That is correct:
host1-> hostname
host1.my_domain.com
I was beginning to suspect that it is in sudo. I checked the documentation
for that version of sudo and it does include support for netgroups. Perhaps I
need something extra in the sudoers file, or an additional option.
Thanks,
-Mark
________________________________________________________________
Mark Tovey - UNIX Engineer | Service Strategy & Design
UTi | 400 SW Sixth Ave, Suite 1100 | Portland | Oregon | 97204 | USA
[email protected] | O / C +1 503 953-1389
-----Original Message-----
From: Pavel Březina [mailto:[email protected]]
Sent: Friday, July 19, 2013 11:01 AM
To: Tovey, Mark
Cc: [email protected]
Subject: Re: [Freeipa-users] sudo rules user and host group bugs?
Hi,
hostname command outputs "host1.my_domain.com", right? This version of sudo is
very old, I'll check the code and eventually consult with sudo maintainer.
On 07/19/2013 06:49 PM, Tovey, Mark wrote:
>
> Does anyone have any other suggestions for this or need any additional
> information?
> Thanks,
> -Mark
>
>
> ________________________________________________________________
> Mark Tovey - UNIX Engineer | Service Strategy & Design UTi | 400 SW
> Sixth Ave, Suite 1100 | Portland | Oregon | 97204 | USA
> [email protected] | O / C +1 503 953-1389
>
> -----Original Message-----
> From: [email protected]
> [mailto:[email protected]] On Behalf Of Tovey, Mark
> Sent: Thursday, July 18, 2013 11:06 AM
> To: Pavel Březina; [email protected]
> Subject: Re: [Freeipa-users] sudo rules user and host group bugs?
>
>
>
> host1-> nisdomainname
> my_domain.com
>
> host1-> rpm -q sudo
> sudo-1.7.2p1-6.el5_5
>
> Thanks,
> -Mark
>
>
> ________________________________________________________________
> Mark Tovey - UNIX Engineer | Service Strategy & Design UTi | 400 SW
> Sixth Ave, Suite 1100 | Portland | Oregon | 97204 | USA
> [email protected] | O / C +1 503 953-1389
>
> -----Original Message-----
> From: [email protected]
> [mailto:[email protected]] On Behalf Of Pavel Brezina
> Sent: Thursday, July 18, 2013 2:03 AM
> To: [email protected]
> Subject: Re: [Freeipa-users] sudo rules user and host group bugs?
>
> On 07/17/2013 06:39 PM, Tovey, Mark wrote:
>>
>> Okay, I get it (pardon my obtuseness).
>>
>> host1-> getent netgroup hgroup1
>> hgroup1 (host1.my_domain.com, -, my_domain.com)
>>
>> So netgroups are working. The host group is defined in IPA and getent
>> is able to access that information.
>> Thanks,
>> -Mark
>
> Hi,
> can you also paste the output of following commands please?
>
> $ nisdomainname
> $ rpm -q sudo
>
> Thanks,
> Pavel.
>
>>
>>
>> ________________________________________________________________
>> Mark Tovey - UNIX Engineer | Service Strategy & Design UTi | 400 SW
>> Sixth Ave, Suite 1100 | Portland | Oregon | 97204 | USA
>> [email protected] | O / C +1 503 953-1389
>>
>>
>> -----Original Message-----
>> From: Jakub Hrozek [mailto:[email protected]]
>> Sent: Wednesday, July 17, 2013 8:58 AM
>> To: Tovey, Mark
>> Cc: [email protected]; [email protected]
>> Subject: Re: [Freeipa-users] sudo rules user and host group bugs?
>>
>> On Wed, Jul 17, 2013 at 03:01:58PM +0000, Tovey, Mark wrote:
>>>
>>> We have sssd-1.5.1-58.el5 and ipa-client-2.1.3-5.el5_9.2 installed.
>>
>> OK, these are recent enough to support netgroups and the compat tree should
>> be configured automatically.
>>
>>> Those came out of the 'latest' repository. We do not have any netgroups
>>> defined (there is no /etc/netgroup file), so getent does not return
>>> anything.
>>
>> Every hostgroup is automatically translated into a netgroup on the server
>> side. You said you have some host groups present, so does "getent netgroup
>> <name-of-hostgroup> return any netgroup data?
