OpenSUSE Leap 15.1 Firewall and NIS

English Network/Internet
#1

Hello,
I am trying to configure NIS with static ports to use it with firewalld on a server under openSUSE Leap 15.1 (with the latest updates as of today, 2020.04.23). So, I followed the instructions given in https://doc.opensuse.org/documentation/leap/security/html/book.security/cha-security-firewall.html#sec-security-firewall-firewalld, “17.4.2 Accessing Services Listening on Dynamic Ports”, and set the variables as follows:

/etc/sysconfig/ypbind YPBIND_OPTIONS -p 24500

[TR=“class: contains-rowspan”]
[TD] /etc/sysconfig/ypserv[/TD]
[TD] YPXFRD_ARGS[/TD]
[TD] -p 24501[/TD]
[/TR]| YPSERV_ARGS| -p 24502|
| YPPASSWDD_ARGS | --port 24503|

YPSERV_ARGS and YPPASSWDD_ARGS were not present in ypserv, so I had to add them manually.
After restarting the server, I used rpcinfo -p to see the ports. Unfortunately, it only works for ypbind (port 24500 -> OK), but neither for ypserv (port 701 -> not OK) nor for yppasswdd (port 720 -> not OK). It seems that the settings of the YPSERV_ARGS and YPPASSWDD_ARGS variables are ignored.
Any help would be greatly appreciated. Thanks in advance!

#2

They are most certainly present in ypserv sysconfig template. Paste full actual content of your /etc/sysconfig/ypserv.

#3

This is /etc/sysconfig/ypserv after my modification:
[HR][/HR]## Path: Network/NIS/NIS server

Description:

Type: string(/etc)

Default: /etc

ServiceRestart: ypserv yppasswdd

YP Source directory for passwd, shadow and group. You could

give here an different directory as /etc where YP will search

the source files for the passwd and group tables.

YPPWD_SRCDIR="/etc"

Type: yesno

Default: no

ServiceRestart: yppasswdd

Should the user be allowed to change his GECOS field

with ypchfn ?

YPPWD_CHFN=“no”

Type: yesno

Default: no

ServiceRestart: yppasswdd

Should the user be allowed to change his default login shell

with ypchsh ?

YPPWD_CHSH=“no”

Path: Network/NIS/NIS server

Description:

Type: string

Default: “”

ServiceRestart: ypxfrd

Additonal arguments for rpc.ypxfrd. See manual page

for possible options.

YPXFRD_ARGS="-p 24501"

Manually added by ragger65, 2020.04.23

YPSERV_ARGS="-p 24502"

Manually added by ragger65, 2020.04.23

YPPASSWDD_ARGS="–port 24503"
[HR][/HR]In the original template, YPXFRD_ARGS was set to “”, and YPSERV_ARGS and YPPASSWDD_ARGS were not present at all.

#4

And what “systemctl status ypserv.service” says?

#5

This gives the following:

ragger@wwwice:~> sudo systemctl status ypserv.service
● ypserv.service - NIS/YP Server
   Loaded: loaded (/usr/lib/systemd/system/ypserv.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2020-04-23 13:45:28 JST; 7h ago
 Main PID: 1373 (ypserv)
   Status: "Processing requests..."
    Tasks: 1
   CGroup: /system.slice/ypserv.service
           └─1373 /usr/sbin/ypserv -f

Apr 23 13:45:28 wwwice systemd[1]: Starting NIS/YP Server...
Apr 23 13:45:28 wwwice systemd[1]: Started NIS/YP Server.
ragger@wwwice:~>
#6

Can you show “systemctl cat ypserv.service”? Did you restart service after editing /etc/sysconfig/ypserv?

#7

Yes, I even rebooted the server.

ragger@wwwice:~> sudo systemctl cat ypserv.service
# /usr/lib/systemd/system/ypserv.service
[Unit]
Description=NIS/YP Server
Requires=rpcbind.service
After=network.target rpcbind.service slpd.service

[Service]
Type=notify
NotifyAccess=all
ExecStart=/usr/sbin/ypserv -f

[Install]
WantedBy=multi-user.target
ragger@wwwice:~>
#8

What ypserv version do you have? “rpm -q ypserv”?

