Originally posted by: oldfeeling

Hi.
I'm having troubles about nis_ldap hostname resolution and AIX 6.1 clients.
The server farm I'm working in, counts many AIX servers, configured to read users, groups and hosts over an OpenLDAP server (RFC2307 compliant).
All of them but three are AIX 5.3; on this version of the OS all works fine.
On the three 6.1 hosts, there is no problem with users and groups, but the hostname resolution doesn't work.
Other information about this issue:
1. OS version:

1. uname -a

AIX <hostname> 1 6 00C962724C00

1. oslevel -s

6100-02-01-0847
2. LDAP Client version:

1. lslpp -l "ldap*"

Fileset Level State Description

---

Path: /usr/lib/objrepos
ldap.client.adt 5.2.0.0 COMMITTED Directory Client SDK
ldap.client.rte 5.2.0.0 COMMITTED Directory Client Runtime (No
SSL)
ldap.html.en_US.config 5.2.0.0 COMMITTED Directory Install/Config
Gd-U.S. English
ldap.html.en_US.man 5.2.0.0 COMMITTED Directory Man Pages - U.S.
English
ldap.max_crypto_client.adt
5.2.0.0 COMMITTED Directory Client SDK
ldap.max_crypto_client.rte
5.2.0.0 COMMITTED Directory Client Runtime (SSL)
ldap.msg.en_US 5.2.0.0 COMMITTED Directory Messages - U.S.
English

Path: /etc/objrepos
ldap.client.rte 5.2.0.0 COMMITTED Directory Client Runtime (No
SSL)

3. File netsvc.conf

1. cat /etc/netsvc.conf | grep -v "#"

hosts = nis_ldap, local
4. File irs.conf

1. cat /etc/irs.conf

hosts nis_ldap continue
hosts local
5. File ldap.cfg

1. cat /etc/security/ldap/ldap.cfg | grep -v "#"

ldapservers:10.116.2.13
binddn:<omissis>
bindpwd:{DESv2}<omissis>
authtype:ldap_auth
useSSL:yes
ldapsslkeyf:/etc/security/ldap/key_new.kdb
ldapsslkeypwd:{DESv2}<omissis>
userattrmappath:/etc/security/ldap/2307user.map
groupattrmappath:/etc/security/ldap/2307group.map
userbasedn:ou=People,<omissis>
groupbasedn:ou=Group,<omissis>
hostbasedn:ou=Hosts,<omissis>
userclasses:posixaccount,account,shadowaccount
groupclasses:posixgroup
ldapport:389
ldapsslport:636
searchmode:ALL
defaultentrylocation:LDAP
serverschematype:rfc2307
6. TCPDump on the LDAP SERVER, when on the AIX 6.1 system I try: "ping some_ldap_host"
root@LDAP-SERVER ~# tcpdump -lnni eth0 -w /tmp/aix61_ping_not_found -s 65535 host 10.246.7.123
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
0 packets captured
0 packets received by filter
0 packets dropped by kernel

7. TCPDump on the LDAP SERVER, when on the AIX 6.1 system I try: "id some_ldap_user"
root@LDAP-SERVER ~# tcpdump -lnni eth0 -w /tmp/aix61_id_testuser -s 65535 host 10.246.7.123
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
4 packets captured
4 packets received by filter
0 packets dropped by kernel

So, comunication between client and server is OK!

8. TRUSS trace extract for command "ping some_ldap_host"...

...on a working AIX 5.3 client:
open("/etc/resolv.conf", O_RDONLY) Err#2 ENOENT
open("/etc/netsvc.conf", O_RDONLY) = 3
open("/unix", O_RDONLY|O_LARGEFILE) = 3
open("/usr/lib/nls/msg/en_US/libc.cat", O_RDONLY) = 3
open("/usr/lib/nls/msg/en_US/libc.cat", O_RDONLY) = 3
open("/usr/lib/nls/msg/en_US/libc.cat", O_RDONLY) = 3
open("/usr/lib/nls/msg/en_US/libc.cat", O_RDONLY) = 3
open("/usr/lib/nls/msg/en_US/libc.cat", O_RDONLY) = 3
open("/usr/lib/nls/msg/en_US/libc.cat", O_RDONLY) = 3
open("/etc/irs.conf", O_RDONLY) = 3
open("/usr/lib/nls/msg/en_US/libc.cat", O_RDONLY) = 4
open("/usr/lib/nls/msg/en_US/libc.cat", O_RDONLY) = 4
open("/usr/lib/nls/msg/en_US/libc.cat", O_RDONLY) = 4
open("/usr/lib/nls/msg/en_US/libc.cat", O_RDONLY) = 4
open("/usr/lib/nls/msg/en_US/libc.cat", O_RDONLY) = 4
open("/usr/lib/nls/msg/en_US/libc.cat", O_RDONLY) = 4
open("/etc/protocols", O_RDONLY) = 4
open("/usr/lib/nls/msg/en_US/ping.cat", O_RDONLY) = 5