>>
>>> Thanks,
>>> -Mark
>>>
>>
>>>
>>> ________________________________________________________________
>>> Mark Tovey - UNIX Engineer | Service Strategy & Design UTi | 400 SW
>>> Sixth Ave, Suite 1100 | Portland | Oregon | 97204 | USA
>>> [email protected] | O / C +1 503 953-1389
>>>
>>>
>>> -----Original Message-----
>>> From: Jakub Hrozek [mailto:[email protected]]
>>> Sent: Wednesday, July 17, 2013 1:32 AM
>>> To: Tovey, Mark
>>> Cc: [email protected]; [email protected]
>>> Subject: Re: [Freeipa-users] sudo rules user and host group bugs?
>>>
>>> On Tue, Jul 16, 2013 at 09:13:00PM +0000, Tovey, Mark wrote:
>>>>
>>>>
>>>> We are using sssd. The sssd.conf file is mostly unchanged from how
>>>> it was installed by the ipa-client-install script:
>>>
>>> Hi Mark,
>>>
>>> you said your client is OEL *5.5* ? The SSSD first appeared in RHEL (and by
>>> extension OEL) in 5.6. Are you running the version from EPEL? I'm not sure
>>> if netgroups were even supported in that old version..
>>>
>>> What is the output of "rpm -q sssd" and "rpm -q ipa-client" ?
>>>
>>> Does getent netgroup <netgroup-name> work?
>>>
>>>>
>>>> [sssd]
>>>> config_file_version = 2
>>>> services = nss, pam
>>>>
>>>> domains = my_domain.com
>>>> [nss]
>>>>
>>>> [pam]
>>>>
>>>> [domain/my_domain.com]
>>>> cache_credentials = True
>>>> krb5_store_password_if_offline = True ipa_domain = my_domain.com
>>>> id_provider = ipa auth_provider = ipa access_provider = ipa
>>>> chpass_provider = ipa ipa_server = _srv_, ipa_server.my_domain.com
>>>> ldap_tls_cacert = /etc/ipa/ca.crt debug_level = 6
>>>>
>>>>
>>>> And the nsswitch.conf file:
>>>>
>>>> passwd: files sss
>>>> shadow: files sss
>>>> group: files sss
>>>>
>>>> hosts: files dns
>>>>
>>>> bootparams: nisplus [NOTFOUND=return] files
>>>>
>>>> ethers: files
>>>> netmasks: files
>>>> networks: files
>>>> protocols: files
>>>> rpc: files
>>>> services: files
>>>>
>>>> netgroup: files sss
>>>>
>>>> publickey: nisplus
>>>>
>>>> automount: files ldap
>>>> aliases: files
>>>>
>>>> sudoers: files ldap
>>>>
>>>> Thanks,
>>>> -Mark
>>>>
>>>>
>>>>
>>>> ________________________________________________________________
>>>> Mark Tovey - UNIX Engineer | Service Strategy & Design UTi | 400 SW
>>>> Sixth Ave, Suite 1100 | Portland | Oregon | 97204 | USA
>>>> [email protected] | O / C +1 503 953-1389 | Skype: mark.tovey2
>>>>
>>>>
>>>> -----Original Message-----
>>>> From: [email protected]
>>>> [mailto:[email protected]] On Behalf Of Dmitri Pal
>>>> Sent: Tuesday, July 16, 2013 12:51 PM
>>>> To: [email protected]
>>>> Subject: Re: [Freeipa-users] sudo rules user and host group bugs?
>>>>
>>>> On 07/16/2013 02:11 PM, Tovey, Mark wrote:
>>>>> My environment consists of OEL 5.5 clients with ipa-client-2.1.3
>>>>> and the server is OEL 6.4 with ipa-server-3.0.0. We chose these because
>>>>> we were able to find RPM packages for them. We would prefer to go with
>>>>> the latest versions, but we did not want to spend the time building
>>>>> installation packages just yet. Again, we are just evaluating at this
>>>>> point. So far, so good, except for this one point.
>>>>> The doman name, host name, and nsswitch.conf files are all properly
>>>>> configured. But I do not have any netgroups defined (the getent command
>>>>> doesn't return anything and there is no /etc/netgroup file). After you
>>>>> asked about that, I started looking into the documentation on netgroups.
