What is wrong with my FreeIPA configuration

I have a server FreeIPA connected with Windows AD server. Here is some environment data:

freeipaad.schkrat.local (Active Directory , DNS MS Windows Server 2012 R2 Datacenter Evaluation x64)
ipaserver.schkrat.ipa (FreeIPA server, CentOS release 6.6 (Final) x64)

IPA version components:

sssd-ipa-1.11.6-30.el6.x86_64
ipa-pki-common-theme-9.0.3-7.el6.noarch
ipa-server-3.0.0-42.el6.centos.x86_64
ipa-pki-ca-theme-9.0.3-7.el6.noarch
libipa_hbac-python-1.11.6-30.el6.x86_64
ipa-admintools-3.0.0-42.el6.centos.x86_64
ipa-server-trust-ad-3.0.0-42.el6.centos.x86_64
python-iniparse-0.3.1-2.1.el6.noarch
ipa-client-3.0.0-42.el6.centos.x86_64
ipa-server-selinux-3.0.0-42.el6.centos.x86_64
ipa-python-3.0.0-42.el6.centos.x86_64
libipa_hbac-1.11.6-30.el6.x86_64

HBAC test works:
ipa hbactest --user=wintest --host=ipbclient.schkrat.ipa --service=sshd
--------------------
Access granted: True
--------------------
Matched rules: access_all


We have a valid TRUST with AD:
[root@ipaserver sssd]# ipa trust-find
---------------
1 trust matched
---------------
Realm name: schkrat.local
Domain NetBIOS name: SCHKRAT
Domain Security Identifier: S-1-5-21-957296299-3555775235-3719493031
Trust type: Active Directory domain
----------------------------
Number of entries returned 1

The problem is when HBAC rule is set so that under "WHO" we select windows user. Then SSH access stops working:

Before HBAC:
Feb 17 08:21:07 ipbclient sshd[30058]: Accepted password for wintest@SCHKRAT.LOCAL from 10.13.40.233 port 34719 ssh2
Feb 17 08:21:07 ipbclient sshd[30058]: pam_unix(sshd:session): session opened for user wintest@SCHKRAT.LOCAL by (uid=0

After HBAC:
Feb 17 08:21:55 ipbclient sshd[30089]: pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.13.40.233 user=wintest@SCHKRAT.LOCAL
Feb 17 08:21:55 ipbclient sshd[30089]: pam_sss(sshd:account): Access denied for user wintest@SCHKRAT.LOCAL: 6 (Permission denied)
Feb 17 08:21:55 ipbclient sshd[30089]: Failed password for wintest@SCHKRAT.LOCAL from 10.13.40.233 port 34733 ssh2
Feb 17 08:21:55 ipbclient sshd[30091]: fatal: Access denied for user wintest@SCHKRAT.LOCAL by PAM account configuration


So what am i missing ?
schkratekAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

gheistCommented:
So you have oddjob-mkhomedir properly running?
0
schkratekAuthor Commented:
I have it running.. What is Properly running ? On the serve and on the client.. So what should i check
0
gheistCommented:
Check /var/log/secure, it should tell if something goes amiss in user login.
Basically mkhomedir should be in pam.d/system-auth somewhere around detecting if username and/or password is correct. Like next line after sssd module or so. Almost all pam modules take debug parameter to spit long details in same secure log. Try them one by one from beginning (no damage since it does not work anyway, though keep root session open and original system-auth at hand "just in case")
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

schkratekAuthor Commented:
As i said above in my first post /var/log/secure:

Feb 17 08:21:55 ipbclient sshd[30089]: pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.13.40.233 user=wintest@SCHKRAT.LOCAL
Feb 17 08:21:55 ipbclient sshd[30089]: pam_sss(sshd:account): Access denied for user wintest@SCHKRAT.LOCAL: 6 (Permission denied)
Feb 17 08:21:55 ipbclient sshd[30089]: Failed password for wintest@SCHKRAT.LOCAL from 10.13.40.233 port 34733 ssh2
Feb 17 08:21:55 ipbclient sshd[30091]: fatal: Access denied for user wintest@SCHKRAT.LOCAL by PAM account configuration

and this is my system-auth:
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      pam_env.so
auth        sufficient    pam_fprintd.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        sufficient    pam_sss.so use_first_pass
auth        required      pam_deny.so

account     required      pam_unix.so
account     sufficient    pam_localuser.so
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     [default=bad success=ok user_unknown=ignore] pam_sss.so
account     required      pam_permit.so

password    requisite     pam_cracklib.so try_first_pass retry=3 type=
password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password    sufficient    pam_sss.so use_authtok
password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     optional      pam_oddjob_mkhomedir.so umask=0077
session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session     required      pam_unix.so
session     optional      pam_sss.so
0
schkratekAuthor Commented:
this is the latest secure log with hbac rule enabled for pariculare group:

