[Freeipa-users] More slapi-nis help
Brandon Young
bkyoung at gmail.com
Wed Aug 19 21:50:44 UTC 2009
Hi all.
I have been dinking with this a few minutes at a time since last week,
and am having a problem, still. I have gone over my nis-plugin.ldif
file and verified that nis-domain matches everywhere (at first it
didn't), and that once the dirsrv successfully starts I can see with
'rpcinfo -p' that ypserv is bound to some port (it changes each time I
reboot, but no biggie; I'm not running a firewall). I can check from
a remote host (again with rpcinfo) and see the ypserv service is
available. However, when I try to 'ypcat passwd', from a host that is
configured to use the freeipa server as its NIS server, it doesn't
return anything. If I further do something like: 'ypcat -h
freeipakc01 -d someorg passwd', it eventually times out and says "No
such map passwd.byname. Reason: Can't communicate with portmapper".
"Aha," I think. A clue. Alas, I verified that the rpcbind service is
still running. Both host.allow and host.deny are empty (thus allowing
all connections). Rebooting doesn't help.
Here is my ldif I uploaded to setup the nis-plugin:
dn: cn=NIS Server, cn=plugins, cn=config
objectclass: top
objectclass: nsSlapdPlugin
objectclass: extensibleObject
cn: NIS Server
nsslapd-pluginpath: /usr/lib64/dirsrv/plugins/nisserver-plugin.so
nsslapd-plugininitfunc: nis_plugin_init
nsslapd-plugintype: object
nsslapd-pluginenabled: on
nsslapd-pluginid: nis-server
nsslapd-pluginversion: 0.15
nsslapd-pluginvendor: redhat.com
nsslapd-plugindescription: NIS Server Plugin
nis-tcp-wrappers-name: nis-server
dn: nis-domain=someorg+nis-map=passwd.byname, cn=NIS Server,
cn=plugins, cn=config
objectclass: top
objectclass: extensibleObject
nis-domain: someorg
nis-map: passwd.byname
nis-base: cn=users, dc=some-org, dc=org
nis-secure: no
dn: nis-domain=someorg+nis-map=passwd.byuid, cn=NIS Server,
cn=plugins, cn=config
objectclass: top
objectclass: extensibleObject
nis-domain: someorg
nis-map: passwd.byuid
nis-base: cn=users, dc=some-org, dc=org
nis-secure: no
dn: nis-domain=someorg+nis-map=group.byname, cn=NIS Server,
cn=plugins, cn=config
objectclass: top
objectclass: extensibleObject
nis-domain: someorg
nis-map: group.byname
nis-base: cn=groups, dc=some-org, dc=org
nis-secure: no
dn: nis-domain=someorg+nis-map=group.bygid, cn=NIS Server, cn=plugins, cn=config
objectclass: top
objectclass: extensibleObject
nis-domain: someorg
nis-map: group.bygid
nis-base: cn=groups, dc=some-org, dc=org
nis-secure: no
dn: nis-domain=someorg+nis-map=group.upg, cn=NIS Server, cn=plugins, cn=config
objectclass: top
objectclass: extensibleObject
nis-domain: someorg
nis-map: group.upg
nis-base: cn=users, dc=some-org, dc=org
nis-filter: (objectclass=posixAccount)
nis-key-format: %{uid}
nis-value-format: %{uid}:*:%{gidNumber}:%{uid}
nis-secure: no
nis-disallowed-chars: :,
dn: nis-domain=someorg+nis-map=netid.byname, cn=NIS Server,
cn=plugins, cn=config
objectclass: top
objectclass: extensibleObject
nis-domain: someorg
nis-map: netid.byname
nis-base: cn=users, dc=some-org, dc=org
nis-secure: no
Here's the output of rpcinfo:
[root at freeipa freeipa]# rpcinfo -p
program vers proto port service
100000 4 tcp 111 portmapper
100000 3 tcp 111 portmapper
100000 2 tcp 111 portmapper
100000 4 udp 111 portmapper
100000 3 udp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 45003 status
100024 1 tcp 54515 status
100004 2 tcp 710 ypserv
100004 2 udp 710 ypserv
100011 1 udp 875 rquotad
100011 2 udp 875 rquotad
100011 1 tcp 875 rquotad
100011 2 tcp 875 rquotad
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100003 4 udp 2049 nfs
100021 1 udp 48842 nlockmgr
100021 3 udp 48842 nlockmgr
100021 4 udp 48842 nlockmgr
100021 1 tcp 57232 nlockmgr
100021 3 tcp 57232 nlockmgr
100021 4 tcp 57232 nlockmgr
100003 2 tcp 2049 nfs
100003 3 tcp 2049 nfs
100003 4 tcp 2049 nfs
100005 1 udp 38415 mountd
100005 1 tcp 44539 mountd
100005 2 udp 38415 mountd
100005 2 tcp 44539 mountd
100005 3 udp 38415 mountd
100005 3 tcp 44539 mountd
Surely I am missing something obvious. Insight would be appreciated.
Has anyone else gotten this to work?
--
Brandon
More information about the Freeipa-users
mailing list