#9 
ragger@wwwice:~> rpm -q ypserv
ypserv-4.0-6.1.x86_64
ragger@wwwice:~>
#10

This is Leap 42.3 package (assuming it is openSUSE package). Do you have Leap 15.1 at all?

#11

Yes, but I upgraded the system from openSUSE Leap 42.3 via Leap 15.0 to Leap 15.1.

#12

Then the next question is of course: How?
And what are your repos now:

zypper lr -d
#13

I did the upgrade by using the upgrade function on the DVDs (which I burnt from the ISO images provided on the openSUSE web site).
The repos seem to be all up-to-date as far as I can see:

ragger@wwwice:~> zypper lr -d
#  | Alias                     | Name                               | Enabled | GPG Check | Refresh | Priority | Type   | URI                                                                      | Service
---+---------------------------+------------------------------------+---------+-----------+---------+----------+--------+--------------------------------------------------------------------------+--------
 1 | openSUSE-Leap-15.1-1      | openSUSE-Leap-15.1-1               | Yes     | (r ) Yes  | No      |   99     | rpm-md | cd:/?devices=/dev/disk/by-id/usb-GENERIC_CDRCB05_CDRCB05A0129775-0:0     |        
 2 | repo-debug                | Debug Repository                   | No      | ----      | ----    |   99     | NONE   | http://download.opensuse.org/debug/distribution/leap/15.1/repo/oss/      |        
 3 | repo-debug-non-oss        | Debug Repository (Non-OSS)         | No      | ----      | ----    |   99     | NONE   | http://download.opensuse.org/debug/distribution/leap/15.1/repo/non-oss/  |        
 4 | repo-debug-update         | Update Repository (Debug)          | No      | ----      | ----    |   99     | NONE   | http://download.opensuse.org/debug/update/leap/15.1/oss/                 |        
 5 | repo-debug-update-non-oss | Update Repository (Debug, Non-OSS) | No      | ----      | ----    |   99     | NONE   | http://download.opensuse.org/debug/update/leap/15.1/non-oss/             |        
 6 | repo-non-oss              | Non-OSS Repository                 | Yes     | (r ) Yes  | Yes     |   99     | rpm-md | http://download.opensuse.org/distribution/leap/15.1/repo/non-oss/        |        
 7 | repo-oss                  | Main Repository                    | Yes     | (r ) Yes  | Yes     |   99     | rpm-md | http://download.opensuse.org/distribution/leap/15.1/repo/oss/            |        
 8 | repo-source               | Source Repository                  | No      | ----      | ----    |   99     | NONE   | http://download.opensuse.org/source/distribution/leap/15.1/repo/oss/     |        
 9 | repo-source-non-oss       | Source Repository (Non-OSS)        | No      | ----      | ----    |   99     | NONE   | http://download.opensuse.org/source/distribution/leap/15.1/repo/non-oss/ |        
10 | repo-update               | Main Update Repository             | Yes     | (r ) Yes  | Yes     |   99     | rpm-md | http://download.opensuse.org/update/leap/15.1/oss/                       |        
11 | repo-update-non-oss       | Update Repository (Non-Oss)        | Yes     | (r ) Yes  | Yes     |   99     | rpm-md | http://download.opensuse.org/update/leap/15.1/non-oss/                   |        
ragger@wwwice:~>
#14

Yes, they seem to be correct. But yoou could Disable the first one, it is de DVD and it is not needed anymore. And as it is now you might be asked to load it every time you do some software management.

Nevertheless, because you still seem to have some old version package, it might help to do a

zypper dup --from repo-oss

and see if it still upgrades packages.

#15

I updated ypserv with the YaST Software Management tool. It is now at ypserv-4.0-lp151.5.3.x86_64 (before it was ypserv-4.0-6.1.x86_64). yast2-nis-server (yast2-nis-server-4.1.1-lp151.1.1.noarch) and ypbind (ypbind-2.6-lp151.1.1.x86_64) are both up-to-date. After this update, I rebooted the server.

The variables are set as follows:
/etc/sysconfig/ypbind:YPBIND_OPTIONS="-p 24500"

/etc/sysconfig/ypserv:YPXFRD_ARGS="-p 24501"
YPSERV_ARGS="-p 24502"
YPPASSWDD_ARGS="–port 24503"

I opened these ports in the firewall by

firewall-rpc-helper.py -p yp-server --create-firewalld-service yp-server-static
firewall-cmd --permanent --add-service=yp-server-static --zone=public
firewall-rpc-helper.py -p yp-client --create-firewalld-service yp-client-static
firewall-cmd --permanent --add-service=yp-client-static --zone=public

However, I still cannot get NIS through the firewall. If I deactivate the firewall, it works. Do I have to do anything on the clients (all running under Leap 15.1) as well?

