<html dir="ltr"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> </head> <body fpstyle="1" ocsi="0"> <div style="direction: ltr;font-family: Tahoma;color: #000000;font-size: 10pt;">Tried that, on a new environment this time. <div>First on the secured Solaris box but did not get so much information, most by port 636.</div> <div>I only have NFS 4 enabled as alternative on both IPA Server and on Solaris with port 2049 open TCP/UDP.</div> <div>All ports defined for IPA Server opened, both TCP and UDP (and a bunch more for kerberos error checking)</div> <div>I get the same delay on the Solaris with default DUAProfile as with secure DUAprofile</div> <div><br> </div> <div>I used snoop on the Solaris machine.</div> <div>On the Solaris configured with the default DUAProfile i managed to get this (spam varning):</div> <div>First with iptables enabled on IPA Server (server.home.hup):</div> <div> <div><br> </div> <div> 9 0.00562 solaris1.home.hup -> server.home.hup LDAP C port=45876 Search Request derefAlways</div> <div> 10 0.00072 server.home.hup -> solaris1.home.hup LDAP R port=45876 Search ResDone Success</div> <div> 11 0.00069 solaris1.home.hup -> server.home.hup LDAP C port=45876 Search Request derefAlways</div> <div> 12 0.00060 server.home.hup -> solaris1.home.hup LDAP R port=45876 Search ResDone No Such Object</div> <div> 13 0.00016 solaris1.home.hup -> server.home.hup LDAP C port=45876 Search Request derefAlways</div> <div> 14 0.00053 server.home.hup -> solaris1.home.hup LDAP R port=45876 Search ResDone No Such Object</div> <div> 15 0.00427 solaris1.home.hup -> server.home.hup TCP D=2049 S=1022 Syn Seq=202740719 Len=0 Win=32804 Options=<mss 1460,sackOK,tstamp 78545 0,nop,wscale 5></div> <div> 16 0.00018 server.home.hup -> solaris1.home.hup TCP D=1022 S=2049 Syn Ack=202740720 Seq=26969365 Len=0 Win=14480 Options=<mss 1460,sackOK,tstamp 537585245 78545,nop,wscale 7></div> <div> 17 0.00001 solaris1.home.hup -> server.home.hup TCP D=2049 S=1022 Ack=26969366 Seq=202740720 Len=0 Win=32806 Options=<nop,nop,tstamp 78545 537585245></div> <div> 18 0.00006 solaris1.home.hup -> server.home.hup NFS C 4 (access ) PUTFH FH=6D78 ACCESS rd,lk,mo,ext,dl GETATTR 10011a b0a23a</div> <div> 19 0.00023 server.home.hup -> solaris1.home.hup TCP D=1022 S=2049 Ack=202740900 Seq=26969366 Len=0 Win=122 Options=<nop,nop,tstamp 537585246 78545></div> <div> 20 0.00014 server.home.hup -> solaris1.home.hup NFS R 4 (access ) NFS4_OK PUTFH NFS4_OK ACCESS NFS4_OK Supp=rd,lk,mo,ext,dl Allow=rd,lk,mo,ext,dl GETATTR NFS4_OK</div> <div> 21 0.00001 solaris1.home.hup -> server.home.hup TCP D=2049 S=1022 Ack=26969618 Seq=202740900 Len=0 Win=32806 Options=<nop,nop,tstamp 78545 537585246></div> <div> 22 0.00371 solaris1.home.hup -> server.home.hup NFS C 4 (lookup ) PUTFH FH=6D78 SAVEFH LOOKUP .hushlogin GETFH GETATTR 10011a b0a23a RESTOREFH NVERIFY GETATTR 1001...</div> <div> 23 0.00045 server.home.hup -> solaris1.home.hup NFS R 4 (lookup ) NFS4ERR_NOENT PUTFH NFS4_OK SAVEFH NFS4_OK LOOKUP NFS4ERR_NOENT</div> <div> 24 0.00001 solaris1.home.hup -> server.home.hup TCP D=2049 S=1022 Ack=26969694 Seq=202741156 Len=0 Win=32806 Options=<nop,nop,tstamp 78546 537585250></div> <div> 25 0.00863 solaris1.home.hup -> server.home.hup DNS C server.home.hup. Internet AAAA ?</div> <div> 26 0.00180 server.home.hup -> solaris1.home.hup DNS R</div> <div> 27 0.00006 solaris1.home.hup -> server.home.hup DNS C server.home.hup.home.hup. Internet AAAA ?</div> <div> 28 0.00155 server.home.hup -> solaris1.home.hup DNS R Error: 3(Name Error)</div> <div> 29 0.00006 solaris1.home.hup -> server.home.hup DNS C server.home.hup. Internet Addr ?</div> <div> 30 0.00038 server.home.hup -> solaris1.home.hup DNS R server.home.hup. Internet Addr 192.168.0.111</div> <div> 31 0.00045 solaris1.home.hup -> server.home.hup PORTMAP C GETPORT prog=100011 (RQUOTA) vers=1 proto=UDP</div> <div> 32 0.00041 server.home.hup -> solaris1.home.hup PORTMAP R GETPORT port=875</div> <div> 33 0.00007 solaris1.home.hup -> server.home.hup RQUOTA C GETACTIVE Uid=27200004 Path=/nethome/user02</div> <div> 34 0.00026 server.home.hup -> solaris1.home.hup ICMP Destination unreachable (Host administratively prohibited)</div> <div> 35 0.03349 solaris1.home.hup -> server.home.hup LDAP C port=45876</div> <div><br> </div> <div> 69 0.32692 solaris1.home.hup -> server.home.hup RQUOTA C GETACTIVE Uid=27200004 Path=/nethome/user02 (retransmit)</div> <div> 70 0.00036 server.home.hup -> solaris1.home.hup ICMP Destination unreachable (Host administratively prohibited)</div> <div><br> </div> <div> 82 0.06871 server.home.hup -> * ARP C Who is 192.168.0.210, solaris1.home.hup ?</div> <div> 83 0.00001 solaris1.home.hup -> server.home.hup ARP R 192.168.0.210, solaris1.home.hup is 8:0:27:1c:dc:a8</div> <div><br> </div> <div> 85 0.00202 solaris1.home.hup -> server.home.hup NFS C 4 (lookup ) PUTFH FH=6D78 SAVEFH LOOKUP .profile GETFH GETATTR 10011a b0a23a RESTOREFH NVERIFY GETATTR 10011a...