About NIS+ and FNS Error Messages

Some of the error messages documented in this chapter are documented more fully in the appropriate man pages.

FNS messages are encapsulated in the FN_status_t object as status codes. See the FN_status_t(3) man page for the corresponding status codes

Error Message Context

Error messages may appear in pop-up windows, shell tool command lines, user console window, the syslog file, or in log files. You can raise or lower the severity threshold level for reporting error conditions in your /etc/syslog.conf file.

In the most cases, the error messages that you see are generated by the commands you issued or the container object (table or directory) your command is addressing. However, in some cases an error message may be

generated by a server invoked in response to your command (these messages usually show in syslog). For example, a "permission denied" message most likely refers to you, or the machine you are using, but it could also be caused by software on a server not having the correct permissions to carry out some function passed on to it by your command or your machine.

Similarly, some commands cause a number of different NIS+ objects to be searched or queried. Some of these objects may not be obvious. Any one of these objects could return an error message regarding permissions, read-only state, unavailability, and so forth. In such cases the message may or may not be able to inform you of which object the problem occurred in.

In normal operation, the NIS+ software and servers make routine NIS+ function calls. Sometimes those calls fail and in doing so generate an error message. It occasionally happens that before a client or server processes your most recent command, some other NIS+ call fails and you see the resulting error message. Such a message might appear as if it were in response to your command, when in fact it is in response to some other operation.

---

Note - When working with an NIS+ namespace you may encounter error messages generated by remote procedure calls. These RPC error messages are not documented here. Check your system documentation.

---

Context-Sensitive Meanings

A single NIS+ error message may have slightly different meanings depending on which part of the NIS+ software generated the message. For example, when a "Not Found" type message is generated by the nisls command it means that there are no NIS+ objects that have the specified name, but when it is generated by the nismatch command it means that no table entries were found that meet the search criteria.

How Error Messages Are Alphabetized

Some error messages may be preceded by a character string (a name or a number) or by the name of the routine that generated the error message. In some cases a character string may also follow an error message. In this appendix, these variable strings are indicated by an italic typeface.

The error messages in this appendix are sorted alphabetically according to the following rules:

• Capitalization is ignored. Thus, messages that begin with "A" and "a" are alphabetized together.
• Nonalphabetic symbols are ignored. Thus, a message that begins with _svcauth_des is listed with the other messages that begin with the letter "S."
• Many messages contain variable strings such as user IDs, domain names, host names, and so forth. Because variables could be anything, they are not included in the sorting of the messages listed in this appendix. For example, the actual message Sales: is not a table would be listed in this appendix as: name: is not a table and would be alphabetized under the letter "I" for the first nonvariable letter.
• Error messages that begin with asterisks, such as **ERROR: domainname does not exist, are generated by the NIS+ installation and setup scripts. They are alphabetized according to their first letter, ignoring the asterisks.

Some of the error messages documented in this chapter are documented more fully in the appropriate man pages.

Common NIS+ and FNS Error Messages

abort_transaction: Failed to action NIS+ objectname
  The abort_transaction routine failed to back out of an incomplete
  transaction due to a server crash or some other unrecoverable error. See
  "Namespace Database Problems" on page 311 for further information.

abort_transaction: Internal database error
abort_transaction: Internal error, log entry corrupt NIS+
objectname

These two messages indicate some form of corruption in a namespace database or log. See "Namespace Database Problems" on page 311 for additional information.

add_cleanup: Cant allocate more rags.
  This message indicates that your system is running low on available
  memory. See "Insufficient Memory" on page 337 for information on
  insufficient memory problems.

add_pingitem: Couldn't add directoryname to pinglist (no
memory)

See "Insufficient Memory" on page 337 for information on low memory problems.

add_update: Attempt add transaction from read only child.
add_update Warning: attempt add transaction from read only
child
  An attempt by a read-only child rpc.nisd process to add an entry to a log.
  An occasional appearance of this message in a log is not serious. If this
  message appears frequently, contact the Sun Solutions Center.

Attempting to free a free rag!

This message indicates a software problem with rpc.nisd. The rpc.nisd should have aborted. Run ps -ef | grep rpc.nisd to see if rpc.nisd is still running. If it is, kill it and restart it with the same options as previously used. If it is not running, restart it with the same options as previously used. Check /var/nis to see if a core file has been dumped. If there is a core file, delete it.

Attempt to remove a non-empty table

An attempt has been made by nistbladm to remove an NIS+ table that still contains entries. Or by nisrmdir to remove a directory that contains files or subdirectories. If you are trying to delete a directory, use nisls -lR to check for existing files or subdirectories and delete them first. If you are trying to delete a table, use niscat to check the contents of the table and nistbladm to delete any existing contents.

