Re: [Freeipa-users] DNS resource records problem. subdomains and /16's.
Andrew Holway wrote: Hello, I have created two DNS resource records. 51.10.in-addr.arpa. and test.domain.com. It seems that it does not like to use the 51.10.in-addr.arpa. for addresses. Must I specify each /24? In addition, if I am adding a host node.subdomain.test.nsslabs.com. It does not like this either. Must I specify a record for each subdomain? Am I missing a * somewhere? Can you be more specific about what you're seeing? rob ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] DNS resource records problem. subdomains and /16's.
Here is some info from FreeIPA . . . [root@freeipa ~]# ipa host-show Host name: node002.test.nsslabs.com Host name: node002.test.nsslabs.com Certificate: MIIDrzCCApegAwIBAgIBETANBgkqhkiG9w0BAQsFADA7MRkwFwYDVQQKExBURVNULk5TU0xBQlMuQ09NMR4wHAYDVQQDExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMTMxMDI4MDkwMDAxWhcNMTUxMDI5MDkwMDAxWjA+MRkwFwYDVQQKExBURVNULk5TU0xBQlMuQ09NMSEwHwYDVQQDExhub2RlMDAyLnRlc3QubnNzbGFicy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBNjwG219iSyJ7f8TVjoIUN8Wtk3WfaCTEW43d534UDCsC4e5pd/dsOqsCk+NqVf6u6SA80ZFnZp/z7ULoY9rm/+IRBY2M/ofu8PHVZ2wu33/4RhW9FXORh51rSaklefs3ZAgo+Ra2aiEdsm4vSk4+0f3dUnbtoqg6bkK0NHjUEkof/7EyM+WLhXUIfXnyFFu3gnHzqntX/SbybgtG8AuDSkm07LLnbY354u28OPE+DLaGgYPqZmuvdHVAEWu8i2uCywOyf3yHuFA59UjZclb7IQZ0qvm8GUUJjidFOfmgBSueyTUs+JvojYu2Z+roqwJpFY60oiSwMQw3fuHh/UqFAgMBAAGjgbowgbcwHwYDVR0jBBgwFoAUxjS+P9INb5f52vII8K8H9v8NqaUwRgYIKwYBBQUHAQEEOjA4MDYGCCsGAQUFBzABhipodHRwOi8vZnJlZWlwYS50ZXN0Lm5zc2xhYnMuY29tOjgwL2NhL29jc3AwDgYDVR0PAQH/BAQDAgTwMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUt6Eh8e4si95/Q/CbzbbAB5cESVUwDQYJKoZIhvcNAQELBQADggEBAK5OQe2jPdzTJZTizgLE8AMSlw9NWVCY0bLh4HbbIhazFo++FOlArR! f8AfwukmFdv97JEy3wDWDccxQXBC+8/tmIP3TeILcLAwEmdmSynKXOvhQ97+EGNmQRO9uXLo1C5ognxUiDbjmXYWkMRjJFLzBvqbA4veRekgvS27faZa0lTTxygk2hrbcMyVN6MHGLdX07EMgSa6IkIUZ+TdLZwMep9IK6CtoJelTjDP0JIy3n5DBVzJ+C0GZ0XUyUE6vXFcpuvyGY4ckQHf1sEbWFcRmJsxsweAgGwol2GJAWa7vZJlTVJZOMgV8fO0aK0Y8kl/KHN+ycxWFQyxZ3njDPn6g= Principal name: host/node002.test.nsslabs@test.nsslabs.com Password: False Keytab: True Managed by: node002.test.nsslabs.com Subject: CN=node002.test.nsslabs.com,O=TEST.NSSLABS.COM Serial Number: 17 Serial Number (hex): 0x11 Issuer: CN=Certificate Authority,O=TEST.NSSLABS.COM Not Before: Mon Oct 28 09:00:01 2013 UTC Not After: Thu Oct 29 09:00:01 2015 UTC Fingerprint (MD5): d4:d7:fa:14:31:0a:71:70:c9:62:43:65:ab:c5:09:93 Fingerprint (SHA1): d2:72:8d:20:4b:c7:e5:a8:2d:bc:f9:e7:ca:c0:9b:f5:d9:53:c6:74 SSH public key fingerprint: 28:24:23:6C:6D:42:22:8A:38:10:C8:00:5B:11:43:F4 (ssh-dss), 43:3E:0A:E3:17:26:89:8B:6E:D3:66:FA:67:6D:CA:76 (ssh- rsa) [root@freeipa ~]# ipa host-show Host name: node001.swim1.test.nsslabs.com Host name: node001.swim1.test.nsslabs.com Certificate: MIIDtTCCAp2gAwIBAgIBEDANBgkqhkiG9w0BAQsFADA7MRkwFwYDVQQKExBURVNULk5TU0xBQlMuQ09NMR4wHAYDVQQDExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMTMxMDI4MDg1MjM0WhcNMTUxMDI5MDg1MjM0WjBEMRkwFwYDVQQKExBURVNULk5TU0xBQlMuQ09NMScwJQYDVQQDEx5ub2RlMDAxLnN3aW0xLnRlc3QubnNzbGFicy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyLPK9JKLZLuDoecKehT9MZnBeaJqHzF6nC+JhXd6wf5Kcy7WyVCVgWxchnvMo0x0CPN5mRDfHUpsT3MRILmRl/0OGgPft4Tl5X27kwfORT3/YPQVohclR2xS3RRZUTsuPlY6L2If02DL6wauWKzfVxASHB43JKLoTOA5GnM9CBGirs6R3yiNW0ow41kKslM6mwAXCwh7bSMRmBd43T3bvtFGLAMqKzn4t+v0ezaFSRvXeVPUeK4Mt8ZhzQ/FwMVW2HT3og2TBgIbCnk/U6R1Syyic7OvNWiODXHoepcQgYXv/G3kt2bqqyO7JJZkznGskF8TRQga1rnpHs1bYkGEFAgMBAAGjgbowgbcwHwYDVR0jBBgwFoAUxjS+P9INb5f52vII8K8H9v8NqaUwRgYIKwYBBQUHAQEEOjA4MDYGCCsGAQUFBzABhipodHRwOi8vZnJlZWlwYS50ZXN0Lm5zc2xhYnMuY29tOjgwL2NhL29jc3AwDgYDVR0PAQH/BAQDAgTwMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUAKXs8vW7guBvh0XhWUXS26j2zJswDQYJKoZIhvcNAQELBQADggEBAJWW5ZFYGEtGLxhBeutryfMpU/R83/zxpgG6TpvJS/v4OD! ANLLz+cqN8J9Ogna/wnprrYleUuhxgAvYVIyYInpt+N765g2fKMDlS1CCrfxt4F8wgG7WpN4ZzcE7roa5pYa7CP9DRupXyZfUjbFxCbYixS3zV/CU9lddlt9OJWRnPksbr6jKVAfStWnL9e5DVbOeXSuQwIbDScRLkVL7Po/z1eZATZsAMtdOLhciTId157k9hxOPn1DCyh31Z70JiXFiVL+FazljxzMMyfPCdsvKKHhjTednMBgfwRqtBtA/Hf7LjjWqiaR12y0qOQyNmZ8ylu+1sxRqUv78t6ljVRvc= Principal name: host/node001.swim1.test.nsslabs@test.nsslabs.com Password: False Keytab: True Managed by: node001.swim1.test.nsslabs.com Subject: CN=node001.swim1.test.nsslabs.com,O=TEST.NSSLABS.COM Serial Number: 16 Serial Number (hex): 0x10 Issuer: CN=Certificate Authority,O=TEST.NSSLABS.COM Not Before: Mon Oct 28 08:52:34 2013 UTC Not After: Thu Oct 29 08:52:34 2015 UTC Fingerprint (MD5): ef:7f:11:54:a4:99:3c:58:f9:c8:5f:1c:2f:8e:a0:a3 Fingerprint (SHA1): 87:2b:37:e0:c8:7b:54:62:a1:6f:ae:fa:7b:2a:f6:a4:3a:c6:5c:c4 SSH public key fingerprint: B8:44:2F:2E:DC:4E:BF:BE:15:00:25:80:3B:A9:1D:5E (ssh-dss), 05:11:9B:EE:D0:7A:BA:9D:BA:48:18:82:84:8F:25:82 (ssh-rsa) On 28 October 2013 15:20, Rob Crittenden rcrit...@redhat.com wrote: Andrew Holway wrote: Hello, I have created two DNS resource records. 51.10.in-addr.arpa. and test.domain.com. It seems that it does not like to use the 51.10.in-addr.arpa. for addresses. Must I specify each /24? In addition, if I am adding a host node.subdomain.test.nsslabs.com. It does not like this either. Must I specify a record for each subdomain? Am I missing a * somewhere? Can you be more specific about what you're seeing? rob ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] DNS resource records problem. subdomains and /16's.
