Date: Wed, 22 Sep 1999 10:18:24 -0400 From: Mitch Collinsworth <mkc@Graphics.Cornell.EDU> To: Alfred Perlstein <bright@wintelcom.net> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: NIS access denied Message-ID: <199909221418.AA266709910@broccoli.graphics.cornell.edu> In-Reply-To: Your message of "Tue, 21 Sep 1999 16:42:47 PDT." <Pine.BSF.4.05.9909211640430.6368-100000@fw.wintelcom.net>
next in thread | previous in thread | raw e-mail | index | archive | help
>On Tue, 21 Sep 1999, Mitch Collinsworth wrote: > >> >> Greetings, >> >> I have an ancient NIS domain with an ultrix master and several hp-ux >> slave servers. I am trying to add a freebsd slave that will eventually >> become the master. I have transferred most of the maps and have ypserv >> running, but after updating the ypservers map I am not able to propagate >> it to the freebsd slave. Here's what I'm getting: >> >> On master: >> >> $ yppush ypservers >> Status received from ypxfr on xxxx: >> Failed - Transfer request refused. >> >> In /var/log/messages on xxxx, the freebsd slave: >> >> Sep 21 18:34:04 xxxx ypserv[4290]: access to ypservers denied -- client >> 111.222.333.444:2746 not privileged >> >> [I've obscured the hostname and ip address here, for insecurity reasons.] >> >> I've not found any clues in the man pages or the Lehey book. >> Before I go source-diving, does anyone happen to know the answer I'm >> looking for here? > >Just a guess, FreeBSD's yp system expects you to connect from a secure >port (port number < 1024), see if HP has any flags to force use >of a secure port, (perhaps you aren't running it as root?) or >perhaps FreeBSD has a flag to accept connections from ports > 1024, >but i wouldn't leave than enabled, it's a bad security problem. > >-Alfred Yes, I believe this is the source of the problem. I have not found any way to get FBSD ypserv to accept insecure connections. One thing you missed above is that the current master server is ultrix. The HP servers are all slaves. What I found with some experimentation is that the FBSD slave will happily ypxfr maps from an HP slave, just not from the ultrix master (ypxfr: ypserv on yyyyy not running on reserved port ypxfr: Exiting: Transfer request refused by ypserv). The workaround I thought of last night while not staring at the monitor trying to be clever is to break the operation into two steps: first move the master from the ultrix box to one of the HPs, then move it again from the HP to the FBSD box. Extra work, but probably less total effort than figuring out how to kludge getting the ultrix -> FBSD ypxfr to work. :-) -Mitch To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199909221418.AA266709910>