Re: [Freeipa-users] Broken dirsrv and SSL certificate in CA-less install of FreeIPA 4.4 on CentOS 7.3

Wed, 04 Jan 2017 05:03:08 -0800 


On 30.12.2016 11:54, Martin Basti wrote:


Hello,


The first half of the first issue is this bug: 
https://fedorahosted.org/freeipa/ticket/6226


you have to enable SSL on server manually after installation



The second half of the first issue shouldn't be related to ticket 
above, but I don't know more details I'll leave this for IPA CA gurus




The second issue is unrelated to certificates, I believe that 
something in dirsrv causes this unusual behavior. I saw this before 
with other users.



* both no such entry for HTTP principal, or for topology plugin are 
the same issue



* all users have this issue with CA-less installation, but not always 
reproducible, I'm not sure if there can be a step in CA-less install 
that can cause this



* entries are in database (were added previously by installer) but 
during installation the search failed with no such entry, ldapsearch 
after installation works



* in access log SRCH is before ADD operation, but this is against the 
steps in installer, entry is added first and even installer failed 
hard so there is no way how to add it after failure caused by not 
found error.


[29/Dec/2016:10:33:02.775715491 +0000] conn=16 op=1 SRCH 
base="krbprincipalname=HTTP/ipa01.pakos...@pakos.uk,cn=services,cn=accounts,dc=pakos,dc=uk"
  scope=0 filter="(objectClass=*)" attrs=ALL
[29/Dec/2016:10:33:02.775892719 +0000] conn=16 op=1 RESULT err=32 tag=101 
nentries=0 etime=0
This caused installation failure (IMO - there is no more SRCH operation for 
HTTP principal in log) ^^^^^^
......
[29/Dec/2016:10:33:05.487917960 +0000] conn=17 op=10 ADD 
dn="krbprincipalname=HTTP/ipa01.pakos...@pakos.uk,cn=services,cn=accounts,dc=pakos,dc=uk"
[29/Dec/2016:10:33:05.492213776 +0000] conn=17 op=10 RESULT err=0 tag=105 
nentries=0 etime=0 csn=5864e653000000040000
[29/Dec/2016:10:33:05.492372184 +0000] conn=17 op=11 MOD 
dn="krbprincipalname=HTTP/ipa01.pakos...@pakos.uk,cn=services,cn=accounts,dc=pakos,dc=uk"
[29/Dec/2016:10:33:05.494649080 +0000] conn=17 op=11 RESULT err=0 tag=103 
nentries=0 etime=0 csn=5864e653000100040000
[29/Dec/2016:10:33:05.494816357 +0000] conn=17 op=12 MOD 
dn="krbprincipalname=HTTP/ipa01.pakos...@pakos.uk,cn=services,cn=accounts,dc=pakos,dc=uk"
These were added after failure ??? ^^^^^

I need a DS guru assistance to resolve this :)
Martin^2

Ticket for this issue has been opened 
https://fedorahosted.org/freeipa/ticket/6575 Martin^2

On 29.12.2016 19:13, Peter Pakos wrote:

Access log: https://files.pakos.uk/access.txt
Error log: https://files.pakos.uk/ipareplica-install.log.txt
I hope it helps.

On 29 December 2016 at 12:52, Peter Pakos <pe...@pakos.uk 
<mailto:pe...@pakos.uk>> wrote:


    Hi guys,
    I'm facing yet another problem with CA-less install of FreeIPA
    replica and 3rd party SSL certificate.
    Few days ago I deployed a new CA-less server (ipa02) by running
    the following command:

        ipa-server-install \   -r PAKOS.UK <http://PAKOS.UK> \   -n
        pakos.uk <http://pakos.uk> \   -p 'password' \   -a

        'password' \   --mkhomedir \   --setup-dns \  
        --no-forwarders \   --no-dnssec-validation \  
        --dirsrv-cert-file=/root/ssl/star.pakos.uk.pfx \  
        --dirsrv-pin='' \  
        --http-cert-file=/root/ssl/star.pakos.uk.pfx \  
        --http-pin='' \   --http-cert-name=AlphaWildcardIPA \  
        --idstart=1000


