Rodolfo Martínez wrote:
Hi Nigel,
Add this line to the /etc/nsswitch.conf file in the client:
shadow: files [NOTFOUND=return]
The client will only look at the local shadow file, if the entry is
not there, it will stop searching for it.
Tried this. Changed the file on the client, restarted the ypbind process
on the client - even restarted ALL of the yp programs on the server. Did
not make a single difference :(
Here is the nsswitch.conf:
[r...@sydsrv56 etc]# cat nsswitch.conf
passwd: files nis
shadow: files [NOTFOUND=return]
group: files nis
hosts: files dns
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files
netgroup: files nis
publickey: nisplus
automount: files
aliases: files
and here is an example of the error messages:
Aug 13 09:57:07 sydsrv12 ypserv[27083]: refused connect from
192.168.0.56:38711 to procedure ypproc_match (jgc,shadow.byname;-1)
Aug 13 09:59:09 sydsrv12 ypserv[27083]: refused connect from
192.168.0.56:38711 to procedure ypproc_match (jgc,shadow.byname;-1)
Aug 13 09:59:36 sydsrv12 ypserv[27083]: refused connect from
192.168.0.56:38711 to procedure ypproc_match (jgc,shadow.byname;-1)
Aug 13 10:00:01 sydsrv12 ypserv[27083]: refused connect from
192.168.0.56:38711 to procedure ypproc_match (jgc,shadow.byname;-1)
Aug 13 10:00:12 sydsrv12 ypserv[27083]: refused connect from
192.168.0.56:38712 to procedure ypproc_match (jgc,shadow.byname;-1)
Aug 13 10:01:24 sydsrv12 ypserv[27083]: refused connect from
192.168.0.56:38712 to procedure ypproc_match (jgc,shadow.byname;-1)
Aug 13 10:01:50 sydsrv12 ypserv[27083]: refused connect from
192.168.0.56:38712 to procedure ypproc_match (jgc,shadow.byname;-1)
Aug 13 10:02:00 sydsrv12 ypserv[27083]: refused connect from
192.168.0.56:38712 to procedure ypproc_match (jgc,shadow.byname;-1)
Aug 13 10:02:15 sydsrv12 ypserv[27083]: refused connect from
192.168.0.56:38712 to procedure ypproc_match (jgc,shadow.byname;-1)
Aug 13 10:02:32 sydsrv12 ypserv[27083]: refused connect from
192.168.0.56:38712 to procedure ypproc_match (jgc,shadow.byname;-1)
Aug 13 10:02:41 sydsrv12 ypserv[27083]: refused connect from
192.168.0.56:38712 to procedure ypproc_match (jgc,shadow.byname;-1)
Aug 13 10:03:46 sydsrv12 ypserv[27083]: refused connect from
192.168.0.56:38712 to procedure ypproc_match (jgc,shadow.byname;-1)
Aug 13 10:04:14 sydsrv12 ypserv[27083]: refused connect from
192.168.0.56:38712 to procedure ypproc_match (jgc,shadow.byname;-1)
Aug 13 10:04:43 sydsrv12 ypserv[27083]: refused connect from
192.168.0.56:38712 to procedure ypproc_match (jgc,shadow.byname;-1)
This is getting "Curiouser and Curiouser".
Nigel.
Rodolfo Martínez
On Wed, Aug 12, 2009 at 2:22 AM, Sonia Hamilton<[email protected]> wrote:
Nigel Allen wrote:
Hi
Running Centos 4 with one machine as YP server (ypserv 2.8) and one as a
yp client.
In the messages log of the server I constantly see messages like this:
Aug 12 12:28:46 sydsrv12 ypserv[20413]: refused connect from
192.168.0.56:38230 to procedure ypproc_match (jgc,shadow.byname;-1)
Aug 12 12:29:14 sydsrv12 ypserv[20413]: refused connect from
192.168.0.56:38230 to procedure ypproc_match (jgc,shadow.byname;-1)
Aug 12 12:29:22 sydsrv12 ypserv[20413]: refused connect from
192.168.0.56:38230 to procedure ypproc_match (jgc,shadow.byname;-1)
Aug 12 12:30:13 sydsrv12 ypserv[20413]: refused connect from
192.168.0.56:38230 to procedure ypproc_match (jgc,shadow.byname;-1)
sydsrv56 is the client btw.
How can I find what program is trying to access the shadow.byname map? I
suspect (from the frequency) that it dovecot may be the culprit
The server does not have that map and on the client there is no mention of
shadow in the nsswitch.conf - all commented out.
Any clues please?
touch the file shadow.byname and use lsof + grep in a loop in a shell
script?
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