This message is generated by the NIS+ error code constant: NIS_NOTEMPTY. See the nis_tables man page for additional information.

attribute no permission

FNS error message. The caller did not have permission to perform the attempted attribute operation.

attribute value required

  FNS error message. The operation attempted to create an attribute without a
  value, and the specific naming system does not allow this.

authdes_marshal: DES encryption failure

DES encryption for some authentication data failed. Possible causes:

• Corruption of a library function or argument.
• A problem with a DES encryption chip, if you are using one.

Call the Sun Solutions Center for assistance.

authdes_refresh: keyserv is unable to encrypt session key

The keyserv process was unable to encrypt the session key with the public key that it was given. See "Keyserv Failure" on page 328 for additional information.

authdes_refresh: unable to encrypt conversation key

The keyserv process could not encrypt the session key with the public key that was given. This usually requires some action on your part. Possible causes are:

• The keyserv process is dead or not responding. Use ps -ef to check whether the keyserv process is running on the keyserv host. If it is not, then start it, and then run keylogin.
• The client has not performed a keylogin. Do a keylogin for the client and see if that corrects the problem.
• The client host does not have credentials. Run nismatch on the client's home domain cred table to see if the client host has the proper credentials. If it does not, create them.
• A DES encryption failure. See the authdes_marshal: DES encryption failure error message).

See "Security Problems" on page 321 for additional information regarding security key problems.

authdes_refresh: unable to synchronize clock

  This indicates a synchronization failure between client and server clocks.
  This will usually correct itself. However, if this message is followed by any
  time stamp related error, you should manually resynchronize the clocks. If
  the problem reoccurs, check that remote rpcbind is functioning correctly.

authdes_refresh: unable to synch up w/server

The client-server clock synchronization has failed. This could be caused by the rpcbind process on the server not responding. Use ps -ef on the server to see if rpcbind is running. If it is not, restart it. If this error message is followed by any time stamp-related message, then you need use rdate servername to manually resync the client clock to the server clock.

authdes_seccreate: keyserv is unable to generate session
key

This indicates that keyserv was unable to generate a random DES key for this session. This requires some action on your part:

• Check to make sure that keyserv is running properly. If it is not, restart it along with all other long-running processes that use Secure RPC or make NIS+ calls such as automountd, rpc.nisd and sendmail. Then do a keylogin.
• If keyserv is up and running properly, restart the process that logged this error.

authdes_seccreate: no public key found for servername

The client side cannot get a DES credential for the server named servername. This requires some action on your part:

• Check to make sure that servername has DES credentials. If it does not, create them.
• Check the switch configuration file to see which name service is specified and then make sure that service is responding. If it is not responding, restart it.

authdes_seccreate: out of memory

See "System Resource Problems" on page 337 for information on insufficient memory problems.

authdes_seccreate: unable to gen conversation key

The keyserv process was unable to generate a random DES key. The most likely cause is that the keyserv process is down or otherwise not responding. Use ps -ef to check whether the keyserv process is running on the keyserv host. If it is not, then start it and then run keylogin.

If restarting keyserv fails to correct the problem, it may be that other processes that use Secure RPC or make NIS+ calls are not running (for example, automountd, rpc.nisd, or sendmail). Check to see whether these processes are running, if they are not, restart them.

See "Security Problems" on page 321 for additional information regarding security key problems.

authdes_validate: DES decryption failure
  See authdes_marshal: DES decryption failure on page 353.

authdes_validate: verifier mismatch

The time stamp that the client sent to the server does not match the one received from the server. (This is not recoverable within a Secure RPC session. Possible causes:

• Corruption of the session key or time stamp data in the client or server cache
• The server deleted from this cache a session key for a still active session.
• Network data corruption.

Try re-executing the command.

authentication failure

FNS error message. The operation could not be completed because the principal making the request cannot be authenticated with the name service involved. If the service is NIS+, check that you are identified as the correct principal (run the command nisdefaults) and that your machine has specified the correct source for publickeys. Check that the /etc/nsswitch.conf file has the entry, publickey: nisplus.

bad reference

  FNS error message. FNS could not interpret the contents of the reference.
  This may result if the contents of the reference has been corrupted or when
  the reference identifies itself as an FNS reference, but FNS doesn't know
  how to decode it.

CacheBind: xdr_directory_obj failed.

The most likely causes for this message are:

• Bad or incorrect parameters being passed to the xdr_directory_obj routine. Check the syntax and accuracy of whatever command you most recently entered.
• An attempt to allocate system memory failed. See "Insufficient Memory" on page 337 for a discussion of memory problems.
• If your command syntax is correct, and your system does not seem to be short of memory, contact the Sun Solutions Center.

