NIS server doesn't answer ypbind

I setup a NIS server (including NFS) in my intranet. And I also setup the NIS client server. Originally, I can login the NIS client server with the account established in NIS server. However, in recent days, the NIS service suddenly didn’t function. I cannot login to those NIS client server. When I checked the NIS client server with ‘ypbind -d’, the NIS server no longer response the NIS request from the NIS client server.

However, I checked the status of the several related services (like rpcbind ypbind ypxfrd yppasswdd nis-domainname) in the NIS server.
All these services are also running well. Also, I checked the ethernet interface between NIS server and NIS client by ping command. They could be sent successfully.

What should I do?

Thank you!
James

What does ypwhich output on your NIS client ?

Can you access any of the NIS maps from the NIS server by running something like on the NIS client ypcat services (or similar) ?

What does rpcinfo -p <NIS-server-name> when run on the NIS client output ?

Here are the outputs of the above commands. It seems that it cannot find the ypbind service from the NIS server.
Client_ypwhich_output


Do you get any errors when you (re)start the ypbind service on the client ? i.e. what is output of:

systemctl restart ypbind
systemctl status ypbind

Also, what does your /etc/yp.conf contain on the client ?

Are there any firewall rules blocking access to port 944 on the NIS master ?

Yes, the ypbind (client) cannot run. The following is the output.

And my yp.conf was:

I have made firewalld (master) inactive. But the result is the same.

First a note: one can usually copy-paste text when posting. It is more convenient than bitmap images.


Service fails to start.
You should want to know why.
Does journalctl -xu ypbind.service show more log messages?
If not, did the service wrote logs directly to somewhere, like /var/log/?

Anyway, in the picture the /usr/libexec/ypbind-post-waitbind has failed. Why?
What is it?


Overall, the NIS starts to be legacy code. It did seem insecure more than a decade ago. Probably has not improved significantly. What is the main reason for the use of NIS? (In case attempts to solve your current issue fail, check on alternatives might become necessary.)

What does grep ypbind /var/log/messages output ?

/usr/libexec/ypbind-post-waitbind logs messages there

/var/log/messages

Oct 19 01:46:16 localhost dbus[2559]: [system] Activating via systemd: service name=‘net.reactivated.Fprint’ unit=‘fprintd.service’
Oct 19 01:46:16 localhost systemd: Starting Fingerprint Authentication Daemon…
Oct 19 01:46:16 localhost dbus[2559]: [system] Successfully activated service ‘net.reactivated.Fprint’
Oct 19 01:46:16 localhost systemd: Started Fingerprint Authentication Daemon.
Oct 19 01:46:24 localhost NetworkManager[2667]: [1729273584.8125] agent-manager: req[0x5598f122ba90, :1.182/org.gnome.Shell.NetworkAgent/0]: agent registered
Oct 19 01:46:24 localhost dbus[2559]: [system] Activating via systemd: service name=‘org.freedesktop.hostname1’ unit=‘dbus-org.freedesktop.hostname1.service’
Oct 19 01:46:24 localhost systemd: Starting Hostname Service…
Oct 19 01:46:24 localhost dbus[2559]: [system] Successfully activated service ‘org.freedesktop.hostname1’
Oct 19 01:46:24 localhost systemd: Started Hostname Service.
Oct 19 01:46:56 localhost systemd: Starting NIS/YP (Network Information Service) Clients to NIS Domain Binder…
Oct 19 01:46:56 localhost dbus[5929]: avc: received policyload notice (seqno=8)
Oct 19 01:46:56 localhost dbus[5898]: avc: received policyload notice (seqno=8)
Oct 19 01:46:56 localhost setsebool: The allow_ypbind policy boolean was changed to 1 by root
Oct 19 01:46:56 localhost org.a11y.Bus: Reloaded configuration
Oct 19 01:46:56 localhost org.a11y.Bus: Reloaded configuration
Oct 19 01:46:56 localhost dbus[2559]: [system] Reloaded configuration
Oct 19 01:46:57 localhost ypbind: Binding NIS service
Oct 19 01:47:25 localhost xrdp-chansrv[55072]: [ERROR] clipboard_c2s_in_files: Bad number of files in list (7733295)
Oct 19 01:47:45 localhost ypbind: Binding took 48 seconds
Oct 19 01:47:45 localhost ypbind: NIS server for domain icet is not responding.
Oct 19 01:47:45 localhost ypbind: Killing ypbind with PID 135377.
Oct 19 01:47:45 localhost ypbind: Try increase NISTIMEOUT in /etc/sysconfig/ypbind
Oct 19 01:47:45 localhost systemd: ypbind.service: control process exited, code=exited status=1
Oct 19 01:47:45 localhost systemd: Failed to start NIS/YP (Network Information Service) Clients to NIS Domain Binder.
Oct 19 01:47:45 localhost systemd: Unit ypbind.service entered failed state.
Oct 19 01:47:45 localhost systemd: ypbind.service failed.
Oct 19 01:50:01 localhost systemd: Started Session 494 of user root.
Oct 19 01:50:45 localhost xrdp-chansrv[55072]: [ERROR] clipboard_c2s_in_files: Bad number of files in list (6946848)

