Re: [Freeipa-users] EXTERNAL: Re: NIS Compat issues
When I run ypcat on the IPA servers it states that ypbind can't communicate. I started ypbind on the secondary IPA server so now I can run ypcat. Is running ypbind on the IPA servers necessary? According to all of the documentation I read it doesn't mention anything about ypbind on the servers. Yup, I checked the status of the port to make sure nothing else was using it. I configured it for an empty port below 1024. -Original Message- From: Rob Crittenden [mailto:rcrit...@redhat.com] Sent: Monday, January 06, 2014 6:13 PM To: Joseph, Matthew (EXP); d...@redhat.com; freeipa-users@redhat.com Subject: Re: [Freeipa-users] EXTERNAL: Re: NIS Compat issues Joseph, Matthew (EXP) wrote: Hello, I can add the old UNIX servers using NIS to the secondary IPA server but not the primary. The servers can ping the primary with no issues. I didn't think the IPA servers could run ypcat? Either way neither of the servers can run the ypcat commands. Can't run them how? Nope, ypbind was stopped when those errors came up. Can you confirm that nothing else is bound to the port? rob Matt -Original Message- From: Rob Crittenden [mailto:rcrit...@redhat.com] Sent: Thursday, January 02, 2014 2:58 PM To: Joseph, Matthew (EXP); d...@redhat.com; freeipa-users@redhat.com Subject: Re: [Freeipa-users] EXTERNAL: Re: NIS Compat issues Joseph, Matthew (EXP) wrote: Hello, All of the IPA services are running. When I tried running the ipa-compat-manage enable and ipa-nis-manage enable they are both loaded and running. On the IPA master you should be able to run something like: $ ypcat -h `hostname` -d your nis domain name passwd This will confirm basic operation on the server. If you can run the same on a client it will rule out firewall issues. Is a ypbind process already running on these clients? That might explain the 'address in use' error. rob The firewall is not the issue, I am positive about that. What do you mean by looking at the compat tree from the IPA server? Matt *From:*freeipa-users-boun...@redhat.com [mailto:freeipa-users-boun...@redhat.com] *On Behalf Of *Dmitri Pal *Sent:* Thursday, January 02, 2014 12:13 PM *To:* freeipa-users@redhat.com *Subject:* EXTERNAL: Re: [Freeipa-users] NIS Compat issues On 01/02/2014 11:05 AM, Joseph, Matthew (EXP) wrote: Hello, I've recently had to restart my IPA servers and my NIS compatibility mode has stopped working. I've configured my IPA server to run in NIS compatibility mode by doing the following. [root@ipaserver ~]# ipa-nis-manage enable [root@ipaserver ~]# ipa-compat-manage enable Restart the DNS and Directory Server service: [root@server ~]# service restart rpcbind [root@server ~]# service restart dirsrv On my NIS clients I have the following setup in the yp.conf file. domain domainname.ca server ipaservername.domainname.ca I tried just running the broadcast option but with no luck. When I try to do a service ypbind start on my NIS clients it takes a few minutes to finally fail. When I tried an yptest says Can't communicate with ypbind which makes sense since ypbind will not start. On the NIS client in the messages file it says the following; Ypbind: broadcast: RPC: Timed Out Cannot bind UDP: Address already in use Nothing has changed on my IPA server/configuration so I have no idea why this stopped working. Any suggestions? Please check if the IPA is running, the DS is running. Check the logs that the compat plugin is loaded and working. You can also try looking at the compat tree from the server itself to verify that the plugin, at least the DS part is functional. This generally smells as a firewall issue but I have not way to prove or disprove the theory. Matt ___ Freeipa-users mailing list Freeipa-users@redhat.com mailto:Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. --- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ http://www.redhat.com/carveoutcosts/ ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] EXTERNAL: Re: NIS Compat issues
On 7.1.2014 11:22, Joseph, Matthew (EXP) wrote: When I run ypcat on the IPA servers it states that ypbind can't communicate. I started ypbind on the secondary IPA server so now I can run ypcat. Is running ypbind on the IPA servers necessary? According to all of the documentation I read it doesn't mention anything about ypbind on the servers. Yup, I checked the status of the port to make sure nothing else was using it. I configured it for an empty port below 1024. You can use command netstat -lpn (as root) and check if the process is listening on the correct port and interface. Petr^2 Spacek -Original Message- From: Rob Crittenden [mailto:rcrit...@redhat.com] Sent: Monday, January 06, 2014 6:13 PM To: Joseph, Matthew (EXP); d...@redhat.com; freeipa-users@redhat.com Subject: Re: [Freeipa-users] EXTERNAL: Re: NIS Compat issues Joseph, Matthew (EXP) wrote: Hello, I can add the old UNIX servers using NIS to the secondary IPA server but not the primary. The servers can ping the primary with no issues. I didn't think the IPA servers could run ypcat? Either way neither of the servers can run the ypcat commands. Can't run them how? Nope, ypbind was stopped when those errors came up. Can you confirm that nothing else is bound to the port? rob Matt -Original Message- From: Rob Crittenden [mailto:rcrit...@redhat.com] Sent: Thursday, January 02, 2014 2:58 PM To: Joseph, Matthew (EXP); d...@redhat.com; freeipa-users@redhat.com Subject: Re: [Freeipa-users] EXTERNAL: Re: NIS Compat issues Joseph, Matthew (EXP) wrote: Hello, All of the IPA services are running. When I tried running the ipa-compat-manage enable and ipa-nis-manage enable they are both loaded and running. On the IPA master you should be able to run something like: $ ypcat -h `hostname` -d your nis domain name passwd This will confirm basic operation on the server. If you can run the same on a client it will rule out firewall issues. Is a ypbind process already running on these clients? That might explain the 'address in use' error. rob The firewall is not the issue, I am positive about that. What do you mean by looking at the compat tree from the IPA server? Matt *From:*freeipa-users-boun...@redhat.com [mailto:freeipa-users-boun...