[Freeipa-users] EXTERNAL: Re: NIS Compat issues

Ondrej Valousek ovalousek at vendavo.com
Tue Jan 7 15:43:37 UTC 2014 

Ok. Just curious - why are you running Nis on Linux where we have native client available?
Sorry for this OT question.
O.


Odesláno ze Samsung Mobile


-------- Původní zpráva --------
Od: "Joseph, Matthew (EXP)"
Datum:07. 01. 2014 16:17 (GMT+01:00)
Komu: Ondrej Valousek ,Petr Spacek ,Rob Crittenden ,dpal at redhat.com,freeipa-users at redhat.com
Předmět: RE: [Freeipa-users] EXTERNAL: Re: NIS Compat issues

Ypinit –c does not exist for Linux. At least from what I can see.
It looks like it’s a server issue.

It seems when I try to initialize NIS (through ypserv and ypbind) on the Primary and Secondary IPA servers it does not know to check IPA for the user information.

Maybe I’m wrong but are the ipa-nis-manage and ipa-compat-manage commands not used to enable the NIS compatibility mode?

From: Ondrej Valousek [mailto:ovalousek at vendavo.com]
Sent: Tuesday, January 07, 2014 11:12 AM
To: Joseph, Matthew (EXP); Petr Spacek; Rob Crittenden; dpal at redhat.com; freeipa-users at redhat.com
Subject: RE: [Freeipa-users] EXTERNAL: Re: NIS Compat issues

Did you try tu run ypinit -c ?
Not sure now - it might be necessary to initialize the Nis subsystem.
O.


Odesláno ze Samsung Mobile


-------- Původní zpráva --------
Od: "Joseph, Matthew (EXP)"
Datum:07. 01. 2014 15:52 (GMT+01:00)
Komu: Petr Spacek ,Rob Crittenden ,dpal at redhat.com,freeipa-users at redhat.com
Předmět: Re: [Freeipa-users] EXTERNAL: Re: NIS Compat issues
So looking at NIS documentation I noticed my /var/yp folder did not have the same folders/files as it should.
It should have a Makefile, nicknames, binding (folder) and mydomainname (folder)

I created a folder which matched my domainname and ypbind was finally able to start. But I can't do a ypcat since it can't find the maps which I would assume live under that domainname folder.

Any ideas?

-----Original Message-----
From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Joseph, Matthew (EXP)
Sent: Tuesday, January 07, 2014 9:23 AM
To: Petr Spacek; Rob Crittenden; dpal at redhat.com; freeipa-users at redhat.com
Subject: Re: [Freeipa-users] EXTERNAL: Re: NIS Compat issues

I forgot to show my current configuration.

Yp.conf
-----------------
Domain mydomain.ca server primaryIPA
Domain mydomain.ca server secondaryIPA

/etc/sysconfig/network
-------------------
NISDOMAIN=mydomain.ca

Nsswitch.conf
-----------------------
has "nis" added for passwd/group/automount

I've been trying different combinations of adding the nsslapd-pluginarg0: 1023 and running ypserv on the same port.
Should nsslapd and ypserv be running on the same port when I do the netstat command?

-----Original Message-----
From: Petr Spacek [mailto:pspacek at redhat.com]
Sent: Tuesday, January 07, 2014 6:59 AM
To: Joseph, Matthew (EXP); Rob Crittenden; dpal at redhat.com; freeipa-users at redhat.com
Subject: Re: [Freeipa-users] EXTERNAL: Re: NIS Compat issues

On 7.1.2014 11:22, Joseph, Matthew (EXP) wrote:
> When I run ypcat on the IPA servers it states that ypbind can't communicate.
> I started ypbind on the secondary IPA server so now I can run ypcat.
> Is running ypbind on the IPA servers necessary? According to all of the documentation I read it doesn't mention anything about ypbind on the servers.
>
> Yup, I checked the status of the port to make sure nothing else was using it.
> I configured it for an empty port below 1024.

You can use command
netstat -lpn (as root)
and check if the process is listening on the correct port and interface.

