allanjude@
Developer
I have a series of jails spread across a number of machines and I want to share a common set of users between them.
On a 'real' server (192.168.0.50), I have setup ypserv (per handbook instructions), and I've setup ypbind successfully on the jail host (192.168.0.20), but when I set it up inside the jail it self (192.168.0.22), it doesn't seem to be able to connect to the ypserv. I had to set the 'domainname' on the host, as you cannot change it in the jail, and this is fine, as I want the common uids on the host as well, so top etc show the correct usernames for processes running as those users in the jail.
/etc/nsswitch.conf
I have tried rpcbind w/ and w/o the -h flag (i also tried w/ it on the host to make it not bind to *)
[cmd=]ps|grep bind[/cmd] in jail
[cmd=]sockstat|grep bind[/cmd] in jail
but when I do [cmd=]id user[/cmd] or [cmd=]ypcat passwd[/cmd] it just sits there.
[cmd=]ps|grep bind[/cmd] on the host (the processes with the J are the ones inside the jail)
I have also tried [cmd=]ypserver -S domain,192.168.0.50[/cmd]
[cmd=]ypbind[/cmd] doesn't seem to have any debugging options, so its hard to tell what it is doing, but as far as I can tell (tcpdump), it is not actually attempting to connect to the ypserv
Any suggestions?
On a 'real' server (192.168.0.50), I have setup ypserv (per handbook instructions), and I've setup ypbind successfully on the jail host (192.168.0.20), but when I set it up inside the jail it self (192.168.0.22), it doesn't seem to be able to connect to the ypserv. I had to set the 'domainname' on the host, as you cannot change it in the jail, and this is fine, as I want the common uids on the host as well, so top etc show the correct usernames for processes running as those users in the jail.
/etc/nsswitch.conf
Code:
group: files nis
hosts: files dns
networks: files
passwd: files nis
shells: files
services: compat
services_compat: nis
protocols: files
rpc: files
I have tried rpcbind w/ and w/o the -h flag (i also tried w/ it on the host to make it not bind to *)
[cmd=]ps|grep bind[/cmd] in jail
Code:
root 6986 0.0 0.1 7676 2328 ?? SJ 4:45PM 0:00.00 /usr/sbin/ypbind
root 95169 0.0 0.0 6876 1532 ?? SsJ 4:21PM 0:00.01 /usr/sbin/rpcbind -h 192.168.0.22
root 95265 0.0 0.1 7676 2268 ?? SsJ 4:21PM 0:00.05 /usr/sbin/ypbind
Code:
root ypbind 7267 4 udp4 192.168.0.22:1011 *:*
root ypbind 7267 5 tcp4 192.168.0.22:982 *:*
root ypbind 7267 6 udp4 192.168.0.22:58996 *:*
root ypbind 95265 4 udp4 192.168.0.22:1011 *:*
root ypbind 95265 5 tcp4 192.168.0.22:982 *:*
root rpcbind 95169 5 stream /var/run/rpcbind.sock
root rpcbind 95169 6 udp4 192.168.0.22:111 *:*
root rpcbind 95169 7 udp4 *:* *:*
root rpcbind 95169 8 dgram -> /var/run/logpriv
root rpcbind 95169 9 udp4 192.168.0.22:792 *:*
root rpcbind 95169 10 tcp4 192.168.0.22:111 *:*
root rpcbind 95169 11 tcp4 *:* *:*
but when I do [cmd=]id user[/cmd] or [cmd=]ypcat passwd[/cmd] it just sits there.
[cmd=]ps|grep bind[/cmd] on the host (the processes with the J are the ones inside the jail)
Code:
root 7391 0.0 0.1 7676 2328 ?? SJ 12:47PM 0:00.00 /usr/sbin/ypbind
root 90870 0.0 0.0 6748 1460 ?? Ss 12:18PM 0:00.00 /usr/sbin/rpcbind -h 192.168.0.20
root 90873 0.0 0.1 9724 2964 ?? Ss 12:18PM 0:00.01 /usr/sbin/ypbind
root 95169 0.0 0.0 6876 1532 ?? SsJ 12:21PM 0:00.01 /usr/sbin/rpcbind -h 192.168.0.22
root 95265 0.0 0.1 7676 2268 ?? SsJ 12:21PM 0:00.05 /usr/sbin/ypbind
I have also tried [cmd=]ypserver -S domain,192.168.0.50[/cmd]
[cmd=]ypbind[/cmd] doesn't seem to have any debugging options, so its hard to tell what it is doing, but as far as I can tell (tcpdump), it is not actually attempting to connect to the ypserv
Any suggestions?