|
|||
1. Solaris TCPIP Protocol Suite (Overview) 2. Planning an IPv4 Addressing Scheme (Tasks 3. Planning an IPv6 Addressing Scheme (Overview) 4. Planning an IPv6 Network (Tasks) 5. Configuring TCP/IP Network Services and IPv4 Addressing (Tasks) 6. Administering Network Interfaces (Tasks) 7. Enabling IPv6 on a Network (Tasks) 8. Administering a TCP/IP Network (Tasks) 9. Troubleshooting Network Problems (Tasks) 10. TCP/IP and IPv4 in Depth (Reference) 12. About Solaris DHCP (Overview) 13. Planning for DHCP Service (Tasks) 14. Configuring the DHCP Service (Tasks) 15. Administering DHCP (Tasks) 16. Configuring and Administering DHCP Clients 17. Troubleshooting DHCP (Reference) Troubleshooting DHCP Client Configuration Problems 18. DHCP Commands and Files (Reference) 19. IP Security Architecture (Overview) 21. IP Security Architecture (Reference) 22. Internet Key Exchange (Overview) 24. Internet Key Exchange (Reference) 25. Solaris IP Filter (Overview) 28. Administering Mobile IP (Tasks) 29. Mobile IP Files and Commands (Reference) 30. Introducing IPMP (Overview) 31. Administering IPMP (Tasks) Part VI IP Quality of Service (IPQoS) 32. Introducing IPQoS (Overview) 33. Planning for an IPQoS-Enabled Network (Tasks) 34. Creating the IPQoS Configuration File (Tasks) 35. Starting and Maintaining IPQoS (Tasks) 36. Using Flow Accounting and Statistics Gathering (Tasks) |
Troubleshooting DHCP Server ProblemsThe problems that you might encounter when you configure the server fall into the following categories: NIS+ Problems and the DHCP Data StoreIf you use NIS+ as the DHCP data store, problems that you might encounter can be categorized as follows: Cannot Select NIS+ as the DHCP Data StoreIf you try to use NIS+ as your data store, DHCP Manager might not offer NIS+ as a choice for the data store. If you use the dhcpconfig command, you might see a message stating that NIS+ does not appear to be installed and running. Both these symptoms mean that NIS+ has not been configured for this server, although NIS+ might be in use on the network. Before you can select NIS+ as a data store, the server system must be configured as an NIS+ client. Before you set up the DHCP server system as an NIS+ client, the following statements must be true:
Setting Up NIS+ Client Machines in System Administration Guide: Naming and Directory Services (NIS+) provides detailed information about configuring an NIS+ client. NIS+ Is Not Adequately Configured for DHCP Data StoreAfter you successfully use NIS+ with DHCP, you might encounter errors if changes are made to NIS+. The changes could introduce configuration problems. Use the following explanations of problems and solutions to help you determine the cause of configuration problems. Problem: Root object does not exist in the NIS+ domain. Solution: Type the following command: /usr/lib/nis/nisstat This command displays statistics for the domain. If the root object does not exist, no statistics are returned. Set up the NIS+ domain using the System Administration Guide: Naming and Directory Services (NIS+). Problem: NIS+ is not used for passwd and publickey information. Solution: Type the following command to view the configuration file for the name service switch: cat /etc/nsswitch.conf Check the passwd and publickey entries for the “nisplus” keyword. Refer to the System Administration Guide: Naming and Directory Services (NIS+) for information about configuring the name service switch. Problem: The domain name is empty. Solution: Type the following command: domainname If the command lists an empty string, no domain name has been set for the domain. Use local files for your data store, or set up an NIS+ domain for your network. Refer to the System Administration Guide: Naming and Directory Services (NIS+). Problem: The NIS_COLD_START file does not exist. Solution: Type the following command on the server system to determine if the file exists: cat /var/nis/NIS_COLD_START Use local files for your data store, or create an NIS+ client. Refer to the System Administration Guide: Naming and Directory Services (NIS+). NIS+ Access Problems for the DHCP Data StoreNIS+ access problems might cause error messages about incorrect DES credentials, or inadequate permissions to update NIS+ objects or tables. Use the following explanations of problems and solutions to determine the cause of NIS+ access errors you receive. Problem: The DHCP server system does not have create access to the org_dir object in the NIS+ domain. Solution: Type the following command: nisls -ld org_dir The access rights are listed in the form r---rmcdrmcdr---, where the permissions apply respectively to nobody, owner, group, and world. The owner of the object is listed next. Normally, the org_dir directory object provides full rights to both the owner and the group. Full rights consist of read, modify, create, and destroy. The org_dir directory object provides only read access to the world and nobody classes. The DHCP server name must either be listed as the owner of the org_dir object, or be listed as a principal in the group. The group must have create access. List the group with the command: nisls -ldg org_dir Use the nischmod command to change the permissions for org_dir if necessary. For example, to add create access to the group, you would type the following command: nischmod g+c org_dir See the nischmod(1) man page for more information. Problem: The DHCP server does not have access rights to create a table under the org_dir object. Usually, this problem means the server system's principal name is not a member of the owning group for the org_dir object, or no owning group exists. Solution: Type this command to find the owning group name: niscat -o org_dir Look for a line that is similar to: Group : "admin.example.com." List the principal names in the group using the command: nisgrpadm -l groupname For example, this command lists the principal names of the group admin.example.com: nisgrpadm -l admin.example.com The server system's name should be listed as an explicit member of the group or included as an implicit member of the group. If necessary, add the server system's name to the group using the nisgrpadm command. For example, to add the server name pacific to the group admin.example.com, you would type the following command: nisgrpadm -a admin.example.com pacific.example.com See the nisgrpadm(1) man page for more information. Problem: The DHCP server does not have valid Data Encryption