FNS Problems and Solutions

This section presents problem scenarios with a description of probable causes, diagnoses, and solutions.

See "FNS Error Messages" for general information about FNS error messages.

Cannot Obtain Initial Context

Symptom:

You get the message Cannot obtain initial context.

Possible Cause:

This is caused by an installation problem.

Diagnosis:

Check that FNS has been installed properly by looking for the file, /usr/lib/fn/fn_ctx_initial.so.

Solution:

Install the fn_ctx_initial.so library.

Nothing in Initial Context

Symptom:

When you run fnlist to see what is in the initial context, you see nothing.

Possible Cause:

This is caused by an NIS+ configuration problem. The organization associated with the user and machine running the fn* commands do not have an associated ctx_dir directory.

Diagnosis:

Use the nisls command to see whether there is a ctx_dir directory.

Solution:

If there is no ctx_dir directory, run fncreate -t org/nis+_domain_name/ to create the ctx_dir directory.

"No Permission" Messages (FNS)

Symptom:

You get no permission messages.

Possible Cause:

"No permission" messages mean that you do not have access to perform the command.

Diagnosis:

Check permission using the appropriate NIS+ commands, described in "Advanced FNS and NIS+ Issues". Use the nisdefaults command to determine your NIS+ principal name.

Another area to check is whether you are using the right name. For example, org// names the context of the root organization. Make sure you have permission to manipulate the root organization. Or maybe you meant to specify myorgunit/, instead.

Solution:

If you do have permission, then the appropriate credentials probably have not been acquired.

This could be caused by the following:

A keylogin has not been performed (defaults to NIS+ principal "nobody")
A keylogin was made to a source other than NIS+

Check that the /etc/nsswitch.conf file has a publickey: nisplus entry. This might manifest itself as an authentication error.

`fnlist` Does not List Suborganizations

Symptom:

You run fnlist with an organization name, expecting to see suborganizations, but instead see nothing.

Possible Cause:

This is caused by an NIS+ configuration problem. Suborganizations must be NIS+ domains. By definition, an NIS+ domain must have a subdirectory named org_dir.

Diagnosis:

Use the nisls command to see what subdirectories exist. Run nisls on each subdirectory to verify which subdirectories have an org_dir. The subdirectories with an org_dir are suborganizations.

Solution:

Not applicable.

Cannot Create Host- or User-related Contexts

Symptom:

When you run fncreate -t for the user, username, host, or hostname contexts, nothing happens.

Possible Cause:

You have not set the NIS_GROUP environment variable. When you create a user or host context it is owned by the host or user, and not by the administrator who set up the namespace. Therefore, fncreate requires that the NIS_GROUP variable be set to enable the administrators who are part of that group to subsequently manipulate the contexts.

Diagnosis:

Check the NIS_GROUP environment variable.

Solution:

The NIS_GROUP environment variable should be set to the group name of the administrators who will administer the contexts.


25. Federated Naming Service (FNS) Policies for the Global Namespace Federating X.500/LDAP


	FNS Problems and Solutions This section presents problem scenarios with a description of probable causes, diagnoses, and solutions. See "FNS Error Messages" for general information about FNS error messages. Cannot Obtain Initial Context Symptom: You get the message `Cannot obtain initial context`. Possible Cause: This is caused by an installation problem. Diagnosis: Check that FNS has been installed properly by looking for the file, `/usr/lib/fn/fn_ctx_initial.so`. Solution: Install the `fn_ctx_initial.so` library. Nothing in Initial Context Symptom: When you run `fnlist` to see what is in the initial context, you see nothing. Possible Cause: This is caused by an NIS+ configuration problem. The organization associated with the user and machine running the `fn` commands do not have an associated `ctx_dir` directory. Diagnosis: Use the `nisls` command to see whether there is a `ctx_dir` directory. Solution: If there is no `ctx_dir` directory, run `fncreate -t org/`nis+_domain_name`/` to create the `ctx_dir` directory. "No Permission" Messages (FNS) Symptom: You get `no permission` messages. Possible Cause: "No permission" messages mean that you do not have access to perform the command. Diagnosis: Check permission using the appropriate NIS+ commands, described in "Advanced FNS and NIS+ Issues". Use the `nisdefaults` command to determine your NIS+ principal name. Another area to check is whether you are using the right name. For example, `org//` names the context of the root organization. Make sure you have permission to manipulate the root organization. Or maybe you meant to specify `myorgunit/`, instead. Solution: If you do have permission, then the appropriate credentials probably have not been acquired. This could be caused by the following: A `keylogin` has not been performed (defaults to NIS+ principal "nobody") A `keylogin` was made to a source other than NIS+ Check that the `/etc/nsswitch.conf` file has a `publickey: nisplus` entry. This might manifest itself as an authentication error. `fnlist` Does not List Suborganizations Symptom: You run `fnlist` with an organization name, expecting to see suborganizations, but instead see nothing. Possible Cause: This is caused by an NIS+ configuration problem. Suborganizations must be NIS+ domains. By definition, an NIS+ domain must have a subdirectory named `org_dir`. Diagnosis: Use the `nisls` command to see what subdirectories exist. Run `nisls` on each subdirectory to verify which subdirectories have an `org_dir`. The subdirectories with an `org_dir` are suborganizations. Solution: Not applicable. Cannot Create Host- or User-related Contexts Symptom:* When you run `fncreate` `-t` for the `user`, `username`, `host`, or `hostname` contexts, nothing happens. Possible Cause: You have not set the `NIS_GROUP` environment variable. When you create a user or host context it is owned by the host or user, and not by the administrator who set up the namespace. Therefore, `fncreate` requires that the `NIS_GROUP` variable be set to enable the administrators who are part of that group to subsequently manipulate the contexts. Diagnosis: Check the `NIS_GROUP` environment variable. Solution: The `NIS_GROUP` environment variable should be set to the group name of the administrators who will administer the contexts.

FNS Problems and Solutions

Cannot Obtain Initial Context

Nothing in Initial Context

"No Permission" Messages (FNS)

fnlist Does not List Suborganizations

Cannot Create Host- or User-related Contexts

`fnlist` Does not List Suborganizations