</div> <div> 86 0.00041 server.home.hup -> solaris1.home.hup NFS R 4 (lookup ) NFS4ERR_NOENT PUTFH NFS4_OK SAVEFH NFS4_OK LOOKUP NFS4ERR_NOENT</div> <div> 87 0.00009 solaris1.home.hup -> server.home.hup NFS C 4 (lookup valid) PUTFH FH=6D78 NVERIFY GETATTR 10011a b0a23a ACCESS rd,lk,mo,ext,dl LOOKUP .profile GETFH GETATTR ...</div> <div> 88 0.00041 server.home.hup -> solaris1.home.hup NFS R 4 (lookup valid) NFS4ERR_SAME PUTFH NFS4_OK NVERIFY NFS4ERR_SAME</div> <div> 89 0.00081 solaris1.home.hup -> server.home.hup NFS C 4 (lookup ) PUTFH FH=6D78 SAVEFH LOOKUP .kshrc GETFH GETATTR 10011a b0a23a RESTOREFH NVERIFY GETATTR 10011a b...</div> <div> 90 0.00032 server.home.hup -> solaris1.home.hup NFS R 4 (lookup ) NFS4ERR_NOENT PUTFH NFS4_OK SAVEFH NFS4_OK LOOKUP NFS4ERR_NOENT</div> <div> 91 0.00017 solaris1.home.hup -> server.home.hup NFS C 4 (access ) PUTFH FH=6993 ACCESS rd,mo,ext,exc GETATTR 10011a b0a23a</div> <div> 92 0.00030 server.home.hup -> solaris1.home.hup NFS R 4 (access ) NFS4_OK PUTFH NFS4_OK ACCESS NFS4_OK Supp=rd,mo,ext,exc Allow=rd,mo,ext GETATTR NFS4_OK</div> <div> 93 0.00008 solaris1.home.hup -> server.home.hup NFS C 4 (open ) PUTFH FH=6D78 OPEN .sh_history OT=NC SQ=4 CT=N AC=RW DN=N OO=0012 GETFH GETATTR 10011a b0a23a</div> <div> 94 0.00036 server.home.hup -> solaris1.home.hup NFS R 4 (open ) NFS4ERR_EXPIRED PUTFH NFS4_OK OPEN NFS4ERR_EXPIRED</div> <div> 95 0.00009 solaris1.home.hup -> server.home.hup NFS C 4 (setclientid ) PUTROOTFH GETATTR 400 0 SETCLIENTID Prog=1073741824 ID=tcp Addr=127.0.0.1.204.217 CBID=1073741824</div> <div> 96 0.00043 server.home.hup -> solaris1.home.hup NFS R 4 (setclientid ) NFS4_OK PUTROOTFH NFS4_OK GETATTR NFS4_OK SETCLIENTID NFS4_OK CL=b05de503f000000 CFV=1948E0503E000000</div> <div> 97 0.00004 solaris1.home.hup -> server.home.hup NFS C 4 (sclntid_conf) SETCLIENTID_CONFIRM CL=b05de503f000000 CFV=1948E0503E000000</div> <div> 98 0.00031 server.home.hup -> solaris1.home.hup NFS R 4 (sclntid_conf) NFS4_OK SETCLIENTID_CONFIRM NFS4_OK</div> <div> 99 0.00592 solaris1.home.hup -> server.home.hup NFS C 4 (open ) PUTFH FH=6D78 OPEN .sh_history OT=NC SQ=5 CT=N AC=RW DN=N OO=0012 GETFH GETATTR 10011a b0a23a</div> <div>100 0.00040 server.home.hup -> solaris1.home.hup NFS R 4 (open ) NFS4_OK PUTFH NFS4_OK OPEN NFS4_OK ST=110C:0 RF=CF,PL DT=N GETFH NFS4_OK FH=6993 GETATTR NFS4_OK</div> <div>101 0.00006 solaris1.home.hup -> server.home.hup NFS C 4 (open_confirm) PUTFH FH=6993 OPEN_CONFIRM SQ=6 OST=110C:0</div> <div>102 0.02607 server.home.hup -> solaris1.home.hup NFS R 4 (open_confirm) NFS4_OK PUTFH NFS4_OK OPEN_CONFIRM NFS4_OK OST=110C:1</div> <div>103 0.00015 solaris1.home.hup -> server.home.hup NFS C 4 (read ) PUTFH FH=6993 READ ST=110C:1 at 0 for 4096</div> <div>104 0.00049 server.home.hup -> solaris1.home.hup NFS R 4 (read ) NFS4_OK PUTFH NFS4_OK READ NFS4_OK (388 bytes) EOF</div> </div> <div><br> </div> <div>And then without any iptables on the IPA Server:</div> <div><br> </div> <div> <div> 9 0.00342 solaris1.home.hup -> server.home.hup LDAP C port=45876 Search Request derefAlways</div> <div> 10 0.00098 server.home.hup -> solaris1.home.hup LDAP R port=45876 Search ResDone Success</div> <div> 11 0.00198 solaris1.home.hup -> server.home.hup LDAP C port=45876 Search Request derefAlways</div> <div> 12 0.00092 server.home.hup -> solaris1.home.hup LDAP R port=45876 Search ResDone Success</div> <div> 13 0.00028 solaris1.home.hup -> server.home.hup LDAP C port=45876 Search Request derefAlways</div> <div> 14 0.00049 server.home.hup -> solaris1.home.hup LDAP R port=45876 Search ResDone Success</div> <div> 15 0.00059 solaris1.home.hup -> server.home.hup LDAP C port=45876 Search Request derefAlways</div> <div> 16 0.00051 server.home.hup -> solaris1.home.hup LDAP R port=45876 Search ResDone No Such Object</div> <div> 17 0.00018 solaris1.home.hup -> server.home.hup LDAP C port=45876 Search Request derefAlways</div> <div> 18 0.00064 server.home.hup -> solaris1.home.hup LDAP R port=45876 Search ResDone Success</div> <div> 19 0.00023 solaris1.home.hup -> server.home.hup LDAP C port=45876 Search Request derefAlways</div> <div> 20 0.00046 server.home.hup -> solaris1.home.hup LDAP R port=45876 Search ResDone No Such Object</div> <div> 21 0.00555 solaris1.home.hup -> server.home.hup LDAP C port=45876 Search Request derefAlways</div> <div> 22 0.00071 server.home.hup -> solaris1.home.hup LDAP R port=45876 Search ResDone Success</div> <div> 23 0.00019 solaris1.home.hup -> server.home.hup LDAP C port=45876 Search Request derefAlways</div> <div> 24 0.00054 server.home.hup -> solaris1.home.hup LDAP R port=45876 Search ResDone Success</div> <div> 25 0.00988 solaris1.home.hup -> server.home.hup DNS C server.home.hup. Internet Addr ?