[Freeipa-users] Broken dirsrv and SSL certificate in CA-less install of FreeIPA 4.4 on CentOS 7.3
Martin Basti
mbasti at redhat.com
Fri Dec 30 10:54:28 UTC 2016
Hello,
The first half of the first issue is this bug:
https://fedorahosted.org/freeipa/ticket/6226
you have to enable SSL on server manually after installation
The second half of the first issue shouldn't be related to ticket above,
but I don't know more details I'll leave this for IPA CA gurus
The second issue is unrelated to certificates, I believe that something
in dirsrv causes this unusual behavior. I saw this before with other users.
* both no such entry for HTTP principal, or for topology plugin are the
same issue
* all users have this issue with CA-less installation, but not always
reproducible, I'm not sure if there can be a step in CA-less install
that can cause this
* entries are in database (were added previously by installer) but
during installation the search failed with no such entry, ldapsearch
after installation works
* in access log SRCH is before ADD operation, but this is against the
steps in installer, entry is added first and even installer failed hard
so there is no way how to add it after failure caused by not found error.
[29/Dec/2016:10:33:02.775715491 +0000] conn=16 op=1 SRCH base="krbprincipalname=HTTP/ipa01.pakos.uk at PAKOS.UK,cn=services,cn=accounts,dc=pakos,dc=uk" scope=0 filter="(objectClass=*)" attrs=ALL
[29/Dec/2016:10:33:02.775892719 +0000] conn=16 op=1 RESULT err=32 tag=101 nentries=0 etime=0
This caused installation failure (IMO - there is no more SRCH operation for HTTP principal in log) ^^^^^^
......
[29/Dec/2016:10:33:05.487917960 +0000] conn=17 op=10 ADD dn="krbprincipalname=HTTP/ipa01.pakos.uk at PAKOS.UK,cn=services,cn=accounts,dc=pakos,dc=uk"
[29/Dec/2016:10:33:05.492213776 +0000] conn=17 op=10 RESULT err=0 tag=105 nentries=0 etime=0 csn=5864e653000000040000
[29/Dec/2016:10:33:05.492372184 +0000] conn=17 op=11 MOD dn="krbprincipalname=HTTP/ipa01.pakos.uk at PAKOS.UK,cn=services,cn=accounts,dc=pakos,dc=uk"
[29/Dec/2016:10:33:05.494649080 +0000] conn=17 op=11 RESULT err=0 tag=103 nentries=0 etime=0 csn=5864e653000100040000
[29/Dec/2016:10:33:05.494816357 +0000] conn=17 op=12 MOD dn="krbprincipalname=HTTP/ipa01.pakos.uk at PAKOS.UK,cn=services,cn=accounts,dc=pakos,dc=uk"
These were added after failure ??? ^^^^^
I need a DS guru assistance to resolve this :)
Martin^2
On 29.12.2016 19:13, Peter Pakos wrote:
> Access log: https://files.pakos.uk/access.txt
> Error log: https://files.pakos.uk/ipareplica-install.log.txt
> I hope it helps.
> On 29 December 2016 at 12:52, Peter Pakos <peter at pakos.uk
> <mailto:peter at pakos.uk>> wrote:
>
> Hi guys,
> I'm facing yet another problem with CA-less install of FreeIPA
> replica and 3rd party SSL certificate.
> Few days ago I deployed a new CA-less server (ipa02) by running
> the following command:
>
> ipa-server-install \ -r PAKOS.UK <http://PAKOS.UK> \ -n
> pakos.uk <http://pakos.uk> \ -p 'password' \ -a 'password'
> \ --mkhomedir \ --setup-dns \ --no-forwarders \
> --no-dnssec-validation \
> --dirsrv-cert-file=/root/ssl/star.pakos.uk.pfx \
> --dirsrv-pin='' \
> --http-cert-file=/root/ssl/star.pakos.uk.pfx \ --http-pin=''
> \ --http-cert-name=AlphaWildcardIPA \ --idstart=1000
>
> This server appears to be working OK.