journalctl -xu

> -- The start-up result is done.
> Oct 19 01:46:56 icetserver01 polkitd[2525]: Registered Authentication Agent for unix-process:135359:22017022 (system bus name :1.1197 [/
> Oct 19 01:46:56 icetserver01 systemd[1]: Starting NIS/YP (Network Information Service) Clients to NIS Domain Binder...
> -- Subject: Unit ypbind.service has begun start-up
> -- Defined-By: systemd
> -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
> -- 
> -- Unit ypbind.service has begun starting up.
> Oct 19 01:46:56 icetserver01 dbus[5929]: avc:  received policyload notice (seqno=8)
> Oct 19 01:46:56 icetserver01 dbus[5898]: avc:  received policyload notice (seqno=8)
> Oct 19 01:46:56 icetserver01 setsebool[135374]: The allow_ypbind policy boolean was changed to 1 by root
> Oct 19 01:46:56 icetserver01 org.a11y.Bus[55128]: Reloaded configuration
> Oct 19 01:46:56 icetserver01 org.a11y.Bus[5898]: Reloaded configuration
> Oct 19 01:46:56 icetserver01 dbus[2559]: [system] Reloaded configuration
> Oct 19 01:46:57 icetserver01 ypbind[135384]: Binding NIS service
> Oct 19 01:47:25 icetserver01 xrdp-chansrv[55072]: [ERROR] clipboard_c2s_in_files: Bad number of files in list (7733295)
> Oct 19 01:47:45 icetserver01 ypbind[135526]: Binding took 48 seconds
> Oct 19 01:47:45 icetserver01 ypbind[135528]: NIS server for domain icet is not responding.
> Oct 19 01:47:45 icetserver01 ypbind[135529]: Killing ypbind with PID 135377.
> Oct 19 01:47:45 icetserver01 ypbind[135530]: Try increase NISTIMEOUT in /etc/sysconfig/ypbind
> Oct 19 01:47:45 icetserver01 systemd[1]: ypbind.service: control process exited, code=exited status=1
> Oct 19 01:47:45 icetserver01 systemd[1]: Failed to start NIS/YP (Network Information Service) Clients to NIS Domain Binder.
> -- Subject: Unit ypbind.service has failed
> -- Defined-By: systemd
> -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
> -- 
> -- Unit ypbind.service has failed.
> -- 
> -- The result is failed.
> Oct 19 01:47:45 icetserver01 systemd[1]: Unit ypbind.service entered failed state.
> Oct 19 01:47:45 icetserver01 systemd[1]: ypbind.service failed.
> Oct 19 01:47:45 icetserver01 polkitd[2525]: Unregistered Authentication Agent for unix-process:135359:22017022 (system bus name :1.1197,
> lines 2100-2131/2131 (END)
> -- The start-up result is done.
> Oct 19 01:46:56 icetserver01 polkitd[2525]: Registered Authentication Agent for unix-process:135359:22017022 (system bus name :1.1197 [/
> Oct 19 01:46:56 icetserver01 systemd[1]: Starting NIS/YP (Network Information Service) Clients to NIS Domain Binder...
> -- Subject: Unit ypbind.service has begun start-up
> -- Defined-By: systemd
> -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
> -- 
> -- Unit ypbind.service has begun starting up.
> Oct 19 01:46:56 icetserver01 dbus[5929]: avc:  received policyload notice (seqno=8)
> Oct 19 01:46:56 icetserver01 dbus[5898]: avc:  received policyload notice (seqno=8)
> Oct 19 01:46:56 icetserver01 setsebool[135374]: The allow_ypbind policy boolean was changed to 1 by root
> Oct 19 01:46:56 icetserver01 org.a11y.Bus[55128]: Reloaded configuration
> Oct 19 01:46:56 icetserver01 org.a11y.Bus[5898]: Reloaded configuration
> Oct 19 01:46:56 icetserver01 dbus[2559]: [system] Reloaded configuration
> Oct 19 01:46:57 icetserver01 ypbind[135384]: Binding NIS service
> Oct 19 01:47:25 icetserver01 xrdp-chansrv[55072]: [ERROR] clipboard_c2s_in_files: Bad number of files in list (7733295)
> Oct 19 01:47:45 icetserver01 ypbind[135526]: Binding took 48 seconds
> Oct 19 01:47:45 icetserver01 ypbind[135528]: NIS server for domain icet is not responding.
> Oct 19 01:47:45 icetserver01 ypbind[135529]: Killing ypbind with PID 135377.
> Oct 19 01:47:45 icetserver01 ypbind[135530]: Try increase NISTIMEOUT in /etc/sysconfig/ypbind
> Oct 19 01:47:45 icetserver01 systemd[1]: ypbind.service: control process exited, code=exited status=1
> Oct 19 01:47:45 icetserver01 systemd[1]: Failed to start NIS/YP (Network Information Service) Clients to NIS Domain Binder.
> -- Subject: Unit ypbind.service has failed
> -- Defined-By: systemd
> -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
> -- 
> -- Unit ypbind.service has failed.
> -- 
> -- The result is failed.
> Oct 19 01:47:45 icetserver01 systemd[1]: Unit ypbind.service entered failed state.
> Oct 19 01:47:45 icetserver01 systemd[1]: ypbind.service failed.
> Oct 19 01:47:45 icetserver01 polkitd[2525]: Unregistered Authentication Agent for unix-process:135359:22017022 (system bus name :1.1197,
> ~
> ~
> lines 2100-2131/2131 (END)
