On Sat, Aug 08, 2015 at 08:36:24AM -0500, Nathan Moore wrote: > Working through a SL7 migration. > Right now, I can't get ypbind to start, or rather, it starts in a clunky way. Going through same here. NIS/autofs does work through the el7.1 stock firewall: http://www.triumf.info/wiki/DAQwiki/index.php/SLinstall#Configure_NIS_client_.28CentOS7.29 yum -y install ypbind echo "NISTIMEOUT=5" >> /etc/sysconfig/network echo "NETWORKWAIT=yes" >> /etc/sysconfig/network authconfig --enablenis --enablepreferdns --nisdomain LADD-NIS --nisserver ladd00.triumf.ca --update ypwhich ypcat -k passwd also you need: setsebool -P use_nfs_home_dirs 1 P.S. I am not sure if "--nisserver ladd00" is still needed - I think broadcast NIS works again in el7.1. K.O. > > Using systemctl, > [root@pilgrim ~]# systemctl enable ypbind > [root@pilgrim ~]# systemctl start ypbind > Job for ypbind.service failed. See 'systemctl status ypbind.service' and > 'journalctl -xn' for details. > > but, I can get the daemon to start by running the bare command, > [root@pilgrim ~]# /usr/sbin/ypbind > [root@pilgrim ~]# rpcinfo -p localhost | grep ypbind > 100007 2 udp 785 ypbind > 100007 1 udp 785 ypbind > 100007 2 tcp 788 ypbind > 100007 1 tcp 788 ypbind > > Any ideas? Is this a known bug? The output below makes it seem like this > is a conflict with selinux? > > [root@pilgrim ~]# systemctl -l status ypbind.service > ypbind.service - NIS/YP (Network Information Service) Clients to NIS Domain > Binder > Loaded: loaded (/usr/lib/systemd/system/ypbind.service; enabled) > Active: failed (Result: exit-code) since Sat 2015-08-08 03:33:06 CDT; > 42s ago > Process: 17594 ExecStartPost=/usr/libexec/ypbind-post-waitbind > (code=exited, status=1/FAILURE) > Process: 17587 ExecStart=/usr/sbin/ypbind -n $OTHER_YPBIND_OPTS > (code=exited, status=0/SUCCESS) > Process: 17585 ExecStartPre=/usr/sbin/setsebool allow_ypbind=1 > (code=exited, status=0/SUCCESS) > Process: 17580 ExecStartPre=/usr/libexec/ypbind-pre-setdomain > (code=exited, status=0/SUCCESS) > Main PID: 17587 (code=exited, status=0/SUCCESS) > Status: "Processing requests..." > > Aug 08 03:32:19 pilgrim setsebool[17585]: The allow_ypbind policy boolean > was changed to 1 by root > Aug 08 03:32:19 pilgrim ypbind[17587]: cannot create pidfile > /var/run/ypbind.pid > Aug 08 03:32:20 pilgrim python[17592]: SELinux is preventing > /usr/sbin/ypbind from 'read, write' accesses on the file ypbind.pid. > > ***** Plugin catchall (100. > confidence) suggests ************************** > > If you believe that ypbind should be > allowed read write access on the ypbind.pid file by default. > Then you should report this as a bug. > You can generate a local policy > module to allow this access. > Do > allow this access for now by > executing: > # grep ypbind > /var/log/audit/audit.log | audit2allow -M mypol > # semodule -i mypol.pp > > Aug 08 03:33:06 pilgrim ypbind[17587]: cannot unlock pidfile > Aug 08 03:33:06 pilgrim systemd[1]: ypbind.service: control process exited, > code=exited status=1 > Aug 08 03:33:06 pilgrim systemd[1]: Failed to start NIS/YP (Network > Information Service) Clients to NIS Domain Binder. > Aug 08 03:33:06 pilgrim systemd[1]: Unit ypbind.service entered failed > state. > > > -- > - - - - - - - - - - - - - - - - - - - - - > Nathan Moore > Mississippi River and 44th Parallel > - - - - - - - - - - - - - - - - - - - - - -- Konstantin Olchanski Data Acquisition Systems: The Bytes Must Flow! Email: olchansk-at-triumf-dot-ca Snail mail: 4004 Wesbrook Mall, TRIUMF, Vancouver, B.C., V6T 2A3, Canada