[Freeipa-users] Freeipa-users Digest, Vol 96, Issue 125
Rob Crittenden
rcritten at redhat.com
Thu Jul 21 20:15:27 UTC 2016
mohammad sereshki wrote:
> hi
> I did some changes not I get below werror when I open HTTP service in
> web interface
What changes did you do?
From a previous e-mail the problem is that the CA couldn't validate its
own certificates. This is sometimes an issue with certificate trust. To
look at it run:
# certutil -L -d /var/lib/pki-ca/alias
The auditSigningCert should have a trust of u,u,Pu. If it doesn't you
can fix it with:
# certutil -M -d /var/lib/pki-ca/alias -n 'auditSigningCert cert-pki-ca'
-t u,u,Pu
> Certificate operation cannot be completed: EXCEPTION (Certificate serial
> number 0x276 not found)
Do you have other CA masters (if not you should, but do that once things
are stable)?
rob
>
>
> ------------------------------------------------------------------------
> *From:* "freeipa-users-request at redhat.com"
> <freeipa-users-request at redhat.com>
> *To:* freeipa-users at redhat.com
> *Sent:* Thursday, July 21, 2016 11:38 PM
> *Subject:* Freeipa-users Digest, Vol 96, Issue 125
>
> Send Freeipa-users mailing list submissions to
> freeipa-users at redhat.com <mailto:freeipa-users at redhat.com>
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://www.redhat.com/mailman/listinfo/freeipa-users
> or, via email, send a message with subject or body 'help' to
> freeipa-users-request at redhat.com <mailto:freeipa-users-request at redhat.com>
>
> You can reach the person managing the list at
> freeipa-users-owner at redhat.com <mailto:freeipa-users-owner at redhat.com>
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Freeipa-users digest..."
>
>
> Today's Topics:
>
> 1. Re: regenerate certificate (mohammad sereshki)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Thu, 21 Jul 2016 19:08:16 +0000 (UTC)
> From: mohammad sereshki <mohammadsereshki at yahoo.com
> <mailto:mohammadsereshki at yahoo.com>>
> To: Rob Crittenden <rcritten at redhat.com
> <mailto:rcritten at redhat.com>>, Florence Blanc-Renaud
> <flo at redhat.com <mailto:flo at redhat.com>>, Freeipa-users
> <freeipa-users at redhat.com <mailto:freeipa-users at redhat.com>>
> Subject: Re: [Freeipa-users] regenerate certificate
> Message-ID:
> <1119368990.3296955.1469128096522.JavaMail.yahoo at mail.yahoo.com
> <mailto:1119368990.3296955.1469128096522.JavaMail.yahoo at mail.yahoo.com>>
> Content-Type: text/plain; charset="utf-8"
>
> and this is for catalina.out
>
> SEVERE: A web application created a ThreadLocal with key of type [null]
> (value [com.netscape.cmscore.util.Debug$1 at 39139da8 <mailto:1 at 39139da8>])
> and a
> value of type [java.text.SimpleDateFormat] (value
> [java.text.SimpleDateFormat at d1b317c9
> <mailto:java.text.SimpleDateFormat at d1b317c9>]) but failed to remove it
> when the web appli
> cation was stopped. To prevent a memory leak, the ThreadLocal has been
> forcibly removed.
> Jul 21, 2016 11:10:10 PM org.apache.catalina.loader.WebappClassLoader
> clearThreadLocalMap
> SEVERE: A web application created a ThreadLocal with key of type [null]
> (value [com.netscape.cmscore.util.Debug$1 at 39139da8 <mailto:1 at 39139da8>])
> and a
> value of type [java.text.SimpleDateFormat] (value
> [java.text.SimpleDateFormat at d1b317c9
> <mailto:java.text.SimpleDateFormat at d1b317c9>]) but failed to remove it
> when the web appli
> cation was stopped. To prevent a memory leak, the ThreadLocal has been
> forcibly removed.
