Introduction
LogonBox is pleased to announce the immediate availability of LogonBox VPN 2.3.20.
This release includes the ability to force AD schema versions and additions to LDAP attributes.
AD schema checking changes
LogonBox needs to check the AD schema when using Active Directory so we know what features to support.
There have been some cases where these checks were unsuccessful, which resulted in the service not supporting Password History checks.
LogonBox will now automatically traverse up the AD DN chain to try to find the schema if it’s not found.
We have also added a setting to override this schema setting manually.
To change this setting manually, navigate to User Directory->Configure User Database->Advanced and look for the Schema Version setting.
LDAP user directory reads more attributes
The LDAP user directory now pulls in the user’s email address and description attributes if they exist.
Upgrade Instructions
You can directly upgrade from the web UI or the operating system.
To upgrade from the web UI, log on with your admin account, navigate to Server Status from the main dashboard and click Update. You may also be prompted automatically on login if you have Updates, Features & Licensing->Update Prompt turned on.
To upgrade from the operating system:
On Windows – download the new installer, run the installer, and follow the prompts.
On a LogonBox VM – from a shell, type in:
apt update apt upgrade
If you are still running a version before 2.3, you will need to perform some extra steps from the OS, as detailed here:
https://docs.logonbox.com/app/manpage/en/article/6172513
Our support team will upgrade Cloud customers over the coming week.
Changes
Here is a summary of the changes in this release.
Features
- New option added to force AD schema versions, plus automatic domain traversal to attempt to find the schema automatically.
- LDAP reads in email and description attributes on a sync.
Bugs
- Cloudflare proxying no longer results in a 520 error when a client uses IPv6.
- AD connections over SecureNode sometimes hung on close; this has been resolved.
- LDAP now writes changes back to the directory after editing a user.
- Vulnerability: Fixed an issue where it was possible to determine a valid username by a bad response to using a fake principal.
- Fixed justification of login widget on Password Reset and Account Unlock pages when a Logon Banner is set.
VPN Client
- Mac OS X networksetup DNS integration now correctly removes DNS server address and domains on tear down.
- Resolved some issues with starting the service on French language version of Windows.