...and on the AIX 6.1 client:
kopen("/etc/resolv.conf", O_RDONLY) Err#2 ENOENT
kopen("/etc/netsvc.conf", O_RDONLY) = 3
kopen("/unix", O_RDONLY|O_LARGEFILE) = 3
kopen("/usr/lib/nls/msg/en_US/libc.cat", O_RDONLY) = 3
kopen("/usr/lib/nls/msg/en_US/libc.cat", O_RDONLY) = 3
kopen("/usr/lib/nls/msg/en_US/libc.cat", O_RDONLY) = 3
kopen("/usr/lib/nls/msg/en_US/libc.cat", O_RDONLY) = 3
kopen("/usr/lib/nls/msg/en_US/libc.cat", O_RDONLY) = 3
kopen("/usr/lib/nls/msg/en_US/libc.cat", O_RDONLY) = 3
kopen("/etc/irs.conf", O_RDONLY) = 3
kopen("/usr/lib/nls/msg/en_US/libc.cat", O_RDONLY) = 4
kopen("/usr/lib/nls/msg/en_US/libc.cat", O_RDONLY) = 4
kopen("/usr/lib/nls/msg/en_US/libc.cat", O_RDONLY) = 4
kopen("/usr/lib/nls/msg/en_US/libc.cat", O_RDONLY) = 4
kopen("/usr/lib/nls/msg/en_US/libc.cat", O_RDONLY) = 4
kopen("/usr/lib/nls/msg/en_US/libc.cat", O_RDONLY) = 4
kopen("/etc/hosts", O_RDONLY) = 4
kopen("/etc/hosts", O_RDONLY) = 4
kopen("/usr/lib/nls/msg/en_US/ping.cat", O_RDONLY) = 4

Complete TRUSS traces are in attachment.

Any ideas?
Thanks all.

--Oldfeeling
#AIX-Forum

Originally posted by: flodstrom

You should not have to set the resolution order in both irs.conf and netsvc.conf. Also, make sure that you don't have the NSORDER environment variable set to something. I would try to stick with one setting only in order to avoid potential confusion.

That said, I would be very interested to know if you manage to solve this problem. I have a similar problem, but it is with the lokup order for AutoFS maps. I wonder if it's related somehow?
#AIX-Forum

Originally posted by: oldfeeling

Hi flodstrom,
I know what you say about netsvc.conf - irs.conf - NSORDER; IBM docs are very clear about it.
But analysing the issue I've tried every permutation of those three objects... without any success (just the tipical empiric workflow :) ).
Maybe your problem is related to mine.
Let's up the thread!!!

Thanks,
Oldfeeling
#AIX-Forum

Originally posted by: flodstrom

A small update.

It seem like a complete re-install of bos.net solved most of my problems with the wierd AutoFS behaviour. However, now I have a new somewhat annoying problem. After reboot no NFS shares are exported for some reason? I only have to manually run exportfs and all is ok again, but still it's a bit odd.

A question! Were your AIX6.1 machines by any chance pre-configured/installed by IBM (as part of the service) or did you install them from scratch your self?

The reason for asking is that AIX6.1 machines that I installed myself (older POWER 4 & 5 hardware) never had the problems that our new pre-installed POWER6 machines have.

Anyway, if you feel brave try a re-install of bos.net to see if it helps the nis_ldap stuff sould be part of that).
#AIX-Forum

Originally posted by: oldfeeling

Hi flodstrom,
Basically I don't know how machines have been installed, but maybe I can ask the farm owner to try a reinstallation of bos.rte.

Thanks for your help,
Oldfeeling
#AIX-Forum

Originally posted by: flodstrom

I think I jumped to conclusion to fast! I completely forgot about the irs.conf I added as part of the workaround. That plus some additional changes since last time I looked at this problem.

I had a chance to reboot the machine today and noticed that nothing did change after all :(. I still need to apply some manual tricks to get the automount NIS maps to "resolv" properly.

Sorry about that.

I really need to push this to IBM support after all.

Still, I'm a bit puzzled as to why the AIX6.1 machines I installed work as expected and the pre-installed ones do not?
#AIX-Forum