> -- The start-up result is done.
> Oct 19 01:46:56 icetserver01 polkitd[2525]: Registered Authentication Agent for unix-process:135359:22017022 (system bus name :1.1197 [/
> Oct 19 01:46:56 icetserver01 systemd[1]: Starting NIS/YP (Network Information Service) Clients to NIS Domain Binder...
> -- Subject: Unit ypbind.service has begun start-up
> -- Defined-By: systemd
> -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
> -- 
> -- Unit ypbind.service has begun starting up.
> Oct 19 01:46:56 icetserver01 dbus[5929]: avc:  received policyload notice (seqno=8)
> Oct 19 01:46:56 icetserver01 dbus[5898]: avc:  received policyload notice (seqno=8)
> Oct 19 01:46:56 icetserver01 setsebool[135374]: The allow_ypbind policy boolean was changed to 1 by root
> Oct 19 01:46:56 icetserver01 org.a11y.Bus[55128]: Reloaded configuration
> Oct 19 01:46:56 icetserver01 org.a11y.Bus[5898]: Reloaded configuration
> Oct 19 01:46:56 icetserver01 dbus[2559]: [system] Reloaded configuration
> Oct 19 01:46:57 icetserver01 ypbind[135384]: Binding NIS service
> Oct 19 01:47:25 icetserver01 xrdp-chansrv[55072]: [ERROR] clipboard_c2s_in_files: Bad number of files in list (7733295)
> Oct 19 01:47:45 icetserver01 ypbind[135526]: Binding took 48 seconds
> Oct 19 01:47:45 icetserver01 ypbind[135528]: NIS server for domain icet is not responding.
> Oct 19 01:47:45 icetserver01 ypbind[135529]: Killing ypbind with PID 135377.
> Oct 19 01:47:45 icetserver01 ypbind[135530]: Try increase NISTIMEOUT in /etc/sysconfig/ypbind
> Oct 19 01:47:45 icetserver01 systemd[1]: ypbind.service: control process exited, code=exited status=1
> Oct 19 01:47:45 icetserver01 systemd[1]: Failed to start NIS/YP (Network Information Service) Clients to NIS Domain Binder.
> -- Subject: Unit ypbind.service has failed
> -- Defined-By: systemd
> -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
> -- 
> -- Unit ypbind.service has failed.
> -- 
> -- The result is failed.
> Oct 19 01:47:45 icetserver01 systemd[1]: Unit ypbind.service entered failed state.
> Oct 19 01:47:45 icetserver01 systemd[1]: ypbind.service failed.
> Oct 19 01:47:45 icetserver01 polkitd[2525]: Unregistered Authentication Agent for unix-process:135359:22017022 (system bus name :1.1197,
> ~
> ~
> ~
> ~
> lines 2100-2131/2131 (END)
> -- The start-up result is done.
> Oct 19 01:46:56 icetserver01 polkitd[2525]: Registered Authentication Agent for unix-process:135359:22017022 (system bus name :1.1197 [/
> Oct 19 01:46:56 icetserver01 systemd[1]: Starting NIS/YP (Network Information Service) Clients to NIS Domain Binder...
> -- Subject: Unit ypbind.service has begun start-up
> -- Defined-By: systemd
> -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
> -- 
> -- Unit ypbind.service has begun starting up.
> Oct 19 01:46:56 icetserver01 dbus[5929]: avc:  received policyload notice (seqno=8)
> Oct 19 01:46:56 icetserver01 dbus[5898]: avc:  received policyload notice (seqno=8)
> Oct 19 01:46:56 icetserver01 setsebool[135374]: The allow_ypbind policy boolean was changed to 1 by root
> Oct 19 01:46:56 icetserver01 org.a11y.Bus[55128]: Reloaded configuration
> Oct 19 01:46:56 icetserver01 org.a11y.Bus[5898]: Reloaded configuration
> Oct 19 01:46:56 icetserver01 dbus[2559]: [system] Reloaded configuration
> Oct 19 01:46:57 icetserver01 ypbind[135384]: Binding NIS service
> Oct 19 01:47:25 icetserver01 xrdp-chansrv[55072]: [ERROR] clipboard_c2s_in_files: Bad number of files in list (7733295)
> Oct 19 01:47:45 icetserver01 ypbind[135526]: Binding took 48 seconds
> Oct 19 01:47:45 icetserver01 ypbind[135528]: NIS server for domain icet is not responding.
> Oct 19 01:47:45 icetserver01 ypbind[135529]: Killing ypbind with PID 135377.
> Oct 19 01:47:45 icetserver01 ypbind[135530]: Try increase NISTIMEOUT in /etc/sysconfig/ypbind
> Oct 19 01:47:45 icetserver01 systemd[1]: ypbind.service: control process exited, code=exited status=1
> Oct 19 01:47:45 icetserver01 systemd[1]: Failed to start NIS/YP (Network Information Service) Clients to NIS Domain Binder.
> -- Subject: Unit ypbind.service has failed
> -- Defined-By: systemd
> -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
> -- 
> -- Unit ypbind.service has failed.
> -- 
> -- The result is failed.
> Oct 19 01:47:45 icetserver01 systemd[1]: Unit ypbind.service entered failed state.
> Oct 19 01:47:45 icetserver01 systemd[1]: ypbind.service failed.
> Oct 19 01:47:45 icetserver01 polkitd[2525]: Unregistered Authentication Agent for unix-process:135359:22017022 (system bus name :1.1197,
> ~
> ~
> ~
> ~
> ~
> ~
> lines 2100-2131/2131 (END)