> Then yesterday I deployed a client (ipa01):
>
> ipa-client-install \ -p admin \ -w 'password' \ --mkhomedir
>
> Next, I promoted it to IPA server:
>
> ipa-replica-install \ -w 'password' \ --mkhomedir \
> --setup-dns \ --no-forwarders \ --no-dnssec-validation \
> --dirsrv-cert-file=/root/ssl/star.pakos.uk.pfx \
> --dirsrv-pin='' \ --dirsrv-cert-name=AlphaWildcardIPA \
> --http-cert-file=/root/ssl/star.pakos.uk.pfx \ --http-pin=''
> \ --http-cert-name=AlphaWildcardIPA
>
> After it finished, I've noticed that dirsrv wasn't running on port
> 636 on ipa01.
> Further investigation revealed that the SSL wildcard certificate
> (AlphaWildcardIPA) wasn't installed in dirsrv DB and CA
> certificates were named oddly (CA 1 and CA 2):
>
> [root at ipa01 ~]# certutil -L -d /etc/httpd/alias/ Certificate
> Nickname Trust Attributes SSL,S/MIME,JAR/XPI AlphaWildcardIPA
> u,u,u CA 1 ,, CA 2 C,, [root at ipa01 ~]# certutil -L -d
> /etc/dirsrv/slapd-PAKOS-UK/ Certificate Nickname Trust Attributes
> SSL,S/MIME,JAR/XPI GlobalSign Root CA - GlobalSign nv-sa ,,
> AlphaSSL CA - SHA256 - G2 - GlobalSign nv-sa C,,
>
> This is what I found in the error log:
>
> [29/Dec/2016:01:43:58.852745536 +0000] 389-Directory/1.3.5.10
> <http://1.3.5.10> B2016.341.2222 starting up
> [29/Dec/2016:01:43:58.867642515 +0000] default_mr_indexer_create:
> warning - plugin [caseIgnoreIA5Match] does not handle
> caseExactIA5Match [29/Dec/2016:01:43:58.889866051 +0000]
> schema-compat-plugin - scheduled schema-compat-plugin tree scan in
> about 5 seconds after the server startup!
> [29/Dec/2016:01:43:58.905267535 +0000] NSACLPlugin - The ACL
> target cn=groups,cn=compat,dc=pakos,dc=uk does not exist
> [29/Dec/2016:01:43:58.907051833 +0000] NSACLPlugin - The ACL
> target cn=computers,cn=compat,dc=pakos,dc=uk does not exist
> [29/Dec/2016:01:43:58.908396407 +0000] NSACLPlugin - The ACL
> target cn=ng,cn=compat,dc=pakos,dc=uk does not exist
> [29/Dec/2016:01:43:58.909758735 +0000] NSACLPlugin - The ACL
> target ou=sudoers,dc=pakos,dc=uk does not exist
> [29/Dec/2016:01:43:58.911133739 +0000] NSACLPlugin - The ACL
> target cn=users,cn=compat,dc=pakos,dc=uk does not exist
> [29/Dec/2016:01:43:58.912416230 +0000] NSACLPlugin - The ACL
> target cn=vaults,cn=kra,dc=pakos,dc=uk does not exist
> [29/Dec/2016:01:43:58.913644794 +0000] NSACLPlugin - The ACL
> target cn=vaults,cn=kra,dc=pakos,dc=uk does not exist
> [29/Dec/2016:01:43:58.914901802 +0000] NSACLPlugin - The ACL
> target cn=vaults,cn=kra,dc=pakos,dc=uk does not exist
> [29/Dec/2016:01:43:58.916158004 +0000] NSACLPlugin - The ACL
> target cn=vaults,cn=kra,dc=pakos,dc=uk does not exist
> [29/Dec/2016:01:43:58.917409810 +0000] NSACLPlugin - The ACL
> target cn=vaults,cn=kra,dc=pakos,dc=uk does not exist
> [29/Dec/2016:01:43:58.918636743 +0000] NSACLPlugin - The ACL
> target cn=vaults,cn=kra,dc=pakos,dc=uk does not exist
> [29/Dec/2016:01:43:58.919904210 +0000] NSACLPlugin - The ACL
> target cn=vaults,cn=kra,dc=pakos,dc=uk does not exist
> [29/Dec/2016:01:43:58.921175543 +0000] NSACLPlugin - The ACL
> target cn=vaults,cn=kra,dc=pakos,dc=uk does not exist
> [29/Dec/2016:01:43:58.922417264 +0000] NSACLPlugin - The ACL
> target cn=vaults,cn=kra,dc=pakos,dc=uk does not exist
> [29/Dec/2016:01:43:58.923818252 +0000] NSACLPlugin - The ACL
> target cn=vaults,cn=kra,dc=pakos,dc=uk does not exist
> [29/Dec/2016:01:43:58.925218237 +0000] NSACLPlugin - The ACL
> target cn=vaults,cn=kra,dc=pakos,dc=uk does not exist
> [29/Dec/2016:01:43:58.928474915 +0000] NSACLPlugin - The ACL
> target cn=ad,cn=etc,dc=pakos,dc=uk does not exist
> [29/Dec/2016:01:43:58.943158867 +0000] NSACLPlugin - The ACL
> target cn=casigningcert
> cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=pakos,dc=uk does not
> exist [29/Dec/2016:01:43:58.944679679 +0000] NSACLPlugin - The ACL
> target cn=casigningcert
> cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=pakos,dc=uk does not
> exist [29/Dec/2016:01:43:59.060335708 +0000] NSACLPlugin - The ACL
> target cn=automember rebuild membership,cn=tasks,cn=config does
> not exist [29/Dec/2016:01:43:59.066618653 +0000] Skipping CoS
> Definition cn=Password Policy,cn=accounts,dc=pakos,dc=uk--no CoS
> Templates found, which should be added before the CoS Definition.