Petr^2 Spacek

> -----Original Message-----
> From: Rob Crittenden [mailto:rcritten at redhat.com]
> Sent: Monday, January 06, 2014 6:13 PM
> To: Joseph, Matthew (EXP); dpal at redhat.com; freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] EXTERNAL: Re: NIS Compat issues
>
> Joseph, Matthew (EXP) wrote:
>> Hello,
>>
>> I can add the old UNIX servers using NIS to the secondary IPA server but not the primary.
>> The servers can ping the primary with no issues.
>>
>> I didn't think the IPA servers could run ypcat? Either way neither of the servers can run the ypcat commands.
>
> Can't run them how?
>
>> Nope, ypbind was stopped when those errors came up.
>
> Can you confirm that nothing else is bound to the port?
>
> rob
>
>>
>> Matt
>>
>> -----Original Message-----
>> From: Rob Crittenden [mailto:rcritten at redhat.com]
>> Sent: Thursday, January 02, 2014 2:58 PM
>> To: Joseph, Matthew (EXP); dpal at redhat.com; freeipa-users at redhat.com
>> Subject: Re: [Freeipa-users] EXTERNAL: Re: NIS Compat issues
>>
>> Joseph, Matthew (EXP) wrote:
>>> Hello,
>>>
>>> All of the IPA services are running.
>>>
>>> When I tried running the ipa-compat-manage enable and ipa-nis-manage
>>> enable they are both loaded and running.
>>
>> On the IPA master you should be able to run something like:
>>
>> $ ypcat -h `hostname` -d <your nis domain name> passwd
>>
>> This will confirm basic operation on the server.
>>
>> If you can run the same on a client it will rule out firewall issues.
>>
>> Is a ypbind process already running on these clients? That might
>> explain the 'address in use' error.
>>
>> rob
>>
>>>
>>> The firewall is not the issue, I am positive about that.
>>>
>>> What do you mean by looking at the compat tree from the IPA server?
>>>
>>> Matt
>>>
>>> *From:*freeipa-users-bounces at redhat.com
>>> [mailto:freeipa-users-bounces at redhat.com] *On Behalf Of *Dmitri Pal
>>> *Sent:* Thursday, January 02, 2014 12:13 PM
>>> *To:* freeipa-users at redhat.com
>>> *Subject:* EXTERNAL: Re: [Freeipa-users] NIS Compat issues
>>>
>>> On 01/02/2014 11:05 AM, Joseph, Matthew (EXP) wrote:
>>>
>>> Hello,
>>>
>>> I've recently had to restart my IPA servers and my NIS compatibility
>>> mode has stopped working.
>>>
>>> I've configured my IPA server to run in NIS compatibility mode by
>>> doing the following.
>>>
>>> [root at ipaserver ~]# ipa-nis-manage enable
>>>
>>> [root at ipaserver ~]# ipa-compat-manage enable
>>>
>>> Restart the DNS and Directory Server service:
>>>
>>> [root at server ~]# service restart rpcbind
>>>
>>> [root at server ~]# service restart dirsrv
>>>
>>> On my NIS clients I have the following setup in the yp.conf file.
>>>
>>> domain                 domainname.ca
>>> server                   ipaservername.domainname.ca
>>>
>>> I tried just running the broadcast option but with no luck.
>>>
>>> When I try to do a service ypbind start on my NIS clients it takes a
>>> few minutes to finally fail.
>>>
>>> When I tried an yptest says "Can't communicate with ypbind" which
>>> makes sense since ypbind will not start.
>>>
>>> On the NIS client in the messages file it says the following;
>>>
>>> Ypbind: broadcast: RPC: Timed Out
>>>
>>> Cannot bind UDP: Address already in use
>>>
>>> Nothing has changed on my IPA server/configuration so I have no idea
>>> why this stopped working.
>>>
>>> Any suggestions?
>>>
>>>
>>> Please check if the IPA is running, the DS is running. Check the logs
>>> that the compat plugin is loaded and working.
>>> You can also try looking at the compat tree from the server itself to
>>> verify that the plugin, at least the DS part is functional.
>>>
>>> This generally smells as a firewall issue but I have not way to prove
>>> or disprove the theory.
>>>
>>>
>>> Matt

_______________________________________________
Freeipa-users mailing list
Freeipa-users at redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

_______________________________________________
Freeipa-users mailing list
Freeipa-users at redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140107/f6b022f9/attachment.htm>

More information about the Freeipa-users mailing list