# [SOLVED] NFS and NIS fails.

## Del Pede

Oh boy, where to start. After Kernel migrate, nearly nothing worked.

Now I'm left with a dazzling problem. I have about 10 Ubuntu desktops and one gentoo server, which runs NFS and NIS, amongst other things, and functions as a gateway. On 9 out of 10 machines, users are unable to login through the clients, and untill recently, NFS mounted on every machine. Now the clients get (except one client) "RPC error: 15. Program not registered". All - again except one - clients hangs during boot, and hangs afterwards for a looon time, which is common, when ypserv doesn't respond. Even root takes ages to login on the clients.

All the Ubuntu clients are configured the same way

/etc/fstab

```
freya.mydomaine:/home /home nfs wsize=8192,rsize=8192,soft 0 0

freya.mydomaine:/mnt/Frivillighuset /mnt/Frivillighuset nfs wsize=8192,r

size=8192,soft 0 0

```

/etc/nsswitch.conf

```

passwd:         compat

group:          compat

shadow:         compat

passwd_compat:  nis

group_compat:   nis

shadow_compat:  nis

hosts:          files dns mdns

networks:       nis [NOTFOUND=return] files

protocols:      nis [NOTFOUND=return] files

services:       nis [NOTFOUND=return] files

ethers:         nis [NOTFOUND=return] files

rpc:            nis [NOTFOUND=return] files

netgroup:       nis

bootparams:     nis [NOTFOUND=return] files

publickey:      nis [NOTFOUND=return] 

automount:      files

aliases:        nis [NOTFOUND=return] files

```

/etc/yp.conf

```

domain freya.mydomain server 192.168.0.1

```

mydomain is listed in /etc/host

Finally here is the firewall script I'm using, and feel free to point any improvements on that, since I'm numero uno iptables noob

```

#################

# Hajs firewall #

#################

##################

# kernel-options #

##################

echo 1 > /proc/sys/net/ipv4/conf/all/forwarding

###########################################

# Variabler som bruges senere i scriptet. #

###########################################

LAN_NET="192.168.0.0/24" # Ret denne til hvad du nu bruger

EXT_INTERFACE="eth0"

EXT_IP="10.0.0.2"

######################################

# Regler flushes og policies saettes #

######################################

/sbin/iptables -t nat -F

/sbin/iptables -F

/sbin/iptables -P FORWARD ACCEPT

/sbin/iptables -P OUTPUT ACCEPT

/sbin/iptables -P INPUT ACCEPT

##############################################################

# Source NAT alle LAN connections til vores externe IP, hvis #

# trafikken fra disse ikke er til en af vores LAN IP net.    #

##############################################################

/sbin/iptables -t nat -A POSTROUTING -s $LAN_NET -d ! $LAN_NET -j SNAT --to $EXT_IP

#################################################################

# Tillad derefter trafik vi selv har sat igang at komme igennem #

#################################################################

/sbin/iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

#####################

# Diverse aabninger #

#####################

/sbin/iptables -A INPUT -i ${EXT_INTERFACE} -p tcp --dport 22 -j ACCEPT # Vi skal jo bruge ssh-adgang.

/sbin/iptables -A INPUT -i ${EXT_INTERFACE} -p udp --dport 68 -j ACCEPT # Og dhcp client skal ha' en aaben port.

#/sbin/iptables -A INPUT -i ${EXT_INTERFACE} -p tcp --dport 21 -j ACCEPT # ftpserver

#/sbin/iptables -A INPUT -i ${EXT_INTERFACE} -p tcp --dport 20 -j ACCEPT # ftpserver

# /sbin/iptables -A INPUT -i ${EXT_INTERFACE} -p udp --dport 500 -j ACCEPT # Og VPN-serveren (bruges ikke)

/sbin/iptables -A INPUT -i ${EXT_INTERFACE} -p tcp --dport 80 -j ACCEPT # Apache

/sbin/iptables -A INPUT -i ${EXT_INTERFACE} -p tcp --dport 25 -j ACCEPT # smtp

/sbin/iptables -A INPUT -i ${EXT_INTERFACE} -p tcp --dport 143 -j ACCEPT # imap

/sbin/iptables -A INPUT -p tcp -m state --state NEW -m multiport --dport 111,2049,4001,32764:32767 -j ACCEPT # nfs

/sbin/iptables -A INPUT -p udp -m state --state NEW -m multiport --dport 111,2049,4001,32764:32767 -j ACCEPT # nfs

###################

# Og sï¿½ lukker vi #

###################

/sbin/iptables -A INPUT -i ${EXT_INTERFACE} -p tcp --dport 1:65535 -j DROP # Vi blokker alt udefra, TCP.

/sbin/iptables -A INPUT -i ${EXT_INTERFACE} -p tcp --dport 1:65535 -j LOG --log-prefix IPTABLES_TCP --log-level 4 # Og logger det..

/sbin/iptables -A INPUT -i ${EXT_INTERFACE} -p udp -m multiport --dport 25,53,111,137,138,1024,1025 -j REJECT # Og et par UDP-porte.

/sbin/iptables -A INPUT -i ${EXT_INTERFACE} -p udp -m multiport --dport 25,53,111,137,138,1024,1025 -j LOG --log-prefix IPTABLES_TCP --log-level 4 # Og logger det..

###########################

# Og saa skal vi jo route #

###########################

/sbin/iptables -t nat -A POSTROUTING -d ! $LAN_NET -j MASQUERADE

/sbin/iptables -A FORWARD -s $LAN_NET -j ACCEPT

/sbin/iptables -A FORWARD -d $LAN_NET -j ACCEPT

/sbin/iptables -A FORWARD -s ! $LAN_NET -j DROP

