subject:"\[Freeipa\-users\] IPA 3.0 RHEL 6.4"

Re: [Freeipa-users] IPA 3.0 RHEL 6.4

2013-10-09 Thread Loris Santamaria

El mar, 08-10-2013 a las 12:55 -0500, Zachary Musselman escribió:
 Hi Loris,
 
 
 Thanks for the quick and informational response.
 
 
 I'm going to ask for a little hand holding here.  I'm not well versed
 in LDAP or IPA.
 
 
 
  How would I use ldapsearch to check that this value is
 correctly set already?  I have already set ldap passwd sync = only in
 smb.conf as recommended by our Red Hat Consultant.

With a simple ldapsearch:

ldapsearch -x -D cn=Directory Manager -W -b cn=config cn=ipa_pwd_extop

  Where can I find that patch that is needed to correctly set
 the sambaPwdLastSet attribute?

Looking back at the code I see that ipa_pwd_extop already sets the
sambaPwdLastSet attribute if the user has the sambaSamAccount
objectClass, thus the patch is simply this:

--- freeipa-2.1.3/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c.orig  
2012-06-29 11:33:14.578905152 -0430
+++ freeipa-2.1.3/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c   
2012-06-29 15:21:49.228789490 -0430
@@ -440,7 +440,7 @@
 
 for (i = 0; i  krbcfg-num_passsync_mgrs; i++) {
 if (strcasecmp(krbcfg-passsync_mgrs[i], bindDN) == 0) {
-pwdata.changetype = IPA_CHANGETYPE_DSMGR;
+pwdata.changetype = IPA_CHANGETYPE_NORMAL;
 break;
 }
 }

Please note that this patch is for ipa 2.2 but it shouldn't be difficult
to adapt it to ipa 3.0. What the patch does is manage password changes
by samba as normal user password changes as to enforce password
policies.

As the patch is (ab)using the Passsync Managers feature of
ipa_pwd_extop I wouldn't recommend its use if you have a user
synchronization agreement with Active Directory

Best regards

  To have some correspondence between IPA password policies and
 samba
  password policies you need to:
 
  1. Create a sufficiently privileged bind user in ipa and have
 samba connect to IPA using that bind user. For example
 uid=sambaadmin,cn=sysaccounts,cn=etc,dc=example,dc=com
  2. To have password changes in windows work as normal user
 password
 changes (instead of password resets) you must add the above
 bind user to the passsyncmanagersdn attribute of the
 ipa_pwd_extop plugin configuration. Similar to what is
 explained
 here:
 
   
 http://www.freeipa.org/docs/1.2/Installation_Deployment_Guide/en-US/html/sect-Installation_and_Deployment_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Setting_up_Windows_Sync_on_the_IPA_Server.html
  3. Samba should not mess with password expiration attributes in
 ldap, so you should set ldap passwd sync = only in smb.conf
  4. You need a small patch in the ipa_pwd_extop plugin to have it
 set the sambaPwdLastSet attributes on password changes
  5. Samba password policies (Maximum password duration, minimum
 password duration) should match the IPA password policies
 
 
 
 
 
 
 
   Below are the patches I received from our Red Hat
 consultant.  Is this similar to what your talking about?
 
 
 
 
 --
 
 
 --- group.js.orig 2012-06-25 11:59:02.789096058 -0700
 +++ group.js  2012-06-25 12:02:47.669143612 -0700
 @@ -37,7 +37,8 @@
  columns: [
  'cn',
  'gidnumber',
 -'description'
 +'description',
 +'sambagrouptype'
  ]
  }).
  details_facet({
 @@ -50,7 +51,8 @@
  type: 'textarea',
  name: 'description'
  },
 -'gidnumber'
 +'gidnumber',
 + 'sambagrouptype'
  ]
  }
  ]
 @@ -116,6 +118,14 @@
  label: IPA.messages.objects.group.posix,
  checked: true
  },
 +{
 +factory: IPA.select_widget,
 +name: 'sambagrouptype',
 +label: IPA.messages.objects.group.sambagrouptype,
 +options: [
 +{label: 'Domain', value: 2},
 +{label: 'Local', value: 4}]
 +},
  'gidnumber'
  ]
  });
 
 
 
 
 --- group.py.orig 2012-06-25 12:06:13.265838223 -0700
 +++ group.py  2012-06-25 12:06:19.513906111 -0700
 @@ -102,7 +102,7 @@
  
  takes_params = (
  Str('cn',
 -

Re: [Freeipa-users] IPA 3.0 RHEL 6.4

2013-10-08 Thread Zachary Musselman

Hello Dmitri,

We are currently using Samba as a file server and a DC with NT style domain
for our Windows clients.  IPA is the password backend for Samba.