Mar 20 14:19:04 node1 sshd[10180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.13.40.233  user=wintest@SCHKRAT.LOCAL
Mar 20 14:19:04 node1 sshd[10180]: pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.13.40.233 user=wintest@SCHKRAT.LOCAL
Mar 20 14:19:04 node1 sshd[10180]: pam_sss(sshd:auth): received for user wintest@SCHKRAT.LOCAL: 4 (System error)
Mar 20 14:19:06 node1 sshd[10180]: Failed password for wintest@SCHKRAT.LOCAL from 10.13.40.233 port 42614 ssh2


and this is id of my wintest user:
[root@ipbclient ~]#  id wintest
uid=969800021(wintest) gid=969800021(wintest) groups=969800021(wintest)
[root@ipbclient ~]#  id wintest@schkrat.ipa
uid=969800021(wintest) gid=969800021(wintest) groups=969800021(wintest)
[root@ipbclient ~]#  id wintest@SCHKRAT.LOCAL
uid=1968601105(wintest@schkrat.local) gid=1968601105(wintest@schkrat.local) groups=1968601105(wintest@schkrat.local),969800013(ad_admins)
0
gheistCommented:
pam_sss wrongly denies authentication (account section works as seen by id command)
read "man pam_sss" and if it lets you add "debug" parameter to authentication section...
it will give you screenful of information (dont post it, parts are sensitive, like password text user supplied, encoded etc)
ask windows admin for security log originating from your machine around time you test... They may help you a lot.
0
schkratekAuthor Commented:
thank you.. will try that and let you know the result.. might be a late response because tomorrow i am out of office.. Will post as soon as i get some info
0
gheistCommented:
Dont worry... Just take care to disable debug output after as it makes logs sensitive data
0
schkratekAuthor Commented:
Sorry it takes so long.. Will post some new results today..
0
schkratekAuthor Commented:
Hello again..

Nothing specific about raising loglevel.. But i also added higher loglevel to the pam section:

(Thu Mar 26 16:14:14 2015) [sssd[pam]] [pam_check_user_search] (0x0400): Returning info for user [wintest@schkrat.local]
(Thu Mar 26 16:14:14 2015) [sssd[pam]] [pd_set_primary_name] (0x0400): User's primary name is wintest@schkrat.local
(Thu Mar 26 16:14:14 2015) [sssd[pam]] [pam_initgr_cache_set] (0x2000): [wintest@schkrat.local] added to PAM initgroup cache
(Thu Mar 26 16:14:14 2015) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending request with the following data:
(Thu Mar 26 16:14:14 2015) [sssd[pam]] [pam_print_data] (0x0100): command: PAM_AUTHENTICATE
(Thu Mar 26 16:14:14 2015) [sssd[pam]] [pam_print_data] (0x0100): domain: schkrat.local
(Thu Mar 26 16:14:14 2015) [sssd[pam]] [pam_print_data] (0x0100): user: wintest@schkrat.local
(Thu Mar 26 16:14:14 2015) [sssd[pam]] [pam_print_data] (0x0100): service: sshd
(Thu Mar 26 16:14:14 2015) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh
(Thu Mar 26 16:14:14 2015) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set
(Thu Mar 26 16:14:14 2015) [sssd[pam]] [pam_print_data] (0x0100): rhost: 10.13.40.233
(Thu Mar 26 16:14:14 2015) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 1
(Thu Mar 26 16:14:14 2015) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0
(Thu Mar 26 16:14:14 2015) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
(Thu Mar 26 16:14:14 2015) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 2633

.. ruser: not set ?

