samba - Jul 2016 - Samba domain member and rfc2307 user IDs

> On 25 Jul 2016, at 19:49, Rowland penny <rpenny at samba.org> wrote:
> 
> On 25/07/16 19:32, Kevin Davidson wrote:
>>> On 25 Jul 2016, at 16:39, Rowland penny <rpenny at samba.org>
wrote:
>>> 
>>> On 25/07/16 16:02, Kevin Davidson wrote:
>>>> Having problems with rfc2307 user ids. This was working briefly
and now it’s not.
>>>> 
>>>> samba and winbind v 2.4.2.10+dfs
>>>> 
>>>> […]
>>>> What have I done wrong?
>>>> 
>>> You haven't done anything wrong.
>>> 
>>> The version you are using was released after the badlock patches
were released, your version includes a regression patch and should really be
4.2.11. There have been a few releases since then, these include patches for
regressions caused by the badlock patches, so is there anyway you can upgrade
Samba ?
>>> 
>> 
>> It’s the version you get from the Debian 8.5 Jessie repository.
Installing from  source starts to get harder to maintain when you’re looking
after large numbers of systems and you want to be able to apt-get upgrade to
catch all the latest security updates. What would you consider best practice?
>> 
>> 
>> 
>> 
> 
> I personally think it would be best practise for debian to release a later
version that has the regression patches. As for what you do, your choices are a
bit limited. You could use the free Sernet packages or if you can afford it, the
paid for Sernet packages. You could compile Samba yourself, this way you could
get the latest 4.4.x version or you could contact Louis van Belle (he posts on
here frequently), he has a way of creating debian Samba debs using later Samba
versions, or you could just wait until debian releases a new version, hopefully
this will be sooner rather than later, as the 4.2.x series  will go EOL when
4.5.0 comes out in about 6 weeks.
> 
So Louis has released his new deb packages of Samba 4.4.5. I’ve installed them
(not entirely smoothly as apt-get still wanted to install winbind 4.2.10 and
then failed on all the dependencies)

root at terra:~# apt-cache policy samba
samba:
  Installed: 2:4.4.5+dfsg-2~bpo8+1
  Candidate: 2:4.4.5+dfsg-2~bpo8+1
  Version table:
 *** 2:4.4.5+dfsg-2~bpo8+1 0
        500 file:/var/www/html/debian/ jessie/ Packages
        100 /var/lib/dpkg/status
     2:4.2.10+dfsg-0+deb8u3 0
        500 http://security.debian.org/ jessie/updates/main amd64 Packages
     2:4.1.17+dfsg-2+deb8u2 0
        500 http://ftp.uk.debian.org/debian/ jessie/main amd64 Packages
root at terra:~# apt-cache policy winbind
winbind:
  Installed: (none)
  Candidate: 2:4.2.10+dfsg-0+deb8u3
  Version table:
     2:4.2.10+dfsg-0+deb8u3 0
        500 http://security.debian.org/ jessie/updates/main amd64 Packages
        100 /var/lib/dpkg/status
     2:4.1.17+dfsg-2+deb8u2 0
        500 http://ftp.uk.debian.org/debian/ jessie/main amd64 Packages

And I’m still seeing the exact same behaviour. wbinfo -u shows all AD users,
wbinfo -g shows all the groups. getent group lists local groups and the ones
I’ve added RFC2307 GID data for. getent passwd lists only local users. Nobody
can access file shares.

Which logs should I be looking in to see what’s going wrong?

I can see this in /var/log/samba/log.winbindd-idmap 

[2016/07/28 23:48:52.614025,  1]
../source3/winbindd/idmap_ad.c:523(idmap_ad_sids_to_unixids)
  Could not get unix ID for SID S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-XXX
[2016/07/28 23:48:52.623870,  1]
../source3/winbindd/idmap_ad.c:523(idmap_ad_sids_to_unixids)
  Could not get unix ID for SID S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-XXX
[2016/07/28 23:48:52.632863,  1]
../source3/winbindd/idmap_ad.c:523(idmap_ad_sids_to_unixids)
  Could not get unix ID for SID S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-XXX
[2016/07/28 23:48:52.641460,  1]
../source3/winbindd/idmap_ad.c:523(idmap_ad_sids_to_unixids)
  Could not get unix ID for SID S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-XXX
[2016/07/28 23:48:52.650196,  1]
../source3/winbindd/idmap_ad.c:523(idmap_ad_sids_to_unixids)
  Could not get unix ID for SID S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-XXX

And that coincides with the attempts at getent passwd. The SIDs listed do not
have any RFC2307 data (they’re the Administrator account, the Samba created dns
account, Domain Users group etc).

