NIS+ Access Problems for the DHCP <meta http-equiv="refresh" content="0;url='http://www.oracle.com/pls/topic/lookup?ctx=solaris11'"> Data Store (System Administration Guide: IP Services)

System Administration Guide: IP Services

NIS+ Access Problems for the DHCP Data Store

NIS+ access problems might cause error messages about incorrect DES credentials, or inadequate permissions to update NIS+ objects or tables. Use the following explanations of problems and solutions to determine the cause of NIS+ access errors you receive.

Problem:

The DHCP server system does not have create access to the org_dir object in the NIS+ domain.

Solution:

Type the following command:

nisls -ld org_dir

The access rights are listed in the form r---rmcdrmcdr---, where the permissions apply respectively to nobody, owner, group, and world. The owner of the object is listed next.

Normally, the org_dir directory object provides full rights to both the owner and the group. Full rights consist of read, modify, create, and destroy. The org_dir directory object provides only read access to the world and nobody classes.

The DHCP server name must either be listed as the owner of the org_dir object, or be listed as a principal in the group. The group must have create access. List the group with the command:

nisls -ldg org_dir

Use the nischmod command to change the permissions for org_dir if necessary. For example, to add create access to the group, you would type the following command:

nischmod g+c org_dir

See the nischmod(1) man page for more information.

Problem:

The DHCP server does not have access rights to create a table under the org_dir object.

Usually, this problem means the server system's principal name is not a member of the owning group for the org_dir object, or no owning group exists.

Solution:

Type this command to find the owning group name:

niscat -o org_dir

Look for a line that is similar to:

Group : "admin.example.com."

List the principal names in the group using the command:

nisgrpadm -l groupname

For example, this command lists the principal names of the group admin.example.com:

nisgrpadm -l admin.example.com

The server system's name should be listed as an explicit member of the group or included as an implicit member of the group. If necessary, add the server system's name to the group using the nisgrpadm command.

For example, to add the server name pacific to the group admin.example.com, you would type the following command:

nisgrpadm -a admin.example.com pacific.example.com

See the nisgrpadm(1) man page for more information.

Problem:

The DHCP server does not have valid Data Encryption Standard (DES) credentials in the NIS+ cred table.

Solution:

If there is a credential problem, an error message states that the user does not have DES credentials in the NIS+ name service.

Use the nisaddcred command to add security credentials for the DHCP server system.

The following example shows how to add DES credentials for the system mercury in the domain example.com:

nisaddcred -p unix.mercury@example.com \
-P mercury.example.com. DES example.com.

The command prompts for the root password, which is required to generate an encrypted secret key.

See the nisaddcred(1M) man page for more information.