Date: Wed, 19 May 2010 23:43:27 -0400 From: Allan Jude <freebsd.lists@thunderit.com> To: freebsd-jail@freebsd.org Subject: NIS (ypbind) Client in a Jail Message-ID: <4BF4AFDF.2040407@thunderit.com>
next in thread | raw e-mail | index | archive | help
I have a series of jails spread across a number of machines and I want to share a common set of users between them. On a 'real' server (192.168.0.50), I have setup ypserv (per handbook instructions), and I've setup ypbind successfully on the jail host (192.168.0.20), but when I set it up inside the jail it self (192.168.0.22), it doesn't seem to be able to connect to the ypserv. I had to set the 'domainname' on the host, as you cannot change the sysctl in the jail, and this is fine, as I want the common uids on the host as well, so top etc show the correct usernames for processes running as those users in the jail. /etc/nsswitch.conf group: files nis hosts: files dns networks: files passwd: files nis shells: files services: compat services_compat: nis protocols: files rpc: files I have tried rpcbind w/ and w/o the -h flag (i also tried w/ it on the host to make it not bind to *) ps aux|grep bind in jail root 6986 0.0 0.1 7676 2328 ?? SJ 4:45PM 0:00.00 /usr/sbin/ypbind root 95169 0.0 0.0 6876 1532 ?? SsJ 4:21PM 0:00.01 /usr/sbin/rpcbind -h 192.168.0.22 root 95265 0.0 0.1 7676 2268 ?? SsJ 4:21PM 0:00.05 /usr/sbin/ypbind sockstat|grep bind in jail root ypbind 7267 4 udp4 192.168.0.22:1011 *:* root ypbind 7267 5 tcp4 192.168.0.22:982 *:* root ypbind 7267 6 udp4 192.168.0.22:58996 *:* root ypbind 95265 4 udp4 192.168.0.22:1011 *:* root ypbind 95265 5 tcp4 192.168.0.22:982 *:* root rpcbind 95169 5 stream /var/run/rpcbind.sock root rpcbind 95169 6 udp4 192.168.0.22:111 *:* root rpcbind 95169 7 udp4 *:* *:* root rpcbind 95169 8 dgram -> /var/run/logpriv root rpcbind 95169 9 udp4 192.168.0.22:792 *:* root rpcbind 95169 10 tcp4 192.168.0.22:111 *:* root rpcbind 95169 11 tcp4 *:* *:* but when I do id user or ypcat passwd it just sits there. ps aux|grep bind on the host (the processes with the J are the ones inside the jail) root 7391 0.0 0.1 7676 2328 ?? SJ 12:47PM 0:00.00 /usr/sbin/ypbind root 90870 0.0 0.0 6748 1460 ?? Ss 12:18PM 0:00.00 /usr/sbin/rpcbind -h 192.168.0.20 root 90873 0.0 0.1 9724 2964 ?? Ss 12:18PM 0:00.01 /usr/sbin/ypbind root 95169 0.0 0.0 6876 1532 ?? SsJ 12:21PM 0:00.01 /usr/sbin/rpcbind -h 192.168.0.22 root 95265 0.0 0.1 7676 2268 ?? SsJ 12:21PM 0:00.05 /usr/sbin/ypbind I have also tried ypserver -S domain,192.168.0.50 ypbind doesn't seem to have any debugging options, so its hard to tell what it is doing, but as far as I can tell (tcpdump), it is not actually attempting to connect to the ypserv Any suggestions? -- Allan Jude
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4BF4AFDF.2040407>