NIS Map Failure

[Mark LaPierre]

Mark LaPierre wrote:
To linux.redhat.misc but got no response:^(

Hello Y'all,

I've got a thorny problem that I have not been able to solve. Perhaps one of
you could be of help to me. I am unable to properly create NIS maps on my NIS
server. When I try, this is the result:

server master is running RH Linux 7.1 kernel 2.4.2-2

************************************************
[root@master /root]# /usr/lib/yp/ypinit -m

At this point, we have to construct a list of the hosts which will run NIS
servers. master.rms-sda.net is in the list of NIS server hosts. Please
continue to add
the names for the other hosts, one per line. When you are done with the
list, type a <control D>.
next host to add: master.rms-sda.net
next host to add:
The current list of NIS servers looks like this:

master.rms-sda.net

Is this correct? [y/n: y] y
We need some minutes to build the databases...
Building /var/yp/rms-sda/ypservers...
Running /var/yp/Makefile...
gmake[1]: Entering directory `/var/yp/rms-sda'
Updating passwd.byname...
failed to send 'clear' to local ypserv: RPC: Port mapper failureUpdating
passwd.byuid...
failed to send 'clear' to local ypserv: RPC: Port mapper failureUpdating
group.byname...
failed to send 'clear' to local ypserv: RPC: Port mapper failureUpdating
group.bygid...
failed to send 'clear' to local ypserv: RPC: Port mapper failureUpdating
hosts.byname...
failed to send 'clear' to local ypserv: RPC: Port mapper failureUpdating
hosts.byaddr...
failed to send 'clear' to local ypserv: RPC: Port mapper failureUpdating
rpc.byname...
failed to send 'clear' to local ypserv: RPC: Port mapper failureUpdating
rpc.bynumber...
failed to send 'clear' to local ypserv: RPC: Port mapper failureUpdating
services.byname...
failed to send 'clear' to local ypserv: RPC: Port mapper failureUpdating
services.byservicename...
failed to send 'clear' to local ypserv: RPC: Port mapper failureUpdating
netid.byname...
failed to send 'clear' to local ypserv: RPC: Port mapper failureUpdating
protocols.bynumber...
failed to send 'clear' to local ypserv: RPC: Port mapper failureUpdating
protocols.byname...
failed to send 'clear' to local ypserv: RPC: Port mapper failureUpdating
mail.aliases...
failed to send 'clear' to local ypserv: RPC: Port mapper failureUpdating
networks.byaddr...
failed to send 'clear' to local ypserv: RPC: Port mapper failureUpdating
networks.byname...
failed to send 'clear' to local ypserv: RPC: Port mapper failuregmake[1]:
Leaving directory `/var/yp/rms-sda'
[root@master /root]# ps aux | grep serv
root 659 0.0 1.4 1552 560 ? S 00:11 0:00 ypserv
root 1527 0.0 1.5 1592 580 pts/0 S 00:21 0:00 grep serv
[root@master /root]# ps aux | grep port
rpc 516 0.0 1.5 1484 596 ? S 00:11 0:00 portmap
root 1529 0.0 1.5 1592 580 pts/0 S 00:21 0:00 grep port
[root@master /root]#
************************************************

As you can see the local ypserv and portmap are running. Anyone know what I'm
doing wrong here?

Another symptom on the same machine:

[mlapier@master mlapier]$ ping thomas
PING thomas.rms-sda.net (192.168.2.101) from 192.168.2.254 : 56(84) bytes of
data.
ping: sendto: Operation not permitted
ping: sendto: Operation not permitted
ping: sendto: Operation not permitted
ping: sendto: Operation not permitted
ping: sendto: Operation not permitted

--- thomas.rms-sda.net ping statistics ---
5 packets transmitted, 0 packets received, 100% packet loss
[mlapier@master mlapier]$

I don't have ipchains or iptables running on the server right now, so that's not
the problem.

