AD Bridge Version History 7.1-9.0

# AD Bridge Enterprise Edition

Thank you for selecting BeyondTrust AD Bridge. This file contains

important information regarding the current version of this product

including new features and changes. Further details can be found in

the AD Bridge Services manuals.

This document is current as of the date of publication. The most

current version is available from www.beyondtrust.com.

BeyondTrust welcomes your comments and suggestions. Please use the

information provided at the end of this file to contact us.

------------------------------------------------

# Contents

- Releases

- Features

- Bug Fixes

- Notices

## AD Bridge Enterprise 9.0.0.520

AD Bridge Open 9.0.0.521

Released: April 2019

ISO Hash

md5 -

sha256 -

### Enterprise

#### Features

Group Policy

- 161888 - Change GPORefresh/GPUpdate to apply always/once

- 161150 - GPO: Change "Monitor" option to "Apply once/always"

- This redesign changes the default behavior for file based GPO. Policies will now reapply

if they were changed locally. Change to "Apply once" for the old behavior.

This also includes the fixes for the following issues.

- 122029 - [EDR-45284] GPO should support monitor for /etc/issue

- 115457 - [EDR-44904] Missing user/group override files break Group Policy

- 89673 - [EDR-42685] syslog group policy should re-apply following a gpupdate

Duplicate UID/GID Search tool

- 66926 - [EDR-47274] Windows tool to locate Duplicate UID/GID usage in AD

#### Bug Fixes

Services

- 172467 - [EDR-49606] reapsysl regular expression issue

- 166679 - Intermittent double free error when restarting gpagent

- 138474 - Add display label for RSOP 'eventfw settings'

ADUC

- 172374 - Scroll bar is cut off on Cell Properties screen when there are a multitude of users

### Notice

- 174068 - Remove activclient package from the rpm installer

- 172847 - Product rename "PBIS" to "BeyondTrust AD Bridge"

## PowerBroker Identity Services Enterprise 8.8.0.505

PowerBroker Identity Services Open 8.8.0.506

Released: December 2018

ISO Hash

md5 - dbae6194075540ddbdbf36caa7e3a578

sha256 - 89d9618c516cfeb20cf262f31ce1b92f85364875827d72fb68cedd786597b587

### Open

#### Bug Fixes

DOMAINJOIN

- 166129 - [EDR-49175] Unable to join Zlinux servers to a domain

SERVICES

- 165997 - [EDR-48890] Release global container lock before dispatching tasks

- Resolves lwsmd hangs under a number of rare scenarios

- 161238 - [EDR-48600] netlogon segmentation fault on certain SLES configurations

### Enterprise

#### Features

ACCOUNT OVERRIDE v2 (AOv2)

- 161886 - AOv2: Group Policy support

- 155183 - AOv2: Redesign group-override file

- 155181 - AOv2: Redesign user-override file

- 53618 - [EDR-40704] AOv2: Support wildcard entry in user override file

- This redesign changes the override file layout to match /etc/passwd, /etc/group formats.

While 8.8.0 version agents can process previous override files, updated override files

can NOT be processed by pre 8.8.0 agents. Customers using AO should upgrade to this version

to ensure newly created/modified AO policies can be processed.

#### Bug Fixes

PBIS Services

- 168932 - gpagent should not run pkinit as preauth mechanism

- Fixes a segfault due to incorrect pkcs11 calls

### Notice

- 163764 - Dropped HPUX PA-RISC installers

- Discontinuing PA-RISC as a supported platform for current and future releases due to

limited hardware availability

## PowerBroker Identity Services Enterprise 8.7.1.493

PowerBroker Identity Services Open 8.7.1.494

Released: October 2018

ISO Hash

md5 - c7ab59ecd06259990415fbb7d2d16036

sha256 - d1e69a55ec9b582f9884652fd5691c0920699c79ce47a644d5186f4b942d99fb

### Open

#### Features

- 157347 - [EDR-48055] Reduce log level for NERR_SetupNotJoined message

- 157346 - adtool man page

#### Bug Fixes

- 162008 - OSX 10.14: Domainjoin not working

- 159453 - [EDR-49061] [GH-158] Domainjoin-cli --assumeDefaultDomain yes no longer works

- 159161 - lwsm double free

- 158572 - regshell !!text history command incorrectly builds command

- 157292 - Domainjoin: Better error when moving the computer account and OU doesn't exist

- 67459 - FED24+: Install error on system with ncurses6

### Enterprise

#### Features

- 157799 - PasswordSafe: Handle Conflicting Request Error

- 154933 - PasswordSafe: Password Change Upon CheckIn

- 154932 - PasswordSafe: Use SystemName when Searching for Managed Account

- 121216 - Improve domainjoins usage and add man pages to explain the options

#### Bug Fixes

- 156553 - Cell Manager: Better error handling when attempting to delete the Assumed Default cell

- 156552 - .NET 4.5 conversion of btarchive.exe

- 155349 - Handle moving certs with brackets in the name during upgrades

### Notice

- 113326 - libedit replaced with linenoise

- regshell history format has changed, previous history format included a history format version entry, e.g. _HiStOrY_V2_, and suffixed each entry with \012. While these can be read by the current regshell, they can't be replayed. It is recommended users delete their existing .regshell_history file.

## PowerBroker Identity Services Enterprise 8.7.0.477

PowerBroker Identity Services Open 8.7.0.478

Released: August 2018

ISO Hash

md5 - b7537dc19bc85b09d8ba4910f9f67428

sha256 - c7f883d52fc0a932d831fdcb9c7e1df336f3eba39e412b79aa9e5192d5f89af0

### Open

#### Features

- 151345 - ADTool: keytabs file creation succeeds even if SPN fails

- 149676 - ADTool: New spn option for new-user and reset-user-password

- 149674 - Hide User if they do not have permissions to the computer

- 146328 - Solaris 10: rsh/rlogin support

#### Bug Fixes

- 151748 - ADTool: new-computer --password stdin not working

- 149880 - Adtool: new-user keytab fails to create when upn/samAccount mismatch

- 144687 - RPM: Remove sh-utils dependency

- 140897 - Adtool: Core dump via any command without options

- 139976 - [EDR-47017] segfault on domainjoin-cli configure --enable ssh

- 132102 - [EDR-45699] Cron Jobs created as AD Users run as root

### Enterprise

#### Features

- 152774 - btopt: New option to hide Assume Default Cell mode

- 149208 - ADUC: Allow editing of users attributes without a default cell

- 144866 - [EDR-47274] Ignore duplicates from un-provisioned objects

- 107151 - MMC Snapins installer

- 66928 - Domain Join: Integration with Password Safe

- 46508 - Assume Default Cell mode - Support domain joins without a cell

#### Bug Fixes

- 155803 - PAM: Leaks LSASS Connections

- 150667 - Better error when joining a domain without a cell

- 140809 - Setting SmartcardRedirector False hangs

- 139103 - [EDR-46875] Unable to apply site based GPO's to child domain

- 137272 - OSX: login hangs when profile contains a DFS style share

- 134985 - Centos6: Smartcard removal not working

- 134489 - OSX: If firewall is disabled, the block incoming connections shouldn't be displayed in RSOP output as there is a dependency

