Hello, I already tested that and I have the same error.
Thanks & Regards. ______________________________ -----Original Message----- From: Florence Blanc-Renaud <f...@redhat.com> Sent: Friday, January 10, 2020 13:06 To: SOLER SANGUESA Miguel <sol...@unicc.org>; FreeIPA users list <freeipa-users@lists.fedorahosted.org> Subject: Re: [Freeipa-users] Problem adding a RHEL 8.1 client Hi, can you try to run the following on the client: $ update-crypto-policies --set LEGACY then retry the client install? (This is a workaround described in https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Faccess.redhat.com%2Farticles%2F3642912&data=02%7C01%7Csolerm%40unicc.org%7C4895772460b64be3239908d795c57a07%7Ca33def5739f8400593ede80266830257%7C0%7C0%7C637142547701419753&sdata=7EWJKZ0U8flYUKF%2BwwqufAukrkmViT4pNc04EZ4YQvM%3D&reserved=0. RHEL8 enables less ciphersuites and protocols) flo On 1/10/20 12:49 PM, SOLER SANGUESA Miguel wrote: > Seems that I have found the problem. It is TLSv1.3, I have tried to connect > with TLSv1.2 and connection was OK: > [root@client01 ~]# openssl s_client -connect server2.ipa.unicc.org:636 > -tls1_2 ... > Client Certificate Types: RSA sign, ECDSA sign, DSA sign Requested > Signature Algorithms: > ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ECDSA+SHA1:RSA-PSS+SHA256:RSA-P > SS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:RSA+SHA1:DSA > +SHA256:DSA+SHA384:DSA+SHA512:DSA+SHA1 > Shared Requested Signature Algorithms: > ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ECDSA+SHA1:RSA-PSS+SHA256:RSA-P > SS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:RSA+SHA1:DSA > +SHA256:DSA+SHA384:DSA+SHA512:DSA+SHA1 > Peer signing digest: SHA256 > Peer signature type: RSA-PSS > Server Temp Key: X25519, 253 bits > --- > SSL handshake has read 2694 bytes and written 339 bytes Verification > error: self signed certificate in certificate chain > --- > New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key > is 2048 bit Secure Renegotiation IS supported > Compression: NONE > Expansion: NONE > No ALPN negotiated > SSL-Session: > Protocol : TLSv1.2 > Cipher : ECDHE-RSA-AES256-GCM-SHA384 > Session-ID: > B1CA329B2A6E4B33F8850112EDCE76273A47C407526C4CC6497FAF05322031C2 > Session-ID-ctx: > Master-Key: > 0443C4A385C5445DB9B17CA6C6C463B686EBA71D60C451276970AE0892C574E19B899FCB653840E1DA7C0B0E1458FF65 > PSK identity: None > PSK identity hint: None > SRP username: None > Start Time: 1578655322 > Timeout : 7200 (sec) > Verify return code: 19 (self signed certificate in certificate chain) > Extended master secret: no > --- > > Do you know why it is not working with TLSv1.3 and how can I fix it? I have > still no luck with adding the server to IDM. > I have followed the workaround described here: > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugz > illa.redhat.com%2Fshow_bug.cgi%3Fid%3D1685470&data=02%7C01%7Csoler > m%40unicc.org%7C4895772460b64be3239908d795c57a07%7Ca33def5739f8400593e > de80266830257%7C0%7C0%7C637142547701419753&sdata=i5Oxh5gvxpf29%2F8 > EJMuYpIbCuCW8xu9f%2B%2Bkw9b42TTY%3D&reserved=0 > > now if I test the connection with: > openssl s_client -connect server2.ipa.unicc.org:636 > > It connects using TLSv1.2, but it still not working the join to IDM. > > Thanks & Regards. > > > -----Original Message----- > From: SOLER SANGUESA Miguel > Sent: Friday, January 10, 2020 10:46 > To: Florence Blanc-Renaud <f...