Bug 1090948
Summary: | Default settings for hosts.byname and hosts.byaddr NIS maps are incorrect | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Nalin Dahyabhai <nalin> |
Component: | slapi-nis | Assignee: | Nalin Dahyabhai <nalin> |
Status: | CLOSED ERRATA | QA Contact: | Namita Soman <nsoman> |
Severity: | unspecified | Docs Contact: | |
Priority: | medium | ||
Version: | 7.0 | CC: | mkosek |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | slapi-nis-0.52-5.el7 | Doc Type: | Bug Fix |
Doc Text: |
Cause: Due to incorrect default settings, directory servers which were configured to serve host address information in the form of NIS "hosts.byname" and "hosts.byaddr" maps would produce map entry values in which the first field was a host name rather than an IP address.
Consequence: Clients would typically discard the value obtained from the NIS server, and proceed as if no matching entry had been found in the NIS map.
Fix: The defaults have been corrected.
Result: Clients should be able to parse host address information which they retrieve from servers which are configured to provided it.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2015-03-05 10:26:09 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Nalin Dahyabhai
2014-04-24 12:55:37 UTC
For reference, when enumerating hosts, glibc walks hosts.byname, so we'd have to verify hosts.byaddr by asking 'getent' for the entry for a particular IP address. Verified using slapi-nis-0.54-2.el7.x86_64 ipa-server-4.1.0-15.el7.x86_64 After running NIS integration test suite, used the env and verified with following steps: # ypcat -d ipatest -h vm-idm-008.lab.eng.pnq.redhat.com hosts.byname 192.168.4.1 goodhost1 192.168.4.2 goodhost2 192.168.4.3 goodhost3 192.168.4.4 goodhost4 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ^^ matches /etc/hosts format when not using the -k option # ypcat -k -d ipatest -h vm-idm-008.lab.eng.pnq.redhat.com hosts.byname goodhost1 192.168.4.1 goodhost1 goodhost2 192.168.4.2 goodhost2 goodhost3 192.168.4.3 goodhost3 goodhost4 192.168.4.4 goodhost4 localhost 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 localhost.localdomain 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 localhost4 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 localhost4.localdomain4 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ^^ first entry is the name # ypcat -k -d ipatest -h vm-idm-008.lab.eng.pnq.redhat.com hosts.byaddr 127.0.0.1 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 192.168.4.1 192.168.4.1 goodhost1 192.168.4.2 192.168.4.2 goodhost2 192.168.4.3 192.168.4.3 goodhost3 192.168.4.4 192.168.4.4 goodhost4 ::1 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 ^^ first entry is the addr Disregard above verification. Followed steps below to verify: On ipa server, where ipa nis listener nis enabled (after running the test suite, it is) Added maps to enable hosts.byname, hosts.byaddr: dn: nis-domain=testrelm.test+nis-map=hosts.byaddr,cn=NIS Server,cn=plugins,cn=config objectClass: top objectClass: extensibleObject nis-map:hosts.byaddr nis-base: cn=computers, cn=accounts, dc=testrelm,dc=test nis-domain: testrelm.test nis-secure: no dn: nis-domain=testrelm.test+nis-map=hosts.byname,cn=NIS Server,cn=plugins,cn=config objectClass: top objectClass: extensibleObject nis-map:hosts.byname nis-base: cn=computers, cn=accounts, dc=testrelm,dc=test nis-domain: testrelm.test nis-secure: no ldapadd -x -D "cn=Directory Manager" -w Secret123 -h `hostname` -f <above filename> used ldif to add host with ipHostNumber: dn: fqdn=nkhost1.testrelm.test,cn=computers,cn=accounts,dc=testrelm,dc=test cn: nkhost1.testrelm.test objectClass: ipaobject objectClass: nshost objectClass: ipahost objectClass: ipHost objectClass: pkiuser objectClass: ipaservice objectClass: krbprincipalaux objectClass: krbprincipal objectClass: ieee802device objectClass: ipasshhost objectClass: top objectClass: ipaSshGroupOfPubKeys fqdn: nkhost1.testrelm.test managedBy: fqdn=nkhost1.testrelm.test,cn=computers,cn=accounts,dc=testrelm,dc=test krbPrincipalName: host/nkhost1.testrelm.test serverHostName: nkhost1 ipHostNumber: 192.168.4.5 ldapadd -x -D "cn=Directory Manager" -w Secret123 -h `hostname` -f <above filename> # ipa host-show nkhost1.testrelm.test --all --raw dn: fqdn=nkhost1.testrelm.test,cn=computers,cn=accounts,dc=testrelm,dc=test fqdn: nkhost1.testrelm.test krbprincipalname: host/nkhost1.testrelm.test has_password: FALSE has_keytab: FALSE managedby: fqdn=nkhost1.testrelm.test,cn=computers,cn=accounts,dc=testrelm,dc=test cn: nkhost1.testrelm.test ipHostNumber: 192.168.4.5 ipaUniqueID: ba4a5ae4-a260-11e4-88a5-52540082f3e4 managing: fqdn=nkhost1.testrelm.test,cn=computers,cn=accounts,dc=testrelm,dc=test objectClass: ipaobject objectClass: nshost objectClass: ipahost objectClass: ipHost objectClass: pkiuser objectClass: ipaservice objectClass: krbprincipalaux objectClass: krbprincipal objectClass: ieee802device objectClass: ipasshhost objectClass: top objectClass: ipaSshGroupOfPubKeys serverHostName: nkhost1 note it has the ipHostNumber # ypcat -d testrelm.test -h `hostname` hosts.byname 192.168.4.5 nkhost1.testrelm.test # ypcat -k -d testrelm.test -h `hostname` hosts.byaddr 192.168.4.5 192.168.4.5 nkhost1.testrelm.test # ypcat -k -d testrelm.test -h `hostname` hosts.byname nkhost1.testrelm.test 192.168.4.5 nkhost1.testrelm.test # getent -s nis hosts 192.168.4.5 nkhost1.testrelm.test Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-0445.html |