> -- The start-up result is done.
> Oct 19 01:46:56 icetserver01 polkitd[2525]: Registered Authentication Agent for unix-process:135359:22017022 (system bus name :1.1197 [/
> Oct 19 01:46:56 icetserver01 systemd[1]: Starting NIS/YP (Network Information Service) Clients to NIS Domain Binder...
> -- Subject: Unit ypbind.service has begun start-up
> -- Defined-By: systemd
> -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
> -- 
> -- Unit ypbind.service has begun starting up.
> Oct 19 01:46:56 icetserver01 dbus[5929]: avc:  received policyload notice (seqno=8)
> Oct 19 01:46:56 icetserver01 dbus[5898]: avc:  received policyload notice (seqno=8)
> Oct 19 01:46:56 icetserver01 setsebool[135374]: The allow_ypbind policy boolean was changed to 1 by root
> Oct 19 01:46:56 icetserver01 org.a11y.Bus[55128]: Reloaded configuration
> Oct 19 01:46:56 icetserver01 org.a11y.Bus[5898]: Reloaded configuration
> Oct 19 01:46:56 icetserver01 dbus[2559]: [system] Reloaded configuration
> Oct 19 01:46:57 icetserver01 ypbind[135384]: Binding NIS service
> Oct 19 01:47:25 icetserver01 xrdp-chansrv[55072]: [ERROR] clipboard_c2s_in_files: Bad number of files in list (7733295)
> Oct 19 01:47:45 icetserver01 ypbind[135526]: Binding took 48 seconds
> Oct 19 01:47:45 icetserver01 ypbind[135528]: NIS server for domain icet is not responding.
> Oct 19 01:47:45 icetserver01 ypbind[135529]: Killing ypbind with PID 135377.
> Oct 19 01:47:45 icetserver01 ypbind[135530]: Try increase NISTIMEOUT in /etc/sysconfig/ypbind
> Oct 19 01:47:45 icetserver01 systemd[1]: ypbind.service: control process exited, code=exited status=1
> Oct 19 01:47:45 icetserver01 systemd[1]: Failed to start NIS/YP (Network Information Service) Clients to NIS Domain Binder.
> -- Subject: Unit ypbind.service has failed
> -- Defined-By: systemd
> -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
> -- 
> -- Unit ypbind.service has failed.
> -- 
> -- The result is failed.
> Oct 19 01:47:45 icetserver01 systemd[1]: Unit ypbind.service entered failed state.
> Oct 19 01:47:45 icetserver01 systemd[1]: ypbind.service failed.
> Oct 19 01:47:45 icetserver01 polkitd[2525]: Unregistered Authentication Agent for unix-process:135359:22017022 (system bus name :1.1197,
> ~
> ~
> ~
> ~
> ~
> ~
> ~
> lines 2100-2131/2131 (END)
> -- The start-up result is done.
> Oct 19 01:46:56 icetserver01 polkitd[2525]: Registered Authentication Agent for unix-process:135359:22017022 (system bus name :1.1197 [/
> Oct 19 01:46:56 icetserver01 systemd[1]: Starting NIS/YP (Network Information Service) Clients to NIS Domain Binder...
> -- Subject: Unit ypbind.service has begun start-up
> -- Defined-By: systemd
> -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
> -- 
> -- Unit ypbind.service has begun starting up.
> Oct 19 01:46:56 icetserver01 dbus[5929]: avc:  received policyload notice (seqno=8)
> Oct 19 01:46:56 icetserver01 dbus[5898]: avc:  received policyload notice (seqno=8)
> Oct 19 01:46:56 icetserver01 setsebool[135374]: The allow_ypbind policy boolean was changed to 1 by root
> Oct 19 01:46:56 icetserver01 org.a11y.Bus[55128]: Reloaded configuration
> Oct 19 01:46:56 icetserver01 org.a11y.Bus[5898]: Reloaded configuration
> Oct 19 01:46:56 icetserver01 dbus[2559]: [system] Reloaded configuration
> Oct 19 01:46:57 icetserver01 ypbind[135384]: Binding NIS service
> Oct 19 01:47:25 icetserver01 xrdp-chansrv[55072]: [ERROR] clipboard_c2s_in_files: Bad number of files in list (7733295)
> Oct 19 01:47:45 icetserver01 ypbind[135526]: Binding took 48 seconds
> Oct 19 01:47:45 icetserver01 ypbind[135528]: NIS server for domain icet is not responding.
> Oct 19 01:47:45 icetserver01 ypbind[135529]: Killing ypbind with PID 135377.
> Oct 19 01:47:45 icetserver01 ypbind[135530]: Try increase NISTIMEOUT in /etc/sysconfig/ypbind
> Oct 19 01:47:45 icetserver01 systemd[1]: ypbind.service: control process exited, code=exited status=1
> Oct 19 01:47:45 icetserver01 systemd[1]: Failed to start NIS/YP (Network Information Service) Clients to NIS Domain Binder.
> -- Subject: Unit ypbind.service has failed
> -- Defined-By: systemd
> -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
> -- 
> -- Unit ypbind.service has failed.
> -- 
> -- The result is failed.
> Oct 19 01:47:45 icetserver01 systemd[1]: Unit ypbind.service entered failed state.
> Oct 19 01:47:45 icetserver01 systemd[1]: ypbind.service failed.
> Oct 19 01:47:45 icetserver01 polkitd[2525]: Unregistered Authentication Agent for unix-process:135359:22017022 (system bus name :1.1197,
> ~
> ~
> ~
> ~
> ~
> ~
> ~
> ~

