<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
On 12/24/2012 09:13 AM, Nate Marks wrote:
<blockquote
cite="mid:CAHM9UcHU9QsBsmRxiTjoCb9efCQFkrArR3WYoSeABHUgFM+8ow@mail.gmail.com"
type="cite">I'd love some feedback on these. They seemed to work
for me.Thanks!<br id="internal-source-marker_0.32205532772029843">
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline"></span><br>
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline"></span><br>
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">Introduction</span><br>
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">This
guide starts at the point where your freeipa server is correctly
replicating accounts from a windows active directory server.
The following steps are intended to help you roll out the
passync software to all of your domain controllers. Detailed
descriptions of how the software works are available from people
far more competent than myself. I’m just covering some
installation tips. One thing that really screwed me up is that
there are great passsync docs for 389 directory server and great
passsync docs for freeipa server. They are similar. They are
NOT interchangeable. When using freeipa server stick with
freeipa docs . I know this seems obvious, but when passsync
doesn’t work the first time, my instinct is to cast about on
google for things that seem to be related. When you find the
389 server docs under those circumstances and try to apply them
to freeipa, you find a rathole. </span><br>
</blockquote>
<br>
Fixed - see below.<br>
<br>
<blockquote
cite="mid:CAHM9UcHU9QsBsmRxiTjoCb9efCQFkrArR3WYoSeABHUgFM+8ow@mail.gmail.com"
type="cite"><span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline"></span><br>
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">Getting
started:</span><br>
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline"></span><br>
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">It’s
theoretically possible to get the passsync to work on the first
attempt. I’ve just never done it. In order for that to work,
you have to have exactly the right values ready to go when you
run the passsync installer. The installer has input fields for
the following items:</span><br>
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline"></span><br>
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">verifying
the hostname, username password and search base values</span><br>
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">hostname:
<FQDN of the freeipa server></span><br>
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">port:
636</span><br>
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">username:
uid=passsync,cn=sysaccounts,cn=etc,dc=<xxx>,dc=<xxx></span><br>
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">password:
<password></span><br>
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">cert
token : tried it with and without the
/etc/dirsrv/slapd-instance/pwdfile.txt contents</span><br>
</blockquote>
<br>
Right - not needed<br>
<br>
<blockquote
cite="mid:CAHM9UcHU9QsBsmRxiTjoCb9efCQFkrArR3WYoSeABHUgFM+8ow@mail.gmail.com"
type="cite">
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">serach
base=cn=users,cn=accounts,dc=inframax,dc=ncare</span><br>
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline"></span><br>
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">The
best tool I found in windows for checking the passsync
installation settings is ldp.</span><br>
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">First
I’ll talk about verifying the easy stuff (hostname, username,
password, search base). run notepad on the windows server and
put in the values you’re going to use before running the
passsync installer. Then run ldp.exe and use the values from
notepad and the steps below to verify the hostname, username,
password and search base. </span><br>
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline"></span><br>
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">ldp.exe</span><br>
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">connection
> connect</span><br>
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">enter
the freeipa server hostname in the server field</span><br>
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">enter
port 636 (non-ssl port) in the port field</span><br>
</blockquote>
<br>
636 is the SSL port<br>
Does ldp have an option for StartTLS?<br>
<br>
<blockquote
cite="mid:CAHM9UcHU9QsBsmRxiTjoCb9efCQFkrArR3WYoSeABHUgFM+8ow@mail.gmail.com"
type="cite">
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">check
the SSL box</span><br>
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">click
OK</span><br>
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline"></span><br>
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline"></span><br>
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">connection
> bind</span><br>
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">select
the 'simple bind' radio button</span><br>
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">enter
the DN for the passsync account on the freeipa server in the
userfield. this is
"uid=passsync,cn=sysaccounts,cn=etc,dc=<domain>,dc=<domaintld>"
by default</span><br>
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">enter
the password for the passsync account in the password field</span><br>
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">click
ok</span><br>
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline"></span><br>
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">select
view > tree and make sure you can browse the tree in the ipa
server. browse to the subtree that you're going to use for
search base and make sure you</span><br>
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">
see your replicated accounts in that container.</span><br>
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">if
you can, then the values you used for the hostname, username,
password and search base are all correct. It also means that
the ca.crt file you imported for ldap account syunchronization
is working correctly. </span><br>
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline"></span><br>
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">NOTE:
I left cert token empty. it seems to be used for encrypting
the certificate db in c:\program files\389 directory password
synchronization. That can be done after you get password
synchronization working.</span><br>
</blockquote>
Right - it is not needed<br>
<blockquote
cite="mid:CAHM9UcHU9QsBsmRxiTjoCb9efCQFkrArR3WYoSeABHUgFM+8ow@mail.gmail.com"
type="cite"><span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline"></span><br>
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">Installing
Passsync:</span><br>
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">Now
we’ve done a bunch of work to check our values, but we haven’t
accomplished anything. So go ahead and run the passsync msi
installer and enter your values into the appropriate fields.</span><br>
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline"></span><br>