#16

Sorry, I am not sure here.
Did you do the

zypper dup --from repo-oss

and is the above what was installed as a result? And were that the only packages upgraded with the command?

Or didn’t you use that command. Then please explain why.

#17

Sorry, I didn’t dare doing the zypper dup --from repo-oss because it wants to make huge changes:

ragger@wwwice:~> sudo zypper dup --from repo-oss
Retrieving repository 'Main Update Repository' metadata ...[done]
Building repository 'Main Update Repository' cache ...[done]
Loading repository data...
Reading installed packages...
Computing distribution upgrade...
3 Problems:
Problem: nothing provides libmetalink.so.3 needed by wget-1.20.3-lp151.5.3.1.i586
Problem: libidn2-lang-2.2.0-lp151.3.3.1.noarch requires libidn2 = 2.2.0, but this requirement cannot be provided
Problem: python-rpm-generators-20200117.8e39013-lp151.2.3.1.noarch requires python-rpm-macros = 20200117.8e39013-lp151.2.3.1, but this requirement cannot be provided

Problem: nothing provides libmetalink.so.3 needed by wget-1.20.3-lp151.5.3.1.i586
 Solution 1: deinstallation of wget-lang-1.20.3-lp151.5.3.1.noarch
 Solution 2: keep obsolete wget-1.20.3-lp151.5.3.1.x86_64
 Solution 3: break wget-1.20.3-lp151.5.3.1.i586 by ignoring some of its dependencies

Choose from above solutions by number or skip, retry or cancel [1/2/3/s/r/c/d/?] (c): 1

Problem: libidn2-lang-2.2.0-lp151.3.3.1.noarch requires libidn2 = 2.2.0, but this requirement cannot be provided
 Solution 1: deinstallation of libidn2-lang-2.2.0-lp151.3.3.1.noarch
 Solution 2: keep obsolete libidn2-0-2.2.0-lp151.3.3.1.x86_64
 Solution 3: break libidn2-lang-2.2.0-lp151.3.3.1.noarch by ignoring some of its dependencies

Choose from above solutions by number or skip, retry or cancel [1/2/3/s/r/c/d/?] (c): 1

Problem: python-rpm-generators-20200117.8e39013-lp151.2.3.1.noarch requires python-rpm-macros = 20200117.8e39013-lp151.2.3.1, but this requirement cannot be provided
 Solution 1: deinstallation of python-rpm-generators-20200117.8e39013-lp151.2.3.1.noarch
 Solution 2: keep obsolete python-rpm-macros-20200117.8e39013-lp151.2.3.1.noarch
 Solution 3: break python-rpm-generators-20200117.8e39013-lp151.2.3.1.noarch by ignoring some of its dependencies

Choose from above solutions by number or skip, retry or cancel [1/2/3/s/r/c/d/?] (c): 1
Resolving dependencies...
Computing distribution upgrade...

The following item is locked and will not be changed by any action:
 Available:
  Mesa-dri-nouveau

The following 3 NEW packages are going to be installed:
  libdns_sd libminiupnpc16 libwicked-0-6

The following 3 packages are going to be REMOVED:
  libidn2-lang python-rpm-generators wget-lang