Cache expired

The entry returned came from an object cache that has expired. This means that the time-to-live value has gone to zero and the entry may have changed. If the flag NO_CACHE was passed to the lookup function, then the lookup function will retry the operation to get an unexpired copy of the object.

This message is generated by the NIS+ error code constant: NIS_CACHEEXPIRED. See the nis_tables and nis_names man pages for additional information.

Callback: - select failed message number

  An internal system call failed. In most cases this problem will correct itself.
  If it does not correct itself, make sure that rpc.nisd has not been aborted.
  If it has, restart it. If the problem reoccurs frequently, contact the Sun
  Solutions Center.

CALLBACK_SVC: bad argument

An internal system call failed. In most cases this problem will correct itself. If it does not correct itself, make sure that rpc.nisd has not been aborted. If it has, restart it. If the problem reoccurs frequently, contact the Sun Solutions Center.

Cannot grow transaction log error string-variable

  The system cannot add to the log file. The reason is indicated by the string-
  variable. The most common cause of this message is lack of disk space. See
  "Insufficient Disk Space" on page 338.

Cannot obtain Initial Context

FNS error message. Indicates an installation problem. See "Cannot Obtain Initial Context" on page 343.

Cannot truncate transaction log file

An attempt has been made to checkpoint the log, and the rpc.nisd daemon is trying to shrink the log file after deleting the checkpointed entries from the log. See the ftruncate man pages for a description of various factors that might cause this routine to fail. See also "Namespace Database Problems" on page 311.

Cannot write one character to transaction log, error message

An attempt has been made by the rpc.nisd daemon to add an update from the current transaction into the transaction log, and the attempt has failed for the reason given in the message that has been returned by the function. Additional information may be obtained from the write routine's man page.

Can't compile regular expression variable

Returned by the nisgrep command when the expression in keypat was malformed.

Can't find name service for passwd

Either there is no nsswitch.conf file or there is no passwd entry in the file, or the passwd entry does not make sense or is not one of the allowed formats.

Can't find name's secret key

Possible causes:

• You may have incorrectly types the password.
• There may be no entry for name in the cred table.

• NIS+ could not decrypt the key (possibly because the entry might be corrupt).
• The nsswitch.conf file may be directing the query to a local password in an /etc/passwd file that is different than the NIS+ password recorded in the cred table.

See "Security Problems" on page 321 for information on diagnosing and solving these type of problem.

checkpoint_log: Called from read only child ignored.

  This is simply a status message indicating that a read-only process
  attempted to perform an operation restricted to the parent process, and the
  attempt was aborted. No action need be taken.

checkpoint_log: Unable to checkpoint, log unstable.
  An attempt was made to checkpoint a log that was not in a stable state.
  (That is, the log was in a resync, update, or checkpoint state.) Wait until the
  log is stable, and then rerun the nisping command.

check_updaters: Starting resync.

This is simply a system status message. No action need be taken.

Child process requested to checkpoint!

This message indicates a minor software problem that the system is capable of correcting. If these messages appear often, you can change the threshold level in your /etc/syslog.conf file. See the syslog.conf man page for details.

Column not found: columnname

  The specified column does not exist in the specified table.

communication failure

FNS error message. FNS could not communicate with the name service to complete the operation.

configuration error

An error resulted because of configuration problems. Examples:

(1) the bindings table are removed out-of-band (outside of FNS).

(2) a host is in the NIS+ hosts directory object but does not have a corresponding FNS host context.

context not empty

  FNS error message. An attempt has been made to remove a context that still
  contains bindings.

continue operation using status values

FNS error message. The operation should be continued using the remaining name and the resolved reference returned in the status.

Could not find string-variable's secret key

Possible causes:

• You may have incorrectly typed the password.
• There may be no entry for name in the cred table.
• NIS+ could not decrypt the key (possibly because the entry might be corrupt)
• The nsswitch.conf file may have the wrong publickey policy. It may be directing the query to a local public key in an /etc/publickey file that is different from the NIS+ password recorded in the cred table.

See "Security Problems" on page 321 for information on diagnosing and solving these types of problem.

Could not generate netname

The Secure RPC software could not generate the Secure RPC netname for your UID when performing a keylogin. This could be due to the following causes:

• You do not have LOCAL credentials in the NIS+ cred table of the machine's home domain.
• You have a local entry in /etc/passwd with a UID that is different from the UID you have in the NIS+ passwd table.

String-variable: could not get secret key for 'string-variable'

Possible causes:

• You may have incorrectly typed the password.
• There may be no entry for name in the cred table.

