test

TCP/IP and Data Communications Administration Guide

Troubleshooting the DHCP Server

This section discusses problems you may have with your DHCP server.

When Using Files

Follow the instructions below if you have problems while using files as a name service.

Problem

You cannot access the /var/dhcp directory; it either does not exist or you do not have UNIX file permissions to read it.

Verification: Use the following command: 


ls -d /var/dhcp

Solution: The DHCP server hasn't yet been configured. Run dhcpconfig.

When Using NIS+

Follow the instructions below if you have problems while using NIS+ as a name service.

Problem

The root object does not exist in the NIS+ domain.

Verification: Enter the command: 


niscat -o org_dir

Solution: Refer to Solaris NIS+ setup documentation.

Problem

The root account does not have access rights to create a table under the org_dir object.

Verification: Enter the command:


niscat -o org_dir

Solution: Use the nischmod command to change the permissions on the table.org_dir.domainname.

Problem

The root account does not have access rights to create a table under the org_dir object. Usually, this means the root account's principal name is not a member of the owning group for the org_dir object, or no owning group exists.

Verification: Enter this command to find the owning group name: niscat -o org_dir

Solution:

  1. Enter nisgrpadm -l group to see the group members.

  2. If the current system's principal name is not in the group, enter: nisgrpadm -a group principalname to add it. Typically, the group is admin. If it is not, edit the dhcpconfig script and change the group to match the group name in use.

  3. Enter /usr/lib/nis/nisctl -fg to flush the cache for immediate update.

Problem

The domain name is unset.

Verification: Enter the command:


domainname

If the command lists an empty string, no domain name has been set for the domain.

Solution: Use the domainname command to set the proper domain name. Place the domain name value in the /etc/default domain.

Problem

The NIS_COLD_START file does not exist.

Verification: Enter the following command on the server system:


strings /var/nis/NIS_COLD_START

Solution: Create a NIS+ client. Refer to the Solaris NIS+ QuickStart documentation.

Problem

You choose NIS+ and the site is not running NIS+.

Verification: Log on to the server. Type in the command:


 ps -ef | grep nis

If NIS+ is running you will see output similar to: /usr/sbin/rpc.nisd -YB.

Solution: Create a NIS+ server:

  1. On the client, set up the NIS+ root master server for the domain. For example:


    /usr/lib/nis/nisserve -r

  2. Populate the NIS+ tables from the local /etc files. For example:


    nispopulate -F /etc

  3. On the server, verify that NIS+ is running. For example:


    /usr/lib/nis/nisstat
nisls org_dir  
niscat hosts.org_dir

Cannot Use NIS+ as Name Service

One or more of the following error messages are displayed:


!!! warning !!! trailing dot ignored - use dns domain name syntax


Error 20 from NIS+; unable to use NIS+ as name service.

These messages mean either that there is no such name in the NIS+ domain, or the NIS+ domain does not exist. Use the information below to find and solve errors in the configuration of NIS+.

Problem

The domain name for the server system ends with a period.

Verification: Enter the nisdefaults command to determine whether there are two trailing periods after the domain name.

Solution:

  1. Edit the /etc/defaultdomain file by removing the trailing period (.) from the domain name.

  2. Reboot your system, and rerun the dhcpconfig script.

Problem

A host name includes the domain name. For example, setting a host to myhost.Faxco.COM instead of myhost.

Verification: Enter the nisdefaults command to show a host name with the domain name included twice.

Solution:

  1. If your host name is set incorrectly, enter the sys-unconfig command to remove the configuration settings and halt the system.

  2. Reboot the system and supply the correct settings for host name and domain name.

Problem

The root account does not have create access to the org_dir object in the NIS+ domain.

Verification: Enter the command:


niscat -o org_dir

Solution: Use the nischmod command to change the permissions on the table.org_dir.domainname.

I/O Error Accessing File Name Service

The following error message is displayed:


File system I/O error number accessing file datastore.

If you receive this error message, look through the list of error messages below, which are returned by the operating system when it tries to open, read, or write a file in /var/dhcp.

Problem

The error number is 2 (ENOENT).

Verification: The file or directory does not exist.