    This server appears to be working OK.
    Then yesterday I deployed a client (ipa01):

        ipa-client-install \   -p admin \   -w 'password' \   --mkhomedir

    Next, I promoted it to IPA server:


        ipa-replica-install \   -w 'password' \   --mkhomedir \  
        --setup-dns \   --no-forwarders \   --no-dnssec-validation \
          --dirsrv-cert-file=/root/ssl/star.pakos.uk.pfx \  
        --dirsrv-pin='' \   --dirsrv-cert-name=AlphaWildcardIPA \  
        --http-cert-file=/root/ssl/star.pakos.uk.pfx \  
        --http-pin='' \   --http-cert-name=AlphaWildcardIPA


    After it finished, I've noticed that dirsrv wasn't running on
    port 636 on ipa01.
    Further investigation revealed that the SSL wildcard certificate
    (AlphaWildcardIPA) wasn't installed in dirsrv DB and CA
    certificates were named oddly (CA 1 and CA 2):

    [root@ipa01 ~]# certutil -L -d /etc/httpd/alias/ Certificate
    Nickname Trust Attributes SSL,S/MIME,JAR/XPI AlphaWildcardIPA
    u,u,u CA 1 ,, CA 2 C,, [root@ipa01 ~]# certutil -L -d
    /etc/dirsrv/slapd-PAKOS-UK/ Certificate Nickname Trust Attributes
    SSL,S/MIME,JAR/XPI GlobalSign Root CA - GlobalSign nv-sa ,,
    AlphaSSL CA - SHA256 - G2 - GlobalSign nv-sa C,,

    This is what I found in the error log:

    [29/Dec/2016:01:43:58.852745536 +0000] 389-Directory/1.3.5.10
    <http://1.3.5.10> B2016.341.2222 starting up
    [29/Dec/2016:01:43:58.867642515 +0000] default_mr_indexer_create:
    warning - plugin [caseIgnoreIA5Match] does not handle
    caseExactIA5Match [29/Dec/2016:01:43:58.889866051 +0000]
    schema-compat-plugin - scheduled schema-compat-plugin tree scan
    in about 5 seconds after the server startup!
    [29/Dec/2016:01:43:58.905267535 +0000] NSACLPlugin - The ACL
    target cn=groups,cn=compat,dc=pakos,dc=uk does not exist
    [29/Dec/2016:01:43:58.907051833 +0000] NSACLPlugin - The ACL
    target cn=computers,cn=compat,dc=pakos,dc=uk does not exist
    [29/Dec/2016:01:43:58.908396407 +0000] NSACLPlugin - The ACL
    target cn=ng,cn=compat,dc=pakos,dc=uk does not exist
    [29/Dec/2016:01:43:58.909758735 +0000] NSACLPlugin - The ACL
    target ou=sudoers,dc=pakos,dc=uk does not exist
    [29/Dec/2016:01:43:58.911133739 +0000] NSACLPlugin - The ACL
    target cn=users,cn=compat,dc=pakos,dc=uk does not exist
    [29/Dec/2016:01:43:58.912416230 +0000] NSACLPlugin - The ACL
    target cn=vaults,cn=kra,dc=pakos,dc=uk does not exist
    [29/Dec/2016:01:43:58.913644794 +0000] NSACLPlugin - The ACL
    target cn=vaults,cn=kra,dc=pakos,dc=uk does not exist
    [29/Dec/2016:01:43:58.914901802 +0000] NSACLPlugin - The ACL
    target cn=vaults,cn=kra,dc=pakos,dc=uk does not exist
    [29/Dec/2016:01:43:58.916158004 +0000] NSACLPlugin - The ACL
    target cn=vaults,cn=kra,dc=pakos,dc=uk does not exist
    [29/Dec/2016:01:43:58.917409810 +0000] NSACLPlugin - The ACL
    target cn=vaults,cn=kra,dc=pakos,dc=uk does not exist
    [29/Dec/2016:01:43:58.918636743 +0000] NSACLPlugin - The ACL
    target cn=vaults,cn=kra,dc=pakos,dc=uk does not exist
    [29/Dec/2016:01:43:58.919904210 +0000] NSACLPlugin - The ACL
    target cn=vaults,cn=kra,dc=pakos,dc=uk does not exist
    [29/Dec/2016:01:43:58.921175543 +0000] NSACLPlugin - The ACL
    target cn=vaults,cn=kra,dc=pakos,dc=uk does not exist
    [29/Dec/2016:01:43:58.922417264 +0000] NSACLPlugin - The ACL
    target cn=vaults,cn=kra,dc=pakos,dc=uk does not exist
    [29/Dec/2016:01:43:58.923818252 +0000] NSACLPlugin - The ACL
    target cn=vaults,cn=kra,dc=pakos,dc=uk does not exist
    [29/Dec/2016:01:43:58.925218237 +0000] NSACLPlugin - The ACL
    target cn=vaults,cn=kra,dc=pakos,dc=uk does not exist
    [29/Dec/2016:01:43:58.928474915 +0000] NSACLPlugin - The ACL
    target cn=ad,cn=etc,dc=pakos,dc=uk does not exist
    [29/Dec/2016:01:43:58.943158867 +0000] NSACLPlugin - The ACL
    target cn=casigningcert
    cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=pakos,dc=uk does not
    exist [29/Dec/2016:01:43:58.944679679 +0000] NSACLPlugin - The
    ACL target cn=casigningcert
    cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=pakos,dc=uk does not
    exist [29/Dec/2016:01:43:59.060335708 +0000] NSACLPlugin - The
    ACL target cn=automember rebuild membership,cn=tasks,cn=config
    does not exist [29/Dec/2016:01:43:59.066618653 +0000] Skipping
    CoS Definition cn=Password Policy,cn=accounts,dc=pakos,dc=uk--no
    CoS Templates found, which should be added before the CoS
    Definition. [29/Dec/2016:01:43:59.100168779 +0000]
    schema-compat-plugin - schema-compat-plugin tree scan will start
    in about 5 seconds! [29/Dec/2016:01:43:59.108366423 +0000] slapd
    started. Listening on All Interfaces port 389 for LDAP requests
    [29/Dec/2016:01:43:59.109788596 +0000] Listening on
    /var/run/slapd-PAKOS-UK.socket for LDAPI requests
    [29/Dec/2016:01:44:04.117095313 +0000] schema-compat-plugin -
    warning: no entries set up under cn=ng, cn=compat,dc=pakos,dc=uk
    [29/Dec/2016:01:44:04.142962437 +0000] schema-compat-plugin -
    warning: no entries set up under cn=computers,
    cn=compat,dc=pakos,dc=uk [29/Dec/2016:01:44:04.164958006 +0000]
    schema-compat-plugin - Finished plugin initialization.
    [29/Dec/2016:01:44:20.113621699 +0000] ipa-topology-plugin -
    ipa_topo_util_get_replica_conf: server configuration missing
    [29/Dec/2016:01:44:20.115517170 +0000] ipa-topology-plugin -
    ipa_topo_util_get_replica_conf: cannot create replica

