Sun Microsystems, Inc.
spacerspacer
spacer www.sun.com docs.sun.com |
spacer
black dot
 
 
  Previous   Contents   Next 
   
 
Chapter 11

Troubleshooting DHCP (Reference)

This chapter provides information to help you solve problems you might encounter when you configure a DHCP server or client, or problems in using DHCP after configuration is complete.

The chapter includes the following information:

Troubleshooting DHCP Server Problems

The problems you might encounter when you configure the server fall into the following categories:

  • NIS+, if you choose to use NIS+ for your data store

  • IP address allocation

NIS+ Problems

If you decide to use NIS+ as the DHCP data store, problems you might encounter can be categorized as follows:

  • Cannot select NIS+ as a data store

  • NIS+ is not adequately configured

  • NIS+ access problems due to insufficient permissions and credentials

Cannot Select NIS+ as a Data Store

If you try to use NIS+ as your data store, you might find that DHCP Manager does not offer it as a choice for data store, or dhcpconfig returns a message saying NIS+ does not appear to be installed and running. This means that NIS+ has not been configured for this server, although NIS+ might be in use on the network. Before you can select NIS+ as a data store, the server system must be configured as an NIS+ client.

Before you set up the server as an NIS+ client, the domain must have already been configured and its master server must be running. The master server of the domain's tables should be populated, and the hosts table must have an entry for the new client system (the DHCP server system). "Setting Up NIS+ Client Machines" in System Administration Guide: Naming and Directory Services (FNS and NIS+) provides detailed information about configuring an NIS+ client.

NIS+ Not Adequately Configured

After you successfully use NIS+ with DHCP, you might encounter errors if changes are made to NIS+ and introduce configuration problems. Use the following table to help you determine the cause of configuration problems.

Table 11-1 NIS+ Configuration Problems

Possible Problem

Gather Information

Solution

Root object does not exist in the NIS+ domain.

Enter the following command:

/usr/lib/nis/nisstat

This command displays statistics for the domain. If the root object does not exist, no statistics are returned.

Set up the NIS+ domain using the System Administration Guide: Naming and Directory Services (FNS and NIS+).

NIS+ is not used for passwd and publickey information.

Enter the following command to view the name service switch configuration file:

cat /etc/nsswitch.conf

Check the passwd and publickey entries for the "nisplus" keyword.

Refer to the System Administration Guide: Naming and Directory Services (FNS and NIS+) for information about configuring the name service switch.

The domain name is empty.

Enter the following command:

domainname

If the command lists an empty string, no domain name has been set for the domain.

Use local files for your data store, or set up an NIS+ domain for your network. Refer to System Administration Guide: Naming and Directory Services (FNS and NIS+).

The NIS_COLD_START file does not exist.

Enter the following command on the server system to determine if the file exists:

cat /var/nis/NIS_COLD_START

Use local files for your data store, or create an NIS+ client. Refer to System Administration Guide: Naming and Directory Services (FNS and NIS+).

NIS+ Access Problems

NIS+ access problems might cause error messages about incorrect DES credentials, or inadequate permissions to update NIS+ objects or tables. Use the following table to determine the cause of NIS+ errors you receive.

Table 11-2 NIS+ Access Problems

Possible Problem

Gather Information

Solution

The DHCP server system does not have create access to the org_dir object in the NIS+ domain.

Enter the following command:

nisls -ld org_dir

The access rights are listed in the form r---rmcdrmcdr---, where the permissions apply respectively to nobody, owner, group, and world. The owner of the object is listed next.

Use the nischmod command to change the permissions for org_dir.

For example, to add create access to the group, type the following command:

nischmod g+c org_dir

 

Normally the org_dir directory object provides full (read, modify, create, and destroy) rights to both the owner and the group, while providing only read access to the world and nobody classes.

See the nischmod(1) man page for more information.

 

The DHCP server name must either be listed as the owner of the org_dir object, or be listed as a principal in the group, and that group must have create access. List the group with the command:

nisls -ldg org_dir

 

The DHCP server does not have access rights to create a table under the org_dir object.

Usually, this means the server system's principal name is not a member of the owning group for the org_dir object, or no owning group exists.

Enter this command to find the owning group name:

niscat -o org_dir

Look for a line similar to

Group : "admin.example.com."

List the principal names in the group using the command:

nisgrpadm -l groupname

Add the server system's name to the group using the nisgrpadm command.

For example, to add the server name pacific to the group admin.example.com, type the following command:

nisgrpadm -a admin.example.com pacific.example.com

 

For example:

nisgrpadm -l admin.example.com

The server system's name should be listed as an explicit member of the group or included as an implicit member of the group.

See the nisgrpadm(1) man page for more information.

The DHCP server does not have valid Data Encryption Standard (DES) credentials in the NIS+ cred table.

If this is the problem, an error message states that the user does not have DES credentials in the NIS+ name service.

Use the nisaddcred command to add security credentials for the DHCP server system.

The following example shows how to add DES credentials for the system mercury in the domain example.com:

  

nisaddcred -p unix.mercury@example.com \ -P mercury.example.com. DES example.com.

  

The command prompts for the root password (which is required to generate an encrypted secret key).

See the nisaddcred(1M) man page for more information.

IP Address Allocation Errors

When a client attempts to obtain or verify an IP address, you might see the problems in the following table logged to syslog or in server debug output.

