From mboxrd@z Thu Jan 1 00:00:00 1970 From: Paul Furness Subject: NIS using port silly port numbers? Date: 08 Oct 2002 17:02:51 +0100 Sender: linux-admin-owner@vger.kernel.org Message-ID: <1034092971.12997.10.camel@Zebra> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: List-Id: Content-Type: text/plain; charset="us-ascii" To: linux-admin@vger.kernel.org Hi. I'm trying to build a nice, new NIS server to replace my existing one. The old one is running redhat 6.2 plus some updates, and since the new one is running RH7.3 + updates, I though I might as well build from scratch the NIS and hopefully therefore ensure that it works properly and is consistent etc etc. The trouble I'm having is this: I create the various NIS files (passwd, group, aliases, amd.home and so on) and have no problems with ypinit -m. I can then run the ypserver fine. I can then run ypbind and it binds to the correct server (in this case, the same machine). ypcat and ypwhich do the expected things. However. If I become non-root, either with su - USERNAME or telnet, yp goes wrong, and I get this: [root@Antonia]# su - furnesp id: cannot find name for user ID 578 bash-2.05a$ As you can see, it allows me to become the user, but then cannot read passwd file. I followed this up in the log, and it seems that when I become the user, all yp request I make are sent to port number 32773. This is, of course, blocked by ypserv because it's a number greater than 1024. I proved that this is the problem by changing the ypserv.conf file to allow connections from any port. After that, everything works fine. But I don't want to leave that open. I then tried binding another machine to the domain and trying the same thing there. I got an almost identical error, but the port number was different. This is the error message it put in the syslog on antonia: Oct 8 16:49:51 Antonia ypserv[2322]: refused connect from 10.10.20.109:32834 to procedure ypproc_match On the old NIS server, this was not giving a problem. So what's changed in the new version of ypserv? Why does it now fail where it previsouly worked fine? Have RedHat broken NIS in RH7.3? Or was it broken before, and is now working fine? If it is now working right, I don't understand what use it could be - you can't possibly share the passwd file so that everyone can log in, then block access to it whenever a user actually tries to authenticate; that's just plain silly! Oh, the yp versions: old: ypbind (ypbind-mt) 1.7 ypserv - NYS YP Server version 1.3.9 (with securenets) New: ypbind (ypbind-mt) 1.10 ypserv (ypserv) 2.2 I'm pretty sure it's something to do with transition from NYS to NIS, but the docs say it should work the way it's set up now. Any ideas? Paul. -- Paul Furness Systems Manager 2+2=5 for extremely large values of 2.