18.1 DHCP

18.1.1 The dhcpd server Fails to Start and Reports an Unknown Key Error

When you start the dhcpd process on the terminal, an error is reported that contains the following text:

unknown key <key_name>

Here key_name is the TSIG key that is  defined in java console.

This error is received because the TSIG key with the same name is associated with different services. To avoid this error, you must associate a different key with each service and ensure that the keyname is also unique for each service.For example, assume that there are two services in Java Console named "Employee" and "Students". Both these services have their own pools, subnets, and one TSIG key associated with each service. If the TSIG keyname is same across both the services, the DHCP server might fail to start. To avoid this error, ensure that the keyname is different for both these services.

Figure 18-1 Unique keyname for services

18.1.2 DHCP Pools Run Out of Available IP Addresses in Subnets With PXE Clients

In a network with PXE clients, the embedded PXE client on the Network Interface Card (NIC) of a system leases an IP address from the DHCP server during the PXE client startup. After the PXE client preboot process is completed, the leased IP address is no longer required but is not released. The IP address is released only after the lease time expires. When the operating system is loaded, the DHCP client of the operating system will also send a DHCP request with the same client hardware address, but a different client identifier.

Since the client identifier of the operating system's DHCP client and the PXE client are different, dhcpd will lease two different IP addresses to the same device. To facilitate the release of the IP address leased to the PXE client, you must reduce the default lease time for the IP addresses allocated to PXE clients during preboot.

  1. Create a class. For more information, see Section 7.1.9, Class Management.

  2. Select the newly created class to modify it. In the Conditional Expression field, add the following string:

    match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
    default-lease-time 240;
    max-lease-time 300;
    

    This will set the default lease time to 4 minutes and maximum lease time to 5 minutes. You must ensure that you set the default-lease-time and max-lease-time to a small value to facilitate the release of the IP address.

18.1.3 DHCP Server Fails to Start After Upgrade to OES 11 SP3

After an upgrade to OES 11 SP3, the DHCP server may fail to start if the value of the DHCPD_INTERFACE variable gets updated to eth-id<mac address> format. The following error message is displayed in this case:

No subnet declaration for eth-id-<mac address>

To start the DHCP server, modify the value of the DHCPD_INTERFACE in the /etc/sysconfig/dhcpd file to an interface name such as eth0 or eth1.

18.1.4 DHCP Server Fails to Load and Records a “Cannot find host LDAP entry DHCP” Error in the Log File

Cause: The DHCP Server and DHCP Service objects do not exist.

Action: Use Java Console to create the DHCP Server and DHCP Service object.

Cause: The DHCP server and DHCP Service have been created but the association between both of these objects is not set.

Action: Set the DHCP server and DHCP Service association.

18.1.5 Installing an OES Server Inside a Container With a Separate Partition on an Existing Tree That Already has DHCP Server Installed on it Results in a Constraint Violation Error.

Cause: The Locator object contains a reference to the DHCP servers installed on the eDirectory tree. Information for the newly installed DHCP Server is added to the Locator object. Because of the delay in synchronizing the replica, the Locator object does not find the newly installed DHCP server object inside its own replica.

Action: To resolve this problem, perform one of the following actions:

  • Delete the replica and reinstall the DHCP server.

  • While configuring the newly installed DHCP server, provide the IP address of the OES machine where eDirectory is installed.

18.1.6 The dhcpd.log file is Empty

Cause: The dhcpd.log file was probably deleted and the file you see now is the new file.

Action: Execute the rcsyslog restart command

Cause: The syslog-ng.conf file has been modified

Action: Check the /etc/syslog-ng/syslog-ng.conf file for the following lines:

filter f_dhcpd {facility(daemon) and match('^dhcpd:');};
destination dhcpmessages {file(var/log/dhcpd.log);};
log {source(src); filter(f_dhcpd); destination(dhcpmessages);};

Action: If you want to log only to the /var/log/dhcpd.log file, then edit syslog-ng.conf files

Restart the syslog daemon by using the rcsyslog restart command.

18.1.7 The DHCP Server Failed to Start

Cause: The DHCP server might have been blocked by the AppArmor process.

Action: Run AppArmor in complain mode to see if DHCP server has been blocked. For details on running AppArmor in complain mode, see the Novell AppArmor Administration Guide

Cause: No credentials are set in CASA

Action: Verify the credentials set in CASA by using the CASAcli -l command in the console. If no information is displayed, then set the CASA credentials by using the following command:

KEYVALUE=<DN of runtime user> CASAcli -s -n dhcp-ldap -k CN

KEYVALUE=<password of runtime user> CASAcli -s -n dhcp-ldap -k Password

Action: Verify the credentials set in CASA by using the CASAcli -l command. If dhcp-ldap information is displayed, stop the CASA daemon by using the following command:

rcmicasad stop

Store the username and password details in the /etc/dhcpd.conf file.

For example,

ldap-username "cn=runtimeuser,o=novell";
ldap-password "novell";

Cause: Wrong credentials are set in CASA

Action: Reset the CASA credentials by using the CASAcli tool.

To retrieve the password, run the following commands:

DNS: /opt/novell/named/bin/dns_retrieve_proxy_cred PassWord <file_name>

DHCP: /opt/novell/dhcp/bin/dhcp_retrieve_proxy_cred PassWord <file_name>

NOTE:The retrieved password is stored in the file that you specify.

Cause: DHCP fails to start and throws an error “No subnet declaration for ethx”. Subnet declaration for the interface to which DHCP listens is missing in the configuration.

Action: Declare the same subnet as the DHCP listening interface.

Example 18-1 Example:

If DHCP is listening on the eth0 interface 192.168.1.1, then declare a subnet for 192.168.1.0.

NOTE:If you decide not to manage this subnet by this DHCP server, leave the subnet declaration empty i.e, do not create any pools within this subnet.

18.1.8 The DHCP Server Displays Unknown Error on the Console

Cause: The details for user (- user) and group (-group) passed as command line arguments do not exist on the local machine.

Action: In the /etc/sysconfig/dhcpd file, set the value of DHCPD_RUN_AS as the local system user.

For example, DHCPD_RUN_AS=<user>.

The <user> parameter corresponds to the local system user. You can create a local system user using the Security and Users> User Management option in YaST.

18.1.9 Permission Denied to DHCP Server

Cause: The DHCP server might have been blocked by the AppArmor process.

Action: Run AppArmor in complain mode to see if DHCP server has been blocked. For details on running AppArmor in complain mode, see the Novell AppArmor Administration Guide

18.1.10 DHCP Server Displays “Cannot Create New Lease File: Permission Denied” or “/usr/sbin/dhcpd: U<89>Ã¥S<83>ì^T<8b>E^Lèhûúÿ<81>Ã9^[^C: Unknown error 3218701597"

Cause: Permission to /var/run/novell-lum/.nam_nss_sock is not granted to DHCP or nscd in the Apparmor profile.

Action: Edit the Apparmor profile of the DHCP server and include /var/run/novell-lum/.nam_nss_sock with read and write permissions.

18.1.11 segfault dhcpd - You get an error “dhcpd: Can't create new lease file: Permission denied” and “dhcpd[8249]: segfault at 0000000000000000 rip 00002abbf999db7f rsp 00007fffb18ea5e0 error 4”

Cause: The db directory might not be owned by the user that is used in /etc/sysconfig/dhcpd in the parameter DHCPD_RUN_AS="dhcpd".

Action: Verify that there is a dhcpd user. For details on resolution see TID 7001158