@redhat.com>; FreeIPA users list > <freeipa-users@lists.fedorahosted.org> > Subject: RE: [Freeipa-users] Problem adding a RHEL 8.1 client > > Hello again, > > I have tried to create a connection with the cipher is used on the client > install and I get this: > [root@client01 ~]# openssl s_client -connect > server2.ipa.domain.org:636 -cipher ECDHE-RSA-AES256-GCM-SHA384 > CONNECTED(00000003) > depth=1 O = IPA.DOMAIN.ORG, CN = Certificate Authority verify > error:num=19:self signed certificate in certificate chain verify > return:1 > depth=1 O = IPA.DOMAIN.ORG, CN = Certificate Authority verify return:1 > depth=0 O = IPA.DOMAIN.ORG, CN = server2.ipa.domain.org verify > return:1 > --- > Certificate chain > 0 s:O = IPA.DOMAIN.ORG, CN = server2.ipa.domain.org > i:O = IPA.DOMAIN.ORG, CN = Certificate Authority > 1 s:O = IPA.DOMAIN.ORG, CN = Certificate Authority > i:O = IPA.DOMAIN.ORG, CN = Certificate Authority > --- > Server certificate > -----BEGIN CERTIFICATE----- > MIIEtTCCA52gAwIBAgIED/8BuzANBgkqhkiG9w0BAQsFADA4MRYwFAYDVQQKDA1J > .... > 3Z4Moyqlg+wT > -----END CERTIFICATE----- > subject=O = IPA.DOMAIN.ORG, CN = server2.ipa.domain.org > > issuer=O = IPA.DOMAIN.ORG, CN = Certificate Authority > > --- > Acceptable client certificate CA names O = IPA.DOMAIN.ORG, CN = > Certificate Authority Requested Signature Algorithms: > ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ECDSA+SHA1:RSA-PSS+SHA256:RSA-P > SS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:RSA+SHA1:DSA > +SHA256:DSA+SHA384:DSA+SHA512:DSA+SHA1 > Shared Requested Signature Algorithms: > ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:R > SA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 > Peer signing digest: SHA256 > Peer signature type: RSA-PSS > Server Temp Key: X25519, 253 bits > --- > SSL handshake has read 2734 bytes and written 365 bytes Verification > error: self signed certificate in certificate chain > --- > New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256 <------- Changes the cipher, > but it is also enbled on server side. > Server public key is 2048 bit > Secure Renegotiation IS NOT supported <------------- ???? > Compression: NONE > Expansion: NONE > No ALPN negotiated > Early data was not sent > Verify return code: 19 (self signed certificate in certificate chain) > --- > > Executing the same command on a RHEL 7 I don't have the err=19 (self signed > certificate complain), also the " Shared Requested Signature Algorithms" are > more and " Server Temp Key" different: > Shared Requested Signature Algorithms: > ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ECDSA+SHA1:RSA+SHA256:RSA+SHA38 > 4:RSA+SHA512:RSA+SHA1:DSA+SHA256:DSA+SHA384:DSA+SHA512:DSA+SHA1 > Server Temp Key: ECDH, P-256, 256 bits > > Thanks & Regards. > > -----Original Message----- > From: SOLER SANGUESA Miguel > Sent: Friday, January 10, 2020 10:26 > To: Florence Blanc-Renaud <f...@redhat.com>; FreeIPA users list > <freeipa-users@lists.fedorahosted.org> > Subject: RE: [Freeipa-users] Problem adding a RHEL 8.1 client > > Hello, > > The list of ciphers seems OK (it is the one showed on the debug logs: " > TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: enabled"), and also the SSL version > range is from TLS1.0 to TLS1.3. I have also added lines with 'ERR' or 'WARN': > [10/Jan/2020:08:53:57.993429356 +0100] - ERR - oc_check_allowed_sv - > Entry "cn=encryption,cn=config" -- attribute "CACertExtractFile" not > allowed > [10/Jan/2020:08:53:57.999532781 +0100] - WARN - Security Initialization - SSL > alert: Sending pin request to SVRCore. You may need to run > systemd-tty-ask-password-agent to provide the password. > [10/Jan/2020:08:53:58.005282229 +0100] - INFO - slapd_extract_cert - > SERVER CERT NAME: Server-Cert > [10/Jan/2020:08:53:58.013492586 +0100] - INFO - Security Initialization - SSL > info: Enabling default cipher set. > [10/Jan/2020:08:53:58.021112518 +0100] - INFO - Security Initialization - SSL > info: Configured NSS Ciphers > [10/Jan/2020:08:53:58.023818570 +0100] - INFO - Security Initialization - SSL > info: TLS_AES_128_GCM_SHA256: enabled > [10/Jan/2020:08:53:58.025012562 +0100] - INFO - Security Initialization - SSL > info: TLS_CHACHA20_POLY1305_SHA256: enabled > [10/Jan/2020:08:53:58.026865854 +0100] - INFO - Security Initialization - SSL > info: TLS_AES_256_GCM_SHA384: enabled > [10/Jan/2020:08:53:58.027909825 +0100] - INFO - Security Initialization - SSL > info: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: enabled > [10/Jan/2020:08:53:58.028910559 +0100] - INFO - Security Initialization - SSL > info: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: enabled > [10/Jan/2020:08:53:58.030192210 +0100] - INFO - Security Initialization - SSL > info: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: enabled > [10/Jan/2020:08:53:58.032707645 +0100] - INFO - Security Initialization - SSL > info: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: enabled > [10/Jan/2020:08:53:58.038511038 +0100] - INFO - Security Initialization - SSL > info: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: enabled > [10/Jan/2020:08:53:58.042101912 +0100] - INFO - Security Initialization - SSL > info: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: enabled > [10/Jan/2020:08:53:58.047331242 +0100] - INFO - Security Initialization - SSL > info: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: enabled > [10/Jan/2020:08:53:58.053222255 +0100] - INFO - Security Initialization - SSL > info: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: enabled > [10/Jan/2020:08:53:58.059417443 +0100] - INFO - Security Initialization - SSL > info: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: enabled > [10/Jan/2020:08:53:58.065215952 +0100] - INFO - Security Initialization - SSL > info: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: enabled > [10/Jan/2020:08:53:58.066816630 +0100] - INFO - Security Initialization - SSL > info: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: enabled > [10/Jan/2020:08:53:58.070814501 +0100] - INFO - Security Initialization - SSL > info: TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled > [10/Jan/2020:08:53:58.076808934 +0100] - INFO - Security Initialization - SSL > info: TLS_DHE_DSS_WITH_AES_256_CBC_SHA: enabled > [10/Jan/2020:08:53:58.082326398 +0100] - INFO - Security Initialization - SSL > info: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: enabled > [10/Jan/2020:08:53:58.085812594 +0100] - INFO - Security Initialization - SSL > info: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: enabled > [10/Jan/2020:08:53:58.088603987 +0100] - INFO - Security Initialization - SSL > info: TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256: enabled > [10/Jan/2020:08:53:58.095429780 +0100] - INFO - Security Initialization - SSL > info: TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled > [10/Jan/2020:08:53:58.097605520 +0100] - INFO - Security Initialization - SSL > info: TLS_DHE_DSS_WITH_AES_128_CBC_SHA: enabled > [10/Jan/2020:08:53:58.099003065 +0100] - INFO - Security Initialization - SSL > info: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: enabled > [10/Jan/2020:08:53:58.101106312 +0100] - INFO - Security Initialization - SSL > info: TLS_RSA_WITH_AES_256_GCM_SHA384: enabled > [10/Jan/2020:08:53:58.102701393 +0100] - INFO - Security Initialization - SSL > info: TLS_RSA_WITH_AES_256_CBC_SHA: enabled > [10/Jan/2020:08:53:58.105723970 +0100] - INFO - Security Initialization - SSL > info: TLS_RSA_WITH_AES_256_CBC_SHA256: enabled > [10/Jan/2020:08:53:58.107107490 +0100] - INFO - Security Initialization - SSL > info: TLS_RSA_WITH_AES_128_GCM_SHA256: enabled > [10/Jan/2020:08:53:58.110522147 +0100] - INFO - Security Initialization - SSL > info: TLS_RSA_WITH_AES_128_CBC_SHA: enabled > [10/Jan/2020:08:53:58.113200222 +0100] - INFO - Security Initialization - SSL > info: TLS_RSA_WITH_AES_128_CBC_SHA256: enabled > [10/Jan/2020:08:53:58.126201090 +0100] - INFO - Security Initialization - > slapd_ssl_init2 - Configured SSL version range: min: TLS1.0, max: TLS1.3 ... > [10/Jan/2020:08:54:02.128378609 +0100] - WARN - default_mr_indexer_create - > Plugin [caseIgnoreIA5Match] does not handle caseExactIA5Match ... > [10/Jan/2020:08:54:02.268900495 +0100] - ERR - schema-compat-plugin - > scheduled schema-compat-plugin tree scan in about 5 seconds after the server > startup! > [10/Jan/2020:08:54:02.283005210 +0100] - WARN - NSACLPlugin - > acl_parse - The ACL target cn=ng,cn=compat,dc=ipa,dc=domain,dc=org > does not exist > [10/Jan/2020:08:54:02.284850029 +0100] - WARN - NSACLPlugin - > acl_parse - The ACL target ou=sudoers,dc=ipa,dc=domain,dc=org does not > exist > [10/Jan/2020:08:54:02.291534216 +0100] - WARN - NSACLPlugin - > acl_parse - The ACL target cn=users,cn=compat,dc=ipa,dc=domain,dc=org > does not exist > [10/Jan/2020:08:54:02.296575693 +0100] - WARN - NSACLPlugin - > acl_parse - The ACL target cn=vaults,cn=kra,dc=ipa,dc=domain,dc=org > does not exist > [10/Jan/2020:08:54:02.300672868 +0100] - WARN - NSACLPlugin - > acl_parse - The ACL target cn=vaults,cn=kra,dc=ipa,dc=domain,dc=org > does not exist > [10/Jan/2020:08:54:02.306498604 +0100] - WARN - NSACLPlugin - > acl_parse - The ACL target cn=vaults,cn=kra,dc=ipa,dc=domain,dc=org > does not exist > [10/Jan/2020:08:54:02.312925397 +0100] - WARN - NSACLPlugin - > acl_parse - The ACL target cn=vaults,cn=kra,dc=ipa,dc=domain,dc=org > does not exist > [10/Jan/2020:08:54:02.316251285 +0100] - WARN - NSACLPlugin - > acl_parse - The ACL target cn=vaults,cn=kra,dc=ipa,dc=domain,dc=org > does not exist > [10/Jan/2020:08:54:02.318903023 +0100] - WARN - NSACLPlugin - > acl_parse - The ACL target cn=vaults,cn=kra,dc=ipa,dc=domain,dc=org > does not exist > [10/Jan/2020:08:54:02.324020591 +0100] - WARN - NSACLPlugin - > acl_parse - The ACL target cn=vaults,cn=kra,dc=ipa,dc=domain,dc=org > does not exist > [10/Jan/2020:08:54:02.327893713 +0100] - WARN - NSACLPlugin - > acl_parse - The ACL target cn=vaults,cn=kra,dc=ipa,dc=domain,dc=org > does not exist > [10/Jan/2020:08:54:02.334512981 +0100] - WARN - NSACLPlugin - > acl_parse - The ACL target cn=vaults,cn=kra,dc=ipa,dc=domain,dc=org > does not exist > [10/Jan/2020:08:54:02.338954980 +0100] - WARN - NSACLPlugin - > acl_parse - The ACL target