</div> <div> 26 0.00151 server.home.hup -> solaris1.home.hup DNS R server.home.hup. Internet Addr 192.168.0.111</div> <div> 27 0.00041 solaris1.home.hup -> server.home.hup TCP D=2049 S=41914 Syn Seq=115340402 Len=0 Win=64240 Options=<mss 1460,sackOK,tstamp 42991 0,nop,wscale 1></div> <div> 28 0.00020 server.home.hup -> solaris1.home.hup TCP D=41914 S=2049 Syn Ack=115340403 Seq=1993365625 Len=0 Win=14480 Options=<mss 1460,sackOK,tstamp 537229802 42991,nop,wscale 7></div> <div> 29 0.00001 solaris1.home.hup -> server.home.hup TCP D=2049 S=41914 Ack=1993365626 Seq=115340403 Len=0 Win=64436 Options=<nop,nop,tstamp 42991 537229802></div> <div> 30 0.00012 solaris1.home.hup -> server.home.hup NFS C NULL4</div> <div> 31 0.00019 server.home.hup -> solaris1.home.hup TCP D=41914 S=2049 Ack=115340447 Seq=1993365626 Len=0 Win=114 Options=<nop,nop,tstamp 537229802 42991></div> <div> 32 0.00000 server.home.hup -> solaris1.home.hup NFS R NULL4</div> <div> 33 0.00002 solaris1.home.hup -> server.home.hup TCP D=2049 S=41914 Ack=1993365654 Seq=115340447 Len=0 Win=64436 Options=<nop,nop,tstamp 42991 537229803></div> <div> 34 0.00013 solaris1.home.hup -> server.home.hup TCP D=2049 S=41914 Fin Ack=1993365654 Seq=115340447 Len=0 Win=64436 Options=<nop,nop,tstamp 42991 537229803></div> <div> 35 0.00018 server.home.hup -> solaris1.home.hup TCP D=41914 S=2049 Fin Ack=115340448 Seq=1993365654 Len=0 Win=114 Options=<nop,nop,tstamp 537229803 42991></div> <div> 36 0.00000 solaris1.home.hup -> server.home.hup TCP D=2049 S=41914 Ack=1993365655 Seq=115340448 Len=0 Win=64436 Options=<nop,nop,tstamp 42991 537229803></div> <div> 37 0.00094 solaris1.home.hup -> server.home.hup TCP D=2049 S=41351 Syn Seq=115473283 Len=0 Win=64240 Options=<mss 1460,sackOK,tstamp 42991 0,nop,wscale 1></div> <div> 38 0.00026 server.home.hup -> solaris1.home.hup TCP D=41351 S=2049 Syn Ack=115473284 Seq=2502274248 Len=0 Win=14480 Options=<mss 1460,sackOK,tstamp 537229804 42991,nop,wscale 7></div> <div> 39 0.00002 solaris1.home.hup -> server.home.hup TCP D=2049 S=41351 Ack=2502274249 Seq=115473284 Len=0 Win=64436 Options=<nop,nop,tstamp 42991 537229804></div> <div> 40 0.00008 solaris1.home.hup -> server.home.hup NFS C NULL4</div> <div> 41 0.00024 server.home.hup -> solaris1.home.hup TCP D=41351 S=2049 Ack=115473328 Seq=2502274249 Len=0 Win=114 Options=<nop,nop,tstamp 537229804 42991></div> <div> 42 0.00000 server.home.hup -> solaris1.home.hup NFS R NULL4</div> <div> 43 0.00002 solaris1.home.hup -> server.home.hup TCP D=2049 S=41351 Ack=2502274277 Seq=115473328 Len=0 Win=64436 Options=<nop,nop,tstamp 42991 537229804></div> <div> 44 0.00006 solaris1.home.hup -> server.home.hup TCP D=2049 S=41351 Fin Ack=2502274277 Seq=115473328 Len=0 Win=64436 Options=<nop,nop,tstamp 42991 537229804></div> <div> 45 0.00019 server.home.hup -> solaris1.home.hup TCP D=41351 S=2049 Fin Ack=115473329 Seq=2502274277 Len=0 Win=114 Options=<nop,nop,tstamp 537229805 42991></div> <div> 46 0.00000 solaris1.home.hup -> server.home.hup TCP D=2049 S=41351 Ack=2502274278 Seq=115473329 Len=0 Win=64436 Options=<nop,nop,tstamp 42991 537229805></div> <div> 47 0.03045 solaris1.home.hup -> server.home.hup LDAP C port=45876</div> <div> 48 0.04452 solaris1.home.hup -> server.home.hup TCP D=2049 S=1023 Syn Seq=115627513 Len=0 Win=32804 Options=<mss 1460,sackOK,tstamp 42999 0,nop,wscale 5></div> <div> 49 0.00023 server.home.hup -> solaris1.home.hup TCP D=1023 S=2049 Syn Ack=115627514 Seq=609303438 Len=0 Win=14480 Options=<mss 1460,sackOK,tstamp 537229880 42999,nop,wscale 7></div> <div> 50 0.00003 solaris1.home.hup -> server.home.hup TCP D=2049 S=1023 Ack=609303439 Seq=115627514 Len=0 Win=32806 Options=<nop,nop,tstamp 42999 537229880></div> <div> 51 0.00009 solaris1.home.hup -> server.home.hup NFS C 4 (secinfo ) PUTROOTFH LOOKUP nethome SECINFO user02</div> <div> 52 0.00018 server.home.hup -> solaris1.home.hup TCP D=1023 S=2049 Ack=115627658 Seq=609303439 Len=0 Win=122 Options=<nop,nop,tstamp 537229881 42999></div> <div> 53 0.00030 server.home.hup -> solaris1.home.hup NFS R 4 (secinfo ) NFS4_OK PUTROOTFH NFS4_OK LOOKUP NFS4_OK SECINFO NFS4_OK AUTH_SYS RPCSEC_GSS RPCSEC_GSS RPCSEC_GSS</div> <div> 54 0.00001 solaris1.home.hup -> server.home.hup TCP D=2049 S=1023 Ack=609303607 Seq=115627658 Len=0 Win=32806 Options=<nop,nop,tstamp 42999 537229881></div> <div> 55 0.00057 solaris1.home.hup -> server.home.hup NFS C 4 (mount ) PUTROOTFH GETFH LOOKUP nethome GETFH GETATTR c8000167 0 LOOKUP user02 GETFH GETATTR c8000167 0 OP...</div> <div> 56 0.00033 server.home.hup -> solaris1.home.hup NFS R 4 (mount ) NFS4ERR_NOTSUPP PUTROOTFH NFS4_OK GETFH NFS4_OK FH=0015 LOOKUP NFS4_OK GETFH NFS4_OK FH=458E GETATTR NFS4_OK LOOK...