[Freeipa-users] fixing port numbers associated with the NIS
Rob Crittenden
rcritten at redhat.com
Tue Nov 15 15:22:19 UTC 2011
Boris Epstein wrote:
>
>
> On Tue, Nov 15, 2011 at 10:08 AM, Rich Megginson <rmeggins at redhat.com
> <mailto:rmeggins at redhat.com>> wrote:
>
> __
> On 11/15/2011 07:44 AM, Boris Epstein wrote:
>>
>>
>> On Mon, Nov 14, 2011 at 7:16 PM, Nalin Dahyabhai <nalin at redhat.com
>> <mailto:nalin at redhat.com>> wrote:
>>
>> On Mon, Nov 14, 2011 at 05:19:44PM -0500, Boris Epstein wrote:
>> > Hello all,
>> >
>> > I am using the FreeIPA to run NIS via a plugin. Works
>> great - except
>> > that the ypserv port numbers end up different after every
>> reboot. That
>> > makes it hard to run it with the firewall activated.
>> >
>> > Does anybody know how to make those port number
>> assignments permanent?
>>
>> There's no tooling specifically for doing this, but the plugin
>> supports
>> it. In order to get it to use a fixed port, you'll need to
>> edit the
>> directory server entry for "cn=NIS Server, cn=plugins,
>> cn=config" and
>> add a "nsslapd-pluginarg0" value which contains the port
>> number you'd
>> like it to use.
>>
>> You can do this either by stopping the directory server,
>> editing its
>> dse.ldif file directly, and then restarting it, or by editing
>> the entry
>> "live" using ldapmodify and then restarting the server. The
>> latter
>> method (I'm using port 541 here) looks something like this:
>>
>> # ldapmodify -x -D "cn=Directory Manager" -W <<- EOF
>> dn: cn=NIS Server,cn=plugins,cn=config
>> changetype: modify
>> replace: nsslapd-pluginarg0
>> nsslapd-pluginarg0: 541
>> -
>>
>> EOF
>> # ipactl restart
>>
>> You'll need to supply the Directory Manager password. Once
>> that's done,
>> running "rpcinfo -p" on the server should show that the NIS
>> service is
>> listening on the desired port.
>>
>> HTH,
>>
>> Nalin
>>
>>
>> Nalin,
>>
>> Thanks a lot for the tip. It definitely looks like this put me on
>> the right path though I am not quite there yet.
>>
>> Doing what you suggested did not quite work. For one thing, the
>> right cn is "NIS", not "NIS Server". Another thing is, it does not
>> look like the LDIF files in question have the nsslapd-pluginarg0
>> parameter - or are happy with it being added.
> You have to shutdown the directory server first
> service dirsrv stop
> or
> systemctl stop dirsrv.target
>
>
> Rich,
>
> I even went as far as rebooting the whole machine - even that did not
> seem to make a difference.
>
> Boris.
Strange, it is NIS Server on my install too. Can you show the output of
your entry?
This worked for me:
# ldapmodify -x -D 'cn=directory manager' -w secretpassword
dn: cn=NIS Server,cn=plugins,cn=config
changetype: modify
add: nsslapd-pluginarg0
nsslapd-pluginarg0: 541
modifying entry "cn=NIS Server,cn=plugins,cn=config"
rob
More information about the Freeipa-users
mailing list