[SUMMARY] Problem with NIS and "securenets" file (ypserv/ypxfrd won't come up)

From: David Foster (foster@dim.ucsd.edu)
Date: Tue Nov 16 1999 - 17:35:38 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Problem:
=======

Problem basically was that under Solaris 2.6, when I tried to create the
/var/yp/securenets file to limit hosts/networks that could talk to my NIS
server, ypxfrd and ypserv daemons would not start.

(Original question follows at the end of this message)

Solution:
========

I don't know why, but adding an entry for localhost worked:

255.255.255.255 127.0.0.1
255.255.255.0 xxx.yyy.xxx.0

Thanks to Dan Stromberg for this solution. Doesn't make sense to me, since the
server (localhost) is part of the xxx.yyy.zzz subnet. But now it's not broken and
I'm not going to fix it!

Side Note:

When I restarted the NIS master server with this enabled, I had to reboot all
of our SunOS 4.1.4 systems, as they became very confused.

Thanks to:

Dan Stromberg <strombrg@nis.acs.uci.edu>
mark.baldwin@makesys.com

> Platform: Solaris 2.6, fully patched
>
> Problem:
>
> [ypserv and ypxfrd won't come up when /var/yp/securenets file exists]
>
> We recently moved our NIS master server from a SunOS 4.1.4 system (don't ask...)
> to a Solaris 2.6 Ultra 450. We had been using the /var/yp/securenets file to
> improve security somewhat. When we install this file on the Solaris system,
> ypserv and ypxfrd will not come up. I've checked the FAQ and the archives of
> this list, and several books, but didn't find anything.
>
> Here's the contents of this file:
>
> # /var/yp/sercurenets file
> #
> # The format of this file is one of more lines of
> #
> # netmask netaddr
> # Both netmask and netaddr must be dotted quads.
> #
> 255.255.255.128 xxx.yyy.zzz.0 # xxx.yyy.zzz is our local network
>
>
> I have also tried using:
>
> 255.255.255.128 xxx.yyy.zzz.255
>
> because of the difference in broadcast addresses between SunOS and Solaris, and
>
> 255.255.255.255 xxx.yyy.zzz.255
>
> following the instructions in the man page (not very helpful!).
>
>
> None work. Can someone please tell me what I'm doing wrong? Summary to follow.
>
>
> Dave Foster
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> David Foster National Center for Microscopy and Imaging Research
> dfoster@ucsd.edu UCSD/Department of Neuroscience
> (858) 534-7968 http://www-ncmir.ucsd.edu/
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>

  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   David Foster National Center for Microscopy and Imaging Research
    dfoster@ucsd.edu UCSD/Department of Neuroscience
    (858) 534-7968 http://www-ncmir.ucsd.edu/
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:13:32 CDT