> Jul 21, 2016 11:10:11 PM org.apache.coyote.http11.Http11Protocol destroy
> INFO: Stopping Coyote HTTP/1.1 on http-9180
> Jul 21, 2016 11:10:11 PM org.apache.coyote.http11.Http11Protocol destroy
> INFO: Stopping Coyote HTTP/1.1 on http-9443
> Jul 21, 2016 11:10:11 PM org.apache.coyote.http11.Http11Protocol destroy
> INFO: Stopping Coyote HTTP/1.1 on http-9445
> Jul 21, 2016 11:10:11 PM org.apache.coyote.http11.Http11Protocol destroy
> INFO: Stopping Coyote HTTP/1.1 on http-9444
> Jul 21, 2016 11:10:11 PM org.apache.coyote.http11.Http11Protocol destroy
> INFO: Stopping Coyote HTTP/1.1 on http-9446
> Exception in thread "Timer-0" java.lang.NullPointerException
> ??????? at com.netscape.certsrv.apps.CMS.getConfigStore(CMS.java:771)
> ??????? at
> com.netscape.cms.servlet.csadmin.LDAPSecurityDomainSessionTable.getSessionIds(LDAPSecurityDomainSessionTable.java:156)
> ??????? at
> com.netscape.cms.servlet.csadmin.SessionTimer.run(SessionTimer.java:33)
> ??????? at java.util.TimerThread.mainLoop(Timer.java:555)
> ??????? at java.util.TimerThread.run(Timer.java:505)
> Jul 21, 2016 11:10:43 PM org.apache.catalina.core.AprLifecycleListener init
> INFO: The APR based Apache Tomcat Native library which allows optimal
> performance in production environments was not found on the
> java.library.path:
> /usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib
> Jul 21, 2016 11:10:43 PM org.apache.coyote.http11.Http11Protocol init
> INFO: Initializing Coyote HTTP/1.1 on http-9180
> Warning: SSL ECC cipher "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"
> unsupported by NSS. This is probably O.K. unless ECC support has been
> installed.
> Warning: SSL ECC cipher "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"
> unsupported by NSS. This is probably O.K. unless ECC support has been
> installed.
> :
>
>
>
> From: mohammad sereshki <mohammadsereshki at yahoo.com
> <mailto:mohammadsereshki at yahoo.com>>
> To: Rob Crittenden <rcritten at redhat.com <mailto:rcritten at redhat.com>>;
> Florence Blanc-Renaud <flo at redhat.com <mailto:flo at redhat.com>>;
> Freeipa-users <freeipa-users at redhat.com <mailto:freeipa-users at redhat.com>>
> Sent: Thursday, July 21, 2016 11:36 PM
> Subject: Re: [Freeipa-users] regenerate certificate
>
> and below is for selftests.log
>
> 3971.main - [21/Jul/2016:16:20:13 IRDT] [20] [1] SelfTestSubsystem:
> Running self test plugins specified to be executed at startup:
> 3971.main - [21/Jul/2016:16:20:13 IRDT] [20] [1] CAPresence:? CA is present
> 3971.main - [21/Jul/2016:16:20:13 IRDT] [20] [1]
> SystemCertsVerification: system certs verification failure
> 3971.main - [21/Jul/2016:16:20:13 IRDT] [20] [1] SelfTestSubsystem: The
> CRITICAL self test plugin called
> selftests.container.instance.SystemCertsVerification running at startup
> FAILED!
> 1523.main - [21/Jul/2016:23:10:45 IRDT] [20] [1] SelfTestSubsystem:
> Initializing self test plugins:
> 1523.main - [21/Jul/2016:23:10:45 IRDT] [20] [1] SelfTestSubsystem:?
> loading all self test plugin logger parameters
> 1523.main - [21/Jul/2016:23:10:45 IRDT] [20] [1] SelfTestSubsystem:?
> loading all self test plugin instances
> 1523.main - [21/Jul/2016:23:10:45 IRDT] [20] [1] SelfTestSubsystem:?
> loading all self test plugin instance parameters
> 1523.main - [21/Jul/2016:23:10:45 IRDT] [20] [1] SelfTestSubsystem:?
> loading self test plugins in on-demand order
> 1523.main - [21/Jul/2016:23:10:45 IRDT] [20] [1] SelfTestSubsystem:?
> loading self test plugins in startup order
> 1523.main - [21/Jul/2016:23:10:45 IRDT] [20] [1] SelfTestSubsystem: Self
> test plugins have been successfully loaded!