Table 11-3 IP Address Allocation and Lease Problems

Error Message

Explanation

Solution

There is no n.n.n.n dhcp-network table for DHCP client's network.

A client is requesting a specific IP address or seeking to extend a lease on its current IP address but the DHCP server cannot find the DHCP network table for that address.

The DHCP network table might have been deleted mistakenly. You can recreate the network table by adding the network again using DHCP Manager or dhcpconfig.

ICMP ECHO reply to OFFER candidate: n.n.n.n, disabling

The IP address considered for offering to a DHCP client is already in use. This might occur if more than one DHCP server owns the address, or if an address was manually configured for a non-DHCP network client.

Determine the proper ownership of the address and correct either the DHCP server database or the host's network configuration.

ICMP ECHO reply to OFFER candidate: n.n.n.n. No corresponding dhcp network record.

The IP address considered for offering to a DHCP client does not have a record in a network table. This might occur if the IP address record is deleted from the DHCP network table after the address was selected but before the duplicate address check was completed.

Use DHCP Manager or pntadm to view the DHCP network table, and if the IP address is missing, create it with DHCP Manager (choose Create from the Edit menu on the Address tab) or pntadm.

DHCP network record for n.n.n.n is unavailable, ignoring request.

The record for the requested IP address is not in the DHCP network table, so the server is dropping the request.

Use DHCP Manager or pntadm to view the DHCP network table, and if the IP address is missing, create it with DHCP Manager (choose Create from the Edit menu on the Address tab) or pntadm.

n.n.n.n currently marked as unusable.

The requested IP address cannot be offered because it has been marked in the network table as unusable.

You can use DHCP Manager or pntadm to make the address usable.

n.n.n.n was manually allocated. No dynamic address will be allocated.

The client's ID has been assigned a manually allocated address, and that address is marked as unusable. The server cannot allocate a different address to this client.

You can use DHCP Manager or pntadm to make the address usable, or manually allocate a different address to the client.

Manual allocation (n.n.n.n, client ID has n other records. Should have 0.

The client that has the specified client ID has been manually assigned more than one IP address. There should be only one. The server selects the last manually assigned address it finds in the network table.

Use DHCP Manager or pntadm to modify IP addresses to remove the additional manual allocations.

No more IP addresses on n.n.n.n network.

All IP addresses currently managed by DHCP on the specified network have been allocated.

Use DHCP Manager or pntadm to create new IP addresses for this network.

Client: clientid lease on n.n.n.n expired.

The lease was not negotiable and timed out.

Client should automatically restart the protocol to obtain a new lease.

Offer expired for client: n.n.n.n

The server made an IP address offer to the client, but the client took too long to respond and the offer expired.

The client should automatically issue another discover message. If this also times out, increase the cache offer timeout for the DHCP server. In DHCP Manager, choose Modify from the Service menu.

Client: clientid REQUEST is missing requested IP option.

The client's request did not specify the offered IP address, so the DHCP server ignores the request. This might occur if the client is not compliant with the updated DHCP protocol, RFC 2131.

Update client software.

Client: clientid is trying to renew n.n.n.n, an IP address it has not leased.

The IP address recorded in the DHCP network table for this client does not match the IP address that the client specified in its renewal request. The DHCP server does not renew the lease.

This problem occurs if you delete a client's record while the client is still using the IP address.

Use DHCP Manager or pntadm to examine the network table, and correct if necessary. The client's ID should be bound to the specified IP address. If it is not, edit the address properties to add the client ID.

Client: clientid is trying to verify unrecorded address: n.n.n.n, ignored.

The specified client has not been registered in the DHCP network table with this address, so the request is ignored by this DHCP server.

Another DHCP server on the network might have assigned this client the address.

However, you might also have deleted the client's record while the client was still using the IP address.

Use DHCP Manager or pntadm to examine the network table on this server and any other DHCP servers on the network and correct if necessary.

You can also do nothing and allow the lease to expire, after which the client will automatically request a new address lease.

If you want the client to get a new lease immediately, restart the DHCP protocol on the client by typing the following commands:

ifconfig interface dhcp release

ifconfig interface dhcp start

Troubleshooting DHCP Client Configuration Problems

The problems you might encounter with a DHCP client fall into the following categories:

Problems Communicating With DHCP Server

This section describes problems you might encounter as you add DHCP clients to the network.

After you enable the client software and reboot the system, the client tries to reach the DHCP server to obtain its network configuration. If the client fails to reach the server, you might see error messages such as:

DHCP or BOOTP server not responding 

Before you can determine the problem you must gather diagnostic information from both the client and the server and analyze the information. To gather information you can:

  1. Run the client in debug mode.

  2. Run the server in debug mode.

  3. Start snoop to monitor network traffic.

You can do these things separately or concurrently.

The information you gather can help you determine if the problem is with the client, server, or a relay agent, and then you can find a solution.

How to Run the DHCP Client in Debug Mode

If you have a client that is not a Solaris DHCP client, refer to the client's documentation for information about how to run the client in debug mode.

If you have a Solaris DHCP client, use the following steps.

  1. Become superuser on the client system.

  2. Type the following commands to kill the DHCP client daemon and restart it in debug mode:
    # pkill -x dhcpagent
    # /sbin/dhcpagent -d1 -f &
    # ifconfig interface dhcp start

    When run in debug mode, the client daemon displays messages to your screen as it performs DHCP requests. See "DHCP Client Debug Output" for information about client debug output.

 
 
 
  Previous   Contents   Next