These release notes provide information about the One Identity Authentication Services release.
Authentication Services extends the capabilities of UNIX, Linux and Mac systems to seamlessly and transparently join Active Directory and integrate Unix identities with Active Directory Windows accounts.
Authentication Services Version 4.1.3 is a minor release that has been rebranded to One Identity.
Authentication Services, the solution that pioneered the "Active Directory Bridge" market continues to lead the way with powerful and innovative new capabilities that make heterogeneous identity and access management even more efficient, secure, and compliant.
Authentication Services 4.1 features include:
Upgrade Without Reboot: Authentication Services adds the functionality required so that future upgrades will no longer require a system reboot when upgrading as a local user. Some customer deployments of Authentication Services have been running on old versions for long periods of time because of the difficulties of scheduling sever down time. With Authentication Services 4.1 deployed as the foundation, future releases, under some circumstances, will allow you to deploy upgrades without impacting running services or rebooting.
|NOTE: Because of changes Apple makes to their operating system with new macOS releases, this is not always possible especially when upgrading as a mobile account.|
IPv6 Support: Authentication Services now supports hosts running full IPv6 environments. Authentication Services automatically uses IPv6 when it is available; it uses IPv4 when IPv6 is not available or is significantly slower than IPv4. IPv6 is available in Authentication Services on most recent operating systems, but is operating system dependent. Run vastool info ipv6 to determine whether IPv6 is available on each client. Authentication Services operates in IPv4-only, IPv6-only or dual-stack environments; no special configuration is required. Active Directory severs must be running Windows 2008 or later for IPv6 communication.
Authentication Services uses IPv6 when the operating system's DNS resolver correctly supports mapping of IPv4 addresses to IPv6 addresses. If a problem with address mapping is detected, Authentication Services operates in IPv4-only mode, even if an IPv6 address is assigned and other applications use IPv6.
Customizable Windows Components Installer: The Windows installer now allows you to install individual components. The granule install includes: core components, ADUC components, Group Policy Extensions, Documentation, and the Control Center. For example, you can install an individual MMC snap-in without installing the entire Control Center application. These components are also available as MSI packages for automated and configurable installation.
Ability to specify "merge" or "replace" several local file settings in the GPO. For example, you can configure users.allow to be delivered to every system with the contents overwriting any changes made to the local copy of users.allow.
A new preference manifest setting for MAC Group Policy called Apple Network Browser that allows you to deactivate AirDrop.
||NOTE: When upgrading Authentication Services, you must manually add this new preference manifest. Refer to the "Preference Manifest Settings" topic in the One Identity Authentication Services Mac OS X/macOS Administration Guide for the procedure "To add a Preference Manifest".|
Ability to distribute trusted certificates through Group Policy.
Group Policy for Certificate Autoenrollment: Authentication Services Certificate Autoenrollment provides a quick and simple way to issue and renew certificates for Mac OS X, UNIX and Linux users and systems from Windows 2008 R2 Certificate Enrollment Services. In this release you can configure Certificate Autoenrollment with Group Policy. Certificate Autoenrollment includes the ability to:
Automatically enroll x509 Certificates based on Microsoft Certificate Enrollment Policy.
Renew certificates that are close to expiration according to policy.
Automatically install newly enrolled certificates into the appropriate system or user keychain.
Support both user and machine certificate policy.
|NOTE: In previous releases, Certificate Autoenrollment 1.0 was provided as an add-on and was only available for Mac OS X. Beginning with Authentication Services version 4.1.2, Certificate Autoenrollment 1.1 is included as a standard installable component, vascert, available for Mac OS X, UNIX and Linux.|
Management Console for Unix 2.5 Updates:
Ability to manage Privilege Manager for Unix.
Ability to manage access control on a single host system.
Ability to add and remove Active Directory users or groups across multiple hosts.
Ability to rejoin hosts to Active Directory.
Ability to reset or change passwords for multiple local accounts across multiple hosts.
The following is a list of issues addressed in Authentication Services 4.1.
NOTE: Various defects have been resolved and updated in the quarterly Authentication Services 4.0.3 maintenance releases and have been ported to this release. For more information on these fixes, refer to the 4.0.3 changelog.
|Resolved Issue||Issue ID|
|Authentication Services now honors the Apply Group Policy ACL for denial of Group Policy to computers, uses, and groups through this permission.||19110|
The following is a list of issues known to exist at the time of release.
|Known Issue||Issue ID|
|After installing Authentication Services 4.1.0, the machine must be rebooted for Change Auditor to log "QAS GPO Setting Changed" events.||28008|