NIS+ access problems might cause error messages about incorrect DES credentials, or inadequate permissions to update NIS+ objects or tables. Use the following table to determine the cause of NIS+ errors you receive.
Table 11–2 NIS+ Access Problems
Possible Problem |
Gather Information |
Solution |
---|---|---|
The DHCP server system does not have create access to the org_dir object in the NIS+ domain. |
Enter the following command: nisls -ld org_dir The access rights are listed in the form r---rmcdrmcdr---, where the permissions apply respectively to nobody, owner, group, and world. The owner of the object is listed next. |
Use the nischmod command to change the permissions for org_dir. For example, to add create access to the group, type the following command: nischmod g+c org_dir |
Normally the org_dir directory object provides full (read, modify, create, and destroy) rights to both the owner and the group, while providing only read access to the world and nobody classes. |
See the nischmod(1) man page for more information. |
|
The DHCP server name must either be listed as the owner of the org_dir object, or be listed as a principal in the group, and that group must have create access. List the group with the command: nisls -ldg org_dir | ||
The DHCP server does not have access rights to create a table under the org_dir object. Usually, this means the server system's principal name is not a member of the owning group for the org_dir object, or no owning group exists. |
Enter this command to find the owning group name: niscat -o org_dir Look for a line similar to Group : "admin.example.com." List the principal names in the group using the command: nisgrpadm -l groupname |
Add the server system's name to the group using the nisgrpadm command. For example, to add the server name pacific to the group admin.example.com, type the following command: nisgrpadm -a admin.example.com pacific.example.com |
For example: nisgrpadm -l admin.example.com The server system's name should be listed as an explicit member of the group or included as an implicit member of the group. |
See the nisgrpadm(1) man page for more information. |
|
The DHCP server does not have valid Data Encryption Standard (DES) credentials in the NIS+ cred table. |
If this is the problem, an error message states that the user does not have DES credentials in the NIS+ name service. |
Use the nisaddcred command to add security credentials for the DHCP server system. The following example shows how to add DES credentials for the system mercury in the domain example.com: |
nisaddcred -p unix.mercury@example.com \ -P mercury.example.com. DES example.com. |
||
The command prompts for the root password (which is required to generate an encrypted secret key). See the nisaddcred(1M) man page for more information. |