<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=iso-8859-2"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style></style></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1>Ypinit –c does not exist for Linux. At least from what I can see.<o:p></o:p>It looks like it’s a server issue.<o:p></o:p><o:p> </o:p>It seems when I try to initialize NIS (through ypserv and ypbind) on the Primary and Secondary IPA servers it does not know to check IPA for the user information.<o:p></o:p><o:p> </o:p>Maybe I’m wrong but are the ipa-nis-manage and ipa-compat-manage commands not used to enable the NIS compatibility mode?<o:p></o:p><o:p> </o:p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>From: Ondrej Valousek [mailto:ovalousek@vendavo.com] Sent: Tuesday, January 07, 2014 11:12 AM To: Joseph, Matthew (EXP); Petr Spacek; Rob Crittenden; dpal@redhat.com; freeipa-users@redhat.com Subject: RE: [Freeipa-users] EXTERNAL: Re: NIS Compat issues<o:p></o:p></div></div><o:p> </o:p><div><div>Did you try tu run ypinit -c ?<o:p></o:p></div><div>Not sure now - it might be necessary to initialize the Nis subsystem.<o:p></o:p></div><div>O.<o:p></o:p></div><div><o:p> </o:p></div><div><o:p> </o:p></div><div><div>Odesláno ze Samsung Mobile<o:p></o:p></div></div> -------- Původní zpráva -------- Od: "Joseph, Matthew (EXP)" Datum:07. 01. 2014 15:52 (GMT+01:00) Komu: Petr Spacek ,Rob Crittenden ,dpal@redhat.com,freeipa-users@redhat.com Předmět: Re: [Freeipa-users] EXTERNAL: Re: NIS Compat issues <o:p></o:p></div><div>So looking at NIS documentation I noticed my /var/yp folder did not have the same folders/files as it should. It should have a Makefile, nicknames, binding (folder) and mydomainname (folder) I created a folder which matched my domainname and ypbind was finally able to start. But I can't do a ypcat since it can't find the maps which I would assume live under that domainname folder. Any ideas? -----Original Message----- From: freeipa-users-bounces@redhat.com [<a href="mailto:freeipa-users-bounces@redhat.com">mailto:freeipa-users-bounces@redhat.com</a>] On Behalf Of Joseph, Matthew (EXP) Sent: Tuesday, January 07, 2014 9:23 AM To: Petr Spacek; Rob Crittenden; dpal@redhat.com; freeipa-users@redhat.com Subject: Re: [Freeipa-users] EXTERNAL: Re: NIS Compat issues I forgot to show my current configuration. Yp.conf ----------------- Domain mydomain.ca server primaryIPA Domain mydomain.ca server secondaryIPA /etc/sysconfig/network ------------------- NISDOMAIN=mydomain.ca Nsswitch.conf ----------------------- has "nis" added for passwd/group/automount I've been trying different combinations of adding the nsslapd-pluginarg0: 1023 and running ypserv on the same port. Should nsslapd and ypserv be running on the same port when I do the netstat command? -----Original Message----- From: Petr Spacek [<a href="mailto:pspacek@redhat.com">mailto:pspacek@redhat.com</a>] Sent: Tuesday, January 07, 2014 6:59 AM To: Joseph, Matthew (EXP); Rob Crittenden; dpal@redhat.com; freeipa-users@redhat.com Subject: Re: [Freeipa-users] EXTERNAL: Re: NIS Compat issues On 7.1.2014 11:22, Joseph, Matthew (EXP) wrote: > When I run ypcat on the IPA servers it states that ypbind can't communicate. > I started ypbind on the secondary IPA server so now I can run ypcat. > Is running ypbind on the IPA servers necessary? According to all of the documentation I read it doesn't mention anything about ypbind on the servers. > > Yup, I checked the status of the port to make sure nothing else was using it. > I configured it for an empty port below 1024. You can use command netstat -lpn (as root) and check if the process is listening on the correct port and interface. Petr^2 Spacek > -----Original Message----- > From: Rob Crittenden [<a href="mailto:rcritten@redhat.com">mailto:rcritten@redhat.com</a>] > Sent: Monday, January 06, 2014 6:13 PM > To: Joseph, Matthew (EXP); dpal@redhat.com; freeipa-users@redhat.com > Subject: Re: [Freeipa-users] EXTERNAL: Re: NIS Compat issues > > Joseph, Matthew (EXP) wrote: >> Hello, >> >> I can add the old UNIX servers using NIS to the secondary IPA server but not the primary. >> The servers can ping the primary with no issues. >> >> I didn't think the IPA servers could run ypcat? Either way neither of the servers can run the ypcat commands. > > Can't run them how? > >> Nope, ypbind was stopped when those errors came up. > > Can you confirm that nothing else is bound to the port? > > rob > >> >> Matt >> >> -----Original Message----- >> From: Rob Crittenden [<a href="mailto:rcritten@redhat.com">mailto:rcritten@redhat.com</a>] >> Sent: Thursday, January 02, 2014 2:58 PM >> To: Joseph, Matthew (EXP); dpal@redhat.com; freeipa-users@redhat.com >> Subject: Re: [Freeipa-users] EXTERNAL: Re: NIS Compat issues >> >> Joseph, Matthew (EXP) wrote: >>> Hello, >>> >>> All of the IPA services are running. >>> >>> When I tried running the ipa-compat-manage enable and ipa-nis-manage >>> enable they are both loaded and running. >> >> On the IPA master you should be able to run something like: >> >> $ ypcat -h `hostname` -d <your nis domain name> passwd >> >> This will confirm basic operation on the server. >> >> If you can run the same on a client it will rule out firewall issues. >> >> Is a ypbind process already running on these clients? That might >> explain the 'address in use' error. >> >> rob >> >>> >>> The firewall is not the issue, I am positive about that. >>> >>> What do you mean by looking at the compat tree from the IPA server? >>> >>> Matt >>> >>> *From:*freeipa-users-bounces@redhat.com >>> [<a href="mailto:freeipa-users-bounces@redhat.com">mailto:freeipa-users-bounces@redhat.com</a>] *On Behalf Of *Dmitri Pal >>> *Sent:* Thursday, January 02, 2014 12:13 PM >>> *To:* freeipa-users@redhat.com >>> *Subject:* EXTERNAL: Re: [Freeipa-users] NIS Compat issues >>> >>> On 01/02/2014 11:05 AM, Joseph, Matthew (EXP) wrote: >>> >>> Hello, >>> >>> I've recently had to restart my IPA servers and my NIS compatibility >>> mode has stopped working. >>> >>> I've configured my IPA server to run in NIS compatibility mode by >>> doing the following. >>> >>> [root@ipaserver ~]# ipa-nis-manage enable >>> >>> [root@ipaserver ~]# ipa-compat-manage enable >>> >>> Restart the DNS and Directory Server service: >>> >>> [root@server ~]# service restart rpcbind >>> >>> [root@server ~]# service restart dirsrv >>> >>> On my NIS clients I have the following setup in the yp.conf file. >>> >>> domain domainname.ca >>> server ipaservername.domainname.ca >>> >>> I tried just running the broadcast option but with no luck. >>> >>> When I try to do a service ypbind start on my NIS clients it takes a >>> few minutes to finally fail. >>> >>> When I tried an yptest says "Can't communicate with ypbind" which >>> makes sense since ypbind will not start. >>> >>> On the NIS client in the messages file it says the following; >>> >>> Ypbind: broadcast: RPC: Timed Out >>> >>> Cannot bind UDP: Address already in use >>> >>> Nothing has changed on my IPA server/configuration so I have no idea >>> why this stopped working. >>> >>> Any suggestions? >>> >>> >>> Please check if the IPA is running, the DS is running. Check the logs >>> that the compat plugin is loaded and working. >>> You can also try looking at the compat tree from the server itself to >>> verify that the plugin, at least the DS part is functional. >>> >>> This generally smells as a firewall issue but I have not way to prove >>> or disprove the theory. >>> >>> >>> Matt _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com <a href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a> _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com <a href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a><o:p></o:p></div></div></body></html>