> [29/Dec/2016:01:43:59.100168779 +0000] schema-compat-plugin -
> schema-compat-plugin tree scan will start in about 5 seconds!
> [29/Dec/2016:01:43:59.108366423 +0000] slapd started. Listening on
> All Interfaces port 389 for LDAP requests
> [29/Dec/2016:01:43:59.109788596 +0000] Listening on
> /var/run/slapd-PAKOS-UK.socket for LDAPI requests
> [29/Dec/2016:01:44:04.117095313 +0000] schema-compat-plugin -
> warning: no entries set up under cn=ng, cn=compat,dc=pakos,dc=uk
> [29/Dec/2016:01:44:04.142962437 +0000] schema-compat-plugin -
> warning: no entries set up under cn=computers,
> cn=compat,dc=pakos,dc=uk [29/Dec/2016:01:44:04.164958006 +0000]
> schema-compat-plugin - Finished plugin initialization.
> [29/Dec/2016:01:44:20.113621699 +0000] ipa-topology-plugin -
> ipa_topo_util_get_replica_conf: server configuration missing
> [29/Dec/2016:01:44:20.115517170 +0000] ipa-topology-plugin -
> ipa_topo_util_get_replica_conf: cannot create replica
>
> At this point I trashed ipa01 and tried to re-deploy it again
> using the same commands. The install failed with the following
> error message:
>
> Done configuring directory server (dirsrv). Configuring
> ipa-custodia [1/4]: Generating ipa-custodia config file [2/4]:
> Generating ipa-custodia keys [3/4]: starting ipa-custodia [4/4]:
> configuring ipa-custodia to start on boot Done configuring
> ipa-custodia. Configuring Kerberos KDC (krb5kdc). Estimated time:
> 30 seconds [1/4]: configuring KDC [2/4]: adding the password
> extension to the directory [3/4]: starting the KDC [4/4]:
> configuring KDC to start on boot Done configuring Kerberos KDC
> (krb5kdc). Configuring kadmin [1/2]: starting kadmin [2/2]:
> configuring kadmin to start on boot Done configuring kadmin.
> Configuring ipa_memcached [1/2]: starting ipa_memcached [2/2]:
> configuring ipa_memcached to start on boot Done configuring
> ipa_memcached. Configuring the web interface (httpd). Estimated
> time: 1 minute [1/19]: setting mod_nss port to 443 [2/19]: setting
> mod_nss cipher suite [3/19]: setting mod_nss protocol list to
> TLSv1.0 - TLSv1.2 [4/19]: setting mod_nss password file [5/19]:
> enabling mod_nss renegotiate [6/19]: adding URL rewriting rules
> [7/19]: configuring httpd [8/19]: setting up httpd keytab [9/19]:
> setting up ssl [error] NotFound: no such entry Your system may be
> partly configured. Run /usr/sbin/ipa-server-install --uninstall to
> clean up. ipa.ipapython.install.cli.install_tool(Replica): ERROR
> no such entry ipa.ipapython.install.cli.install_tool(Replica):
> ERROR The ipa-replica-install command failed. See
> /var/log/ipareplica-install.log for more information
>
> Here's the full install log:
> https://files.pakos.uk/ipareplica-install.log.txt
> <https://files.pakos.uk/ipareplica-install.log.txt>
> I've raised this problem on #freeipa channel (many thanks to
> mbasti and ab for their help in investigating this issue with me)
> however we didn't get too far and some further input from dirsrv
> gurus is required here.