Our Red Hat consultant originally had the following items working when this
system was installed last year.

** Ability to add groups in the IPA web interface for samba

I have these patches and need to make sure that they work with IPA 3.0 and
RHEL 6.4 before I apply them.

** We have a default password policy of 90 days expiration.  This policy
also has complexity, history, length, etc.

Early this year that 90 day expiration stopped working and my Windows users
were no longer receiving a must change password notice.  We were hoping
the update to RHEL 6.4 and IPA 3.0 would fix this but it has not.
 Currently my users are showing an EXPIRATION in IPA of June/July or so
time frame.  Back in April we manually changed all user's passwords to a
temporary.  That prompted them to login and change their password, hoping
this would kickstart the 90 day expiration again.  That was NOT successful.

At a MINIMUM we are needing to correctly have IPA expire a user's password
and allow Samba to understand that as well based on the password policy IPA
shows for a given user.

I have a test user who has a 2nd password policy we created.  That users
has 1 day expiration within IPA.  When I change the following value using
ldapmodify, It CORRECTLY makes Samba prompt the user to change their
password when logging in the next time.  When I change this test password,
IPA reset's the EXPIRATION DATE to 90 days out and not 1 day from the time
password was changed.

---


A third item we need fixed if possible, is the ability to enforce password
complexity, history, length, etc. through Samba based on what IPA shows for
a user's password policy.  I cannot confirm if this WAS working or not
after it was initially installed.  I guess you or Rob would be the
individuals who could tell me what is possible to enable this feature.




On Fri, Oct 4, 2013 at 9:56 AM, Rob Crittenden rcrit...@redhat.com wrote:

 Zach Musselman wrote:

 Hello,

 My company is having issues with our current install of IPA on RHEL 6.4.

 ** We had group patches that worked with IPA 2.2.0 and allowed us to
 enter samba groups directly in the IPA web interface.  Red Hat is unable
 to confirm these patches are updated for IPA 3.0 RHEL 6.4 even though
 their Red Hat consultant created these a year ago.


 I'm not clear what you mean by updated for IPA 3.0. Are you asking the
 patches to be rebased?

 It is also unclear if things were working properly with 2.2.0 and broke
 with 3.0, or if these things never worked, or something else.


 ** IPA password policy (history, length, complexity, etc.) enforcement

 Our current versions are not allowing the IPA password policy to work
 with Samba.  My Windows users are able to change their password either
 MANUALLY or WHEN FORCED to reset via the IPA interface.  However, non of
 the password history, length, complexity and so on are enforced with
 Samba and users are able to either keep the same password or change it
 to anything they want without restrictions.


 Can you be more specific about where the password changes are happening?
 What do mean by manually? Changing it via the UI should apply password
 policy because that is really independent of any Samba changes that have
 been made.


 ** Samba password change also changing correctly the IPA expiration date
 so IPA can successfully reset the (sambaPwdLastSet: 0) value upon 90
 days since last password change

 If we manually run ldapmodify and change the value of sambaPwdLastSet to
 equal 0, this correctly forces the end user to change their password in
 Windows.

 The issue though is their IPA password expiration date listed in the
 interface isn't correctly showing the amount of days to expire NEXT.  I
 have a test user that has a password policy of 1 day expiration.  I
 would expect this user to show an expiration date of the next day after
 password change but for some reason it always keeps showing about 90
 days out, which is my default policy for all users.

 I need to be able to test that IPA is correctly expiring the password
 after 1 day so that I know in 90 days my other users will receive the
 same expiration.

 For most of this year password expiration was not working and IPA is
 showing a password expiration of months ago when their password should
 have expired (samba never prompted for this change).  Since we updated
 to IPA 3.0, I'm hoping that when I reset their sambaPwdLastSet to 0 that
 IPA will start enforcing a 90 day expiration again.


