From: Paul Furness <paul.furness@vil.ite.mee.com>
To: linux-admin@vger.kernel.org
Subject: NIS using port silly port numbers?
Date: 08 Oct 2002 17:02:51 +0100 [thread overview]
Message-ID: <1034092971.12997.10.camel@Zebra> (raw)
Hi.
I'm trying to build a nice, new NIS server to replace my existing one.
The old one is running redhat 6.2 plus some updates, and since the new
one is running RH7.3 + updates, I though I might as well build from
scratch the NIS and hopefully therefore ensure that it works properly
and is consistent etc etc.
The trouble I'm having is this:
I create the various NIS files (passwd, group, aliases, amd.home and so
on) and have no problems with ypinit -m. I can then run the ypserver
fine. I can then run ypbind and it binds to the correct server (in this
case, the same machine). ypcat and ypwhich do the expected things.
However.
If I become non-root, either with su - USERNAME or telnet, yp goes
wrong, and I get this:
[root@Antonia]# su - furnesp
id: cannot find name for user ID 578
bash-2.05a$
As you can see, it allows me to become the user, but then cannot read
passwd file. I followed this up in the log, and it seems that when I
become the user, all yp request I make are sent to port number 32773.
This is, of course, blocked by ypserv because it's a number greater than
1024.
I proved that this is the problem by changing the ypserv.conf file to
allow connections from any port. After that, everything works fine. But
I don't want to leave that open.
I then tried binding another machine to the domain and trying the same
thing there. I got an almost identical error, but the port number was
different. This is the error message it put in the syslog on antonia:
Oct 8 16:49:51 Antonia ypserv[2322]: refused connect from
10.10.20.109:32834 to procedure ypproc_match
On the old NIS server, this was not giving a problem. So what's changed
in the new version of ypserv? Why does it now fail where it previsouly
worked fine? Have RedHat broken NIS in RH7.3? Or was it broken before,
and is now working fine?
If it is now working right, I don't understand what use it could be -
you can't possibly share the passwd file so that everyone can log in,
then block access to it whenever a user actually tries to authenticate;
that's just plain silly!
Oh, the yp versions:
old:
ypbind (ypbind-mt) 1.7
ypserv - NYS YP Server version 1.3.9 (with securenets)
New:
ypbind (ypbind-mt) 1.10
ypserv (ypserv) 2.2
I'm pretty sure it's something to do with transition from NYS to NIS,
but the docs say it should work the way it's set up now.
Any ideas?
Paul.
--
Paul Furness
Systems Manager
2+2=5 for extremely large values of 2.
next reply other threads:[~2002-10-08 16:02 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-10-08 16:02 Paul Furness [this message]
2002-10-08 16:36 ` NIS using port silly port numbers? Dr. Michael Weller
2003-01-12 23:33 ` Robert Wood
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1034092971.12997.10.camel@Zebra \
--to=paul.furness@vil.ite.mee.com \
--cc=linux-admin@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.