It sounds as if you're using Wietse Venema's secure portmapper or the BSD portmapper (I'm not sure if includes Venema's changes, but it behaves similarly). Netapps and other simple NIS clients (including some stock Unix NIS clients) can't handle the secure portmapper. The port forwarding is disabled because a forwarded connection appears to the receiving RPC daemon to have come from the local host, which thwarts host-based access control.
That's exactly the kind of answer I was hoping for :) Seriously ... now I know that I am not (that) crazy :)
I don't know how to turn that behavior off, though. I have heard it is possible (and short of actually changing the code) but I haven't actually spoken to anyone who has succeeded. It's probably not worth it anyway; you probably don't want to weaken security, and the filer works better with local files. Just add dumping the maps to the filer to the yp make process.
I don't want to weaken something that is already pretty weak. RPC's are known for their security issues, and the portmapper sure helps. Dumping the maps to the filer is very tempting, and I might do that. I am going to need some explanations on where to put them and what the catch is (if any). I would appreciate you explain a little bit more what you meant by that.
I would be interested to hear how to disable security on the portmapper, though.
Just modify the callit function in pmap_check.c as follow :
line 200 or so (the actual check_callit function) :
BEFORE :
if (prog == PMAPPROG || prog == NFSPROG || prog == YPXPROG || (prog == MOUNTPROG && aproc == MOUNTPROC_MNT) || (prog == YPPROG && aproc != YPPROC_DOMAIN_NONACK)) {
AFTER :
if (prog == PMAPPROG || prog == NFSPROG || prog == YPXPROG || (prog == MOUNTPROG && aproc == MOUNTPROC_MNT) {
Sorry I don't use diff, but the idea is here. I did not compiled, tried, test this, but to the best of my knowledge it should work (you just remove one check after all).
ejt
Thanks again. Haim.