I did not find that it mentioned “ypbind-post-waitbind”.

Those ware probably from “waitbind”.

It probably shouts out to server and does not receive positive reply. I would probably listen to network traffic with tcpdump while I start the ypbind.service again.

  • If nothing goes out, then client does not know how to ask
  • If something goes out, but nothing back in, then listen on the server
  • If something goes out and something comes back, why isn’t it ok?

Thanks jlehtone,

I have captured the packets by tcpdump -i . But maybe I am not familiar with the tcpdump command. Which keyword should I grep? I have tried “bind”, “wait”, “”, “944”, “950”. But there is no result found.

Also, you said that NIS is legacy code. Which alternative would you suggest? In my network, there are Rocky (Centos) and Ubuntu machines.

Thank you!

Are you sure ypserv is running on the NIS master?

You can check it is from the client by running something like:

ypcat -h 10.6.126.29 -d icet group

(ypbind doesn’t need to be running when you use the NIS master and NIS domain options with ypcat)

Is there anything in /var/log/messages on the NIS master about the client ?

To capture packets on the client, run something like:

tcpdump -s 0 -w /path/to/some/file port 944

(you may have to use the -i option to specify the NIC interface) and then restart the ypbind service on the client

You can display the packet capture file either using wireshark or

tcpdump -r /path/to/some/file

I can get the group and passwd information from the master by:

ypcat -h 10.6.126.20 -d icet group
ypcat -h 10.6.126.20 -d icet passwd

But I cannot get the shadow information by:

ypcat -h 10.6.126.20 -d icet shadow
No such map shadow. Reason: No such map in server's domain

The following is the /var/log/messages. It seems that NIS master server doesn’t respond the client.

