FNS Problems and Solutions
This section presents problem scenarios with a description of probable causes, diagnoses, and solutions.
See "FNS Error Messages" for general information about FNS error messages, and Appendix B, Error Messages.
Cannot Obtain Initial Context
Symptom:
You get the message Cannot obtain initial context.
Possible Cause:
This is caused by an installation problem.
Diagnosis:
Check that FNS has been installed properly by looking for the file, /usr/lib/fn/fn_ctx_initial.so.
Solution:
Install the fn_ctx_initial.so library.
Nothing in Initial Context
Symptom:
When you run fnlist to see what is in the initial context, you see nothing.
Possible Cause:
This is caused by an NIS+ configuration problem. The organization associated with the user and machine running the fn* commands do not have an associated ctx_dir directory.
Diagnosis:
Use the nisls command to see whether there is a ctx_dir directory.
Solution:
If there is no ctx_dir directory, run fncreate -t org/nis+_domain_name/ to create the ctx_dir directory.
"No Permission" Messages (FNS)
Symptom:
You get no permission messages.
Possible Cause:
"No permission" messages mean that you do not have access to perform the command.
Diagnosis:
Check permission using the appropriate NIS+ commands, described in "Advanced FNS and NIS+ Issues". Use the nisdefaults command to determine your NIS+ principal name.
Another area to check is whether you are using the right name. For example, org// names the context of the root organization. Make sure you have permission to manipulate the root organization. Or maybe you meant to specify myorgunit/, instead.
Solution:
If you do have permission, then the appropriate credentials probably have not been acquired.
This could be caused by the following:
-
A keylogin has not been performed (defaults to NIS+ principal "nobody")
-
A keylogin was made to a source other than NIS+
Check that the /etc/nsswitch.conf file has a publickey: nisplus entry. This might manifest itself as an authentication error.
fnlist Does not List Suborganizations
Symptom:
You run fnlist with an organization name, expecting to see suborganizations, but instead see nothing.
Possible Cause:
This is caused by an NIS+ configuration problem. Suborganizations must be NIS+ domains. By definition, an NIS+ domain must have a subdirectory named org_dir.
Diagnosis:
Use the nisls command to see what subdirectories exist. Run nisls on each subdirectory to verify which subdirectories have an org_dir. The subdirectories with an org_dir are suborganizations.
Solution:
Not applicable.
Cannot Create Host- or User-related Contexts
Symptom:
When you run fncreate -t for the user, username, host, or hostname contexts, nothing happens.
Possible Cause:
You have not set the NIS_GROUP environment variable. When you create a user or host context it is owned by the host or user, and not by the administrator who set up the namespace. Therefore, fncreate requires that the NIS_GROUP variable be set to enable the administrators who are part of that group to subsequently manipulate the contexts.
Diagnosis:
Check the NIS_GROUP environment variable.
Solution:
The NIS_GROUP environment variable should be set to the group name of the administrators who will administer the contexts.
Cannot Remove a Context You Created
Symptom:
When you run fndestroy on the host or user context the context is not removed.
Possible Cause:
You do not own the host or user context. When you create a user or host context it is owned by the host or user, and not by the administrator who set up the namespace.
Diagnosis:
Check the NIS_GROUP environment variable.
Solution:
The NIS_GROUP environment variable needs to be set to the group name of the administrator who will administer the contexts.
Name in Use with fnunbind
Symptom:
You get "name in use" when trying to remove bindings. It works for certain names but not for others.
Possible Cause:
You cannot unbind the name of a context. This restriction is in place to avoid leaving behind contexts that have no name ("orphaned contexts").
Diagnosis:
Run the fnlist command on the name to verify that it is a context.
Solution:
If the name is a context, use the fndestroy command to destroy the context.
Name in Use with fnbind/fncreate -s
Symptom:
You use the -s option with fnbind and fncreate, but for certain names you get "name in use."
Possible Cause:
fnbind -s and fncreate -soverwrite the existing binding if it already exists; but if the old binding is one that must be kept to avoid orphaned contexts, the operation fails with a "name in use" error because the binding could not be removed. This is done to avoid orphaned contexts.
Diagnosis:
Run the fnlist command on the name to verify that it is a context.
Solution:
Run the fndestroy command to remove the context before running fnbind or fncreate on the same name.
fndestroy/fnunbind Does Not Return Operation Failed
Symptom:
When you do an fndestroy or fnunbind on certain names that you know do not exist, you receive no indication that the operation failed.
Possible Cause:
The operation did not fail. The semantics of fndestroy and fnunbind are that if the terminal name is not bound, the operation returns success.
Diagnosis:
Run the fnlookup command on the name. You should receive the message, "name not found."
Solution:
Not applicable.
- © 2010, Oracle Corporation and/or its affiliates