 I don't really know much about how Windows/Samba does password expiration,
 but IPA has no process to look at the last set date, compare that to the
 policy, and reset sambaPwdLastSet. Is that what you're expecting?


 Any help you can provide on these issues would be greatly appreciated!

 Also, what would you recommend for future IPA versions and

Re: [Freeipa-users] IPA 3.0 RHEL 6.4

2013-10-08 Thread Loris Santamaria

El mar, 08-10-2013 a las 09:25 -0500, Zachary Musselman escribió:
Hello Dmitri,

We are currently using Samba as a file server and a DC with NT style
domain for our Windows clients. IPA is the password backend for
Samba.

Our Red Hat consultant originally had the following items working when
this system was installed last year.

** Ability to add groups in the IPA web interface for samba

I have these patches and need to make sure that they work with IPA 3.0
and RHEL 6.4 before I apply them.

Those patches surely could be adapted without much work. The web
interface for groups has not changed much between IPA 2.2 and 3.0

Anyway, there is not a real need to patch the web interface to have IPA
add the objectClasses (sambaGroupMapping) and attributes (sambaSID and
sambaGroupType) required by Samba. I've done this for some customers
adding a DNA plugin configuration for sambaSID and extending the IPA
group object to add the objectclass and sambagrouptype, as explained in
http://abbra.fedorapeople.org/guide.html#sec-4. No need to patch the Web
UI here.

** We have a default password policy of 90 days expiration. This
policy also has complexity, history, length, etc.

Early this year that 90 day expiration stopped working and my Windows
users were no longer receiving a must change password notice. We
were hoping the update to RHEL 6.4 and IPA 3.0 would fix this but it
has not. Currently my users are showing an EXPIRATION in IPA of
June/July or so time frame. Back in April we manually changed all
user's passwords to a temporary. That prompted them to login and
change their password, hoping this would kickstart the 90 day
expiration again. That was NOT successful.

At a MINIMUM we are needing to correctly have IPA expire a user's
password and allow Samba to understand that as well based on the
password policy IPA shows for a given user.

To have some correspondence between IPA password policies and samba
password policies you need to:

1. Create a sufficiently privileged bind user in ipa and have
samba connect to IPA using that bind user. For example
uid=sambaadmin,cn=sysaccounts,cn=etc,dc=example,dc=com
2. To have password changes in windows work as normal user password
changes (instead of password resets) you must add the above
bind user to the passsyncmanagersdn attribute of the
ipa_pwd_extop plugin configuration. Similar to what is explained
here:

http://www.freeipa.org/docs/1.2/Installation_Deployment_Guide/en-US/html/sect-Installation_and_Deployment_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Setting_up_Windows_Sync_on_the_IPA_Server.html
3. Samba should not mess with password expiration attributes in
ldap, so you should set ldap passwd sync = only in smb.conf
4. You need a small patch in the ipa_pwd_extop plugin to have it
set the sambaPwdLastSet attributes on password changes
5. Samba password policies (Maximum password duration, minimum
password duration) should match the IPA password policies

At least that is the route we took with customers and it has worked
fairly well.

I have a test user who has a 2nd password policy we created. That
users has 1 day expiration within IPA. When I change the following
value using ldapmodify, It CORRECTLY makes Samba prompt the user to
change their password when logging in the next time. When I change
this test password, IPA reset's the EXPIRATION DATE to 90 days out and
not 1 day from the time password was changed.

Probably samba is connecting to IPA with an admin user and password
changes work end being don by IPA as password resets. See point 2 above

A third item we need fixed if possible, is the ability to enforce
password complexity, history, length, etc. through Samba based on what
IPA shows for a user's password policy. I cannot confirm if this WAS
working or not after it was initially installed. I guess you or Rob
would be the individuals who could tell me what is possible to enable
this feature.

We've done it manually (with pdbedit -P) and after that everything works
ok, password history, password length, password duration and complexity,
all match between samba and IPA.

Hope it helps.

On Fri, Oct 4, 2013 at 9:56 AM, Rob Crittenden rcrit...@redhat.com
wrote:
Zach Musselman wrote:
Hello,

My company is having issues with our current install
of IPA on RHEL 6.4.

** We had group patches that worked with IPA 2.2.0 and
allowed us to
enter samba groups directly in the IPA web interface.
Red Hat is unable
to confirm these patches are updated for IPA 3.0 RHEL
6.4 even though
their Red Hat consultant created these a year ago.

