<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
On 01/02/2014 12:30 PM, Joseph, Matthew (EXP) wrote:
<blockquote
cite="mid:543FB8F8BFD9A74298A96670DA2F2E7F0F85308164@HCXMSP1.ca.lmco.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<meta name="Generator" content="Microsoft Word 14 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"Trebuchet MS";
panose-1:2 11 6 3 2 2 2 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin-top:0in;
margin-right:0in;
margin-bottom:12.0pt;
margin-left:0in;
background:whitesmoke;
font-size:11.0pt;
font-family:"Trebuchet MS","sans-serif";
color:black;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:"Trebuchet MS","sans-serif";
color:black;
background:whitesmoke;}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif][if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D">Hello,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">All of the IPA
services are running.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);">When
I tried running the ipa-compat-manage enable and
ipa-nis-manage enable they are both loaded and running.</span></p>
</div>
</blockquote>
<br>
Have you checked the logs to confirm that the DS server actually
loaded the plugins?<br>
<br>
<blockquote
cite="mid:543FB8F8BFD9A74298A96670DA2F2E7F0F85308164@HCXMSP1.ca.lmco.com"
type="cite">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">The firewall is
not the issue, I am positive about that.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);">What
do you mean by looking at the compat tree from the IPA
server?</span></p>
</div>
</blockquote>
<br>
I mean doing an ldapsearch operation against cn=compat,... sub tree
by running it on the server. Just to see if it returns any data. If
it does then the server is probably OK and this is the client that
can't connect due to FW or DNS.<br>
<blockquote
cite="mid:543FB8F8BFD9A74298A96670DA2F2E7F0F85308164@HCXMSP1.ca.lmco.com"
type="cite">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Matt<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext">
<a class="moz-txt-link-abbreviated" href="mailto:freeipa-users-bounces@redhat.com">freeipa-users-bounces@redhat.com</a>
[<a class="moz-txt-link-freetext" href="mailto:freeipa-users-bounces@redhat.com">mailto:freeipa-users-bounces@redhat.com</a>] <b>On Behalf
Of </b>Dmitri Pal<br>
<b>Sent:</b> Thursday, January 02, 2014 12:13 PM<br>
<b>To:</b> <a class="moz-txt-link-abbreviated" href="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</a><br>
<b>Subject:</b> EXTERNAL: Re: [Freeipa-users] NIS Compat
issues<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">On 01/02/2014 11:05 AM, Joseph, Matthew
(EXP) wrote: <o:p></o:p></p>
<p class="MsoNormal">Hello,<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">I’ve recently had to restart my IPA servers
and my NIS compatibility mode has stopped working.<o:p></o:p></p>
<p class="MsoNormal">I’ve configured my IPA server to run in NIS
compatibility mode by doing the following.<o:p></o:p></p>
<p class="MsoNormal"
style="margin-bottom:12.0pt;line-height:140%;background:whitesmoke">[root@ipaserver
~]# ipa-nis-manage enable<o:p></o:p></p>
<p class="MsoNormal"
style="margin-bottom:12.0pt;line-height:140%;background:whitesmoke">[root@ipaserver
~]# ipa-compat-manage enable<o:p></o:p></p>
<p class="MsoNormal"
style="margin-bottom:12.0pt;line-height:140%;background:whitesmoke"><span
style="font-size:12.0pt;line-height:140%">Restart the DNS
and Directory Server service: </span><o:p></o:p></p>
<p class="MsoNormal"
style="margin-bottom:12.0pt;line-height:140%;background:whitesmoke">[root@server
~]# service restart rpcbind<o:p></o:p></p>
<p class="MsoNormal"
style="margin-bottom:12.0pt;line-height:140%;background:whitesmoke">[root@server
~]# service restart dirsrv<o:p></o:p></p>
<p class="MsoNormal">On my NIS clients I have the following
setup in the yp.conf file.<o:p></o:p></p>
<p class="MsoNormal">domain
domainname.ca server
ipaservername.domainname.ca<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">I tried just running the broadcast option
but with no luck.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">When I try to do a service ypbind start on
my NIS clients it takes a few minutes to finally fail.<o:p></o:p></p>
<p class="MsoNormal">When I tried an yptest says “Can’t
communicate with ypbind” which makes sense since ypbind will
not start.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">On the NIS client in the messages file it
says the following;<o:p></o:p></p>
<p class="MsoNormal">Ypbind: broadcast: RPC: Timed Out<o:p></o:p></p>
<p class="MsoNormal">Cannot bind UDP: Address already in use<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Nothing has changed on my IPA
server/configuration so I have no idea why this stopped
working.<o:p></o:p></p>
<p class="MsoNormal">Any suggestions?<o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif""><br>
Please check if the IPA is running, the DS is running. Check
the logs that the compat plugin is loaded and working.<br>
You can also try looking at the compat tree from the server
itself to verify that the plugin, at least the DS part is
functional.<br>
<br>
This generally smells as a firewall issue but I have not way
to prove or disprove the theory.<br>
<br>
<br>
<o:p></o:p></span></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Matt<o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif""><br>
<br>
<br>
<o:p></o:p></span></p>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>Freeipa-users mailing list<o:p></o:p></pre>
<pre><a moz-do-not-send="true" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a><o:p></o:p></pre>
<pre><a moz-do-not-send="true" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a><o:p></o:p></pre>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif""><br>
<br>
<br>
<o:p></o:p></span></p>
<pre>-- <o:p></o:p></pre>
<pre>Thank you,<o:p></o:p></pre>
<pre>Dmitri Pal<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>Sr. Engineering Manager for IdM portfolio<o:p></o:p></pre>
<pre>Red Hat Inc.<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre><o:p> </o:p></pre>
<pre>-------------------------------<o:p></o:p></pre>
<pre>Looking to carve out IT costs?<o:p></o:p></pre>
<pre><a moz-do-not-send="true" href="http://www.redhat.com/carveoutcosts/">www.redhat.com/carveoutcosts/</a><o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre><o:p> </o:p></pre>
</div>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
<a class="moz-txt-link-abbreviated" href="http://www.redhat.com/carveoutcosts/">www.redhat.com/carveoutcosts/</a>
</pre>
</body>
</html>