[Bug 730046] New: LDAP server: Samba cannot talk to LDAP over TLS
https://bugzilla.novell.com/show_bug.cgi?id=730046 https://bugzilla.novell.com/show_bug.cgi?id=730046#c0 Summary: LDAP server: Samba cannot talk to LDAP over TLS Classification: openSUSE Product: openSUSE 11.4 Version: Final Platform: x86-64 OS/Version: openSUSE 11.4 Status: NEW Severity: Major Priority: P5 - None Component: YaST2 AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: lynn@steve-ss.com QAContact: jsrain@suse.com Found By: --- Blocker: --- Created an attachment (id=461810) --> (http://bugzilla.novell.com/attachment.cgi?id=461810) The samba config file User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.102 Safari/535.2 When using TLS between Samba and LDAP, the folowing error occurs: Nov 10 11:20:16 hh1 smbd[6066]: [2011/11/10 11:20:16.268556, 0] lib/smbldap.c:731(smb_ldap_start_tls) Nov 10 11:20:16 hh1 smbd[6066]: Failed to issue the StartTLS instruction: I feel that this is an important security issue and I have offered a solution. Could you also fix it for 12.1? Reproducible: Always Steps to Reproduce: 1.Using Yast throughout 2.Create root CA 3.Enter it. create and export common server certificaes 4.Make sure that your FQDN matches the CN of the certificates. 5. LDAP server - use tls - use common server certificate 6. Copy YaST-CA.pem to /srv/www/htdocs 7. ldap client check tls box and download the CA from the webserver (there ought to be a way of specifying a file here rather than have to download it from a webserver) 8 ldap client - advanced configuration - create default config 9. Samba server - Identity - PDC - Ldap settings - use ldap 10. Give root password so that other machines can join the samba created domain. Actual Results: Samba does not communicate with LDAP over tls. See error above. Expected Results: Samba connects to LDAP over a TLS connection It seems that the CA certificate is not being detected. The problem can be solved by adding: TLS_REQCERT hard TLS_CACERT /etc/openldap/cacerts/YaST-CA.pem to /etc/openldap/ldap.conf -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=730046
https://bugzilla.novell.com/show_bug.cgi?id=730046#c1
Lars Müller
https://bugzilla.novell.com/show_bug.cgi?id=730046
https://bugzilla.novell.com/show_bug.cgi?id=730046#c2
--- Comment #2 from lynn wilson
https://bugzilla.novell.com/show_bug.cgi?id=730046
https://bugzilla.novell.com/show_bug.cgi?id=730046#c3
lynn wilson
https://bugzilla.novell.com/show_bug.cgi?id=730046
https://bugzilla.novell.com/show_bug.cgi?id=730046#c4
Ralf Haferkamp
Created an attachment (id=461810) --> (http://bugzilla.novell.com/attachment.cgi?id=461810) [details] The samba config file
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.102 Safari/535.2
When using TLS between Samba and LDAP, the folowing error occurs:
Nov 10 11:20:16 hh1 smbd[6066]: [2011/11/10 11:20:16.268556, 0] lib/smbldap.c:731(smb_ldap_start_tls) Nov 10 11:20:16 hh1 smbd[6066]: Failed to issue the StartTLS instruction: When do you get this error message? Always when starting smbd or only when booting?
I get this message when booting into the system and that seems to be an issue with either samba's or slapd's init script or systemd. Samba seems to be started before OpenLDAP is accepting incoming requests. When using sysvinit the OpenLDAP initscript takes care the it does not succeed until the Server is able to process request (by doing some ldapsearch magic). But I also see that samba's init script does not have a dependency on OpenLDAP. Lars: Should there be "ldap" listed in "Should-Start" of /etc/init.d/smb
I feel that this is an important security issue and I have offered a solution.