in domain section i have:
(Thu Mar 26 16:53:33 2015) [sssd[be[schkrat.ipa]]] [switch_creds] (0x0200): Switch user to [1968601105][1968601105].
(Thu Mar 26 16:53:33 2015) [sssd[be[schkrat.ipa]]] [sss_krb5_cc_verify_ccache] (0x2000): TGT not found or expired.
(Thu Mar 26 16:53:33 2015) [sssd[be[schkrat.ipa]]] [switch_creds] (0x0200): Switch user to [0][0].
(Thu Mar 26 16:53:33 2015) [sssd[be[schkrat.ipa]]] [krb5_auth_send] (0x4000): Ccache_file is [FILE:/tmp/krb5cc_1968601105_zBp5HR] and is not active and TGT is  valid.
(Thu Mar 26 16:53:33 2015) [sssd[be[schkrat.ipa]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA'
(Thu Mar 26 16:53:33 2015) [sssd[be[schkrat.ipa]]] [get_port_status] (0x1000): Port status of port 0 for server '(no name)' is 'not working'
(Thu Mar 26 16:53:33 2015) [sssd[be[schkrat.ipa]]] [get_port_status] (0x0100): Reseting the status of port 0 for server '(no name)'
(Thu Mar 26 16:53:33 2015) [sssd[be[schkrat.ipa]]] [fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to 6 seconds
(Thu Mar 26 16:53:33 2015) [sssd[be[schkrat.ipa]]] [resolve_srv_send] (0x0200): The status of SRV lookup is not resolved
(Thu Mar 26 16:53:33 2015) [sssd[be[schkrat.ipa]]] [fo_set_port_status] (0x0100): Marking port 0 of server '(no name)' as 'not working'
(Thu Mar 26 16:53:33 2015) [sssd[be[schkrat.ipa]]] [be_resolve_server_process] (0x0080): Couldn't resolve server (SRV lookup meta-server), resolver returned (5)
(Thu Mar 26 16:53:33 2015) [sssd[be[schkrat.ipa]]] [be_resolve_server_process] (0x1000): Trying with the next one!
(Thu Mar 26 16:53:33 2015) [sssd[be[schkrat.ipa]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA'
(Thu Mar 26 16:53:33 2015) [sssd[be[schkrat.ipa]]] [get_server_status] (0x1000): Status of server 'ipaserver.schkrat.ipa' is 'name resolved'
(Thu Mar 26 16:53:33 2015) [sssd[be[schkrat.ipa]]] [get_port_status] (0x1000): Port status of port 0 for server 'ipaserver.schkrat.ipa' is 'not working'
(Thu Mar 26 16:53:33 2015) [sssd[be[schkrat.ipa]]] [get_port_status] (0x0100): Reseting the status of port 0 for server 'ipaserver.schkrat.ipa'
(Thu Mar 26 16:53:33 2015) [sssd[be[schkrat.ipa]]] [fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to 6 seconds
(Thu Mar 26 16:53:33 2015) [sssd[be[schkrat.ipa]]] [get_server_status] (0x1000): Status of server 'ipaserver.schkrat.ipa' is 'name resolved'
(Thu Mar 26 16:53:33 2015) [sssd[be[schkrat.ipa]]] [be_resolve_server_process] (0x1000): Saving the first resolved server
(Thu Mar 26 16:53:33 2015) [sssd[be[schkrat.ipa]]] [be_resolve_server_process] (0x0200): Found address for server ipaserver.schkrat.ipa: [10.13.40.234] TTL 3600
(Thu Mar 26 16:53:33 2015) [sssd[be[schkrat.ipa]]] [ipa_resolve_callback] (0x0400): Constructed uri 'ldap://ipaserver.schkrat.ipa'
(Thu Mar 26 16:53:33 2015) [sssd[be[schkrat.ipa]]] [krb5_auth_resolve_done] (0x4000): Preparing for offline operation.
(Thu Mar 26 16:53:33 2015) [sssd[be[schkrat.ipa]]] [krb5_auth_resolve_done] (0x4000): Valid TGT available or ccache file is already in use.
(Thu Mar 26 16:53:33 2015) [sssd[be[schkrat.ipa]]] [be_pam_handler_callback] (0x0100): Backend returned: (1, 9, <NULL>) [Provider is Offline (Authentication service cannot retrieve authentication info)]
(Thu Mar 26 16:53:33 2015) [sssd[be[schkrat.ipa]]] [be_pam_handler_callback] (0x0100): Sending result [9][schkrat.local]
(Thu Mar 26 16:53:33 2015) [sssd[be[schkrat.ipa]]] [be_pam_handler_callback] (0x0100): Sent result [9][schkrat.local]
(Thu Mar 26 16:53:42 2015) [sssd[be[schkrat.ipa]]] [sbus_dispatch] (0x4000): dbus conn: 0xfa3bc0
(Thu Mar 26 16:53:42 2015) [sssd[be[schkrat.ipa]]] [sbus_dispatch] (0x4000): Dispatching.
(Thu Mar 26 16:53:42 2015) [sssd[be[schkrat.ipa]]] [sbus_message_handler] (0x4000): Received SBUS method [ping]
(Thu Mar 26 16:53:42 2015) [sssd[be[schkrat.ipa]]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
(Thu Mar 26 16:53:42 2015) [sssd[be[schkrat.ipa]]] [sbus_handler_got_caller_id] (0x4000): Received SBUS method [ping]
0
gheistCommented:
You should use AD controller as DNS server in resolv.conf
Currently your IPA cannot connect AD
0
schkratekAuthor Commented:
from client:
[root@node1 sssd]# nslookup freeipaad.schkrat.local
Server:            10.13.40.240
Address:      10.13.40.240#53