I don't know if these two symptoms are connected or not.

I can ping any work station from any other workstation, but not the server.

I can ssh onto the server over the Internet, and I can ping the server over the
Internet as well.

Can anyone help out here, please?

Thank you.

Mark LaPierre

[Peter T. Breuer]

In comp.os.linux.setup Mark LaPierre <markl...@tds.net> wrote:
> Mark LaPierre wrote:
> To linux.redhat.misc but got no response:^(

> I've got a thorny problem that I have not been able to solve. Perhaps one of
> you could be of help to me. I am unable to properly create NIS maps on my NIS
> server. When I try, this is the result:

Making maps is a function of your makefile in /var/yp, and makedbm. If you
don't like your makefile, you can write another one!

> server master is running RH Linux 7.1 kernel 2.4.2-2

> ************************************************
> [root@master /root]# /usr/lib/yp/ypinit -m

> At this point, we have to construct a list of the hosts which will run NIS

Write a fixed list for it. I suspect it wants you to make
the ypservers map for it here.

Just go ahead and make the maps. The NIS HOWTO will tell you how, if
the makedbm manpage doesn't. (Admittedly, you need to know one or two
things, like it's a database of tab separated pairs).

> Running /var/yp/Makefile...
> gmake[1]: Entering directory `/var/yp/rms-sda'
> Updating passwd.byname...
> failed to send 'clear' to local ypserv: RPC: Port mapper failureUpdating
> passwd.byuid...

This is not an error. But apparently your ypserv hasn't registered with
the portmapper, so you must have launched it before the portmapper was
launched. Rectify. Show rpcinfo output.

The message in itself is not important. It tells you that you cant
contact your own ypserv in order to flush its maps. The latter is
not important, the former is slightly disturbing but not necessarily
fatal. You might have configured yp.conf and ypserv.conf and securemaps
inappropriately.

> [root@master /root]# ps aux | grep serv
> root 659 0.0 1.4 1552 560 ? S 00:11 0:00 ypserv
> root 1527 0.0 1.5 1592 580 pts/0 S 00:21 0:00 grep serv
> [root@master /root]# ps aux | grep port
> rpc 516 0.0 1.5 1484 596 ? S 00:11 0:00 portmap
> root 1529 0.0 1.5 1592 580 pts/0 S 00:21 0:00 grep port
> [root@master /root]#
> ************************************************

> As you can see the local ypserv and portmap are running. Anyone know what I'm

What does rpcinfo tell you about the registration?

> doing wrong here?

Well, you're not telling me the basic things I need to know! I need to
know if ypserv is registered with the portmapper, and if it is
configured to talk to your own machine (localhost), and if your
machines networking is configured correctly, and if you have any
firewalling in place .. i.e. ordinary stuff.

> Another symptom on the same machine:

> [mlapier@master mlapier]$ ping thomas
> PING thomas.rms-sda.net (192.168.2.101) from 192.168.2.254 : 56(84) bytes of
> data.
> ping: sendto: Operation not permitted

Eh? What do you mean? That's just a perms thing. Use sudo. Dunno
why RH have placed ping offlimits to users.

> I don't have ipchains or iptables running on the server right now, so that's not
> the problem.

> I don't know if these two symptoms are connected or not.

They aren't.

> I can ping any work station from any other workstation, but not the server.

If your machine does not respond to pings, then its networking is
severely misconfigured. Fix. Complain about ypserv later. This is
like complaining that your cutlery is missing when thieves have taken
the whole house away.

> I can ssh onto the server over the Internet, and I can ping the server over the
> Internet as well.

> Can anyone help out here, please?

Now you are not clear. You just said you couldn't ping it from your
workstation. That's on the internet! Are you trying to distinguish by
network mask? if so, please be specific. If you cannot ping your own
machine from your own subnet, then of course nothing will work right.