cn=vaults,cn=kra,dc=ipa,dc=domain,dc=org > does not exist > [10/Jan/2020:08:54:02.341830396 +0100] - WARN - NSACLPlugin - > acl_parse - The ACL target cn=vaults,cn=kra,dc=ipa,dc=domain,dc=org > does not exist > [10/Jan/2020:08:54:02.343118609 +0100] - WARN - NSACLPlugin - > acl_parse - The ACL target > cn=computers,cn=compat,dc=ipa,dc=domain,dc=org does not exist > [10/Jan/2020:08:54:02.346506279 +0100] - WARN - NSACLPlugin - > acl_parse - The ACL target cn=groups,cn=compat,dc=ipa,dc=domain,dc=org > does not exist > [10/Jan/2020:08:54:02.359003489 +0100] - WARN - NSACLPlugin - > acl_parse - The ACL target cn=casigningcert > cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=ipa,dc=domain,dc=org does > not exist > [10/Jan/2020:08:54:02.361548258 +0100] - WARN - NSACLPlugin - > acl_parse - The ACL target cn=casigningcert > cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=ipa,dc=domain,dc=org does > not exist > [10/Jan/2020:08:54:02.449783407 +0100] - WARN - NSACLPlugin - > acl_parse - The ACL target cn=automember rebuild > membership,cn=tasks,cn=config does not exist > [10/Jan/2020:08:54:02.489813637 +0100] - INFO - slapd_daemon - slapd > started. Listening on All Interfaces port 389 for LDAP requests > [10/Jan/2020:08:54:02.498610374 +0100] - INFO - slapd_daemon - > Listening on All Interfaces port 636 for LDAPS requests > [10/Jan/2020:08:54:02.502099316 +0100] - INFO - slapd_daemon - > Listening on /var/run/slapd-IPA-DOMAIN-ORG.socket for LDAPI requests > [10/Jan/2020:08:54:02.506101255 +0100] - ERR - set_krb5_creds - Could > not get initial credentials for principal > [ldap/server2.ipa.domain....@ipa.domain.org] in keytab > [FILE:/etc/dirsrv/ds.keytab]: -1765328324 (Generic error (see e-text)) > [10/Jan/2020:08:54:02.560926332 +0100] - ERR - schema-compat-plugin - > schema-compat-plugin tree scan will start in about 5 seconds! > [10/Jan/2020:08:54:11.584790390 +0100] - ERR - schema-compat-plugin - > warning: no entries set up under cn=computers, > cn=compat,dc=ipa,dc=domain,dc=org > [10/Jan/2020:08:54:11.592447129 +0100] - ERR - schema-compat-plugin - > Finished plugin initialization. > > On the client side, seems it is also abailabe: > [root@client01 ~]# openssl ciphers -v | grep ECDHE-RSA-AES256-GCM > ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) > Mac=AEAD > > > Thanks & Regards. > > -----Original Message----- > From: Florence Blanc-Renaud <f...@redhat.com> > Sent: Thursday, January 09, 2020 21:06 > To: FreeIPA users list <freeipa-users@lists.fedorahosted.org> > Cc: SOLER SANGUESA Miguel <sol...@unicc.org> > Subject: Re: [Freeipa-users] Problem adding a RHEL 8.1 client > > On 1/9/20 4:07 PM, SOLER SANGUESA Miguel via FreeIPA-users wrote: >> Hello, >> >> I'm trying to add a RHEL 8.1 client with the following spec: >> >> OS: RHEL 8.1 (Ootpa) >> >> IPA: ipa-client-4.8.0-10 >> >> SSSD: sssd-2.2.0-19.el8.x86_64 >> >> My IDM server has: >> >> OS: RHEL 7.7 (Maipo) >> >> IPA: ipa-server-4.6.5-11.el7_7.3 >> >> SSSD: sssd-1.16.4-21.el7_7.1 >> >> When I try to add the client using "ipa-client-install" I get the error: >> >> This program will set up IPA client. >> >> Version 4.8.0 >> >> Discovery was successful! >> >> Do you want to configure chrony with NTP server or pool address? [no]: >> >> Client hostname: client01.svc.domain.org >> >> Realm: IPA.DOMAIN.ORG >> >> DNS Domain: ipa.domain.org >> >> IPA Server: icidmpdc1.ipa.domain.org >> >> BaseDN: dc=ipa,dc=domain,dc=org >> >> Continue to configure the system with these values? [no]: yes >> >> Synchronizing time >> >> Configuration of chrony was changed by installer. >> >> Attempting to sync time with chronyc. >> >> Time synchronization was successful. >> >> Successfully retrieved CA cert >> >> Subject: CN=Certificate Authority,O=IPA.DOMAIN.ORG >> >> Issuer: CN=Certificate Authority,O=IPA.DOMAIN.ORG >> >> Valid From: 2016-03-04 15:13:38 >> >> Valid Until: 2036-03-04 15:13:38 >> >> Joining realm failed: Unable to initialize STARTTLS session >> >> Failed to bind to server! >> >> Retrying with pre-4.0 keytab retrieval method... >> >> Unable to initialize STARTTLS session >> >> Failed to bind to server! >> >> Failed to get keytab >> >> child exited with 9 >> >> Installation failed. Rolling back changes. >> >> Disabling client Kerberos and LDAP configurations >> >> Restoring client configuration files >> >> nslcd daemon is not installed, skip configuration >> >> Client uninstall complete. >> >> The ipa-client-install command failed. See >> /var/log/ipaclient-install.log for more information >> >> The entire debug log is attached. It fails doing the "join". It >> doesn't happened when I add a client with RHEL 7.X, also I think it >> was also working with RHEL 8.0. >> >> Can anyone please, let me know why it is not working? >> > Hi, > > can you paste the content of /var/log/dirsrv/slapd-<DOMAIN>/errors (on the > master) that is related to SSL: > - INFO - Security Initialization - SSL info: Enabling default cipher set. > - INFO - Security Initialization - SSL info: Configured NSS Ciphers > - INFO - Security Initialization - SSL info: TLS_AES_128_GCM_SHA256: > enabled > [... list of all ciphers] > - INFO - Security Initialization - SSL info: > TLS_RSA_WITH_AES_128_CBC_SHA256: enabled > - INFO - Security Initialization - slapd_ssl_init2 - Configured SSL > version range: min: TLS1.0, max: TLS1.3 > > The full list of ciphers and the SSL range may help understand the issue. > > flo > >> Thanks & Regards. >> >> >> _______________________________________________ >> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org >> To unsubscribe send an email to >> freeipa-users-le...@lists.fedorahosted.org >> Fedora Code of Conduct: >> https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdoc >> s >> .fedoraproject.org%2Fen-US%2Fproject%2Fcode-of-conduct%2F&data=02 >> % >> 7C01%7Csolerm%40unicc.org%7C572ac438c3f44f353f6208d7953f57d3%7Ca33def >> 5 >> 739f8400593ede80266830257%7C0%7C0%7C637141971601947392&sdata=%2FX >> m >> p17T3G8G6HelhTlBMbbwk2Z0XRRbk1JOMsEZAfXM%3D&reserved=0 >> List Guidelines: >> https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffed >> o >> raproject.org%2Fwiki%2FMailing_list_guidelines&data=02%7C01%7Csol >> e >> rm%40unicc.org%7C572ac438c3f44f353f6208d7953f57d3%7Ca33def5739f840059 >> 3 >> ede80266830257%7C0%7C0%7C637141971601957347&sdata=KCpN67a3VP%2B7W >> 1 >> TWNLSjIjlcJTioY6phCrJPjIWB%2BFE%3D&reserved=0 >> List Archives: >> https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flis >> t >> s.fedorahosted.org%2Farchives%2Flist%2Ffreeipa-users%40lists.fedoraho >> s >> ted.org&data=02%7C01%7Csolerm%40unicc.org%7C572ac438c3f44f353f620 >> 8 >> d7953f57d3%7Ca33def5739f8400593ede80266830257%7C0%7C0%7C6371419716019 >> 5 >> 7347&sdata=ayLDi6PUsROquosBP%2Bkbh9KGoPGGHL4PyIabw3FloKQ%3D&r >> e >> served=0 >> > _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org