- 134488 - OSX: Energy Saver GPO not applying properly

- 134460 - OSX: Firewall GPO not applying properly

- 126424 - Disable PBIS Tab from properties of multiple groups or users selected

### Notice

- 153853 - Solaris 8 installs no longer supported

- 132660 - Legacy packages are no longer supported or provided

- 133032 - Versions of AIX before 6.1 are no longer supported

- 126503 - Deprecated Domainjoin-gui

- 66927 - Windows installation is now built .NET 4.5

## PowerBroker Identity Services Enterprise 8.6.0.423

PowerBroker Identity Services Open 8.6.0.427

Released: March 2018

ISO Hash

md5 - ffb7bfa49be86c2866201a78aa10415a

sha256 - 7d7ab9c8e567b1a3a2c5e2d8c8344d3b8fa101150dcd190fd51cad78e1ef78d8

### Open

#### Features

- 131154 - Support HPUX 11.23 itanium

- 125622 - Upgrade to OpenSSL 1.0.2n

- 118578 - Debug logging capability added for bootstrap service

- 116659 - [EDR-45310] Support for macOS 10.13 High Sierra

- 116655 - Installer: Path to EULA displayed

- 116600 - Domainjoin: add history support to prompts

- 92912 - [EDR-43173] offline-join.pl script added to agent installer

- 70651 - [EDR-41687] Extend usage of user-ignore and group-ignore to support IDs

- 64301 - Improved README on the Agent installers

#### Bug Fixes

- 133693 - [GH-103] SLES: ERROR_BAD_COMMAND when joining with dhcp

- 129466 - [EDR-46150] Adtool: Constraint Violation When Using Non-Unique Default Home Directory

- 125225 - [EDR-45791] HPUX: Incorrect PAM Configuration can prevent root access

- 97865 - MacOS: AD users unable to change password via 'User & logins'

- 94195 - [EDR-43408] Empty lsass-adcache.filedb causes lsass startup issues

- 75694 - [BZ12896] Improve performance for pre-staged domainjoins

### Enterprise

#### Features

- 127471 - GPMC AutoMount: Now list contents of files

- 123524 - Cell Manager: Delegation of control logging

- 111620 - Smartcard Redirector support for Linux Platforms

- 101022 - Smartcard: Support for Debian/Ubuntu

- 96389 - sc-test: ability to test with NT4/Down-Level Logon Name

- 89461 - Update RSAT check to detect windows 10 and 2016 server

- 49440 - Setup installer: local database detection

#### Bug Fixes

- 133913 - [EDR-46529] PBIS install changes GID of 'Domain Users' group

- 132052 - Smartcard: not working on Centos 6.x

- 129981 - Smartcard: Offline logon not working

- 129675 - Reporting database connection manager: Not being run as the administrator

- 128501 - [EDR-46102] GPOE: Templates from all authorities are not Appearing In Certificate Autoenrollment

- 127533 - [EDR-45995] gp-admin --listall generating core dumps

- 127521 - [EDR-45845] GPO: agent doesn't handle ACE with inherited object type

- 127473 - GPO - Run Script - Contents list "script.conf" with no value

- 127452 - GPMC: not showing on report - Lsassd: Force authentication to use unprovisioned mode

- 126943 - Setup: Add logs for each page transition

- 125253 - [EDR-45755] GP fstab: Mounts should always deliver the mount type in lowercase

- 122718 - GP RSOP: Added 'smart card settings' to report

- 114685 - [EDR-44893] btcollector.exe -t <non-integer> causes counter to become 0

- 110817 - Two rows highlighted after assigning a license

- 107876 - GPMC: Settings do not appear correctly when both Computer & User GPO defined in the same GPO

- 77298 - Circular dependency loop when adding groups to cell

### Deprecated

- 107125: Remove support for Workgroup Manager GPO

- If Workgroup Manager policies were in place we advise doing an uninstall/reinstall to upgrade to 8.6.0

## PowerBroker Identity Services Enterprise 8.5.7.378

PowerBroker Identity Services Open 8.5.7.385

Released: December 2017

ISO Hash

md5 - 4df8c3f2d1c843f6feeb3772913463de

sha256 - 1eb581e5193c9a1cfc7dfab1874f2a56150b051546f87abb0567bdd4b16ffb1a

### Open

#### Bug Fixes

- 124445 - [EDR-45699] Disable Cron Jobs Created as AD Users on AIX

- 121417 - Update OpenSSL Library 1.0.2m

- 115994 - [EDR-44961] Password change does not check the user-ignore

- 94195 - [EDR-43408] Empty lsass-adcache.filedb causes lsass startup issues

### Enterprise

#### Features

- 122273 - PBISEnterprise exe and msi now included on iso

- 53511 - [EDR-40689] Ability to export license usage from BMC to csv file

#### Bug Fixes

- 120863 - [EDR-45377] "Incorrect Software Package For This System Architecture" Error when installing PBIS

- 110794 - Assign License should not be available when multiple computers are selected

- 105360 - Server 2012 R2: Setup does not warn when GPMC is missing

## PowerBroker Identity Services Enterprise 8.5.6.366

PowerBroker Identity Services Open 8.5.6.375

Released: October 2017

ISO Hash

md5 - dab3283841dac729a0bd33e3abea7688

sha256 - dcc7ad6ce01cfb5305675e80d5cd200b1183cfac790b1a0cb1d17f4807a21a6c

### Open

#### Bug Fixes

- 120257 - [GH-73] domainjoin-gui is not being built

- 117866 - [EDR-44928-44848] Unable to connect to samba share with hostname

- 117374 - [GH-59] Solaris fails when the FIFOFS inode exceeds UINT_MAX

### Enterprise

#### Bug Fixes

- 112968 - [EDR-44703] GPO Allow login rights name is resolving to DOMAIN\USER. NT4 Name should be NETBIOS\USER

## PowerBroker Identity Services Enterprise 8.5.5.363

PowerBroker Identity Services Open 8.5.5.372

Released: October 2017

ISO Hash

md5 - fd73c0ff88ed7bb9eeda218789f0b44b

sha256 - bbf91bcceb1be722b7812bd5e9137a76640f78b0a818a3527388de0ff7e1b8fb

### Open

#### Features

- 110163 - Enable ldap debugging messages for LSASS

- Set level to TRACE

- 107332 - Consolidate all 3rd Party License files into a data folder

- 101019 - ADTool: new-computer - new --spn option

- 100070 - Config tool: New ServicePrincipalName (SPN) option

- 92911 - [EDR-42774] Allow syslog facility to be configured

- 91702 - Domainjoin-cli prompts for missing parameters

- 91701 - Simplified pbis install

#### Bug Fixes

- 106865 - [EDR-43991] enum-members along with --user option is returning the user objects multiple times

- 104880 - [EDR-43991] Expired cache causes duplicate members to be listed

- 95452 - [EDR-43370-43645] connection resets when adding users via adtool en masse

- 85698 - OpenSSL library update - 1.0.2l

- 77390 - [GH-6] Connection refused during startup causes PBIS join status Unknown

- 53278 - [EDR-40667] Adjust lwsmd shutdown sequence to occur after sshd

### Enterprise

#### Features

- 109207 - GPO Resultant Set of Policy (RSOP) ability on gporefresh

- 108871 - Enterprise license auditing/summary of total

- 107914 - Group Policy Explain tab updated with more inform

- 107540 - gpupdate --rsop and --verbose should page automatically

- 102961 - [EDR-43844] Added option to filter license by last password change

- 102855 - [EDR-43702] RSOP (Resultant Set Of Policy); MacOS and syslog

- 97264 - Reorganize Group Policy Editor tree to combine Security and Network nodes

- 97253 - Update Wireless Group Policy Editor to offer dropdown of Certificate Templates

- 91703 - ISO: Reorganize and include other BeyondTrust Products

- 88046 - [EDR-44765] Host Access Control Groups

- 87909 - Re-label Darwin to macos on ISO

- 77795 - [EDR-42160] Config option to create home directories in lower case

- 66386 - [EDR-41406] Support the ability to Scope Computer GPO using Security Filtering Apply permission

#### Bug Fixes

- 110990 - File copy - Remove file policy checkbox not showing state correctly

- 110984 - Editing file copy gpo resets all the existing settings

- 110388 - Cumulative logon rights does not correctly check for duplicates

- 109812 - Win 10/2016 license node broken - out of range

- 109107 - [EDR-44391] Selecting a Read Only file in File Object Editor stops any future modifications to the file

- 108716 - Upgrading from 8.5.4 breaks GPMC settings reports on win 10/2016 - See Notice

- 107615 - gpupdate --rsop does not report when a CSE rsop fails

- 106919 - Multiple Mac Profile Manager Group Policy Objects crashes gpagent

- 95399 - Group Policy: Files copy GPO gets exception with filename conflict

- 90031 - [EDR-42981] adtool remove-from-cell requires --force for default cell

- 87909 - Re-label Darwin to macos on ISO

- 78407 - BMC displays root domains licenses only

- 58097 - [EDR-40924] gpagent can not backup a file if "target directory" ends with "/"

### Notice

- If PBIS is upgraded on windows 10/2016 the Group Policy Management setting for PBIS policies will not show. Issue a repair with the installer will fix this. If an upgrade was done via uninstall/install then this will not be needed.

