[Freeipa-users] EXTERNAL: Re: NIS Compat issues

Mon Jan 6 22:13:19 UTC 2014

Joseph, Matthew (EXP) wrote:
> Hello,
>
> I can add the old UNIX servers using NIS to the secondary IPA server but not the primary.
> The servers can ping the primary with no issues.
>
> I didn't think the IPA servers could run ypcat? Either way neither of the servers can run the ypcat commands.

Can't run them how?

> Nope, ypbind was stopped when those errors came up.

Can you confirm that nothing else is bound to the port?

rob

>
> Matt
>
> -----Original Message-----
> From: Rob Crittenden [mailto:rcritten at redhat.com]
> Sent: Thursday, January 02, 2014 2:58 PM
> To: Joseph, Matthew (EXP); dpal at redhat.com; freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] EXTERNAL: Re: NIS Compat issues
>
> Joseph, Matthew (EXP) wrote:
>> Hello,
>>
>> All of the IPA services are running.
>>
>> When I tried running the ipa-compat-manage enable and ipa-nis-manage
>> enable they are both loaded and running.
>
> On the IPA master you should be able to run something like:
>
> $ ypcat -h `hostname` -d <your nis domain name> passwd
>
> This will confirm basic operation on the server.
>
> If you can run the same on a client it will rule out firewall issues.
>
> Is a ypbind process already running on these clients? That might explain
> the 'address in use' error.
>
> rob
>
>>
>> The firewall is not the issue, I am positive about that.
>>
>> What do you mean by looking at the compat tree from the IPA server?
>>
>> Matt
>>
>> *From:*freeipa-users-bounces at redhat.com
>> [mailto:freeipa-users-bounces at redhat.com] *On Behalf Of *Dmitri Pal
>> *Sent:* Thursday, January 02, 2014 12:13 PM
>> *To:* freeipa-users at redhat.com
>> *Subject:* EXTERNAL: Re: [Freeipa-users] NIS Compat issues
>>
>> On 01/02/2014 11:05 AM, Joseph, Matthew (EXP) wrote:
>>
>> Hello,
>>
>> I've recently had to restart my IPA servers and my NIS compatibility
>> mode has stopped working.
>>
>> I've configured my IPA server to run in NIS compatibility mode by doing
>> the following.
>>
>> [root at ipaserver ~]# ipa-nis-manage enable
>>
>> [root at ipaserver ~]# ipa-compat-manage enable
>>
>> Restart the DNS and Directory Server service:
>>
>> [root at server ~]# service restart rpcbind
>>
>> [root at server ~]# service restart dirsrv
>>
>> On my NIS clients I have the following setup in the yp.conf file.
>>
>> domain                 domainname.ca
>> server                   ipaservername.domainname.ca
>>
>> I tried just running the broadcast option but with no luck.
>>
>> When I try to do a service ypbind start on my NIS clients it takes a few
>> minutes to finally fail.
>>
>> When I tried an yptest says "Can't communicate with ypbind" which makes
>> sense since ypbind will not start.
>>
>> On the NIS client in the messages file it says the following;
>>
>> Ypbind: broadcast: RPC: Timed Out
>>
>> Cannot bind UDP: Address already in use
>>
>> Nothing has changed on my IPA server/configuration so I have no idea why
>> this stopped working.
>>
>> Any suggestions?
>>
>>
>> Please check if the IPA is running, the DS is running. Check the logs
>> that the compat plugin is loaded and working.
>> You can also try looking at the compat tree from the server itself to
>> verify that the plugin, at least the DS part is functional.
>>
>> This generally smells as a firewall issue but I have not way to prove or
>> disprove the theory.
>>
>>
>> Matt
>>
>>
>>
>>
>> _______________________________________________
>>
>> Freeipa-users mailing list
>>
>> Freeipa-users at redhat.com  <mailto:Freeipa-users at redhat.com>
>>
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>
>>
>>
>>
>> --
>>
>> Thank you,
>>
>> Dmitri Pal
>>
>>
>>
>> Sr. Engineering Manager for IdM portfolio
>>
>> Red Hat Inc.
>>
>>
>>
>>
>>
>> -------------------------------
>>
>> Looking to carve out IT costs?
>>
>> www.redhat.com/carveoutcosts/  <http://www.redhat.com/carveoutcosts/>
>>
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>
>