@redhat.com] *On Behalf Of *Dmitri Pal *Sent:* Thursday, January 02, 2014 12:13 PM *To:* freeipa-users@redhat.com *Subject:* EXTERNAL: Re: [Freeipa-users] NIS Compat issues On 01/02/2014 11:05 AM, Joseph, Matthew (EXP) wrote: Hello, I've recently had to restart my IPA servers and my NIS compatibility mode has stopped working. I've configured my IPA server to run in NIS compatibility mode by doing the following. [root@ipaserver ~]# ipa-nis-manage enable [root@ipaserver ~]# ipa-compat-manage enable Restart the DNS and Directory Server service: [root@server ~]# service restart rpcbind [root@server ~]# service restart dirsrv On my NIS clients I have the following setup in the yp.conf file. domain domainname.ca server ipaservername.domainname.ca I tried just running the broadcast option but with no luck. When I try to do a service ypbind start on my NIS clients it takes a few minutes to finally fail. When I tried an yptest says Can't communicate with ypbind which makes sense since ypbind will not start. On the NIS client in the messages file it says the following; Ypbind: broadcast: RPC: Timed Out Cannot bind UDP: Address already in use Nothing has changed on my IPA server/configuration so I have no idea why this stopped working. Any suggestions? Please check if the IPA is running, the DS is running. Check the logs that the compat plugin is loaded and working. You can also try looking at the compat tree from the server itself to verify that the plugin, at least the DS part is functional. This generally smells as a firewall issue but I have not way to prove or disprove the theory. Matt ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] EXTERNAL: Re: NIS Compat issues
When I run the netstat command it shows the following Tcp 0 0.0.0.0:10230.0.0.0:* LISTEN 10465/ypserv UDP 0 0.0.0.0:10230.0.0.0:* 10465/ypserv Like I stated this was working fine until we had our holiday shutdown for 2 weeks and when it came back online this stopped working. I tried restarting ypserv and ypbind on the secondary IPA server and it stopped working. Does ipa-server-2.2.0-16 have some bug issues with the NIS compatibility mode? -Original Message- From: Petr Spacek [mailto:pspa...@redhat.com] Sent: Tuesday, January 07, 2014 6:59 AM To: Joseph, Matthew (EXP); Rob Crittenden; d...@redhat.com; freeipa-users@redhat.com Subject: Re: [Freeipa-users] EXTERNAL: Re: NIS Compat issues On 7.1.2014 11:22, Joseph, Matthew (EXP) wrote: When I run ypcat on the IPA servers it states that ypbind can't communicate. I started ypbind on the secondary IPA server so now I can run ypcat. Is running ypbind on the IPA servers necessary? According to all of the documentation I read it doesn't mention anything about ypbind on the servers. Yup, I checked the status of the port to make sure nothing else was using it. I configured it for an empty port below 1024. You can use command netstat -lpn (as root) and check if the process is listening on the correct port and interface. Petr^2 Spacek -Original Message- From: Rob Crittenden [mailto:rcrit...@redhat.com] Sent: Monday, January 06, 2014 6:13 PM To: Joseph, Matthew (EXP); d...@redhat.com; freeipa-users@redhat.com Subject: Re: [Freeipa-users] EXTERNAL: Re: NIS Compat issues Joseph, Matthew (EXP) wrote: Hello, I can add the old UNIX servers using NIS to the secondary IPA server but not the primary. The servers can ping the primary with no issues. I didn't think the IPA servers could run ypcat? Either way neither of the servers can run the ypcat commands. Can't run them how? Nope, ypbind was stopped when those errors came up. Can you confirm that nothing else is bound to the port? rob Matt -Original Message- From: Rob Crittenden [mailto:rcrit...@redhat.com] Sent: Thursday, January 02, 2014 2:58 PM To: Joseph, Matthew (EXP); d...@redhat.com; freeipa-users@redhat.com Subject: Re: [Freeipa-users] EXTERNAL: Re: NIS Compat issues Joseph, Matthew (EXP) wrote: Hello, All of the IPA services are running. When I tried running the ipa-compat-manage enable and ipa-nis-manage enable they are both loaded and running. On the IPA master you should be able to run something like: $ ypcat -h `hostname` -d your nis domain name passwd This will confirm basic operation on the server. If you can run the same on a client it will rule out firewall issues. Is a ypbind process already running on these clients? That might explain the 'address in use' error. rob The firewall is not the issue, I am positive about that. What do you mean by looking at the compat tree from the IPA server? Matt *From:*freeipa-users-boun...@redhat.com [mailto:freeipa-users-boun...@redhat.com] *On Behalf Of *Dmitri Pal *Sent:* Thursday, January 02, 2014 12:13 PM *To:* freeipa-users@redhat.com *Subject:* EXTERNAL: Re: [Freeipa-users] NIS Compat issues On 01/02/2014 11:05 AM, Joseph, Matthew (EXP) wrote: Hello, I've recently had to restart my IPA servers and my NIS compatibility mode has stopped working. I've configured my IPA server to run in NIS compatibility mode by doing the following. [root@ipaserver ~]# ipa-nis-manage enable [root@ipaserver ~]# ipa-compat-manage enable Restart the DNS and Directory Server service: [root@server ~]# service restart rpcbind [root@server ~]# service restart dirsrv On my NIS clients I have the following setup in the yp.conf file. domain domainname.ca server ipaservername.domainname.ca I tried just running the broadcast option but with no luck. When I try to do a service ypbind start on my NIS clients it takes a few minutes to finally fail. When I tried an yptest says Can't communicate with ypbind which makes sense since ypbind will not start. On the NIS client in the messages file it says the following; Ypbind: broadcast: RPC: Timed Out Cannot bind UDP: Address already in use Nothing has changed on my IPA server/configuration so I have no idea why this stopped working. Any suggestions? Please check if the IPA is running, the DS is running. Check the logs that the compat plugin is loaded and working. You can also try looking at the compat tree from the server itself to verify that the plugin, at least the DS part is functional. This generally smells as a firewall issue but I have not way to prove or disprove the theory. Matt ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] EXTERNAL: Re: NIS Compat issues