Reproducible: Always
Steps to Reproduce: 1.Using Yast throughout 2.Create root CA 3.Enter it. create and export common server certificaes 4.Make sure that your FQDN matches the CN of the certificates. 5. LDAP server - use tls - use common server certificate 6. Copy YaST-CA.pem to /srv/www/htdocs 7. ldap client check tls box and download the CA from the webserver (there ought to be a way of specifying a file here rather than have to download it from a webserver) There is. Either just enter a file:/// URL or go to the advanced settings. There you'll find option to either select a file or directory manually. I agree
I don't see yet why this should be a security issue. [..] though that it could be implemented better from a usuabilty point of view. OTOH, if you setup the LDAP Server on the localhost you shouldn't need to configure any TLS Settings in ldap-client. The yast2-ldap-server module already configures that for you (at least it did here).
Actual Results: Samba does not communicate with LDAP over tls. See error above. Hm, I only get this error once when booting it still seems to work afterwards.
It seems that the CA certificate is not being detected.
The problem can be solved by adding:
TLS_REQCERT hard TLS_CACERT /etc/openldap/cacerts/YaST-CA.pem Usually yast2-ldap-client does this already. Please attach YaST logs (/var/log/YaST/*)
to /etc/openldap/ldap.conf
-- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=730046
https://bugzilla.novell.com/show_bug.cgi?id=730046#c5
--- Comment #5 from lynn wilson
https://bugzilla.novell.com/show_bug.cgi?id=730046
https://bugzilla.novell.com/show_bug.cgi?id=730046#c6
lynn wilson
https://bugzilla.novell.com/show_bug.cgi?id=730046
https://bugzilla.novell.com/show_bug.cgi?id=730046#c7
--- Comment #7 from lynn wilson
https://bugzilla.novell.com/show_bug.cgi?id=730046
https://bugzilla.novell.com/show_bug.cgi?id=730046#c8
--- Comment #8 from lynn wilson
(In reply to comment #0)
Created an attachment (id=461810) --> (http://bugzilla.novell.com/attachment.cgi?id=461810) [details] [details] The samba config file
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.102 Safari/535.2
When using TLS between Samba and LDAP, the folowing error occurs:
Nov 10 11:20:16 hh1 smbd[6066]: [2011/11/10 11:20:16.268556, 0] lib/smbldap.c:731(smb_ldap_start_tls) Nov 10 11:20:16 hh1 smbd[6066]: Failed to issue the StartTLS instruction: When do you get this error message? Always when starting smbd or only when booting?
I get this message when booting into the system and that seems to be an issue with either samba's or slapd's init script or systemd. Samba seems to be started before OpenLDAP is accepting incoming requests. When using sysvinit the OpenLDAP initscript takes care the it does not succeed until the Server is able to process request (by doing some ldapsearch magic). But I also see that samba's init script does not have a dependency on OpenLDAP.
Lars: Should there be "ldap" listed in "Should-Start" of /etc/init.d/smb
I feel that this is an important security issue and I have offered a solution.
I don't see yet why this should be a security issue.
[..]
Reproducible: Always
Steps to Reproduce: 1.Using Yast throughout 2.Create root CA 3.Enter it. create and export common server certificaes 4.Make sure that your FQDN matches the CN of the certificates. 5. LDAP server - use tls - use common server certificate 6. Copy YaST-CA.pem to /srv/www/htdocs 7. ldap client check tls box and download the CA from the webserver (there ought to be a way of specifying a file here rather than have to download it from a webserver) There is. Either just enter a file:/// URL or go to the advanced settings.
There are no 'advanced settings'. I think you mean ;Advanced Configuration.' no?
There you'll find option to either select a file or directory manually. though that it could be implemented better from a usuabilty point of view.e
It really does need improving. It's almost as bad as the Yast printer setup module. Only joking. Yast chooses: /etc/openldap/cacerts/
OTOH, if you setup the LDAP Server on the localhost you shouldn't need to configure any TLS Settings in ldap-client. The yast2-ldap-server module already configures that for you (at least it did here).
Actual Results: Samba does not communicate with LDAP over tls. See error above. Hm, I only get this error once when booting it still seems to work afterwards.
It seems that the CA certificate is not being detected.
