I have a few C5 machines on an isolated LAN that connect to a RHEL5 server via NFS and NIS for authentication. I discovered that one of the C5 workstations worked fine for NFS exporting, but refused to collaborate with the EL5 server for NIS user authentication. I had successfully connected other systems to this server without issue, but this machine was finicky. I had initially enabled the EL5 firewall, then later disabled it, including selecting --disable-firewall. Still, this one C5 workstation wouldn't cooperate for user authentication. Then, as a bit of an experiment, I opted to visit the EL5 services and manually highlight IPtables, clicked STOP, and tried the verification again. This time, the C5 system got the NIS data. Now, if I want to enable a firewall on all machines - As a server, EL5 does have an option to select NFS services be run on specific ports. How do I configure the C5 clients to also communicate on those ports, thus allowing full NIS/NFS user authentication and directory exporting, all the while with built-in firewall protection on all systems? These are all out-of-box setups, with no updates, and full package installs from the install media. As time goes on, I will migrate to the OpenLDAP world, but I haven't had the opportunity to experiment with that just yet. Thanks. Scott
Scott Ehrlich wrote:> I have a few C5 machines on an isolated LAN that connect to a RHEL5 > server via NFS and NIS for authentication. I discovered that one of > the C5 workstations worked fine for NFS exporting, but refused to > collaborate with the EL5 server for NIS user authentication. > > I had successfully connected other systems to this server without issue, > but this machine was finicky. > > I had initially enabled the EL5 firewall, then later disabled it, > including selecting --disable-firewall. Still, this one C5 workstation > wouldn't cooperate for user authentication. > > Then, as a bit of an experiment, I opted to visit the EL5 services and > manually highlight IPtables, clicked STOP, and tried the verification > again. This time, the C5 system got the NIS data. > > > Now, if I want to enable a firewall on all machines - > > As a server, EL5 does have an option to select NFS services be run on > specific ports. How do I configure the C5 clients to also communicate > on those ports, thus allowing full NIS/NFS user authentication and > directory exporting, all the while with built-in firewall protection on > all systems? > > These are all out-of-box setups, with no updates, and full package > installs from the install media. > > As time goes on, I will migrate to the OpenLDAP world, but I haven't had > the opportunity to experiment with that just yet. > > Thanks. > > ScottThis guide talks about NFS and NIS and firewalls: http://www.centos.org/docs/5/html/5.1/Deployment_Guide/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 252 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20080111/3df1b24c/attachment-0003.sig>