Re: [Freeipa-users] fixing port numbers associated with the NIS

Tue, 15 Nov 2011 07:11:14 -0800 

On 11/15/2011 07:44 AM, Boris Epstein wrote:




On Mon, Nov 14, 2011 at 7:16 PM, Nalin Dahyabhai <[email protected] 
<mailto:[email protected]>> wrote:


    On Mon, Nov 14, 2011 at 05:19:44PM -0500, Boris Epstein wrote:
    >    Hello all,
    >
    >    I am using the FreeIPA to run NIS via a plugin. Works great -
    except
    >    that the ypserv port numbers end up different after every
    reboot. That
    >    makes it hard to run it with the firewall activated.
    >
    >    Does anybody know how to make those port number assignments
    permanent?

    There's no tooling specifically for doing this, but the plugin
    supports
    it.  In order to get it to use a fixed port, you'll need to edit the
    directory server entry for "cn=NIS Server, cn=plugins, cn=config" and
    add a "nsslapd-pluginarg0" value which contains the port number you'd
    like it to use.

    You can do this either by stopping the directory server, editing its
    dse.ldif file directly, and then restarting it, or by editing the
    entry
    "live" using ldapmodify and then restarting the server.  The latter
    method (I'm using port 541 here) looks something like this:

     # ldapmodify -x -D "cn=Directory Manager" -W <<- EOF
     dn: cn=NIS Server,cn=plugins,cn=config
     changetype: modify
     replace: nsslapd-pluginarg0
     nsslapd-pluginarg0: 541
     -

     EOF
     # ipactl restart

    You'll need to supply the Directory Manager password.  Once that's
    done,
    running "rpcinfo -p" on the server should show that the NIS service is
    listening on the desired port.

    HTH,

    Nalin


Nalin,


Thanks a lot for the tip. It definitely looks like this put me on the 
right path though I am not quite there yet.



Doing what you suggested did not quite work. For one thing, the right 
cn is "NIS", not "NIS Server". Another thing is, it does not look like 
the LDIF files in question have the nsslapd-pluginarg0 parameter - or 
are happy with it being added.

You have to shutdown the directory server first
service dirsrv stop
or
systemctl stop dirsrv.target



Do you happen to have a copy of your LDIF configuration file with the 
relevant configuration by any chance? That could come in handy.


Cheers,

Boris.


_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users



_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users





















					Reply via email to