</div> <div> 57 0.00001 solaris1.home.hup -> server.home.hup TCP D=2049 S=1023 Ack=609303975 Seq=115627874 Len=0 Win=32806 Options=<nop,nop,tstamp 42999 537229882></div> <div> 58 0.00734 solaris1.home.hup -> server.home.hup NFS C 4 (setclientid ) PUTROOTFH GETATTR 400 0 SETCLIENTID Prog=1073741824 ID=tcp Addr=127.0.0.1.204.217 CBID=1073741824</div> <div> 59 0.00041 server.home.hup -> solaris1.home.hup NFS R 4 (setclientid ) NFS4_OK PUTROOTFH NFS4_OK GETATTR NFS4_OK SETCLIENTID NFS4_OK CL=b05de503e000000 CFV=A246E0503D000000</div> <div> 60 0.00011 solaris1.home.hup -> server.home.hup NFS C 4 (sclntid_conf) SETCLIENTID_CONFIRM CL=b05de503e000000 CFV=A246E0503D000000</div> <div> 61 0.00028 server.home.hup -> solaris1.home.hup NFS R 4 (sclntid_conf) NFS4_OK SETCLIENTID_CONFIRM NFS4_OK</div> <div> 62 0.00707 solaris1.home.hup -> server.home.hup NFS C 4 (fsinfo ) PUTFH FH=6D78 GETATTR 20e00000 1c00</div> <div> 63 0.00037 server.home.hup -> solaris1.home.hup NFS R 4 (fsinfo ) NFS4_OK PUTFH NFS4_OK GETATTR NFS4_OK</div> <div> 64 0.00870 solaris1.home.hup -> server.home.hup NFS C 4 (getattr ) PUTFH FH=6D78 GETATTR 10011a b0a23a</div> <div> 65 0.00028 server.home.hup -> solaris1.home.hup NFS R 4 (getattr ) NFS4_OK PUTFH NFS4_OK GETATTR NFS4_OK</div> <div> 66 0.01016 solaris1.home.hup -> server.home.hup NFS C 4 (access ) PUTFH FH=6D78 ACCESS rd,lk,mo,ext,dl GETATTR 10011a b0a23a</div> <div> 67 0.00029 server.home.hup -> solaris1.home.hup NFS R 4 (access ) NFS4_OK PUTFH NFS4_OK ACCESS NFS4_OK Supp=rd,lk,mo,ext,dl Allow=rd,lk,mo,ext,dl GETATTR NFS4_OK</div> <div> 68 0.00353 solaris1.home.hup -> server.home.hup NFS C 4 (lookup ) PUTFH FH=6D78 SAVEFH LOOKUP .hushlogin GETFH GETATTR 10011a b0a23a RESTOREFH NVERIFY GETATTR 1001...</div> <div> 69 0.00031 server.home.hup -> solaris1.home.hup NFS R 4 (lookup ) NFS4ERR_NOENT PUTFH NFS4_OK SAVEFH NFS4_OK LOOKUP NFS4ERR_NOENT</div> <div> 70 0.00830 solaris1.home.hup -> server.home.hup PORTMAP C GETPORT prog=100011 (RQUOTA) vers=1 proto=UDP</div> <div> 71 0.00041 server.home.hup -> solaris1.home.hup PORTMAP R GETPORT port=875</div> <div> 72 0.00041 solaris1.home.hup -> server.home.hup RQUOTA C GETACTIVE Uid=27200004 Path=/nethome/user02</div> <div> 73 0.00051 server.home.hup -> solaris1.home.hup RQUOTA R GETACTIVE No quota</div> <div> 74 0.01358 solaris1.home.hup -> server.home.hup LDAP C port=45876 Search Request derefAlways</div> <div> 75 0.00058 server.home.hup -> solaris1.home.hup LDAP R port=45876 Search ResDone Success</div> <div> 76 0.00082 solaris1.home.hup -> server.home.hup LDAP C port=45876 Search Request derefAlways</div> <div><br> </div> <div> 78 0.00002 server.home.hup -> solaris1.home.hup LDAP R port=45876 Search ResDone Success</div> <div> </div> <div> 80 0.00018 solaris1.home.hup -> server.home.hup LDAP C port=45876 Search Request derefAlways</div> <div> 81 0.00038 server.home.hup -> solaris1.home.hup LDAP R port=45876 Search ResDone Success</div> <div> 82 0.00149 solaris1.home.hup -> server.home.hup LDAP C port=45876 Search Request derefAlways</div> <div> 83 0.00017 solaris1.home.hup -> server.home.hup NFS C 4 (lookup ) PUTFH FH=6D78 SAVEFH LOOKUP .profile GETFH GETATTR 10011a b0a23a RESTOREFH NVERIFY GETATTR 10011a...</div> <div> 84 0.00016 server.home.hup -> solaris1.home.hup LDAP R port=45876 Search ResDone Success</div> <div> 85 0.00006 server.home.hup -> solaris1.home.hup NFS R 4 (lookup ) NFS4ERR_NOENT PUTFH NFS4_OK SAVEFH NFS4_OK LOOKUP NFS4ERR_NOENT</div> <div> 86 0.00023 solaris1.home.hup -> server.home.hup NFS C 4 (lookup valid) PUTFH FH=6D78 NVERIFY GETATTR 10011a b0a23a ACCESS rd,lk,mo,ext,dl LOOKUP .profile GETFH GETATTR ...</div> <div> 87 0.00028 server.home.hup -> solaris1.home.hup NFS R 4 (lookup valid) NFS4ERR_SAME PUTFH NFS4_OK NVERIFY NFS4ERR_SAME</div> <div> 88 0.13450 solaris1.home.hup -> server.home.hup TCP D=2049 S=1023 Ack=609304987 Seq=115629546 Len=0 Win=32806 Options=<nop,nop,tstamp 43019 537229948></div> <div> 89 0.00005 solaris1.home.hup -> server.home.hup LDAP C port=45876</div> <div> 90 0.00391 solaris1.home.hup -> server.home.hup NFS C 4 (lookup ) PUTFH FH=6D78 SAVEFH LOOKUP .kshrc GETFH GETATTR 10011a b0a23a RESTOREFH NVERIFY GETATTR 10011a b...</div> <div> 91 0.00025 server.home.hup -> solaris1.home.hup NFS R 4 (lookup ) NFS4ERR_NOENT PUTFH NFS4_OK SAVEFH NFS4_OK LOOKUP NFS4ERR_NOENT</div> <div> 92 0.00071 solaris1.home.hup -> server.home.hup NFS C 4 (lookup ) PUTFH FH=6D78 SAVEFH LOOKUP .sh_history GETFH GETATTR 10011a b0a23a RESTOREFH NVERIFY GETATTR 100...</div> <div> </div> <div> 94 0.00026 server.home.hup -> solaris1.home.hup NFS R 4 (lookup ) NFS4_OK PUTFH NFS4_OK SAVEFH NFS4_OK LOOKUP NFS4_OK GETFH NFS4_OK FH=6993 GETATTR NFS4_OK RESTOREFH NFS4_...