    At this point I trashed ipa01 and tried to re-deploy it again
    using the same commands. The install failed with the following
    error message:

    Done configuring directory server (dirsrv). Configuring
    ipa-custodia [1/4]: Generating ipa-custodia config file [2/4]:
    Generating ipa-custodia keys [3/4]: starting ipa-custodia [4/4]:
    configuring ipa-custodia to start on boot Done configuring
    ipa-custodia. Configuring Kerberos KDC (krb5kdc). Estimated time:
    30 seconds [1/4]: configuring KDC [2/4]: adding the password
    extension to the directory [3/4]: starting the KDC [4/4]:
    configuring KDC to start on boot Done configuring Kerberos KDC
    (krb5kdc). Configuring kadmin [1/2]: starting kadmin [2/2]:
    configuring kadmin to start on boot Done configuring kadmin.
    Configuring ipa_memcached [1/2]: starting ipa_memcached [2/2]:
    configuring ipa_memcached to start on boot Done configuring
    ipa_memcached. Configuring the web interface (httpd). Estimated
    time: 1 minute [1/19]: setting mod_nss port to 443 [2/19]:
    setting mod_nss cipher suite [3/19]: setting mod_nss protocol
    list to TLSv1.0 - TLSv1.2 [4/19]: setting mod_nss password file
    [5/19]: enabling mod_nss renegotiate [6/19]: adding URL rewriting
    rules [7/19]: configuring httpd [8/19]: setting up httpd keytab
    [9/19]: setting up ssl [error] NotFound: no such entry Your
    system may be partly configured. Run /usr/sbin/ipa-server-install
    --uninstall to clean up.
    ipa.ipapython.install.cli.install_tool(Replica): ERROR no such
    entry ipa.ipapython.install.cli.install_tool(Replica): ERROR The
    ipa-replica-install command failed. See
    /var/log/ipareplica-install.log for more information

    Here's the full install log:
    https://files.pakos.uk/ipareplica-install.log.txt
    <https://files.pakos.uk/ipareplica-install.log.txt>
    I've raised this problem on #freeipa channel (many thanks to
    mbasti and ab for their help in investigating this issue with me)
    however we didn't get too far and some further input from dirsrv
    gurus is required here.

