.
Resolved an issue where the Home Directory set to default value even after adding a user to an empty default homedir named cell. Now, the user gets the correct home directory.
Resolved an issue where btarchive returned an unhandled exception error when trying to run it from Program Files. Now, btarchive can be run from Program Files and does not produce an error.
Resolved an issue where the SQL Server was not enabled through the cli tool. Now, SQL server can be enabled with the cli tool using /c and /d options.
Resolved an issue where there was a potential leak in SMBCreatePacketAllocator. Now, the leak is no longer happening.
Resolved an issue where the AutoFS group policy was not setting the selinux context. Now the selinux contexts have been set properly when applying the AutoFS group policy.
Resolved an issue where the logging around pthread_mutext_init() has been improved.
Resolved an issue where an upgrade would fail with "ERROR_SERVICE_ALREADY_RUNNING" message. Upgrades now working properly.
Resolved an issue where "Cleanup logs reporting no such object cn=Likewise,cn=Program Data" was occurring.

RHEL 9 with fips enabled needs to have the crypto policy updated to allow ad support. We provided a new option to set this during the installation. If this is skipped, AD authentication will not work. The fix is to run ‘update-crypto-policies –set FIPS:AD-SUPPORT' and rejoin the domain.
To change an AD user password on a FIPS enabled RHEL9 machine, you must use /opt/pbis/bin/passwd, instead of passwd. This is a known issue that we will address in an upcoming release.

Issues discovered after release can be found within our product Knowledge Base.

AD Bridge 23.3.0 supports upgrades from versions 21.1, 22.1, 22.2, 22.3, 23.1, and 23.2.
ADB 23.3.0.505 rpm packages signed with key 7237d0ac
No zip installer for BIUL will be provided. The upload process for ADBridge will change for the BIUL in the 23.1.1 release.