Solution: Enter the dhcpconfig command to create it.

Problem

The error number is 13 (EACCES).

Verification: A UNIX permission error occurred accessing the file or directory.

Solution: Use the su command and change the UNIX permissions.

User Has no DES Credentials

Problem

The following error message is displayed:


The user user does not have DES credentials in the NIS+ name service.

Verification: The current system's root account does not have valid Data Encryption Standard (DES) credentials in the NIS+ cred table.

Solution: Use the nisaddcred command to add the credentials for the root account. You must enter the UNIX netname and NIS+ principal name on the command line.

The following example shows how to add DES credentials for the system mercury in the domain Faxco.COM. 

nisaddcred -p unix.mercury@Faxco.COM \
-P mercury.Faxco.COM. DES Faxco.COM

The command prompts for the root password (which is required to generate an encrypted secret key).

No Permission to Create Table in Data Store

The following error message is displayed:


You do not have permission to create the tablename table in the servicename data store.

If you have a problem creating tables in the data store, check the information below.

Problem

The root account does not have access rights to create a table under the org_dir object.

Verification: Usually, this means the root account's principal name is not a member of the owning group for the org_dir object, or no owning group exists.

Solution:

  1. Enter niscat -o org_dir to see the name of the owning group.

  2. Enter nisgrpadm -l admin to see the group members.

  3. If the current system's principal name is not in the group, enter nisgrpadm -a group principalname to add it.

  4. Enter /usr/lib/nis/nisctl -f g to flush the cache for immediate update.

Unable to Determine Name Servers

Solutions to problems in finding a name server during configuration of the DHCP server are listed below.

Problem

The dhcpconfig script could not match server names with IP addresses.

Verification: Find the IP address of the server by using the command getent hosts name.

Solution: Create the entries in the hosts database.

Problem

The dhcpconfig script is using the wrong name service for the server.

Verification: Look at the hosts entry in the /etc/nsswitch.conf file to see which name service is used to look up IP addresses (xfn, files, nis, nisplus, dns).

Solution: Change the hosts directive in the /etc/nsswitch.conf file to the correct name service. Stop and restart nscd.

Problem

The dhcpconfig script did not check the name service.

Verification: The name service preceding the [NOTFOUND=RETURN] directive in the /etc/nsswitch.conf file is authoritative. If the specified name service does not find an entry, any name services listed after this directive are not checked.

Solution: Remove the [NOTFOUND=RETURN] directive from the /etc/nsswitch.conf file and run the dhcpconfig script again. Stop and restart nscd.

Errors Trying to Set Up DHCP Table

One of the following error messages is displayed:


The user username does not have permission to update the dhcptab table in the servicename resource.


Error 10 from the Table subsystem accessing dhcptab table, message: NIS+ error while executing nis_modify_entry for [key=SUNW.PCNFS.5.1.1,flag=m],dhcptab.org_dir.island.ocean.: Permission denied Error trying to set up DHCP table, exiting.


Error 10 from the Table subsystem accessing dhcptab table, message: NIS+ error while executing nis_modify_entry for [key=SUNW.PCNFS.5.1.1,flag=m],dhcptab.org_dir.island.ocean.: Object with same name exists Error trying to set up DHCP table, exiting.

If you receive one of these error messages, check the information below for solutions to problems trying to set up DHCP tables during the configuration of the DHCP server.

Problem

You do not have access rights to add entries into DHCP tables from NIS+ or the UNIX file system.

Verification: Check permissions and set appropriate access rights for the DHCP table.

Solution: Make sure the administrator is a member of the appropriate administrative group and has write access to the NIS+ master server.

No Permission to Access dhcp_network Table

The following error message is displayed:


You do not have permission to create {update} the tablename table in the servicename data store.

If you receive this message, check the information below regarding a problem. Listed below are solutions to problems accessing the dhcp_network table during the configuration of the DHCP server.

Problem

You do not have access rights to add entries into the dhcp_network table from NIS+ or the UNIX file system.

Verification: Check permissions and set appropriate access rights for the dhcp_network table.

Solution: Make sure the administrator is a member of the appropriate administrative group and has write access to the NIS+ master server.