• NIS+ could not decrypt the key (possibly because the entry might be corrupt)
• The nsswitch.conf file may have the wrong publickey policy. It may be directing the query to a local publickey in an /etc/publickey file that is different from the NIS+ password recorded in the cred table.

See "Security Problems" on page 321 for information on diagnosing and solving these type of problem.

Couldn't fork a process!

The server could not fork a child process to satisfy a callback request. This is probably caused by your system reaching its maximum number of processes. You can kill some unneeded processes, or increase the number of processes your system can handle. See "Insufficient Processes" on page 338 for additional information.

Couldn't parse access rights for column string-variable

This message is usually returned by the nistbladm -u command when something other than a + (plus sign), a - (minus sign), or an = (equal sign) is entered as the operator. Other possible causes are failure to separate different column rights with a comma, or the entry of something other than r,d,c, or m for the type of permission. Check the syntax for this type of entry error. If everything is entered correctly and you still get this error, the table might have been corrupted.

Database for table does not exist
  At attempt to look up a table has failed. See "Object Not Found Problems"
  on page 314 for possible causes.

This message is generated by the NIS+ error code constant: NIS_NOSUCHTABLE. See the nis_tables and nis_names man pages for additional information.

_db_add: child process attempting to add/modify
_db_addib: non-parent process attempting an add

These messages indicate that a read-only or nonparent process attempted to add or modify an object in the database. In most cases, these messages do not require any action on your part. If these messages are repeated frequently, call the Sun Solutions Center.

db_checkpoint: Unable to checkpoint string-variable
  This message indicates that for some reason NIS+ was unable to complete
  checkpointing of a directory. The most likely cause is that the disk is full See
  "Insufficient Disk Space" on page 338 for additional information).

_db_remib: non-parent process attempting an remove
_db_remove: non-parent process attempting a remove
  These messages indicate that a read-only or non-parent process attempted to
  remove a table entry. In most cases, these messages do not require any
  action on your part. If these messages are repeated frequently, call the Sun
  Solutions Center.

Do you want to see more information on this command?

This indicates that there is a syntax or spelling error on your script command line.

Entry/Table type mismatch

This occurs when an attempt is made to add or modify an entry in a table, and the entry passed is of a different type from the table. For example, if the number of columns is not the same. Check that your update correctly matches the table type.

This message is generated by the NIS+ error code constant: NIS_TYPEMISMATCH. See the nis_tables man page for additional information.

error
  FNS error message. An error that cannot be classified as one of the other
  errors listed above occurred while processing the request. Check the status
  of the naming services involved in the operation and see whether any of
  them are experiencing extraordinary problems.

**ERROR: chkey failed again. Please contact your network
administrator to verify your network password.

This message indicates that you typed the wrong network password.

• If this is the first time you are initializing this machine, contact your network administrator to verify the network password.

• If this machine has been initialized before as an NIS+ client of the same domain, try typing the root login password at the Secure RPC password prompt.
• If this machine is currently an NIS+ client and you are trying to change it to a client of a different domain, remove the /etc/.rootkey file, and then rerun the nisclient script, using the network password given to you by your network administrator (or the network password generated by the nispopulate script).

Error: Could not create a valid NIS+ coldstart file

This message is from nisinit, the NIS+ initialization routine. It is followed by another message preceded by a string that begins: "lookup:..". This second message will explain why a valid NIS+ cold-start file could not be created.

**ERROR: could not restore file filename

This message indicates that NIS+ was unable to rename filename.no_nisplus to filename.

Check your system console for system error messages.

• If there is a system error message, fix the problem described in the error message and then rerun nisclient -i.
• If there aren't any system error messages, try renaming this file manually, and then rerun nisclient -i.

**ERROR: Couldn't get the server NIS+_server's address.

  The script was unable to retrieve the server's IP address for the specified
  domain. Manually add the IP address for NIS+_server into the /etc/hosts
  file, then rerun nisclient -i.

**ERROR: directory directory-path does not exist. This message indicates that you typed an incorrect directory path. Type the correct directory path.

**ERROR: domainname does not exist.

This message indicates that you are trying to replicate a domain that does not exist.

• If domainname is spelled incorrectly, rerun the script with the correct domain name.
• If the domainname domain does not exist, create it. Then you can replicate it.

**ERROR: parent-domain does not exist.

This message indicates that the parent domain of the domain you typed on the command line does not exist. This message should only appear when you are setting up a nonroot master server.

• If the domain name is spelled incorrectly, rerun the script with the correct domain name.
• If the domain's parent domain does not exist, you have to create the parent domain first, and then you can create this domain.

