18.1 DHCP

18.1.1 DHCP Pools Run Out of Available IP Addresses in Subnets With PXE clients

In a network with PXE clients, the embedded PXE Client on the NIC (Network Interface Card) of a system leases an IP address from the DHCP server during the PXE client startup. After the PXE client preboot process is completed, the leased IP address is no longer required but is not released. The IP address is released only after the lease time expires. When the operating system is loaded, the DHCP client of the operating system will also send a DHCP request with the same client hardware address, but a different client identifier.

Since the client identifier of the operating system's DHCP client and the client identifier of the PXE client are different, dhcpd will lease two different IP addresses to the same device. To facilitate the release of the IP address leased to the PXE client, you must reduce the default lease time for the IP addresses allocated to PXE clients during preboot.

  1. Create a class. For more information, see <link to create a class>

  2. Select the newly created class to modify it. In the Conditional Expression field, add the following string:

    match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
    default-lease-time 240;
    max-lease-time 300;
    

    This will set the default lease time to 4 minutes and maximum lease time to 5 minutes. You must ensure that you set the default-lease-time and max-lease-time to a smaller value to facilitate the release of the IP address.

  3. Select the Pool object that you want to influence with the newly created class and add the PXE Class from the Available DHCP Classes to the Allowed DHCP Class for the pool.

  4. Click Settings >Modify.

  5. Add the unknown-clients setting from Available Service Settings to Selected Service Settings.

  6. Set the value of the unknown-clients setting to Allow and click OK.

18.1.2 DHCP Server fails to load and records a “Cannot find host LDAP entry DHCP” error in the log file

Cause: The DHCP Server and DHCP Service objects do not exist.

Action: Use iManager to create the DHCP Server and DHCP Service object. See Section 7.1, Using iManager to Manage DHCP

Cause: The DHCP server and DHCP Service have been created but the association between both of these objects is not set.

Action: Set the DHCP server and DHCP Service association by using the Viewing or Modifying a Service task.

18.1.3 Installing an OES Server inside a container with a separate partition on an existing tree that already has DHCP Server installed on it results in a constraint violation error.

Cause: The Locator object contains a reference to the DHCP servers installed on the eDirectory tree. Information for the newly installed DHCP Server is added to the Locator object. Because of the delay in synchronizing the replica, the Locator object does not find the newly installed DHCP server object inside its own replica.

Action: To resolve this problem, perform one of the following actions:

  • Delete the replica and reinstall the DHCP server.

  • While configuring the newly installed DHCP server, provide the IP address of the OES machine where eDirectory is installed.

18.1.4 The dhcpd.log file is empty

Cause: The dhcpd.log file was probably deleted and the file you see now is the new file.

Action: Execute the rcsyslog restart command

Cause: The syslog-ng.conf file has been modified

Action: Check the /etc/syslog-ng/syslog-ng.conf file for the following lines:

filter f_dhcpd {facility(daemon) and match('^dhcpd:');};
destination dhcpmessages {file(var/log/dhcpd.log);};
log {source(src); filter(f_dhcpd); destination(dhcpmessages);};

Action: If you want to log only to the /var/log/dhcpd.log file, then edit syslog-ng.conf files

Restart the syslog daemon by using the rcsyslog restart command.

18.1.5 The DHCP server failed to Start

Cause: The DHCP server might have been blocked by the AppArmor process.

Action: Run AppArmor in complain mode to see if DHCP server has been blocked. For details on running AppArmor in complain mode, see the Novell AppArmor Administration Guide

Cause: No credentials are set in CASA

Action: Verify the credentials set in CASA by using the CASAcli -l command in the console. If no information is displayed, then set the CASA credentials by using the following command:

KEYVALUE=<DN of runtime user> CASAcli -s -n dhcp-ldap -k CN

KEYVALUE=<password of runtime user> CASAcli -s -n dhcp-ldap -k Password

Action: Verify the credentials set in CASA by using the CASAcli -l command. If dhcp-ldap information is displayed, stop the CASA daemon by using the following command:

rcmicasad stop

Store the username and password details in the /etc/dhcpd.conf file.

For example,

ldap-username "cn=runtimeuser,o=novell";
ldap-password "novell";

Cause: Wrong credentials are set in CASA

Action: Reset the CASA credentials by using the CASAcli tool.

To retrieve the password, run the following commands:

DNS: /opt/novell/named/bin/dns_retrieve_proxy_cred PassWord <file_name>

DHCP: /opt/novell/dhcp/bin/dhcp_retrieve_proxy_cred PassWord <file_name>

NOTE:The retrieved password is stored in the file that you specify.

Cause: DHCP fails to start and throws an error “No subnet declaration for ethx”. Subnet declaration for the interface to which DHCP listens is missing in the configuration.

Action: Declare the same subnet as the DHCP listening interface.

Example 18-1 Example:

If DHCP is listening on the eth0 interface 192.168.1.1, then declare a subnet for 192.168.1.0.

NOTE:If you decide not to manage this subnet by this DHCP server, leave the subnet declaration empty i.e, do not create any pools within this subnet.

18.1.6 The DHCP Server displays Unknown Error on the console

Cause: The details for user (- user) and group (-group) passed as command line arguments do not exist on the local machine.

Action: In the /etc/sysconfig/dhcpd file, set the value of DHCPD_RUN_AS as the local system user.

For example, DHCPD_RUN_AS=<user>.

The <user> parameter corresponds to the local system user. You can create a local system user with the Security and Users> User Management option in YaST.

18.1.7 Permission denied to DHCP server

Cause: The DHCP server might have been blocked by the AppArmor process.

Action: Run AppArmor in complain mode to see if DHCP server has been blocked. For details on running AppArmor in complain mode, see the Novell AppArmor Administration Guide

18.1.8 DHCP Server Displays “Cannot Create New Lease File: Permission Denied” or “/usr/sbin/dhcpd: U<89>Ã¥S<83>ì^T<8b>E^Lèhûúÿ<81>Ã9^[^C: Unknown error 3218701597"

Cause: Permission to /var/run/novell-lum/.nam_nss_sock is not granted to DHCP and/or nscd in the Apparmor profile.

Action: Edit the Apparmor profile of the DHCP server and include /var/run/novell-lum/.nam_nss_sock with read and write permissions.

18.1.9 segfault dhcpd - You get an error “dhcpd: Can't create new lease file: Permission denied” and “dhcpd[8249]: segfault at 0000000000000000 rip 00002abbf999db7f rsp 00007fffb18ea5e0 error 4”

Cause: The db directory might not be owned by the user that is used in /etc/sysconfig/dhcpd in the parameter DHCPD_RUN_AS="dhcpd".

Action: Verify that there is a dhcpd user. For details on resolution see TID 7001158