[Freeipa-users] More slapi-nis help

Brandon Young bkyoung at gmail.com
Wed Aug 19 21:50:44 UTC 2009 

Hi all.

I have been dinking with this a few minutes at a time since last week,
and am having a problem, still.  I have gone over my nis-plugin.ldif
file and verified that nis-domain matches everywhere (at first it
didn't), and that once the dirsrv successfully starts I can see with
'rpcinfo -p' that ypserv is bound to some port (it changes each time I
reboot, but no biggie; I'm not running a firewall).  I can check from
a remote host (again with rpcinfo) and see the ypserv service is
available.  However, when I try to 'ypcat passwd', from a host that is
configured to use the freeipa server as its NIS server, it doesn't
return anything.  If I further do something like: 'ypcat -h
freeipakc01 -d someorg passwd', it eventually times out and says "No
such map passwd.byname. Reason: Can't communicate with portmapper".
"Aha," I think.  A clue.  Alas, I verified that the rpcbind service is
still running.  Both host.allow and host.deny are empty (thus allowing
all connections).  Rebooting doesn't help.

Here is my ldif I uploaded to setup the nis-plugin:


dn: cn=NIS Server, cn=plugins, cn=config
objectclass: top
objectclass: nsSlapdPlugin
objectclass: extensibleObject
cn: NIS Server
nsslapd-pluginpath: /usr/lib64/dirsrv/plugins/nisserver-plugin.so
nsslapd-plugininitfunc: nis_plugin_init
nsslapd-plugintype: object
nsslapd-pluginenabled: on
nsslapd-pluginid: nis-server
nsslapd-pluginversion: 0.15
nsslapd-pluginvendor: redhat.com
nsslapd-plugindescription: NIS Server Plugin
nis-tcp-wrappers-name: nis-server

dn: nis-domain=someorg+nis-map=passwd.byname, cn=NIS Server,
cn=plugins, cn=config
objectclass: top
objectclass: extensibleObject
nis-domain: someorg
nis-map: passwd.byname
nis-base: cn=users, dc=some-org, dc=org
nis-secure: no

dn: nis-domain=someorg+nis-map=passwd.byuid, cn=NIS Server,
cn=plugins, cn=config
objectclass: top
objectclass: extensibleObject
nis-domain: someorg
nis-map: passwd.byuid
nis-base: cn=users, dc=some-org, dc=org
nis-secure: no

dn: nis-domain=someorg+nis-map=group.byname, cn=NIS Server,
cn=plugins, cn=config
objectclass: top
objectclass: extensibleObject
nis-domain: someorg
nis-map: group.byname
nis-base: cn=groups, dc=some-org, dc=org
nis-secure: no

dn: nis-domain=someorg+nis-map=group.bygid, cn=NIS Server, cn=plugins, cn=config
objectclass: top
objectclass: extensibleObject
nis-domain: someorg
nis-map: group.bygid
nis-base: cn=groups, dc=some-org, dc=org
nis-secure: no

dn: nis-domain=someorg+nis-map=group.upg, cn=NIS Server, cn=plugins, cn=config
objectclass: top
objectclass: extensibleObject
nis-domain: someorg
nis-map: group.upg
nis-base: cn=users, dc=some-org, dc=org
nis-filter: (objectclass=posixAccount)
nis-key-format: %{uid}
nis-value-format: %{uid}:*:%{gidNumber}:%{uid}
nis-secure: no
nis-disallowed-chars: :,

dn: nis-domain=someorg+nis-map=netid.byname, cn=NIS Server,
cn=plugins, cn=config
objectclass: top
objectclass: extensibleObject
nis-domain: someorg
nis-map: netid.byname
nis-base: cn=users, dc=some-org, dc=org
nis-secure: no

Here's the output of rpcinfo:

[root at freeipa freeipa]# rpcinfo -p
   program vers proto   port  service
    100000    4   tcp    111  portmapper
    100000    3   tcp    111  portmapper
    100000    2   tcp    111  portmapper
    100000    4   udp    111  portmapper
    100000    3   udp    111  portmapper
    100000    2   udp    111  portmapper
    100024    1   udp  45003  status
    100024    1   tcp  54515  status
    100004    2   tcp    710  ypserv
    100004    2   udp    710  ypserv
    100011    1   udp    875  rquotad
    100011    2   udp    875  rquotad
    100011    1   tcp    875  rquotad
    100011    2   tcp    875  rquotad
    100003    2   udp   2049  nfs
    100003    3   udp   2049  nfs
    100003    4   udp   2049  nfs
    100021    1   udp  48842  nlockmgr
    100021    3   udp  48842  nlockmgr
    100021    4   udp  48842  nlockmgr
    100021    1   tcp  57232  nlockmgr
    100021    3   tcp  57232  nlockmgr
    100021    4   tcp  57232  nlockmgr
    100003    2   tcp   2049  nfs
    100003    3   tcp   2049  nfs
    100003    4   tcp   2049  nfs
    100005    1   udp  38415  mountd
    100005    1   tcp  44539  mountd
    100005    2   udp  38415  mountd
    100005    2   tcp  44539  mountd
    100005    3   udp  38415  mountd
    100005    3   tcp  44539  mountd

Surely I am missing something obvious.  Insight would be appreciated.
Has anyone else gotten this to work?


--
Brandon

More information about the Freeipa-users mailing list