I forgot to show my current configuration. Yp.conf - Domain mydomain.ca server primaryIPA Domain mydomain.ca server secondaryIPA /etc/sysconfig/network --- NISDOMAIN=mydomain.ca Nsswitch.conf --- has nis added for passwd/group/automount I've been trying different combinations of adding the nsslapd-pluginarg0: 1023 and running ypserv on the same port. Should nsslapd and ypserv be running on the same port when I do the netstat command? -Original Message- From: Petr Spacek [mailto:pspa...@redhat.com] Sent: Tuesday, January 07, 2014 6:59 AM To: Joseph, Matthew (EXP); Rob Crittenden; d...@redhat.com; freeipa-users@redhat.com Subject: Re: [Freeipa-users] EXTERNAL: Re: NIS Compat issues On 7.1.2014 11:22, Joseph, Matthew (EXP) wrote: When I run ypcat on the IPA servers it states that ypbind can't communicate. I started ypbind on the secondary IPA server so now I can run ypcat. Is running ypbind on the IPA servers necessary? According to all of the documentation I read it doesn't mention anything about ypbind on the servers. Yup, I checked the status of the port to make sure nothing else was using it. I configured it for an empty port below 1024. You can use command netstat -lpn (as root) and check if the process is listening on the correct port and interface. Petr^2 Spacek -Original Message- From: Rob Crittenden [mailto:rcrit...@redhat.com] Sent: Monday, January 06, 2014 6:13 PM To: Joseph, Matthew (EXP); d...@redhat.com; freeipa-users@redhat.com Subject: Re: [Freeipa-users] EXTERNAL: Re: NIS Compat issues Joseph, Matthew (EXP) wrote: Hello, I can add the old UNIX servers using NIS to the secondary IPA server but not the primary. The servers can ping the primary with no issues. I didn't think the IPA servers could run ypcat? Either way neither of the servers can run the ypcat commands. Can't run them how? Nope, ypbind was stopped when those errors came up. Can you confirm that nothing else is bound to the port? rob Matt -Original Message- From: Rob Crittenden [mailto:rcrit...@redhat.com] Sent: Thursday, January 02, 2014 2:58 PM To: Joseph, Matthew (EXP); d...@redhat.com; freeipa-users@redhat.com Subject: Re: [Freeipa-users] EXTERNAL: Re: NIS Compat issues Joseph, Matthew (EXP) wrote: Hello, All of the IPA services are running. When I tried running the ipa-compat-manage enable and ipa-nis-manage enable they are both loaded and running. On the IPA master you should be able to run something like: $ ypcat -h `hostname` -d your nis domain name passwd This will confirm basic operation on the server. If you can run the same on a client it will rule out firewall issues. Is a ypbind process already running on these clients? That might explain the 'address in use' error. rob The firewall is not the issue, I am positive about that. What do you mean by looking at the compat tree from the IPA server? Matt *From:*freeipa-users-boun...@redhat.com [mailto:freeipa-users-boun...@redhat.com] *On Behalf Of *Dmitri Pal *Sent:* Thursday, January 02, 2014 12:13 PM *To:* freeipa-users@redhat.com *Subject:* EXTERNAL: Re: [Freeipa-users] NIS Compat issues On 01/02/2014 11:05 AM, Joseph, Matthew (EXP) wrote: Hello, I've recently had to restart my IPA servers and my NIS compatibility mode has stopped working. I've configured my IPA server to run in NIS compatibility mode by doing the following. [root@ipaserver ~]# ipa-nis-manage enable [root@ipaserver ~]# ipa-compat-manage enable Restart the DNS and Directory Server service: [root@server ~]# service restart rpcbind [root@server ~]# service restart dirsrv On my NIS clients I have the following setup in the yp.conf file. domain domainname.ca server ipaservername.domainname.ca I tried just running the broadcast option but with no luck. When I try to do a service ypbind start on my NIS clients it takes a few minutes to finally fail. When I tried an yptest says Can't communicate with ypbind which makes sense since ypbind will not start. On the NIS client in the messages file it says the following; Ypbind: broadcast: RPC: Timed Out Cannot bind UDP: Address already in use Nothing has changed on my IPA server/configuration so I have no idea why this stopped working. Any suggestions? Please check if the IPA is running, the DS is running. Check the logs that the compat plugin is loaded and working. You can also try looking at the compat tree from the server itself to verify that the plugin, at least the DS part is functional. This generally smells as a firewall issue but I have not way to prove or disprove the theory. Matt ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] EXTERNAL: Re: NIS Compat issues
So looking at NIS documentation I noticed my /var/yp folder did not have the same folders/files as it should. It should have a Makefile, nicknames, binding (folder) and mydomainname (folder) I created a folder which matched my domainname and ypbind was finally able to start. But I can't do a ypcat since it can't find the maps which I would assume live under that domainname folder. Any ideas? -Original Message- From: freeipa-users-boun...@redhat.com [mailto:freeipa-users-boun...@redhat.com] On Behalf Of Joseph, Matthew (EXP) Sent: Tuesday, January 07, 2014 9:23 AM To: Petr Spacek; Rob Crittenden; d...@redhat.com; freeipa-users@redhat.com Subject: Re: [Freeipa-users] EXTERNAL: Re: NIS Compat issues I forgot to show my current configuration. Yp.conf - Domain mydomain.ca server primaryIPA Domain mydomain.ca server secondaryIPA /etc/sysconfig/network --- NISDOMAIN=mydomain.ca Nsswitch.conf --- has nis added for passwd/group/automount I've been trying different combinations of adding the nsslapd-pluginarg0: 1023 and running ypserv on the same port. Should nsslapd and ypserv be running on the same port when I do the netstat command? -Original Message- From: Petr Spacek [mailto:pspa...@redhat.com] Sent: Tuesday, January 07, 2014 6:59 AM To: Joseph, Matthew (EXP); Rob Crittenden; d...@redhat.com; freeipa-users@redhat.com Subject: Re: [Freeipa-users] EXTERNAL: Re: NIS Compat issues On 7.1.2014 11:22, Joseph, Matthew (EXP) wrote: When I run ypcat on the IPA servers it states that ypbind can't communicate. I started ypbind on the secondary IPA server so now I can run ypcat. Is running ypbind on the IPA servers necessary? According to all of the documentation I read it doesn't mention anything about ypbind on the servers. Yup, I checked the status of the port to make sure nothing else was using it. I configured it for an empty port below 1024. You can use command netstat -lpn (as root) and check if the process is listening on the correct port and interface. Petr^2 Spacek -Original Message- From: Rob Crittenden [mailto:rcrit...@redhat.com] Sent: Monday, January 06, 2014 6:13 PM To: Joseph, Matthew (EXP); d...