Date: Tue, 27 Feb 2001 14:06:06 -0800 From: Brooks Davis <brooks@one-eyed-alien.net> To: "O. Hartmann" <ohartman@klima.physik.uni-mainz.de> Cc: freebsd-stable@FreeBSD.ORG, freebsd-questions@FreeBSD.ORG Subject: Re: NIS/YP problems on FBSD 4.2-STABLE Message-ID: <20010227140606.B4667@Odin.AC.HMC.Edu> In-Reply-To: <Pine.BSF.4.33.0102272134320.907-100000@klima.physik.uni-mainz.de>; from ohartman@klima.physik.uni-mainz.de on Tue, Feb 27, 2001 at 09:50:48PM %2B0100 References: <Pine.BSF.4.33.0102272134320.907-100000@klima.physik.uni-mainz.de>
next in thread | previous in thread | raw e-mail | index | archive | help
--CUfgB8w4ZwR/yMy5 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Feb 27, 2001 at 09:50:48PM +0100, O. Hartmann wrote: > Well, I'm sorry bothering you again with these problems, > but they become serious to me, sorry. >=20 > My intention was to build up a NIS/YP domain. But it seems > to be very complex. >=20 > I have a YP master server as described in the handbook, two > slave servers and some clients, all running FreeBSD 4.a-STABLE > with the last cvsupdate today, 6 pm UTC. >=20 > The main problem is: ypbind is not able to connect its > domain. On two slaves I bound ypbind to the "localhost", > either by -ypsetme or by -S DOMAIN,slave_host_name. But in > all cases ypbind gets a timeout and reports not able to > connect the server controlling that domain. The same phenomenon > is seen on all clients. On a recently configured 4.2-STABLE box with NIS used for passwd, group, and amd automount tables my rc.conf configuration for NIS is: nisdomainname=3D"domain" nis_client_enable=3D"YES" portmap_enable=3D"YES" I initialy botched this configuration by setting: portmap_enable=3D"NO" which caused problems. If this is what you are missing then we should push to have chkdepend MFC'd prior to 4.3's code freeze. The support code has been in -current since Dec 13 and the NIS dependencies since Jan 11 so I'd call it shaked out. > I have had some trouble with the tcpwrapper of inetd (its > working in how to interpret ip/netmask differs from what it > really accept in /etc/hosts.allow, but this has been solved - > I can not use this: ip/netmask, instead, I must use 10.0.0. > instead of 10.0.0.1/24). > But in the worst case, I switched off (also kernel-code!) > ip-firewall, inetd -lwW (use inetd -l) and used a kernel like > the GENERIC kernel. No TCP/IP extensions in kernel, no > special security facilities. But always the same :-( inetd and tcpwrappers don't actually have anything to do with NIS so this shouldn't be your problem. > ypbind on clients (ypbind -s) does not connect to ypserv, > and on servers, a local bound ypbind is unable to communicate > with the local server. it seems that something blocks the > ypserver to propagate its domain-serving facilities, but I do > not know what ... By any chance do you have more then one ethernet interface in this machine? I've had problems in the past with multihomed machines and NIS. In general, I'm pretty happy with NIS in 4.2. Now that ypset is working (I last tried in 2.2.x) I'm going to remove the slave servers from our lab to simplify maintnence. > My question is: how can I do some research on what's going > on between ypbind and ypserv on the same machine and on > the network? How can I perform some examinations ? tcpdump may be of some help. If you happen to have a Sun that you can snoop the network with Solaris the snoop(1M) command contains complete packet decomposition code for NIS and NIS+ so you can see what is being sent (well, it occationaly lies to contribute to security through obscurity, but it's pretty easy to see through those.) This can be a real aid if you want to hack NIS+. --=20 Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 --CUfgB8w4ZwR/yMy5 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6nCTNXY6L6fI4GtQRAlooAKDeQVzYzizlzBsOX9+c/TwyvdxjrACg0UCy MxZXCM3iz5oA+QCGhAjG+6c= =EW50 -----END PGP SIGNATURE----- --CUfgB8w4ZwR/yMy5-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010227140606.B4667>