18.1 DHCP

18.1.1 DHCP Does Not Come Up After Upgrading to OES 2018 or later if Service Proxy is Configured

Cause: DHCP service configured with service proxy fails to come up after upgrading to OES 2018 or later. This is because the service proxy users are not migrated to OES Credential Store (OCS).

Action: To resolve this issue, perform the following:

  1. Login as root user.

  2. Run yast2 novell-dhcp and then enter eDirectory user password.

  3. Specify the LDAP user password.

  4. Click Next and continue with DHCP configuration.

  5. Start the DHCP service by using the following command:

    systemctl start dhcpd.service

  6. Verify the DHCP service is up and running by using the following command:

    systemctl status dhcpd.service

  7. Verify the service entry is present in OES Credential Store by using the following command:

    oescredstore -l

18.1.2 The dhcpd server Fails to Start and Reports an Unknown Key Error

When you start the dhcpd process on the terminal, an error is reported that contains the following text:

unknown key <key_name>

Here key_name is the TSIG key that is  defined in java console.

This error is received because the TSIG key with the same name is associated with different services. To avoid this error, you must associate a different key with each service and ensure that the keyname is also unique for each service.For example, assume that there are two services in Java Console named "Employee" and "Students". Both these services have their own pools, subnets, and one TSIG key associated with each service. If the TSIG keyname is same across both the services, the DHCP server might fail to start. To avoid this error, ensure that the keyname is different for both these services.

18.1.3 DHCP Pools Run Out of Available IP Addresses in Subnets With PXE Clients

In a network with PXE clients, the embedded PXE client on the Network Interface Card (NIC) of a system leases an IP address from the DHCP server during the PXE client startup. After the PXE client preboot process is completed, the leased IP address is no longer required but is not released. The IP address is released only after the lease time expires. When the operating system is loaded, the DHCP client of the operating system will also send a DHCP request with the same client hardware address, but a different client identifier.

Since the client identifier of the operating system's DHCP client and the PXE client are different, dhcpd will lease two different IP addresses to the same device. To facilitate the release of the IP address leased to the PXE client, you must reduce the default lease time for the IP addresses allocated to PXE clients during preboot.

  1. Create a class. For more information, see Section 7.1.9, Class Management.

  2. Select the newly created class to modify it. In the Conditional Expression field, add the following string:

    match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
    default-lease-time 240;
    max-lease-time 300;

    This will set the default lease time to 4 minutes and maximum lease time to 5 minutes. You must ensure that you set the default-lease-time and max-lease-time to a small value to facilitate the release of the IP address.

18.1.4 DHCP Server Fails to Start After Upgrade to OES 2018 or later

After an upgrade to OES 2018 or later, the DHCP server may fail to start if the value of the DHCPD_INTERFACE variable gets updated to eth-id<mac address> format. The following error message is displayed in this case:

No subnet declaration for eth-id-<mac address>

To start the DHCP server, modify the value of the DHCPD_INTERFACE in the /etc/sysconfig/dhcpd file to an interface name such as eth0 or eth1.

18.1.5 DHCP Server Fails to Load and Records a “Cannot find host LDAP entry DHCP” Error in the Log File

Cause: The DHCP Server and DHCP Service objects do not exist.

Action: Use Java Console to create the DHCP Server and DHCP Service object.

Cause: The DHCP server and DHCP Service have been created but the association between both of these objects is not set.

Action: Set the DHCP server and DHCP Service association.

18.1.6 Installing an OES Server Inside a Container With a Separate Partition on an Existing Tree That Already has DHCP Server Installed on it Results in a Constraint Violation Error.

Cause: The Locator object contains a reference to the DHCP servers installed on the eDirectory tree. Information for the newly installed DHCP Server is added to the Locator object. Because of the delay in synchronizing the replica, the Locator object does not find the newly installed DHCP server object inside its own replica.

Action: To resolve this problem, perform one of the following actions:

  • Delete the replica and reinstall the DHCP server.

  • While configuring the newly installed DHCP server, provide the IP address of the OES machine where eDirectory is installed.

18.1.7 The dhcpd.log file is Empty

Cause: The dhcpd.log file was probably deleted and the file you see now is the new file.

