On 7.1.2014 11:22, Joseph, Matthew (EXP) wrote:
When I run ypcat on the IPA servers it states that ypbind can't communicate.
I started ypbind on the secondary IPA server so now I can run ypcat.
Is running ypbind on the IPA servers necessary? According to all of the 
documentation I read it doesn't mention anything about ypbind on the servers.

Yup, I checked the status of the port to make sure nothing else was using it.
I configured it for an empty port below 1024.

You can use command
netstat -lpn (as root)
and check if the process is listening on the correct port and interface.

Petr^2 Spacek

-----Original Message-----
From: Rob Crittenden [mailto:rcrit...@redhat.com]
Sent: Monday, January 06, 2014 6:13 PM
To: Joseph, Matthew (EXP); d...@redhat.com; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] EXTERNAL: Re: NIS Compat issues

Joseph, Matthew (EXP) wrote:

I can add the old UNIX servers using NIS to the secondary IPA server but not 
the primary.
The servers can ping the primary with no issues.

I didn't think the IPA servers could run ypcat? Either way neither of the 
servers can run the ypcat commands.

Can't run them how?

Nope, ypbind was stopped when those errors came up.

Can you confirm that nothing else is bound to the port?



-----Original Message-----
From: Rob Crittenden [mailto:rcrit...@redhat.com]
Sent: Thursday, January 02, 2014 2:58 PM
To: Joseph, Matthew (EXP); d...@redhat.com; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] EXTERNAL: Re: NIS Compat issues

Joseph, Matthew (EXP) wrote:

All of the IPA services are running.

When I tried running the ipa-compat-manage enable and ipa-nis-manage
enable they are both loaded and running.

On the IPA master you should be able to run something like:

$ ypcat -h `hostname` -d <your nis domain name> passwd

This will confirm basic operation on the server.

If you can run the same on a client it will rule out firewall issues.

Is a ypbind process already running on these clients? That might
explain the 'address in use' error.


The firewall is not the issue, I am positive about that.

What do you mean by looking at the compat tree from the IPA server?


[mailto:freeipa-users-boun...@redhat.com] *On Behalf Of *Dmitri Pal
*Sent:* Thursday, January 02, 2014 12:13 PM
*To:* freeipa-users@redhat.com
*Subject:* EXTERNAL: Re: [Freeipa-users] NIS Compat issues

On 01/02/2014 11:05 AM, Joseph, Matthew (EXP) wrote:


I've recently had to restart my IPA servers and my NIS compatibility
mode has stopped working.

I've configured my IPA server to run in NIS compatibility mode by
doing the following.

[root@ipaserver ~]# ipa-nis-manage enable

[root@ipaserver ~]# ipa-compat-manage enable

Restart the DNS and Directory Server service:

[root@server ~]# service restart rpcbind

[root@server ~]# service restart dirsrv

On my NIS clients I have the following setup in the yp.conf file.

domain                 domainname.ca
server                   ipaservername.domainname.ca

I tried just running the broadcast option but with no luck.

When I try to do a service ypbind start on my NIS clients it takes a
few minutes to finally fail.

When I tried an yptest says "Can't communicate with ypbind" which
makes sense since ypbind will not start.

On the NIS client in the messages file it says the following;

Ypbind: broadcast: RPC: Timed Out

Cannot bind UDP: Address already in use

Nothing has changed on my IPA server/configuration so I have no idea
why this stopped working.

Any suggestions?

Please check if the IPA is running, the DS is running. Check the logs
that the compat plugin is loaded and working.
You can also try looking at the compat tree from the server itself to
verify that the plugin, at least the DS part is functional.

This generally smells as a firewall issue but I have not way to prove
or disprove the theory.


Freeipa-users mailing list

Reply via email to