These release notes provide information about the One Identity Authentication Services release.
Authentication Services extends the capabilities of UNIX, Linux, and Mac systems to seamlessly and transparently join Active Directory and integrate Unix identities with Active Directory Windows accounts.
Authentication Services, the solution that pioneered the "Active Directory Bridge" market continues to lead the way with powerful and innovative new capabilities that make heterogeneous identity and access management even more efficient, secure, and compliant.
Authentication Services 4.1 features include:
IPv6 Support - Authentication Services now supports hosts running full IPv6 environments. Authentication Services automatically uses IPv6 when it is available; it uses IPv4 when IPv6 is not available or is significantly slower than IPv4. IPv6 is available in Authentication Services on most recent operating systems, but is operating system dependent. Run vastool info ipv6 to determine whether IPv6 is available on each client. Authentication Services operates in IPv4-only, IPv6-only or dual-stack environments; no special configuration is required. Active Directory severs must be running Windows 2008 or later for IPv6 communication.
Authentication Services uses IPv6 when the operating system's DNS resolver correctly supports mapping of IPv4 addresses to IPv6 addresses. If a problem with address mapping is detected, Authentication Services operates in IPv4-only mode, even if an IPv6 address is assigned and other applications use IPv6.
Customizable Windows Components Installer - The Windows installer now allows you to install individual components. The granule install includes: core components, ADUC components, Group Policy Extensions, Documentation, and the Control Center. For example, you can install an individual MMC snap-in without installing the entire Control Center application. These components are also available as MSI packages for automated and configurable installation.
Group Policy Updates:
A new preference manifest setting for MAC Group Policy called Apple Network Browser that allows you to deactivate AirDrop.
NOTE: When upgrading Authentication Services, you must manually add this new preference manifest. Refer to the "Preference Manifest Settings" topic in the One Identity Authentication Services 4.1 Mac OS X Administrator Guide for the procedure "To add a Preference Manifest".
Group Policy for Certificate Autoenrollment - Authentication Services Certificate Autoenrollment provides a quick and simple way to issue and renew certificates for Mac OS X, UNIX and Linux users and systems from Windows 2008 R2 Certificate Enrollment Services. In this release you can configure Certificate Autoenrollment with Group Policy. Certificate Autoenrollment includes the ability to:
Support both user and machine certificate policy.
NOTE: In previous releases, Certificate Autoenrollment 1.0 was provided as an add-on and was only available for Mac OS X. Authentication Services version 4.1.2 now includes Certificate Autoenrollment 1.1 as a standard installable component, vascert, available for Mac OS X, UNIX and Linux.
Management Console for Unix 2.5 Updates:
The following is a list of issues addressed in Authentication Services 4.1.
NOTE: Various defects have been resolved and updated in the quarterly Authentication Services 4.0.3 maintenance releases and have been ported to this release. For more information on these fixes, refer to the 4.0.3 changelog.
|Resolved Issue||Issue ID|
|Authentication Services now honors the Apply Group Policy ACL for denial of Group Policy to computers, uses, and groups through this permission||19110|
The following is a list of issues known to exist at the time of release.
|Known Issue||Issue ID|
|After installing Authentication Services 4.1.0, the machine must be rebooted for Change Auditor to log "QAS GPO Setting Changed" events.||28008|