Oct 20 15:42:59 localhost dbus[2559]: [system] Activating via systemd: service name='net.reactivated.Fprint' unit='fprintd.service'
Oct 20 15:42:59 localhost systemd: Starting Fingerprint Authentication Daemon...
Oct 20 15:42:59 localhost dbus[2559]: [system] Successfully activated service 'net.reactivated.Fprint'
Oct 20 15:42:59 localhost systemd: Started Fingerprint Authentication Daemon.
Oct 20 15:42:59 localhost journal: clutter_actor_get_n_children: assertion 'CLUTTER_IS_ACTOR (self)' failed
Oct 20 15:43:04 localhost NetworkManager[2667]: <info>  [1729410184.7143] agent-manager: req[0x5598f121d960, :1.182/org.gnome.Shell.NetworkAgent/0]: agent registered
Oct 20 15:43:04 localhost dbus[2559]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus-org.freedesktop.hostname1.service'
Oct 20 15:43:04 localhost systemd: Starting Hostname Service...
Oct 20 15:43:04 localhost dbus[2559]: [system] Successfully activated service 'org.freedesktop.hostname1'
Oct 20 15:43:04 localhost systemd: Started Hostname Service.
Oct 20 15:43:34 localhost kernel: device em4 entered promiscuous mode
Oct 20 15:43:38 localhost systemd: Starting NIS/YP (Network Information Service) Clients to NIS Domain Binder...
Oct 20 15:43:38 localhost dbus[5898]: avc:  received policyload notice (seqno=19)
Oct 20 15:43:38 localhost dbus[5929]: avc:  received policyload notice (seqno=19)
Oct 20 15:43:38 localhost setsebool: The allow_ypbind policy boolean was changed to 1 by root
Oct 20 15:43:38 localhost org.a11y.Bus: Reloaded configuration
Oct 20 15:43:38 localhost org.a11y.Bus: Reloaded configuration
Oct 20 15:43:38 localhost dbus[2559]: [system] Reloaded configuration
Oct 20 15:43:39 localhost ypbind: Binding NIS service
Oct 20 15:44:28 localhost ypbind: Binding took 49 seconds
Oct 20 15:44:28 localhost ypbind: NIS server for domain icet is not responding.
Oct 20 15:44:28 localhost ypbind: Killing ypbind with PID 65565.
Oct 20 15:44:28 localhost ypbind: Try increase NISTIMEOUT in /etc/sysconfig/ypbind
Oct 20 15:44:28 localhost systemd: ypbind.service: control process exited, code=exited status=1
Oct 20 15:44:28 localhost systemd: Failed to start NIS/YP (Network Information Service) Clients to NIS Domain Binder.
Oct 20 15:44:28 localhost systemd: Unit ypbind.service entered failed state.
Oct 20 15:44:28 localhost systemd: ypbind.service failed.
Oct 20 15:44:33 localhost kernel: device em4 left promiscuous mode

And when I captured the packets during restarting ypbind by:
tcpdump -s 0 -i em4 -w ./packets.txt port 944
But there is no packet collected.

tcpdump -r ./packets.txt 
reading from file ./packets.txt, link - type EN10MB (Ethernet)

However, when I use (without port 944):

tcpdump -s 0 -i em4 -w ./packets.txt
tcpdump -r ./packets.txt

There are packets collected:

 16:05:30.161182 IP icetserver01.astri.org.924 > padnfs03.sunrpc: UDP, length 56
16:05:30.167163 ARP, Request who-has 10.6.126.98 (Broadcast) tell 0.0.0.0, length 46
16:05:30.194080 Loopback, skipCount 40648 (invalid)
16:05:30.531678 ARP, Request who-has daisy.astri.org tell cotton.astri.org, length 46
16:05:30.540607 ARP, Request who-has 10.6.126.117 tell 0.0.0.0, length 46
16:05:30.567545 IP icetserver01.astri.org.ms-wbt-server > 172.16.24.243.52059: Flags [P.], seq 168803:168855, ack 1280, win 1548, length 52
16:05:30.631204 IP 172.16.24.243.52059 > icetserver01.astri.org.ms-wbt-server: Flags [.], ack 168855, win 1031, length 0
16:05:30.777189 ARP, Request who-has tulip.astri.org tell 10.6.126.51, length 46
16:05:30.779195 ARP, Request who-has daisy.astri.org tell 10.6.126.51, length 46
16:05:30.825208 ARP, Request who-has orchid.astri.org tell 10.6.126.51, length 46
16:05:30.907218 ARP, Request who-has gateway tell 10.6.126.51, length 46
16:05:30.949493 ARP, Request who-has 10.6.126.2 tell vncsrv01.astri.org, length 46
16:05:30.983112 ARP, Request who-has daisy.astri.org tell pansy.astri.org, length 46
16:05:31.114510 ARP, Request who-has 10.6.126.2 tell vncsrv02.astri.org, length 46
16:05:31.167204 ARP, Request who-has 10.6.126.98 (Broadcast) tell 0.0.0.0, length 46
16:05:31.170143 IP icetserver01.astri.org.ms-wbt-server > 172.16.24.243.52059: Flags [P.], seq 168855:168898, ack 1280, win 1548, length 43
16:05:31.172515 ARP, Request who-has 10.6.126.114 tell 0.0.0.0, length 46
16:05:31.184645 IP icetserver01.astri.org.933 > padnfs03.sunrpc: UDP, length 56
16:05:31.219832 IP 172.16.24.243.52059 > icetserver01.astri.org.ms-wbt-server: Flags [.], ack 168898, win 1031, length 0
16:05:31.304275 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 04:32:01:97:fd:da (oui Unknown), length 301
16:05:31.314274 ARP, Request who-has 10.6.126.104 tell 10.6.126.138, length 46
16:05:31.533576 ARP, Request who-has daisy.astri.org tell cotton.astri.org, length 46
16:05:31.575962 IP 172.16.24.243.52059 > icetserver01.astri.org.ms-wbt-server: Flags [P.], seq 1280:1318, ack 168898, win 1031, length 38
16:05:31.576045 IP icetserver01.astri.org.ms-wbt-server > 172.16.24.243.52059: Flags [.], ack 1318, win 1548, length 0
16:05:31.581624 ARP, Request who-has tulip.astri.org tell cotton.astri.org, length 46

Does it mean that the NIS master didn’t response to the NIS client request?