**ERROR: Don't know about the domain "domainname".
Please check your domainname.
  This message indicates that you typed an unrecognized domain name.
  Rerun the script with the correct domain name.

**ERROR: failed dumping tablename table.

The script was unable to populate the cred table because the script did not succeed in dumping the named table.

• If niscat tablename.org_dir fails, make sure that all the servers are operating, then rerun the script to populate the tablename table.
• If niscat tablename.org_dir is working, the error may have been caused by the NIS+ server being temporarily busy. Rerun the script to populate the tablename table.

**ERROR: host hostname is not a valid NIS+ principal in
domain domainname. This host hostname must be defined in the
credential table in domain domainname. Use nisclient -c to
create the host credential

A machine has to be a valid NIS+ client with proper credentials before it can become an NIS+ server. To convert a machine to an NIS+ root replica server, the machine first must be an NIS+ client in the root domain. Follow the instructions on how to add a new client to a domain, then rerun nisserver -R.

Before you can convert a machine to an NIS+ nonroot master or a replica server, the machine must be an NIS+ client in the parent domain of the domain that it plans to serve. Follow the instructions on how to add a new client to a domain, then rerun nisserver -M or nisserver -R.

This problem should not occur when you are setting up a root master server.

Error in accessing NIS+ cold start file is NIS+ installed?

This message is returned if NIS+ is not installed on a machine or if for some reason the file /var/nis/NIS_COLD_START could not be found or accessed. Check to see if there is a /var/nis/NIS_COLD_START file. If the file exists, make sure your path is set correctly and that NIS_COLD_START has the proper permissions. Then rename or remove the old cold-start file and rerun the nisclient script to install NIS+ on the machine.

This message is generated by the cache manager that sends the NIS+ error code constant: NIS_COLDSTART_ERR. See the write and open man pages for additional information on why a file might not be accessible.

Error in RPC subsystem

This fatal error indicates the RPC subsystem failed in some way. Generally, there will be a syslog message on either the client or server side indicating why the RPC request failed.

This message is generated by the NIS+ error code constant: NIS_RPCERROR. See the nis_tables and nis_names man pages for additional information.

**ERROR: it failed to add the credential for root.

The NIS+ command nisaddcred failed to create the root credential when trying to set up a root master server. Check your system console for system error messages:

• If there is a system error message, fix the problem described in the error message and then rerun nisserver.
• If there aren't any system error messages, check to see whether the rpc.nisd process is running. If it is not running, restart it and then rerun nisserver.

**ERROR: it failed to create the tables.

The NIS+ command nissetup failed to create the directories and tables. Check your system console for system error messages:

• If there is a system error message, fix the problem described in the error message and rerun nisserver.
• If there aren't any system error messages, check to see whether the rpc.nisd process is running. If it is not running, restart it and rerun

    nisserver.

**ERROR: it failed to initialize the root server.
  The NIS+ command nisinit -r failed to initialize the root master server.
  Check your system console for system error messages. If there is a system
  error message, fix the problem described in the error message and rerun
  nisserver.

**ERROR: it failed to make the domainname directory

The NIS+ command nismkdir failed to make the new directory domainname when running nisserver to create a nonroot master. The parent domain does not have create permission to create this new domain.

• If you are not the owner of the domain or a group member of the parent domain, rerun the script as the owner or as a group member of the parent domain.
• If rpc.nisd is not running on the new master server of the domain that you are trying to create, restart rpc.nisd.

**ERROR: it failed to promote new master for the domainname
directory

The NIS+ command nismkdir failed to promote the new master for the directory domainname when creating a nonroot master with the nisserver script.

• If you do not have modify permission in the parent domain of this domain, rerun the script as the owner or as a group member of the parent domain.
• If rpc.nisd is not running on the servers of the domain that you are trying to promote, restart rpc.nisd on these servers and rerun nisserver.

**ERROR: it failed to replicate the directory-name directory

The NIS+ command nismkdir failed to create the new replica for the directory directory-name.

• If rpc.nisd is not running on the master server of the domain that you are trying to replicate, restart rpc.nisd on the master server, rerun nisserver.
• If rpc.nisd is not running on the new replica server, restart it on the new

    replica and rerun nisserver.

**ERROR: invalid group name.
It must be a group in the root-domain domain.
  This message indicates that you used an invalid group name while trying to
  configure a root master server. Rerun nisserver -r with a valid group
  name for root-domain.

**ERROR: invalid name "client-name"
It is neither an host nor an user name.

This message indicates that you typed an invalid client-name.

• If client-name was spelled incorrectly, rerun nisclient -c with the correct client-name.
• If client-name was spelled correctly, but it does not exist in the proper table, put client-name into the proper table and rerun nisclient -c. For example, a user client belongs in the passwd table, and a host client belongs in the hosts table.