    [root@ipa01 ipa]# echo $SERVICE HTTP/ipa01.pakos...@pakos.uk
    <mailto:ipa01.pakos...@pakos.uk> [root@ipa01 ipa]# echo $DN
    krbprincipalname=HTTP/ipa01.pakos...@pakos.uk
    <mailto:ipa01.pakos...@pakos.uk>,cn=services,cn=accounts,dc=pakos,dc=uk
    [root@ipa01 ipa]# ldapsearch -D "cn=Directory Manager" -W -b $DN
    -s sub Enter LDAP Password: # extended LDIF # # LDAPv3 # base
    <krbprincipalname=HTTP/ipa01.pakos...@pakos.uk
    <mailto:ipa01.pakos...@pakos.uk>,cn=services,cn=accounts,dc=pakos,dc=uk>
    with scope subtree # filter: (objectclass=*) # requesting: ALL #
    # HTTP/ipa01.pakos...@pakos.uk <mailto:ipa01.pakos...@pakos.uk>,
    services, accounts, pakos.uk <http://pakos.uk> dn:
    krbprincipalname=HTTP/ipa01.pakos...@pakos.uk
    <mailto:ipa01.pakos...@pakos.uk>,cn=services,cn=accounts,dc=p
    akos,dc=uk krbExtraData::
    AAJS5mRYSFRUUC9pcGEwMS5wYWtvcy51a0BQQUtPUy5VSwA=
    krbLastPwdChange: 20161229103250Z krbPrincipalKey::
    MIHeoAMCAQGhAwIBAaIDAgEBowMCAQGkgccwgcQwaKAbMBmgAwIBBKESBBB5
    
NUQyJVZFPGYyMTZAUU0+oUkwR6ADAgESoUAEPiAA1r2NfOUD/7xph6tSb4hg/nTOwIVYhOusG/omq
    
a1qMz/ZVA/nn4pct9yNwFxKUGOFOz1suDz0l2Rur2vUMFigGzAZoAMCAQShEgQQOiQnZGE8Nk93V3
    
pvJSRLVaE5MDegAwIBEaEwBC4QAJbWI/ipYCPMu9I/jUqL39P0a9WHq8BdW2kpY9kYqsoy7D+A3fP
    LwmAX3lYm objectClass: ipaobject objectClass: ipaservice
    objectClass: krbticketpolicyaux objectClass: ipakrbprincipal
    objectClass: krbprincipal objectClass: krbprincipalaux
    objectClass: pkiuser objectClass: top ipaKrbPrincipalAlias:
    HTTP/ipa01.pakos...@pakos.uk <mailto:ipa01.pakos...@pakos.uk>
    krbCanonicalName: HTTP/ipa01.pakos...@pakos.uk
    <mailto:ipa01.pakos...@pakos.uk> managedBy: fqdn=ipa01.pakos.uk
    <http://ipa01.pakos.uk>,cn=computers,cn=accounts,dc=pakos,dc=uk
    krbPrincipalName: HTTP/ipa01.pakos...@pakos.uk
    <mailto:ipa01.pakos...@pakos.uk> ipaUniqueID:
    25dc5432-cdb2-11e6-a20e-005056a2f7f5 # search result search: 2
    result: 0 Success # numResponses: 2 # numEntries: 1 [root@ipa01
    ipa]# ldapsearch -D "cn=Directory Manager" -W -b $DN -s sub
    "krbprincipalname=*" Enter LDAP Password: # extended LDIF # #
    LDAPv3 # base <krbprincipalname=HTTP/ipa01.pakos...@pakos.uk
    <mailto:ipa01.pakos...@pakos.uk>,cn=services,cn=accounts,dc=pakos,dc=uk>
    with scope subtree # filter: krbprincipalname=* # requesting: ALL
    # # HTTP/ipa01.pakos...@pakos.uk
    <mailto:ipa01.pakos...@pakos.uk>, services, accounts, pakos.uk
    <http://pakos.uk> dn:
    krbprincipalname=HTTP/ipa01.pakos...@pakos.uk
    <mailto:ipa01.pakos...@pakos.uk>,cn=services,cn=accounts,dc=p
    akos,dc=uk krbExtraData::
    AAJS5mRYSFRUUC9pcGEwMS5wYWtvcy51a0BQQUtPUy5VSwA=
    krbLastPwdChange: 20161229103250Z krbPrincipalKey::
    MIHeoAMCAQGhAwIBAaIDAgEBowMCAQGkgccwgcQwaKAbMBmgAwIBBKESBBB5
    