So start making simple statements and tests, and people can help you.
Start with the ping problem. Show the hostname, ifconfig and route
output, and the appropriate lines from /etc/hosts. And tell me you
have read and understood the Net-4-HOWTO ...

At a rough guess I would say that you have messed up the localhost line
in /etc/hosts. It should read:

127.0.0.1 localhost loghost

and nothing else. There should be a separate line and a separate
address for your hostname, something like this:

192.168.2.101 thomas.rms-sda.net thomas

Is that how it is?

Peter

[Mark LaPierre]

Hi Peter,

Thank you for replying to my message. As I see it, you think I should start at
/etc/hosts.

Here is what I have there.

[root@master /etc]# cat hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
192.168.2.254 master.rms-sda.net master
127.0.0.1 localhost
192.168.2.101 thomas.rms-sda.net thomas
192.168.2.102 joseph.rms-sda.net joseph
192.168.2.103 andrew.rms-sda.net andrew
[root@master /etc]#

You said,

> "At a rough guess I would say that you have messed up the localhost line
> in /etc/hosts. It should read:
>
> 127.0.0.1 localhost loghost
>
> and nothing else. There should be a separate line and a separate
> address for your hostname, something like this:
>
>
> 192.168.2.101 thomas.rms-sda.net thomas
>
> Is that how it is?"

Should I change

127.0.0.1 localhost

to

127.0.0.1 localhost loghost

I changed it to localhost so now it reads:

127.0.0.1 localhost localhost

Is that what you intended?

You also said that I should show the output of rpcinfo -p master.

rpcinfo -p master doesn't do anything when run on master even when run as root.
It just hangs there until I <CTRL C> out of it.

Where do I go from here?

Thanks,

Mark

[Peter T. Breuer]

In comp.os.linux.setup Mark LaPierre <markl...@tds.net> wrote:
> [root@master /etc]# cat hosts
> # Do not remove the following line, or various programs
> # that require network functionality will fail.
> 192.168.2.254 master.rms-sda.net master
> 127.0.0.1 localhost

All fine. I presume your machine is called "master.rms-sda.net".

> 192.168.2.101 thomas.rms-sda.net thomas
> 192.168.2.102 joseph.rms-sda.net joseph
> 192.168.2.103 andrew.rms-sda.net andrew
> [root@master /etc]#

> Should I change

> 127.0.0.1 localhost

> to

> 127.0.0.1 localhost loghost

No, it's fine. Anything after the first entry is an alias, so you can
add more if you like, and loghost is usually meant to be an alias for
localhost (unless you log elsewhere), so it's a usual addition.

> You also said that I should show the output of rpcinfo -p master.

> rpcinfo -p master doesn't do anything when run on master even when run as root.
> It just hangs there until I <CTRL C> out of it.

If you can "ping master", then that is disturbing. Can you? If so,
then you are not running rpc.portmap. You are not running rpc services.

> Where do I go from here?

Depends what you want to do! If you want to run rpc, start the
portmapper.

>> Making maps is a function of your makefile in /var/yp, and makedbm. If you
>> don't like your makefile, you can write another one!

Oh, I see. You are talking about rpc.mountd and rpc.nfsd. Yes, they
have to register with the portmapper first.

Peter

[Mark LaPierre]

My problem is that I don't seem to be able to generate new NIS maps. I added
some new user accounts, then tried to generate new maps to allow the new users
to log on to the workstations which get their information through NIS. The new
user accounts, on master, are not accessible from the workstations but the old
user accounts still are accessible. I can log onto the new user accounts if I
am on master so I know they are set up correctly.

"Peter T. Breuer" wrote:
>
> In comp.os.linux.setup Mark LaPierre <markl...@tds.net> wrote:
> > [root@master /etc]# cat hosts
> > # Do not remove the following line, or various programs
> > # that require network functionality will fail.
> > 192.168.2.254 master.rms-sda.net master
> > 127.0.0.1 localhost
>
> All fine. I presume your machine is called "master.rms-sda.net".

