I have enabled ssl3 in the server with this order: ldapmodify -D "cn=directory manager" -W -p 389 -h localhost -x
dn: cn=encryption,cn=config changetype: modify replace: nsSSL3 nsSSL3: on exit restarted the server with ipactl restart and now the command ipa-client-install initiates the joining to the domain but there is a new problem, the command crashes with this lines: New SSSD config will be created. root : INFO New SSSD config will be created Configured /etc/sssd/sssd.conf root : DEBUG args=/usr/bin/certutil -A -d /etc/pki/nssdb -n IPA CA -t CT,C,C -a -i /etc/ipa/ca.crt root : DEBUG stdout= root : DEBUG stderr=certutil: function failed: security library: bad database. Traceback (most recent call last): File "/usr/sbin/ipa-client-install", line 1292, in <module> sys.exit(main()) File "/usr/sbin/ipa-client-install", line 1279, in main rval = install(options, env, fstore, statestore) File "/usr/sbin/ipa-client-install", line 1124, in install run(["/usr/bin/certutil", "-A", "-d", "/etc/pki/nssdb", "-n", "IPA CA", "-t", "CT,C,C", "-a", "-i", "/etc/ipa/ca.crt"]) File "/usr/lib/python2.7/dist-packages/ipapython/ipautil.py", line 273, in run raise CalledProcessError(p.returncode, args) subprocess.CalledProcessError: Command '/usr/bin/certutil -A -d /etc/pki/nssdb -n IPA CA -t CT,C,C -a -i /etc/ipa/ca.crt' returned non-zero exit status 255 pasqual@ubuntuprovesfreeipa:~$ the problem is that the system nss database doesn't exist in a new system. I can create it with the commands: mkdir -p /etc/pki/nssdb certutil -N -d /etc/pki/nssdb but asks for a password. there are some obscure referencies about using a password file called pwdfile.txt that resides in the server but I'm not sure with what to do now. any idea? thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/997990 Title: fail joining to a freeipa server with ipa-client-install To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/997990/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs