[Freeipa-users] fixing port numbers associated with the NIS
Boris Epstein
borepstein at gmail.com
Tue Nov 15 16:09:31 UTC 2011
On Tue, Nov 15, 2011 at 10:22 AM, Rob Crittenden <rcritten at redhat.com>wrote:
> Boris Epstein wrote:
>
>>
>>
>> On Tue, Nov 15, 2011 at 10:08 AM, Rich Megginson <rmeggins at redhat.com
>> <mailto:rmeggins at redhat.com>> wrote:
>>
>> __
>>
>> On 11/15/2011 07:44 AM, Boris Epstein wrote:
>>
>>>
>>>
>>> On Mon, Nov 14, 2011 at 7:16 PM, Nalin Dahyabhai <nalin at redhat.com
>>> <mailto:nalin at redhat.com>> wrote:
>>>
>>> On Mon, Nov 14, 2011 at 05:19:44PM -0500, Boris Epstein wrote:
>>> > Hello all,
>>> >
>>> > I am using the FreeIPA to run NIS via a plugin. Works
>>> great - except
>>> > that the ypserv port numbers end up different after every
>>> reboot. That
>>> > makes it hard to run it with the firewall activated.
>>> >
>>> > Does anybody know how to make those port number
>>> assignments permanent?
>>>
>>> There's no tooling specifically for doing this, but the plugin
>>> supports
>>> it. In order to get it to use a fixed port, you'll need to
>>> edit the
>>> directory server entry for "cn=NIS Server, cn=plugins,
>>> cn=config" and
>>> add a "nsslapd-pluginarg0" value which contains the port
>>> number you'd
>>> like it to use.
>>>
>>> You can do this either by stopping the directory server,
>>> editing its
>>> dse.ldif file directly, and then restarting it, or by editing
>>> the entry
>>> "live" using ldapmodify and then restarting the server. The
>>> latter
>>> method (I'm using port 541 here) looks something like this:
>>>
>>> # ldapmodify -x -D "cn=Directory Manager" -W <<- EOF
>>> dn: cn=NIS Server,cn=plugins,cn=config
>>> changetype: modify
>>> replace: nsslapd-pluginarg0
>>> nsslapd-pluginarg0: 541
>>> -
>>>
>>> EOF
>>> # ipactl restart
>>>
>>> You'll need to supply the Directory Manager password. Once
>>> that's done,
>>> running "rpcinfo -p" on the server should show that the NIS
>>> service is
>>> listening on the desired port.
>>>
>>> HTH,
>>>
>>> Nalin
>>>
>>>
>>> Nalin,
>>>
>>> Thanks a lot for the tip. It definitely looks like this put me on
>>> the right path though I am not quite there yet.
>>>
>>> Doing what you suggested did not quite work. For one thing, the
>>> right cn is "NIS", not "NIS Server". Another thing is, it does not
>>> look like the LDIF files in question have the nsslapd-pluginarg0
>>> parameter - or are happy with it being added.
>>>
>> You have to shutdown the directory server first
>> service dirsrv stop
>> or
>> systemctl stop dirsrv.target
>>
>>
>> Rich,
>>
>> I even went as far as rebooting the whole machine - even that did not
>> seem to make a difference.
>>
>> Boris.
>>
>
> Strange, it is NIS Server on my install too. Can you show the output of
> your entry?
>
> This worked for me:
>
> # ldapmodify -x -D 'cn=directory manager' -w secretpassword
>
> dn: cn=NIS Server,cn=plugins,cn=config
> changetype: modify
> add: nsslapd-pluginarg0
> nsslapd-pluginarg0: 541
>
> modifying entry "cn=NIS Server,cn=plugins,cn=config"
>
> rob
>
Rob,
Brilliant, thanks! This seems to have done the trick. Here's my output:
[root at noreaster ~]# ldapmodify -x -D 'cn=directory manager' -w <secret
password>
dn: cn=NIS Server,cn=plugins,cn=config
changetype: modify
add: nsslapd-pluginarg0
nsslapd-pluginarg0: 995
modifying entry "cn=NIS Server,cn=plugins,cn=config"
[root at noreaster ~]# ipactl restart
Restarting Directory Service
Restarting KDC Service
Restarting KPASSWD Service
Restarting HTTP Service
Restarting CA Service
[root at noreaster ~]#
Cheers,
Boris.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20111115/853aafe8/attachment.htm>
More information about the Freeipa-users
mailing list