>>>>> The IPA documentation for sudo states that "Identity Management creates
>>>>> two groups, a visible host group and a shadow netgroup. sudo itself only
>>>>> supports NIS-style netgroups for group formats." But when I look in the
>>>>> Netgroups area, I do not see any netgroups defined. I used Apache
>>>>> Directory Studio to look around the Directory Server, and I can see
>>>>> "cn=hgroup1,cn=ng,cn=alt,dc=my_domain,dc=com", along with
>>>>> "cn=hgroup1,cn=hostgroups,cn=accounts,dc=my_domain,dc=com". This seems
>>>>> to reflect what was stated in the documentation.
>>>>> But I am still stumped. I cannot get sudo to work with host
>>>>> groups; I have to directly add each server to the sudo rule.
>>>>> Thanks,
>>>>> -Mark
>>>>
>>>> So can it seems that the first thing you need to to do is to make sure
>>>> your netgroups work.
>>>> If domain and host are properly set then it might be the wrong base in
>>>> your LDAP search for the netgroups.
>>>> Are you using SSSD for netgroups or something else?
>>>> Can you please share your sssd.conf and area where it configures netgroups?
>>>> Also is sss in the nsswitch.conf for netgroups map?
>>>>
>>>>>
>>>>>
>>>>> ________________________________________________________________
>>>>> Mark Tovey - UNIX Engineer | Service Strategy & Design UTi | 400
>>>>> SW Sixth Ave, Suite 1100 | Portland | Oregon | 97204 | USA
>>>>> [email protected] | O / C +1 503 953-1389 | Skype: mark.tovey2
>>>>>
>>>>> -----Original Message-----
>>>>> From: Martin Kosek [mailto:[email protected]]
>>>>> Sent: Tuesday, July 16, 2013 12:34 AM
>>>>> To: Tovey, Mark
>>>>> Cc: Steven Jones; James Hogarth; [email protected]; Pavel
>>>>> Brezina
>>>>> Subject: Re: [Freeipa-users] sudo rules user and host group bugs?
>>>>>
>>>>> Just checking, did you try troubleshooting hints from JR I found at the
>>>>> top of the thread? I did not find an information about that.
>>>>>
>>>>> ~~~~
>>>>> Can you confirm that the output of the following commands:
>>>>> 1. $ domainname
>>>>> * does it match your domain?
>>>>> 2. $ hostname
>>>>> * does match match your fqdn?
>>>>> 3. $ getent netgroup esolutions-sandbox-hosts
>>>>> * does this list your host?
>>>>> 4. Does /etc/nsswitch.conf contain the line: "netgroup: files sss"?
>>>>>
>>>>>
>>>>> Another important Sudo Troubleshooting step is to edit:
>>>>> /etc/sudo-ldap.conf (or /etc/ldap.conf, depending on what version of
>>>>> RHEL/Sudo you're running):
>>>>>
>>>>> At the top, add the line: sudoers_debug 2
>>>>>
>>>>> Then try another sudo command. sudo -l for example.
>>>>> ~~~~
>>>>>
>>>>> For example, it would help to know that netgroup list (step 3) works or
>>>>> domainname is set correctly (step 1).
>>>>>
>>>>> Martin
>>>>>
>>>>>
>>>>> On 07/16/2013 06:09 AM, Tovey, Mark wrote:
>>>>>>
>>>>>>
>>>>>> Okay, I stopped sssd on the client and deleted the cache
>>>>>> files, removed the sudo rule, started sssd and verified that the
>>>>>> rule was gone, stopped sssd and deleted the files again, added
>>>>>> the rule back in, restarted sssd, and still it does not work.
>>>>>> One note, when I enter the hosts into the sudo rule in place of
>>>>>> the host group, the effect is immediate; I do not need to restart
>>>>>> sssd. And the opposite is true too: if I put the host group
>>>>>> back, the rule immediately stops working. I don't think the
>>>>>> issue is cache related; it seems to be something else. The serv_account
>>>>>> that we are accessing with the sudo rule is external. I wouldn't expect
>>>>>> that to matter, but perhaps it does?
>>>>>>
>>>>>>
>>>>>>
>>>>>> I like your idea for the labels; they make sense. Right
>>>>>> now we are just evaluating this to see if we want to go this route.
>>>>>> So far we like it, but this could be a problem because we have a
>>>>>> several hundred hosts that we need to manage. Having to enter each one
>>>>>> individually will be problematic.
