NIS (ypbind) Client in a Jail

Kostik Belousov kostikbel at gmail.com
Thu May 20 10:12:21 UTC 2010 

On Wed, May 19, 2010 at 11:43:27PM -0400, Allan Jude wrote:
> I have a series of jails spread across a number of machines and I want
> to share a common set of users between them.
> 
> On a 'real' server (192.168.0.50), I have setup ypserv (per handbook
> instructions), and I've setup ypbind successfully on the jail host
> (192.168.0.20), but when I set it up inside the jail it self
> (192.168.0.22), it doesn't seem to be able to connect to the ypserv. I
> had to set the 'domainname' on the host, as you cannot change the sysctl
> in the jail, and this is fine, as I want the common uids on the host as
> well, so top etc show the correct usernames for processes running as
> those users in the jail.
> 
> /etc/nsswitch.conf
> 
> group: files nis
> hosts: files dns
> networks: files
> passwd: files nis
> shells: files
> services: compat
> services_compat: nis
> protocols: files
> rpc: files
> 
> I have tried rpcbind w/ and w/o the -h flag (i also tried w/ it on the
> host to make it not bind to *)
> 
> ps aux|grep bind in jail
> 
> root         6986  0.0  0.1  7676  2328  ??  SJ    4:45PM   0:00.00
> /usr/sbin/ypbind
> root        95169  0.0  0.0  6876  1532  ??  SsJ   4:21PM   0:00.01
> /usr/sbin/rpcbind -h 192.168.0.22
> root        95265  0.0  0.1  7676  2268  ??  SsJ   4:21PM   0:00.05
> /usr/sbin/ypbind
> 
> sockstat|grep bind in jail
> 
> root     ypbind     7267  4  udp4   192.168.0.22:1011     *:*
> root     ypbind     7267  5  tcp4   192.168.0.22:982      *:*
> root     ypbind     7267  6  udp4   192.168.0.22:58996    *:*
> root     ypbind     95265 4  udp4   192.168.0.22:1011     *:*
> root     ypbind     95265 5  tcp4   192.168.0.22:982      *:*
> root     rpcbind    95169 5  stream /var/run/rpcbind.sock
> root     rpcbind    95169 6  udp4   192.168.0.22:111      *:*
> root     rpcbind    95169 7  udp4   *:*                   *:*
> root     rpcbind    95169 8  dgram  -> /var/run/logpriv
> root     rpcbind    95169 9  udp4   192.168.0.22:792      *:*
> root     rpcbind    95169 10 tcp4   192.168.0.22:111      *:*
> root     rpcbind    95169 11 tcp4   *:*                   *:*
> 
> but when I do id user or ypcat passwd it just sits there.
> 
> ps aux|grep bind on the host (the processes with the J are the ones
> inside the jail)
> 
> root         7391  0.0  0.1  7676  2328  ??  SJ   12:47PM   0:00.00
> /usr/sbin/ypbind
> root        90870  0.0  0.0  6748  1460  ??  Ss   12:18PM   0:00.00
> /usr/sbin/rpcbind -h 192.168.0.20
> root        90873  0.0  0.1  9724  2964  ??  Ss   12:18PM   0:00.01
> /usr/sbin/ypbind
> root        95169  0.0  0.0  6876  1532  ??  SsJ  12:21PM   0:00.01
> /usr/sbin/rpcbind -h 192.168.0.22
> root        95265  0.0  0.1  7676  2268  ??  SsJ  12:21PM   0:00.05
> /usr/sbin/ypbind
> 
> I have also tried ypserver -S domain,192.168.0.50
> 
> ypbind doesn't seem to have any debugging options, so its hard to tell
> what it is doing, but as far as I can tell (tcpdump), it is not actually
> attempting to connect to the ypserv
> 
> Any suggestions?

I successfully run ypbinds in jails, but rpcbind have to be run on the
host. If manually restarting the services, make sure that rpcbind is
restarted first.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-jail/attachments/20100520/129753ac/attachment.pgp

More information about the freebsd-jail mailing list