I'm not clear

Re: [Freeipa-users] IPA 3.0 RHEL 6.4

2013-10-08 Thread Zachary Musselman

Hi Loris,

Thanks for the quick and informational response.

I'm going to ask for a little hand holding here.  I'm not well versed in
LDAP or IPA.


 How would I use ldapsearch to check that this value is correctly
set already?  I have already set ldap passwd sync = only in smb.conf as
recommended by our Red Hat Consultant.

 Where can I find that patch that is needed to correctly set the
sambaPwdLastSet attribute?


 To have some correspondence between IPA password policies and samba
 password policies you need to:

 1. Create a sufficiently privileged bind user in ipa and have
samba connect to IPA using that bind user. For example
uid=sambaadmin,cn=sysaccounts,cn=etc,dc=example,dc=com
 2. To have password changes in windows work as normal user password
changes (instead of password resets) you must add the above
bind user to the passsyncmanagersdn attribute of the
ipa_pwd_extop plugin configuration. Similar to what is explained
here:

http://www.freeipa.org/docs/1.2/Installation_Deployment_Guide/en-US/html/sect-Installation_and_Deployment_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Setting_up_Windows_Sync_on_the_IPA_Server.html
 3. Samba should not mess with password expiration attributes in
ldap, so you should set ldap passwd sync = only in smb.conf
 4. You need a small patch in the ipa_pwd_extop plugin to have it
set the sambaPwdLastSet attributes on password changes
 5. Samba password policies (Maximum password duration, minimum
password duration) should match the IPA password policies



  Below are the patches I received from our Red Hat consultant.
 Is this similar to what your talking about?


--

--- group.js.orig   2012-06-25 11:59:02.789096058 -0700
+++ group.js2012-06-25 12:02:47.669143612 -0700
@@ -37,7 +37,8 @@
 columns: [
 'cn',
 'gidnumber',
-'description'
+'description',
+'sambagrouptype'
 ]
 }).
 details_facet({
@@ -50,7 +51,8 @@
 type: 'textarea',
 name: 'description'
 },
-'gidnumber'
+'gidnumber',
+   'sambagrouptype'
 ]
 }
 ]
@@ -116,6 +118,14 @@
 label: IPA.messages.objects.group.posix,
 checked: true
 },
+{
+factory: IPA.select_widget,
+name: 'sambagrouptype',
+label: IPA.messages.objects.group.sambagrouptype,
+options: [
+{label: 'Domain', value: 2},
+{label: 'Local', value: 4}]
+},
 'gidnumber'
 ]
 });





--- group.py.orig   2012-06-25 12:06:13.265838223 -0700
+++ group.py2012-06-25 12:06:19.513906111 -0700
@@ -102,7 +102,7 @@

 takes_params = (
 Str('cn',
-pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,252}[a-zA-Z0-9_.$-]?$',
+pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_. -]{0,252}[a-zA-Z0-9_.$-]?$',
 pattern_errmsg='may only include letters, numbers, _, -, . and $',
 maxlength=255,
 cli_name='group_name',
@@ -121,6 +121,13 @@
 doc=_('GID (use this option to set it manually)'),
 minvalue=1,
 ),
+Int('sambagrouptype',
+cli_name='sgt',
+label=_('Samba Group Type'),
+doc=_('Samba Group Type (default is 2)'),
+default=2,
+autofill=True,
+),
 )

 api.register(group)


---



On Tue, Oct 8, 2013 at 12:15 PM, Loris Santamaria lo...@lgs.com.ve wrote:

 El mar, 08-10-2013 a las 09:25 -0500, Zachary Musselman escribió:
  Hello Dmitri,
 
 
  We are currently using Samba as a file server and a DC with NT style
  domain for our Windows clients.  IPA is the password backend for
  Samba.
 
 
  Our Red Hat consultant originally had the following items working when
  this system was installed last year.
 
 
  ** Ability to add groups in the IPA web interface for samba
 
 
  I have these patches and need to make sure that they work with IPA 3.0
  and RHEL 6.4 before I apply them.

 Those patches surely could be adapted without

[Freeipa-users] IPA 3.0 RHEL 6.4

2013-10-04 Thread Zach Musselman

Hello,

My company is having issues with our current install of IPA on RHEL 6.4.