>
> [root at ipa01 ipa]# echo $SERVICE HTTP/ipa01.pakos.uk at PAKOS.UK
> <mailto:ipa01.pakos.uk at PAKOS.UK> [root at ipa01 ipa]# echo $DN
> krbprincipalname=HTTP/ipa01.pakos.uk at PAKOS.UK
> <mailto:ipa01.pakos.uk at PAKOS.UK>,cn=services,cn=accounts,dc=pakos,dc=uk
> [root at ipa01 ipa]# ldapsearch -D "cn=Directory Manager" -W -b $DN
> -s sub Enter LDAP Password: # extended LDIF # # LDAPv3 # base
> <krbprincipalname=HTTP/ipa01.pakos.uk at PAKOS.UK
> <mailto:ipa01.pakos.uk at PAKOS.UK>,cn=services,cn=accounts,dc=pakos,dc=uk>
> with scope subtree # filter: (objectclass=*) # requesting: ALL # #
> HTTP/ipa01.pakos.uk at PAKOS.UK <mailto:ipa01.pakos.uk at PAKOS.UK>,
> services, accounts, pakos.uk <http://pakos.uk> dn:
> krbprincipalname=HTTP/ipa01.pakos.uk at PAKOS.UK
> <mailto:ipa01.pakos.uk at PAKOS.UK>,cn=services,cn=accounts,dc=p
> akos,dc=uk krbExtraData::
> AAJS5mRYSFRUUC9pcGEwMS5wYWtvcy51a0BQQUtPUy5VSwA= krbLastPwdChange:
> 20161229103250Z krbPrincipalKey::
> MIHeoAMCAQGhAwIBAaIDAgEBowMCAQGkgccwgcQwaKAbMBmgAwIBBKESBBB5
> NUQyJVZFPGYyMTZAUU0+oUkwR6ADAgESoUAEPiAA1r2NfOUD/7xph6tSb4hg/nTOwIVYhOusG/omq
> a1qMz/ZVA/nn4pct9yNwFxKUGOFOz1suDz0l2Rur2vUMFigGzAZoAMCAQShEgQQOiQnZGE8Nk93V3
> pvJSRLVaE5MDegAwIBEaEwBC4QAJbWI/ipYCPMu9I/jUqL39P0a9WHq8BdW2kpY9kYqsoy7D+A3fP
> LwmAX3lYm objectClass: ipaobject objectClass: ipaservice
> objectClass: krbticketpolicyaux objectClass: ipakrbprincipal
> objectClass: krbprincipal objectClass: krbprincipalaux
> objectClass: pkiuser objectClass: top ipaKrbPrincipalAlias:
> HTTP/ipa01.pakos.uk at PAKOS.UK <mailto:ipa01.pakos.uk at PAKOS.UK>
> krbCanonicalName: HTTP/ipa01.pakos.uk at PAKOS.UK
> <mailto:ipa01.pakos.uk at PAKOS.UK> managedBy: fqdn=ipa01.pakos.uk
> <http://ipa01.pakos.uk>,cn=computers,cn=accounts,dc=pakos,dc=uk
> krbPrincipalName: HTTP/ipa01.pakos.uk at PAKOS.UK
> <mailto:ipa01.pakos.uk at PAKOS.UK> ipaUniqueID:
> 25dc5432-cdb2-11e6-a20e-005056a2f7f5 # search result search: 2
> result: 0 Success # numResponses: 2 # numEntries: 1 [root at ipa01
> ipa]# ldapsearch -D "cn=Directory Manager" -W -b $DN -s sub
> "krbprincipalname=*" Enter LDAP Password: # extended LDIF # #
> LDAPv3 # base <krbprincipalname=HTTP/ipa01.pakos.uk at PAKOS.UK
> <mailto:ipa01.pakos.uk at PAKOS.UK>,cn=services,cn=accounts,dc=pakos,dc=uk>
> with scope subtree # filter: krbprincipalname=* # requesting: ALL
> # # HTTP/ipa01.pakos.uk at PAKOS.UK <mailto:ipa01.pakos.uk at PAKOS.UK>,
> services, accounts, pakos.uk <http://pakos.uk> dn:
> krbprincipalname=HTTP/ipa01.pakos.uk at PAKOS.UK
> <mailto:ipa01.pakos.uk at PAKOS.UK>,cn=services,cn=accounts,dc=p