NUQyJVZFPGYyMTZAUU0+oUkwR6ADAgESoUAEPiAA1r2NfOUD/7xph6tSb4hg/nTOwIVYhOusG/omq
    
a1qMz/ZVA/nn4pct9yNwFxKUGOFOz1suDz0l2Rur2vUMFigGzAZoAMCAQShEgQQOiQnZGE8Nk93V3
    
pvJSRLVaE5MDegAwIBEaEwBC4QAJbWI/ipYCPMu9I/jUqL39P0a9WHq8BdW2kpY9kYqsoy7D+A3fP
    LwmAX3lYm objectClass: ipaobject objectClass: ipaservice
    objectClass: krbticketpolicyaux objectClass: ipakrbprincipal
    objectClass: krbprincipal objectClass: krbprincipalaux
    objectClass: pkiuser objectClass: top ipaKrbPrincipalAlias:
    HTTP/ipa01.pakos...@pakos.uk <mailto:ipa01.pakos...@pakos.uk>
    krbCanonicalName: HTTP/ipa01.pakos...@pakos.uk
    <mailto:ipa01.pakos...@pakos.uk> managedBy: fqdn=ipa01.pakos.uk
    <http://ipa01.pakos.uk>,cn=computers,cn=accounts,dc=pakos,dc=uk
    krbPrincipalName: HTTP/ipa01.pakos...@pakos.uk
    <mailto:ipa01.pakos...@pakos.uk> ipaUniqueID:
    25dc5432-cdb2-11e6-a20e-005056a2f7f5 # search result search: 2
    result: 0 Success # numResponses: 2 # numEntries: 1 [root@ipa01
    ipa]# ldapsearch -D "cn=Directory Manager" -W -b $DN -s sub
    "(objectclass=*)" Enter LDAP Password: # extended LDIF # # LDAPv3
    # base <krbprincipalname=HTTP/ipa01.pakos...@pakos.uk
    <mailto:ipa01.pakos...@pakos.uk>,cn=services,cn=accounts,dc=pakos,dc=uk>
    with scope subtree # filter: (objectclass=*) # requesting: ALL #
    # HTTP/ipa01.pakos...@pakos.uk <mailto:ipa01.pakos...@pakos.uk>,
    services, accounts, pakos.uk <http://pakos.uk> dn:
    krbprincipalname=HTTP/ipa01.pakos...@pakos.uk
    <mailto:ipa01.pakos...@pakos.uk>,cn=services,cn=accounts,dc=p
    akos,dc=uk krbExtraData::
    AAJS5mRYSFRUUC9pcGEwMS5wYWtvcy51a0BQQUtPUy5VSwA=
    krbLastPwdChange: 20161229103250Z krbPrincipalKey::
    MIHeoAMCAQGhAwIBAaIDAgEBowMCAQGkgccwgcQwaKAbMBmgAwIBBKESBBB5
    