</div> <div> 95 0.00043 solaris1.home.hup -> server.home.hup LDAP C port=45876 Search Request derefAlways</div> <div> 96 0.00062 server.home.hup -> solaris1.home.hup LDAP R port=45876 Search ResDone Success</div> <div> 97 0.00094 solaris1.home.hup -> server.home.hup NFS C 4 (access ) PUTFH FH=6993 ACCESS rd,mo,ext,exc GETATTR 10011a b0a23a</div> <div> 98 0.00026 server.home.hup -> solaris1.home.hup NFS R 4 (access ) NFS4_OK PUTFH NFS4_OK ACCESS NFS4_OK Supp=rd,mo,ext,exc Allow=rd,mo,ext GETATTR NFS4_OK</div> <div> 99 0.00005 solaris1.home.hup -> server.home.hup NFS C 4 (open ) PUTFH FH=6D78 OPEN .sh_history OT=NC SQ=1 CT=N AC=RW DN=N OO=0012 GETFH GETATTR 10011a b0a23a</div> <div>100 0.00037 server.home.hup -> solaris1.home.hup NFS R 4 (open ) NFS4_OK PUTFH NFS4_OK OPEN NFS4_OK ST=1103:0 RF=CF,PL DT=N GETFH NFS4_OK FH=6993 GETATTR NFS4_OK</div> <div>101 0.00004 solaris1.home.hup -> server.home.hup NFS C 4 (open_confirm) PUTFH FH=6993 OPEN_CONFIRM SQ=2 OST=1103:0</div> <div>102 0.01161 server.home.hup -> solaris1.home.hup NFS R 4 (open_confirm) NFS4_OK PUTFH NFS4_OK OPEN_CONFIRM NFS4_OK OST=1103:1</div> <div>103 0.00017 solaris1.home.hup -> server.home.hup NFS C 4 (read ) PUTFH FH=6993 READ ST=1103:1 at 0 for 4096</div> <div>104 0.00035 server.home.hup -> solaris1.home.hup NFS R 4 (read ) NFS4_OK PUTFH NFS4_OK READ NFS4_OK (382 bytes) EOF</div> <div><br> </div> <div>106 0.04916 solaris1.home.hup -> server.home.hup TCP D=2049 S=1023 Ack=609306715 Seq=115630838 Len=0 Win=32806 Options=<nop,nop,tstamp 43027 537230103></div> <div>107 0.00008 solaris1.home.hup -> server.home.hup LDAP C port=45876</div> <div><br> </div> <div>Regards,</div> <div>Johan.</div> <div style="font-family: Times New Roman; color: #000000; font-size: 16px"> <hr tabindex="-1"> <div id="divRpF205146" style="direction: ltr;"><font face="Tahoma" size="2" color="#000000"><b>From:</b> Sigbjorn Lie [sigbjorn@nixtra.com]<br> <b>Sent:</b> Friday, December 28, 2012 15:08<br> <b>To:</b> Johan Petersson<br> <b>Cc:</b> freeipa-users@redhat.com<br> <b>Subject:</b> RE: [Freeipa-users] Does Solaris 11 work as client to IPA server?<br> </font><br> </div> <div></div> <div><style type="text/css" id="owaParaStyle">  </style>How about enabling the firewall, and use tcpdump on the ipa server or snoop on the Solaris box to see where it stops and waits? <br> <br> <br> Rgds<br> Siggi<br> <br> <div class="gmail_quote">Johan Petersson <Johan.Petersson@sscspace.com> wrote: <blockquote class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex; border-left:1px solid rgb(204,204,204); padding-left:1ex"> <div style="direction:ltr; font-family:Tahoma; color:#000000; font-size:10pt"> <div style="direction:ltr; font-family:Tahoma; color:#000000; font-size:10pt">Forgot to add the ports opened in my last message. :) <div><br> </div> <div>22 TCP</div> <div>80 TCP</div> <div>443 TCP</div> <div>389 TCP</div> <div>636 TCP</div> <div>7389 TCP</div> <div>88 TCP,UDP</div> <div>464 TCP,UDP</div> <div>53 TCP,UDP</div> <div>123 TCP,UDP</div> <div>111 TCP,UDP</div> <div>2049 TCP,UDP</div> <div><br> </div> <div>Also tried 749,750 and everything kerberos related from Solaris /etc/services.</div> <div>Solaris.example.com and solaris2.example.com is same machine, just typo from me when editing the log for publishing.</div> <div><br> </div> <div>Regards,</div> <div>Johan</div> <div><br> </div> <div><br> </div> <div><br> <div style="font-family:Times New Roman; color:#000000; font-size:16px"> <hr tabindex="-1"> <div id="divRpF25322" style="direction:ltr"><font face="Tahoma" size="2" color="#000000"><b>From:</b> freeipa-users-bounces@redhat.com [freeipa-users-bounces@redhat.com] on behalf of Johan Petersson [Johan.Petersson@sscspace.com]<br> <b>Sent:</b> Friday, December 28, 2012 13:40<br> <b>To:</b> Sigbjorn Lie<br> <b>Cc:</b> freeipa-users@redhat.com<br> <b>Subject:</b> Re: [Freeipa-users] Does Solaris 11 work as client to IPA server?<br> </font><br> </div> <div></div> <div> <div style="direction:ltr; font-family:Tahoma; color:#000000; font-size:10pt">Hi, <div><br> </div> <div>I am getting these messages in my log when setting all instances of pam_krb5.so.1 debug in /etc/pam.d/other, /etc/pam.d/login:</div> <div><br> </div> <div> <div>Dec 28 12:59:12 solaris.example.com su: [ID 737709 auth.error] unable to open connection to ADMIN server (t_error 13)</div> <div>Dec 28 12:59:12 solaris2.example.com su: [ID 436431 auth.error] PAM-KRB5-AUTOMIGRATE (auth): Error while doing kadm5_init_with_skey: Communication failure with server</div> <div><br> </div> <div>If i disable the firewall on my IPA Server everything works as fast as it should so clearly a firewall issue with iptables.</div> <div>However, i have all the ports enabled and Red Hat clients works with the firewall on.</div> <div>Clearly Solaris is using some secret other port(s) that is not mentioned.</div> <div>I have tried with 749 and 750 tcp and udp with no difference.</div> <div><br> </div> <div>Regards,</div> <div>Johan.</div> <div><br> </div> <div style="font-family:Times New Roman; color:#000000; font-size:16px"> <hr tabindex="-1"> <div id="divRpF511369" style="direction:ltr"><font face="Tahoma" size="2" color="#000000"><b>From:</b> Sigbjorn Lie [sigbjorn@nixtra.com]<br> <b>Sent:</b> Wednesday, December 26, 2012 18:56<br> <b>To:</b> Johan Petersson<br> <b>Cc:</b> freeipa-users@redhat.com<br> <b>Subject:</b> RE: [Freeipa-users] Does Solaris 11 work as client to IPA server?