**ERROR: hostname is a master server for this domain. You
cannot demote a master server to replica. If you really
want to demote this master, you should promote a replica
server to master using nisserver with the -M option.
  You cannot directly convert a master server to a replica server of the same
  domain. You can, however, change a replica to be the new master server of a
  domain by running nisserver -M with the replica host name as the new
  master. This automatically makes the old master a replica.

**ERROR: missing hostnames or usernames.
  This messages indicates that you did not type the client names on the
  command line. Rerun nisclient -c with the client names.

**ERROR: NIS+ group name must end with a "."
  This message indicates that you did not specify a fully qualified group name
  ending with a period. Rerun the script with a fully qualified group name.

**ERROR: NIS+ server is not running on remote-host. You must
do the following before becoming a NIS+ server:
1. become a NIS+ client of the parent domain or any domain
above the domain which you plan to serve. (nisclient)
2. start the NIS+ server. (rpc.nisd)

This message indicates that rpc.nisd is not running on the remote machine that you are trying to convert to an NIS+ server. Use the nisclient script to become an NIS+ client of the parent domain or any domain above the domain you plan to serve; start rpc.nisd on remote-host.

**ERROR: nisinit failed.

nisinit was unable to create the NIS_COLD_START file.

Check the following:

• That the NIS+ server that you specified with the -H option is running--use ping
• That you typed the correct domain name
• That rpc.nisd is running on the server
• That the nobody class has read permission for this domain

**ERROR: NIS map transfer failed.
tablename table will not be loaded.

NIS+ was unable to transfer the NIS map for this table to the NIS+ database.

• If the NIS server host is running, try running the script again. The error may have been due to a temporary failure.
• If all tables have this problem, try running the script again using a different NIS server.

**ERROR: no permission to create directory domainname
  The parent domain does not have create permission to create this new
  domain. If you are not the owner of the domain or as a group member of the
  parent domain, rerun the script as the owner, or as a group member of the
  parent domain.

**ERROR: no permission to replicate directory domainname.
  This message indicates that you do not have permission to replicate the
  domain. Rerun the script as the owner or as a group member of the domain.

**ERROR: table tablename.org_dir.domain does not exist."
tablename table will not be loaded."

The script did not find the NIS+ table tablename.

• If tablename is spelled incorrectly, rerun the script with the correct table name.
• If the tablename table does not exist, use nissetup to create the table if tablename is one of the standard NIS+ tables. Or use nistbladm to create the private table tablename. Then rerun the script to populate this table.
• If the tablename table exists, the error may have been caused by the NIS+ server being temporarily busy. Rerun the script to populate this tablename table.

**ERROR: this name "client-name" is in both the passwd and
hosts tables.
You cannot have an username same as the hostname.

client-name appears in both the passwd and hosts tables. One name is not allowed to be in both of these tables. Manually remove the entry from either the passwd or hosts table. Then, rerun nisclient -c.

**ERROR: You cannot use the -u option as a root user.

This message indicates that the superuser tried to run nisclient -u. The -u option is for initializing ordinary users only. Superusers do not need be initialized as NIS+ clients.

**ERROR: You have specified the Z option after having
selected the X option. Please select only one of these
options [list]. Do you want to see more information on this
command?

The script you are running allows you to choose only one of the listed options.

• Type y to view additional information.
• Type n to stop the script and exit.

After exiting the script, rerun it with just one of the options.

**ERROR: you must specify a fully qualified groupname.
  This message indicates that you did not specify a fully qualified group name
  ending with a period. Rerun the script with a fully qualified group name.

**ERROR: you must specify both the NIS domainname (-y) and
the NIS server hostname (-h).
  This message indicates that you did not type either the NIS domain name
  and/or the NIS server host name. Type the NIS domain name and the NIS
  server host name at the prompt or on the command line.

**ERROR: you must specify one of these options: -c, -i, -u,
-r.
  This message indicates that one of these options, -c, -i, -u, -r was missing
  from the command line. Rerun the script with the correct option.

**ERROR: you must specify one of these options: -r, -M or
-R"

This message indicates that you did not type any of the -r or the -M or the -R options. Rerun the script with the correct option.

**ERROR: you must specify one of these options: -C, -F, or
-Y
  This message indicates that you did not type either the -Y or the -F option.
  Rerun the script with the correct option.

**ERROR: You must be root to use -i option.

This message indicates that an ordinary user tried to run nisclient -i. Only the superuser has permission to run nisclient -i.

Error while talking to callback proc

An RPC error occurred on the server while it was calling back to the client. The transaction was aborted at that time and any unsent data was discarded. Check the syslog on the server for more information.

