NIS+ Problems
If you decide to use NIS+ as the DHCP data store, problems you might encounter can be categorized as follows:
-
Cannot select NIS+ as a data store
-
NIS+ is not adequately configured
-
NIS+ access problems due to insufficient permissions and credentials
Cannot Select NIS+ as a Data Store
If you try to use NIS+ as your data store, you might find that DHCP Manager does not offer it as a choice for data store, or dhcpconfig returns a message saying NIS+ does not appear to be installed and running. This means that NIS+ has not been configured for this server, although NIS+ might be in use on the network. Before you can select NIS+ as a data store, the server machine must be configured as an NIS+ client.
Before you set up the server as an NIS+ client the domain must have already been configured and its master server must be running. The master server of the domain's tables should be populated, and the hosts table must have an entry for the new client machine (the DHCP server machine). "Configuring NIS+ Clients" in Solaris Naming Setup and Configuration Guide provides detailed information about configuring an NIS+ client.
NIS+ Not Adequately Configured
After you are successfully using NIS+ with DHCP, you might encounter errors if changes are made to NIS+ at a later point, introducing configuration problems. Use the following table to help you determine the cause of configuration problems.
Table 12-1 NIS+ Configuration Problems|
Possible problem |
To determine if this is the problem... |
What to do if this is the problem... |
|---|---|---|
|
Root object does not exist in the NIS+ domain. |
Enter the command /usr/lib/nis/nisstat This command displays statistics for the domain. If the root object does not exist, no statistics are returned. |
Set up the NIS+ domain using the Solaris Naming Setup and Configuration Guide. |
|
NIS+ is not used for passwd and publickey information. |
Enter this command to view the name service switch configuration file. cat /etc/nsswitch.conf Check the passwd and publickey entries for the "nisplus" keyword. |
Refer to the Solaris Naming Setup and Configuration Guide for information about configuring the name service switch. |
|
The domain name is empty. |
Enter the command: domainname If the command lists an empty string, no domain name has been set for the domain. |
Use local files for your data store, or set up an NIS+ domain for your network. Refer to Solaris Naming Setup and Configuration Guide. |
|
The NIS_COLD_START file does not exist. |
Enter the following command on the server system to determine if the file exists: cat /var/nis/NIS_COLD_START |
Use local files for your data store, or create an NIS+ client. Refer to Solaris Naming Setup and Configuration Guide. |
NIS+ Access Problems
NIS+ access problems might cause you to receive error messages about incorrect DES credentials, or inadequate permissions to update NIS+ objects or tables. Use the following table to determine the cause of NIS+ errors you receive.
Table 12-2 NIS+ Access Problems|
Possible problem |
To determine if this is the problem... |
What to do if this is the problem... |
|---|---|---|
|
The DHCP server machine does not have create access to the org_dir object in the NIS+ domain. |
Enter the command nisls -ld org_dir The access rights are listed in the form r---rmcdrmcdr---, where the permissions apply respectively to nobody, owner, group, and world. The owner of the object is listed next. |
Use the nischmod command to change the permissions for org_dir. For example, to add create access to the group, type nischmod g+c org_dir |
|
Normally the org_dir directory object provides full (read, modify, create, and destroy) rights to both the owner and the group, while providing only read access to the world and nobody classes. |
See the nischmod(1) man page for more information. |
|
|
The DHCP server name must either be listed as the owner of the org_dir object, or be listed as a principal in the group, and that group must have create access. List the group with the command: nisls -ldg org_dir | ||
|
The DHCP server does not have access rights to create a table under the org_dir object. Usually, this means the server machine's principal name is not a member of the owning group for the org_dir object, or no owning group exists. |
Enter this command to find the owning group name: niscat -o org_dir Look for a line similar to Group : "admin.myco.com." List the principal names in the group using the command: nisgrpadm -l groupname |
Add the server machine's name to the group using the nisgrpadm command. For example, to add the server name pacific to the group admin.myco.com, type the following: nisgrpadm -a admin.myco.com pacific.myco.com |
|
For example, nisgrpadm -l admin.myco.com The server machine's name should be listed as an explicit member of the group or included as an implicit member of the group. |
See the nisgrpadm(1) man page for more information. |
|
|
The DHCP server does not have valid Data Encryption Standard (DES) credentials in the NIS+ cred table. |
If this is the problem, an error message states that the user does not have DES credentials in the NIS+ name service. |
Use the nisaddcred command to add security credentials for the DHCP server machine. The following example shows how to add DES credentials for the system mercury in the domain Faxco.COM: |
|
nisaddcred -p unix.mercury@Faxco.COM \ -P mercury.Faxco.COM. DES Faxco.COM. |
||
|
The command prompts for the root password (which is required to generate an encrypted secret key). See the nisaddcred(1M) man page for more information. |
- © 2010, Oracle Corporation and/or its affiliates