And log.smbd has this for an attempted SMB connection

[2016/07/29 00:02:16.338378,  3] ../source3/lib/access.c:338(allow_access)
  Allowed connection from 192.168.103.28 (192.168.103.28)
[2016/07/29 00:02:16.338563,  3] ../source3/smbd/oplock.c:1310(init_oplocks)
  init_oplocks: initializing messages.
[2016/07/29 00:02:16.338671,  3] ../source3/smbd/process.c:1957(process_smb)
  Transaction 0 of length 73 (0 toread)
[2016/07/29 00:02:16.338736,  3] ../source3/smbd/process.c:1538(switch_message)
  switch message SMBnegprot (pid 1029) conn 0x0
[2016/07/29 00:02:16.340138,  3] ../source3/smbd/negprot.c:601(reply_negprot)
  Requested protocol [NT LM 0.12]
[2016/07/29 00:02:16.340202,  3] ../source3/smbd/negprot.c:601(reply_negprot)
  Requested protocol [SMB 2.002]
[2016/07/29 00:02:16.340230,  3] ../source3/smbd/negprot.c:601(reply_negprot)
  Requested protocol [SMB 2.???]
[2016/07/29 00:02:16.340435,  3]
../source3/smbd/smb2_negprot.c:278(smbd_smb2_request_process_negprot)
  Selected protocol SMB2_FF
[2016/07/29 00:02:16.432338,  3] ../source3/smbd/negprot.c:711(reply_negprot)
  Selected protocol SMB 2.???
[2016/07/29 00:02:16.471838,  3]
../source3/smbd/smb2_negprot.c:278(smbd_smb2_request_process_negprot)
  Selected protocol SMB3_02
[2016/07/29 00:02:16.624918,  3]
../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags)
  Got NTLMSSP neg_flags=0x62888215
[2016/07/29 00:02:16.711303,  3]
../auth/ntlmssp/ntlmssp_server.c:452(ntlmssp_server_preauth)
  Got user=[Administrator] domain=[DOMAIN] workstation=[TEST-CLIENT] len1=24
len2=270
[2016/07/29 00:02:16.711450,  3] ../source3/param/loadparm.c:3742(lp_load_ex)
  lp_load_ex: refreshing parameters
[2016/07/29 00:02:16.711567,  3] ../source3/param/loadparm.c:544(init_globals)
  Initialising global parameters
[2016/07/29 00:02:16.711741,  3] ../source3/param/loadparm.c:2671(lp_do_section)
  Processing section "[global]"
[2016/07/29 00:02:16.712184,  2] ../source3/param/loadparm.c:2688(lp_do_section)
  Processing section "[Shared Items]"
[2016/07/29 00:02:16.712273,  2] ../source3/param/loadparm.c:2688(lp_do_section)
  Processing section "[Archives]"
[2016/07/29 00:02:16.712409,  3] ../source3/param/loadparm.c:1588(lp_add_ipc)
  adding IPC service
[2016/07/29 00:02:16.713201,  3]
../source3/auth/auth.c:178(auth_check_ntlm_password)
  check_ntlm_password:  Checking password for unmapped user
[DOMAIN]\[Administrator]@[TEST-CLIENT] with the new password interface
[2016/07/29 00:02:16.713251,  3]
../source3/auth/auth.c:181(auth_check_ntlm_password)
  check_ntlm_password:  mapped user is: [DOMAIN]\[Administrator]@[TEST-CLIENT]
[2016/07/29 00:02:16.725937,  3] ../source3/auth/auth_util.c:1229(check_account)
  Failed to find authenticated user DOMAIN\administrator via getpwnam(), denying
access.