Yes, the machine is master.rms-sda.net. It serves as a router and file server.
It has two Ethernat cards. One is connected to the Internet through a frame
relay device. The other is connected to the local network hub. From the
Internet side I can ping and log in through ssh. From the local network side
users can log on to the workstations which get their maps from master and can
access the file systems on master. This machine uses IP Masquerading and a
local caching name server to provide Internet access to the machines on the
local network.

<SNIP>

>
> > You also said that I should show the output of rpcinfo -p master.
>
> > rpcinfo -p master doesn't do anything when run on master even when run as root.
> > It just hangs there until I <CTRL C> out of it.
>
> If you can "ping master", then that is disturbing. Can you?

[mlapier@tire mlapier]$ ping master
PING master.patch (169.XXX.YYY.ZZZ) from 192.168.1.1 : 56(84) bytes of data.
64 bytes from master.patch (169.XXX.YYY.ZZZ): icmp_seq=0 ttl=236 time=734.132
msec
64 bytes from master.patch (169.XXX.YYY.ZZZ): icmp_seq=1 ttl=236 time=1.027 sec
64 bytes from master.patch (169.XXX.YYY.ZZZ): icmp_seq=2 ttl=236 time=386.707
msec

--- master.patch ping statistics ---
4 packets transmitted, 3 packets received, 25% packet loss
round-trip min/avg/max/mdev = 386.707/715.999/1027.159/261.778 ms

I would have to say yes to that question. I pinged from my computer at home to
master at the school over the Internet.

> If so,
> then you are not running rpc.portmap. You are not running rpc services.

[mlapier@tire mlapier]$ ssh master
mla...@master.patch's password:
Last login: Sat Mar 23 01:44:08 2002 from name1pool0-a10.me.tds.net
[mlapier@master mlapier]$ ps aux | grep port
rpc 515 0.0 1.6 1488 616 ? S Mar19 0:08 portmap
mlapier 12080 0.0 1.5 1592 580 pts/0 S 10:43 0:00 grep port
[mlapier@master mlapier]$

I would have to say that I am running the portmapper. And I did start it before
I started NIS. Also, I would have to say that rpc is working because the file
systems are accessible to the workstations through NFS which uses rpc.

> > Where do I go from here?
>
> Depends what you want to do! If you want to run rpc, start the
> portmapper.

Already been there.

[mlapier@master mlapier]$ cd /etc/rc.d/rc3.d
[mlapier@master rc3.d]$ ls
K03rhnsd K20nfs K20rstatd K20rusersd K20rwalld K20rwhod
K34yppasswdd K35smb K45arpwatch K45named K50snmpd K65identd
K74nscd K74ypserv S05kudzu S09at-net-setup S10network S12syslog
S13portmap S14nfs S14nfslock S17keytable S20random S25netfs
S27ypserv S28autofs S40atd S55sshd S56rawdevices S56xinetd
S80isdn S80pppoe S80sendmail S85gpm S90crond S90xfs
S95anacron S98iptables S98named S99dnetc S99linuxconf S99local
[mlapier@master rc3.d]$

The only one you might not recognise is S09at-net-setup. That one initializes
the network cards before the the networking services are started.

> >> Making maps is a function of your makefile in /var/yp, and makedbm. If you
> >> don't like your makefile, you can write another one!
>
> Oh, I see. You are talking about rpc.mountd and rpc.nfsd. Yes, they
> have to register with the portmapper first.
>
> Peter

I tried to Email you directly, but the Email was returned saying that there was
no access to the computer you are on. Please Email me directly with an address
I can reach you with so I can be a bit more free with security information.

Thank you for your help. I really appreciate it.

Mark LaPierre

[Peter T. Breuer]

In linux.redhat.misc Mark LaPierre <markl...@tds.net> wrote:
> My problem is that I don't seem to be able to generate new NIS maps. I added

"seem" is not a possible result in this case. You either do or you
don't. The maps are generated by makedbm (and can be viewed with
makedbm -u). The server then serves the maps that have been made in the
appropriate directories. Nothing more. The server is simply a "remote
database server" for its clients.