Strange that you didn’t get any traffic on port 944 ?

How many NICs do you have on the client - i.e. have you got the correct NIC interface with tcpdump that is used to talk to the NIS master ?

You probably need to check ypserv on the master is still using port 944 - run rpcinfo -p 10.6.126.20 to see what port on the master ypserv is running on

Also can you do on the client:

systemctl stop ypbind
/usr/sbin/ypbind -d

and paste the output here ?

Depends partially what the NIS is used for.

For identity management, the FreeIPA seems to be neat. See for example Quick_Start_Guide — FreeIPA documentation and CIQ | How to Install the FreeIPA Server on Rocky Linux 9 and How to Configure FreeIPA Client on Ubuntu 22.04 / 20.04

I have just LDAP (389-ds) and Kerberos on systems, where NIS was originally replaced by OpenLDAP and Kerberos was added later. FreeIPA would have these and more.

On different set of systems I do deploy locally – with Ansible playbooks – most of the data that NIS would keep centrally (except passwords).

There is only 1 NIC on the client - em4. And I have captured the packets by “ping 8.8.8.8” and it can capture the packets.

Yes, it is quite strange that I can get the port 944 with ypserv by rpcinfo command on client, even the NIS master didn’t response:

[root@icetserver01 ~]# rpcinfo -p 10.6.126.20
   program vers proto   port  service
    100000    4   tcp    111  portmapper
    100000    3   tcp    111  portmapper
    100000    2   tcp    111  portmapper
    100000    4   udp    111  portmapper
    100000    3   udp    111  portmapper
    100000    2   udp    111  portmapper
    100005    1   udp  20048  mountd
    100005    1   tcp  20048  mountd
    100005    2   udp  20048  mountd
    100005    2   tcp  20048  mountd
    100005    3   udp  20048  mountd
    100005    3   tcp  20048  mountd
    100024    1   udp  38813  status
    100024    1   tcp  45897  status
    100003    3   tcp   2049  nfs
    100003    4   tcp   2049  nfs
    100227    3   tcp   2049  nfs_acl
    100021    1   udp  33481  nlockmgr
    100021    3   udp  33481  nlockmgr
    100021    4   udp  33481  nlockmgr
    100021    1   tcp  34489  nlockmgr
    100021    3   tcp  34489  nlockmgr
    100021    4   tcp  34489  nlockmgr
 600100069    1   udp    946  fypxfrd
 600100069    1   tcp    946  fypxfrd
    100009    1   udp    950  yppasswdd
    100009    1   tcp    950  yppasswdd
    100004    2   udp    944  ypserv
    100004    1   udp    944  ypserv
    100004    2   tcp    944  ypserv
    100004    1   tcp    944  ypserv

And I think I could not stop ypbind successfully.

[root@icetserver01 ~]# systemctl stop ypbind
[root@icetserver01 ~]# systemctl status ypbind
● ypbind.service - NIS/YP (Network Information Service) Clients to NIS Domain Binder
   Loaded: loaded (/usr/lib/systemd/system/ypbind.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Sun 2024-10-20 16:06:19 CST; 1 day 19h ago
  Process: 69013 ExecStartPost=/usr/libexec/ypbind-post-waitbind (code=exited, status=1/FAILURE)
  Process: 69008 ExecStart=/usr/sbin/ypbind -n $OTHER_YPBIND_OPTS (code=exited, status=0/SUCCESS)
  Process: 69005 ExecStartPre=/usr/sbin/setsebool allow_ypbind=1 (code=exited, status=0/SUCCESS)
  Process: 68997 ExecStartPre=/usr/libexec/ypbind-pre-setdomain (code=exited, status=0/SUCCESS)
 Main PID: 69008 (code=exited, status=0/SUCCESS)
   Status: "Processing requests..."

Oct 20 16:05:29 icetserver01 systemd[1]: Starting NIS/YP (Network Information Service) Clients to NIS Domain Binder...
Oct 20 16:05:30 icetserver01 setsebool[69005]: The allow_ypbind policy boolean was changed to 1 by root
Oct 20 16:06:19 icetserver01 systemd[1]: ypbind.service: control process exited, code=exited status=1
Oct 20 16:06:19 icetserver01 systemd[1]: Failed to start NIS/YP (Network Information Service) Clients to NIS Domain Binder.
Oct 20 16:06:19 icetserver01 systemd[1]: Unit ypbind.service entered failed state.
Oct 20 16:06:19 icetserver01 systemd[1]: ypbind.service failed.

Then, when I ypbind -d, the master didn’t answer:

[root@icetserver01 ~]# /usr/sbin/ypbind -d
45135: parsing config file
45135: Trying entry: domain icet server 10.6.126.20
45135: parsed domain 'icet' server '10.6.126.20'
45135: add_server() domain: icet, host: 10.6.126.20, slot: 0
45135: [Welcome to ypbind-mt, version 1.37.1]

45135: ping interval is 20 seconds

45135: rebind interval is 900 seconds

45137: NetworkManager is running.

