Re: [Freeipa-users] NIS support gone with 4.2?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 01/03/16 21:39, Alexander Bokovoy wrote: > Yes, this looks like a bug in the ipa-nis-manage which is a bit larger than I > thought originally. > > You can restore maps by running > > ipa-ldap-updater /usr/share/ipa/nis.uldif > > after that and restarting the dirsrv, you should be seeing the maps. > Now it works. Thanx very much Harri -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJWiZeiAAoJEAqeKp5m04HLgsIH+wX09FFSWtb2r/lXAenlKBtl /IpdBMF5BUCIUGc/+o1iCl9d1Dwr4yYZxxwMFekHST1x1OZ1dz5g5OxFfFE1L92u HgKOOFb7FM9t7dWKUIUQ/5yhWxIJlhvMYuOCN62fExtd8Ca9V85QJDxgIvlDui4E XHi1wjA41mg4XNIXjEPGzQe3RmmOUDZ97PHiM7iIfBT4iPCod0KvQhcS9CI7CZdu MTNhnkfrY7oEItWCX4dnuMYmF0Q/hOAOOtHeOIwIco/cc3+jdWP4yaUHhoskDvQA LcZz6Du7LlH7a/6qnyC8YP31pvtvV9csVh7+moVhxxnaAqIG8omFzUWZYqWMydw= =vjgZ -END PGP SIGNATURE- -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] NIS support gone with 4.2?
On Sun, 03 Jan 2016, Harald Dunkel wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 01/03/16 19:29, Alexander Bokovoy wrote: Alternatively, do following: ipa-nis-manage disable ldapsearch -xLLL -D "cn=Directory Manager" -W -s onelevel -b "cn=NIS Server,cn=plugins,cn=config" dn You'll get list of DNs like this: dn: nis-domain=+nis-map=ethers.byaddr,cn=NIS Server,cn=plugins,cn=config dn: nis-domain=+nis-map=ethers.byname,cn=NIS Server,cn=plugins,cn=config Run ldapdelete -D "cn=Directory Manager" -W "" "" ... where is what you've got after "dn: " This is how you can delete those entries. After that, run 'ipa-nis-manage enable'. Hi Alex, sorry to say, but it did not work: [root@ipa2 ~]# ipa-nis-manage disable Directory Manager password: This setting will not take effect until you restart Directory Server. [root@ipa2 ~]# systemctl restart dirsrv@EXAMPLE-COM [root@ipa2 ~]# ldapsearch -xLLL -D "cn=Directory Manager" -W -s onelevel -b "cn=NIS Server,cn=plugins,cn=config" dn Enter LDAP Password: dn: nis-domain=example.com+nis-map=ethers.byaddr,cn=NIS Server,cn=plugins,cn=con fig dn: nis-domain=example.com+nis-map=ethers.byname,cn=NIS Server,cn=plugins,cn=con fig [root@ipa2 ~]# ldapdelete -D "cn=Directory Manager" -W "nis-domain=example.com+nis-map=ethers.byaddr,cn=NIS Server,cn=plugins,cn=config" "nis-domain=example.com+nis-map=ethers.byname,cn=NIS Server,cn=plugins,cn=config" Enter LDAP Password: [root@ipa2 ~]# ipa-nis-manage enable Directory Manager password: Enabling plugin This setting will not take effect until you restart Directory Server. The portmap service may need to be started. [root@ipa2 ~]# systemctl restart dirsrv@EXAMPLE-COM [root@ipa2 ~]# systemctl restart rpcbind [root@ipa2 ~]# ypcat -h localhost -d example.com passwd No such map passwd.byname. Reason: No such map in server's domain [root@ipa2 ~]# ldapsearch -xLLL -D "cn=Directory Manager" -W -s onelevel -b "cn=NIS Server,cn=plugins,cn=config" dn Enter LDAP Password: [root@ipa2 ~]# I tried it on a replica, though. Yes, this looks like a bug in the ipa-nis-manage which is a bit larger than I thought originally. You can restore maps by running ipa-ldap-updater /usr/share/ipa/nis.uldif after that and restarting the dirsrv, you should be seeing the maps. -- / Alexander Bokovoy -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] NIS support gone with 4.2?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 01/03/16 19:29, Alexander Bokovoy wrote: > Alternatively, do following: > > ipa-nis-manage disable > > ldapsearch -xLLL -D "cn=Directory Manager" -W -s onelevel -b "cn=NIS > Server,cn=plugins,cn=config" dn > > You'll get list of DNs like this: dn: > nis-domain=+nis-map=ethers.byaddr,cn=NIS Server,cn=plugins,cn=config > > dn: nis-domain=+nis-map=ethers.byname,cn=NIS > Server,cn=plugins,cn=config > > Run ldapdelete -D "cn=Directory Manager" -W "" "" ... > > where is what you've got after "dn: " > > This is how you can delete those