Action: Execute the rcsyslog restart command

Cause: The syslog-ng.conf file has been modified

Action: Check the /etc/syslog-ng/syslog-ng.conf file for the following lines:

filter f_dhcpd {facility(daemon) and match('^dhcpd:');};
destination dhcpmessages {file(var/log/dhcpd.log);};
log {source(src); filter(f_dhcpd); destination(dhcpmessages);};

Action: If you want to log only to the /var/log/dhcpd.log file, then edit syslog-ng.conf files

Restart the syslog daemon by using the rcsyslog restart command.

18.1.8 The DHCP Server Failed to Start

Cause: The DHCP server might have been blocked by the AppArmor process.

Action: Run AppArmor in complain mode to see if DHCP server has been blocked. For details on running AppArmor in complain mode, see the Novell AppArmor Administration Guide

Cause: No credentials are set in OES Credential Store.

Action: Verify the credentials set in OES Credential Store by using the oescredstore -l command in the console. If no information is displayed, then set the OES Credential Store credentials by using the following command:

oescredstore -s -n dhcp-ldap -u <username> -p <password>

For example, to set the credentials of the runtime admin dhcpadmin, execute the following command:

oescredstore -s -n dhcp-ldap -u cn=dhcpadmin,o=novell -p Password

Store the username and password details in the /etc/dhcpd.conf file.

For example,

ldap-username "cn=runtimeuser,o=novell";
ldap-password "novell";

Cause: Wrong credentials are set in OES Credential Store.

Action: Reset the OES Credential Store credentials by using the oescredstore tool.

To retrieve the password, run the following commands:

DNS: /opt/novell/named/bin/dns_retrieve_proxy_cred PassWord <file_name>

DHCP: /opt/novell/dhcp/bin/dhcp_retrieve_proxy_cred PassWord <file_name>

NOTE:The retrieved password is stored in the file that you specify.

Cause: DHCP fails to start and throws an error “No subnet declaration for ethx”. Subnet declaration for the interface to which DHCP listens is missing in the configuration.

Action: Declare the same subnet as the DHCP listening interface.

Example 18-1 Example:

If DHCP is listening on the eth0 interface 192.168.1.1, then declare a subnet for 192.168.1.0.

NOTE:If you decide not to manage this subnet by this DHCP server, leave the subnet declaration empty i.e, do not create any pools within this subnet.

18.1.9 The DHCP Server Displays Unknown Error on the Console

Cause: The details for user (- user) and group (-group) passed as command line arguments do not exist on the local machine.

Action: In the /etc/sysconfig/dhcpd file, set the value of DHCPD_RUN_AS as the local system user.

For example, DHCPD_RUN_AS=<user>.

The <user> parameter corresponds to the local system user. You can create a local system user using the Security and Users> User Management option in YaST.

18.1.10 Permission Denied to DHCP Server

Cause: The DHCP server might have been blocked by the AppArmor process.

Action: Run AppArmor in complain mode to see if DHCP server has been blocked. For details on running AppArmor in complain mode, see the Novell AppArmor Administration Guide

18.1.11 DHCP Server Displays “Cannot Create New Lease File: Permission Denied” or “/usr/sbin/dhcpd: U<89>Ã¥S<83>ì^T<8b>E^Lèhûúÿ<81>Ã9^[^C: Unknown error 3218701597"

Cause: Permission to /var/run/novell-lum/.nam_nss_sock is not granted to DHCP or nscd in the Apparmor profile.

Action: Edit the Apparmor profile of the DHCP server and include /var/run/novell-lum/.nam_nss_sock with read and write permissions.

18.1.12 segfault dhcpd - You get an error “dhcpd: Can't create new lease file: Permission denied” and “dhcpd[8249]: segfault at 0000000000000000 rip 00002abbf999db7f rsp 00007fffb18ea5e0 error 4”

Cause: The db directory might not be owned by the user that is used in /etc/sysconfig/dhcpd in the parameter DHCPD_RUN_AS="dhcpd".

Action: Verify that there is a dhcpd user. For details on resolution see TID 7001158