HPE Community
Operating System - HP-UX
1836623 Members
1562 Online
110102 Solutions
New Discussion

NIS question .. again..

 
SOLVED
Go to solution
Edwin R. Rivera
Occasional Contributor

‎02-05-2001 07:37 AM

‎02-05-2001 07:37 AM

NIS question .. again..

hello all (especially shannon!),

i deleted the entry i had made in /etc/netgroup and my box is now booting normally again.

when my box boots, it successfully starts the NIS master server process/daemons (ypserv,..etc.)

however, when the NIS client tries to start up, i get the following error in /etc/rc.log:

sorry, ypbind on host hp2 has rejected your request.

my question is: what are the authorization rules NIS follows, and in what order? I don't have an NIS book on hand and the online documentation really doesnt talk too much in depth about this. this box is using dns to resolve names, but is not a dns primary/slave server. will configuring dns on this box locally help?

sorry, i don't have much NIS experience and this is my first time setting up a box as a master on a new domain.

thanks again. i figure if i can't get the client running on the same box the server's running on.. i'm doing something really wrong! :-)


-edwin

0 Kudos
Reply
7 REPLIES 7
Douglas Cromby_1
Valued Contributor

‎02-05-2001 07:53 AM

‎02-05-2001 07:53 AM

Re: NIS question .. again..

Hello,

This is not my main area, but could the answer be that the following needs to be done:

1. /usr/lib/netsvc/yp/ypbind -ypset
2. ypset (NIS_server)

OR

Add the following lines to /etc/rc.config.d/namesvrs:

YPBIND_OPTIONS = "-ypset&qquot
YPSET_ADDR = (NIS_server)

0 Kudos
Reply
Edwin R. Rivera
Occasional Contributor

‎02-05-2001 07:57 AM

‎02-05-2001 07:57 AM

Re: NIS question .. again..

hey douglas,

thanks for your reply. i do have the client setup that way. it's just that the server seems to be rejecting the client's request to bind to it. it seems to me like an authentication error.

i'm going to try removing my entry in securenets, but that's all i can think of at this point. personally, i think it has something to do with nsswitch.conf, but i'm not too sure.

-edwin
0 Kudos
Reply
Shannon Petry
Honored Contributor

‎02-06-2001 09:16 AM

‎02-06-2001 09:16 AM

Re: NIS question .. again..

Hello!

Sorry I've been away, so could not respond very quickly.

Did the netgroup's file work?

I am attaching a custom ypmake script (my own little ditty) to compare to your own. Some of the things in this file are my own used entries, so dont just dump and use this script.
I.E.
my source files are almost all in "/var/yp/src" and not default /etc directory.
I have also custom map information for auto.home and auto.direct. Make a backup of your original before saving this to /var/yp!

It sounds like in your server setup you have one or two files with entries for Secure NIS. Look at the contents of two files.
1. /var/yp/securenets
2. /var/yp/secureservers

I have never had any luck with "securenets" on HP-UX, but have with secureservers. secureservers has a list of IP addresses for allowed clients, so the name is quite confusing. Make sure that the client's are listed in this file, or that this file is empty! if there are any listings in this file these are the only clients allowed to connect!

securenets is similar, but a network range. I have played with this a bit, but again never got it to work :( Sorry HP!

Next, if your not forcing ypbind, then make sure that your subnets match. By default the client makes a broadcast (your broadcast address[defined partially by netmask]) for servers. If the broadcast address is different, then you will never be able to find a server.
first run lanscan to find the interface. (normally lan0)
>/usr/sbin/lanscan
Next run
/usr/sbin/ifconfig interface.
this will show you your broadcast address and netmask.

If you still have problems, try to force binding to the server.
>/usr/bin/kill `ps -ef|grep ypbind|grep -v grep|awk '{print $2}'`

>/usr/lib/netsvc/yp/ypbind -ypset
>/usr/sbin/ypset SERVER_IP

If you are allowed a connection there, then all is well. Luckily in /etc/rc.config.d/namesvrs there is a section for YPBIND_OPTIONS=""
change this to "YPBIND_OPTIONS=-ypset"
change "YPSET_ADDR=" to "YPSET_ADDR=ip_of_server"
next run
>/sbin/init.d/nis.client stop
>/sbin/init.d/nis.client start
>/usr/sbin/ypwhich
See if your bound!


Holler if this dont work, perhaps I can help more!


Shannon
Microsoft. When do you want a virus today?
0 Kudos
Reply
Edwin R. Rivera
Occasional Contributor

‎02-06-2001 09:49 AM

‎02-06-2001 09:49 AM

Re: NIS question .. again..

hey shannon,

thanks for all the info.. i'm definitely going to look at that script now.

however, in the meantime, here's some food for thought:

if i log into the sun boxes via the console (they do bind to the sever successfully on their own)... i can run ypcat commands for all of the maps successfully, including the passwd map. if i do a `ypcat passwd`, i see all of the entries in the HP NIS Master server.

Is there something prohibiting the Sun box perhaps from successully authenticating ?

..so close.. yet so far.. :-)

thanks again shannon, you've been a tremendous help.. i'm going to start dissecting that script now.

p.s. glad to see i'm not the only using good 'ol:

ps -ef |grep x |grep -v grep |awk '{ print $2 }' |xargs kill -9

you have no idea how many scripts i've written that in! :-)

-edwin
0 Kudos
Reply
Shannon Petry
Honored Contributor

‎02-06-2001 11:38 AM

‎02-06-2001 11:38 AM

Re: NIS question .. again..

Ooooops! I forgot to upload the script......!!

Sorry bout that !


Anyhow, the Sun boxes vary on version. What Solaris are you running?

I have never worked with Solaris 7, but I'll assume more similarity to 8.

Solaris 2.5 and 2.6 require a modification to /etc/group and /etc/passwd of a simple "+" sign. (HP-UX, AIX and IRIX all require "+::0:0:::")

Solaris 8 (maybe 7 too) require an entry in /etc/nsswitch.conf similar to this.....

passwd nis files ldap
group nis files ldap

of course no ldap unless your using it!

solaris8 will fail if you have a + in either /etc/passwd or /etc/group. Also make sure that your server is not pushing this illegal character out!


Regards,
Shannon
Microsoft. When do you want a virus today?
0 Kudos
Reply
Edwin R. Rivera
Occasional Contributor

‎02-06-2001 12:07 PM

‎02-06-2001 12:07 PM

Re: NIS question .. again..

ok shannon,

i don't know if this is going to upset you or make you laugh.. hopefully the latter. ;-)

i just checked /etc/passwd. forgot to add my +@ declaration. oops.

all's fine in sun land again. :-)

i did enjoy our discussion though. it seems sometimes i tend to think that something major is going wrong, when it's really something minor. big oops. flames welcomed. i flogged myself already - two times.

really though, thanks for all of your help.. 10 more points coming up.

-edwin
0 Kudos
Reply
Shannon Petry
Honored Contributor

‎02-07-2001 09:14 AM

‎02-07-2001 09:14 AM

Solution

Re: NIS question .. again..

I will not flog you! Ha Ha
Just give yourself another 100 lashes with a limp spaghetti noodle!

The obvious is not always so, which is why we have forums right?!?

Glag you got it working!

Regards,
Shannon
Microsoft. When do you want a virus today?
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.