entries. > > After that, run 'ipa-nis-manage enable'. > Hi Alex, sorry to say, but it did not work: [root@ipa2 ~]# ipa-nis-manage disable Directory Manager password: This setting will not take effect until you restart Directory Server. [root@ipa2 ~]# systemctl restart dirsrv@EXAMPLE-COM [root@ipa2 ~]# ldapsearch -xLLL -D "cn=Directory Manager" -W -s onelevel -b "cn=NIS Server,cn=plugins,cn=config" dn Enter LDAP Password: dn: nis-domain=example.com+nis-map=ethers.byaddr,cn=NIS Server,cn=plugins,cn=con fig dn: nis-domain=example.com+nis-map=ethers.byname,cn=NIS Server,cn=plugins,cn=con fig [root@ipa2 ~]# ldapdelete -D "cn=Directory Manager" -W "nis-domain=example.com+nis-map=ethers.byaddr,cn=NIS Server,cn=plugins,cn=config" "nis-domain=example.com+nis-map=ethers.byname,cn=NIS Server,cn=plugins,cn=config" Enter LDAP Password: [root@ipa2 ~]# ipa-nis-manage enable Directory Manager password: Enabling plugin This setting will not take effect until you restart Directory Server. The portmap service may need to be started. [root@ipa2 ~]# systemctl restart dirsrv@EXAMPLE-COM [root@ipa2 ~]# systemctl restart rpcbind [root@ipa2 ~]# ypcat -h localhost -d example.com passwd No such map passwd.byname. Reason: No such map in server's domain [root@ipa2 ~]# ldapsearch -xLLL -D "cn=Directory Manager" -W -s onelevel -b "cn=NIS Server,cn=plugins,cn=config" dn Enter LDAP Password: [root@ipa2 ~]# I tried it on a replica, though. Regards Harri -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJWiX8pAAoJEAqeKp5m04HLx2AH/igd+rgZf5FAXRBKk+M5qmHN kofjuCJ2aTaLRMmqY1J9FINsRax4pThP71bC34jHo2mQFWW15aNi7SYaur4cpEzW XA+0DLFmryS1yocg0HoFFfUK/lJxjL/uMm5yY7HI0A04QcrxCfoDjtOR4IqNLpGn eQwi6UmQdvv7srLfd2nKHtCgsmssq9jVzcH8c+EHm4aR/qL6V7dsDDiFYvuqvGu8 3mdw3sPCpxNC/9a259E5FUFZVocTrmucUKURzn07Ff6pckzonWY7kVVuieRZGzWC NYSsjl/Ai8o/qKW4DY+1dp3NeYYXnUG69PuO4EkgJ/l5oU3CCJJTkv6MVO6tFhs= =GIng -END PGP SIGNATURE- -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] NIS support gone with 4.2?
On Sun, 03 Jan 2016, Harald Dunkel wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi Alex, On 01/03/16 13:31, Alexander Bokovoy wrote: https://bugzilla.redhat.com/show_bug.cgi?id=1286781 is the bug. It has recommended workaround in comment 1. What exactly is meant by "remove all NIS plugin entries"? I had the impression that modifying the LDAP database using vi is strictly prohibited. Is this correct? Alternatively, do following: ipa-nis-manage disable ldapsearch -xLLL -D "cn=Directory Manager" -W -s onelevel -b "cn=NIS Server,cn=plugins,cn=config" dn You'll get list of DNs like this: dn: nis-domain=+nis-map=ethers.byaddr,cn=NIS Server,cn=plugins,cn=config dn: nis-domain=+nis-map=ethers.byname,cn=NIS Server,cn=plugins,cn=config Run ldapdelete -D "cn=Directory Manager" -W "" "" ... where is what you've got after "dn: " This is how you can delete those entries. After that, run 'ipa-nis-manage enable'. -- / Alexander Bokovoy -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] NIS support gone with 4.2?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi Alex, On 01/03/16 13:31, Alexander Bokovoy wrote: > https://bugzilla.redhat.com/show_bug.cgi?id=1286781 is the bug. It has > recommended workaround in comment 1. > What exactly is meant by "remove all NIS plugin entries"? I had the impression that modifying the LDAP database using vi is strictly prohibited. Is this correct? Regards Harri -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJWiVNvAAoJEAqeKp5m04HLT40H/igxgJPK2q2pIGRoULu1PZST X+zfcPivBNlcVGm/em2XhwyF47MNlMaUdsr45Q6S3ykLngPVrRRNzeyD0w/FC4WJ eWr8BT74nzlRrFbzI+QRAWp7wxAjnxoYN5E3pLv5X61mSZ9vWrNB3Tpy9Oyv5Gc6 OJ2zdxCg7wZbHIHcRFnU7OcFgR+MBKHMv9TzyLV74MJ/zSij49TACqydZSP6i7yR qFU86CdiCaihOF6fswHwRpaQ3zjF/s/hAvlGlgJS114QJxCiYGPHV8GU1p33Bx3w 3FKd0XAQcyXmcTTtz7r4PHCqe07o85rfZx1rpMcorl6yU6QNbj5o1cKh9CvbV7I= =nZxr -END PGP SIGNATURE- -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] NIS support gone with 4.2?
