gitlab: testing of ldap-ssl-ads option

Jeremy Allison jra at
Fri Jun 19 18:19:56 UTC 2020

On Fri, Jun 19, 2020 at 07:45:28PM +0200, Isaac Boukris via samba-technical wrote:
> Hi,
> I'm trying to add some tests for the ldap-ssl-ads option in
> ad_dc_ntvfs and fl2008r2dc environments (as ad_dc doesn't allow SASL
> over TLS):
> The tests work locally but in gitlab I get this error:
>  UNEXPECTED(failure): samba4.blackbox.net_ads_tls.join(ad_dc_ntvfs:client)
> 7111 REASON: Exception: Exception: Failed to issue the StartTLS
> instruction: Connect error
> 7112 Failed to join domain: failed to connect to AD: Connect error
> ...
>  TLS ../../source4/lib/tls/tls_tstream.c:554 - An unexpected TLS
> packet was received.

That's coming from:

 553         if (gnutls_error_is_fatal(ret) != 0) {
 554                 DEBUG(1,("TLS %s - %s\n", __location__, gnutls_strerror(ret)));
 555                 tlss->error = EIO;
 556                 tevent_req_error(req, tlss->error);
 557                 return;
 558         }

so that's an error message from gnutls_strerror().
Might be worthwhile looking inside the gnutls
code for the source of that.

> Does anyone have any idea on this error and why I only get it on gitlab?

My guess would be differing gnutls library
versions. Not sure how to determine what
gnutls library version is on gitlab.

More information about the samba-technical mailing list