>>>>>>
>>>>>> Thanks,
>>>>>>
>>>>>> -Mark
>>>>>>
>>>>>>
>>>>>>
>>>>>> * *
>>>>>>
>>>>>> *________________________________________________________________
>>>>>> *
>>>>>>
>>>>>> *Mark Tovey - UNIX Engineer | Service Strategy & Design*
>>>>>>
>>>>>> UTi <http://www.go2uti.com/> | 400 SW Sixth Ave, Suite 1100 |
>>>>>> Portland
>>>>>> | Oregon
>>>>>> | 97204 | USA
>>>>>>
>>>>>> [email protected] <mailto:[email protected]> | O / C +1 503 953-1389 |
>>>>>> Skype:
>>>>>> mark.tovey2
>>>>>>
>>>>>>
>>>>>>
>>>>>> *From:*Steven Jones [mailto:[email protected]]
>>>>>> *Sent:* Monday, July 15, 2013 4:44 PM
>>>>>> *To:* Tovey, Mark; James Hogarth
>>>>>> *Cc:* [email protected]
>>>>>> *Subject:* RE: [Freeipa-users] sudo rules user and host group bugs?
>>>>>>
>>>>>>
>>>>>>
>>>>>> option b) delete the rule totally and redo it from scratch.
>>>>>>
>>>>>> I label rules like this,
>>>>>>
>>>>>> hb-xxxx for a hbac rule
>>>>>>
>>>>>> su-xxxx for a sudo rule
>>>>>>
>>>>>> sc-xxxx for a sudo command group
>>>>>>
>>>>>> ug-xxxx for a user group
>>>>>>
>>>>>> hg-xxxx for a host groups
>>>>>>
>>>>>> etc
>>>>>>
>>>>>> etc
>>>>>>
>>>>>> It makes the logic easier when you go into command line which I
>>>>>> find easier to trace with than the gui at time.
>>>>>>
>>>>>>
>>>>>>
>>>>>> regards
>>>>>>
>>>>>> Steven Jones
>>>>>>
>>>>>> Technical Specialist - Linux RHCE
>>>>>>
>>>>>> Victoria University, Wellington, NZ
>>>>>>
>>>>>> 0064 4 463 6272
>>>>>>
>>>>>> -----------------------------------------------------------------
>>>>>> --
>>>>>> --
>>>>>> -
>>>>>> ---------
>>>>>>
>>>>>> *From:*Tovey, Mark [[email protected]]
>>>>>> *Sent:* Tuesday, 16 July 2013 11:34 a.m.
>>>>>> *To:* Steven Jones; James Hogarth
>>>>>> *Cc:* [email protected] <mailto:[email protected]>
>>>>>> *Subject:* RE: [Freeipa-users] sudo rules user and host group bugs?
>>>>>>
>>>>>>
>>>>>>
>>>>>> That didn't work either. I set up the host group in my
>>>>>> sudo rule, stopped sssd, renamed /var/lib/sss/db and created a
>>>>>> new db directory, then restarted sssd. New files were created in
>>>>>> the db directory, but it still refuses to work unless the hosts are
>>>>>> directly specified in the sudo rule.
>>>>>>
>>>>>> Thanks,
>>>>>>
>>>>>> -Mark
>>>>>>
>>>>>>
>>>>>>
>>>>>> * *
>>>>>>
>>>>>> *________________________________________________________________
>>>>>> *
>>>>>>
>>>>>> *Mark Tovey - UNIX Engineer | Service Strategy & Design*
>>>>>>
>>>>>> UTi <http://www.go2uti.com/> | 400 SW Sixth Ave, Suite 1100 |
>>>>>> Portland
>>>>>> | Oregon
>>>>>> | 97204 | USA
>>>>>>
>>>>>> [email protected] <mailto:[email protected]> | O / C +1 503 953-1389 |
>>>>>> Skype:
>>>>>> mark.tovey2
>>>>>>
>>>>>>
>>>>>>
>>>>>> *From:*Steven Jones [mailto:[email protected]]
>>>>>> *Sent:* Monday, July 15, 2013 4:15 PM
>>>>>> *To:* Tovey, Mark; James Hogarth
>>>>>> *Cc:* [email protected] <mailto:[email protected]>
>>>>>> *Subject:* RE: [Freeipa-users] sudo rules user and host group bugs?