@redhat.com; freeipa-users@redhat.com Subject: Re: [Freeipa-users] EXTERNAL: Re: NIS Compat issues Joseph, Matthew (EXP) wrote: Hello, I can add the old UNIX servers using NIS to the secondary IPA server but not the primary. The servers can ping the primary with no issues. I didn't think the IPA servers could run ypcat? Either way neither of the servers can run the ypcat commands. Can't run them how? Nope, ypbind was stopped when those errors came up. Can you confirm that nothing else is bound to the port? rob Matt -Original Message- From: Rob Crittenden [mailto:rcrit...@redhat.com] Sent: Thursday, January 02, 2014 2:58 PM To: Joseph, Matthew (EXP); d...@redhat.com; freeipa-users@redhat.com Subject: Re: [Freeipa-users] EXTERNAL: Re: NIS Compat issues Joseph, Matthew (EXP) wrote: Hello, All of the IPA services are running. When I tried running the ipa-compat-manage enable and ipa-nis-manage enable they are both loaded and running. On the IPA master you should be able to run something like: $ ypcat -h `hostname` -d your nis domain name passwd This will confirm basic operation on the server. If you can run the same on a client it will rule out firewall issues. Is a ypbind process already running on these clients? That might explain the 'address in use' error. rob The firewall is not the issue, I am positive about that. What do you mean by looking at the compat tree from the IPA server? Matt *From:*freeipa-users-boun...@redhat.com [mailto:freeipa-users-boun...@redhat.com] *On Behalf Of *Dmitri Pal *Sent:* Thursday, January 02, 2014 12:13 PM *To:* freeipa-users@redhat.com *Subject:* EXTERNAL: Re: [Freeipa-users] NIS Compat issues On 01/02/2014 11:05 AM, Joseph, Matthew (EXP) wrote: Hello, I've recently had to restart my IPA servers and my NIS compatibility mode has stopped working. I've configured my IPA server to run in NIS compatibility mode by doing the following. [root@ipaserver ~]# ipa-nis-manage enable [root@ipaserver ~]# ipa-compat-manage enable Restart the DNS and Directory Server service: [root@server ~]# service restart rpcbind [root@server ~]# service restart dirsrv On my NIS clients I have the following setup in the yp.conf file. domain domainname.ca server ipaservername.domainname.ca I tried just running the broadcast option but with no luck. When I try to do a service ypbind start on my NIS clients it takes a few minutes to finally fail. When I tried an yptest says Can't communicate with ypbind which makes sense since ypbind will not start. On the NIS client in the messages file it says the following; Ypbind: broadcast: RPC: Timed Out Cannot bind UDP
Re: [Freeipa-users] EXTERNAL: Re: NIS Compat issues
Did you try tu run ypinit -c ? Not sure now - it might be necessary to initialize the Nis subsystem. O. Odesláno ze Samsung Mobile Původní zpráva Od: Joseph, Matthew (EXP) Datum:07. 01. 2014 15:52 (GMT+01:00) Komu: Petr Spacek ,Rob Crittenden ,d...@redhat.com,freeipa-users@redhat.com Předmět: Re: [Freeipa-users] EXTERNAL: Re: NIS Compat issues So looking at NIS documentation I noticed my /var/yp folder did not have the same folders/files as it should. It should have a Makefile, nicknames, binding (folder) and mydomainname (folder) I created a folder which matched my domainname and ypbind was finally able to start. But I can't do a ypcat since it can't find the maps which I would assume live under that domainname folder. Any ideas? -Original Message- From: freeipa-users-boun...@redhat.com [mailto:freeipa-users-boun...@redhat.com] On Behalf Of Joseph, Matthew (EXP) Sent: Tuesday, January 07, 2014 9:23 AM To: Petr Spacek; Rob Crittenden; d...@redhat.com; freeipa-users@redhat.com Subject: Re: [Freeipa-users] EXTERNAL: Re: NIS Compat issues I forgot to show my current configuration. Yp.conf - Domain mydomain.ca server primaryIPA Domain mydomain.ca server secondaryIPA /etc/sysconfig/network --- NISDOMAIN=mydomain.ca Nsswitch.conf --- has nis added for passwd/group/automount I've been trying different combinations of adding the nsslapd-pluginarg0: 1023 and running ypserv on the same port. Should nsslapd and ypserv be running on the same port when I do the netstat command? -Original Message- From: Petr Spacek [mailto:pspa...@redhat.com] Sent: Tuesday, January 07, 2014 6:59 AM To: Joseph, Matthew (EXP); Rob Crittenden; d...@redhat.com; freeipa-users@redhat.com Subject: Re: [Freeipa-users] EXTERNAL: Re: NIS Compat issues On 7.1.2014 11:22, Joseph, Matthew (EXP) wrote: When I run ypcat on the IPA servers it states that ypbind can't communicate. I started ypbind on the secondary IPA server so now I can run ypcat. Is running ypbind on the IPA servers necessary? According to all of the documentation I read it doesn't mention anything about ypbind on the servers. Yup, I checked the status of the port to make sure nothing else was using it. I configured it for an empty port below 1024. You can use command netstat -lpn (as root) and check if the process is listening on the correct port and interface. Petr^2 Spacek -Original Message- From: Rob Crittenden [mailto:rcrit...@redhat.com] Sent: Monday, January 06, 2014 6:13 PM To: Joseph, Matthew (EXP); d...@redhat.com; freeipa-users@redhat.com Subject: Re: [Freeipa-users] EXTERNAL: Re: NIS Compat issues Joseph, Matthew (EXP) wrote: Hello, I can add the old UNIX servers using NIS to the secondary IPA server but not the primary. The servers can ping the primary with no issues. I didn't think the IPA servers could run ypcat? Either way neither of the servers can run the ypcat commands. Can't run them how? Nope, ypbind was stopped when those errors came up. Can you confirm that nothing else is bound to the port? rob Matt -Original Message- From: Rob Crittenden [mailto:rcrit...@redhat.com] Sent: Thursday, January 02, 2014 2:58 PM To: Joseph, Matthew (EXP); d...@redhat.com; freeipa-users@redhat.com Subject: Re: [Freeipa-users] EXTERNAL: Re: NIS Compat issues Joseph, Matthew (EXP) wrote: Hello, All of the IPA services are running. When I tried running the ipa-compat-manage enable and ipa-nis-manage enable they are both loaded and running. On the IPA master you should be able to run something like: $ ypcat -h `hostname` -d your nis domain name passwd This will confirm basic operation on the server. If you can run the same on a client it will rule out firewall issues. Is a ypbind process already running on these clients? That might explain the 'address in use' error. rob The firewall is not the issue, I am positive about that. What do you mean by looking at the compat tree from the IPA server? Matt *From:*freeipa-users-boun...@redhat.com [mailto:freeipa-users-boun...@redhat.com] *On Behalf Of *Dmitri Pal *Sent:* Thursday, January 02, 2014 12:13 PM *To:* freeipa-users@redhat.com *Subject:* EXTERNAL: Re: [Freeipa-users] NIS Compat issues On 01/02/2014 11:05 AM, Joseph, Matthew (EXP) wrote: Hello, I've recently had to restart my IPA servers and my NIS compatibility mode has stopped working. I've configured my IPA server to run in NIS compatibility mode by doing the following. [root@ipaserver ~]# ipa-nis-manage enable [root@ipaserver ~]# ipa-compat-manage enable Restart the DNS and Directory Server service: [root@server ~]# service restart rpcbind [root@server ~]# service restart dirsrv On my NIS clients I have the following setup in the yp.conf file. domain domainname.ca server ipaservername.domainname.ca I tried just running
