On Sat, Aug 08, 2015 at 08:36:24AM -0500, Nathan Moore wrote:
> Working through a SL7 migration.
> Right now, I can't get ypbind to start, or rather, it starts in a clunky way.
Going through same here. NIS/autofs does work through the el7.1 stock firewall:
http://www.triumf.info/wiki/DAQwiki/index.php/SLinstall#Configure_NIS_client_.28CentOS7.29
yum -y install ypbind
echo "NISTIMEOUT=5" >> /etc/sysconfig/network
echo "NETWORKWAIT=yes" >> /etc/sysconfig/network
authconfig --enablenis --enablepreferdns --nisdomain LADD-NIS --nisserver ladd00.triumf.ca --update
ypwhich
ypcat -k passwd
also you need:
setsebool -P use_nfs_home_dirs 1
P.S. I am not sure if "--nisserver ladd00" is still needed - I think broadcast NIS works again in el7.1.
K.O.
>
> Using systemctl,
> [root@pilgrim ~]# systemctl enable ypbind
> [root@pilgrim ~]# systemctl start ypbind
> Job for ypbind.service failed. See 'systemctl status ypbind.service' and
> 'journalctl -xn' for details.
>
> but, I can get the daemon to start by running the bare command,
> [root@pilgrim ~]# /usr/sbin/ypbind
> [root@pilgrim ~]# rpcinfo -p localhost | grep ypbind
> 100007 2 udp 785 ypbind
> 100007 1 udp 785 ypbind
> 100007 2 tcp 788 ypbind
> 100007 1 tcp 788 ypbind
>
> Any ideas? Is this a known bug? The output below makes it seem like this
> is a conflict with selinux?
>
> [root@pilgrim ~]# systemctl -l status ypbind.service
> ypbind.service - NIS/YP (Network Information Service) Clients to NIS Domain
> Binder
> Loaded: loaded (/usr/lib/systemd/system/ypbind.service; enabled)
> Active: failed (Result: exit-code) since Sat 2015-08-08 03:33:06 CDT;
> 42s ago
> Process: 17594 ExecStartPost=/usr/libexec/ypbind-post-waitbind
> (code=exited, status=1/FAILURE)
> Process: 17587 ExecStart=/usr/sbin/ypbind -n $OTHER_YPBIND_OPTS
> (code=exited, status=0/SUCCESS)
> Process: 17585 ExecStartPre=/usr/sbin/setsebool allow_ypbind=1
> (code=exited, status=0/SUCCESS)
> Process: 17580 ExecStartPre=/usr/libexec/ypbind-pre-setdomain
> (code=exited, status=0/SUCCESS)
> Main PID: 17587 (code=exited, status=0/SUCCESS)
> Status: "Processing requests..."
>
> Aug 08 03:32:19 pilgrim setsebool[17585]: The allow_ypbind policy boolean
> was changed to 1 by root
> Aug 08 03:32:19 pilgrim ypbind[17587]: cannot create pidfile
> /var/run/ypbind.pid
> Aug 08 03:32:20 pilgrim python[17592]: SELinux is preventing
> /usr/sbin/ypbind from 'read, write' accesses on the file ypbind.pid.
>
> ***** Plugin catchall (100.
> confidence) suggests **************************
>
> If you believe that ypbind should be
> allowed read write access on the ypbind.pid file by default.
> Then you should report this as a bug.
> You can generate a local policy
> module to allow this access.
> Do
> allow this access for now by
> executing:
> # grep ypbind
> /var/log/audit/audit.log | audit2allow -M mypol
> # semodule -i mypol.pp
>
> Aug 08 03:33:06 pilgrim ypbind[17587]: cannot unlock pidfile
> Aug 08 03:33:06 pilgrim systemd[1]: ypbind.service: control process exited,
> code=exited status=1
> Aug 08 03:33:06 pilgrim systemd[1]: Failed to start NIS/YP (Network
> Information Service) Clients to NIS Domain Binder.
> Aug 08 03:33:06 pilgrim systemd[1]: Unit ypbind.service entered failed
> state.
>
>
> --
> - - - - - - - - - - - - - - - - - - - - -
> Nathan Moore
> Mississippi River and 44th Parallel
> - - - - - - - - - - - - - - - - - - - - -
--
Konstantin Olchanski
Data Acquisition Systems: The Bytes Must Flow!
Email: olchansk-at-triumf-dot-ca
Snail mail: 4004 Wesbrook Mall, TRIUMF, Vancouver, B.C., V6T 2A3, Canada
|