>>>>>>
>>>>>>
>>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> This is a known issue Ive suffered a long time with. What would
>>>>>> be interesting is adding another host to the host group could
>>>>>> well work fine, that will really make you bang your head against the
>>>>>> wall..
>>>>>>
>>>>>> 2 possibilities, stop the sssd daemon on the problem host, delete
>>>>>> its cache and start it, that might fix it.
>>>>>>
>>>>>> Otherwise best to,
>>>>>>
>>>>>> All RH support could come up with is delete the HBAC rule, sudo
>>>>>> rule, user group and host group and re-do it, then it will probably work
>>>>>> fine.
>>>>>>
>>>>>>
>>>>>>
>>>>>> regards
>>>>>>
>>>>>> Steven Jones
>>>>>>
>>>>>> Technical Specialist - Linux RHCE
>>>>>>
>>>>>> Victoria University, Wellington, NZ
>>>>>>
>>>>>> 0064 4 463 6272
>>>>>>
>>>>>> -----------------------------------------------------------------
>>>>>> --
>>>>>> --
>>>>>> -
>>>>>> ---------
>>>>>>
>>>>>> *From:*[email protected]
>>>>>> <mailto:[email protected]>
>>>>>> [[email protected]] on behalf of Tovey, Mark
>>>>>> [[email protected]]
>>>>>> *Sent:* Tuesday, 16 July 2013 10:54 a.m.
>>>>>> *To:* James Hogarth
>>>>>> *Cc:* [email protected] <mailto:[email protected]>
>>>>>> *Subject:* Re: [Freeipa-users] sudo rules user and host group bugs?
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> I checked that and it is set correctly:
>>>>>>
>>>>>>
>>>>>>
>>>>>> [user1@host1 ~]$ nisdomainname
>>>>>>
>>>>>> my_domain.com
>>>>>>
>>>>>>
>>>>>>
>>>>>> If I try to run a command with the hosts specified
>>>>>> indirectly through a host group, it fails:
>>>>>>
>>>>>>
>>>>>>
>>>>>> [user1@host1 ~]$ sudo -i -u serv_account
>>>>>>
>>>>>> LDAP Config Summary
>>>>>>
>>>>>> ===================
>>>>>>
>>>>>> uri ldap://ipa_server.my_domain.com
>>>>>>
>>>>>> ldap_version 3
>>>>>>
>>>>>> sudoers_base ou=SUDOers,dc=my_domain,dc=com
>>>>>>
>>>>>> binddn uid=sudo,cn=sysaccounts,cn=etc,dc=my_domain,dc=com
>>>>>>
>>>>>> bindpw **********
>>>>>>
>>>>>> bind_timelimit 5000
>>>>>>
>>>>>> timelimit 15
>>>>>>
>>>>>> ssl start_tls
>>>>>>
>>>>>> tls_checkpeer (yes)
>>>>>>
>>>>>> tls_cacertfile /etc/ipa/ca.crt
>>>>>>
>>>>>> ===================
>>>>>>
>>>>>> sudo: ldap_initialize(ld, ldap://ipa_server.my_domain.com)
>>>>>>
>>>>>> sudo: ldap_set_option: debug -> 0
>>>>>>
>>>>>> sudo: ldap_set_option: ldap_version -> 3
>>>>>>
>>>>>> sudo: ldap_set_option: tls_checkpeer -> 1
>>>>>>
>>>>>> sudo: ldap_set_option: tls_cacertfile -> /etc/ipa/ca.crt
>>>>>>
>>>>>> sudo: ldap_set_option: timelimit -> 15
>>>>>>
>>>>>> sudo: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT, 5)
>>>>>>
>>>>>>
>>>>>>
>>>>>> sudo: ldap_start_tls_s() ok
>>>>>>
>>>>>> sudo: ldap_sasl_bind_s() ok
>>>>>>
>>>>>> sudo: no default options found!
