- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- NIS question .. again..
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-05-2001 07:37 AM
02-05-2001 07:37 AM
i deleted the entry i had made in /etc/netgroup and my box is now booting normally again.
when my box boots, it successfully starts the NIS master server process/daemons (ypserv,..etc.)
however, when the NIS client tries to start up, i get the following error in /etc/rc.log:
sorry, ypbind on host hp2 has rejected your request.
my question is: what are the authorization rules NIS follows, and in what order? I don't have an NIS book on hand and the online documentation really doesnt talk too much in depth about this. this box is using dns to resolve names, but is not a dns primary/slave server. will configuring dns on this box locally help?
sorry, i don't have much NIS experience and this is my first time setting up a box as a master on a new domain.
thanks again. i figure if i can't get the client running on the same box the server's running on.. i'm doing something really wrong! :-)
-edwin
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-05-2001 07:53 AM
02-05-2001 07:53 AM
Re: NIS question .. again..
This is not my main area, but could the answer be that the following needs to be done:
1. /usr/lib/netsvc/yp/ypbind -ypset
2. ypset (NIS_server)
OR
Add the following lines to /etc/rc.config.d/namesvrs:
YPBIND_OPTIONS = "-ypset&qquot
YPSET_ADDR = (NIS_server)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-05-2001 07:57 AM
02-05-2001 07:57 AM
Re: NIS question .. again..
thanks for your reply. i do have the client setup that way. it's just that the server seems to be rejecting the client's request to bind to it. it seems to me like an authentication error.
i'm going to try removing my entry in securenets, but that's all i can think of at this point. personally, i think it has something to do with nsswitch.conf, but i'm not too sure.
-edwin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-06-2001 09:16 AM
02-06-2001 09:16 AM
Re: NIS question .. again..
Sorry I've been away, so could not respond very quickly.
Did the netgroup's file work?
I am attaching a custom ypmake script (my own little ditty) to compare to your own. Some of the things in this file are my own used entries, so dont just dump and use this script.
I.E.
my source files are almost all in "/var/yp/src" and not default /etc directory.
I have also custom map information for auto.home and auto.direct. Make a backup of your original before saving this to /var/yp!
It sounds like in your server setup you have one or two files with entries for Secure NIS. Look at the contents of two files.
1. /var/yp/securenets
2. /var/yp/secureservers
I have never had any luck with "securenets" on HP-UX, but have with secureservers. secureservers has a list of IP addresses for allowed clients, so the name is quite confusing. Make sure that the client's are listed in this file, or that this file is empty! if there are any listings in this file these are the only clients allowed to connect!
securenets is similar, but a network range. I have played with this a bit, but again never got it to work :( Sorry HP!
Next, if your not forcing ypbind, then make sure that your subnets match. By default the client makes a broadcast (your broadcast address[defined partially by netmask]) for servers. If the broadcast address is different, then you will never be able to find a server.
first run lanscan to find the interface. (normally lan0)
>/usr/sbin/lanscan
Next run
/usr/sbin/ifconfig interface.
this will show you your broadcast address and netmask.
If you still have problems, try to force binding to the server.
>/usr/bin/kill `ps -ef|grep ypbind|grep -v grep|awk '{print $2}'`
>/usr/lib/netsvc/yp/ypbind -ypset
>/usr/sbin/ypset SERVER_IP
If you are allowed a connection there, then all is well. Luckily in /etc/rc.config.d/namesvrs there is a section for YPBIND_OPTIONS=""
change this to "YPBIND_OPTIONS=-ypset"
change "YPSET_ADDR=" to "YPSET_ADDR=ip_of_server"
next run
>/sbin/init.d/nis.client stop
>/sbin/init.d/nis.client start
>/usr/sbin/ypwhich
See if your bound!
Holler if this dont work, perhaps I can help more!
Shannon
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-06-2001 09:49 AM
02-06-2001 09:49 AM
Re: NIS question .. again..
thanks for all the info.. i'm definitely going to look at that script now.
however, in the meantime, here's some food for thought:
if i log into the sun boxes via the console (they do bind to the sever successfully on their own)... i can run ypcat commands for all of the maps successfully, including the passwd map. if i do a `ypcat passwd`, i see all of the entries in the HP NIS Master server.
Is there something prohibiting the Sun box perhaps from successully authenticating ?
..so close.. yet so far.. :-)
thanks again shannon, you've been a tremendous help.. i'm going to start dissecting that script now.
p.s. glad to see i'm not the only using good 'ol:
ps -ef |grep x |grep -v grep |awk '{ print $2 }' |xargs kill -9
you have no idea how many scripts i've written that in! :-)
-edwin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-06-2001 11:38 AM
02-06-2001 11:38 AM
Re: NIS question .. again..
Sorry bout that !
Anyhow, the Sun boxes vary on version. What Solaris are you running?
I have never worked with Solaris 7, but I'll assume more similarity to 8.
Solaris 2.5 and 2.6 require a modification to /etc/group and /etc/passwd of a simple "+" sign. (HP-UX, AIX and IRIX all require "+::0:0:::")
Solaris 8 (maybe 7 too) require an entry in /etc/nsswitch.conf similar to this.....
passwd nis files ldap
group nis files ldap
of course no ldap unless your using it!
solaris8 will fail if you have a + in either /etc/passwd or /etc/group. Also make sure that your server is not pushing this illegal character out!
Regards,
Shannon
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-06-2001 12:07 PM
02-06-2001 12:07 PM
Re: NIS question .. again..
i don't know if this is going to upset you or make you laugh.. hopefully the latter. ;-)
i just checked /etc/passwd. forgot to add my +@ declaration. oops.
all's fine in sun land again. :-)
i did enjoy our discussion though. it seems sometimes i tend to think that something major is going wrong, when it's really something minor. big oops. flames welcomed. i flogged myself already - two times.
really though, thanks for all of your help.. 10 more points coming up.
-edwin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-07-2001 09:14 AM