Release 2023.1 - Adbindproxy Release Notes

DirectControl for Samba is a proxy agent package that seamlessly integrates the Verify Privilege Server Suite Agent for *NIX with open source Samba (referred to as stock Samba in this document), enabling the two products to share Active Directory user and group membership and to agree upon Unix identity attributes for Active Directory users. It is a proxy that passes identity management requests from Samba to the Verify Privilege Server Suite Agent for *NIX.

Verify Privilege Server Suite and its component services have been changed to use the new Delinea name and logo.

For more information about Delinea, see Delinea Announcement.

IBM Security software is protected by U.S. Patents 7,591,005; 8,024,360; 8,321,523; 9,015,103; 9,112,846; 9,197,670; 9,378,391 and 9,442,962. (Ref: CS-44575)

Package Contents

The DirectControl for Samba bundle package contains the following resources:

  • DirectControl for Samba software package

    (for example, CentrifyDC-adbindproxy-<version#>-<OS>.<architecture>.rpm, or similar platform specific package file)

Supported Platforms

The DirectControl for Samba bundle package is available on the following OS/platforms in this release:

  • HPUX on Itanium

  • IBM AIX on PPC

  • Oracle Solaris on SPARC

  • Oracle Solaris on x86_64

  • Ubuntu on x86_64

  • Red Hat Enterprise Linux on PPC

  • Red Hat Enterprise Linux on PPC64LE

  • Red Hat Enterprise Linux on x86_64

  • SUSE Linux Enterprise Server on x86_64

    This DirectControl for Samba release supports stock Samba version 4.14 to 4.19. You are strongly advised to apply the latest security patches from Samba first before deploying DirectControl for Samba.

    For the OS versions that a DirectControl for Samba bundle package supports, please refer to the supported OS versions of the matching DirectControl Agent for *NIX package of the corresponding Verify Privilege Server Suite release. Similarly, DirectControl for Samba also follows DirectControl Agent for *NIX’s schedule for End-of-Support platforms and hence please refer to the announcements there.

Feature Changes

No new features in this release.

Bugs Fixed

  • Fixed an issue that the script adbindproxy.pl in version 5.9.0 does not detect Samba SELinux policy and will not update SELinux policy. (Ref: 530475)

Known Issues

The following sections describe common known issues or limitations associated with this DirectControl for Samba release.

  • Limitations with stock Samba

    In previous releases of DirectControl for Samba, we modified the following in stock Samba for interoperability. Using stock Samba instead of Centrify Samba, you may see related issues.

    • Default Kerberos keytab location, KEYTAB_DEFAULT, from /etc/krb5.keytab to /etc/krb5/krb5.keytab on Solaris (SAMBA-890).
    • Default Kerberos cache location, CCNAME, from /tmp/krb5cc_%{uid} to /var/krb5/security/creds/krb5cc_%{uid}" on AIX (SAMBA-892).
  • Limitations with RHEL 7.2 PPC (SAMBA-965)

    If you are using 64bit Samba on a RHEL 7.2 PPC machine, you may have problem with adclient failed to use the 64bit tdb library come with 64 bit Samba. The symptom can be shown in the error message while trying to access samba server - “session setup failed: NT_STATUS_CANT_ACCESS_DOMAIN_INFO”.

    You need to install a 32bit tdb library, such as libtdb-1.3.6-2.el7.ppc.rpm in rhel-server-7.2-ppc64-dvd.iso, for adclient to work with, and you need to tell adclient where to get this library by adding a parameter “samba.libtdb.path: /usr/lib/libtdb.so.1” into centrifydc.conf, assuming the path to libtdb is /usr/lib/libtdb.so.1.

Additional Information and Support

In addition to the documentation provided with this package, see the IBM Security Knowledge Base for answers to common questions and other information (including any general or platform-specific known limitations), tips, or suggestions. You can also contact IBM Security Support directly with your questions through the IBM Security Web site, by email, or by telephone.

The IBM Security Resources web site provides access to a wide range of information including analyst report, best practice brief, case study, datasheet, ebook, white papers, etc., that may help you optimize your use of IBM Security products. For more information, see the IBM Security Resources web site.

You can also contact IBM Security Support directly with your questions through the IBM Security Web site, by email, or by telephone. To contact IBM Security Support or to get help with installing or using this software, send email to support@delinea.com or call 1-202-991-0540. For information about purchasing or evaluating IBM Security products, send email to info@delinea.com.