[2016/07/29 00:02:16.726003,  2]
../source3/auth/auth.c:315(auth_check_ntlm_password)
  check_ntlm_password:  Authentication for user [Administrator] ->
[Administrator] FAILED with error NT_STATUS_NO_SUCH_USER
[2016/07/29 00:02:16.726057,  2]
../auth/gensec/spnego.c:716(gensec_spnego_server_negTokenTarg)
  SPNEGO login failed: NT_STATUS_NO_SUCH_USER
[2016/07/29 00:02:16.726136,  3]
../source3/smbd/smb2_server.c:3098(smbd_smb2_request_error_ex)
  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
status[NT_STATUS_LOGON_FAILURE] || at ../source3/smbd/smb2_sesssetup.c:134
[2016/07/29 00:02:16.772344,  3]
../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags)
  Got NTLMSSP neg_flags=0x62888215
[2016/07/29 00:02:16.814492,  3]
../auth/ntlmssp/ntlmssp_server.c:452(ntlmssp_server_preauth)
  Got user=[Administrator] domain=[DOMAIN] workstation=[TEST-CLIENT] len1=24
len2=270
[2016/07/29 00:02:16.814595,  3] ../source3/param/loadparm.c:3742(lp_load_ex)
  lp_load_ex: refreshing parameters
[2016/07/29 00:02:16.814676,  3] ../source3/param/loadparm.c:544(init_globals)
  Initialising global parameters
[2016/07/29 00:02:16.814868,  3] ../source3/param/loadparm.c:2671(lp_do_section)
  Processing section "[global]"
[2016/07/29 00:02:16.815357,  2] ../source3/param/loadparm.c:2688(lp_do_section)
  Processing section "[Shared Items]"
[2016/07/29 00:02:16.815460,  2] ../source3/param/loadparm.c:2688(lp_do_section)
  Processing section "[Archives]"
[2016/07/29 00:02:16.815617,  3] ../source3/param/loadparm.c:1588(lp_add_ipc)
  adding IPC service
[2016/07/29 00:02:16.815893,  3]
../source3/auth/auth.c:178(auth_check_ntlm_password)
  check_ntlm_password:  Checking password for unmapped user
[DOMAIN]\[Administrator]@[TEST-CLIENT] with the new password interface
[2016/07/29 00:02:16.815940,  3]
../source3/auth/auth.c:181(auth_check_ntlm_password)
  check_ntlm_password:  mapped user is: [DOMAIN]\[Administrator]@[TEST-CLIENT]
[2016/07/29 00:02:16.827000,  3] ../source3/auth/auth_util.c:1229(check_account)
  Failed to find authenticated user DOMAIN\administrator via getpwnam(), denying
access.
[2016/07/29 00:02:16.827064,  2]
../source3/auth/auth.c:315(auth_check_ntlm_password)
  check_ntlm_password:  Authentication for user [Administrator] ->
[Administrator] FAILED with error NT_STATUS_NO_SUCH_USER
[2016/07/29 00:02:16.827139,  2]
../auth/gensec/spnego.c:716(gensec_spnego_server_negTokenTarg)
  SPNEGO login failed: NT_STATUS_NO_SUCH_USER
[2016/07/29 00:02:16.827205,  3]
../source3/smbd/smb2_server.c:3098(smbd_smb2_request_error_ex)
  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
status[NT_STATUS_LOGON_FAILURE] || at ../source3/smbd/smb2_sesssetup.c:134
[2016/07/29 00:02:28.359747,  2] ../source3/smbd/server.c:576(remove_child_pid)
  Could not find child 1032 -- ignoring


