Section 18.1.2, The dhcpd server Fails to Start and Reports an Unknown Key Error
Section 18.1.3, DHCP Pools Run Out of Available IP Addresses in Subnets With PXE Clients
Section 18.1.4, DHCP Server Fails to Start After Upgrade to OES 2018 or later
Section 18.1.9, The DHCP Server Displays Unknown Error on the Console
Cause: DHCP service configured with service proxy fails to come up after upgrading to OES 2018 or later. This is because the service proxy users are not migrated to OES Credential Store (OCS).
Action: To resolve this issue, perform the following:
Login as root user.
Run yast2 novell-dhcp and then enter eDirectory user password.
Specify the LDAP user password.
Click Next and continue with DHCP configuration.
Start the DHCP service by using the following command:
systemctl start dhcpd.service
Verify the DHCP service is up and running by using the following command:
systemctl status dhcpd.service
Verify the service entry is present in OES Credential Store by using the following command:
oescredstore -l
When you start the dhcpd process on the terminal, an error is reported that contains the following text:
unknown key <key_name>
Here key_name is the TSIG key that is defined in java console.
This error is received because the TSIG key with the same name is associated with different services. To avoid this error, you must associate a different key with each service and ensure that the keyname is also unique for each service.For example, assume that there are two services in Java Console named "Employee" and "Students". Both these services have their own pools, subnets, and one TSIG key associated with each service. If the TSIG keyname is same across both the services, the DHCP server might fail to start. To avoid this error, ensure that the keyname is different for both these services.
In a network with PXE clients, the embedded PXE client on the Network Interface Card (NIC) of a system leases an IP address from the DHCP server during the PXE client startup. After the PXE client preboot process is completed, the leased IP address is no longer required but is not released. The IP address is released only after the lease time expires. When the operating system is loaded, the DHCP client of the operating system will also send a DHCP request with the same client hardware address, but a different client identifier.
Since the client identifier of the operating system's DHCP client and the PXE client are different, dhcpd will lease two different IP addresses to the same device. To facilitate the release of the IP address leased to the PXE client, you must reduce the default lease time for the IP addresses allocated to PXE clients during preboot.
Create a class. For more information, see Section 7.1.9, Class Management.
Select the newly created class to modify it. In the Conditional Expression field, add the following string:
match if substring (option vendor-class-identifier, 0, 9) = "PXEClient"; default-lease-time 240; max-lease-time 300;
This will set the default lease time to 4 minutes and maximum lease time to 5 minutes. You must ensure that you set the default-lease-time and max-lease-time to a small value to facilitate the release of the IP address.
After an upgrade to OES 2018 or later, the DHCP server may fail to start if the value of the DHCPD_INTERFACE variable gets updated to eth-id<mac address> format. The following error message is displayed in this case:
No subnet declaration for eth-id-<mac address>
To start the DHCP server, modify the value of the DHCPD_INTERFACE in the /etc/sysconfig/dhcpd file to an interface name such as eth0 or eth1.
Cause: The DHCP Server and DHCP Service objects do not exist.
Action: Use Java Console to create the DHCP Server and DHCP Service object.
Cause: The DHCP server and DHCP Service have been created but the association between both of these objects is not set.
Action: Set the DHCP server and DHCP Service association.
Cause: The Locator object contains a reference to the DHCP servers installed on the eDirectory tree. Information for the newly installed DHCP Server is added to the Locator object. Because of the delay in synchronizing the replica, the Locator object does not find the newly installed DHCP server object inside its own replica.
Action: To resolve this problem, perform one of the following actions:
Delete the replica and reinstall the DHCP server.
While configuring the newly installed DHCP server, provide the IP address of the OES machine where eDirectory is installed.
Cause: The dhcpd.log file was probably deleted and the file you see now is the new file.
Action: Execute the rcsyslog restart command
Cause: The syslog-ng.conf file has been modified
Action: Check the /etc/syslog-ng/syslog-ng.conf file for the following lines:
filter f_dhcpd {facility(daemon) and match('^dhcpd:');};
destination dhcpmessages {file(var/log/dhcpd.log);};
log {source(src); filter(f_dhcpd); destination(dhcpmessages);};
Action: If you want to log only to the /var/log/dhcpd.log file, then edit syslog-ng.conf files
Restart the syslog daemon by using the rcsyslog restart command.
Cause: The DHCP server might have been blocked by the AppArmor process.
Action: Run AppArmor in complain mode to see if DHCP server has been blocked. For details on running AppArmor in complain mode, see the Novell AppArmor Administration Guide
Cause: No credentials are set in OES Credential Store.
Action: Verify the credentials set in OES Credential Store by using the oescredstore -l command in the console. If no information is displayed, then set the OES Credential Store credentials by using the following command:
oescredstore -s -n dhcp-ldap -u <username> -p <password>
For example, to set the credentials of the runtime admin dhcpadmin, execute the following command:
oescredstore -s -n dhcp-ldap -u cn=dhcpadmin,o=novell -p Password
Store the username and password details in the /etc/dhcpd.conf file.
For example,
ldap-username "cn=runtimeuser,o=novell"; ldap-password "novell";
Cause: Wrong credentials are set in OES Credential Store.
Action: Reset the OES Credential Store credentials by using the oescredstore tool.
To retrieve the password, run the following commands:
DNS: /opt/novell/named/bin/dns_retrieve_proxy_cred PassWord <file_name>
DHCP: /opt/novell/dhcp/bin/dhcp_retrieve_proxy_cred PassWord <file_name>
NOTE:The retrieved password is stored in the file that you specify.
Cause: DHCP fails to start and throws an error “No subnet declaration for ethx”. Subnet declaration for the interface to which DHCP listens is missing in the configuration.
Action: Declare the same subnet as the DHCP listening interface.
Example 18-1 Example:
If DHCP is listening on the eth0 interface 192.168.1.1, then declare a subnet for 192.168.1.0.
NOTE:If you decide not to manage this subnet by this DHCP server, leave the subnet declaration empty i.e, do not create any pools within this subnet.
Unknown Erroron the Console
Cause: The details for user (- user) and group (-group) passed as command line arguments do not exist on the local machine.
Action: In the /etc/sysconfig/dhcpd file, set the value of DHCPD_RUN_AS as the local system user.
For example, DHCPD_RUN_AS=<user>.
The <user> parameter corresponds to the local system user. You can create a local system user using the Security and Users> User Management option in YaST.
Cause: The DHCP server might have been blocked by the AppArmor process.
Action: Run AppArmor in complain mode to see if DHCP server has been blocked. For details on running AppArmor in complain mode, see the Novell AppArmor Administration Guide
Cause: Permission to /var/run/novell-lum/.nam_nss_sock is not granted to DHCP or nscd in the Apparmor profile.
Action: Edit the Apparmor profile of the DHCP server and include /var/run/novell-lum/.nam_nss_sock with read and write permissions.
Cause: The db directory might not be owned by the user that is used in /etc/sysconfig/dhcpd in the parameter DHCPD_RUN_AS="dhcpd".
Action: Verify that there is a dhcpd user. For details on resolution see TID 7001158