Name:      freeipaad.schkrat.local
Address: 10.13.40.240


from ipaserver:

[root@ipaserver ~]# nslookup freeipaad.schkrat.local
Server:            10.13.40.240
Address:      10.13.40.240#53

Name:      freeipaad.schkrat.local
Address: 10.13.40.240

?
0
schkratekAuthor Commented:
resolving works 10.13.40.240 (is the ad server)
0
gheistCommented:
Something is strange. It generates kerberos ticket, then does not authenticate to LDAp.

Each host mentioned (kerberos and ldap) should be resolvable using shortest and longest names and in reverse.
e.g
/etc/hosts
10.0.10.2 PDC.domain.home PDC
10.0.10.3 LINUX.domain.home LINUX

$ hostname
LINUX.pdc.local

etc etc.

(kerberos is picky about it)
0
schkratekAuthor Commented:
It seems that the dns and all of that is doing just fine.. I can resolve long/short names from server, client..
0
gheistCommented:
This means that somehow it detected presence of kerberos ticket and right after could not use it.
Do you have disk space in /tmp ?

(Thu Mar 26 16:53:33 2015) [sssd[be[schkrat.ipa]]] [krb5_auth_resolve_done] (0x4000): Valid TGT available or ccache file is already in use.
(Thu Mar 26 16:53:33 2015) [sssd[be[schkrat.ipa]]] [be_pam_handler_callback] (0x0100): Backend returned: (1, 9, <NULL>) [Provider is Offline (Authentication service cannot retrieve authentication info)]
0
schkratekAuthor Commented:
Yes enough space is there.. the ticket is created no problem after i try to connect:


-rw-------. 1 wintest@schkrat.local wintest@schkrat.local  171 Apr  1 10:19 krb5cc_1968601105_bp8dfz
0
gheistCommented:
Looks fine for me...
Permissions on /tmp ?
ls -ld /tmp
drwxrwxrwt. 133 root root 2960 Apr  1 10:04 /tmp
aka
# chmod 01777 /tmp
# chown root.root /tmp

If that turns up fine me out of ideas, use request attention link on top of question to get more experts in...
0
schkratekAuthor Commented:
The permission is ok, but id does not work.. Will go back to the drawing board..

Thank you for your help..
0
gheistCommented:
It is not about drawing board.
you can try authconfig in place of IPA in the meantime.
0
schkratekAuthor Commented:
How do you mean that ?
0
gheistCommented:
All set up correctly according to IPA but not working.
It means that you can easily use more generic approach with winbind joining domain (available since 2000 or so) by using authconfig utility (available since RHEL4)
0
schkratekAuthor Commented:
Ok.. Thank you..


Will do that..
0
schkratekAuthor Commented:
Ok..

I have joined client "node1.schkrat.ipa" to windows domain:

samba conf:
[global]
        security = ads
        realm = schkrat.local
        password server = freeipaad.schkrat.local
        workgroup = schkrat
#       winbind separator = +
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        winbind enum users = yes
        winbind enum groups = yes
        template homedir = /home/%D/%U
        template shell = /bin/bash
        client use spnego = yes
        client ntlmv2 auth = yes
        encrypt passwords = yes
        winbind use default domain = yes
        restrict anonymous = 2
        domain master = no
        local master = no
        preferred master = no
        os level = 0


[root@node1 ~]# net ads join -U Administrator
Enter Administrator's password:
Using short domain name -- SCHKRAT
Joined 'NODE1' to dns domain 'schkrat.local'


[root@node1 ~]# wbinfo -t
checking the trust secret for domain SCHKRAT via RPC calls succeeded
[root@node1 ~]# wbinfo -u
administrator
guest
krbtgt
wintest
schkraipa$
synctest
habac
grega
gg
0
gheistCommented:
Now configure PAM:
# authconfig --help
Usage: authconfig [options] {--update|--updateall|--test|--probe|--restorebackup <name>|--savebackup <name>|--restorelastbackup}

# authconfig --enablewinbind --enablewinbindauth --enablemkhomedir --test

replace test with updateall to do the damage (keep root console intact while you reach it again)
it may require restart of winbind and oddjob-mkhomedir/messagebus services before logging in

EXTRA: This adds feature that allows smbclient -k //server/share when set in smb.conf:
winbind refresh tickets = yes
0
schkratekAuthor Commented:
Ok..