On Sat, 02 Jan 2016, Harald Dunkel wrote: Hi folks, I have enabled NIS support as described on https://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/migrating-from-nis.html Esp. I have run ipa-nis-manage enable ipa-compat-manage enable systemctl enable rpcbind and rebooted the FreeIPA server (Centos 7.2, FreeIPA 4.2 as shipped). Problem: Basic verification on the ipa server failed # ypcat -h localhost -d example.com passwd No such map passwd.byname. Reason: No such map in server's domain # ypcat -h localhost -d example.com group No such map group.byname. Reason: No such map in server's domain Every helpful hint is highly appreciated. https://bugzilla.redhat.com/show_bug.cgi?id=1286781 is the bug. It has recommended workaround in comment 1. -- / Alexander Bokovoy -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] NIS support gone with 4.2?
PS: Please excuse the double post. It was an accident. Harri signature.asc Description: OpenPGP digital signature -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
[Freeipa-users] NIS support gone with 4.2?
Hi folks, I have enabled NIS support as described on https://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/migrating-from-nis.html Esp. I have run ipa-nis-manage enable ipa-compat-manage enable systemctl enable rpcbind and rebooted the FreeIPA server (Centos 7.2, FreeIPA 4.2 as shipped). Problem: Basic verification on the ipa server failed # ypcat -h localhost -d example.com passwd No such map passwd.byname. Reason: No such map in server's domain # ypcat -h localhost -d example.com group No such map group.byname. Reason: No such map in server's domain Every helpful hint is highly appreciated. Regards Harri -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
[Freeipa-users] NIS support gone with 4.2?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi folks, Using FreeIPA 4.2 (Centos 7.2) I have enabled NIS support as described in Red_Hat_Enterprise_Linux-7-Linux_Domain_Identity_Authentication_and_Policy_Guide-en-US.pdf 14.5.2 "Enabling the NIS Listener". Esp. I ran ipa-nis-manage enable ipa-compat-manage enable systemctl enable rpcbind and rebooted the server. Next: # ipa-nis-manage enable Directory Manager password: Plugin already Enabled # ipa-compat-manage status Directory Manager password: Plugin Enabled Problem: ypcat woes # ypcat -h localhost -d example.com passwd No such map passwd.byname. Reason: No such map in server's domain # ypcat -h localhost -d example.com group No such map group.byname. Reason: No such map in server's domain AFAICS this is not supposed to happen. I am stuck due to this problem. Every helpful comment is highly appreciated. Harri -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJWh+SkAAoJEAqeKp5m04HLkxAH/3ZPdRN1FHhLU6oWAkxJlqOu ftCgIxSP4nYYUdJdnZxcTyDF7INmIDQOgKCJ0uGImmNwBo/YAmEfsYyF+V8SMcqR pkZxZfDiNI3+mbREvJnwX7GWrz7q0AP76IzfQSHNjhzS1dTJDQcq1bjZTx+sX/Rq 9HputYQZhbhCaDVlyuJ8WkG6j13l6CnVzX9WL7SeR6KdvEYma3Uo/yXqEyqZTCAB Of7794UH9Vuw4+315g6OqmKSFzsBkGBwL9RuBrrXWY2ccDbHu2Xa5jDeqfHJXvq+ 5aBp/+3xiDT4OU5js+PXnVYPJsNeu5eeCvDMq+A2/5hU0weTM2vATHZDXANJGNA= =Zm2r -END PGP SIGNATURE- -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project