From owner-freebsd-questions Wed Sep 22 7:18:42 1999 Delivered-To: freebsd-questions@freebsd.org Received: from broccoli.graphics.cornell.edu (broccoli.graphics.cornell.edu [128.84.247.53]) by hub.freebsd.org (Postfix) with ESMTP id 23F0014DD0 for ; Wed, 22 Sep 1999 07:18:34 -0700 (PDT) (envelope-from mkc@Graphics.Cornell.EDU) Received: from graphics.cornell.edu (localhost.graphics.cornell.edu) by broccoli.graphics.cornell.edu with ESMTP (1.37.109.16/16.2) id AA266709910; Wed, 22 Sep 1999 10:18:30 -0400 Message-Id: <199909221418.AA266709910@broccoli.graphics.cornell.edu> X-Mailer: exmh version 2.0zeta 7/24/97 To: Alfred Perlstein Cc: freebsd-questions@FreeBSD.ORG Subject: Re: NIS access denied In-Reply-To: Your message of "Tue, 21 Sep 1999 16:42:47 PDT." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Wed, 22 Sep 1999 10:18:24 -0400 From: Mitch Collinsworth Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG >On Tue, 21 Sep 1999, Mitch Collinsworth wrote: > >> >> Greetings, >> >> I have an ancient NIS domain with an ultrix master and several hp-ux >> slave servers. I am trying to add a freebsd slave that will eventually >> become the master. I have transferred most of the maps and have ypserv >> running, but after updating the ypservers map I am not able to propagate >> it to the freebsd slave. Here's what I'm getting: >> >> On master: >> >> $ yppush ypservers >> Status received from ypxfr on xxxx: >> Failed - Transfer request refused. >> >> In /var/log/messages on xxxx, the freebsd slave: >> >> Sep 21 18:34:04 xxxx ypserv[4290]: access to ypservers denied -- client >> 111.222.333.444:2746 not privileged >> >> [I've obscured the hostname and ip address here, for insecurity reasons.] >> >> I've not found any clues in the man pages or the Lehey book. >> Before I go source-diving, does anyone happen to know the answer I'm >> looking for here? > >Just a guess, FreeBSD's yp system expects you to connect from a secure >port (port number < 1024), see if HP has any flags to force use >of a secure port, (perhaps you aren't running it as root?) or >perhaps FreeBSD has a flag to accept connections from ports > 1024, >but i wouldn't leave than enabled, it's a bad security problem. > >-Alfred Yes, I believe this is the source of the problem. I have not found any way to get FBSD ypserv to accept insecure connections. One thing you missed above is that the current master server is ultrix. The HP servers are all slaves. What I found with some experimentation is that the FBSD slave will happily ypxfr maps from an HP slave, just not from the ultrix master (ypxfr: ypserv on yyyyy not running on reserved port ypxfr: Exiting: Transfer request refused by ypserv). The workaround I thought of last night while not staring at the monitor trying to be clever is to break the operation into two steps: first move the master from the ultrix box to one of the HPs, then move it again from the HP to the FBSD box. Extra work, but probably less total effort than figuring out how to kludge getting the ultrix -> FBSD ypxfr to work. :-) -Mitch To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message