## PowerBroker Identity Services Enterprise 8.5.4.326

PowerBroker Identity Services Open 8.5.4.334

Released: June 2017

ISO Hash

md5 - ac54fd6466328aca881f40c321f65610

sha256 - 77450cdfb460314c5b6314a3091781470a26137cf3d7d46295c2359737082b6a

### Open

#### Features

- 98512 - update-dns: added option to specify dnsserver

- 87581 - [EDR-42787] Add support for Suse 11 PPC

- 75481 - Add a switch to adtool to output a keytab file for computer accounts

- 54837 - Add a switch to adtool to output a keytab file for user accounts

- 45519 - Apache 2.4 Support

#### Bug Fixes

- 100591 - OpenSuse 13.2: Domainjoin resumable host name error

- 91964 - [EDR-42899] AIX EventLog Getting error: lsass: [eventlog] Failed to write records. Error code [5]

- 91918 - 32 bit rpm upgrade package are not signed - fails to install

- 88932 - [EDR-42814] Install should continue with warning after SELinux issues when not running enforcing

- 88248 - [EDR-42809] lwsmd daemon performance improvements on AIX with large numbers of users

- 80555 - adtool move-object missing new-line from stdout message

- 76688 - Endless loop in LWIO list handling

- 74998 - gpagentd starts up eventfwd but doesn't set it to autostart

- 71764 - [EDR-41766] DB2 crashing with PBIS

- 65617 - [EDR-41313] /opt/pbis/bin/config throws an error if the configuration is done prior to the domain join

- 60433 - joining a different domain without leave can breaks future upgrades

- 54811 - Computer name 15 character limit should not be applied on all attributes

### Enterprise

#### Features

- 100069 - Add File Permission Binding to Unix Browser for GP File Object

- 98631 - Support group policy to delete cert file if removed from autoenroll group policy

- 97242 - Template list to Group Policy Certificate Auto Enrollment

- 88388 - SmartCard Enhancements and smart card diagnostic tool

- 70499 - Group Policy Files Object: source file should be selectable from remote host (Linux/Unix host)

- 54834 - Add Config tool options for AutoEnroll on rpm systems

- 46507 - [EDR-43702] Resultant Set Of Policy

- 46506 - GPORefresh/GPUpdate verbose mode

- 46504 - Enhanced - Java SSO Support

- 46461 - Generic Certificate Deployment

#### Bug Fixes

- 102240 - Ubuntu: WIFI: Network-Manager needs to be restarted manually after a domain join to connect

- 102070 - RHEL7: WIFI does not connect with GPO

- 101715 - autoenroll of certificates fails with CES running on 2012 R2+

- 98747 - Password prompt CSE memory leaks

- 96772 - Drop downs on DNS gpo need to be set to read only

- 84915 - DB Reaper Shortcut doesn't allow you to contact the BI server unless it is run as administrator

- 80867 - BI: When users update ad UID's, information is removed from the Access by User report

- 46234 - [EDR-42788] GPMC Settings Tab does not report PBIS settings on Windows 10 or Windows Server 2016

## PowerBroker Identity Services Enterprise 8.5.3.289

PowerBroker Identity Services Open 8.5.3.293

Released: March 2017

ISO Hash

md5 - a0f6669bd965ab4b0e6342d6e15fb1bc

sha256 - b4d876c4659fa3f70f75c62193bc017bd35193d0cc36e4f310ab8353b5e636d6

### Open

#### Features

- 57300 - [GH-9] DEB: Enhance repo Key

#### Bug Fixes

- 85373 - Solaris: EULA doesn't appear when running the .sh file without install as a parameter

- 84274 - fix group membership lookup for ldap queries in PBIS Open

- 82902 - [EDR-42510] cannot change root password with PBIS 8.5 installed on Solaris 10

- 81441 - [EDR-42389] Password reset not working on Solaris 11

- 77365 - Update OpenSSL to 1.0.2j

- 77146 - Adtool core dumps with Solaris 10

- 59472 - [EDR-41023] wrong value for $LOGNAME

- 59471 - [EDR-41022] Problems with AIX LPM crashing lwsmd

### Enterprise

#### Features

- 71766 - [EDR-41773] support for RHEL on IBM System z (z/linux s390)

- 69784 - smartcard support for rhel 6/7

#### Bug Fixes

- 86707 - [EDR-42733] Credential cache is not unique for adtool

- 83760 - Update EULA for Enterprise

- 82126 - [EDR-42142] Make gp-admin operate against RODC where possible

- 81651 - Add the dbreaper /gui shortcut to start menu BI Event Configuration

- 80959 - NextRID not looking for DC in correct domain

- 79746 - Cell Manager crashes when the [Permissions] button on the [Security] tab (user's properties form) is clicked

- 77772 - [EDR-14962] Cell Manager user code doesn't properly resolve objects for group membership

- 76759 - config AutoEnroll AutoEnrollPollingInternval item misspelled

- 76055 - [EDR-42066] PBIS injection into sshd_config can cause SSH daemon issues in presence of "match group"

- 67810 - Windows upgrade screen needs to have the new BT logo

- 65936 - [EDR-41317] Import license should ignore duplicates

## PowerBroker Identity Services Enterprise 8.5.2.262

PowerBroker Identity Services Open 8.5.2.265

Released: December 2016

ISO Hash

md5 - 9cda7f2ee557220916a2e6f56a739204

sha256 - 8933fd1454393f89e56c0a3c7fb266b91a2b36a30fede88d83ea2979a466c69d

### Open

#### Features

- 72602 - macOS 10.12 Sierra Support

- 66917 - ADTool add option to set/un-set any attribute on an entity

#### Bug Fixes

- 77505 - [EDR-42142] Issues migrating PBIS agent to RODC site - netlogon plugin

- 72263 - ADTool does not handle commas in user arguments

- 71797 - UserMonitorCheckInterval range is incorrectly mentioned in config tool

- 71767 - Update OpenSSL Libraries to 1.0.2i

- 71762 - [EDR-41732] Creating users with adtool does not set "require password at next login"

- 70096 - [GH-2] Add support for Samba 4.x

- 74987 - gpagentd does not tell user monitor when refresh interval changes

- 68080 - [EDR-40067] - Group policy agent hangs during upgrade

- 65836 - Mac: Upgrade from 8.3.4 to 8.5 doesn't retain the domain join state

- 52726 - adtool search-user also returns computer accounts

- 40410 - [EDR-39888] Usermonitor exits on all issues

### Enterprise

#### Features

- 65940 - Provide option to export PBIS Audit data to BeyondInsight

#### Bug Fixes

- 80456 - Machine Password change does not use RODC

- 68485 - BMC "Save as" function doesn't save session properly

- 48273 - When deleting collector from BMC, error is reported and collector will not appear

## PowerBroker Identity Services Enterprise 8.5.1.206

PowerBroker Identity Services Open 8.5.1.206

Released: September 2016

ISO Hash

md5 - 766f1cc7581059a72f2c0d58717037a2

sha256 - bb2dbacebb788709e6664de59d0daf0fa4bec9b8d20bcaf9223dd1a48872fb6f

### Open

#### Bug Fixes

- 70422 - Fedora 22+ - PBIS can not parse krb5.conf includedir by default

- 65001 - Rebranding to new BT Logo

- 64463 - Domainjoin setname Cent 7.1 returns ERROR_BAD_COMMAND

- 50398 - [EDR-40702] When using Pam faillock on domain join pam files must be moved in and out to allow the join.