<br> </font><br> </div> <div></div> <div>Cool. :)<br> <br> What do you see if you turn on pam debugging by touching /etc/pam_debug and enabling debug logging in the syslog daemon?<br> <br> <br> Rgds<br> Siggi<br> <br> <div class="gmail_quote">Johan Petersson <Johan.Petersson@sscspace.com> wrote: <blockquote class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex; border-left:1px solid rgb(204,204,204); padding-left:1ex"> <div style="direction:ltr; font-family:Tahoma; color:#000000; font-size:10pt">Of course it was a simple thing like replacing auto.nethome with auto_nethome that worked. <div>Thank you for that help!</div> <div>I did not even think that it was that simple. :)</div> <div><br> </div> <div>Now everything works for the more secure client configuration on Solaris 11.</div> <div>The only thing left to investigate is why there is a delay now for the IPA users.</div> <div>I get the message : Your Kerberos account/password will expire in 89 days quickly but then it waits for about 20 seconds until i get a prompt.</div> <div><br> </div> <div>Regards,</div> <div>Johan.</div> <div style="font-family:Times New Roman; color:#000000; font-size:16px"> <hr tabindex="-1"> <div id="divRpF170230" style="direction:ltr"><font face="Tahoma" size="2" color="#000000"><b>From:</b> Sigbjorn Lie [sigbjorn@nixtra.com]<br> <b>Sent:</b> Wednesday, December 26, 2012 17:10<br> <b>To:</b> Johan Petersson<br> <b>Cc:</b> freeipa-users@redhat.com<br> <b>Subject:</b> RE: [Freeipa-users] Does Solaris 11 work as client to IPA server?<br> </font><br> </div> <div></div> <div>What is the name of the other maps besides auto.master? You should use _ instead of . for any additional maps when you need Solaris autofs compatibility. This also need to be reflected in the auto.master.<br> <br> The Linux automounter does not care about . or _ as long as the naming is consistent between the additional maps and auto.master. The default for Linux is auto.master with a . and auto_master for Solaris. Hence the auto.master mapping in the Solaris dua profile.<br> <br> <br> Rgds<br> Siggi<br> <br> <div class="gmail_quote">Johan Petersson <Johan.Petersson@sscspace.com> wrote: <blockquote class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex; border-left:1px solid rgb(204,204,204); padding-left:1ex"> <pre style="white-space:pre-wrap; word-wrap:break-word; font-family:sans-serif; margin-top:0px">Got everything except automount to work with Solaris 11 and the more secure DUAProfile.<br>Verified that i can manually mount with krb5 on Solaris 11, ssh, su and console login works (as well as expected with no home directory) and automount map works for Red Hat clients.<br>I have now tried with another directory for users (/nethome) since when trying with /home autofs made local users unavailable. They are automounted locally to /home/ from /export/home/ on Solaris for some strange reason and autofs then tried finding local users home directories on the NFS Server :)<br><br>root@solaris2:~# ldapclient list<br>NS_LDAP_FILE_VERSION= 2.0<br>NS_LDAP_BINDDN= uid=solaris,cn=sysaccounts,cn=etc,dc=example,dc=org<br>NS_LDAP_BINDPASSWD= {XXX}XXXXXXXXXXXXXX<br>NS_LDAP_SERVERS= <a href="http://server.example.org" target="_blank">server.example.org</a><br>NS_LDAP_SEARCH_BAS EDN= dc=example,dc=org<br>NS_LDAP_AUTH= tls:simple<br>NS_LDAP_SEARCH_REF= TRUE<br>NS_LDAP_SEARCH_SCOPE= one<br>NS_LDAP_SEARCH_TIME= 10<br>NS_LDAP_CACHETTL= 6000<br>NS_LDAP_PROFILE= solaris_authssl1<br>NS_LDAP_CREDENTIAL_LEVEL= proxy<br>NS_LDAP_SERVICE_SEARCH_DESC= passwd:cn=users,cn=accounts,dc=example,dc=org<br>NS_LDAP_SERVICE_SEARCH_DESC= group:cn=groups,cn=compat,dc=example,dc=org<br>NS_LDAP_SERVICE_SEARCH_DESC= netgroup:cn=ng,cn=compat,dc=example,dc=org<br>NS_LDAP_SERVICE_SEARCH_DESC= ethers:cn=computers,cn=accounts,dc=example,dc=org<br>NS_LDAP_SERVICE_SEARCH_DESC= automount:cn=default,cn=automount,dc=example,dc=org<br>NS_LDAP_SERVICE_SEARCH_DESC= auto_master:automountMapName=auto.master,cn=default,cn=automount,dc=example,dc=org<br>NS_LDAP_SERVICE_SEARCH_DESC= aliases:ou=aliases,ou=test,dc=example,dc=org<br>NS_LDAP_SERVICE_SEARCH_DESC= printers:ou=printers,ou=test,dc=example,dc=org<br>NS_LDAP_BIND_TIME= 5<br>NS_LDAP_OBJECTCLASSMAP= shadow:shadowAccount=posixAccount<br>NS_LDAP_OBJECTCLASSMAP= printers:sunPrinter=printerService<br><br>root@solaris2:~# sharectl get autofs<br>timeout=600<br>automount_verbose=true<br>automountd_verbose=true<br>nobrowse=false<br>trace=2<br>environment=<br><br>From /var/svc/log/system-filesystem-autofs\:default.log:<br><br>t4 LOOKUP REQUEST: Wed Dec 26 12:28:43 2012<br>t4 name=user02[] map=auto.nethome opts= path=/nethome direct=0<br>t4 getmapent_ldap called<br>t4 getmapent_ldap: key=[ user02 ]<br>t4 ldap_match called<br>t4 ldap_match: key =[ user02 ]<br>t4 ldap_match: ldapkey =[ user02 ]<br>t4 ldap_match: Requesting list for (&(objectClass=automount)(automountKey=user02)) in auto.nethome<br>t4 ldap_match: __ns_ldap_list FAILED (2)<br>t4 ldap_match: no entries found<br>t4 ldap_match called<br>t4 ldap_match: key =[ \2a ]<br>t4 ldap_match: ldapkey =[ \2a ]<br>t4 ldap_match: Requesting list for (&(objectClass=automount)(automountKey=\2a)) in auto.nethome<br>t4 ldap_match: __ns_ldap_list FAILED (2)<br>t4 ldap_match: no entries found<br>t4 getmapent_ldap: exiting ...