Forward DNS for this host is working but reverse DNS is not: [root@freeipa ~]# dig node002.test.nsslabs.com @localhost ; DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 node002.test.nsslabs.com @localhost ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 9260 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;node002.test.nsslabs.com. IN A ;; ANSWER SECTION: node002.test.nsslabs.com. 1200 IN A 10.51.102.2 ;; AUTHORITY SECTION: test.nsslabs.com. 86400 IN NS freeipa.test.nsslabs.com. ;; ADDITIONAL SECTION: freeipa.test.nsslabs.com. 1200 IN A 10.51.101.23 ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Mon Oct 28 04:30:28 2013 ;; MSG SIZE rcvd: 96 [root@freeipa ~]# dig 10.51.102.2 @localhost ; DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 10.51.102.2 @localhost ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 57193 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;10.51.102.2. IN A ;; AUTHORITY SECTION: . 10800 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2013102800 1800 900 604800 86400 ;; Query time: 153 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Mon Oct 28 04:30:39 2013 ;; MSG SIZE rcvd: 104 On 28 October 2013 15:33, Andrew Holway andrew.hol...@gmail.com wrote: Here is some info from FreeIPA . . . [root@freeipa ~]# ipa host-show Host name: node002.test.nsslabs.com Host name: node002.test.nsslabs.com Certificate: MIIDrzCCApegAwIBAgIBETANBgkqhkiG9w0BAQsFADA7MRkwFwYDVQQKExBURVNULk5TU0xBQlMuQ09NMR4wHAYDVQQDExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMTMxMDI4MDkwMDAxWhcNMTUxMDI5MDkwMDAxWjA+MRkwFwYDVQQKExBURVNULk5TU0xBQlMuQ09NMSEwHwYDVQQDExhub2RlMDAyLnRlc3QubnNzbGFicy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBNjwG219iSyJ7f8TVjoIUN8Wtk3WfaCTEW43d534UDCsC4e5pd/dsOqsCk+NqVf6u6SA80ZFnZp/z7ULoY9rm/+IRBY2M/ofu8PHVZ2wu33/4RhW9FXORh51rSaklefs3ZAgo+Ra2aiEdsm4vSk4+0f3dUnbtoqg6bkK0NHjUEkof/7EyM+WLhXUIfXnyFFu3gnHzqntX/SbybgtG8AuDSkm07LLnbY354u28OPE+DLaGgYPqZmuvdHVAEWu8i2uCywOyf3yHuFA59UjZclb7IQZ0qvm8GUUJjidFOfmgBSueyTUs+JvojYu2Z+roqwJpFY60oiSwMQw3fuHh/UqFAgMBAAGjgbowgbcwHwYDVR0jBBgwFoAUxjS+P9INb5f52vII8K8H9v8NqaUwRgYIKwYBBQUHAQEEOjA4MDYGCCsGAQUFBzABhipodHRwOi8vZnJlZWlwYS50ZXN0Lm5zc2xhYnMuY29tOjgwL2NhL29jc3AwDgYDVR0PAQH/BAQDAgTwMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUt6Eh8e4si95/Q/CbzbbAB5cESVUwDQYJKoZIhvcNAQELBQADggEBAK5OQe2jPdzTJZTizgLE8AMSlw9NWVCY0bLh4HbbIhazFo++FOlA! rRf8AfwukmFdv97JEy3wDWDccxQXBC+8/tmIP3TeILcLAwEmdmSynKXOvhQ97+EGNmQRO9uXLo1C5ognxUiDbjmXYWkMRjJFLzBvqbA4veRekgvS27faZa0lTTxygk2hrbcMyVN6MHGLdX07EMgSa6IkIUZ+TdLZwMep9IK6CtoJelTjDP0JIy3n5DBVzJ+C0GZ0XUyUE6vXFcpuvyGY4ckQHf1sEbWFcRmJsxsweAgGwol2GJAWa7vZJlTVJZOMgV8fO0aK0Y8kl/KHN+ycxWFQyxZ3njDPn6g= Principal name: host/node002.test.nsslabs@test.nsslabs.com Password: False Keytab: True Managed by: node002.test.nsslabs.com Subject: CN=node002.test.nsslabs.com,O=TEST.NSSLABS.COM Serial Number: 17 Serial Number (hex): 0x11 Issuer: CN=Certificate Authority,O=TEST.NSSLABS.COM Not Before: Mon Oct 28 09:00:01 2013 UTC Not After: Thu Oct 29 09:00:01 2015 UTC Fingerprint (MD5): d4:d7:fa:14:31:0a:71:70:c9:62:43:65:ab:c5:09:93 Fingerprint (SHA1): d2:72:8d:20:4b:c7:e5:a8:2d:bc:f9:e7:ca:c0:9b:f5:d9:53:c6:74 SSH public key fingerprint: 28:24:23:6C:6D:42:22:8A:38:10:C8:00:5B:11:43:F4 (ssh-dss), 43:3E:0A:E3:17:26:89:8B:6E:D3:66:FA:67:6D:CA:76 (ssh- rsa) [root@freeipa ~]# ipa host-show Host name: node001.swim1.test.nsslabs.com Host name: node001.swim1.test.nsslabs.com Certificate: MIIDtTCCAp2gAwIBAgIBEDANBgkqhkiG9w0BAQsFADA7MRkwFwYDVQQKExBURVNULk5TU0xBQlMuQ09NMR4wHAYDVQQDExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMTMxMDI4MDg1MjM0WhcNMTUxMDI5MDg1MjM0WjBEMRkwFwYDVQQKExBURVNULk5TU0xBQlMuQ09NMScwJQYDVQQDEx5ub2RlMDAxLnN3aW0xLnRlc3QubnNzbGFicy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyLPK9JKLZLuDoecKehT9MZnBeaJqHzF6nC+JhXd6wf5Kcy7WyVCVgWxchnvMo0x0CPN5mRDfHUpsT3MRILmRl/0OGgPft4Tl5X27kwfORT3/YPQVohclR2xS3RRZUTsuPlY6L2If02DL6wauWKzfVxASHB43JKLoTOA5GnM9CBGirs6R3yiNW0ow41kKslM6mwAXCwh7bSMRmBd43T3bvtFGLAMqKzn4t+v0ezaFSRvXeVPUeK4Mt8ZhzQ/FwMVW2HT3og2TBgIbCnk/U6R1Syyic7OvNWiODXHoepcQgYXv/G3kt2bqqyO7JJZkznGskF8TRQga1rnpHs1bYkGEFAgMBAAGjgbowgbcwHwYDVR0jBBgwFoAUxjS+P9INb5f52vII8K8H9v8NqaUwRgYIKwYBBQUHAQEEOjA4MDYGCCsGAQUFBzABhipodHRwOi8vZnJlZWlwYS50ZXN0Lm5zc2xhYnMuY29tOjgwL2NhL29jc3AwDgYDVR0PAQH/BAQDAgTwMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUAKXs8vW7guBvh0XhWUXS26j2zJswDQYJKoZIhvcNAQELBQADggEBAJWW5ZFYGEtGLxhBeutryfMpU/R83/zxpgG6TpvJS/v4!
Re: [Freeipa-users] DNS resource records problem. subdomains and /16's.
Sorry, I didn't mean to sent the last mail. However the FreeIPA has correctly set reverse and forward DNS. I have trimmed it up a bit for clarity. Forward DNS for this host is working but reverse DNS is not: [root@freeipa ~]# dig node002.test.nsslabs.com @localhost ;; QUESTION SECTION: ;node002.test.nsslabs.com. IN A ;; ANSWER SECTION: node002.test.nsslabs.com. 1200 IN A 10.51.102.2 ;; AUTHORITY SECTION: test.nsslabs.com. 86400 IN NS freeipa.test.nsslabs.com. ;; ADDITIONAL SECTION: freeipa.test.nsslabs.com. 1200 IN A 10.51.101.23 [root@freeipa ~]# dig 10.51.102.2 @localhost ;; QUESTION SECTION: ;10.51.102.2. IN A ;; AUTHORITY SECTION: . 10800 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2013102800 1800 900 604800 86400 The FreeIPA server has correctly set reverse and forward DNS. [root@freeipa ~]# dig freeipa.test.nsslabs.com @localhost ;; QUESTION SECTION: ;freeipa.test.nsslabs.com. IN A ;; ANSWER SECTION: freeipa.test.nsslabs.com. 1200 IN A 10.51.101.23 ;; AUTHORITY SECTION: test.nsslabs.com. 86400 IN NS freeipa.test.nsslabs.com. [root@freeipa ~]# dig -x 10.51.101.23 @localhost ;; QUESTION SECTION: ;23.101.51.10.in-addr.arpa. IN PTR ;; ANSWER SECTION: 23.101.51.10.in-addr.arpa. 86400 IN PTR freeipa.test.nsslabs.com. ;; AUTHORITY SECTION: 51.10.in-addr.arpa. 86400 IN NS freeipa.test.nsslabs.com. ;; ADDITIONAL SECTION: freeipa.test.nsslabs.com. 1200 IN A 10.51.101.23 This host has no reverse or forward DNS set up. But it IS enrolled in freeIPA. [root@freeipa ~]# dig node001.swim1.test.nsslabs.com @localhost ;; QUESTION SECTION: ;node001.swim1.test.nsslabs.com. IN A ;; AUTHORITY SECTION: test.nsslabs.com. 3600 IN SOA freeipa.test.nsslabs.com. hostmaster.test.nsslabs.com. 1382950803 3600 900 1209600 3600 [root@freeipa ~]# dig -x 10.51.102.2 @localhost ;; QUESTION SECTION: ;2.102.51.10.in-addr.arpa. IN PTR ;; AUTHORITY SECTION: 51.10.in-addr.arpa. 3600 IN SOA freeipa.test.nsslabs.com. hostmaster.test.nsslabs.com. 1382863622 3600 900 1209600 3600 ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] DNS resource records problem. subdomains and /16's.
