04.05.2012 21:27, Baoli Ma kirjoitti:
> Hi  freeipa team members:
>   I tried to join a Ubuntu12.04 to my freeipa domain, I got the
> following errors:
> 2012-05-01 08:38:59,093 DEBUG Init ldap with: ldap://ds.mydomain.com:389
> 2012-05-01 08:38:59,121 ERROR LDAP Error: Connect error: A TLS packet
> with unexpected length was received.

This is likely a bug in NSS, you need to enable SSL support on the 389

- shut dirsrv down
- edit /etc/dirsrv/slapd-FOO/dse.ldif:
  - search for 'nsSSL3:', change the value to 'on'
  - save the file
- start dirsrv

ipa-client-install should work the next time. Details about this here:


thanks for the reminder to file a bug on the fedora nss package.. :)

> if I do this:
> sudo wget http://ds.mydomain.com/ipa/config/ca.crt -O
> /usr/share/ca-certificates/ipa-ca.crt
> got this error:
> Joining realm failed: /usr/sbin/ipa-join: error while loading shared 
> libraries: libssh2.so.1: cannot open shared object file: No such file or 
> directory
> Installation failed. Rolling back changes.
> IPA client is not configured on this system.

Dunno about that one, the client install script is somewhat noisy even
when it succeeds, but works nevertheless. If there are issues with it,
please file bugs on launchpad and I'll prepare a SRU for it.


Mailing list: https://launchpad.net/~freeipa
Post to     : freeipa@lists.launchpad.net
Unsubscribe : https://launchpad.net/~freeipa
More help   : https://help.launchpad.net/ListHelp

Reply via email to