>>>>>>
>>>>>> sudo: ldap search
>>>>>> '(|(sudoUser=user1)(sudoUser=%user1)(sudoUser=%user1s)(sudoUser=ALL))'
>>>>>>
>>>>>> sudo: found:cn=my_sudo_rule,ou=sudoers,dc=my_domain,dc=com
>>>>>>
>>>>>> sudo: ldap sudoHost '+hgroup1' ... not
>>>>>>
>>>>>> sudo: ldap search 'sudoUser=+*'
>>>>>>
>>>>>> sudo: user_matches=1
>>>>>>
>>>>>> sudo: host_matches=0
>>>>>>
>>>>>> sudo: sudo_ldap_lookup(0)=0x40
>>>>>>
>>>>>> [sudo] password for user1:
>>>>>>
>>>>>> Sorry, try again.
>>>>>>
>>>>>> [sudo] password for user1:
>>>>>>
>>>>>> sudo: 1 incorrect password attempt
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> But if I remove the host group from the sudo rule and
>>>>>> directly add the hosts that were in the host group, it works fine:
>>>>>>
>>>>>>
>>>>>>
>>>>>> <snip>
>>>>>>
>>>>>>
>>>>>>
>>>>>> sudo: ldap_start_tls_s() ok
>>>>>>
>>>>>> sudo: ldap_sasl_bind_s() ok
>>>>>>
>>>>>> sudo: no default options found!
>>>>>>
>>>>>> sudo: ldap search
>>>>>> '(|(sudoUser=user1)(sudoUser=%user1)(sudoUser=%user1s)(sudoUser=ALL))'
>>>>>>
>>>>>> sudo: found:cn=my_sudo_rule,ou=sudoers,dc=my_domain,dc=com
>>>>>>
>>>>>> sudo: ldap sudoHost 'host1.my_domain.com' ... MATCH!
>>>>>>
>>>>>> sudo: ldap sudoRunAsUser 'serv_account' ... MATCH!
>>>>>>
>>>>>> sudo: ldap sudoCommand 'ALL' ... MATCH!
>>>>>>
>>>>>> sudo: Command allowed
>>>>>>
>>>>>> sudo: user_matches=1
>>>>>>
>>>>>> sudo: host_matches=1
>>>>>>
>>>>>> sudo: sudo_ldap_lookup(0)=0x02
>>>>>>
>>>>>> [sudo] password for user1:
>>>>>>
>>>>>> [serv_account@host1 ~]$
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> So something isn't lining up correctly with host groups in
>>>>>> sudo rules somewhere. I just haven't been able to track it down.
>>>>>>
>>>>>> Thanks,
>>>>>>
>>>>>> -Mark
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> * *
>>>>>>
>>>>>> *________________________________________________________________
>>>>>> *
>>>>>>
>>>>>> *Mark Tovey - UNIX Engineer | Service Strategy & Design*
>>>>>>
>>>>>> UTi <http://www.go2uti.com/> | 400 SW Sixth Ave, Suite 1100 |
>>>>>> Portland
>>>>>> | Oregon
>>>>>> | 97204 | USA
>>>>>>
>>>>>> [email protected] <mailto:[email protected]> | O / C +1 503 953-1389 |
>>>>>> Skype:
>>>>>> mark.tovey2
>>>>>>
>>>>>>
>>>>>>
>>>>>> *From:*James Hogarth [mailto:[email protected]]
>>>>>> *Sent:* Monday, July 15, 2013 1:11 PM
>>>>>> *To:* Tovey, Mark
>>>>>> *Subject:* Re: [Freeipa-users] sudo rules user and host group bugs?
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Did anyone find a solution for this? I am having the same
>>>>>>> experience.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>> Wow that was a mess...
>>>>>>
>>>>>> To use hostgroups for sudo ensure nisdomainname is set on the
>>>>>> hosts to the IPA domain.
>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Freeipa-users mailing list
>>>>>> [email protected]
>>>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Freeipa-users mailing list
>>>>> [email protected]
>>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>>
>>>>
>>>> --
>>>> Thank you,
>>>> Dmitri Pal
>>>>
>>>> Sr. Engineering Manager for IdM portfolio Red Hat Inc.
>>>>
>>>>
>>>> -------------------------------
>>>> Looking to carve out IT costs?
>>>> www.redhat.com/carveoutcosts/
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Freeipa-users mailing list
>>>> [email protected]
>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>>
>>>> _______________________________________________
>>>> Freeipa-users mailing list
>>>> [email protected]
>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> [email protected]
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>
>
> _______________________________________________
> Freeipa-users mailing list
> [email protected]
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
> _______________________________________________
> Freeipa-users mailing list
> [email protected]
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