** We had group patches that worked with IPA 2.2.0 and allowed us to enter
samba groups directly in the IPA web interface.  Red Hat is unable to
confirm these patches are updated for IPA 3.0 RHEL 6.4 even though their
Red Hat consultant created these a year ago.


** IPA password policy (history, length, complexity, etc.) enforcement

Our current versions are not allowing the IPA password policy to work with
Samba.  My Windows users are able to change their password either MANUALLY
or WHEN FORCED to reset via the IPA interface.  However, non of the
password history, length, complexity and so on are enforced with Samba and
users are able to either keep the same password or change it to anything
they want without restrictions.


** Samba password change also changing correctly the IPA expiration date so
IPA can successfully reset the (sambaPwdLastSet: 0) value upon 90 days
since last password change

If we manually run ldapmodify and change the value of sambaPwdLastSet to
equal 0, this correctly forces the end user to change their password in
Windows.

The issue though is their IPA password expiration date listed in the
interface isn't correctly showing the amount of days to expire NEXT.  I
have a test user that has a password policy of 1 day expiration.  I would
expect this user to show an expiration date of the next day after password
change but for some reason it always keeps showing about 90 days out, which
is my default policy for all users.

I need to be able to test that IPA is correctly expiring the password after
1 day so that I know in 90 days my other users will receive the same
expiration.

For most of this year password expiration was not working and IPA is
showing a password expiration of months ago when their password should have
expired (samba never prompted for this change).  Since we updated to IPA
3.0, I'm hoping that when I reset their sambaPwdLastSet to 0 that IPA will
start enforcing a 90 day expiration again.


Any help you can provide on these issues would be greatly appreciated!

Also, what would you recommend for future IPA versions and Samba?  Will
RHEL 6.5 include a newer version of IPA that will work and integrate better
with Samba?  Or should we start looking at other options that integrate our
password features more as they are needed, like Samba 4?

Thanks again!


-- 
Zach
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] IPA 3.0 RHEL 6.4

2013-10-04 Thread Rob Crittenden


Zach Musselman wrote:

Hello,

My company is having issues with our current install of IPA on RHEL 6.4.

** We had group patches that worked with IPA 2.2.0 and allowed us to
enter samba groups directly in the IPA web interface.  Red Hat is unable
to confirm these patches are updated for IPA 3.0 RHEL 6.4 even though
their Red Hat consultant created these a year ago.


I'm not clear what you mean by updated for IPA 3.0. Are you asking the 
patches to be rebased?


It is also unclear if things were working properly with 2.2.0 and broke 
with 3.0, or if these things never worked, or something else.




** IPA password policy (history, length, complexity, etc.) enforcement

Our current versions are not allowing the IPA password policy to work
with Samba.  My Windows users are able to change their password either
MANUALLY or WHEN FORCED to reset via the IPA interface.  However, non of
the password history, length, complexity and so on are enforced with
Samba and users are able to either keep the same password or change it
to anything they want without restrictions.


Can you be more specific about where the password changes are happening? 
What do mean by manually? Changing it via the UI should apply password 
policy because that is really independent of any Samba changes that have 
been made.




** Samba password change also changing correctly the IPA expiration date
so IPA can successfully reset the (sambaPwdLastSet: 0) value upon 90
days since last password change

If we manually run ldapmodify and change the value of sambaPwdLastSet to
equal 0, this correctly forces the end user to change their password in
Windows.

The issue though is their IPA password expiration date listed in the
interface isn't correctly showing the amount of days to expire NEXT.  I
have a test user that has a password policy of 1 day expiration.  I
would expect this user to show an expiration date of the next day after
password change but for some reason it always keeps showing about 90
days out, which is my default policy for all users.

I need to be able to test that IPA is correctly expiring the password
after 1 day so that I know in 90 days my other users will receive the
same expiration.

For most of this year password expiration was not working and IPA is
showing a password expiration of months ago when their password should
have expired (samba never prompted for this change).  Since we updated
to IPA 3.0, I'm hoping that when I reset their sambaPwdLastSet to 0 that
IPA will start enforcing a 90 day expiration again.


I don't really know much about how Windows/Samba does password 
expiration, but IPA has no process to look at the last set date, compare 
that to the policy, and reset sambaPwdLastSet. Is that what you're 
expecting?