The following 792 packages are going to be downgraded:
  aaa_base aaa_base-extras accountsservice accountsservice-lang akonadi-server akonadi-server-lang alsa-utils apache2 apache2-doc apache2-example-pages apache2-mod_php7
  apache2-prefork apache2-utils apparmor-abstractions apparmor-docs apparmor-parser apparmor-parser-lang apparmor-profiles apparmor-utils apparmor-utils-lang autoconf
  autoyast2-installation baloo5-file baloo5-file-lang baloo5-imports baloo5-imports-lang baloo5-kioslaves baloo5-kioslaves-lang baloo5-tools baloo5-tools-lang bash
  bash-doc bash-lang bind-utils binutils bluez boost-license1_66_0 btrfsprogs btrfsprogs-udev-rules bzip2 ca-certificates-mozilla canna-libs checkmedia chrony
  cifs-utils cln command-not-found cpio cpio-lang cpio-mt cpp7 cpupower cron cronie ctags cups cups-client cups-config cups-filters curl cvs cvsps cyrus-sasl
  cyrus-sasl-crammd5 cyrus-sasl-digestmd5 cyrus-sasl-gssapi cyrus-sasl-plain damageproto-devel db48-utils dbus-1 dbus-1-x11 desktop-file-utils device-mapper dhcp
  dhcp-client dmidecode dnsmasq dolphin dolphin-part dolphin-part-lang dracut e2fsprogs ebtables elfutils elfutils-lang exiv2 exiv2-lang expat fetchmsttfonts finger
  fipscheck firewalld-rpcbind-helper fixesproto-devel fwnn fwnncom gcc7-info gdb gdk-pixbuf-loader-rsvg gdmflexiserver GeoIP GeoIP-data ghostscript ghostscript-x11
  gimp-help gimp-help-de gimp-help-ja glib2-lang glib2-tools glibc glibc-32bit glibc-extra glibc-i18ndata glibc-info glibc-locale glibc-locale-base
  glibc-locale-base-32bit glib-networking glib-networking-lang gpg2 gpg2-lang graphviz graphviz-gd graphviz-gnome graphviz-plugins-core grub2 grub2-i386-pc
  grub2-snapper-plugin grub2-systemd-sleep-plugin grub2-x86_64-efi gtk3-data gtk3-immodule-amharic gtk3-immodule-inuktitut gtk3-immodule-thai gtk3-immodule-vietnamese
  gtk3-immodule-xim gtk3-lang gtk3-schema gtk3-tools gvfs gvfs-backend-afc gvfs-backends gvfs-backend-samba gvfs-fuse gvfs-lang htdig hwinfo ibus ibus-gtk ibus-gtk3
  ibus-lang icewm icewm-default icewm-lang icewm-lite icewm-theme-branding ImageMagick ImageMagick-config-7-SUSE info2html insserv-compat intlfonts ipmitool irqbalance
  iscsiuio java-11-openjdk java-11-openjdk-headless java-1_8_0-openjdk java-1_8_0-openjdk-headless kaccounts-providers kaccounts-providers-lang kbproto-devel
  kconf_update5 kdelibs4 kdelibs4-branding-upstream kdelibs4-core kde-oxygen-fonts kdepimlibs4 kdepim-runtime kdepim-runtime-lang kde-print-manager
  kde-print-manager-lang kernel-firmware kidentitymanagement-lang kio kio-core kio-lang kmail kmail-application-icons kmail-lang kmozillahelper kompare kompare-lang
  kpartx kpat kpat-lang kpimtextedit kpimtextedit-lang krb5 krb5-32bit kscreenlocker kscreenlocker-lang ksh ktnef libapparmor1 libapr1 libapr-util1 libarchive13
  libart_lgpl_2-2 libart_lgpl-devel libasan4 libasm1 libaspell15 libatomic1 libaudiofile1 libbind9-160 libblkid1 libblkid1-32bit libbluetooth3 libboost_date_time1_66_0
  libboost_filesystem1_66_0 libboost_iostreams1_66_0 libboost_locale1_66_0 libboost_system1_66_0 libboost_thread1_66_0 libbrotlicommon1 libbrotlienc1 libbtrfs0 libbz2-1
  libcares2 libcdio16 libcilkrts5 libcmis-0_5-5 libcom_err2 libcom_err2-32bit libcpupower0 libcups2 libcups2-32bit libcupscgi1 libcupsimage2 libcupsmime1 libcupsppdc1
  libcurl4 libdb-4_8 libdbus-1-3 libdbus-1-3-32bit libdcerpc0 libdcerpc0-32bit libdcerpc-binding0 libdcerpc-binding0-32bit libdevmapper1_03 libdevmapper1_03-32bit
  libdevmapper-event1_03 libdjvulibre21 libdns169 libdolphinvcs5 libdrm2 libdrm_amdgpu1 libdrm_intel1 libdrm_nouveau2 libdrm_radeon1 libdw1 libebl-plugins libelf1
  libepub0 libexif12 libexiv2-26 libexpat1 libext2fs2 libfdisk1 libfipscheck1 libfreebl3 libfreebl3-hmac libfreehand-0_1-1 libgadu3 libgbm1 libgcrypt20
