From owner-freebsd-jail@FreeBSD.ORG Thu May 20 10:12:21 2010 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B5733106566B for ; Thu, 20 May 2010 10:12:21 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from mail.zoral.com.ua (mx0.zoral.com.ua [91.193.166.200]) by mx1.freebsd.org (Postfix) with ESMTP id 5357D8FC08 for ; Thu, 20 May 2010 10:12:20 +0000 (UTC) Received: from deviant.kiev.zoral.com.ua (root@deviant.kiev.zoral.com.ua [10.1.1.148]) by mail.zoral.com.ua (8.14.2/8.14.2) with ESMTP id o4KACU5r026721 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 20 May 2010 13:12:30 +0300 (EEST) (envelope-from kostikbel@gmail.com) Received: from deviant.kiev.zoral.com.ua (kostik@localhost [127.0.0.1]) by deviant.kiev.zoral.com.ua (8.14.4/8.14.4) with ESMTP id o4KACH1K036687; Thu, 20 May 2010 13:12:17 +0300 (EEST) (envelope-from kostikbel@gmail.com) Received: (from kostik@localhost) by deviant.kiev.zoral.com.ua (8.14.4/8.14.4/Submit) id o4KACGtc036686; Thu, 20 May 2010 13:12:16 +0300 (EEST) (envelope-from kostikbel@gmail.com) X-Authentication-Warning: deviant.kiev.zoral.com.ua: kostik set sender to kostikbel@gmail.com using -f Date: Thu, 20 May 2010 13:12:16 +0300 From: Kostik Belousov To: Allan Jude Message-ID: <20100520101216.GG83316@deviant.kiev.zoral.com.ua> References: <4BF4AFDF.2040407@thunderit.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="+WIyXkGFHMyqo73g" Content-Disposition: inline In-Reply-To: <4BF4AFDF.2040407@thunderit.com> User-Agent: Mutt/1.4.2.3i X-Virus-Scanned: clamav-milter 0.95.2 at skuns.kiev.zoral.com.ua X-Virus-Status: Clean X-Spam-Status: No, score=-2.4 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_50, DNS_FROM_OPENWHOIS autolearn=no version=3.2.5 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on skuns.kiev.zoral.com.ua Cc: freebsd-jail@freebsd.org Subject: Re: NIS (ypbind) Client in a Jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 May 2010 10:12:21 -0000 --+WIyXkGFHMyqo73g Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, May 19, 2010 at 11:43:27PM -0400, Allan Jude wrote: > I have a series of jails spread across a number of machines and I want > to share a common set of users between them. >=20 > On a 'real' server (192.168.0.50), I have setup ypserv (per handbook > instructions), and I've setup ypbind successfully on the jail host > (192.168.0.20), but when I set it up inside the jail it self > (192.168.0.22), it doesn't seem to be able to connect to the ypserv. I > had to set the 'domainname' on the host, as you cannot change the sysctl > in the jail, and this is fine, as I want the common uids on the host as > well, so top etc show the correct usernames for processes running as > those users in the jail. >=20 > /etc/nsswitch.conf >=20 > group: files nis > hosts: files dns > networks: files > passwd: files nis > shells: files > services: compat > services_compat: nis > protocols: files > rpc: files >=20 > I have tried rpcbind w/ and w/o the -h flag (i also tried w/ it on the > host to make it not bind to *) >=20 > ps aux|grep bind in jail >=20 > root 6986 0.0 0.1 7676 2328 ?? SJ 4:45PM 0:00.00 > /usr/sbin/ypbind > root 95169 0.0 0.0 6876 1532 ?? SsJ 4:21PM 0:00.01 > /usr/sbin/rpcbind -h 192.168.0.22 > root 95265 0.0 0.1 7676 2268 ?? SsJ 4:21PM 0:00.05 > /usr/sbin/ypbind >=20 > sockstat|grep bind in jail >=20 > root ypbind 7267 4 udp4 192.168.0.22:1011 *:* > root ypbind 7267 5 tcp4 192.168.0.22:982 *:* > root ypbind 7267 6 udp4 192.168.0.22:58996 *:* > root ypbind 95265 4 udp4 192.168.0.22:1011 *:* > root ypbind 95265 5 tcp4 192.168.0.22:982 *:* > root rpcbind 95169 5 stream /var/run/rpcbind.sock > root rpcbind 95169 6 udp4 192.168.0.22:111 *:* > root rpcbind 95169 7 udp4 *:* *:* > root rpcbind 95169 8 dgram -> /var/run/logpriv > root rpcbind 95169 9 udp4 192.168.0.22:792 *:* > root rpcbind 95169 10 tcp4 192.168.0.22:111 *:* > root rpcbind 95169 11 tcp4 *:* *:* >=20 > but when I do id user or ypcat passwd it just sits there. >=20 > ps aux|grep bind on the host (the processes with the J are the ones > inside the jail) >=20 > root 7391 0.0 0.1 7676 2328 ?? SJ 12:47PM 0:00.00 > /usr/sbin/ypbind > root 90870 0.0 0.0 6748 1460 ?? Ss 12:18PM 0:00.00 > /usr/sbin/rpcbind -h 192.168.0.20 > root 90873 0.0 0.1 9724 2964 ?? Ss 12:18PM 0:00.01 > /usr/sbin/ypbind > root 95169 0.0 0.0 6876 1532 ?? SsJ 12:21PM 0:00.01 > /usr/sbin/rpcbind -h 192.168.0.22 > root 95265 0.0 0.1 7676 2268 ?? SsJ 12:21PM 0:00.05 > /usr/sbin/ypbind >=20 > I have also tried ypserver -S domain,192.168.0.50 >=20 > ypbind doesn't seem to have any debugging options, so its hard to tell > what it is doing, but as far as I can tell (tcpdump), it is not actually > attempting to connect to the ypserv >=20 > Any suggestions? I successfully run ypbinds in jails, but rpcbind have to be run on the host. If manually restarting the services, make sure that rpcbind is restarted first. --+WIyXkGFHMyqo73g Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (FreeBSD) iEYEARECAAYFAkv1CwAACgkQC3+MBN1Mb4hsOQCfaLAG56Is/uWHX4BiBUMLu76g giQAn0+s8jZ0+jg5tquKXLisU74PgywN =BiNN -----END PGP SIGNATURE----- --+WIyXkGFHMyqo73g--