- 41074 - [EDR-40857] lsass sometimes fails to load the AD provider on multi-NIC systems

### Enterprise

#### Bug Fixes

- 65722 - ADtool adding user to cell reports Likewise cell

- 57946 - Windows Setup shows wrong error message when it is being run on Windows 7 with wrong architecture

## PowerBroker Identity Services Enterprise 8.5.0.146

PowerBroker Identity Services Open 8.5.0.153

Released: August 2016

ISO Hash

md5 - d6fd796df7528277660187aa33cd10d2

sha256 - f4f043c1851f104ce3419f4297861fb47541308f88a208348d870c7a27f9a2fc

### Open

#### Features

- 54545 - Sign ppc64le packages

- 54544 - Sign ppc64 packages

- 47079 - [EDR-40156] Add option to LWSM to persist logging settings

- 46766 - [EDR-40156] Need the ability to permanently set log level on service

- 30198 - [EDR-39747] Support for Mac OSX 10.11

- 29006 - [EDR-39680] Blacklist specific DCs

#### Bug Fixes

- 60160 - Update EULA with latest address

- 57955 - [EDR-40917] Remove GID Enforcement (ADUC/Cells)

- 54787 - Additional logging for the location path of certificates that are downloaded via auto enrollment

- 53625 - Add a symlinked command gpupdate to gporefresh for consistency with windows platforms

- 51496 - Reduce the file size of the Windows Setup

- 50459 - Add ability to create Named cells with the setup installer when in schemaless mode

- 46258 - [EDR-40098] Enhancements to the .NET API to provide access to all attributes on the Cell, User and Group objects (GetAttribute)

- 45519 - Apache 2.4 Support

- 30107 - [EDR-39741] Improved logging messages in Database Update Utility

### Enterprise

#### Bug Fixes

- 65452 - ad-cache --delete-all should succeed when a zero way trust domain is offline

- 65217 - lwsmd is running under unconfined_exec_t and should be bin_t

- 64974 - CentOS 6.x machines semodule pbis version not correct

- 59474 - [EDR-41016] AIX: Duplicate Files in different packages

- 57751 - Remove error messages from Debian install logs: regshell (error = 87 - ERROR_INVALID_PARAMETER)

- 54930 - Fix exit status when calling domainjoin-cli with invalid options

- 54929 - Allow PBIS Local Provider groups and users to be provisioned with IDs under 1000

- 54876 - [EDR-40778] Installing on RHEL7 PPC64 fails when CPUs are offline

- 54766 - [EDR-40773] SUCCESS message should be included in the logs that domainjoin-cli creates

- 54456 - [EDR-40751] Support for Single Label Domains (SLD) in domainjoin-cli

- 54205 - remove RHEL specific naming from the PPC64 package folders

- 54033 - Update OpenSSL Libraries to latest version

- 53630 - PBIS agent installs should not include administration documentation

- 53613 - Fix the lock file location on AIX

- 53509 - [EDR-40671] Fix file permissions for lwsmd service file - 755

- 52777 - [EDR-40514] RequireMembership of supports only 2048 characters and behaves unexpectedly when surpassed

- 52128 - [EDR-40388] Add comment to Domain Separator regarding restrictions

- 52096 - [EDR-40787] Clearing cache takes domain offline in one-way trust scenario

- 51701 - [EDR-40534] Fix for various SELinux error messages for /var/lib/pbis/.lsassd and postfix

- 51614 - (One Way Trust, CellManager) CellManager hangs when user cancels Authentication prompt

- 51508 - Cell Manager should not obscure network credentials when authenticating cross-domain - One way trust/Named Cell

- 51416 - Update adtool reset-user-password --password - to correctly accept STDIN input

- 50387 - [EDR-40451] AIX lsuser ALL only shows local users

- 50316 - [EDR-40433] Enable add groups via a one way trust in Cell Manager

- 50249 - On 8.3.4 local users on Debian systems could not change their password

- 50089 - [EDR-40388] Use the Default Domain Separator Character when processing Policies like RequireMembershipOf

- 50084 - [EDR-40387] Look for certificate template configuration container in the forest root

- 50083 - [EDR-40378] Allow local users to login if lsass is in a hung state

- 48939 - Correction to the pam-auth-update list to refer to Powerbroker Identity Services

- 48401 - Fix the Allow Logon Rights GPO Object picker to select user/group by sAMAccountName

- 48055 - Fix the lsa usage description to list modes in alphabetical order

- 48054 - Fix the find-objects help usage to include all available modes

- 47681 - systemd: Ignoring invalid environment

- 46541 - [EDR-40134] BMC incorrectly reports orphan objects across a one-way trust

- 46504 - Updated Java SSO support

- 46313 - [EDR-40140] Fix adtool to set the correct attributes to allow domain join to succeed for computer accounts

- 46260 - [EDR-40067] LWSMD Hangs during shutdown

- 46079 - TrustEnumerationWait setting is missing in Platform 7

- 46076 - Ensure invalid values for config parameters (e.g. CacheEntryExpiry) do not crash the AD Provider

- 46004 - [EDR-40078,EDR-40434,EDR-40572] Ensure user-ignore, group-ignore, user-override and group-override are not overwritten when upgrade is performed

- 46003 - [EDR-40182] Fix issue with adtool reset-user-password returning error 700086

- 46076 - Ensure invalid values for config parameters do not crash the AD Provider

- 40778 - [EDR-39902] RHEL7: "logger <test> 2>&-" generates a coredump when pbis is installed

- 30216 - [EDR-39748] Fix excessive syslog messages on RHEL pam stack with unix_chkpwd

### Notice

- Documentation has been removed from the agent installs.

## PowerBroker Identity Services Enterprise 8.3.4.3358

PowerBroker Identity Services Open 8.3.4.3346

Released: February 2016

ISO Hash

md5 - 0da79dfad7a5dc99efc9945ef4aa44da

sha256 - 94bc08da1c9d89692545f2f5b362dd70cec5108a8a5be8eea95c63ec1630778d

### Open

#### Feature

- New Distro Support

- RHEL PPC64 6+

- RHEL PPC64LE 7

- New builds for Mac dmg. Allows for better support of newer OSX releases (10.9+)

### Open

#### Bug Fixes

- 47174 - Solaris 11.2 - Automatic Mode fails to persist nsswitch.conf changes

- 45008 - User-Override example is incorrect

- 15272 - whoami: cannot find name for user ID - Failure to establish an SSH session after the job load reaches a certain limit

- 15268 - solaris 11.3 - authentication is not working

- 15238 - Run lwsmd under SELinux as unconfined_t

- 15235 - Local users are unable to login when there is a time skew difference between agent and DC

- 15234 - Local users restricted from logging in when PBIS license has expired

- 15196 - PBIS SElinux policy refers to obsolete alias clamav

- 15179 - Solaris 11 - lwsmd fails to start initially

- 15129 - Solaris - Change krb5.keytab file location from /etc to /etc/krb5

- 15111 - Suse, SLED, SLES: Resumable error upon domain join

- 15104 - Debian - Password prompt doesn't work

- 15061 - Solaris - LW_ERROR_NOT_HANDLED on NEW Zones created after PBIS install

- 15046 - machine password fails to update against RODC

- 14952 - Solaris 10 with zones in multitenancy - Enterprise upgrade can leave system in unusable state

- 14931 - Domainjoin when NETBIOS domain name is lowercase results in "The OU format is invalid"