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">The
installer will create files, directories and registry stuff, but
we’re not nearly done. </span><br>
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline"></span><br>
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">Step
5 in the link below seems to have the correct steps. Be sure
to import the same certificate that you imported in the account
synchronization process. I got mine with wget
<a class="moz-txt-link-freetext" href="http://">http://</a><iapserver>/ipa/config/ca.crt. </span><br>
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline"></span><br>
<a moz-do-not-send="true"
href="https://docs.fedoraproject.org/en-US/Fedora/17/html/FreeIPA_Guide/pass-sync.html"><span
style="font-size:15px;font-family:Arial;color:#1155cc;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:underline;vertical-align:baseline">https://docs.fedoraproject.org/en-US/Fedora/17/html/FreeIPA_Guide/pass-sync.html</span></a><span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline"></span><br>
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline"></span><br>
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline"></span><br>
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline"></span><br>
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">One
mroe thing before rebooting, use regedit to change the value of
HKLM->Software->PasswordSync “Log Level” from 0 to 1. If
everything works and you don’t need it, great! </span><br>
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline"></span><br>
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">If
the stars line up, you’ve put good values into the passsync
installer, imported the freeipa servers certificate into the
cert DB that passsync uses and the installer registered a new
dll to capture password change events. You need to reboot the
server to get the dll registration to take effect. </span><br>
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">After
it restarts, change the password on an account that’s being
replicated to free ipa. use notepad to open the file c:\program
files\389 directory password synchronization\ passsync.txt</span><br>
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">if
the passhook.dll is working correctly, you’ll see an entry like:</span><br>
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">‘1
new entries loaded from data file’</span><br>
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline"></span><br>
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline"></span><br>
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">If
ssl is working correctly, you’ll be able to log into the freeipa
server with the test account and newly changed password. </span><br>
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline"></span><br>
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">Ifit
doesn’t work, verify your cert and your values with ldp.exe. I
just don’t have anything better that that yet.</span><br>
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline"></span><br>
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline"></span><br>
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">This
takes me to the point where I’d love more tools to troubleshoot
the problem. </span><br>
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline"></span><br>
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">Other
things I’ve tried:</span><br>
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">1)
UAC. I disable it, but I’d love some feedback on whether or not
that’s required on win 2k8R2.</span><br>
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">2)
some of my DCs have certificate services installed and some
don’t. I don’t think any of that matters or passsync, but I’d
love feedback there too.</span><br>
</blockquote>
<br>
It doesn't matter, as long as the Active Directory is using TLS/SSL
somehow, and you have access to the CA cert of the CA that issued
the Active Directory Server cert.<br>
<br>
<blockquote
cite="mid:CAHM9UcHU9QsBsmRxiTjoCb9efCQFkrArR3WYoSeABHUgFM+8ow@mail.gmail.com"
type="cite"><span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">3)
Here are the details on the 389 directory server steps that
screwed me up.:</span><br>
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline"></span><br>
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">I
found these steps for exporting cert from the linux that
apparently apply to 389 and not to freeipa(</span><a
moz-do-not-send="true"
href="http://directory.fedoraproject.org/wiki/Howto:WindowsSync"><span
style="font-size:15px;font-family:Arial;color:#1155cc;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:underline;vertical-align:baseline">http://directory.fedoraproject.org/wiki/Howto:WindowsSync</span></a><span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">)
and they really screwed me up with freeipa:</span><br>
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">***DO
NOT USE THIS METHOD TO GET A PASSSYNC CERT***</span><br>
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">cd
/usr/lib/dirsrv/slapd-instance_name<br class="kix-line-break">
certutil -d . -L -n "CA certificate" -a > dsca.crt<br
class="kix-line-break">
# NOTE - it might not be called CA certificate - use certutil -d
. -L to list your certs</span><br>
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">***DO
NOT USE THIS METHOD TO GET A PASSSYNC CERT***</span><br>
</blockquote>
I think the problem is that it tells you to use
/usr/lib/dirsrv/slapd-INST which is bogus - it should be
/etc/dirsrv/slapd-INST - I've fixed the wiki page<br>
<blockquote
cite="mid:CAHM9UcHU9QsBsmRxiTjoCb9efCQFkrArR3WYoSeABHUgFM+8ow@mail.gmail.com"
type="cite">
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline"></span><br>
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">instead,
just use the process that worked for the account replication
setup.</span><br>
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">just
use the ca.crt from </span><a moz-do-not-send="true"
href="http://ipaserver/ipa/config/ac.crt"><span
style="font-size:15px;font-family:Arial;color:#1155cc;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:underline;vertical-align:baseline">http://<ipaserver>/ipa/config/ac.crt</span></a><span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">.</span><br>
</blockquote>
this is probably simpler and will work from the windows machine as
well<br>
<blockquote
cite="mid:CAHM9UcHU9QsBsmRxiTjoCb9efCQFkrArR3WYoSeABHUgFM+8ow@mail.gmail.com"
type="cite">
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline"></span><br>
<span
style="font-size:15px;font-family:Arial;color:#000000;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">
The steps don’t throw any errors, but that certificate didn’t
work for me. It may be a little obvious, but it only worked if
I imported the same cert file used in the replication process.
I got that file </span><br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Freeipa-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
</blockquote>
<br>
</body>
</html>