Re: [Freeipa-users] EXTERNAL: Re: NIS Compat issues
Ypinit -c does not exist for Linux. At least from what I can see. It looks like it's a server issue. It seems when I try to initialize NIS (through ypserv and ypbind) on the Primary and Secondary IPA servers it does not know to check IPA for the user information. Maybe I'm wrong but are the ipa-nis-manage and ipa-compat-manage commands not used to enable the NIS compatibility mode? From: Ondrej Valousek [mailto:ovalou...@vendavo.com] Sent: Tuesday, January 07, 2014 11:12 AM To: Joseph, Matthew (EXP); Petr Spacek; Rob Crittenden; d...@redhat.com; freeipa-users@redhat.com Subject: RE: [Freeipa-users] EXTERNAL: Re: NIS Compat issues Did you try tu run ypinit -c ? Not sure now - it might be necessary to initialize the Nis subsystem. O. Odesláno ze Samsung Mobile Původní zpráva Od: Joseph, Matthew (EXP) Datum:07. 01. 2014 15:52 (GMT+01:00) Komu: Petr Spacek ,Rob Crittenden ,d...@redhat.com,freeipa-users@redhat.com Předmět: Re: [Freeipa-users] EXTERNAL: Re: NIS Compat issues So looking at NIS documentation I noticed my /var/yp folder did not have the same folders/files as it should. It should have a Makefile, nicknames, binding (folder) and mydomainname (folder) I created a folder which matched my domainname and ypbind was finally able to start. But I can't do a ypcat since it can't find the maps which I would assume live under that domainname folder. Any ideas? -Original Message- From: freeipa-users-boun...@redhat.com [mailto:freeipa-users-boun...@redhat.com] On Behalf Of Joseph, Matthew (EXP) Sent: Tuesday, January 07, 2014 9:23 AM To: Petr Spacek; Rob Crittenden; d...@redhat.com; freeipa-users@redhat.com Subject: Re: [Freeipa-users] EXTERNAL: Re: NIS Compat issues I forgot to show my current configuration. Yp.conf - Domain mydomain.ca server primaryIPA Domain mydomain.ca server secondaryIPA /etc/sysconfig/network --- NISDOMAIN=mydomain.ca Nsswitch.conf --- has nis added for passwd/group/automount I've been trying different combinations of adding the nsslapd-pluginarg0: 1023 and running ypserv on the same port. Should nsslapd and ypserv be running on the same port when I do the netstat command? -Original Message- From: Petr Spacek [mailto:pspa...@redhat.com] Sent: Tuesday, January 07, 2014 6:59 AM To: Joseph, Matthew (EXP); Rob Crittenden; d...@redhat.com; freeipa-users@redhat.com Subject: Re: [Freeipa-users] EXTERNAL: Re: NIS Compat issues On 7.1.2014 11:22, Joseph, Matthew (EXP) wrote: When I run ypcat on the IPA servers it states that ypbind can't communicate. I started ypbind on the secondary IPA server so now I can run ypcat. Is running ypbind on the IPA servers necessary? According to all of the documentation I read it doesn't mention anything about ypbind on the servers. Yup, I checked the status of the port to make sure nothing else was using it. I configured it for an empty port below 1024. You can use command netstat -lpn (as root) and check if the process is listening on the correct port and interface. Petr^2 Spacek -Original Message- From: Rob Crittenden [mailto:rcrit...@redhat.com] Sent: Monday, January 06, 2014 6:13 PM To: Joseph, Matthew (EXP); d...@redhat.com; freeipa-users@redhat.com Subject: Re: [Freeipa-users] EXTERNAL: Re: NIS Compat issues Joseph, Matthew (EXP) wrote: Hello, I can add the old UNIX servers using NIS to the secondary IPA server but not the primary. The servers can ping the primary with no issues. I didn't think the IPA servers could run ypcat? Either way neither of the servers can run the ypcat commands. Can't run them how? Nope, ypbind was stopped when those errors came up. Can you confirm that nothing else is bound to the port? rob Matt -Original Message- From: Rob Crittenden [mailto:rcrit...@redhat.com] Sent: Thursday, January 02, 2014 2:58 PM To: Joseph, Matthew (EXP); d...@redhat.com; freeipa-users@redhat.com Subject: Re: [Freeipa-users] EXTERNAL: Re: NIS Compat issues Joseph, Matthew (EXP) wrote: Hello, All of the IPA services are running. When I tried running the ipa-compat-manage enable and ipa-nis-manage enable they are both loaded and running. On the IPA master you should be able to run something like: $ ypcat -h `hostname` -d your nis domain name passwd This will confirm basic operation on the server. If you can run the same on a client it will rule out firewall issues. Is a ypbind process already running on these clients? That might explain the 'address in use' error. rob The firewall is not the issue, I am positive about that. What do you mean by looking at the compat tree from the IPA server? Matt *From:*freeipa-users-boun...@redhat.com [mailto:freeipa-users-boun...@redhat.com] *On Behalf Of *Dmitri Pal *Sent:* Thursday, January 02, 2014 12:13 PM *To:* freeipa-users@redhat.com *Subject:* EXTERNAL: Re: [Freeipa-users] NIS Compat issues On 01/02/2014 11
Re: [Freeipa-users] EXTERNAL: Re: NIS Compat issues
On Tue, Jan 07, 2014 at 05:22:22AM -0500, Joseph, Matthew (EXP) wrote: When I run ypcat on the IPA servers it states that ypbind can't communicate. I started ypbind on the secondary IPA server so now I can run ypcat. Is running ypbind on the IPA servers necessary? According to all of the documentation I read it doesn't mention anything about ypbind on the servers. Any system on which you intend to run ypcat, ypmatch, or any of the NIS client commands should run ypbind, whether it's talking to a more traditional NIS server or an IPA server with its NIS service enabled. HTH, Nalin ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] EXTERNAL: Re: NIS Compat issues
