[Freeipa-users] EXTERNAL: Re: NIS Compat issues

Ondrej Valousek ovalousek at vendavo.com
Tue Jan 7 15:12:20 UTC 2014 

Did you try tu run ypinit -c ?
Not sure now - it might be necessary to initialize the Nis subsystem.
O.


Odesláno ze Samsung Mobile


-------- Původní zpráva --------
Od: "Joseph, Matthew (EXP)"
Datum:07. 01. 2014 15:52 (GMT+01:00)
Komu: Petr Spacek ,Rob Crittenden ,dpal at redhat.com,freeipa-users at redhat.com
Předmět: Re: [Freeipa-users] EXTERNAL: Re: NIS Compat issues

So looking at NIS documentation I noticed my /var/yp folder did not have the same folders/files as it should.
It should have a Makefile, nicknames, binding (folder) and mydomainname (folder)

I created a folder which matched my domainname and ypbind was finally able to start. But I can't do a ypcat since it can't find the maps which I would assume live under that domainname folder.

Any ideas?

-----Original Message-----
From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Joseph, Matthew (EXP)
Sent: Tuesday, January 07, 2014 9:23 AM
To: Petr Spacek; Rob Crittenden; dpal at redhat.com; freeipa-users at redhat.com
Subject: Re: [Freeipa-users] EXTERNAL: Re: NIS Compat issues

I forgot to show my current configuration.

Yp.conf
-----------------
Domain mydomain.ca server primaryIPA
Domain mydomain.ca server secondaryIPA

/etc/sysconfig/network
-------------------
NISDOMAIN=mydomain.ca

Nsswitch.conf
-----------------------
has "nis" added for passwd/group/automount

I've been trying different combinations of adding the nsslapd-pluginarg0: 1023 and running ypserv on the same port.
Should nsslapd and ypserv be running on the same port when I do the netstat command?

-----Original Message-----
From: Petr Spacek [mailto:pspacek at redhat.com]
Sent: Tuesday, January 07, 2014 6:59 AM
To: Joseph, Matthew (EXP); Rob Crittenden; dpal at redhat.com; freeipa-users at redhat.com
Subject: Re: [Freeipa-users] EXTERNAL: Re: NIS Compat issues

On 7.1.2014 11:22, Joseph, Matthew (EXP) wrote:
> When I run ypcat on the IPA servers it states that ypbind can't communicate.
> I started ypbind on the secondary IPA server so now I can run ypcat.
> Is running ypbind on the IPA servers necessary? According to all of the documentation I read it doesn't mention anything about ypbind on the servers.
>
> Yup, I checked the status of the port to make sure nothing else was using it.
> I configured it for an empty port below 1024.

You can use command
netstat -lpn (as root)
and check if the process is listening on the correct port and interface.

Petr^2 Spacek

> -----Original Message-----
> From: Rob Crittenden [mailto:rcritten at redhat.com]
> Sent: Monday, January 06, 2014 6:13 PM
> To: Joseph, Matthew (EXP); dpal at redhat.com; freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] EXTERNAL: Re: NIS Compat issues
>
> Joseph, Matthew (EXP) wrote:
>> Hello,
>>
>> I can add the old UNIX servers using NIS to the secondary IPA server but not the primary.
>> The servers can ping the primary with no issues.
>>
>> I didn't think the IPA servers could run ypcat? Either way neither of the servers can run the ypcat commands.
>
> Can't run them how?
>
>> Nope, ypbind was stopped when those errors came up.
>
> Can you confirm that nothing else is bound to the port?
>
> rob
>
>>
>> Matt
>>
>> -----Original Message-----
>> From: Rob Crittenden [mailto:rcritten at redhat.com]
>> Sent: Thursday, January 02, 2014 2:58 PM
>> To: Joseph, Matthew (EXP); dpal at redhat.com; freeipa-users at redhat.com
>> Subject: Re: [Freeipa-users] EXTERNAL: Re: NIS Compat issues
>>
>> Joseph, Matthew (EXP) wrote:
>>> Hello,
>>>
>>> All of the IPA services are running.
>>>
>>> When I tried running the ipa-compat-manage enable and ipa-nis-manage
>>> enable they are both loaded and running.
>>
>> On the IPA master you should be able to run something like:
>>
>> $ ypcat -h `hostname` -d <your nis domain name> passwd
>>
>> This will confirm basic operation on the server.
>>
>> If you can run the same on a client it will rule out firewall issues.
>>
>> Is a ypbind process already running on these clients? That might
>> explain the 'address in use' error.
>>
>> rob
>>
>>>
>>> The firewall is not the issue, I am positive about that.
>>>
>>> What do you mean by looking at the compat tree from the IPA server?
>>>
>>> Matt
>>>
>>> *From:*freeipa-users-bounces at redhat.com
>>> [mailto:freeipa-users-bounces at redhat.com] *On Behalf Of *Dmitri Pal
>>> *Sent:* Thursday, January 02, 2014 12:13 PM
>>> *To:* freeipa-users at redhat.com
>>> *Subject:* EXTERNAL: Re: [Freeipa-users] NIS Compat issues
>>>
>>> On 01/02/2014 11:05 AM, Joseph, Matthew (EXP) wrote:
>>>
>>> Hello,
>>>
>>> I've recently had to restart my IPA servers and my NIS compatibility
>>> mode has stopped working.
>>>
>>> I've configured my IPA server to run in NIS compatibility mode by
>>> doing the following.
>>>
>>> [root at ipaserver ~]# ipa-nis-manage enable
>>>
>>> [root at ipaserver ~]# ipa-compat-manage enable
>>>
>>> Restart the DNS and Directory Server service:
>>>
>>> [root at server ~]# service restart rpcbind
>>>
>>> [root at server ~]# service restart dirsrv
>>>
>>> On my NIS clients I have the following setup in the yp.conf file.
>>>
>>> domain                 domainname.ca
>>> server                   ipaservername.domainname.ca
>>>
>>> I tried just running the broadcast option but with no luck.
>>>
>>> When I try to do a service ypbind start on my NIS clients it takes a
>>> few minutes to finally fail.
>>>
>>> When I tried an yptest says "Can't communicate with ypbind" which
>>> makes sense since ypbind will not start.
>>>
>>> On the NIS client in the messages file it says the following;
>>>
>>> Ypbind: broadcast: RPC: Timed Out
>>>
>>> Cannot bind UDP: Address already in use
>>>
>>> Nothing has changed on my IPA server/configuration so I have no idea
>>> why this stopped working.
>>>
>>> Any suggestions?
>>>
>>>
>>> Please check if the IPA is running, the DS is running. Check the logs
>>> that the compat plugin is loaded and working.
>>> You can also try looking at the compat tree from the server itself to
>>> verify that the plugin, at least the DS part is functional.
>>>
>>> This generally smells as a firewall issue but I have not way to prove
>>> or disprove the theory.
>>>
>>>
>>> Matt

_______________________________________________
Freeipa-users mailing list
Freeipa-users at redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

_______________________________________________
Freeipa-users mailing list
Freeipa-users at redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140107/590e6718/attachment.htm>

More information about the Freeipa-users mailing list