On Wed, Aug 19, 2009 at 08:21:23PM -0500, Brandon Young wrote:
> I am not running a firewall.  If I probe portmapper from a remote host
> (again, using 'rpcinfo -p freeipa', where freeipa is the name of the
> server) I can see ypserv running on port 710.  Am I correct in
> understanding that it is unnecessary to set the nsslapd-pluginarg0 to
> a specific port, since I am not running a firewall on the server?

Yes, you're correct.  The plugin won't register with the portmapper if
it isn't able to bind to the ports, so you can also assume it's

> Any other ideas what I might look at?  Is there a log file I can turn
> to?  Perhaps a way to put the server/plugin in debug mode to see if an
> NIS request is even being serviced?  As nearly as I can tell (without
> breaking out wireshark) the ypserv plugin/service is not even
> acknowledging requests from a client that can otherwise ping the
> server and probe it with rpcinfo.
> The steps I took were:
> 1. Insert ldif entries defining the plugin and mappings (as described
> in the previous email)
> 2. restart dirsrv
> 3. verify rpcbind has bound ypserv to some ports
> 4. reconfigure an existing NIS client to point at the new NIS server
> 5. attempt a ypcat of passwd
> Sounds easy.  The getting started guide doesn't seem to detail any
> additional steps.  Are there missing steps?  Did I miss a step
> detailed somewhere?  Should it just work?  I feel like I must be
> missing something very basic.

It really should just work the way you've set it up.  I must be missing
something, too.

You should be able to crank up the logging level of the server to the
point where the module's logs will start being saved to disk by setting
"nsslapd-errorlog-level" to 65536 in "cn=config".

Expect a massive slowdown when you do this, because the plugin actually
logs quite a lot of messages, and this log level sends all plugin-based
messages to the log file.  The module's messages will all be marked as
coming from the "nis-plugin".



Freeipa-users mailing list

Reply via email to