freeipa team mailing list archive

Thread
Date

Re: ipa-client-install error

To: Baoli Ma <bma@xxxxxxxxx>
From: Timo Aaltonen <tjaalton@xxxxxxxxxx>
Date: Sun, 06 May 2012 18:52:22 +0300
Cc: freeipa@xxxxxxxxxxxxxxxxxxx
In-reply-to: <451912587.30567.1336156056789.JavaMail.root@mail.ontariorubber.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:12.0) Gecko/20120430 Thunderbird/12.0.1

04.05.2012 21:27, Baoli Ma kirjoitti:
> Hi  freeipa team members:
> 
>   I tried to join a Ubuntu12.04 to my freeipa domain, I got the
> following errors:
> 
> 2012-05-01 08:38:59,093 DEBUG Init ldap with: ldap://ds.mydomain.com:389
> 2012-05-01 08:38:59,121 ERROR LDAP Error: Connect error: A TLS packet
> with unexpected length was received.

This is likely a bug in NSS, you need to enable SSL support on the 389
server:

- shut dirsrv down
- edit /etc/dirsrv/slapd-FOO/dse.ldif:
  - search for 'nsSSL3:', change the value to 'on'
  - save the file
- start dirsrv

ipa-client-install should work the next time. Details about this here:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=663127

thanks for the reminder to file a bug on the fedora nss package.. :)

> if I do this:
> sudo wget http://ds.mydomain.com/ipa/config/ca.crt -O
> /usr/share/ca-certificates/ipa-ca.crt
> 
> got this error:
> 
> Joining realm failed: /usr/sbin/ipa-join: error while loading shared libraries: libssh2.so.1: cannot open shared object file: No such file or directory
> Installation failed. Rolling back changes.
> IPA client is not configured on this system.

Dunno about that one, the client install script is somewhat noisy even
when it succeeds, but works nevertheless. If there are issues with it,
please file bugs on launchpad and I'll prepare a SRU for it.

t

References

ipa-client-install error
From: Baoli Ma, 2012-05-04