> 1523.main - [21/Jul/2016:23:10:46 IRDT] [20] [1] SelfTestSubsystem:
> Running self test plugins specified to be executed at startup:
> 1523.main - [21/Jul/2016:23:10:46 IRDT] [20] [1] CAPresence:? CA is present
> 1523.main - [21/Jul/2016:23:10:46 IRDT] [20] [1]
> SystemCertsVerification: system certs verification failure
> 1523.main - [21/Jul/2016:23:10:46 IRDT] [20] [1] SelfTestSubsystem: The
> CRITICAL self test plugin called
> selftests.container.instance.SystemCertsVerification running at startup
> FAILED!
> (END)
>
>
>
> From: mohammad sereshki <mohammadsereshki at yahoo.com
> <mailto:mohammadsereshki at yahoo.com>>
> To: Rob Crittenden <rcritten at redhat.com <mailto:rcritten at redhat.com>>;
> Florence Blanc-Renaud <flo at redhat.com <mailto:flo at redhat.com>>;
> Freeipa-users <freeipa-users at redhat.com <mailto:freeipa-users at redhat.com>>
> Sent: Thursday, July 21, 2016 11:34 PM
> Subject: Re: [Freeipa-users] regenerate certificate
>
> hiI find below in debug file under /var/log/pki-cawhat is your comment?
>
> 21/Jul/2016:23:13:42][TP-Processor3]: according to ccMode, authorization
> for servlet: caDisplayBySerial is LD
> AP based, not XML {1}, use default authz mgr: {2}.
> [21/Jul/2016:23:15:44][Timer-0]: CMSEngine: getPasswordStore(): password
> store initialized before.
> [21/Jul/2016:23:15:44][Timer-0]: CMSEngine: getPasswordStore(): password
> store initialized.
> [21/Jul/2016:23:15:44][Timer-0]: CMSEngine: getPasswordStore(): password
> store initialized before.
> [21/Jul/2016:23:15:44][Timer-0]: CMSEngine: getPasswordStore(): password
> store initialized.
> [21/Jul/2016:23:20:44][Timer-0]: CMSEngine: getPasswordStore(): password
> store initialized before.
> [21/Jul/2016:23:20:44][Timer-0]: CMSEngine: getPasswordStore(): password
> store initialized.
> [21/Jul/2016:23:20:44][Timer-0]: CMSEngine: getPasswordStore(): password
> store initialized before.
> [21/Jul/2016:23:20:44][Timer-0]: CMSEngine: getPasswordStore(): password
> store initialized.
> [21/Jul/2016:23:20:45][CertStatusUpdateThread]: About to start
> updateCertStatus
> [21/Jul/2016:23:20:45][CertStatusUpdateThread]: Starting
> updateCertStatus (entered lock)
>
>
>
> From: Rob Crittenden <rcritten at redhat.com
> <mailto:rcritten at redhat.com>>
> To: mohammad sereshki <mohammadsereshki at yahoo.com
> <mailto:mohammadsereshki at yahoo.com>>; Florence Blanc-Renaud
> <flo at redhat.com <mailto:flo at redhat.com>>; Freeipa-users
> <freeipa-users at redhat.com <mailto:freeipa-users at redhat.com>>
> Sent: Thursday, July 21, 2016 11:21 PM
> Subject: Re: [Freeipa-users] regenerate certificate
>
> mohammad sereshki wrote:
> > hi
> > would you please explain more
> > ?
>
> Your CA (dogtag) is not running. The CA is written in java and deployed
> as a WAR in tomcat. If something goes wrong during initialization the CA
> will exit but tomcat will not.
>
> Requests to the CA are returning 404 Not Found because the application
> is not running in dogtag.
>
> You need to look at the logs in /var/log/pki-ca to see what is going on.
>
> I'd start with selftests.log then move onto catalina.out and debug.