> akos,dc=uk krbExtraData::
> AAJS5mRYSFRUUC9pcGEwMS5wYWtvcy51a0BQQUtPUy5VSwA= krbLastPwdChange:
> 20161229103250Z krbPrincipalKey::
> MIHeoAMCAQGhAwIBAaIDAgEBowMCAQGkgccwgcQwaKAbMBmgAwIBBKESBBB5
> NUQyJVZFPGYyMTZAUU0+oUkwR6ADAgESoUAEPiAA1r2NfOUD/7xph6tSb4hg/nTOwIVYhOusG/omq
> a1qMz/ZVA/nn4pct9yNwFxKUGOFOz1suDz0l2Rur2vUMFigGzAZoAMCAQShEgQQOiQnZGE8Nk93V3
> pvJSRLVaE5MDegAwIBEaEwBC4QAJbWI/ipYCPMu9I/jUqL39P0a9WHq8BdW2kpY9kYqsoy7D+A3fP
> LwmAX3lYm objectClass: ipaobject objectClass: ipaservice
> objectClass: krbticketpolicyaux objectClass: ipakrbprincipal
> objectClass: krbprincipal objectClass: krbprincipalaux
> objectClass: pkiuser objectClass: top ipaKrbPrincipalAlias:
> HTTP/ipa01.pakos.uk at PAKOS.UK <mailto:ipa01.pakos.uk at PAKOS.UK>
> krbCanonicalName: HTTP/ipa01.pakos.uk at PAKOS.UK
> <mailto:ipa01.pakos.uk at PAKOS.UK> managedBy: fqdn=ipa01.pakos.uk
> <http://ipa01.pakos.uk>,cn=computers,cn=accounts,dc=pakos,dc=uk
> krbPrincipalName: HTTP/ipa01.pakos.uk at PAKOS.UK
> <mailto:ipa01.pakos.uk at PAKOS.UK> ipaUniqueID:
> 25dc5432-cdb2-11e6-a20e-005056a2f7f5 # search result search: 2
> result: 0 Success # numResponses: 2 # numEntries: 1 [root at ipa01
> ipa]# ldapsearch -D "cn=Directory Manager" -W -b $DN -s sub
> "(objectclass=*)" Enter LDAP Password: # extended LDIF # # LDAPv3
> # base <krbprincipalname=HTTP/ipa01.pakos.uk at PAKOS.UK
> <mailto:ipa01.pakos.uk at PAKOS.UK>,cn=services,cn=accounts,dc=pakos,dc=uk>
> with scope subtree # filter: (objectclass=*) # requesting: ALL # #
> HTTP/ipa01.pakos.uk at PAKOS.UK <mailto:ipa01.pakos.uk at PAKOS.UK>,
> services, accounts, pakos.uk <http://pakos.uk> dn:
> krbprincipalname=HTTP/ipa01.pakos.uk at PAKOS.UK
> <mailto:ipa01.pakos.uk at PAKOS.UK>,cn=services,cn=accounts,dc=p
> akos,dc=uk krbExtraData::
> AAJS5mRYSFRUUC9pcGEwMS5wYWtvcy51a0BQQUtPUy5VSwA= krbLastPwdChange:
> 20161229103250Z krbPrincipalKey::
> MIHeoAMCAQGhAwIBAaIDAgEBowMCAQGkgccwgcQwaKAbMBmgAwIBBKESBBB5
> NUQyJVZFPGYyMTZAUU0+oUkwR6ADAgESoUAEPiAA1r2NfOUD/7xph6tSb4hg/nTOwIVYhOusG/omq
> a1qMz/ZVA/nn4pct9yNwFxKUGOFOz1suDz0l2Rur2vUMFigGzAZoAMCAQShEgQQOiQnZGE8Nk93V3
> pvJSRLVaE5MDegAwIBEaEwBC4QAJbWI/ipYCPMu9I/jUqL39P0a9WHq8BdW2kpY9kYqsoy7D+A3fP
> LwmAX3lYm objectClass: ipaobject objectClass: ipaservice
> objectClass: krbticketpolicyaux objectClass: ipakrbprincipal
> objectClass: krbprincipal objectClass: krbprincipalaux
> objectClass: pkiuser objectClass: top ipaKrbPrincipalAlias:
> HTTP/ipa01.pakos.uk at PAKOS.UK <mailto:ipa01.pakos.uk at PAKOS.UK>
> krbCanonicalName: HTTP/ipa01.pakos.uk at PAKOS.UK