The problem can be solved by adding:
TLS_REQCERT hard TLS_CACERT /etc/openldap/cacerts/YaST-CA.pem Usually yast2-ldap-client does this already. Please attach YaST logs (/var/log/YaST/*)
to /etc/openldap/ldap.conf
-- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=730046
https://bugzilla.novell.com/show_bug.cgi?id=730046#c9
--- Comment #9 from lynn wilson
Yast produces this: [..] uri ldap://hh1.site base dc=site TLS_CACERTDIR /etc/openldap/cacerts/
The certificate is not found and Samba cannot communicate with LDAP via TLS. Yast does not add the two lines I have given in my solution to this. TLS_REQCERT hard doesn't need to be added because it is the hardcoded default when no setting is
https://bugzilla.novell.com/show_bug.cgi?id=730046
https://bugzilla.novell.com/show_bug.cgi?id=730046#c10
Ralf Haferkamp
I sent the y2log corresponding to the Yast LDAP client only. But I see that you wanted the whole lot! I tarred the files but it will not let me send anything over 10Mb. Do you really need everything? Do you want me to ftp is somewhere? y2log should be enough for now. But could you please additionally attach the output of: ldapsearch -x -ZZ -d -1 -b "" -s base +
(In reply to comment #8)
(In reply to comment #4)
(In reply to comment #0)
Created an attachment (id=461810) --> (http://bugzilla.novell.com/attachment.cgi?id=461810) [details] [details] [details] [..] There is. Either just enter a file:/// URL or go to the advanced settings.
There are no 'advanced settings'. I think you mean ;Advanced Configuration.' no? Yes, sorry. I was using the german localization on my test system didn't remember the correct button label in english.
There you'll find option to either select a file or directory manually. though that it could be implemented better from a usuabilty point of view.e
It really does need improving. It's almost as bad as the Yast printer setup module. Only joking. :)
Yast chooses: /etc/openldap/cacerts/ Yes, because that is where YaST put the certificate after downloading it.
-- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=730046
https://bugzilla.novell.com/show_bug.cgi?id=730046#c11
lynn wilson
https://bugzilla.novell.com/show_bug.cgi?id=730046
https://bugzilla.novell.com/show_bug.cgi?id=730046#c12
--- Comment #12 from lynn wilson
https://bugzilla.novell.com/show_bug.cgi?id=730046
https://bugzilla.novell.com/show_bug.cgi?id=730046#c13
Ralf Haferkamp
Created an attachment (id=464047) --> (http://bugzilla.novell.com/attachment.cgi?id=464047) [details] ldap search as requested This is missing the debug output I requested. Either you forget to attach the stderr output I request or you did add the "-d -1" command line options to the ldapsearch command. Please attach the complete output. Also paste your TLS_* settings in /etc/openldap/ldap.conf that were in use when running that command.
(In reply to comment #12)
ls -l /etc/openldap/cacerts/ total 8 lrwxrwxrwx 1 root root 10 Nov 24 18:00 513085ff.0 -> cacert.pem lrwxrwxrwx 1 root root 10 Nov 24 18:00 792682eb.0 -> cacert.pem -rw-r--r-- 1 root root 3056 Nov 24 18:00 cacert.pem Hm, this looks good actually.
Please remember that this is about Samba connecting to LDAP, not a user logging in from a linux client. I know. But the error messages you got from Samba seemed to indicate that something is wrong with your general LDAP setup. For Samba it should make no difference whether TLS_CACERTDIR or TLS_CACERT is used, as long as the directory is setup properly.
BTW, you seem to have overlooked one of my question from comment#4:
Nov 10 11:20:16 hh1 smbd[6066]: [2011/11/10 11:20:16.268556, 0] lib/smbldap.c:731(smb_ldap_start_tls) Nov 10 11:20:16 hh1 smbd[6066]: Failed to issue the StartTLS instruction:
When do you get this error message? Always when starting smbd or only when booting? What output does "pdbedit -L" give you? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=730046
https://bugzilla.novell.com/show_bug.cgi?id=730046#c14
lynn wilson
Nov 10 11:20:16 hh1 smbd[6066]: [2011/11/10 11:20:16.268556, 0] lib/smbldap.c:731(smb_ldap_start_tls) Nov 10 11:20:16 hh1 smbd[6066]: Failed to issue the StartTLS instruction: TLS does not work.