Now i can connect.. But i guess thru  winbind and not IPA ?

[root@node1 ~]# authconfig --enablewinbind --enablewinbindauth --enablemkhomedir --updateall
Starting oddjobd:                                          [  OK  ]
Starting Winbind services:                           [  OK  ]

10.13.40.239 is the ipaclient host (node1):
[schkrat@schkrat ~]$ ssh wintest@SCHKRAT.LOCAL@10.13.40.239
wintest@SCHKRAT.LOCAL@10.13.40.239's password:
Last login: Wed Mar 18 15:02:33 2015 from 10.13.40.233
-sh-4.1$
0
gheistCommented:
Yessir. Winbindsir. If you had RedHat support entitlement you could ask them for hotfix with your name on it... CentOS is just copy machine.

You can login, IPA does not work. Is it satisfactory solution to your initial problem?
0
schkratekAuthor Commented:
Sorry but no..

Must go thru IPA..
0
gheistCommented:
Try downgrades of IPA, samba and kerberos until succesful. It was easier if you could afford support as it looks like software bug, not fault of yours:
Red Hat Enterprise Linux for Desktops or Workstations
Support Levels | Product Information
Desktop
Self-support Subscription (1 year) $49 USD
0
gheistCommented:
Just an idea - if you can initialize IPA with authconfig command line?
0
schkratekAuthor Commented:
I tried:
authconfig --update \
  --enablesssd --enablesssdauth \
  --enableldap --enablerfc2307bis \
  --ldapserver=ldap://ipaserver.schkrat.ipa \
  --ldapbasedn=dc=schkrat,dc=ipa \
  --enablekrb5 \
  --krb5kdc=ipaserver.schkrat.ipa \
  --krb5adminserver=ipaserver.schkrat.ipa \
  --krb5realm=schkrat.ipa

but no luck..

i think the main problem lies in the user..

..because it works if i dont have hbac rule, butwhen i define user access in hbac system does not know how to react..

There is also different user id for uer wintest, that exist in the AD, throi i connected as wintest@SCHKRAT.LOCAL, but when the user was transfered to ipa (automatic update), the user is just wintest..

if is su as user on the ipa server i get:
[root@ipaserver ~]# su - wintest@SCHKRAT.LOCAL
-sh-4.1$ id
uid=1968601105(wintest@schkrat.local) gid=1968601105(wintest@schkrat.local) groups=1968601105(wintest@schkrat.local) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
-sh-4.1$ exit
logout
[root@ipaserver ~]# su - wintest
[wintest@ipaserver ~]$ id
uid=969800021(wintest) gid=969800021(wintest) groups=969800021(wintest) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

..so now i am confused..
0
gheistCommented:
Remember?
# authconfig --enablewinbind --enablewinbindauth

su uses first, sudo and login uses second.
0
schkratekAuthor Commented:
Hello.. Again..

So here it goes..

Installed new client, used winbind and samba to join domain, installed freeipa client, changed some conf files to use also winbind and now the thing works somehow.. I cant use just winbind,, because HBAC rules are not applied. Winbind must be in combination with pam_sss, even if i get errors in secure log. I am not happy that i must use two additional services (samba, winbind) instead of just freeipa configuration. But it works !

So this is it..
0
gheistCommented:
You can require group or IP in pam.d/system-auth
Internet is full of guides.

Another way is to use hosts.allow/deny etc.
0
schkratekAuthor Commented:
Will look into it.
0
gheistCommented:
There is some recent krb5 update that may or may not help.
0
schkratekAuthor Commented:
Will try with new version.
0
gheistCommented:
There is no fix except for software code change that has to be done by redhat, then rebuilt by centos.
You may try RHEL7 is you feel desperate, i cannot promise it works either.
If you dont like workaround with editing pam files dont use it, but to me it seems only way to make AD login possible in present state of things.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
schkratekAuthor Commented:
Am trying with new os version..
0
gheistCommented:
Good luck..
0
schkratekAuthor Commented:
Ok.. Tried on CentOS Linux release 7.1.1503 (Core) and used FreeIPA 4.1.0.. and it works with minor configuration..

So thank you for all your help..
0
schkratekAuthor Commented:
Many thank.. Sometimes one needs "one" to talk to.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.