Many thanks to all who responded.
Serkan.
cil@bilkent.edu.tr
Question: Is there a way for a machine in a subnet get the NIS service
from a NIS server which is located in another subnet seperated by a router?
As far as I know ypbind broadcasts to find a yp server only to the subnet
it exists. If the server is in another subnet it cannot get the NIS
request so that ypbind fails to bind.
--------------------------------------------------
>From lf@gsc.ele.puc-rio.br Fri Aug 26 19:13:12 1994
Yes. As far as I know, you must have at least one NIS (slave) server
in each subnet. Messages from one server (master) to others (slaves) can
cross subnet boundaries. So, all you have to do is turn that machine (or
any other in the same subnet) into a NIS slave server.
--------------------------------------------------
>From mikey@truman.lanl.gov Fri Aug 26 19:09:04 1994
You can set up a yp slave in the new subnet.
I have 5 subnets. In each I have a slave. ( actually all my machines
are slaves )
--------------------------------------------------
>From kowal@ide.com Fri Aug 26 19:08:39 1994
You can run ypbind with the -ypsetme option. After setting your domainname,
fire up ypbind -ypsetme, and then run "ypset nis.server.ip.address". This will
point your client to your nis server on the other subnet. Be sure to use the
IP address of the server, or your client will hang trying to resolve the
address.
One gotcha in doing this: if your client loses it's NIS binding for any
reason, it will start brodcasting for a new server. It will of course,
not find one. You would need to run ypset on the client again, if you
can login.
--------------------------------------------------
>From waheed@symbol.COM Fri Aug 26 18:45:28 1994
I have a saved message which I am forwarding. Hope this helps.
SUMMARY: trouble doing ypinit -s across router
Thanks to all who responded so quickly and constructively.
The correct answer came from three folks:
david@srv.PacBell.COM (David St. Pierre)
Michael.Pavlov@toexpres.com (Michael Pavlov)
Katherine Hosch <kam@math.tulane.edu>
Thanks also to the following for good advice:
Dave Fetrow <fetrow@biostat.washington.edu>
kumeda@tds.com (Andy Kumeda)
eddy@telecomm.tadiran.co.il (Edward Resnick - Sys Adm Team (1723))
Mike Raffety <mike_raffety@il.us.swissbank.com>
The problem stemmed from the fact that there was no entry for the new
network in /var/yp/securenets.
This file is part of the ypserv, ypxfrd, and portmap security patch
100482-02.
Adding an entry for the new net in this file and then restarting ypserv
and ypxfrd on the NIS master fixed the problem.
The original post is included below.
> From sun-managers-relay@ra.mcs.anl.gov Sat Jun 4 01:30:24 1994
> Sender: sun-managers-relay@ra.mcs.anl.gov
> From: joef@vfl.paramax.com
> Reply-To: joef@vfl.paramax.com
> Date: Fri, 3 Jun 94 13:47:33 EDT
> To: sun-managers@eecs.nwu.edu
> Subject: trouble doing ypinit -s across router
>
>
> Having trouble doing ypinit -s across router.
>
> The situation is this.
>
> Master YP server Sun 4/490 running SunOS 4.1.1B (running NIS, NOT NIS+)
>
> Attempting to bring up slave YP server Sun 4/LX running SunOS 4.1.3_U1B.
>
> There is a Cisco AGS+ router between the two machines.
>
> In other situations, when trying to do ypinit -s across a router,
> I have used the following procedure successfully:
>
> 1- on YP master add new YP slave name to ypservers using makedbm
> 1- boot machine to be yp slave server up in single user
> 2- add YP master machine to /etc/hosts on yp slave
> 3- ifconfig, add default routes, etc on yp slave until can ping
> between machines
> 4- on machine to be slave yp server, do all of the following:
> 5- /usr/etc/portmap
> 6- set domainname with domainname <YP domain name>
> 7- /usr/etc/ypbind -ypsetme
> 8- /usr/etc/yp/ypset <IP address of YP master>
> 9- cd /var/yp
> 10- /usr/etc/yp/ypinit -s <YP master>
>
> After answering ypinit questions, the maps transfer and then I reboot
> multiuser and all is well.
>
> In this situation, however, after doing all of the above,
> the maps do not transfer. The following errors show on the
> YP slave machine:
>
> transfering netgroup.byhost . . .