Kevin Davidson
Apple Certified System Administrator
Technical Director

t 01506 668674
m 07813 149620
w www.indigospring.co.uk

indigospring (Scotland) Ltd
Registered in Scotland No. SC398572
Registered office: 103 Oldwood Place, Livingston EH54 6US

Follow us on Twitter - twitter.com/indigospringIT
<http://twitter.com/indigospringIT>
Members of the Apple Consultants Network - consultants.apple.com/uk
<http://consultants.apple.com/uk>

http://www.indigospring.co.uk/terms-and-conditions

On 29/07/16 00:09, Kevin Davidson wrote:
> So Louis has released his new deb packages of Samba 4.4.5. I’ve installed
them (not entirely smoothly as apt-get still wanted to install winbind 4.2.10
and then failed on all the dependencies)
>
> root at terra:~# apt-cache policy samba
> samba:
>    Installed: 2:4.4.5+dfsg-2~bpo8+1
>    Candidate: 2:4.4.5+dfsg-2~bpo8+1
>    Version table:
>   *** 2:4.4.5+dfsg-2~bpo8+1 0
>          500 file:/var/www/html/debian/ jessie/ Packages
>          100 /var/lib/dpkg/status
>       2:4.2.10+dfsg-0+deb8u3 0
>          500 http://security.debian.org/ jessie/updates/main amd64 Packages
>       2:4.1.17+dfsg-2+deb8u2 0
>          500 http://ftp.uk.debian.org/debian/ jessie/main amd64 Packages
> root at terra:~# apt-cache policy winbind
> winbind:
>    Installed: (none)
>    Candidate: 2:4.2.10+dfsg-0+deb8u3
>    Version table:
>       2:4.2.10+dfsg-0+deb8u3 0
>          500 http://security.debian.org/ jessie/updates/main amd64 Packages
>          100 /var/lib/dpkg/status
>       2:4.1.17+dfsg-2+deb8u2 0
>          500 http://ftp.uk.debian.org/debian/ jessie/main amd64 Packages
>
> And I’m still seeing the exact same behaviour. wbinfo -u shows all AD
users, wbinfo -g shows all the groups. getent group lists local groups and the
ones I’ve added RFC2307 GID data for. getent passwd lists only local users.
Nobody can access file shares.
>
>
You don't mention adding a uidNumber attribute to the users, have you 
done this ?

To get the winbind 'ad' backend to work on a domain member, you need to 
give each AD user a unique uidNumber attribute, you must also give 
Domain Users a gidNumber attribute.

if you want 'getent passwd' & 'getent group' to work, you
need to add:

winbind enum users = yes
winbind enum groups = yes

to smb.conf

Rowland

> On 29 Jul 2016, at 09:13, Rowland penny <rpenny at samba.org> wrote:
> 
> On 29/07/16 00:09, Kevin Davidson wrote:
>> So Louis has released his new deb packages of Samba 4.4.5. I’ve
installed them (not entirely smoothly as apt-get still wanted to install winbind
4.2.10 and then failed on all the dependencies)
>> 
>> root at terra:~# apt-cache policy samba
>> samba:
>>   Installed: 2:4.4.5+dfsg-2~bpo8+1
>>   Candidate: 2:4.4.5+dfsg-2~bpo8+1
>>   Version table:
>>  *** 2:4.4.5+dfsg-2~bpo8+1 0
>>         500 file:/var/www/html/debian/ jessie/ Packages
>>         100 /var/lib/dpkg/status
>>      2:4.2.10+dfsg-0+deb8u3 0
>>         500 http://security.debian.org/ jessie/updates/main amd64
Packages
>>      2:4.1.17+dfsg-2+deb8u2 0
>>         500 http://ftp.uk.debian.org/debian/ jessie/main amd64 Packages
>> root at terra:~# apt-cache policy winbind
>> winbind:
>>   Installed: (none)
>>   Candidate: 2:4.2.10+dfsg-0+deb8u3
>>   Version table:
>>      2:4.2.10+dfsg-0+deb8u3 0
>>         500 http://security.debian.org/ jessie/updates/main amd64
Packages
>>         100 /var/lib/dpkg/status
>>      2:4.1.17+dfsg-2+deb8u2 0
>>         500 http://ftp.uk.debian.org/debian/ jessie/main amd64 Packages
>> 
>> And I’m still seeing the exact same behaviour. wbinfo -u shows all AD
users, wbinfo -g shows all the groups. getent group lists local groups and the
ones I’ve added RFC2307 GID data for. getent passwd lists only local users.
Nobody can access file shares.
>> 
>> 
> 
> You don't mention adding a uidNumber attribute to the users, have you
done this ?
In an earlier message, yes.
> 
> To get the winbind 'ad' backend to work on a domain member, you
need to give each AD user a unique uidNumber attribute, you must also give
Domain Users a gidNumber attribute.
This last part has solved one problem. Giving Domain Users a gid has fixed the
problems with getent passwd. And an ls -l of shared directories now shows the
proper ownership of files.