45137: Network is available.
45137: Switch to online mode
45137: Going online, reloading config file.
45137: parsing config file
45137: Trying entry: domain icet server 10.6.126.20
45137: parsed domain 'icet' server '10.6.126.20'
45137: add_server() domain: icet, host: 10.6.126.20, slot: 0
45137: ping host '10.6.126.20', domain 'icet'
45137: host '10.6.126.20' doesn't answer.
45137: interface: org.freedesktop.DBus, object path: /org/freedesktop/DBus, method: NameAcquired
45140: ping host '10.6.126.20', domain 'icet'
45140: host '10.6.126.20' doesn't answer.
45140: Pinging all active servers.
45140: ping host '10.6.126.20', domain 'icet'
45140: host '10.6.126.20' doesn't answer.
45135: ypbindproc_domain_2_svc (icet)
45135: Pinging all active servers.
45135: ping host '10.6.126.20', domain 'icet'
45135: host '10.6.126.20' doesn't answer.
45135: trylock = success
45135: ping host '10.6.126.20', domain 'icet'
45135: host '10.6.126.20' doesn't answer.
45135: trylock = success
45135: ping host '10.6.126.20', domain 'icet'
45135: host '10.6.126.20' doesn't answer.
45135: Status: YPBIND_FAIL_VAL
45135: ypbindproc_domain_2_svc (icet)
45135: Pinging all active servers.
45135: ping host '10.6.126.20', domain 'icet'
45135: host '10.6.126.20' doesn't answer.
45135: trylock = success
45135: ping host '10.6.126.20', domain 'icet'
45135: host '10.6.126.20' doesn't answer.
45135: trylock = success
45135: ping host '10.6.126.20', domain 'icet'
45135: host '10.6.126.20' doesn't answer.
45135: Status: YPBIND_FAIL_VAL
45140: Pinging all active servers.

jlehtone, thanks for your sharing.

What OS are you using on the client (and NIS master) ? - and what version of ypserv on the NIS master ?

Client OS:
CentOS Linux release 7.9.2009 (Core)

NIS master:
Rocky Linux release 8.10 (Green Obsidian)

ypserv version on NIS master:
ypserv.x86_64 (4.1-1.el8)

Do you have anything blocking UDP on the network between the client and NIS master ?

When ypbind starts up - it uses UDP to bind to the NIS master, but when using ypcat, it uses TCP to talk to the NIS master - if UDP is blocked, then this might explain why ypcat works but ypbind doesn’t ?

It is strange when I use nc on client machine.

[root@icetserver01 localadmin]# rpcinfo -p 10.6.126.20
   program vers proto   port  service
    100000    4   tcp    111  portmapper
    100000    3   tcp    111  portmapper
    100000    2   tcp    111  portmapper
    100000    4   udp    111  portmapper
    100000    3   udp    111  portmapper
    100000    2   udp    111  portmapper
    100005    1   udp  20048  mountd
    100005    1   tcp  20048  mountd
    100005    2   udp  20048  mountd
    100005    2   tcp  20048  mountd
    100005    3   udp  20048  mountd
    100005    3   tcp  20048  mountd
    100024    1   udp  38813  status
    100024    1   tcp  45897  status
    100003    3   tcp   2049  nfs
    100003    4   tcp   2049  nfs
    100227    3   tcp   2049  nfs_acl
    100021    1   udp  33481  nlockmgr
    100021    3   udp  33481  nlockmgr
    100021    4   udp  33481  nlockmgr
    100021    1   tcp  34489  nlockmgr
    100021    3   tcp  34489  nlockmgr
    100021    4   tcp  34489  nlockmgr
    100004    2   udp    944  ypserv
    100004    1   udp    944  ypserv
    100004    2   tcp    944  ypserv
    100004    1   tcp    944  ypserv
    100009    1   udp    950  yppasswdd
    100009    1   tcp    950  yppasswdd
 600100069    1   udp    946  fypxfrd
 600100069    1   tcp    946  fypxfrd
[root@icetserver01 localadmin]# nc -v -u -z -w 3 10.6.126.20 944
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connected to 10.6.126.20:944.
Ncat: UDP packet sent successfully
Ncat: 1 bytes sent, 0 bytes received in 2.03 seconds.
[root@icetserver01 localadmin]# nc -v -z -w 3 10.6.126.20 944
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connected to 10.6.126.20:944.
Ncat: 0 bytes sent, 0 bytes received in 0.02 seconds.
[root@icetserver01 localadmin]# nc -v -u -z -w 3 10.6.126.20 950
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connected to 10.6.126.20:950.
Ncat: UDP packet sent successfully
Ncat: 1 bytes sent, 0 bytes received in 2.03 seconds.
[root@icetserver01 localadmin]# nc -v -z -w 3 10.6.126.20 950
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connected to 10.6.126.20:950.
Ncat: 0 bytes sent, 0 bytes received in 0.02 seconds.

It cannot send tcp to ypserv ports and yppasswdd ports instead, while udp succeed. Is it normal?