> (info) can't get secure flag from ypserv at <YP master>
> Reason: no such map in server's domain
> (info) can't get interdomain flag from ypserv at <YP master>
> Reason: no such map in server's domain
>
> (lines like the above for each map on the YP master)
>
> and on YP master's console I get the following:
> syslog: ypserv: access denied for <IP address of YP slave>
>
> I can ping between the two machines in either direction.
> I can rlogin to the YP master from the YP slave.
> However, I can not login to the YP slave from the YP master
> (the slave's up in single user, so I assume this would be expected)
> Both machines are in DNS, and the master can resolve the slave's name.
>
> I have attempted rebooting the YP master, but that made no difference.
> Have also added entries in /.rhosts and hosts.equiv.
>
> Any ideas? Suggestions?
> What am I overlooking?
>
> Thanks, and I will summarize.
--------------------------------------------------
>From marg@columbia.edu Fri Aug 26 18:33:44 1994
you can do tricky things with helper addresses in some routers, but the
easiest way is to distribute the map to a yp server on the other side
of the router (say, using rdist), and pushing the map from there.
--------------------------------------------------
>From tkevans@eplrx7.es.duPont.com Fri Aug 26 18:19:40 1994
See the ypbind man page for info about 'ypset'.
--------------------------------------------------
>From carl@east.meriselapd.com Fri Aug 26 18:16:57 1994
THE ANSWER IS YES.
YOU MUST START YPBIND UP ON THE CLIENT AS FOLLOWS:
------
# ypbind -ypsetme
# ypset 129.9.100.101 <---- be sure to use the ip address of the
nis server on the other subnet. Do NOT
use the server's hostname.
VERIFY THAT THIS DOES WORK, THEN PUT THIS DATA IN THE /etc/rc.local
SCRIPT IN PLACE OF THE YPBIND STARTUP COMMAND THAT IS ALREADY IN
THAT FILE.
--------------------------------------------------
>From solie_bryan@jpmorgan.com Fri Aug 26 18:13:46 1994
this is a common NIS problem. Check the man pages for ypset, which
will work across a router (but you don't get the flexibility of
broadcast). Or put a slave server or two on the local subnet.
--------------------------------------------------
>From harishm@pcsdnfs1.eq.gs.com Fri Aug 26 18:08:59 1994
edit rc.local if Sunos 4.1.X
ypbind -ypset or ypbind -s -ypset # if passwords shadowed
ypset master_hostname/IPaddress
Read Systyem and Network adminstration manual and/or
Managing NFS/NIS O'Reilly Associates
--------------------------------------------------
>From mgaertne@igd.fhg.de Fri Aug 26 17:37:03 1994
I recently asked the same question in a modified way :-)
Here's what you can do:
1.) Set up a NIS-slaveserver in any segment you have, better two of them.
2.) On the NIS-client, start ypbind with the '-ypset'-option and
after starting keysrv, use /usr/etc/yp/ypset <your nis-server-ip-address>
3.) Get the appropriate router which can be configured to pass all broadcasts
for specific services, like NIS or mbone etc.
CISCO does that, 3COM Netbuilder II are supposed to do that with V7.1
Choose one of the three solutions and live with it...
Btw: Solution two is very insecure. Whenever you reboot your nis-server
ANY attached client (ypsetted!) hangs and must be rebooted too, since the
damned ypbind won't reattach to the server after it's up again. Only solution
here: Upgrade to solaris, their nis-clients can be configured to have a list
of nis-servers to attach to.
--------------------------------------------------
>From aage@dmi.min.dk Fri Aug 26 17:33:09 1994
Create a subserver on the subnet.
--------------------------------------------------
>From ruupoe@thijssen.nl Fri Aug 26 17:32:54 1994
Yes that's true, but i think it's possible to put a slave server at the
other side of the router. I'm not sure, so don't take this as the truth
before anybody else gave this oppertunity too.
--------------------------------------------------
>From jerry.springer@valcom.com Fri Aug 26 17:30:07 1994
If you know which machine you want to be the nis server for the machine on the
other net you can modify the rc.local file to start ypbind with the ypsetme
option. Then issue the command ypset nis-server-name. SO the lines in the
rc.local file would be
if [ -f /etc/security/passwd.adjunct ]; then
ypbind -s; echo -n ' ypbind'
else
ypbind -ypsetme; echo -n ' ypbind'
/usr/etc/yp/ypset your-nis-server-name;
fi
This stops ypbind from broadcasting to find its nis server and tells it a specific
machine to use. The router will be able to pass the appropriate packets back and
forth since they will now be point to point between to machines.
--------------------------------------------------
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:09:08 CDT