  libgcrypt20-32bit libgd3 libGeoIP1 libgfortran4 libgio-2_0-0 libglib-2_0-0 libgltf-0_1-1 libgmodule-2_0-0 libgmp10 libgmp10-32bit libgmpxx4 libgnutls30
  libgnutls30-32bit libgobject-2_0-0 libgraphviz6 libgthread-2_0-0 libgtk-3-0 libgts-0_7-5 libhdf4 libhogweed4 libhogweed4-32bit libibus-1_0-5 libibverbs libibverbs1
  libicu60_2 libicu60_2-ledata libicu-devel libidn2-0 libidn2-0-32bit libIlmImf-2_2-23 libimobiledevice6 libirs160 libisc166 libisccc160 libisccfg160 libiso9660-10
  libitm1 libjack0 libjasper4 libjavascriptcoregtk-4_0-18 libjpeg62 libjpeg8 libjpeg-turbo libkcddb4 libkde4 libkdecore4 libkdegames4 libkdegames6
  libKF5AkonadiAgentBase5 libKF5AkonadiCore5 libKF5AkonadiPrivate5 libKF5AkonadiWidgets5 libKF5AkonadiXml5 libKF5Baloo5 libKF5BalooEngine5 libKF5BalooEngine5-lang
  libKF5Cddb5 libKF5ConfigCore5 libKF5ConfigCore5-lang libKF5ConfigGui5 libKF5IdentityManagement5 libKF5PimTextEdit5 libKF5Plasma5 libKPimItinerary5
  libKPimItinerary5-lang libKScreenLocker5 libksuseinstall1 libldap-2_4-2 libldap-2_4-2-32bit libldap-data libLLVM7 liblmdb-0_9_17 liblsan0 liblvm2app2_2 liblvm2cmd2_02
  liblwres160 liblz4-1 liblz4-1-32bit liblzma5 liblzma5-32bit libMagickCore-7_Q16HDRI6 libMagickWand-7_Q16HDRI6 libmariadb3 libmeanwhile1 libmetis5 libminizip1
  libmlx4-1 libmlx5-1 libmodplug1 libmount1 libmozjs-17_0 libmpx2 libmpxwrappers2 libmwaw-0_3-3 libmysqlcppconn7 libmysqld19 libncurses5 libncurses6 libndr0
  libndr0-32bit libndr-krb5pac0 libndr-krb5pac0-32bit libndr-nbt0 libndr-nbt0-32bit libndr-standard0 libndr-standard0-32bit libneon27 libnetapi0 libnetapi0-32bit
  libnetpbm11 libnettle6 libnettle6-32bit libnghttp2-14 libnsssharedhelper0 libopencv3_3 libo*****csiusr0_2_0 libopenmpt0 libopenssl1_0_0 libopenssl1_0_0-32bit
  libopenssl1_1 libopenssl1_1-32bit libopus0 libotr5 libp11-kit0 libp11-kit0-32bit libpackagekit-glib2-18 libparted0 libpcap1 libpixman-1-0-devel libply4
  libply-boot-client4 libply-splash-core4 libply-splash-graphics4 libpng16-16 libpolkit0 libpq5 libpython2_7-1_0 libpython2_7-1_0-32bit libpython3_6m1_0
  libQt5Concurrent5 libQt5Core5 libQt5DBus5 libQt5Gui5 libQt5Network5 libQt5OpenGL5 libQt5PrintSupport5 libqt5-qtbase-platformtheme-gtk3 libQt5Sql5 libQt5Sql5-mysql
  libQt5Sql5-sqlite libQt5Test5 libQt5Widgets5 libQt5Xml5 librados2 librdmacm1 libre2-0 libreadline6 libreadline7 libreoffice libreoffice-base
  libreoffice-base-drivers-firebird libreoffice-branding-upstream libreoffice-calc libreoffice-draw libreoffice-filters-optional libreoffice-icon-themes
  libreoffice-impress libreoffice-l10n-de libreoffice-l10n-en libreoffice-l10n-ja libreoffice-mailmerge libreoffice-math libreoffice-pyuno libreoffice-qt5
  libreoffice-share-linker libreoffice-writer librsvg-2-2 libruby2_5-2_5 libsamba-credentials0 libsamba-credentials0-32bit libsamba-errors0 libsamba-errors0-32bit
  libsamba-hostconfig0 libsamba-hostconfig0-32bit libsamba-passdb0 libsamba-passdb0-32bit libsamba-policy0-python3 libsamba-util0 libsamba-util0-32bit libsamdb0
  libsamdb0-32bit libsasl2-3 libsasl2-3-32bit libSDL2-2_0-0 libseccomp2 libseccomp2-32bit libsensors4 libsmartcols1 libsmbclient0 libsmbconf0 libsmbconf0-32bit
  libsmbldap2 libsmbldap2-32bit libsmi libsmi2 libsocks0 libsofia-sip-ua0 libsofia-sip-ua-glib3 libsoftokn3 libsoftokn3-hmac libsolv-tools libspandsp2 libspeechd2
  libsqlite3-0 libssh2-1 libssh4 libstorage-ng1 libstorage-ng-lang libstorage-ng-ruby libsvn_auth_kwallet-1-0 libsystemd0 libsystemd0-32bit libtasn1 libtasn1-6
  libtasn1-6-32bit libtevent-util0 libtevent-util0-32bit libtidyp-1_04-0 libtinyxml0 libtsan0 libturbojpeg0 libubsan0 libudev1 libudev1-32bit libuuid1 libuuid1-32bit
  libvdpau_nouveau libverto-devel libvpx4 libvulkan_intel libvulkan_radeon libwavpack1 libwbclient0 libwbclient0-32bit libwebkit2gtk3-lang libwebkit2gtk-4_0-37 libwnn0
