OES2 Novell DHCP server stops handing out addresses after an hour.

  • Document ID:7001158
  • Creation Date:14-Aug-2008
  • Modified Date:16-Dec-2013
    • Micro Focus Products:
      Open Enterprise Server

Environment

Novell Open Enterprise Server 2 (OES 2)
Novell DHCP

Situation

The novell-dhcp daemon will load and function properly for an hour and then stop handing out addresses.

At the console as root an “rcnovell-dhcp restart” command reloads the daemon and it works for another hour.

In the /var/log/dhcpd.log file right before it stops there is an error message: dhcpd: "Can't create new lease file: Permission denied"

When the novell-dhcp daemon first loads it uses the root user to interact with and/or create configuration and log files.

An hour later when the maintenance process works with the /var/lib/dhcp/db/dhcp-leases file the novell-dhcp daemon uses the dhcpd user.  The owner of the file is now the dhcpd user.  This is a LUM enabled user with rights to the volume or folder where the dhcp-leases file exists. (By Default: /var/lib/dhcp/db)

If this user does not exist, or is not LUM enabled, or does not have rights, the maintenance process will fail and future IP address will not be handed out.


The maintenance process keeps /var/lib/dhcp/db/dhcp-leases from growing out of control.

Resolution

Verify that there is a dhcpd user.
/usr/bin/getent passwd

If there isn't a dhcpd user, then create one using useradd.
useradd dhcpd

Verify that the user is a member of a LUM enabled group.  The default is the DHCPGroup.
/usr/bin/getent group | grep dhcpd
Hint: If the dhcpd user does not belong to the DHCPGroup or another LUM enabled group use iManager > Linux User Management > Enable Users for Linux... to LUM enable the dhcpd user or the group that it belongs to.

Verify that the user has rights to the directory where the dhcp-leases file resides. (Default is: /var/lib/dhcp/db)
Hint: chmod 777 /var/lib/dhcp/db  (This will make it so that everyone has rights to modify this file and allother files in this directory.  If this test works, then you know it was a rights issue and rather than allowing everyone rights you can go back and limit the rights using the chmod command and test again.)

If the dhcp-leases file is stored on an NSS volume, verify that it has been enabled for hard link support.
In ncsscon
nss /ZLSSUpgradeCurrentVolumeMediaFormat=VolName
nss /hardlinks=VolName

These steps will ensure that the dhcpd user and volume are configured so that the novell-dhcp daemon can maintain the dhcp-leases file and continue handing out addresses.

Additional Information

Make sure that apparmor is not blocking the dhcpd user.

To see if apparmor is blocking the dhcpd user you can run apparmor in complain mode.  See he Novell AppArmor Administration Guide:
https://www.novell.com/documentation/apparmor/book_apparmor21_admin/?page=/documentation/apparmor/book_apparmor21_admin/data/book_apparmor_admin.html

Another test would be to simply disable / unload apparmor like this:
:This will unload apparmor if it is currently loaded
/etc/init.d/boot.apparmor stop <enter>l

: This will show if apparmor is configured to load on boot
chkconfig -A | grep -i app <enter>

:This will configure apparmor to not load on boot
chkconfig boot.apparmor stop <enter>