On Tue, Nov 15, 2011 at 10:22 AM, Rob Crittenden <rcrit...@redhat.com>wrote:
> Boris Epstein wrote: > >> >> >> On Tue, Nov 15, 2011 at 10:08 AM, Rich Megginson <rmegg...@redhat.com >> <mailto:rmegg...@redhat.com>> wrote: >> >> __ >> >> On 11/15/2011 07:44 AM, Boris Epstein wrote: >> >>> >>> >>> On Mon, Nov 14, 2011 at 7:16 PM, Nalin Dahyabhai <na...@redhat.com >>> <mailto:na...@redhat.com>> wrote: >>> >>> On Mon, Nov 14, 2011 at 05:19:44PM -0500, Boris Epstein wrote: >>> > Hello all, >>> > >>> > I am using the FreeIPA to run NIS via a plugin. Works >>> great - except >>> > that the ypserv port numbers end up different after every >>> reboot. That >>> > makes it hard to run it with the firewall activated. >>> > >>> > Does anybody know how to make those port number >>> assignments permanent? >>> >>> There's no tooling specifically for doing this, but the plugin >>> supports >>> it. In order to get it to use a fixed port, you'll need to >>> edit the >>> directory server entry for "cn=NIS Server, cn=plugins, >>> cn=config" and >>> add a "nsslapd-pluginarg0" value which contains the port >>> number you'd >>> like it to use. >>> >>> You can do this either by stopping the directory server, >>> editing its >>> dse.ldif file directly, and then restarting it, or by editing >>> the entry >>> "live" using ldapmodify and then restarting the server. The >>> latter >>> method (I'm using port 541 here) looks something like this: >>> >>> # ldapmodify -x -D "cn=Directory Manager" -W <<- EOF >>> dn: cn=NIS Server,cn=plugins,cn=config >>> changetype: modify >>> replace: nsslapd-pluginarg0 >>> nsslapd-pluginarg0: 541 >>> - >>> >>> EOF >>> # ipactl restart >>> >>> You'll need to supply the Directory Manager password. Once >>> that's done, >>> running "rpcinfo -p" on the server should show that the NIS >>> service is >>> listening on the desired port. >>> >>> HTH, >>> >>> Nalin >>> >>> >>> Nalin, >>> >>> Thanks a lot for the tip. It definitely looks like this put me on >>> the right path though I am not quite there yet. >>> >>> Doing what you suggested did not quite work. For one thing, the >>> right cn is "NIS", not "NIS Server". Another thing is, it does not >>> look like the LDIF files in question have the nsslapd-pluginarg0 >>> parameter - or are happy with it being added. >>> >> You have to shutdown the directory server first >> service dirsrv stop >> or >> systemctl stop dirsrv.target >> >> >> Rich, >> >> I even went as far as rebooting the whole machine - even that did not >> seem to make a difference. >> >> Boris. >> > > Strange, it is NIS Server on my install too. Can you show the output of > your entry? > > This worked for me: > > # ldapmodify -x -D 'cn=directory manager' -w secretpassword > > dn: cn=NIS Server,cn=plugins,cn=config > changetype: modify > add: nsslapd-pluginarg0 > nsslapd-pluginarg0: 541 > > modifying entry "cn=NIS Server,cn=plugins,cn=config" > > rob > Rob, Brilliant, thanks! This seems to have done the trick. Here's my output: [root@noreaster ~]# ldapmodify -x -D 'cn=directory manager' -w <secret password> dn: cn=NIS Server,cn=plugins,cn=config changetype: modify add: nsslapd-pluginarg0 nsslapd-pluginarg0: 995 modifying entry "cn=NIS Server,cn=plugins,cn=config" [root@noreaster ~]# ipactl restart Restarting Directory Service Restarting KDC Service Restarting KPASSWD Service Restarting HTTP Service Restarting CA Service [root@noreaster ~]# Cheers, Boris.
_______________________________________________ Freeipa-users mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-users