>
> rob
>
> >
> >
> > ------------------------------------------------------------------------
> > *From:* Rob Crittenden <rcritten at redhat.com <mailto:rcritten at redhat.com>>
> > *To:* mohammad sereshki <mohammadsereshki at yahoo.com
> <mailto:mohammadsereshki at yahoo.com>>; Florence
> > Blanc-Renaud <flo at redhat.com <mailto:flo at redhat.com>>; Freeipa-users
> <freeipa-users at redhat.com <mailto:freeipa-users at redhat.com>>
> > *Sent:* Thursday, July 21, 2016 11:09 PM
> > *Subject:* Re: [Freeipa-users] regenerate certificate
> >
> > mohammad sereshki wrote:
> >? > hi
> >? > it is result of command, seems issue is another thing
> >? >
> >? >
> >? >? ipa cert-show 1
> >? > ipa: ERROR: Certificate operation cannot be completed: Unable to
> >? > communicate with CMS (Not Found)
> >
> > Which means that the CA still isn't up. You're going to need to look at
> > the dogtag logs in /var/log/pki*. debug is probably the place to start.
> >
> > rob
> >
> >? >
> >? >
> >? >
> >? >
> ------------------------------------------------------------------------
> >? > *From:* Rob Crittenden <rcritten at redhat.com
> <mailto:rcritten at redhat.com> <mailto:rcritten at redhat.com
> <mailto:rcritten at redhat.com>>>
> >? > *To:* mohammad sereshki <mohammadsereshki at yahoo.com
> <mailto:mohammadsereshki at yahoo.com>
> > <mailto:mohammadsereshki at yahoo.com
> <mailto:mohammadsereshki at yahoo.com>>>; Florence
> >? > Blanc-Renaud <flo at redhat.com <mailto:flo at redhat.com>
> <mailto:flo at redhat.com <mailto:flo at redhat.com>>>; Freeipa-users
> > <freeipa-users at redhat.com <mailto:freeipa-users at redhat.com>
> <mailto:freeipa-users at redhat.com <mailto:freeipa-users at redhat.com>>>
> >? > *Sent:* Thursday, July 21, 2016 8:08 PM
> >? > *Subject:* Re: [Freeipa-users] regenerate certificate
> >? >
> >? > mohammad sereshki wrote:
> >? >? > dear
> >? >? > thanks, but would you please check below and let me know what
> is your
> >? >? > idea?I checked your command but it did not work.
> >? >
> >? > The Not Found suggests that the CA is not up. I'd try restarting the
> >? > pki-cad process to see if that helps.
> >? >
> >? > A simple test that communication is working is: ipa cert-show 1
> >? >
> >? > The output isn't important as long as it isn't an error.
> >? >
> >? > rob
> >? >
> >? >
> >? >? >
> >? >? >
> >? >? >
> >? >? > Number of certificates and requests being tracked: 8.
> >? >? > Request ID '20140817123525':
> >? >? >? ? ? ? ? status: MONITORING
> >? >? >? ? ? ? ? ca-error: Unable to determine principal name for signing
> >? > request.
> >? >? >? ? ? ? ? stuck: no
> >? >? >? ? ? ? ? key paCOM storage:
> >? >? >
> type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS
> >? >? > Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
> >? >? >? ? ? ? ? certificate:
> >? >? >
> type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS
> >? >? > Certificate DB'
> >? >? >? ? ? ? ? CA: IPA
> >? >? >? ? ? ? ? issuer: CN=Certificate Authority,O=EXAMPLE.COM
> >? >? >? ? ? ? ? subject: CN=IPA RA,O=EXAMPLE.COM
> >? >? >? ? ? ? ? expCOMes: 2018-06-30 07:56:06 UTC
> >? >? >? ? ? ? ? eku: id-kp-serverAuth,id-kp-clientAuth
> >? >? >? ? ? ? ? pre-save command:
> >? >? >? ? ? ? ? post-save command: /usr/lib64/ipa/certmonger/renew_ra_cert
> >? >? >? ? ? ? ? track: yes
> >? >? >? ? ? ? ? auto-renew: yes
> >? >? > Request ID '20140817123534':
> >? >? >? ? ? ? ? status: CA_UNREACHABLE
> >? >? >? ? ? ? ? ca-error: Server failed request, will retry: 4301 (RPC
> failed
> >? >? > at server.? Certificate operation cannot be completed: Unable to
> >? >? > communicate with CMS (Not Found)).