```

Also there are added +:::::: to passwd, and +::: to group and +:::::::: to shadow

What pussles me, is that, why one client is able to function properly, when the rest doesn't. They are all configured the same way. I am really really lost here.

Hope someone can shed som light on thisLast edited by Del Pede on Tue Sep 26, 2006 11:29 pm; edited 1 time in total

----------

## Del Pede

Semi solved..... hosts.allow to the rescue.

ALL: <ip range> in /etc/hosts.allow seems to be deprecated now (or at least it didn't work). Now i added all the rpc service to hosts.allow now, and changed a few things in /etc/fstab, since i got some errors about a deprecated handle (roughly translated from danish).

Out of the blue, things started to work. Now i just need to make sure, that the firewall scripts functions like it should. So not quit solved yet

----------

## wobbly

Could you post your hosts.allow? I'm having a problem getting my nfs home directory

to mount with the error:

```

gyrotwystron ~ # /etc/init.d/nfsmount start

 * Mounting NFS filesystems ...

mount: RPC: Program not registered

mount: RPC: Program not registered

mount: RPC: Program not registered

mount: RPC: Program not registered

 * Error mounting NFS filesystems                                         [ !! ]gyrotwystron ~ #

```

----------

## Del Pede

 *wobbly wrote:*   

> Could you post your hosts.allow? I'm having a problem getting my nfs home directory
> 
> to mount with the error:
> 
> ```
> ...

 

Sure  :Wink: 

```

portmap: 192.168.0.*

nfs: 192.168.0.*

mountd: 192.168.0.*

lockd: 192.168.0.*

rquotad: 192.168.0..*

```

Just about the same error i got. NFS runs more smoothly now, after i made sure, that the clients had nfs-common installed and i recompiled the kernel with all the NFS support i could find

----------

## Del Pede

I guees i can label this as solved now

----------

## wobbly

What ebuild is nfs-common in? There isn't an ebuild for it.

Are there any services assicated with it that need to be started?

----------

## Del Pede

 *wobbly wrote:*   

> What ebuild is nfs-common in? There isn't an ebuild for it.
> 
> Are there any services assicated with it that need to be started?

 

actually - nfs-common is an ubuntu thing.

The client probally needs nfs-utils and portmap installed

----------

## wobbly

I fixed my problem. Read about it here

https://forums.gentoo.org/viewtopic-t-497715.html

----------

## dave87

 *Del Pede wrote:*   

> Semi solved..... hosts.allow to the rescue.
> 
> 

 

Hi, thanks for the idea. It solved it for me.

I had the error 

```
 * Service nfsmount starting

mount: RPC: Programm nicht registriert

mount: RPC: Programm nicht registriert

 Error mounting NFS filesystems                                           [ !! ]

 * ERROR:  nfsmount failed to start

```

at the Clients, and after removing /etc/hosts.allow on the server it works perfect. 

But till today it worked with /etc/hosts.allow and only update was baselayout from 1.12.5 to 1.12.5-r1.

Maybe this is a bug in baselayout? Or is my hosts.allow wrong syntax?

```
/etc/hosts.allow: 

ALL: LOCAL
```

//sorry for my bad english

----------

## Del Pede

 *dave87 wrote:*   

> 
> 
> at the Clients, and after removing /etc/hosts.allow on the server it works perfect. 
> 
> But till today it worked with /etc/hosts.allow and only update was baselayout from 1.12.5 to 1.12.5-r1.
> ...

 

It seems that the syntax HAS become wrong, with the new baselayout. Only assuming here, but after i changed my hosts.allow, things started working

try with

```

portmap: 192.168.0.*

nfs: 192.168.0.*

mountd: 192.168.0.*

lockd: 192.168.0.*

rquotad: 192.168.0..* 
```

in hosts.allow and change the IP's to match your network

----------

## dave87

 *Del Pede wrote:*   

> 
> 
> try with
> 
> ```
> ...

 

This worked, so i played a bit more with hosts.allow, and now i think i have the "error":

With "ALL: LOCAL" it don't work, but with "ALL: 192.168.0.*" it works. 

If it's no Bug, i think somebody should change the man page for hosts.allow

 *Quote:*   

>  /etc/hosts.allow:
> 
>           ALL: LOCAL @some_netgroup
> 
>        The first rule permits access from hosts in the local domain (no `.' in
> ...

 

----------