This message is generated by the NIS+ error code constant: NIS_CBERROR. See the nis_tables man page for additional information.

First/Next chain broken
  This message indicates that the connection between the client and server
  broke while a callback routine was posting results. This could happen if the
  server died in the middle of the process.

This message is generated by the NIS+ error code constant: NIS_CHAINBROKEN.

Generic system error

Some form of generic system error occurred while attempting the request. Check the syslog record on your system for error messages from the server.

This message usually indicates that the server has crashed or the database has become corrupted. This message may also be generated if you incorrectly specify the name of a server or replica as if it belonged to the domain it was servicing rather than the domain above. See "Domain Name Confusion" on page 310 for additional information.

This message is generated by the NIS+ error code constant: NIS_SYSTEMERROR. See the nis_tables and nis_names man pages for additional information.

illegal name

  FNS error message. The name supplied is not a legal name.

Illegal object type for operation

See "Illegal Object Problems" on page 308 for a description of these type of problems.

This message is generated by the NIS+ error code constant: DB_BADOBJECT.

incompatible code sets

FNS error message. The operation involved character strings from incompatible code sets, or the supplied code set is not supported by the implementation.

insufficient permission to update credentials.

This message is generated by the nisaddcred command when you have insufficient permission to execute an operation. This could be insufficient permission at the table, column, or entry level. Use niscat -o cred.org_dir to determine what permissions you have for that cred table. If you need additional permission, you or the system administrator can change the permission requirements of the object as described in Chapter 7, "Administering NIS+ Access Rights," or add you to a group that does have the required permissions as described in Chapter 9, "Administering NIS+ Groups."

See "Ownership and Permission Problems" on page 318 for additional information about permission problems.

insufficient resources

  FNS error message. The name service used by FNS does not have sufficient
  resources to complete the request. Check memory and disk availability on
  the name servers involved.

invalid attribute identifier

FNS error message. The attribute identifier is in a format not acceptable to the naming system, or its contents are not valid for the format specified for the identifier.

invalid attribute value

  FNS error message. The value supplied is not in the correct form for the
  given attribute.

invalid enumeration handle

FNS error message. The enumeration handle supplied is invalid. The handle could have been from another enumeration, an update operation may have occurred during the enumeration, or there may have been some other reason.

Invalid Object for operation

• Name context. The name passed to the function is not a legal NIS+ name.
• Table context. The object pointed to is not a valid NIS+ entry object for the given table. This could occur if it had a mismatched number of columns, or a different data type (for example, binary or text) than the associated column in the table.

This message is generated by the NIS+ error code constant: NIS_INVALIDOBJ. See the nis_tables and nis_names man pages for additional information.

invalid syntax attributes
  FNS error message. The syntax attributes supplied are invalid or insufficient
  to fully specify the syntax.

invalid usecs
Routine_name: invalid usecs

This message is generated when the value in the tv_usecs field of a variable of type struct time stamp is larger than the number of microseconds in a second. This is usually due to some type of software error.

tablename is not a table

The object with the name tablename is not a table object. For example, the nisgrep and nismatch commands will return this error if the object you specify on the command line is not a table.

link error

  FNS error message. An error occurred while resolving an XFN link with the
  supplied name.

link loop limit reached

FNS error message. A nonterminating loop was detected due to XFN links encountered during composite name resolution, or the implementation-defined limit was exceeded on the number of XFN links allowed for a single operation.

Link Points to illegal name

  The passed name resolved to a LINK type object and the contents of the
  object pointed to an invalid name.

This message is generated by the NIS+ error code constant: NIS_LINKNAMEERROR. See the nis_tables and nis_names man pages for additional information.

Load limit of numeric-variable reached!

  An attempt has been made to create a child process when the maximum
  number of child processes have already been created on this server. This
  message is seen on the server's system log, but only if the threshold for
  logging messages has been set to include LOG_WARNING level messages.

login and keylogin passwords differ.

This message is displayed when you are changing your password with nispasswd and the system has changed your password, but has been unable to update your credential entry in the cred table with the new password and also unable to restore your original password in the passwd table. This message is followed by the instructions:

Use NEW password for login and OLD password for keylogin. Use "chkey -p" to reencrypt the credentials with the new login password. You must keylogin explicitly after your next login.

These instructions are then followed by a status message explaining why it was not possible to revert back to the old password. If you see these messages, be sure to follow the instructions as given.