> >? >? >? ? ? ? ? stuck: yes
> >? >? >? ? ? ? ? key paCOM storage:
> >? >? >
> >? >
> >
> type=NSSDB,location='/etc/dCOMsrv/slapd-EXAMPLE.-COM',nickname='Server-Cert',token='NSS
> >? >? > Certificate
> DB',pinfile='/etc/dCOMsrv/slapd-EXAMPLE.-COM/pwdfile.txt'
> >? >? >? ? ? ? ? certificate:
> >? >? >
> >? >
> >
> type=NSSDB,location='/etc/dCOMsrv/slapd-EXAMPLE.-COM',nickname='Server-Cert',token='NSS
> >? >? > Certificate DB'
> >? >? >? ? ? ? ? CA: IPA
> >? >? >? ? ? ? ? issuer: CN=Certificate Authority,O=EXAMPLE.COM
> >? >? >? ? ? ? ? subject: CN=ipatestsrv.EXAMPLE.COM,O=EXAMPLE.COM
> >? >? >? ? ? ? ? expCOMes: 2016-08-17 12:35:34 UTC
> >? >? >? ? ? ? ? eku: id-kp-serverAuth,id-kp-clientAuth
> >? >? >? ? ? ? ? pre-save command:
> >? >? >? ? ? ? ? post-save command:
> /usr/lib64/ipa/certmonger/restart_dCOMsrv
> >? >? > EXAMPLE.-COM
> >? >? >? ? ? ? ? track: yes
> >? >? >? ? ? ? ? auto-renew: yes
> >? >? > Request ID '20140817123602':
> >? >? >? ? ? ? ? status: CA_UNREACHABLE
> >? >? >? ? ? ? ? ca-error: Server failed request, will retry: 4301 (RPC
> failed
> >? >? > at server.? Certificate operation cannot be completed: Unable to
> >? >? > communicate with CMS (Not Found)).
> >? >? >? ? ? ? ? stuck: yes
> >? >? >? ? ? ? ? key paCOM storage:
> >? >? >
> >? >
> >
> type=NSSDB,location='/etc/dCOMsrv/slapd-PKI-IPA',nickname='Server-Cert',token='NSS
> >? >? > Certificate DB',pinfile='/etc/dCOMsrv/slapd-PKI-IPA/pwdfile.txt'
> >? >? >? ? ? ? ? certificate:
> >? >? >
> >? >
> >
> type=NSSDB,location='/etc/dCOMsrv/slapd-PKI-IPA',nickname='Server-Cert',token='NSS
> >? >? > Certificate DB'
> >? >? >? ? ? ? ? CA: IPA
> >? >? >? ? ? ? ? issuer: CN=Certificate Authority,O=EXAMPLE.COM
> >? >? >? ? ? ? ? subject: CN=ipatestsrv.EXAMPLE.COM,O=EXAMPLE.COM
> >? >? >? ? ? ? ? expCOMes: 2016-08-17 12:36:02 UTC
> >? >? >? ? ? ? ? eku: id-kp-serverAuth,id-kp-clientAuth
> >? >? >? ? ? ? ? pre-save command:
> >? >? >? ? ? ? ? post-save command:
> /usr/lib64/ipa/certmonger/restart_dCOMsrv
> >? >? > PKI-IPA
> >? >? >? ? ? ? ? track: yes
> >? >? >? ? ? ? ? auto-renew: yes
> >? >? > Request ID '20140817123752':
> >? >? >? ? ? ? ? status: CA_UNREACHABLE
> >? >? >? ? ? ? ? ca-error: Server failed request, will retry: 4301 (RPC
> failed
> >? >? > at server.? Certificate operation cannot be completed: Unable to
> >? >? > communicate with CMS (Not Found)).