No worries. We have a couple of older clients on our network that consist of RHEL 4.3, RHEL 5.3, RHEL 5.5, Solaris 7, Solaris 8, and Solaris 10. Unfortunately I won't be able to get rid of those machines for the next year or so. I figured for those older clients it would just be easier to have them all go through NIS. I had it working for a good year and then it just stopped. From: Ondrej Valousek [mailto:ovalou...@vendavo.com] Sent: Tuesday, January 07, 2014 11:44 AM To: Joseph, Matthew (EXP); Petr Spacek; Rob Crittenden; d...@redhat.com; freeipa-users@redhat.com Subject: RE: [Freeipa-users] EXTERNAL: Re: NIS Compat issues Ok. Just curious - why are you running Nis on Linux where we have native client available? Sorry for this OT question. O. Odesláno ze Samsung Mobile Původní zpráva Od: Joseph, Matthew (EXP) Datum:07. 01. 2014 16:17 (GMT+01:00) Komu: Ondrej Valousek ,Petr Spacek ,Rob Crittenden ,d...@redhat.com,freeipa-users@redhat.com Předmět: RE: [Freeipa-users] EXTERNAL: Re: NIS Compat issues Ypinit -c does not exist for Linux. At least from what I can see. It looks like it's a server issue. It seems when I try to initialize NIS (through ypserv and ypbind) on the Primary and Secondary IPA servers it does not know to check IPA for the user information. Maybe I'm wrong but are the ipa-nis-manage and ipa-compat-manage commands not used to enable the NIS compatibility mode? From: Ondrej Valousek [mailto:ovalou...@vendavo.com] Sent: Tuesday, January 07, 2014 11:12 AM To: Joseph, Matthew (EXP); Petr Spacek; Rob Crittenden; d...@redhat.com; freeipa-users@redhat.com Subject: RE: [Freeipa-users] EXTERNAL: Re: NIS Compat issues Did you try tu run ypinit -c ? Not sure now - it might be necessary to initialize the Nis subsystem. O. Odesláno ze Samsung Mobile Původní zpráva Od: Joseph, Matthew (EXP) Datum:07. 01. 2014 15:52 (GMT+01:00) Komu: Petr Spacek ,Rob Crittenden ,d...@redhat.com,freeipa-users@redhat.com Předmět: Re: [Freeipa-users] EXTERNAL: Re: NIS Compat issues So looking at NIS documentation I noticed my /var/yp folder did not have the same folders/files as it should. It should have a Makefile, nicknames, binding (folder) and mydomainname (folder) I created a folder which matched my domainname and ypbind was finally able to start. But I can't do a ypcat since it can't find the maps which I would assume live under that domainname folder. Any ideas? -Original Message- From: freeipa-users-boun...@redhat.com [mailto:freeipa-users-boun...@redhat.com] On Behalf Of Joseph, Matthew (EXP) Sent: Tuesday, January 07, 2014 9:23 AM To: Petr Spacek; Rob Crittenden; d...@redhat.com; freeipa-users@redhat.com Subject: Re: [Freeipa-users] EXTERNAL: Re: NIS Compat issues I forgot to show my current configuration. Yp.conf - Domain mydomain.ca server primaryIPA Domain mydomain.ca server secondaryIPA /etc/sysconfig/network --- NISDOMAIN=mydomain.ca Nsswitch.conf --- has nis added for passwd/group/automount I've been trying different combinations of adding the nsslapd-pluginarg0: 1023 and running ypserv on the same port. Should nsslapd and ypserv be running on the same port when I do the netstat command? -Original Message- From: Petr Spacek [mailto:pspa...@redhat.com] Sent: Tuesday, January 07, 2014 6:59 AM To: Joseph, Matthew (EXP); Rob Crittenden; d...@redhat.com; freeipa-users@redhat.com Subject: Re: [Freeipa-users] EXTERNAL: Re: NIS Compat issues On 7.1.2014 11:22, Joseph, Matthew (EXP) wrote: When I run ypcat on the IPA servers it states that ypbind can't communicate. I started ypbind on the secondary IPA server so now I can run ypcat. Is running ypbind on the IPA servers necessary? According to all of the documentation I read it doesn't mention anything about ypbind on the servers. Yup, I checked the status of the port to make sure nothing else was using it. I configured it for an empty port below 1024. You can use command netstat -lpn (as root) and check if the process is listening on the correct port and interface. Petr^2 Spacek -Original Message- From: Rob Crittenden [mailto:rcrit...@redhat.com] Sent: Monday, January 06, 2014 6:13 PM To: Joseph, Matthew (EXP); d...@redhat.com; freeipa-users@redhat.com Subject: Re: [Freeipa-users] EXTERNAL: Re: NIS Compat issues Joseph, Matthew (EXP) wrote: Hello, I can add the old UNIX servers using NIS to the secondary IPA server but not the primary. The servers can ping the primary with no issues. I didn't think the IPA servers could run ypcat? Either way neither of the servers can run the ypcat commands. Can't run them how? Nope, ypbind was stopped when those errors came up. Can you confirm that nothing else is bound to the port? rob Matt -Original Message- From: Rob Crittenden [mailto:rcrit...@redhat.com] Sent: Thursday, January 02, 2014 2:58 PM To: Joseph, Matthew (EXP); d
Re: [Freeipa-users] EXTERNAL: Re: NIS Compat issues
On Tue, Jan 07, 2014 at 10:35:58AM -0500, Rob Crittenden wrote: Nalin Dahyabhai wrote: Any system on which you intend to run ypcat, ypmatch, or any of the NIS client commands should run ypbind, whether it's talking to a more traditional NIS server or an IPA server with its NIS service enabled. I run ypcat w/o ypbind all the time for testing. You just need to specify the server and domain on the command-line: $ ypcat -h `hostname` -d example.com passwd I left that tidbit out, but yeah, I often use it that way as well when troubleshooting. On that topic, 'rpcinfo -p' is handy for checking that the NIS server is properly registered with its local port mapper (as a ypserv server), which is necessary for ypbind to find it. Cheers, Nalin ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] EXTERNAL: Re: NIS Compat issues