But SMB connections to shares are still failing with NT_STATUS_NO_SUCH_USER

[2016/07/31 23:53:55.102317,  3] ../source3/lib/access.c:338(allow_access)
  Allowed connection from 192.168.103.28 (192.168.103.28)
[2016/07/31 23:53:55.102509,  3] ../source3/smbd/oplock.c:1310(init_oplocks)
  init_oplocks: initializing messages.
[2016/07/31 23:53:55.102839,  3]
../source3/smbd/server_exit.c:246(exit_server_common)
  Server exit (failed to receive smb request)
[2016/07/31 23:53:55.107288,  3] ../source3/lib/util_procid.c:54(pid_to_procid)
  pid_to_procid: messaging_dgm_get_unique failed: No such file or directory
[2016/07/31 23:53:55.152956,  3] ../source3/lib/access.c:338(allow_access)
  Allowed connection from 192.168.103.28 (192.168.103.28)
[2016/07/31 23:53:55.153156,  3] ../source3/smbd/oplock.c:1310(init_oplocks)
  init_oplocks: initializing messages.
[2016/07/31 23:53:55.153255,  3] ../source3/smbd/process.c:1957(process_smb)
  Transaction 0 of length 73 (0 toread)
[2016/07/31 23:53:55.153298,  3] ../source3/smbd/process.c:1538(switch_message)
  switch message SMBnegprot (pid 934) conn 0x0
[2016/07/31 23:53:55.154569,  3] ../source3/smbd/negprot.c:601(reply_negprot)
  Requested protocol [NT LM 0.12]
[2016/07/31 23:53:55.154636,  3] ../source3/smbd/negprot.c:601(reply_negprot)
  Requested protocol [SMB 2.002]
[2016/07/31 23:53:55.154658,  3] ../source3/smbd/negprot.c:601(reply_negprot)
  Requested protocol [SMB 2.???]
[2016/07/31 23:53:55.154824,  3]
../source3/smbd/smb2_negprot.c:278(smbd_smb2_request_process_negprot)
  Selected protocol SMB2_FF
[2016/07/31 23:53:55.246565,  3] ../source3/smbd/negprot.c:711(reply_negprot)
  Selected protocol SMB 2.???
[2016/07/31 23:53:55.285751,  3]
../source3/smbd/smb2_negprot.c:278(smbd_smb2_request_process_negprot)
  Selected protocol SMB3_02
[2016/07/31 23:54:06.780444,  3]
../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags)
  Got NTLMSSP neg_flags=0x62888215
[2016/07/31 23:54:06.823840,  3]
../auth/ntlmssp/ntlmssp_server.c:452(ntlmssp_server_preauth)
  Got user=[Administrator] domain=[DOMAIN] workstation=[TEST-PC] len1=24
len2=270
[2016/07/31 23:54:06.823991,  3] ../source3/param/loadparm.c:3742(lp_load_ex)
  lp_load_ex: refreshing parameters
[2016/07/31 23:54:06.824171,  3] ../source3/param/loadparm.c:544(init_globals)
  Initialising global parameters
[2016/07/31 23:54:06.824400,  3] ../source3/param/loadparm.c:2671(lp_do_section)
  Processing section "[global]"
[2016/07/31 23:54:06.824854,  2] ../source3/param/loadparm.c:2688(lp_do_section)
  Processing section "[Shared Items]"
[2016/07/31 23:54:06.824948,  2] ../source3/param/loadparm.c:2688(lp_do_section)
  Processing section "[Archives]"
[2016/07/31 23:54:06.825113,  3] ../source3/param/loadparm.c:1588(lp_add_ipc)
  adding IPC service
[2016/07/31 23:54:06.825943,  3]
../source3/auth/auth.c:178(auth_check_ntlm_password)
  check_ntlm_password:  Checking password for unmapped user
[DOMAIN]\[Administrator]@[TEST-PC] with the new password interface
[2016/07/31 23:54:06.825990,  3]
../source3/auth/auth.c:181(auth_check_ntlm_password)
  check_ntlm_password:  mapped user is: [DOMAIN]\[Administrator]@[TEST-PC]
[2016/07/31 23:54:06.860006,  3] ../source3/auth/auth_util.c:1229(check_account)