> some new user accounts, then tried to generate new maps to allow the new users

"try"? You should use the makefile to generate new maps from the old
passwd file. Removing the old map in /var/yp/whatever/ and then running
"make" in /var/yp should do the trick.

> to log on to the workstations which get their information through NIS. The new
> user accounts, on master, are not accessible from the workstations but the old

What do you mean? (I'm actually not intereste, since your login methods
are your own concern and not part of the problem).

> user accounts still are accessible. I can log onto the new user accounts if I
> am on master so I know they are set up correctly.

I don't really understand what you are saying here because you are
mixing up several very different notions. Whether the server is serving
the maps or not is tested by looking up the map entries, for example
(using ypmatch or ypcat)! Not by "logging in".

> "Peter T. Breuer" wrote:
>>
>> In comp.os.linux.setup Mark LaPierre <markl...@tds.net> wrote:
>> > [root@master /etc]# cat hosts
>> > # Do not remove the following line, or various programs
>> > # that require network functionality will fail.
>> > 192.168.2.254 master.rms-sda.net master
>> > 127.0.0.1 localhost
>>
>> All fine. I presume your machine is called "master.rms-sda.net".

> Yes, the machine is master.rms-sda.net. It serves as a router and file server.

OK.

> It has two Ethernat cards. One is connected to the Internet through a frame
> relay device. The other is connected to the local network hub. From the

Well, you will need to configure to serve on one or both of those
masks. See "securenets".

> Internet side I can ping and log in through ssh. From the local network side
> users can log on to the workstations which get their maps from master and can

>> > You also said that I should show the output of rpcinfo -p master.

>>
>> > rpcinfo -p master doesn't do anything when run on master even when run as root.
>> > It just hangs there until I <CTRL C> out of it.
>>
>> If you can "ping master", then that is disturbing. Can you?

> [mlapier@tire mlapier]$ ping master
> PING master.patch (169.XXX.YYY.ZZZ) from 192.168.1.1 : 56(84) bytes of data.
> 64 bytes from master.patch (169.XXX.YYY.ZZZ): icmp_seq=0 ttl=236 time=734.132

Then you are not running the portmapper.

>> If so,
>> then you are not running rpc.portmap. You are not running rpc services.

> [mlapier@tire mlapier]$ ssh master
> mla...@master.patch's password:
> Last login: Sat Mar 23 01:44:08 2002 from name1pool0-a10.me.tds.net
> [mlapier@master mlapier]$ ps aux | grep port
> rpc 515 0.0 1.6 1488 616 ? S Mar19 0:08 portmap
> mlapier 12080 0.0 1.5 1592 580 pts/0 S 10:43 0:00 grep port

If the portmapper does not respond to rpcinfo -p calls, it is not
working or your calls are not reaching it. You should determine which.

> I would have to say that I am running the portmapper. And I did start it before
> I started NIS. Also, I would have to say that rpc is working because the file
> systems are accessible to the workstations through NFS which uses rpc.

If the portmapper does not respond to rpcinfo -p calls, that is your
problem. Check its logs and whatever else it cares to say to you in
debug mode.

>> >> Making maps is a function of your makefile in /var/yp, and makedbm. If you
>> >> don't like your makefile, you can write another one!
>>
>> Oh, I see. You are talking about rpc.mountd and rpc.nfsd. Yes, they
>> have to register with the portmapper first.

> I tried to Email you directly, but the Email was returned saying that there was

> no access to the computer you are on. Please Email me directly with an address
> I can reach you with so I can be a bit more free with security information.

The address is good. But of course you shouldn't mail my computer, but
the MX mail domain instead (without the computer component). Mail to my
computer goes straight to the spam bin, if it gets here!

Peter