> >? >? >? ? ? ? ? stuck: yes
> >? >? >? ? ? ? ? key paCOM storage:
> >? >? >
> > type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS
> >? >? > Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
> >? >? >? ? ? ? ? certificate:
> >? >? >
> > type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS
> >? >? > Certificate DB'
> >? >? >? ? ? ? ? CA: IPA
> >? >? >? ? ? ? ? issuer: CN=Certificate Authority,O=EXAMPLE.COM
> >? >? >? ? ? ? ? subject: CN=ipatestsrv.EXAMPLE.COM,O=EXAMPLE.COM
> >? >? >? ? ? ? ? expCOMes: 2016-08-17 12:37:51 UTC
> >? >? >? ? ? ? ? eku: id-kp-serverAuth,id-kp-clientAuth
> >? >? >? ? ? ? ? pre-save command:
> >? >? >? ? ? ? ? post-save command: /usr/lib64/ipa/certmonger/restart_httpd
> >? >? >? ? ? ? ? track: yes
> >? >? >? ? ? ? ? auto-renew: yes
> >? >? > You have new mail in /var/spool/mail/root
> >? >? >
> >? >? >
> >? >? >
> > ------------------------------------------------------------------------
> >? >? > *From:* Florence Blanc-Renaud <flo at redhat.com
> <mailto:flo at redhat.com>
> > <mailto:flo at redhat.com <mailto:flo at redhat.com>>
> <mailto:flo at redhat.com <mailto:flo at redhat.com> <mailto:flo at redhat.com
> <mailto:flo at redhat.com>>>>
> >? >? > *To:* mohammad sereshki <mohammadsereshki at yahoo.com
> <mailto:mohammadsereshki at yahoo.com>
> > <mailto:mohammadsereshki at yahoo.com <mailto:mohammadsereshki at yahoo.com>>
> >? > <mailto:mohammadsereshki at yahoo.com <mailto:mohammadsereshki at yahoo.com>
> > <mailto:mohammadsereshki at yahoo.com
> <mailto:mohammadsereshki at yahoo.com>>>>; Freeipa-users
> >? >? > <freeipa-users at redhat.com <mailto:freeipa-users at redhat.com>
> <mailto:freeipa-users at redhat.com <mailto:freeipa-users at redhat.com>>
> > <mailto:freeipa-users at redhat.com <mailto:freeipa-users at redhat.com>
> <mailto:freeipa-users at redhat.com <mailto:freeipa-users at redhat.com>>>>
> >
> >? >? > *Sent:* Thursday, July 21, 2016 11:30 AM
> >? >? > *Subject:* Re: [Freeipa-users] regenerate certificate
> >? >? >
> >? >? > On 07/20/2016 10:04 PM, mohammad sereshki wrote:
> >? >? >? > hi
> >? >? >? > I check my IPA server which is version ipa-server-3.0.0-25 ,
> > command
> >? >? >? > "ipa-get-cert list" show, my certificate will be expired in next
> >? > 20 days,
> >? >? >? > I do not know how to regenerate them
> >? >? >? > but command "getcert list" shows epirtion certificates are
> related
> >? > just
> >? >? >? > to "CA:IPA" and certificate " CA: dogtag-ipa-renew-agent" ,? has
> >? > enough
> >? >? >? > time .
> >? >? >? > would you please help me to know how to regenerate CA:IPA
> >? > certificates?
> >? >? >? >
> >? >? >? > Best Regards
> >? >? >? >
> >? >? >? >
> >? >? >? >
> >? >? >
> >? >? > Hi Mohammad,
> >? >? >
> >? >? > the certificates issued by IPA CA are normally tracked by
> > certmonger and
> >? >? > automatically renewed when they are near their expiration date. To
> > make
> >? >? > sure that your certificates are tracked, you can issue
> >? >? >
> >? >? > $ ipa-getcert list
> >? >? >
> >? >? > and check the "status:" field for each certificate. It should
> display
> >? >? > "MONITORING".
> >? >? >
> >? >? > If you want to manually renew them, you must note their request
> ID and
> >? >? > use the command
> >? >? > $ ipa-getcert resubmit -i $REQUEST_ID
> >? >? >
> >? >? > Hope this helps,
> >? >? > Flo.
> >? >? >
> >? >? >
> >? >? >
> >? >? >
> >? >? >
> >? >
> >? >
> >? >
> >
> >
> >
>
>
>
>
>
>
>
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> <https://www.redhat.com/archives/freeipa-users/attachments/20160721/ef74f106/attachment.html>
>
> ------------------------------
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com <mailto:Freeipa-users at redhat.com>
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
> End of Freeipa-users Digest, Vol 96, Issue 125
> **********************************************
>
>
>
>
More information about the Freeipa-users
mailing list