Standard (DES) credentials in the NIS+ cred table. Solution: If there is a credential problem, an error message states that the user does not have DES credentials in the NIS+ name service. Use the nisaddcred command to add security credentials for the DHCP server system. The following example shows how to add DES credentials for the system mercury in the domain example.com: nisaddcred -p [email protected] \ -P mercury.example.com. DES example.com. The command prompts for the root password, which is required to generate an encrypted secret key. See the nisaddcred(1M) man page for more information. IP Address Allocation Errors in DHCPWhen a client attempts to obtain or verify an IP address, you might see problems logged to syslog or in server debugging mode output. The following list of common error messages indicates the possible causes and solutions. There is no n.n.n.n dhcp-network table for DHCP client's network Cause:A client is requesting a specific IP address or seeking to extend a lease on its current IP address. The DHCP server cannot find the DHCP network table for that address. Solution:The DHCP network table might have been deleted mistakenly. You can recreate the network table by adding the network again using DHCP Manager or the dhcpconfig command. ICMP ECHO reply to OFFER candidate: n.n.n.n, disabling Cause:The IP address considered for offering to a DHCP client is already in use. This problem might occur if more than one DHCP server owns the address. The problem might also occur if an address was manually configured for a non-DHCP network client. Solution:Determine the proper ownership of the address. Correct either the DHCP server database or the host's network configuration. ICMP ECHO reply to OFFER candidate: n.n.n.n. No corresponding dhcp network record. Cause:The IP address considered for offering to a DHCP client does not have a record in a network table. This error indicates that the IP address record was deleted from the DHCP network table after the address was selected. This error can only happen in the brief period before the duplicate address check is completed. Solution:Use DHCP Manager or the pntadm command to view the DHCP network table. If the IP address is missing, create the address with DHCP Manager by choosing Create from the Edit menu on the Address tab. You can also use pntadm to create the IP address. DHCP network record for n.n.n.nis unavailable, ignoring request. Cause:The record for the requested IP address is not in the DHCP network table, so the server is dropping the request. Solution:Use DHCP Manager or the pntadm command to view the DHCP network table. If the IP address is missing, create the address with DHCP Manager by choosing Create from the Edit menu on the Address tab. You can also use pntadm to create the address. n.n.n.n currently marked as unusable. Cause:The requested IP address cannot be offered because the address has been marked in the network table as unusable. Solution:You can use DHCP Manager or the pntadm command to make the address usable. n.n.n.n was manually allocated. No dynamic address will be allocated. Cause:The client ID has been assigned a manually allocated address, and that address is marked as unusable. The server cannot allocate a different address to this client. Solution:You can use DHCP Manager or the pntadm command to make the address usable, or manually allocate a different address to the client. Manual allocation (n.n.n.n, client ID) has n other records. Should have 0. Cause:The client that has the specified client ID has been manually assigned more than one IP address. A client should be assigned only one address. The server selects the last manually assigned address that is found in the network table. Solution:Use DHCP Manager or the pntadm command to modify IP addresses to remove the additional manual allocations. No more IP addresses on n.n.n.nnetwork. Cause:All IP addresses currently managed by DHCP on the specified network have been allocated. Solution:Use DHCP Manager or the pntadm command to create new IP addresses for this network. Client: clientid lease on n.n.n.n expired. Cause:The lease was not negotiable and timed out. Solution:The client should automatically restart the protocol to obtain a new lease. Offer expired for client: n.n.n.n Cause:The server made an IP address offer to the client, but the client took too long to respond and the offer expired. Solution:The client should automatically issue another discover message. If this message also times out, increase the cache offer time out for the DHCP server. In DHCP Manager, choose Modify from the Service menu. Client: clientid REQUEST is missing requested IP option. Cause:The client's request did not specify the offered IP address, so the DHCP server ignored the request. This problem might occur if you use a third-party DHCP client that is not compliant with the updated DHCP protocol, RFC 2131. Solution:Update the client software. Client: clientid is trying to renew n.n.n.n, an IP address it has not leased. Cause:The IP address for this client in the DHCP network table does not match the IP address that the client specified in its renewal request. The DHCP server does not renew the lease. This problem might occur if you delete a client's record while the client is still using the IP address. Solution:Use DHCP Manager or the pntadm command to examine the network table, and correct the client's record, if necessary. The client ID should be bound to the specified IP address. If the client ID is not bound, edit the address properties to add the client ID. Client: clientid is trying to verify unrecorded address: n.n.n.n, ignored. Cause:The specified client has not been registered in the DHCP network table with this address, so the request is ignored by this DHCP server. Another DHCP server on the network might have assigned this client the address. However, you might also have deleted the client's record while the client was still using the IP address. Solution:Use DHCP Manager or the pntadm command to examine the network table on this server and any other DHCP servers on the network. Make corrections, if necessary. You can also do nothing and allow the lease to expire. The client automatically requests a new address lease. If you want the client to get a new lease immediately, restart the DHCP protocol on the client by typing the following commands: ifconfig interface dhcp release ifconfig interface dhcp start |
||
|