- 12029 - Solaris 10 - Failed to upgrade the builds in the child zones

### Enterprise

#### Feature

- New GPO - Ignore group alias

- Path - BeyondTrust Settings/PBIS Settings/Logon/

- New GPO Option - File System Mounts

- Custom (freehand) entry for file System Mount

- restore rsyslog.conf file during uninstall purge

#### Bug Fixes

- 15251 - Failure to get Root Domain DirectoryEntry object (or any info)

- 15250 - group override feature has serious performance penalties with GID override

- 15249 - Solaris 11 - error processing group policies (ERROR_FILE_NOT_FOUND)

- 15244 - Solaris - Add ";" to how we read comments in resolv.conf

- 15243 - PBIS splits resolv.conf using spaces. Should also allow tabs

- 15062 - Solaris - LW_ERROR_NOT_HANDLED on NEW Zones created after PBIS instal

- 15030 - bteventdbreaper.exe crash periodically

- 14996 - SELinux blocks autofs on CentOS/RHEL 6

- 14967 - gpagent does not refresh ticket if deleted

- 14915 - syslog reaper doesn't support selinux

- 14793 - Gpagent fails to create the symbolic links when selinux is in enforcing mode

- 14785 - gpagentd doesn't recognize computer group membership changes

- 14620 - DNS "options" not defined properly when enabled in GPO

- 14451 - Solaris 11 - resolv.conf is not actively used and the functionality is taken over by Solaris SMF

- 13397 - DB Utilities update on alternate drive doesn't install in alternate location

- 12134 - Need optional string for File System Mount GPO

### Notice

- Freebsd - installer has been dropped due to lack of demand. Can still be built from open source

- Fedora - Selinux support dropped

- SElinux - In order to improve the flexibility and reliability of the Group Policy feature, PBIS has been modified to run under the unconfined_t domain

## PowerBroker Identity Services Enterprise 8.3.3.3325

PowerBroker Identity Services Open 8.3.3.3305

Released: September 2015

ISO Hash

- md5 - 518a48232205f0e8516a2c93b28c4491

- sha256 - 3caed2acc5e1c2d090529e187aafb959a4f76a2273e2343bfb6ae5645667b517

### Enterprise

#### Bug Fixes

- 15224 - Memory leak when a match is found for uid/gid

- 15217 - Lwsmd memory leak when account override files are on the system

- 15223 - If override files aren't on the system, ad user is unable to authenticate

## PowerBroker Identity Services Enterprise 8.3.2.3324

PowerBroker Identity Services Open 8.3.2.3302

Released: August 2015

ISO Hash

md5 - 6a904fd0e3db9a7182c849d2185d23a3

sha256 - 295c166e1ecd00f2e15913526313ffab2502421986af06894edccf7d1ba2bbb0

### Open

#### Features

- lwsmd.service now gets copied to systemdsystemunitdir on systems running systemd

- Better support for distros using systemd

#### Bug Fixes

- 15176 - Credentials cache keyring 'persistent:xxxxxxxxx:xxxxx' not found - default_ccache_name

- 15174 - systemd based systems create kerberos tickets in PrivateTmp location

- 14964 - nscd cores/crashes on Solaris 10u10

### Enterprise

#### Bug Fixes

- 15193 - lsass crashes when fails to enumerate when can't resolve a uid/gid

## PowerBroker Identity Services Enterprise 8.3.1.3322

PowerBroker Identity Services Open 8.3.1.3296

Released: June 2015

ISO Hash

md5 - 1dff6378ed97e3dd0d4ab1cfae4e7e81

sha256 - e6c394845db7dd78c102ae86c6e37f2e994179f1ed5e500f99850642de3fbe59

### Open

#### Features

- Samba support for 4.0 - 4.2

## PowerBroker Identity Services Enterprise 8.3.0.3318

PowerBroker Identity Services Open 8.3.0.3287

Released: June 2015

ISO Hash

md5 - 9cc33a705d93955e8b51da7090435480

sha256 - c61207ad2761f90ad146569c89fb63dd8303d145abd8acf32e150d59f63acf3a

### Open

#### Features

- AD cache code update

- Openssl updated to 1.0.2a

- semodule check on uninstall

- SaslMaxBufferSize can be changed with the config tool

#### Bug Fixes

- 15147 - AIX heap memory fragmentation

- 15125 - Unable to install on Fedora 21-64

- 15110 - Fedora 21: Resumeable error upon domain join

- 15102 - Fedora 21: Error in querying lwsmd when doing domain join on Fedora with SELinux enabled

- 15090 - ad-cache shouldn't run without verification from end-user when a domain with objects in the cache is offline

- 15047 - LSASS high CPU usage with no cause

- 15033 - PBIS fails renewing expired krb5 ticket, can't come online, appears hung

- 14999 - broken symlinks in /etc/pam.d cause domainjoin-cli to fail with ERROR_FILE_NOT_FOUND

- 14998 - domainjoin-cli --enable PAM incorrectly reports success after attempted configuration.

- 14997 - Domain join process fails when encountering pam_sss.so

- 14652 - Memory Leak (lwio connect2)

- 14651 - Memory Leak (LSASS)

- 14649 - Memory Leak (Packet Allocation)

- 14648 - Memory Leak (Data marshal leak)

- 14645 - SIGABRTs and SIGSEGVs when copying remote files in parallel

- 14644 - Occasional lwio crash when chasing referrals

- 14454 - LWSMD hangs when restarting LSASS with a tap-log connected

### Enterprise

#### Features

- Account Override

- Local and GPO

- Autoenrollment can now just enroll certificates

- wifi GPO is stilll needed but set to disabled

- Autoenrollment and Wifi support

- RHEL 6.6

- RHEL 7.0

- Centos 6.6

- Centos 7.0

- PBIS GPOE logs now save in pbis.logs directory

- C:\Users\<currentUser>\AppData\Local\PBIS.Logs\PBIS.GPOEditor\

- LWUnifiedProvider.dll is now strongly signed

- Windows Setup installer improvements

- DI configure now backs up the attributes state

- Demoting the Attributes will restore from backup file

- Default restore also available

- DI mode no longer indexes the following Schema Attributes

- GECOS

- LoginShell

- UnixHomeDirectory

- Logs generate now when run from ISO

- Silent windows install

- SQL Database network search

#### Bug Fixes

- 15161 - Update docs on ISO for 8.3.0

- 15135 - LDIFE finished with exit code during demote of attributes

- 15134 - Installer needs to look at full forest for DI mode configuration, not just parent/child

- 15092 - EnableMergeAdmins FALSE/Default broken

- 15080 - Allow skip to Database configuration page when logged into local account

- 15077 - Non descriptive error when installing PBIS on Windows agent machine with local machine account

- 15075 - BMC not reporting correct cell count when on a child domain

- 15072 - Cannot create default cell on local domain if cells are detected in the forest

- 15071 - Change text color and placement on demoting not supported on DI mode configuration page

- 15070 - autoenrollment can not handle multple valid certs on CA

- 15063 - wifi policy does not work if wifi drive didn't exist on domainjoin

- 15045 - OSX - Profile Manager support for OSX10.7 and 10.8

- 15015 - autofs causes gporefresh to hang on debian systems

- 14984 - Help is not consistant in the BMC console

- 14923 - BTCollector.exe crash, no events recieved

- 14769 - Fedora: Gpagent failed to update network settings to /etc/resolve.conf with selinux enforcing

- 14219 - the dependency list for eventfwd in the registry doesn't include rdr

- 14053 - Product should include working LDIF files on ISO

## PowerBroker Identity Services Enterprise 8.2.2.2984

PowerBroker Identity Services Open 8.2.2.2993

Released: Mar 2015

ISO Hash

md5 - 6adfa5a85eb02c572c3e895dd012413d

sha256 - 1b52a81df2fcaebb952e7e14a2e1fdc17ae6ff423cd5ee84b35809fd1bfea489

### Open

#### Bug Fixes

- 15100 - Password Prompt: Other accounts are reported as local

- 15089 - If lwsmd daemon is stopped, localuser can login with incorrect password or no password