<br>t4 do_lookup1: action=2 wildcard=FALSE error=2<br>t4 LOOKUP REPLY : status=2<br>The automount map is called auto.nethome<br>key is: * -rw,soft <a href="http://server.example.org" target="_blank">server.example.org</a>:/nethome/&<br><br>Is it that Solaris automount dont like asterisk(*) in a automount key?<br><br>Regards,<br>Johan.<br><hr><br>From: Sigbjorn Lie [sigbjorn@nixtra.com]<br>Sent: Thursday, December 20, 2012 15:20<br>To: Johan Petersson<br>Cc: freeipa-users@redhat.com<br>Subject: RE: [Freeipa-users] Does Solaris 11 work as client to IPA server?<br><br>Thanks.<br><br>I'm guessing it's taking such a long time because it's looking trough the entire LDAP server for<br>your automount maps. The automountmap rules in the DUA profile will help w ith that. You'll also<br>run into issues if you attempt to have several automount locations without having specified which<br>one to use with a automountmap rule for auto master.<br><br>If you are using NFS4 you should add the _nfsv4idmapdomain dns TXT record to your DNS or set<br>NFSMAPID_DOMAIN in /etc/default/nfs to the same value as the domain id used on your NFS server to<br>get rid of the nobody:nobody default mapping and enable mapping between the NFS server and the<br>client.<br><br><br><br>Regards,<br>Siggi<br><br><br><br><br>On Thu, December 20, 2012 13:40, Johan Petersson wrote:<br><blockquote class="gmail_quote" style="margin:0pt 0pt 1ex 0.8ex; border-left:1px solid #729fcf; padding-left:1ex">Hi,<br><br><br>Here is my pamconf cleaned up a bit.<br><br><br>login auth requisite pam_authtok_<a href="http://get.so" target="_blank">get.so</a>.1 login auth required<br>pam_<a href="http://dhkeys.so" target="_blank">dhkeys.so&l t; /a>.1 login auth sufficien t pam_</a><a href="http://krb5.so" target="_blank">krb5.so</a>.1 try_first_pass login auth required<br>pam_unix_<a href="http://cred.so" target="_blank">cred.so</a>1 login auth required pam_unix_<a href="http://auth.so" target="_blank">auth.so</a>.1 login auth required<br>pam_dial_<a href="http://auth.so" target="_blank">auth.so</a>.1<br><br>gdm-autologin auth required pam_unix_<a href="http://cred.so" target="_blank">cred.so</a>1 gdm-autologin auth sufficient pam_<a href="http://allow.so" target="_blank">allow.so</a>.1<br><br>other auth requisite pam_authtok_<a href="http://get.so" target="_blank">get.so</a>..1 other auth required<br>pam_<a href="http://dhkeys.so" target="_blank">dhkeys.so</a>.1 other auth required pam_unix_<a href="http://cred.so" target="_blank">cred.so</a>.1 other auth sufficient<br>pam_<a href="http://krb5.so" target="_blank">krb5.so</a>.1 other auth required pam_unix_<a href="http://auth.so" target="_blank">auth..so</a>.1<br><br>passwd auth required pam_passwd_<a href="http://auth.so" target="_blank">auth.so</a>.1<br><br>gdm-autologin account suffici ent pam_<a href="http://allowso" target="_blank">allow.so</a>.1<br><br>other account requisite pam_<a href="http://roles.so" target="_blank">roles.so</a>.1 other account required<br>pam_unix_<a href="http://account.so" target="_blank">account.so</a>.1 other account required pam_<a href="http://krb5.so" target="_blank">krb5.so</a>.1<br><br>other session required pam_unix_<a href="http://session.so" target="_blank">session.so</a>.1<br><br>other password required pam_<a href="http://dhkeys.so" target="_blank">dhkeys.so</a>.1 other password requisite<br>pam_authtok_<a href="http://get.so" target="_blank">get.so</a>.1<br><br>other password requisite pam_authtok_<a href="http://check.so" target="_blank">check.so</a>.1 force_check other password sufficient<br>pam_krb5.so1 other password required pam_authtok_<a href="http://store.so" target="_blank">store.so</a>.1<br><br>I am getting one error and it is for autofs.<br><br><br>/var/adm/messages:<br>Dec 20 12:56:58 servername automount[1651]: [ID 754625 daemon.error] Object not found<br><br><br>/var/svc/log/system.filesystem-autofs:default.log:<br>[ Dec 20 12:24:22 Executing start method ("/lib/svc/method/svc-autofs start"). ]<br>automount: /net mounted<br>automount: /nfs4 mounted<br>automount: no unmounts<br>[ Dec 20 12:24:22 Method "start" exited with status 0. ]<br><br><br>ldapclient list NS_LDAP_FILE_VERSION= 2.0<br>NS_LDAP_SERVERS= servername<br>NS_LDAP_SEARCH_BASEDN= dc=home<br>NS_LDAP_AUTH= none<br>NS_LDAP_SEARCH_REF= TRUE<br>NS_LDAP_SEARCH_TIME= 15<br>NS_LDAP_PROFILE= default<br>NS_LDAP_SERVICE_SEARCH_DESC= passwd:cn=users,cn=accounts,dc=home<br>NS_LDAP_SERVICE_SEARCH_DESC= group:cn=groups,cn=compat,dc=home<br>NS_LDAP_BIND_TIME= 5<br>NS_LDAP_OBJECTCLASSMAP= shadow:shadowAccount=posixAccount<br><br><br>Thinking it has to do with missing automountmap in default DUAProfile.