  Failed to find authenticated user DOMAIN\administrator via getpwnam(), denying
access.
[2016/07/31 23:54:06.860082,  2]
../source3/auth/auth.c:315(auth_check_ntlm_password)
  check_ntlm_password:  Authentication for user [Administrator] ->
[Administrator] FAILED with error NT_STATUS_NO_SUCH_USER
[2016/07/31 23:54:06.860136,  2]
../auth/gensec/spnego.c:716(gensec_spnego_server_negTokenTarg)
  SPNEGO login failed: NT_STATUS_NO_SUCH_USER
[2016/07/31 23:54:06.860214,  3]
../source3/smbd/smb2_server.c:3098(smbd_smb2_request_error_ex)
  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
status[NT_STATUS_LOGON_FAILURE] || at ../source3/smbd/smb2_sesssetup.c:134
[2016/07/31 23:54:06.906727,  3]
../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags)
  Got NTLMSSP neg_flags=0x62888215
[2016/07/31 23:54:06.952704,  3]
../auth/ntlmssp/ntlmssp_server.c:452(ntlmssp_server_preauth)
  Got user=[Administrator] domain=[DOMAIN] workstation=[TEST-PC] len1=24
len2=270
[2016/07/31 23:54:06.952816,  3] ../source3/param/loadparm.c:3742(lp_load_ex)
  lp_load_ex: refreshing parameters
[2016/07/31 23:54:06.952907,  3] ../source3/param/loadparm.c:544(init_globals)
  Initialising global parameters
[2016/07/31 23:54:06.953062,  3] ../source3/param/loadparm.c:2671(lp_do_section)
  Processing section "[global]"
[2016/07/31 23:54:06.953547,  2] ../source3/param/loadparm.c:2688(lp_do_section)
  Processing section "[Shared Items]"
[2016/07/31 23:54:06.953637,  2] ../source3/param/loadparm.c:2688(lp_do_section)
  Processing section "[Archives]"
[2016/07/31 23:54:06.953771,  3] ../source3/param/loadparm.c:1588(lp_add_ipc)
  adding IPC service
[2016/07/31 23:54:06.954021,  3]
../source3/auth/auth.c:178(auth_check_ntlm_password)
  check_ntlm_password:  Checking password for unmapped user
[DOMAIN]\[Administrator]@[TEST-PC] with the new password interface
[2016/07/31 23:54:06.954101,  3]
../source3/auth/auth.c:181(auth_check_ntlm_password)
  check_ntlm_password:  mapped user is: [DOMAIN]\[Administrator]@[TEST-PC]
[2016/07/31 23:54:06.965389,  3] ../source3/auth/auth_util.c:1229(check_account)
  Failed to find authenticated user DOMAIN\administrator via getpwnam(), denying
access.
[2016/07/31 23:54:06.965457,  2]
../source3/auth/auth.c:315(auth_check_ntlm_password)
  check_ntlm_password:  Authentication for user [Administrator] ->
[Administrator] FAILED with error NT_STATUS_NO_SUCH_USER
[2016/07/31 23:54:06.965485,  2]
../auth/gensec/spnego.c:716(gensec_spnego_server_negTokenTarg)
  SPNEGO login failed: NT_STATUS_NO_SUCH_USER
[2016/07/31 23:54:06.965553,  3]
../source3/smbd/smb2_server.c:3098(smbd_smb2_request_error_ex)
  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
status[NT_STATUS_LOGON_FAILURE] || at ../source3/smbd/smb2_sesssetup.c:134


Kevin Davidson
Apple Certified System Administrator
Technical Director

t 01506 668674
m 07813 149620
w www.indigospring.co.uk

indigospring (Scotland) Ltd
Registered in Scotland No. SC398572
Registered office: 103 Oldwood Place, Livingston EH54 6US

Follow us on Twitter - twitter.com/indigospringIT
<http://twitter.com/indigospringIT>
Members of the Apple Consultants Network - consultants.apple.com/uk
<http://consultants.apple.com/uk>

http://www.indigospring.co.uk/terms-and-conditions