  libwps-0_4-4 libXau-devel libXaw3d8 libxml2-2 libxml2-tools libxmlsec1-1 libxmlsec1-nss1 libxslt1 libxslt-tools libXvnc1 libyui-ncurses-pkg9 libyui-qt-pkg9 libz1
  libz1-32bit libzstd1 libzypp lsb lvm2 man-pages mariadb mariadb-client mariadb-errormessages master-boot-code mcelog mdadm Mesa Mesa-dri Mesa-gallium Mesa-libEGL1
  Mesa-libGL1 Mesa-libglapi0 Mesa-libGLESv2-2 Mesa-libva metamail MozillaFirefox MozillaFirefox-branding-openSUSE MozillaFirefox-translations-common mozilla-nspr
  mozilla-nss mozilla-nss-certs MozillaThunderbird MozillaThunderbird-translations-common mpt-status multipath-tools myspell-de myspell-de_DE myspell-dictionaries
  myspell-en myspell-en_US myspell-lightproof-en ncurses-utils netpbm NetworkManager-openvpn NetworkManager-openvpn-lang nfs-client nfs-kernel-server nscd ntp
  open-iscsi openldap2-client OpenPrintingPPDs openslp openssh openssh-askpass-gnome openssh-helpers openssl-1_1 openSUSE-release p11-kit p11-kit-tools PackageKit
  PackageKit-backend-zypp PackageKit-gstreamer-plugin PackageKit-gtk3-module PackageKit-lang pam pam-32bit parted parted-lang pciutils-ids perl perl-apparmor perl-base
  perl-Bootloader perl-TimeDate permissions php7 php7-ctype php7-dom php7-iconv php7-json php7-mysql php7-pdo php7-sqlite php7-tokenizer php7-xmlreader php7-xmlwriter
  pinentry pinentry-qt5 plasma5-pk-updates plasma5-pk-updates-lang plasma-framework plasma-framework-components plasma-framework-lang plymouth plymouth-dracut
  plymouth-plugin-label plymouth-plugin-label-ft plymouth-plugin-script plymouth-plugin-two-step plymouth-scripts polkit polkit-default-privs postfix ppp procinfo
  procmail procps python python2-cairo python2-cryptography python2-numpy python2-pyOpenSSL python2-rpm python3 python3-apparmor python3-base python3-bind python3-cairo
  python3-cryptography python3-curses python3-dbm python3-pyOpenSSL python3-requests python3-rpm python3-solv python3-speechd python3-urllib3 python-base python-curses
  python-rpm-macros python-solv python-xml quota rdma-core readline-doc renderproto-devel rpcbind rpm rsync rsyslog ruby2.5 ruby2.5-stdlib samba samba-client
  samba-client-32bit samba-libs samba-libs-32bit samba-libs-python3 samba-python3 samba-winbind samba-winbind-32bit scout sddm sddm-branding-openSUSE setserial shadow
  shim spectacle spectacle-lang speech-dispatcher speech-dispatcher-module-espeak subversion subversion-bash-completion subversion-doc sudo supportutils SUSEConnect
  suse-module-tools sysconfig sysconfig-netconfig systemd systemd-32bit systemd-bash-completion systemd-sysvinit system-user-root tack tcpdump tcsh tcsh-lang
  telepathy-accounts-signon telepathy-gabble telepathy-haze telepathy-rakia telnet terminfo terminfo-base terminfo-screen tigervnc timezone timezone-java tuned
  typelib-1_0-Gtk-3_0 typelib-1_0-IBus-1_0 typelib-1_0-PackageKitGlib-1_0 typelib-1_0-Polkit-1_0 ucode-amd ucode-intel udev util-linux util-linux-lang
  util-linux-systemd vim vim-data vim-data-common virt-what vlan webkit2gtk-4_0-injected-bundles wget wicked wicked-service wireless-regdb wpa_supplicant xdm-xsession
  xemacs-info xemacs-packages xemacs-packages-info xextproto-devel xf86vidmodeproto-devel xfsprogs xkeyboard-config xkeyboard-config-lang xorg-x11-Xvnc
  xorg-x11-Xvnc-module xz xz-lang yast2 yast2-add-on yast2-auth-client yast2-auth-server yast2-bootloader yast2-country yast2-country-data yast2-http-server
  yast2-installation yast2-iscsi-client yast2-logs yast2-network yast2-nfs-client yast2-nfs-common yast2-nfs-server yast2-ntp-client yast2-packager yast2-pkg-bindings
  yast2-proxy yast2-samba-client yast2-samba-server yast2-security yast2-services-manager yast2-storage-ng yast2-sudo yast2-support yast2-update yast2-users yast2-xml
  zsh zypper zypper-aptitude zypper-log zypper-migration-plugin zypper-needs-restarting