### Enterprise

#### Features

- LDF files added to ISO in more accessible location (Resources/LDF/)

- Windows dlls and exe's are now signed by BeyondTrust

## PowerBroker Identity Services Enterprise 8.2.1.2976

PowerBroker Identity Services Open 8.2.1.2979

Released: Nov 2014

ISO Hash

md5 - ebb7341ce42a2156916f234526c625a8

sha256 - fce7a5abff637a0fd90c8fe0fe1f91a7fa2579a036cfcb844ae9c7661541445f

### Open

#### Bug Fixes

- 15050 - users in ignore-user file not ignored by lsass

- 15048 - Mac OSX 10.10 support

- 14989 - Solaris 11.2 support

### Enterprise

#### Bug Fixes

- 15052 - Architure check skipped on upgrades

- 15051 - Version detected displays version about to be installed not installed version

- 15041 - GPMC reports showing no information when left idle for 15+ mins

- 15037 - Console displays parent when logged onto the child - Now displays users domain of origin

- 15036 - If parent domain has default cell created, child domain does not see cell during DI mode configuration

- 15019 - auto close all requested applications fail on uninstall

- 15012 - Setting user policy file copy displays "unix and linux settings" banner under computer configuration

- 15010 - Windows installer errors cleared up

- 15009 - Windows 8 support

- 14875 - Help file in BMC updated

## PowerBroker Identity Services Enterprise 8.2.0.2969

PowerBroker Identity Services Open 8.2.0.2969

Released: Sep 2014

ISO Hash

md5 - 799fe92ada72db7bfd7ac775b7d43943

sha256 - b020c2f10e4ad4d694d43f979cb7fdb5e7089b9c82ad8170ba91dc5f245070f7

### Open

#### Bug Fixes

- 15023 - RHEL4 lsass sigfaults on ad authenication

- 14948 - RHEL4 install/gpagent is broken due to SELinux change in 7.1.2

- 14922 - RPM Installer doesn't install lwsmd into service startup

- 14921 - Fedora 18+ / RHEL 7 plus use new hostname function "hostnamectl"

- 14920 - selinux not supported in latest Fedora or RHEL versions

- 11434 - ubuntu PAM configuration blocks later session modules

### Enterprise

#### Features

- Windows installer updated

- GPOE report settings updated

- Child domain support for windows installer

- Profile manager GPO for MacOS 10.9+

- autoenrollment and wifi GPO

- autoenroll daemon - configurable with the config tool

- automatically enrolls certificate from windows CA

- automatically configures wireless for wpa2 enterprise tls authenication

#### Bug Fixes

- 15018 - Installer won't run on Schema version <31: Prevents schemaless installs

- 15013 - autofs service is not started on fedora 18+ with automount policy

- 15025 - Build installation is not successfull when SElinux is enabled in Fedora 20

- 15004 - Sudo GPO does not show in GP settings preview

- 14938 - Bad error message on failed Domain join due to computer object existing (2012 r2)

- 14936 - DI config can not be run as child domain user even if in schema admins

- 14934 - Require schema admin rights error does not show correctly on child domain

- 14905 - BMC Reports "Unable To Load License File: Invalid License File" when importing licenses with fips enabled

- 14796 - Build installation is not successfull when SElinux is enabled in Fedora 19

- 14455 - gpagent attempts (and fails) security context change on automount files with SELinux permissive+

- 12218 - autofs restart should be used rather than autofs stop and autofs start

## PowerBroker Identity Services Enterprise 8.1.0.2517

PowerBroker Identity Services Open 8.1.0.2469

Released: Jun 2014

ISO Hash

md5 - 39f70b6a6eec5301d9fe0c59fad22b43

sha256 - ced7c9e4dd37eae7a3a87acacb43397c51f5c8a03d5a080195b0fb0b12567423

### Open

#### Features

- OpenSSL libraries updated

- RPM and Debian installers now have signed packages

#### Bug Fixes

- 14561 - Mac OS - Domainjoin hangs at "Resumable error" preventing pbis functionality

### Enterprise

#### Features

- Windows Installer Changes

- Automatic upgrade from Directory Intergrated mode V1 to V2 with schema admin rights

- Text overhaul on Windows Installer

- Add pop in DI Mode config page to confirm Schemaless configuration

- Remove ability to create default cell if in Schemaless mode in install wizard

- Ability to Demote Attributes

- Removed DI Configuration button in the Console - moved to installer

- Add pop up for max GUIDs

- Group Policy Changes for MacOS:

- Gray out the MAC options that we no longer support

- Mac Icon updates: DS Group Policy/Static Settings

- Mac DS Group Policy Settings update

- Mac Static Settings update

- Mac GPAgent updated

#### Bug Fixes

- 14980 - Setting computer policy always displays "unix and linux settings" banner under user configuration

- 14977 - Objects may get provisioned with duplicate UID/GID in several scenarios.

- 14975 - ADUC and Cell Manager assign wrong and inconsistent suggested UIDs

## PowerBroker Identity Services Enterprise 8.0.1.2031

PowerBroker Identity Services Open 8.0.1.2029

Released: May 2014

ISO Hash

md5 - a8130282acd9dadf51ad76ef04473ee4

sha256 - 1f603a31b43c03f96726e385137b624562af03995df3814fc82dc9795d3876cf

### Open

#### Bug Fixes

- 14958 - If lsass is stopped or dead, root can't log in

- 14957 - OpenSSL Heartbleed vulnerability

- 14907 - Installer fails when selinux-policy-targeted RPM is not installed

### Enterprise

#### Bug Fixes

- 14945 - SuSe 10 SP2 GPO error referencing SElinux

## PowerBroker Identity Services Enterprise 8.0.0.2023

PowerBroker Identity Services Open 8.0.0.2016

Released: Jan 2014

ISO Hash

md5 - cec1a1d8f58028431c9dc979b6c3937f

sha256 - 7a95747667e65bfe56e5973e59ab07712eb594cce917014bf9192c59d1f4e3c9

### Open

#### Features

- MAC 10.9 Support

- PBIS Enterprise 8.0 is not dependent on setfile

- Three prompts can be configured via the configuration tool

- ActiveDirectoryPasswordPrompt

- LocalPasswordPrompt

- OtherPasswordPrompt

- Solaris 11.1 Support for SPARC and x86 platforms

#### Bug Fixes

- 14901 - Solaris - After upgrade from platform-6.1/Platform-7.1/Platform-7.5 lwsm list throws error

- 14477 - Authentication is failing in Solaris-11.1 machines

- 14903 - macuninstall.sh can break a system accidentally

### Enterprise

#### Bug Fixes

- 14924 - %hostname parameter for "Allow Logon Rights" will not expand if "Cumulative Allow Logon Rights" is enabled

- 14647 - able to install via wizard if user ignores Unknown Publisher warnings and IE error messages

## PowerBroker Identity Services Enterprise 7.5.3.1592

PowerBroker Identity Services Open 7.5.3.1536

Released: Nov 2013

ISO Hash

md5 - 9e79898f7b8430445b482fe53397aadd

sha256 - eb9c6e809830ec924335e74375bf1f62f60cfb0b530759fda10f06754cb65199

### Open

#### Bug Fixes

- 14610 - SMB2 cannot be enabled

- 14572 - After upgrade from 6.1 authentication is not working

- 14472 - LW_ERROR_KRB5KRB_AP_ERR_ILL_CR_TKT when authenticating users across Forest Trust

- 14896 - upgrade from 6.0.277 > Trunk fails to preserve domain join state

- 14666 - Memory leak observed during the execution of domainjoin-cli command

### Enterprise

#### Bug Fixes

- 14900 - Fail to create the archives when there are huge number of archivable events.