With my workaround: Nov 25 11:09:55 hh1 slapd[2017]: conn=1033 fd=21 ACCEPT from IP=192.168.1.2:55442 (IP=0.0.0. Nov 25 11:09:55 hh1 slapd[2017]: conn=1033 op=0 EXT oid=1.3.6.1.4.1.1466.20037 Nov 25 11:09:55 hh1 slapd[2017]: conn=1033 op=0 STARTTLS Nov 25 11:09:55 hh1 slapd[2017]: conn=1033 op=0 RESULT oid= err=0 text= Nov 25 11:09:55 hh1 slapd[2017]: conn=1033 fd=21 TLS established tls_ssf=256 ssf=256 Nov 25 11:09:55 hh1 slapd[2017]: conn=1033 op=1 BIND dn="cn=admin,dc=site" method=128 Nov 25 11:09:55 hh1 slapd[2017]: conn=1033 op=1 BIND dn="cn=admin,dc=site" mech=SIMPLE ssf=0 Nov 25 11:09:55 hh1 slapd[2017]: conn=1033 op=1 RESULT tag=97 err=0 text= Nov 25 11:09:55 hh1 slapd[2017]: conn=1033 op=2 SRCH base="" scope=0 deref=0 filter="(object Nov 25 11:09:55 hh1 slapd[2017]: conn=1033 op=2 SRCH attr=supportedControl Nov 25 11:09:55 hh1 slapd[2017]: conn=1033 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text= Nov 25 11:09:55 hh1 slapd[2017]: conn=1033 op=3 SRCH base="dc=site" scope=2 deref=0 filter=" Nov 25 11:09:55 hh1 slapd[2017]: conn=1033 op=3 SRCH attr=sambaDomainName sambaNextRid samba Nov 25 11:09:55 hh1 slapd[2017]: conn=1033 op=3 SEARCH RESULT tag=101 err=0 nentries=1 text= Nov 25 11:09:55 hh1 slapd[2017]: conn=1033 op=4 SRCH base="dc=site" scope=2 deref=0 filter=" Nov 25 11:09:55 hh1 slapd[2017]: conn=1033 op=4 SRCH attr=gidNumber sambaSID sambaGroupType TLS works fine - - - grep -v "#" ldap.conf base dc=site bind_policy soft pam_lookup_policy yes pam_password exop nss_initgroups_ignoreusers root,ldap nss_schema rfc2307bis nss_map_attribute uniqueMember member ssl start_tls uri ldap://hh1.site ldap_version 3 pam_filter objectClass=posixAccount tls_cacertfile /etc/openldap/cacert.pem - - - pdbedit -L root:0:root <snip> COMPUTER_1$:10001:COMPUTER_1$ STEVE-PC$:10002:STEVE-PC$ <snip> lynn2:1001:l steve2:1003:s It doesn't really matter. _I_ know how to fix it. But that's selfish. The point is, I'd like to help others to use Yast too. Please let me know if we're getting anywhere. Is it a big problem to be able to apply the workaround to Yast? It's only one or two lines in /etc/openldap/ldap.conf. Thanks L x -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=730046
https://bugzilla.novell.com/show_bug.cgi?id=730046#c15
Ralf Haferkamp
grep -v "#" ldap.conf base dc=site bind_policy soft pam_lookup_policy yes pam_password exop nss_initgroups_ignoreusers root,ldap nss_schema rfc2307bis nss_map_attribute uniqueMember member ssl start_tls uri ldap://hh1.site ldap_version 3 pam_filter objectClass=posixAccount tls_cacertfile /etc/openldap/cacert.pem Now this is not /etc/openldap/ldap.conf but /etc/ldap.conf. And it contains yet another certificate configuration. So which one acutally is the correct certificate? /etc/openldap/cacert.pem or /etc/openldap/cacerts/YaST-CA.pem (which you said you have in configured in /etc/openldap/ldap.conf in your initial comment) or even: /etc/openldap/certs/cacert.pem
Please let me know if we're getting anywhere. Is it a big problem to be able to apply the workaround to Yast? Because it shouldn't be needed. And I am trying to find out why YaST created a broken setup in your case. We should fix the real issue instead of adding workarounds. For Samba it doesn't matter if TLS_CACERTDIR or TLS_CACERT are used unless there is either a bug in samba or the openldap client libs. At least when the correct certificate is present in TLS_CACERTDIR and the dir is properly hashed with c_rehash (which it seems to be in your case).
-- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=730046
https://bugzilla.novell.com/show_bug.cgi?id=730046#c16
--- Comment #16 from Lars Müller
But I also see that samba's init script does not have a dependency on OpenLDAP.
Lars: Should there be "ldap" listed in "Should-Start" of /etc/init.d/smb
Sounds reasonable. The only potential issue I see is: You run Samba without using the ldap service. But I can't see how this would add more harm. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=730046
https://bugzilla.novell.com/show_bug.cgi?id=730046#c17
lynn wilson
(In reply to comment #4) [ 8< ]
But I also see that samba's init script does not have a dependency on OpenLDAP.
Lars: Should there be "ldap" listed in "Should-Start" of /etc/init.d/smb
Sounds reasonable.
The only potential issue I see is: You run Samba without using the ldap service. But I can't see how this would add more harm.
Running Samba without ldap does not give us single sign on nor a convenient place to store names, addresses and 'phone numbers. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=730046
https://bugzilla.novell.com/show_bug.cgi?id=730046#c18
--- Comment #18 from Bernhard Wiedemann
https://bugzilla.novell.com/show_bug.cgi?id=730046
https://bugzilla.novell.com/show_bug.cgi?id=730046#c19
--- Comment #19 from Lars Müller
[ 8< ]
But I also see that samba's init script does not have a dependency on OpenLDAP.
Lars: Should there be "ldap" listed in "Should-Start" of /etc/init.d/smb
Sounds reasonable.
The only potential issue I see is: You run Samba without using the ldap service. But I can't see how this would add more harm.
Running Samba without ldap does not give us single sign on nor a convenient place to store names, addresses and 'phone numbers.
Sorry, you missed the point. We talked about the service dependencies as they're defined in the init scripts "headers". In this particular case these two lines show how it will soon look in openSUSE after submit request #93688 got accepted: # Should-Start: cupsd winbind nmb ldap # Should-Stop: cupsd winbind nmb ldap This is all not about your particular use case. This is about how we design the service dependencies in general and abstract. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=730046
https://bugzilla.novell.com/show_bug.cgi?id=730046#c20
--- Comment #20 from lynn wilson
(In reply to comment #17) [ 8< ]
[ 8< ]
But I also see that samba's init script does not have a dependency on OpenLDAP.
Lars: Should there be "ldap" listed in "Should-Start" of /etc/init.d/smb
Sounds reasonable.
The only potential issue I see is: You run Samba without using the ldap service. But I can't see how this would add more harm.
Running Samba without ldap does not give us single sign on nor a convenient place to store names, addresses and 'phone numbers.
Sorry, you missed the point. We talked about the service dependencies as they're defined in the init scripts "headers".
In this particular case these two lines show how it will soon look in openSUSE after submit request #93688 got accepted:
# Should-Start: cupsd winbind nmb ldap # Should-Stop: cupsd winbind nmb ldap
This is all not about your particular use case. This is about how we design the service dependencies in general and abstract.
Lars, thanks for taking the time to explain this. I'm not a programmer nor bug fixer but know enough about LDAP to set up a server. So sometimes I cannot understand what you are saying at your level of understanding. I'm not a newbie either but sometimes bug reporting goes way over the top of the original requester and branches out to places that a user on my level has no comprehension of. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=730046
https://bugzilla.novell.com/show_bug.cgi?id=730046#c21
--- Comment #21 from lynn wilson
# Should-Start: cupsd winbind nmb ldap # Should-Stop: cupsd winbind nmb ldap mean that this is a fix? Will it now be submitted and the bug solved? Thanks.
-- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=730046
https://bugzilla.novell.com/show_bug.cgi?id=730046#c22
--- Comment #22 from Lars Müller
https://bugzilla.novell.com/show_bug.cgi?id=730046
https://bugzilla.novell.com/show_bug.cgi?id=730046#c23
--- Comment #23 from Bernhard Wiedemann
https://bugzilla.novell.com/show_bug.cgi?id=730046
https://bugzilla.novell.com/show_bug.cgi?id=730046#c24
--- Comment #24 from Bernhard Wiedemann
https://bugzilla.novell.com/show_bug.cgi?id=730046
https://bugzilla.novell.com/show_bug.cgi?id=730046#c25
--- Comment #25 from Ralf Haferkamp
Sorry to ask but this has got to a stage where I feel useless and feel that I am wasting your time but have you actually reproduced the bug? Have you seen for yourselves that doing what I did does not do what it ought to do? No, I was not able to reproduce your problems.
I can reproduce the bug in 12.1. Will any future solution also be carried forward to 12.1 too? If we find a bug we will of course include the fix in 12.1.
Does the comment
# Should-Start: cupsd winbind nmb ldap # Should-Stop: cupsd winbind nmb ldap mean that this is a fix? Will it now be submitted and the bug solved? No, this was just a separate issue we found while trying to analyze this bug.
-- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=730046
https://bugzilla.novell.com/show_bug.cgi?id=730046#c26
Ralf Haferkamp
https://bugzilla.novell.com/show_bug.cgi?id=730046
https://bugzilla.novell.com/show_bug.cgi?id=730046#c27
--- Comment #27 from lynn wilson
https://bugzilla.novell.com/show_bug.cgi?id=730046
https://bugzilla.novell.com/show_bug.cgi?id=730046#c28
--- Comment #28 from lynn wilson
https://bugzilla.novell.com/show_bug.cgi?id=730046
https://bugzilla.novell.com/show_bug.cgi?id=730046#c29
--- Comment #29 from lynn wilson
https://bugzilla.novell.com/show_bug.cgi?id=730046
https://bugzilla.novell.com/show_bug.cgi?id=730046#c30
--- Comment #30 from lynn wilson
https://bugzilla.novell.com/show_bug.cgi?id=730046
https://bugzilla.novell.com/show_bug.cgi?id=730046#c31
lynn wilson
https://bugzilla.novell.com/show_bug.cgi?id=730046
https://bugzilla.novell.com/show_bug.cgi?id=730046#c32
--- Comment #32 from lynn wilson
https://bugzilla.novell.com/show_bug.cgi?id=730046
https://bugzilla.novell.com/show_bug.cgi?id=730046#c
lynn wilson
https://bugzilla.novell.com/show_bug.cgi?id=730046
https://bugzilla.novell.com/show_bug.cgi?id=730046#c
Ralf Haferkamp
https://bugzilla.novell.com/show_bug.cgi?id=730046
https://bugzilla.novell.com/show_bug.cgi?id=730046#c
Ralf Haferkamp
https://bugzilla.novell.com/show_bug.cgi?id=730046
https://bugzilla.novell.com/show_bug.cgi?id=730046#c
Ralf Haferkamp
https://bugzilla.novell.com/show_bug.cgi?id=730046
https://bugzilla.novell.com/show_bug.cgi?id=730046#c33
Ralf Haferkamp
https://bugzilla.novell.com/show_bug.cgi?id=730046
https://bugzilla.novell.com/show_bug.cgi?id=730046#c34
--- Comment #34 from lynn wilson
https://bugzilla.novell.com/show_bug.cgi?id=730046
https://bugzilla.novell.com/show_bug.cgi?id=730046#c
lynn wilson
https://bugzilla.novell.com/show_bug.cgi?id=730046
https://bugzilla.novell.com/show_bug.cgi?id=730046#c35
Ralf Haferkamp
https://bugzilla.novell.com/show_bug.cgi?id=730046
https://bugzilla.novell.com/show_bug.cgi?id=730046#c36
--- Comment #36 from Bernhard Wiedemann
participants (1)
-
bugzilla_noreply@novell.com