<br>Automount still works though but takes time during login and everything is nobody:nobody :)<br><br><br><hr><br>From: Sigbjorn Lie [sigbjorn@nixtra.com]<br>Sent: Thursday, December 20, 2012 10:13<br>To: Johan Petersson<br>Cc: freeipa-users@redhat.com<br>Subject: Re: [Freeipa-users] Does Solaris 11 work as client to IPA server?<br><br><br>Hi,<br><br><br>This is interesting. When I tested Solaris 11 ssh worked, and su - testuser worked. However<br>console login did not work giving some PAM errors.<br><br>Could you please share your entire pam.conf file?<br><br><br>Is this Solaris 11 or Solaris 11.1?<br><br><br><br><br>Regards,<br>Siggi<br><br><br><br><br>On Thu, December 20, 2012 09:40, Johan Petersson wrote:<br><br><blockquote class="gmail_quote" style="margin:0pt 0pt 1ex 0.8ex; border-left:1px solid #ad7fa8; padding-left:1ex">I have now managed to use a Solaris 11 system as a client to IPA Server.<br>su - testuser works ssh works and console login works. I get a delay before getting the prompt<br>through ssh though and maybe from console t oo, probably something about autofs Going to see if<br>i can increase loginformation (Solaris newbie). To get it to work i mainly followed Sigbjorn<br>Lie's<br>instructions for Solaris 10 in earlier posts here. I also used the /etc/pam.conf configuration<br>example from the Solaris 10 client guide on Free IPA. I stuck with the default DUAProfile for<br>now and use a NFS4 Kerberos share for home directories with autofs. Going to try the other<br>DUAProfile<br>too from Bug 815515 and hopefully i can get everything working.<br><br><hr><br>From: freeipa-users-bounces@redhat.com [freeipa-users-bounces@redhat.com] on behalf of Dmitri<br>Pal<br>[dpal@redhat.com]<br>Sent: Tuesday, December 18, 2012 17:50<br>To: freeipa-users@redhat.com<br>Subject: Re: [Freeipa-users] Does Solaris 11 work as client to IPA server?<br><br><br><br>On 12/18/2012 04:06 AM, Sigbjorn Lie wrote:<br><br><br><blockquote class="gmail_quote" style="margin:0pt 0pt 1ex 0.8 ex; border-left:1px solid #8ae234; padding-left:1ex">On Tue, December 18, 2012 08:28, Johan Petersson wrote:<br><br><br><blockquote class="gmail_quote" style="margin:0pt 0pt 1ex 0.8ex; border-left:1px solid #fcaf3e; padding-left:1ex">Hi,<br><br><br><br><br>We are implementing IPA Server and are gong to need to be able to authenticate properly<br>with a number of Solaris 11 servers. I have browsed the archives and found a few threads<br>mentioning some problems with Solaris 11 and IPA Server. Does anyone know if the issue have<br>been solved?</blockquote><br><br>I don't think there is any problems with Solaris 11 except of nobody has yet sat down and<br>figured out how to configure it as an IPA client yet.<br><br>I had a got at it a while ago (some of the posts you've probably found), and found that there<br>was enough differences in the LDAP/Kerberos client between Solaris 10 and Solaris 11 for<br>making it work with the setup guide I've created for Solaris 10. And there was a need for<br>further investigation for finding out how to configure Solaris 11 as an IPA client.<br><br>I've not looked into this further as we do not use Solaris 11 yet.<br><br><br><br>I don't know if anyone else has had time to sit down and have a crack at this?</blockquote><br><br><br>And we would like to hear about this effort.<br>If it produces instructions we would like to put them on the wiki.<br>If it produces bugs we would investigate them.<br><br><br><br><br><br><blockquote class="gmail_quote" style="margin:0pt 0pt 1ex 0.8ex; border-left:1px solid #8ae234; padding-left:1ex">Regards,<br>Siggi<br><br><br><br><br><hr><br>Freeipa-users mailing list<br>Freeipa-users@redhat.com<br><br><br><a href="https://www.redhat.com/mailman/listinfo/freeipa-users" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a></blockquote><br><br><br><br>--<br>Thank y ou,<br>Dmi tri Pal<br><br><br><br>Sr. Engineering Manager for IdM portfolio<br>Red Hat Inc...<br><br><br><br><br><hr><br>Looking to carve out IT costs?<br><a href="http://www.redhat.com/carveoutcosts" target="_blank">www.redhat.com/carveoutcosts</a>/<br><br><br><br><hr><br>Freeipa-users mailing list<br>Freeipa-users@redhat.com<br><a href="https://www.redhat.com/mailman/listinfo/freeipa-users" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a><br><br><br><br><hr><br>Freeipa-users mailing list<br>Freeipa-users@redhat.com<br><a href="https://www.redhat.com/mailman/listinfo/freeipa-users" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a></blockquote><br><br><br><br><br><br><br><br></blockquote></pre> </blockquote> </div> <br> </div> </div> </div> </blockquote> </div> <br> </div> </div> </div> </div> </div> </div> </div> </div> </div> </blockquote> </div> <br> -- <br> Sent from my Android phone with K-9 Mail. Please excuse my brevity.</div> </div> </div> </div> </body> </html>