- 14896 - upgrade from 6.0.277 fails to preserve domain join state there by failing to authenticate

- 14894 - MacOS: Policy folders are not retained when upgrading from older 6.x,7.0 and 7.1 builds to 7.5

- 14884 - Can't purge uninstall on Solaris

- 14868 - NFS share policy configured for a ipv6 share is not working

- 14857 - MacOS: Domain joined information is not retained on 7.5 upgrades

- 14787 - LW_ERROR_INCOMPATIBLE_MODES_BETWEEN_TRUSTEDDOMAINS with External Trust

- 14754 - Archiving process creates an archive with inappropriate date range

- 14666 - Memory leak observed during the execution of domainjoin-cli command

- 14642 - LW_ERROR_INVALID_LDAP_ATTR_VALUE error in Group Policy debug log

- 14572 - Solaris: After upgrade from platform-6.1, authentication is not working

- 14558 - Logon User Group Policy processing is not applied due to no PAM State in pam_sm_open_session for ssh logons

- 14557 - Logon User Group Policy processing is not applied due to failure to load libgpapi.so

- 14517 - `su` command does not work after upgrade to v7.0.x

- 14472 - LW_ERROR_KRB5KRB_AP_ERR_ILL_CR_TKT when authenticating users across Forest Trust

- 14372 - Schema Master in child domain cannot run schema wizard

- 13915 - Timeout when clicking on archive status in BMC

- 13293 - Can't see group name in drop down menu

## PowerBroker Identity Services Enterprise 7.5.2.1582

PowerBroker Identity Services Open 7.5.2.1527

Released: Sep 2013

ISO Hash

md5 - 3c77475a4dde01365b0668b9eab6f0d8

sha256 - c98c83081ae15ad4ca67fc6766ad646bb3a23a5d7df90544af64f842ac2aaf34

### Open

#### Bug Fixes

- 14866 - No PAC recieved error logging in

### Enterprise

#### Bug Fixes

- 14895 - When the machine is joined with --disable hostname option, gpagent fails to pull the policies after upgrading from 6.0

- 14893 - After upgrade from Enterprise-6.0 gpagent is stopped

- 14845 - Upgrade to 7.5.1 breaks group policy and dnsupdate

- 14669 - Un-provision is not implemented in Multi User property window

- 14527 - Hierarchy of policy settings in GPMC is not in accordance with the folder structure of Group Policy Management Editor

- 14334 - Cell Manager: Console crashes if bulk changes are attempted

## PowerBroker Identity Services Enterprise 7.5.1.1572

PowerBroker Identity Services Open 7.5.1.1517

Released: Jul 2013

ISO Hash

md5 - 935cc88c7ad70ccc9b1d4a51162248be

sha256 - 2f30d4fbdd81a922ab5b1062df586717dc644125c8e685352d12e118681ff52b

### Open

#### Bug Fixes

- 14500 - extended attributes are not copied during profile copy on login

### Enterprise

#### Bug Fixes

- 14816 - Disjointed DNS Breaks Krb5.keytab (gpagentd and update-dns tool)

- 14753 - The "Suggest" button is not generating an unique UID when pressed

- 14740 - btarchive.exe and ldbupdate.exe help option shows date-time information on each line

- 14730 - Get-status displays the Sub-Mode of a domain as "Schema" whereas BMC shows "Directory Integrated"

- 14729 - SNMPPort range is incorrectly mentioned in config tool

- 14728 - SNMPport registry setting is assigned with invalid huge numerical value on entering negative value via config tool

- 14151 - Upgrading turns on eventfwd by default

- 13845 - Multiple database update notifications displayed

## PowerBroker Identity Services Enterprise 7.5.0.1568

PowerBroker Identity Services Open 7.5.0.1513

Released: Jun 2013

ISO Hash

md5 - 906e71102f2fff1e041eb5cd29aa8143

sha256 - e427a603d7c3ba251258438fce51854da71997a87821d34ed20455bbf22ce4fb

### Open

#### Features

- Enhanced IPv6 Support

- PBIS Command: First version of offering a single command to access all tools offered by PowerBroker Identity Services. The "/opt/pbis/bin/get-status" command can be accessed by simply entering "pbis status"

#### Bug Fixes

- 14320 - Authentication failing after upgrade from 6.0

- 14710 - Domain join fails in 32bit Mac10.6 machine

- 14695 - In Solaris8 machine, lwsmd core is dumped while installing the platform

- 14693 - Domainjoin fails with an error "LW_ERROR_LDAP_NO_SUCH_ATTRIBUTE".

- 14679 - Authentication is failing with Platform

- 14782 - Update-dns tool is not validated for link local addresses.

- 14522 - Observing "Pam" related warning while doing domain join in fedora 18/Opensuse12.3 machines

### Enterprise

#### Bug Fixes

- 14743 - GPOE snapin crashes on clicking the cancel button in Configure SNMP properties dialog box, when Target Address is left empty

- 14741 - "Please enable at least one trap" error generates a MMC processing window after 5 seconds

- 14738 - Pressing Ok button is not closing the "Configure SNMPtrap properties" dialog box

- 14726 - Ubuntu: Sudo events are not getting logged

- 14725 - Can not associate a group to a cell in schema mode

- 14721 - RHEL: Crontab policies are not applied when SELinux is in enabled mode

- 14720 - RHEL: RunScript policies are not pulled and applied when SELinux is in enabled mode

- 14716 - Centos: Sudo user related traps are not generated

- 14708 - Apply button under SNMP configuration window is getting enabled only for alternative changes

- 14707 - Settings are still retained under SNMP configuration even after undefining the policy

- 14706 - Attention message needs to be prompted to the user on enabling atleast one SNMP Trap group

- 14705 - Automatically all the traps are getting enabled under Accounts on clicking either OK or Apply button

- 14701 - Operations dash board is not able to categorize the PBIS events accordingly

- 14700 - Domain join related traps are not captured in the trap reciever

- 14698 - SNMP configuration is not getting reflected correctly in the config tool

- 14697 - RHEL: Gpagent failed to update network settings to /etc/resolve.conf with SELinux Enforcing

- 14664 - "Page not found" error is shown for the "Installation and Administration Guide" link in PBIS Readme files, remove readme

- 14657 - ActivClient fails to load shared libraries on boot

- 14630 - Autorun.hta and README.html are duplicates, remove autorun.hta

- 14619 - Event Log settings defined at the AD are not reflecting in the registry

- 14616 - The Login prompt message and Motd message is not working as expected when SELinux is enabled

- 14615 - SELinux Policy are not pulled by GP agent to the client machine when SELinux is Enforced

- 14599 - DNS settings policy do not allow IPV6 addresses

- 14593 - Need support for ipv6 addresses in update-dns tool

- 14431 - "IgnoreGroupNameList" is not updated in "/etc/pbis/group-ignore" file

- 14425 - ADUC Plugin (and Cell Manager?) Do not connect to optimal DC/GC

- 14375 - Archive Parameters are not updated from BMC when the reporting components are installed in different machines

- 14244 - gporefresh no longer provides positive output upon successful execution

- 14225 - IPV6 IP address is not allowed in "server Name" field under "Mount Details" tab of the "FileSystemMount" group policy setting

- 14207 - "IgnoreUserNameList" GPO is not updating the user-ignore file

- 13894 - If Eventforwader and Enterprise collector are configured with IPV6, events are not getting pushed to the collector

- 13216 - RHEL: Able to unlock the smartcard user with password if "SmartCardRequiredForLogin" is set on AD Side

#### Features

- Operating Mode Name Changes

- "Schema Mode" has been replaced with "Directory Integrated Mode"

