Quest has been named as an ASP "Ten Best Web Support Sites" award winner. Learn more.

Authentication Services 4.1 - QAS 4.1 Release Notes

Release Notes

One Identity Authentication Services 4.1.2

One Identity Authentication Services 4.1.2

Release Notes

April 2017

These release notes provide information about the One Identity Authentication Services release.

Topics:

About this release

Authentication Services extends the capabilities of UNIX, Linux, and Mac systems to seamlessly and transparently join Active Directory and integrate Unix identities with Active Directory Windows accounts.


Was this topic helpful?

[Select Rating]



New Features

Release Notes > New Features

Authentication Services, the solution that pioneered the "Active Directory Bridge" market continues to lead the way with powerful and innovative new capabilities that make heterogeneous identity and access management even more efficient, secure, and compliant.

Authentication Services 4.1 features include:

  • Upgrade Without Reboot - Authentication Services adds the functionality required so that future upgrades will no longer require a system reboot. Some customer deployments of Authentication Services have been running on old versions for long periods of time because of the difficulties of scheduling sever down time. With Authentication Services 4.1 deployed as the foundation, future releases will allow you to deploy upgrades without impacting running services or rebooting.
  • IPv6 Support - Authentication Services now supports hosts running full IPv6 environments. Authentication Services automatically uses IPv6 when it is available; it uses IPv4 when IPv6 is not available or is significantly slower than IPv4. IPv6 is available in Authentication Services on most recent operating systems, but is operating system dependent. Run vastool info ipv6 to determine whether IPv6 is available on each client. Authentication Services operates in IPv4-only, IPv6-only or dual-stack environments; no special configuration is required. Active Directory severs must be running Windows 2008 or later for IPv6 communication.

    Authentication Services uses IPv6 when the operating system's DNS resolver correctly supports mapping of IPv4 addresses to IPv6 addresses. If a problem with address mapping is detected, Authentication Services operates in IPv4-only mode, even if an IPv6 address is assigned and other applications use IPv6.

  • Customizable Windows Components Installer - The Windows installer now allows you to install individual components. The granule install includes: core components, ADUC components, Group Policy Extensions, Documentation, and the Control Center. For example, you can install an individual MMC snap-in without installing the entire Control Center application. These components are also available as MSI packages for automated and configurable installation.

  • Group Policy Updates:

    • Ability to specify "merge" or "replace" several local file settings in the GPO. For example, you can configure users.allow to be delivered to every system with the contents overwriting any changes made to the local copy of users.allow.
    • A new preference manifest setting for MAC Group Policy called Apple Network Browser that allows you to deactivate AirDrop.

      NOTE: When upgrading Authentication Services, you must manually add this new preference manifest. Refer to the "Preference Manifest Settings" topic in the One Identity Authentication Services 4.1 Mac OS X Administrator Guide for the procedure "To add a Preference Manifest".

    • Ability to distribute trusted certificates through Group Policy.
  • Group Policy for Certificate Autoenrollment - Authentication Services Certificate Autoenrollment provides a quick and simple way to issue and renew certificates for Mac OS X, UNIX and Linux users and systems from Windows 2008 R2 Certificate Enrollment Services. In this release you can configure Certificate Autoenrollment with Group Policy. Certificate Autoenrollment includes the ability to:

    • Automatically enroll x509 Certificates based on Microsoft Certificate Enrollment Policy.
    • Renew certificates that are close to expiration according to policy.
    • Automatically install newly enrolled certificates into the appropriate system or user keychain.
    • Support both user and machine certificate policy.

    NOTE: In previous releases, Certificate Autoenrollment 1.0 was provided as an add-on and was only available for Mac OS X. Authentication Services version 4.1.2 now includes Certificate Autoenrollment 1.1 as a standard installable component, vascert, available for Mac OS X, UNIX and Linux.

  • Management Console for Unix 2.5 Updates:

    • Ability to manage Privilege Manager for Unix®.
    • Ability to manage access control on a single host system.
    • Ability to add and remove Active Directory users or groups across multiple hosts.
    • Ability to rejoin hosts to Active Directory.
    • Ability to reset or change passwords for multiple local accounts across multiple hosts.

See also:


Was this topic helpful?

[Select Rating]



Resolved Issues

Release Notes > Resolved Issues

The following is a list of issues addressed in Authentication Services 4.1.

NOTE: Various defects have been resolved and updated in the quarterly Authentication Services 4.0.3 maintenance releases and have been ported to this release. For more information on these fixes, refer to the 4.0.3 changelog.

Table 1: General resolved issues
Resolved Issue Issue ID
Authentication Services now honors the Apply Group Policy ACL for denial of Group Policy to computers, uses, and groups through this permission 19110

Was this topic helpful?

[Select Rating]



Known Issues

Release Notes > Known Issues

The following is a list of issues known to exist at the time of release.

Table 2: Change Auditor integration known issues
Known Issue Issue ID
After installing Authentication Services 4.1.0, the machine must be rebooted for Change Auditor to log "QAS GPO Setting Changed" events. 28008

Was this topic helpful?

[Select Rating]



Self Service Tools
Knowledge Base
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
Related Documents