[Freeipa-users] fail joining an ubuntu 12.04 to a freeipa server with ipa-client-install
pasqual milvaques
milvaques_pas at gva.es
Fri May 11 11:16:53 UTC 2012
I'm trying to join an ubuntu 12.04 machine to freeipa domain installed
in a centos 6.2 machine and it seems there is some problem with the tls
negotiacion. ubuntu 12.04 uses gnutls instead of openssl so the problem
could be there but I don't know how to solve it. with the ldapsearch
command I can also reproduce the fail
I have opened this ubuntu bug as freeipa now has a native client
package: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/997990
any idea?
this is the log of the operation:
pasqual at ubuntuprovesfreeipa:~$ sudo ipa-client-install -d
--enable-dns-updates
[sudo] password for pasqual:
root : DEBUG /usr/sbin/ipa-client-install was invoked with options:
{'conf_ntp': True, 'domain': None, 'uninstall': False, 'force': False,
'sssd': True, 'krb5_offline_passwords': True, 'hostname': None,
'permit': False, 'server': None, 'prompt_password': False, 'mkhomedir':
False, 'dns_updates': True, 'preserve_sssd': False, 'debug': True,
'on_master': False, 'ntp_server': None, 'realm_name': None,
'unattended': None, 'principal': None}
root : DEBUG missing options might be asked for interactively later
root : DEBUG Loading Index file from
'/var/lib/ipa-client/sysrestore/sysrestore.index'
root : DEBUG Loading StateFile from
'/var/lib/ipa-client/sysrestore/sysrestore.state'
root : DEBUG [ipadnssearchldap(linux.gva.es)]
root : DEBUG [ipadnssearchldap(gva.es)]
root : DEBUG [ipadnssearchldap(es)]
root : DEBUG [ipadnssearchldap(linux.gva.es)]
root : DEBUG [ipadnssearchldap(gva.es)]
root : DEBUG [ipadnssearchldap(es)]
root : DEBUG Domain not found
DNS discovery failed to determine your DNS domain
Provide the domain name of your IPA server (ex: example.com): linux.gva.es
root : DEBUG will use domain: linux.gva.es
root : DEBUG [ipadnssearchldap]
root : DEBUG IPA Server not found
DNS discovery failed to find the IPA Server
Provide your IPA server name (ex: ipa.example.com):
freeipaserver.linux.gva.es
root : DEBUG will use server: freeipaserver.linux.gva.es
root : DEBUG [ipadnssearchkrb]
root : DEBUG [ipacheckldap]
root : DEBUG args=/usr/bin/wget -O /tmp/tmpWptXwb/ca.crt -T 15 -t 2
http://freeipaserver.linux.gva.es/ipa/config/ca.crt
root : DEBUG stdout=
root : DEBUG stderr=--2012-05-11 12:06:09--
http://freeipaserver.linux.gva.es/ipa/config/ca.crt
Resolent freeipaserver.linux.gva.es (freeipaserver.linux.gva.es)...
192.168.222.99
S'està connectant a freeipaserver.linux.gva.es
(freeipaserver.linux.gva.es)|192.168.222.99|:80... conectat.
HTTP: Petició enviada, esperant resposta... 200 OK
Longitud: 1325 (1.3K) [application/x-x509-ca-cert]
S'està desant a: «/tmp/tmpWptXwb/ca.crt»
0K . 100% 38.4M=0s
2012-05-11 12:06:09 (38.4 MB/s) - s'ha desat «/tmp/tmpWptXwb/ca.crt»
[1325/1325]
root : DEBUG Init ldap with: ldap://freeipaserver.linux.gva.es:389
root : ERROR LDAP Error: Connect error: A TLS packet with unexpected
length was received.
Failed to verify that freeipaserver.linux.gva.es is an IPA Server.
This may mean that the remote server is not up or is not reachable
due to network or firewall settings.
Installation failed. Rolling back changes.
IPA client is not configured on this system.
pasqual at ubuntuprovesfreeipa:~$
-------------- next part --------------
A non-text attachment was scrubbed...
Name: milvaques_pas.vcf
Type: text/x-vcard
Size: 335 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120511/b0b61585/attachment.vcf>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5527 bytes
Desc: Signatura criptogr??fica S/MIME
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120511/b0b61585/attachment.p7s>
More information about the Freeipa-users
mailing list