## PowerBroker Identity Services Enterprise 7.1.2.1271

PowerBroker Identity Services Open 7.1.2.1233

Released: Aug 2013

ISO Hash

md5 - b2cc81db4c75e00bef11423397bc8e17

sha256 - 78bec1383e07a4e6335424d6c80f0c154f3ec82f867376db65eedb00787c1c7c

### Open

#### Bug Fixes

- 7072 - Need option to NOT sync system clock

- 14718 - nss2 support on Solaris 10

- 14661 - Installer has no "upgrade from 7.0" routines

- 14847 - "purge" uninstall doesn't actually purge

- 14678 - Authentication after upgrade from 7.0/7.1(old) to 7.1 is not happening as expected

- 14673 - Re-Installation of the pbis fails

- 14607 - Debian upgrade doesn't recognize /var/lib/likewise-open and /etc/likewise-open as valid upgrade locations

- 14457 - Upgrade from 5.3 to 7.0 is broken

- 14036 - Remove local provider from default settings

- 14736 - conf2reg crashes badly if lsassd.conf is misformed

- 14463 - 7.0 installer doesn't uninstall Likewise 6.0 build 239

- 13599 - Legacy installation does not include "lwsm" command in /opt/likewise/bin

- 14800 - domainjoin-cli overwrites the Description field in AD

### Enterprise

#### Bug Fixes

- 14839 - In btarchive.exe, using -t option without any argument shows an error "Invalid command-line option" even when it is a valid option

- 14838 - btarchive.exe is not displaying the usage message when no options are specified

- 14837 - When archiving tool is executed with the options -a -t -c (all together), the archiving is done with the old existing parameters but not with the newly specified parameters

- 14836 - When only -a or -t option is used for btarchive.exe, there should be an message stating "This options should be used along with -u or -c option"

- 14835 - Btarchive.exe displays date and time along with the option usage messager error messages

- 14826 - "PowerBrokerAccessRestrictionChanges" report is generated with incorrect heading name

- 14825 - The links present in Readme are invalid

- 14803 - "Security policies" displays only true/false but actually there are four different options which are allowed

- 14788 - Consistency Check in BMC is useless

- 14478 - gpagent is generating errors - invalid LDAP attributes - that appear to be nonfatal, these shouldn't be errors

- 14766 - Execution of .\btarchive.exe fails with an error "Could not load file or assembly 'Likewise.LMC.Utilities"

- 14688 - When disabling a secondary group in the cell, corresponding group's user is also removed although one more group to which the same user is part of is still in use in the cell

- 14686 - Update DB fails to process GPO information when the BMC is connected to MySQL Enterprise DB

- 14685 - "Enterprise Database Management" plug-in is missing after upgrading product (within same minor version)

- 14662 - Installer has no "upgrade from 7.0" routines

- 14654 - Click on the orphaned group and then clicking on any user listed under "powerbroker cell information" throws an error dialog

- 14639 - Can not join or leave if there is a 2nd ssh binary found

- 14626 - On updating an archive, the new increased count of the events is getting reflected also for other old archives in the list

- 14624 - The ## of archivable events count in archive status of BMC do not include usermonitor events and usermonitor events are not being archived

- 14538 - LDBUPDATE fails for users with UIDs greater than 2147483647

- 14428 - During uninstall/upgrade of the build, user can proceed to next page even when none of the options (uninstall/modify) are selected

- 14362 - Index on Group Membership can't be built for large environments

- 14343 - The option "Expand Archive" under "Archive status" plugin of BMC is not working as expected

- 14342 - Maximum UID range specified in Filters of Entitlement Reports and the maximum UID allowed in ADUC/adtool are different

- 14326 - In Meta-installer, the "Next" button is greyed out for "All Components" option if we once press next button and then again back button

- 14315 - Description obtained when "config" tool is executed with "--detail AllowWriteTo" option is improper

- 13386 - Attempting to delete user with duplicate UID crashes ADUC

- 12807 - Operations Dashboard - OpsDash Timeout expired

## PowerBroker Identity Services Enterprise 7.1.1.1260

PowerBroker Identity Services Open 7.1.1.1221

Released: May 2013

ISO Hash

md5 - 1f2bbbbac97859547c7a366639e5d7d0

sha256 - 92ff46c717138d225adb8bb0fd1f704c4fd1561249dc572e49b34139dd292708

### Open

#### Bug Fixes

- 14363 - dcerpc daemon is in running state after installation of 6.5#780 and domain join.

- 14195 - Installation fails with an error postinstall or postremove scripts failed.

- 14600 - Linux (RPM/DEB) installers do not set "conflicts" or "requires" lines properly

- 14659 - Installation fails with dependency errors.

- 14663 - Re-installation is failing after uninstallation followed by purge of the build.

- 13469 - lsass missed Domain Local group membership for cross-forest users

- 14333 - lwsmd crash when server is slow to respond

### Enterprise

#### Bug Fixes

- 14672 - Named Cell Provisioning broken in ADUC/Cell Manager

- 14670 - Upgrading is failing from Platform-7.1 to Enterprise-7.1

- 14638 - Bad hyperlinks "Find out more about schema vs. non-schema mode" and "PBIS Enterprise Installation and Administration Guide."

- 14623 - Computers by OS report does not include all computers

- 14601 - Linux (RPM/DEB) installers do not set "conflicts" or "requires" lines properly

- 14578 - Cell Group Add Flaw: Users are being removed from group unexpectedly

- 14574 - Group policies are not properly pulled by gpagent and Gporefresh is failing when SELinux is enabled

- 14570 - crash in lwio when connecting to a Windows 7 64 bit share

- 14539 - -o (output file) flag does not work with ldbupdate

- 14486 - Group Policies under 'Mac Preferences' that don't work need to be removed

- 14471 - lwio is getting crashed when lwio-copy tool is executed in parallel copying a file from AD to the remote machine without credentials

- 14420 - ldbupdate.exe --transaction failing

- 14341 - Archiving the events is dropping the events without archiving and displaying a message "Wrote 0 events to 0 Archives"

- 14199 - Installation of the product using ISO is not working

- 13857 - Hostname with spaces is accepted in the Submit Hosts field

- 13170 - Mac DS Plugin Allow Administration By GPO match conflict

- 12529 - While installing Windows Management console using Likewise Enterprise installer, an error stating "Cannot find 'file:///D:/SetupLikewise64-6.2.603.exe' " is displayed

- 11916 - ADUC - Processing Likewise Settings for users that are members of many groups takes too long

- 11838 - domain sid in Collector ACL

- 11215 - Reporting Console - Database update takes too long

- 10853 - Clicking 'Operations Dashboard' causes Unhandled exception

## PowerBroker Identity Services Enterprise 7.1.0.1242

PowerBroker Identity Services Open 7.1.0.1203

Released: Mar 2013

ISO Hash

md5 - ebcccc50caffd771bd14e7cf53ee8abe

sha256 - 2342711fd31f87fada2c82141a4e7da463acf631ff0f6444e201f61b20900d5e

### Open

#### Features

- SELinux Policy

- This version will support SELinux in Fedora 13 - 17 and RedHat 6

- Continued support in future releases

#### Bug Fixes

- 14370 - PBIS "failover" to alternate DC is slow

- 14331 - cron stops working on AIX

- 14488 - Solaris - adding a "+" to /etc/pbis/group-ignore or /etc/pbis/user-ignore causes a segfault in "id"

- 14405 - adding a "+" to /etc/pbis/group-ignore causes a segfault in "id"

### Enterprise

#### Bug Fixes

- 14544 - Gpagent does not start after upgrading the build from Enterprise-7.0 to Enterprise-7.1

- 14542 - Not retaining the domain joined state after upgrading from Platform-7.1 to Enterprise-7.1

- 14521 - Authentication of domain user is not happening after upgrade from previous versions of PBIS to Enterprise-7.1

- 14380 - usermonitor crashes upon startup due to possible duplicate entries in user/group get*nam() calls

- 13952 - macuninstall.sh script failed to uninstall the product from Mac OS X 10.8

- 13951 - Local and Domain user logins fails after joining to the domain in Mac10.8

- 13578 - Gpagent starts usermonitor no matter what the setting is