Any help you can provide on these issues would be greatly appreciated!

Also, what would you recommend for future IPA versions and Samba?  Will
RHEL 6.5 include a newer version of IPA that will work and integrate
better with Samba?  Or should we start looking at other options that
integrate our password features more as they are needed, like Samba 4?


There are no Samba integration changes made that I know of.

rob

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] IPA 3.0 RHEL 6.4

2013-10-04 Thread Dmitri Pal

On 10/04/2013 10:34 AM, Zach Musselman wrote:
 Hello,

 My company is having issues with our current install of IPA on RHEL 6.4.

 ** We had group patches that worked with IPA 2.2.0 and allowed us to
 enter samba groups directly in the IPA web interface.  Red Hat is
 unable to confirm these patches are updated for IPA 3.0 RHEL 6.4 even
 though their Red Hat consultant created these a year ago.


 ** IPA password policy (history, length, complexity, etc.) enforcement

 Our current versions are not allowing the IPA password policy to work
 with Samba.  My Windows users are able to change their password either
 MANUALLY or WHEN FORCED to reset via the IPA interface.  However, non
 of the password history, length, complexity and so on are enforced
 with Samba and users are able to either keep the same password or
 change it to anything they want without restrictions.


 ** Samba password change also changing correctly the IPA expiration
 date so IPA can successfully reset the (sambaPwdLastSet: 0) value upon
 90 days since last password change

 If we manually run ldapmodify and change the value of sambaPwdLastSet
 to equal 0, this correctly forces the end user to change their
 password in Windows.

 The issue though is their IPA password expiration date listed in the
 interface isn't correctly showing the amount of days to expire NEXT. 
 I have a test user that has a password policy of 1 day expiration.  I
 would expect this user to show an expiration date of the next day
 after password change but for some reason it always keeps showing
 about 90 days out, which is my default policy for all users.

 I need to be able to test that IPA is correctly expiring the password
 after 1 day so that I know in 90 days my other users will receive the
 same expiration.

 For most of this year password expiration was not working and IPA is
 showing a password expiration of months ago when their password should
 have expired (samba never prompted for this change).  Since we updated
 to IPA 3.0, I'm hoping that when I reset their sambaPwdLastSet to 0
 that IPA will start enforcing a 90 day expiration again.


 Any help you can provide on these issues would be greatly appreciated!

 Also, what would you recommend for future IPA versions and Samba? 
 Will RHEL 6.5 include a newer version of IPA that will work and
 integrate better with Samba?  Or should we start looking at other
 options that integrate our password features more as they are needed,
 like Samba 4?

 Thanks again!


Hello,

We would be glad to help you but it is unclear what kind of setup you
have. It is definitely something custom made that was created based on
your requirements and not exactly usual use case we see in the community.
So let us understand what we are talking about .
Haw are you using Samba? As a file server, as a NT style DC or you are
talking about Winbind?
If you are using FreeIPA DS as a back end DS store for Samba then this
something we did not try nor can guarantee would work between the IPA
upgrades.

Based on your comment above it looks like that you are trying to use
Windows clients with Samba NT style DC that uses IPA as its back end store.
If it is the case it is not something that we support upstream or
recommend. And the main reason is that we anticipate it to be very
fragile and hard to maintain (and your experience above proves that).

So in the current situation the best would be to understand the
requirements and see what is the best solution we can recommend based on
the tools we have.

Sorry that you went through such experience, it must be really
frustrating. We will try to help the best we can.


Thanks
Dmitri


 -- 
 Zach


 ___
 Freeipa-users mailing list
 Freeipa-users@redhat.com
 https://www.redhat.com/mailman/listinfo/freeipa-users


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.


---
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] IPA 3.0 RHEL 6.4

Re: [Freeipa-users] IPA 3.0 RHEL 6.4

Re: [Freeipa-users] IPA 3.0 RHEL 6.4

Re: [Freeipa-users] IPA 3.0 RHEL 6.4

[Freeipa-users] IPA 3.0 RHEL 6.4

Re: [Freeipa-users] IPA 3.0 RHEL 6.4

Re: [Freeipa-users] IPA 3.0 RHEL 6.4

7 matches

Site Navigation

Mail list logo

Footer information