That is right, I forgot about adding those options. So what I did was stopped ypserv (since the IPA plugin functions should handle all incoming NIS requests right?) Restarted the dirsrv and rpcbind. I try running ypbind on both the server and client but it fails with the same error. I tried running ypcat from a client and it gives the following error; No such map passwd.byname: Reason: Can't communicate with portmapper. So I checked port 1023 (ns-slapd is running) and nothing else is using port 1023. I restarted dirsrv and rpcbind 2 times each and then it finally worked. I'm going to try to reboot the server at the earliest time possible to make sure the config sticks. Thank you for the help guys and helping me understand how the NIS module in IPA works. Matt -Original Message- From: Rob Crittenden [mailto:rcrit...@redhat.com] Sent: Tuesday, January 07, 2014 11:36 AM To: Nalin Dahyabhai; Joseph, Matthew (EXP) Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] EXTERNAL: Re: NIS Compat issues Nalin Dahyabhai wrote: On Tue, Jan 07, 2014 at 05:22:22AM -0500, Joseph, Matthew (EXP) wrote: When I run ypcat on the IPA servers it states that ypbind can't communicate. I started ypbind on the secondary IPA server so now I can run ypcat. Is running ypbind on the IPA servers necessary? According to all of the documentation I read it doesn't mention anything about ypbind on the servers. Any system on which you intend to run ypcat, ypmatch, or any of the NIS client commands should run ypbind, whether it's talking to a more traditional NIS server or an IPA server with its NIS service enabled. I run ypcat w/o ypbind all the time for testing. You just need to specify the server and domain on the command-line: $ ypcat -h `hostname` -d example.com passwd rob ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] EXTERNAL: Re: NIS Compat issues
Hello, I can add the old UNIX servers using NIS to the secondary IPA server but not the primary. The servers can ping the primary with no issues. I didn't think the IPA servers could run ypcat? Either way neither of the servers can run the ypcat commands. Nope, ypbind was stopped when those errors came up. Matt -Original Message- From: Rob Crittenden [mailto:rcrit...@redhat.com] Sent: Thursday, January 02, 2014 2:58 PM To: Joseph, Matthew (EXP); d...@redhat.com; freeipa-users@redhat.com Subject: Re: [Freeipa-users] EXTERNAL: Re: NIS Compat issues Joseph, Matthew (EXP) wrote: Hello, All of the IPA services are running. When I tried running the ipa-compat-manage enable and ipa-nis-manage enable they are both loaded and running. On the IPA master you should be able to run something like: $ ypcat -h `hostname` -d your nis domain name passwd This will confirm basic operation on the server. If you can run the same on a client it will rule out firewall issues. Is a ypbind process already running on these clients? That might explain the 'address in use' error. rob The firewall is not the issue, I am positive about that. What do you mean by looking at the compat tree from the IPA server? Matt *From:*freeipa-users-boun...@redhat.com [mailto:freeipa-users-boun...@redhat.com] *On Behalf Of *Dmitri Pal *Sent:* Thursday, January 02, 2014 12:13 PM *To:* freeipa-users@redhat.com *Subject:* EXTERNAL: Re: [Freeipa-users] NIS Compat issues On 01/02/2014 11:05 AM, Joseph, Matthew (EXP) wrote: Hello, I've recently had to restart my IPA servers and my NIS compatibility mode has stopped working. I've configured my IPA server to run in NIS compatibility mode by doing the following. [root@ipaserver ~]# ipa-nis-manage enable [root@ipaserver ~]# ipa-compat-manage enable Restart the DNS and Directory Server service: [root@server ~]# service restart rpcbind [root@server ~]# service restart dirsrv On my NIS clients I have the following setup in the yp.conf file. domain domainname.ca server ipaservername.domainname.ca I tried just running the broadcast option but with no luck. When I try to do a service ypbind start on my NIS clients it takes a few minutes to finally fail. When I tried an yptest says Can't communicate with ypbind which makes sense since ypbind will not start. On the NIS client in the messages file it says the following; Ypbind: broadcast: RPC: Timed Out Cannot bind UDP: Address already in use Nothing has changed on my IPA server/configuration so I have no idea why this stopped working. Any suggestions? Please check if the IPA is running, the DS is running. Check the logs that the compat plugin is loaded and working. You can also try looking at the compat tree from the server itself to verify that the plugin, at least the DS part is functional. This generally smells as a firewall issue but I have not way to prove or disprove the theory. Matt ___ Freeipa-users mailing list Freeipa-users@redhat.com mailto:Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. --- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ http://www.redhat.com/carveoutcosts/ ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] EXTERNAL: Re: NIS Compat issues
Joseph, Matthew (EXP) wrote: Hello, I can add the old UNIX servers using NIS to the secondary IPA server but not the primary. The servers can ping the primary with no issues. I didn't think the IPA servers could run ypcat? Either way neither of the servers can run the ypcat commands. Can't run them how? Nope, ypbind was stopped when those errors came up. Can you confirm that nothing else is bound to the port? rob Matt -Original Message- From: Rob Crittenden [mailto:rcrit...@redhat.com] Sent: Thursday, January 02, 2014 2:58 PM To: Joseph, Matthew (EXP); d...@redhat.com; freeipa-users@redhat.com Subject: Re: [Freeipa-users] EXTERNAL: Re: NIS Compat issues Joseph, Matthew (EXP) wrote: Hello, All of the IPA services are running. When I tried running the ipa-compat-manage enable and ipa-nis-manage enable they are both loaded and running. On the IPA master you should be able to run something like: $ ypcat -h `hostname` -d your nis domain name passwd This will confirm basic operation on the server. If you can run the same on a client it will rule out firewall issues. Is a ypbind process already running on these clients? That might explain the 'address in use' error. rob The firewall is not the issue, I am positive about that. What do you mean by looking at the compat tree from the IPA server? Matt *From:*freeipa-users-boun...@redhat.com [mailto:freeipa-users-boun...