> <mailto:ipa01.pakos.uk at PAKOS.UK> managedBy: fqdn=ipa01.pakos.uk
> <http://ipa01.pakos.uk>,cn=computers,cn=accounts,dc=pakos,dc=uk
> krbPrincipalName: HTTP/ipa01.pakos.uk at PAKOS.UK
> <mailto:ipa01.pakos.uk at PAKOS.UK> ipaUniqueID:
> 25dc5432-cdb2-11e6-a20e-005056a2f7f5 # search result search: 2
> result: 0 Success # numResponses: 2 # numEntries: 1
>
> [root at ipa01 ipa]# ldapsearch -D "cn=Directory Manager" -W -b $DN
> -s base Enter LDAP Password: # extended LDIF # # LDAPv3 # base
> <krbprincipalname=HTTP/ipa01.pakos.uk at PAKOS.UK
> <mailto:ipa01.pakos.uk at PAKOS.UK>,cn=services,cn=accounts,dc=pakos,dc=uk>
> with scope baseObject # filter: (objectclass=*) # requesting: ALL
> # # HTTP/ipa01.pakos.uk at PAKOS.UK <mailto:ipa01.pakos.uk at PAKOS.UK>,
> services, accounts, pakos.uk <http://pakos.uk> dn:
> krbprincipalname=HTTP/ipa01.pakos.uk at PAKOS.UK
> <mailto:ipa01.pakos.uk at PAKOS.UK>,cn=services,cn=accounts,dc=p
> akos,dc=uk krbExtraData::
> AAJS5mRYSFRUUC9pcGEwMS5wYWtvcy51a0BQQUtPUy5VSwA= krbLastPwdChange:
> 20161229103250Z krbPrincipalKey::
> MIHeoAMCAQGhAwIBAaIDAgEBowMCAQGkgccwgcQwaKAbMBmgAwIBBKESBBB5
> NUQyJVZFPGYyMTZAUU0+oUkwR6ADAgESoUAEPiAA1r2NfOUD/7xph6tSb4hg/nTOwIVYhOusG/omq
> a1qMz/ZVA/nn4pct9yNwFxKUGOFOz1suDz0l2Rur2vUMFigGzAZoAMCAQShEgQQOiQnZGE8Nk93V3
> pvJSRLVaE5MDegAwIBEaEwBC4QAJbWI/ipYCPMu9I/jUqL39P0a9WHq8BdW2kpY9kYqsoy7D+A3fP
> LwmAX3lYm objectClass: ipaobject objectClass: ipaservice
> objectClass: krbticketpolicyaux objectClass: ipakrbprincipal
> objectClass: krbprincipal objectClass: krbprincipalaux
> objectClass: pkiuser objectClass: top ipaKrbPrincipalAlias:
> HTTP/ipa01.pakos.uk at PAKOS.UK <mailto:ipa01.pakos.uk at PAKOS.UK>
> krbCanonicalName: HTTP/ipa01.pakos.uk at PAKOS.UK
> <mailto:ipa01.pakos.uk at PAKOS.UK> managedBy: fqdn=ipa01.pakos.uk
> <http://ipa01.pakos.uk>,cn=computers,cn=accounts,dc=pakos,dc=uk
> krbPrincipalName: HTTP/ipa01.pakos.uk at PAKOS.UK
> <mailto:ipa01.pakos.uk at PAKOS.UK> ipaUniqueID:
> 25dc5432-cdb2-11e6-a20e-005056a2f7f5 # search result search: 2
> result: 0 Success # numResponses: 2 # numEntries: 1
>
> I must say that this a show stopper for us at WANdisco which is
> holding back the upgrade from FreeIPA 4.2 to FreeIPA 4.4.
> If there is anything else I can do to help with the investigation,
> please just let me know.
> Many thanks in advance.
> --
> Kind regards,
> Peter Pakos
>
> --
> Kind regards,
> Peter Pakos
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20161230/1cef3a3f/attachment.htm>
More information about the Freeipa-users
mailing list