NUQyJVZFPGYyMTZAUU0+oUkwR6ADAgESoUAEPiAA1r2NfOUD/7xph6tSb4hg/nTOwIVYhOusG/omq
    
a1qMz/ZVA/nn4pct9yNwFxKUGOFOz1suDz0l2Rur2vUMFigGzAZoAMCAQShEgQQOiQnZGE8Nk93V3
    
pvJSRLVaE5MDegAwIBEaEwBC4QAJbWI/ipYCPMu9I/jUqL39P0a9WHq8BdW2kpY9kYqsoy7D+A3fP
    LwmAX3lYm objectClass: ipaobject objectClass: ipaservice
    objectClass: krbticketpolicyaux objectClass: ipakrbprincipal
    objectClass: krbprincipal objectClass: krbprincipalaux
    objectClass: pkiuser objectClass: top ipaKrbPrincipalAlias:
    HTTP/ipa01.pakos...@pakos.uk <mailto:ipa01.pakos...@pakos.uk>
    krbCanonicalName: HTTP/ipa01.pakos...@pakos.uk
    <mailto:ipa01.pakos...@pakos.uk> managedBy: fqdn=ipa01.pakos.uk
    <http://ipa01.pakos.uk>,cn=computers,cn=accounts,dc=pakos,dc=uk
    krbPrincipalName: HTTP/ipa01.pakos...@pakos.uk
    <mailto:ipa01.pakos...@pakos.uk> ipaUniqueID:
    25dc5432-cdb2-11e6-a20e-005056a2f7f5 # search result search: 2
    result: 0 Success # numResponses: 2 # numEntries: 1

    [root@ipa01 ipa]# ldapsearch -D "cn=Directory Manager" -W -b $DN
    -s base Enter LDAP Password: # extended LDIF # # LDAPv3 # base
    <krbprincipalname=HTTP/ipa01.pakos...@pakos.uk
    <mailto:ipa01.pakos...@pakos.uk>,cn=services,cn=accounts,dc=pakos,dc=uk>
    with scope baseObject # filter: (objectclass=*) # requesting: ALL
    # # HTTP/ipa01.pakos...@pakos.uk
    <mailto:ipa01.pakos...@pakos.uk>, services, accounts, pakos.uk
    <http://pakos.uk> dn:
    krbprincipalname=HTTP/ipa01.pakos...@pakos.uk
    <mailto:ipa01.pakos...@pakos.uk>,cn=services,cn=accounts,dc=p
    akos,dc=uk krbExtraData::
    AAJS5mRYSFRUUC9pcGEwMS5wYWtvcy51a0BQQUtPUy5VSwA=
    krbLastPwdChange: 20161229103250Z krbPrincipalKey::
    MIHeoAMCAQGhAwIBAaIDAgEBowMCAQGkgccwgcQwaKAbMBmgAwIBBKESBBB5
    
NUQyJVZFPGYyMTZAUU0+oUkwR6ADAgESoUAEPiAA1r2NfOUD/7xph6tSb4hg/nTOwIVYhOusG/omq
    
a1qMz/ZVA/nn4pct9yNwFxKUGOFOz1suDz0l2Rur2vUMFigGzAZoAMCAQShEgQQOiQnZGE8Nk93V3
    
pvJSRLVaE5MDegAwIBEaEwBC4QAJbWI/ipYCPMu9I/jUqL39P0a9WHq8BdW2kpY9kYqsoy7D+A3fP
    LwmAX3lYm objectClass: ipaobject objectClass: ipaservice
    objectClass: krbticketpolicyaux objectClass: ipakrbprincipal
    objectClass: krbprincipal objectClass: krbprincipalaux
    objectClass: pkiuser objectClass: top ipaKrbPrincipalAlias:
    HTTP/ipa01.pakos...@pakos.uk <mailto:ipa01.pakos...@pakos.uk>
    krbCanonicalName: HTTP/ipa01.pakos...@pakos.uk
    <mailto:ipa01.pakos...@pakos.uk> managedBy: fqdn=ipa01.pakos.uk
    <http://ipa01.pakos.uk>,cn=computers,cn=accounts,dc=pakos,dc=uk
    krbPrincipalName: HTTP/ipa01.pakos...@pakos.uk
    <mailto:ipa01.pakos...@pakos.uk> ipaUniqueID:
    25dc5432-cdb2-11e6-a20e-005056a2f7f5 # search result search: 2
    result: 0 Success # numResponses: 2 # numEntries: 1

    I must say that this a show stopper for us at WANdisco which is
    holding back the upgrade from FreeIPA 4.2 to FreeIPA 4.4.
    If there is anything else I can do to help with the
    investigation, please just let me know.
    Many thanks in advance.

    -- 
    Kind regards,

     Peter Pakos

--
Kind regards,
 Peter Pakos


-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project





















					Reply via email to