The following product is going to be reinstalled:
  "openSUSE Leap 15.1"

The following 7 packages require a system reboot:
  dbus-1 glibc kernel-firmware libopenssl1_0_0 libopenssl1_1 systemd udev

792 packages to downgrade, 3 new, 3 to remove.
Overall download size: 904.6 MiB. Already cached: 0 B. After the operation, 207.6 MiB will be freed.

    Note: System reboot required.
Continue? [y/n/v/...? shows all options] (y): n
ragger@wwwice:~>

That’s why I only updated ypserv (via YaST) for the time being. Is it better to do it to have a clean system?

Thanks - ragger65

#18

Pffff. This does not seem to be a straight 15.1 system. If so many packages are going to be downgraded, to which openSUSE vesrion do they belong now?

Can we have a look at what they are now. E.g. what is the version of aaa-base on your system. In my 15.1 it is

boven:~ # rpm -q aaa_base
aaa_base-84.87+git20180409.04c9dae-lp151.5.24.1.x86_64
boven:~ #

and I also see apcahe2 in that list

boven:~ # rpm -q apache2
apache2-2.4.33-lp151.8.9.1.x86_64
boven:~ #

I think we have to solve this first before anybody can say anything useful about a problem occuring in it.

#19

Yes, I was also surprised… But I don’t think I did anything strange. The system was originally Leap 42.3, I upgraded it via 15.0 to 15.1 (using the DVDs) and did all the updates since then.

For the versions of aaa-base and apache2, I get the same as you:

ragger@wwwice:~> rpm -q aaa_base
aaa_base-84.87+git20180409.04c9dae-lp151.5.24.1.x86_64
ragger@wwwice:~> rpm -q apache2
apache2-2.4.33-lp151.8.9.1.x86_64
ragger@wwwice:~>
#20

Hm, I probably make a mistake here. When we dup from the Main OSS repo, we get the versions as they were on version release. Thos we have now are from the Update repo. The problem is now how to be sure that there are no more left-overs as you had.

The solution is of course, first the

zypper dup --from repo-oss

en then

zypper up to get all the newest versions.

.

But hat would take some time and it would also switch the Kernel back and forward. Maybe not, the kernel is not in your list of what to downgrade.

Let us wait a bit if others have advice.