Hello,

I can add the old UNIX servers using NIS to the secondary IPA server but not 
the primary.
The servers can ping the primary with no issues.

I didn't think the IPA servers could run ypcat? Either way neither of the 
servers can run the ypcat commands.

Nope, ypbind was stopped when those errors came up.

Matt

-----Original Message-----
From: Rob Crittenden [mailto:rcrit...@redhat.com] 
Sent: Thursday, January 02, 2014 2:58 PM
To: Joseph, Matthew (EXP); d...@redhat.com; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] EXTERNAL: Re: NIS Compat issues

Joseph, Matthew (EXP) wrote:
> Hello,
>
> All of the IPA services are running.
>
> When I tried running the ipa-compat-manage enable and ipa-nis-manage
> enable they are both loaded and running.

On the IPA master you should be able to run something like:

$ ypcat -h `hostname` -d <your nis domain name> passwd

This will confirm basic operation on the server.

If you can run the same on a client it will rule out firewall issues.

Is a ypbind process already running on these clients? That might explain 
the 'address in use' error.

rob

>
> The firewall is not the issue, I am positive about that.
>
> What do you mean by looking at the compat tree from the IPA server?
>
> Matt
>
> *From:*freeipa-users-boun...@redhat.com
> [mailto:freeipa-users-boun...@redhat.com] *On Behalf Of *Dmitri Pal
> *Sent:* Thursday, January 02, 2014 12:13 PM
> *To:* freeipa-users@redhat.com
> *Subject:* EXTERNAL: Re: [Freeipa-users] NIS Compat issues
>
> On 01/02/2014 11:05 AM, Joseph, Matthew (EXP) wrote:
>
> Hello,
>
> I've recently had to restart my IPA servers and my NIS compatibility
> mode has stopped working.
>
> I've configured my IPA server to run in NIS compatibility mode by doing
> the following.
>
> [root@ipaserver ~]# ipa-nis-manage enable
>
> [root@ipaserver ~]# ipa-compat-manage enable
>
> Restart the DNS and Directory Server service:
>
> [root@server ~]# service restart rpcbind
>
> [root@server ~]# service restart dirsrv
>
> On my NIS clients I have the following setup in the yp.conf file.
>
> domain                 domainname.ca
> server                   ipaservername.domainname.ca
>
> I tried just running the broadcast option but with no luck.
>
> When I try to do a service ypbind start on my NIS clients it takes a few
> minutes to finally fail.
>
> When I tried an yptest says "Can't communicate with ypbind" which makes
> sense since ypbind will not start.
>
> On the NIS client in the messages file it says the following;
>
> Ypbind: broadcast: RPC: Timed Out
>
> Cannot bind UDP: Address already in use
>
> Nothing has changed on my IPA server/configuration so I have no idea why
> this stopped working.
>
> Any suggestions?
>
>
> Please check if the IPA is running, the DS is running. Check the logs
> that the compat plugin is loaded and working.
> You can also try looking at the compat tree from the server itself to
> verify that the plugin, at least the DS part is functional.
>
> This generally smells as a firewall issue but I have not way to prove or
> disprove the theory.
>
>
> Matt
>
>
>
>
> _______________________________________________
>
> Freeipa-users mailing list
>
> Freeipa-users@redhat.com  <mailto:Freeipa-users@redhat.com>
>
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
>
>
>
> --
>
> Thank you,
>
> Dmitri Pal
>
>
>
> Sr. Engineering Manager for IdM portfolio
>
> Red Hat Inc.
>
>
>
>
>
> -------------------------------
>
> Looking to carve out IT costs?
>
> www.redhat.com/carveoutcosts/  <http://www.redhat.com/carveoutcosts/>
>
>
>
>
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>


_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to