@redhat.com] *On Behalf Of *Dmitri Pal *Sent:* Thursday, January 02, 2014 12:13 PM *To:* freeipa-users@redhat.com *Subject:* EXTERNAL: Re: [Freeipa-users] NIS Compat issues On 01/02/2014 11:05 AM, Joseph, Matthew (EXP) wrote: Hello, I've recently had to restart my IPA servers and my NIS compatibility mode has stopped working. I've configured my IPA server to run in NIS compatibility mode by doing the following. [root@ipaserver ~]# ipa-nis-manage enable [root@ipaserver ~]# ipa-compat-manage enable Restart the DNS and Directory Server service: [root@server ~]# service restart rpcbind [root@server ~]# service restart dirsrv On my NIS clients I have the following setup in the yp.conf file. domain domainname.ca server ipaservername.domainname.ca I tried just running the broadcast option but with no luck. When I try to do a service ypbind start on my NIS clients it takes a few minutes to finally fail. When I tried an yptest says Can't communicate with ypbind which makes sense since ypbind will not start. On the NIS client in the messages file it says the following; Ypbind: broadcast: RPC: Timed Out Cannot bind UDP: Address already in use Nothing has changed on my IPA server/configuration so I have no idea why this stopped working. Any suggestions? Please check if the IPA is running, the DS is running. Check the logs that the compat plugin is loaded and working. You can also try looking at the compat tree from the server itself to verify that the plugin, at least the DS part is functional. This generally smells as a firewall issue but I have not way to prove or disprove the theory. Matt ___ Freeipa-users mailing list Freeipa-users@redhat.com mailto:Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. --- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ http://www.redhat.com/carveoutcosts/ ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] EXTERNAL: Re: NIS Compat issues
On 01/02/2014 12:30 PM, Joseph, Matthew (EXP) wrote: Hello, All of the IPA services are running. When I tried running the ipa-compat-manage enable and ipa-nis-manage enable they are both loaded and running. Have you checked the logs to confirm that the DS server actually loaded the plugins? The firewall is not the issue, I am positive about that. What do you mean by looking at the compat tree from the IPA server? I mean doing an ldapsearch operation against cn=compat,... sub tree by running it on the server. Just to see if it returns any data. If it does then the server is probably OK and this is the client that can't connect due to FW or DNS. Matt *From:*freeipa-users-boun...@redhat.com [mailto:freeipa-users-boun...@redhat.com] *On Behalf Of *Dmitri Pal *Sent:* Thursday, January 02, 2014 12:13 PM *To:* freeipa-users@redhat.com *Subject:* EXTERNAL: Re: [Freeipa-users] NIS Compat issues On 01/02/2014 11:05 AM, Joseph, Matthew (EXP) wrote: Hello, I've recently had to restart my IPA servers and my NIS compatibility mode has stopped working. I've configured my IPA server to run in NIS compatibility mode by doing the following. [root@ipaserver ~]# ipa-nis-manage enable [root@ipaserver ~]# ipa-compat-manage enable Restart the DNS and Directory Server service: [root@server ~]# service restart rpcbind [root@server ~]# service restart dirsrv On my NIS clients I have the following setup in the yp.conf file. domain domainname.ca server ipaservername.domainname.ca I tried just running the broadcast option but with no luck. When I try to do a service ypbind start on my NIS clients it takes a few minutes to finally fail. When I tried an yptest says Can't communicate with ypbind which makes sense since ypbind will not start. On the NIS client in the messages file it says the following; Ypbind: broadcast: RPC: Timed Out Cannot bind UDP: Address already in use Nothing has changed on my IPA server/configuration so I have no idea why this stopped working. Any suggestions? Please check if the IPA is running, the DS is running. Check the logs that the compat plugin is loaded and working. You can also try looking at the compat tree from the server itself to verify that the plugin, at least the DS part is functional. This generally smells as a firewall issue but I have not way to prove or disprove the theory. Matt ___ Freeipa-users mailing list Freeipa-users@redhat.com mailto:Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. --- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ http://www.redhat.com/carveoutcosts/ -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. --- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] EXTERNAL: Re: NIS Compat issues
Joseph, Matthew (EXP) wrote: Hello, All of the IPA services are running. When I tried running the ipa-compat-manage enable and ipa-nis-manage enable they are both loaded and running. On the IPA master you should be able to run something like: $ ypcat -h `hostname` -d your nis domain name passwd This will confirm basic operation on the server. If you can run the same on a client it will rule out firewall issues. Is a ypbind process already running on these clients? That might explain the 'address in use' error. rob The firewall is not the issue, I am positive about that. What do you mean by looking at the compat tree from the IPA server? Matt *From:*freeipa-users-boun...@redhat.com [mailto:freeipa-users-boun...@redhat.com] *On Behalf Of *Dmitri Pal *Sent:* Thursday, January 02, 2014 12:13 PM *To:* freeipa-users@redhat.com *Subject:* EXTERNAL: Re: [Freeipa-users] NIS Compat issues On 01/02/2014 11:05 AM, Joseph, Matthew (EXP) wrote: Hello, I’ve recently had to restart my IPA servers and my NIS compatibility mode has stopped working. I’ve configured my IPA server to run in NIS compatibility mode by doing the following. [root@ipaserver ~]# ipa-nis-manage enable [root@ipaserver ~]# ipa-compat-manage enable Restart the DNS and Directory Server service: [root@server ~]# service restart rpcbind [root@server ~]# service restart dirsrv On my NIS clients I have the following setup in the yp.conf file. domain domainname.ca server ipaservername.domainname.ca I tried just running the broadcast option but with no luck. When I try to do a service ypbind start on my NIS clients it takes a few minutes to finally fail. When I tried an yptest says “Can’t communicate with ypbind” which makes sense since ypbind will not start. On the NIS client in the messages file it says the following; Ypbind: broadcast: RPC: Timed Out Cannot bind UDP: Address already in use Nothing has changed on my IPA server/configuration so I have no idea why this stopped working. Any suggestions? Please check if the IPA is running, the DS is running. Check the logs that the compat plugin is loaded and working. You can also try looking at the compat tree from the server itself to verify that the plugin, at least the DS part is functional. This generally smells as a firewall issue but I have not way to prove or disprove the theory. Matt ___ Freeipa-users mailing list Freeipa-users@redhat.com mailto:Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. --- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ http://www.redhat.com/carveoutcosts/ ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users