System Administration Guide: IP Services

NIS+ Access Problems

NIS+ access problems might cause error messages about incorrect DES credentials, or inadequate permissions to update NIS+ objects or tables. Use the following table to determine the cause of NIS+ errors you receive.

Table 11–2 NIS+ Access Problems

Possible Problem 

Gather Information 


The DHCP server system does not have create access to the org_dir object in the NIS+ domain.

Enter the following command:  

nisls -ld org_dir

The access rights are listed in the form r---rmcdrmcdr---, where the permissions apply respectively to nobody, owner, group, and world. The owner of the object is listed next.

Use the nischmod command to change the permissions for org_dir.

For example, to add create access to the group, type the following command:  

nischmod g+c org_dir


Normally the org_dir directory object provides full (read, modify, create, and destroy) rights to both the owner and the group, while providing only read access to the world and nobody classes.

See the nischmod(1) man page for more information.


The DHCP server name must either be listed as the owner of the org_dir object, or be listed as a principal in the group, and that group must have create access. List the group with the command:

nisls -ldg org_dir


The DHCP server does not have access rights to create a table under the org_dir object.

Usually, this means the server system's principal name is not a member of the owning group for the org_dir object, or no owning group exists.

Enter this command to find the owning group name:  

niscat -o org_dir

Look for a line similar to  

Group : ""

List the principal names in the group using the command:  

nisgrpadm -l groupname

Add the server system's name to the group using the nisgrpadm command.

For example, to add the server name pacific to the group, type the following command:

nisgrpadm -a


For example: 

nisgrpadm -l

The server system's name should be listed as an explicit member of the group or included as an implicit member of the group. 

See the nisgrpadm(1) man page for more information.

The DHCP server does not have valid Data Encryption Standard (DES) credentials in the NIS+ cred table.

If this is the problem, an error message states that the user does not have DES credentials in the NIS+ name service. 

Use the nisaddcred command to add security credentials for the DHCP server system.

The following example shows how to add DES credentials for the system mercury in the domain


nisaddcred -p \ -P DES


The command prompts for the root password (which is required to generate an encrypted secret key).  

See the nisaddcred(1M) man page for more information.