[root@freeipa ~]# ipa dnszone-find Zone name: 51.10.in-addr.arpa. Authoritative nameserver: freeipa.test.nsslabs.com. Administrator e-mail address: hostmaster.test.nsslabs.com. SOA serial: 1382863622 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 Active zone: TRUE Allow query: any; Allow transfer: none; Zone name: test.nsslabs.com Authoritative nameserver: freeipa.test.nsslabs.com. Administrator e-mail address: hostmaster.test.nsslabs.com. SOA serial: 1382950803 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 Active zone: TRUE Allow query: any; Allow transfer: none; Number of entries returned 2 On 28 October 2013 15:43, Andrew Holway andrew.hol...@gmail.com wrote: Sorry, I didn't mean to sent the last mail. However the FreeIPA has correctly set reverse and forward DNS. I have trimmed it up a bit for clarity. Forward DNS for this host is working but reverse DNS is not: [root@freeipa ~]# dig node002.test.nsslabs.com @localhost ;; QUESTION SECTION: ;node002.test.nsslabs.com. IN A ;; ANSWER SECTION: node002.test.nsslabs.com. 1200 IN A 10.51.102.2 ;; AUTHORITY SECTION: test.nsslabs.com. 86400 IN NS freeipa.test.nsslabs.com. ;; ADDITIONAL SECTION: freeipa.test.nsslabs.com. 1200 IN A 10.51.101.23 [root@freeipa ~]# dig 10.51.102.2 @localhost ;; QUESTION SECTION: ;10.51.102.2. IN A ;; AUTHORITY SECTION: . 10800 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2013102800 1800 900 604800 86400 The FreeIPA server has correctly set reverse and forward DNS. [root@freeipa ~]# dig freeipa.test.nsslabs.com @localhost ;; QUESTION SECTION: ;freeipa.test.nsslabs.com. IN A ;; ANSWER SECTION: freeipa.test.nsslabs.com. 1200 IN A 10.51.101.23 ;; AUTHORITY SECTION: test.nsslabs.com. 86400 IN NS freeipa.test.nsslabs.com. [root@freeipa ~]# dig -x 10.51.101.23 @localhost ;; QUESTION SECTION: ;23.101.51.10.in-addr.arpa. IN PTR ;; ANSWER SECTION: 23.101.51.10.in-addr.arpa. 86400 IN PTR freeipa.test.nsslabs.com. ;; AUTHORITY SECTION: 51.10.in-addr.arpa. 86400 IN NS freeipa.test.nsslabs.com. ;; ADDITIONAL SECTION: freeipa.test.nsslabs.com. 1200 IN A 10.51.101.23 This host has no reverse or forward DNS set up. But it IS enrolled in freeIPA. [root@freeipa ~]# dig node001.swim1.test.nsslabs.com @localhost ;; QUESTION SECTION: ;node001.swim1.test.nsslabs.com. IN A ;; AUTHORITY SECTION: test.nsslabs.com. 3600 IN SOA freeipa.test.nsslabs.com. hostmaster.test.nsslabs.com. 1382950803 3600 900 1209600 3600 [root@freeipa ~]# dig -x 10.51.102.2 @localhost ;; QUESTION SECTION: ;2.102.51.10.in-addr.arpa. IN PTR ;; AUTHORITY SECTION: 51.10.in-addr.arpa. 3600 IN SOA freeipa.test.nsslabs.com. hostmaster.test.nsslabs.com. 1382863622 3600 900 1209600 3600 ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