Login incorrect

The most common cause of a "login incorrect" message is mistyping the password. Try it again. Make sure you know the correct password. Remember that passwords are case-sensitive (uppercase letters are considered different than lowercase letters) and that the letter "o" is not interchangeable with the numeral "0," nor is the letter "l" the same as the numeral "1,"

For other possible causes of this message, see ""Login Incorrect" Message" on page 321.

log_resync: Cannot truncate transaction log file

An attempt has been made to checkpoint the log, and the rpc.nisd daemon is trying to shrink the log file after deleting the checkpointed entries from the log. See the ftruncate man pages for a description of various factors that might cause this routine to fail. See also "Namespace Database Problems" on page 311.

malformed link

  FNS error message. A malformed link reference was found during a
  fn_ctx_lookup_link() operation. The name supplied resolved to a
  reference that was not a link.

Malformed Name or illegal name

The name passed to the function is not a legal or valid NIS+ name.

One possible cause for this message that someone changed an existing domain name. Existing domain names should not be changed. See "Changed Domain Name" on page 329.

This message is generated by the NIS+ error code constant: NIS_BADNAME. See the nis_tables man page for additional information.

_map_addr: RPC timed out.

A process or application could not contact NIS+ within its default time limit to get necessary data or resolve host names from NIS+. In most cases, this problem will solve itself after a short wait. See "Slow Performance and System Hang Problems" on page 332 for additional information about slow performance problems.

Master server busy full dump rescheduled

  This message indicates that a replica server has been unable to update itself
  with a full dump from the master server because the master is busy. See
  "Replica Update Failure" on page 341 for additional information.

String Missing or malformed attribute

The name of an attribute did not match with a named column in the table, or the attribute did not have an associated value.

This could indicate an error in the syntax of a command. The string should give an indication of what is wrong. Common causes are spelling errors, failure to correctly place the equals sign (=), an incorrect column or table name, and so forth.

This message is generated by the NIS+ error code constant: NIS_BADATTRIBUTE. See the nis_tables man page for additional information.

Modification failed
  Returned by the nisgrpadm command when someone else modified the
  group during the execution of your command. Check to see who else is
  working with this group. Reissue the command.

This message is generated by the NIS+ error code constant:

  NIS_IBMODERROR.

Modify operation failed

The attempted modification failed for some reason.

This message is generated by the NIS+ error code constant: NIS_MODFAIL. See the nis_tables and nis_names man pages for additional information.

name in use

  FNS error message. The name supplied is already bound in the context.

name not found

FNS error message. The name supplied was not found.

Name not served by this server

A request was made to a server that does not serve the specified name. Normally this will not occur; however, if you are not using the built-in location mechanism for servers, you may see this if your mechanism is broken.

Other possible causes are:

• Cold-start file corruption. Delete the /var/nis/NIS_COLD_START file and then reboot.
• Cache problem such as the local cache being out of date. Kill the nis_cachemgr and /var/nis/NIS_SHARED_DIRCACHE, and then reboot. (If the problem is not in the root directory, you may be able to simply kill the domain cache manager and try the command again.)
• Someone removed the directory from a replica.

This message is generated by the NIS+ error code constant: NIS_NOT_ME. See the nis_tables and nis_names man pages for additional information.

Named object is not searchable

The table name resolved to an NIS+ object that was not searchable.

This message is generated by the NIS+ error code constant: NIS_NOTSEARCHABLE. See the nis_tables man page for additional information.

Name/entry isn't unique

An operation has been requested based on a specific search criteria that returns more than one entry. For example, you use nistbladm -r to delete a user from the passwd table, and there are two entries in that table for that user name as shown as follows:

mymachine# nistbladm -r [name=arnold],passwd.org_dir Can't remove entry: Name/entry isn't unique

You can apply your command to multiple entries by using the -R option rather than -r. For example, to remove all entries for arnold:

mymachine# nistbladm -R name=arnold],passwd.org_dir

NIS+ error

  The NIS+ server has returned an error, but the passwd command
  determines exactly what the error is.

NisDirCacheEntry:write: xdr_directory_obj failed

The most likely causes for this message is that an attempt to allocate system memory failed. See "Insufficient Memory" on page 337 for a discussion of memory problems. If your system does not seem to be short of memory, contact the Sun Solutions Center.

NIS+ operation failed

This generic error message should be rarely seen. Usually it indicates a minor software problem that the system can correct on it own. If it appears frequently, or appears to be indicating a problem that the system is not successfully dealing with, contact the Sun Solutions Center.

This message is generated by the NIS+ error code constant: NIS_FAIL.

String-variable: NIS+ server busy try again later.

  See "Slow Performance and System Hang Problems" on page 332 for
  possible causes.

NIS+ server busy try again later.

Self explanatory. Try the command later.

See also "Slow Performance and System Hang Problems" on page 332 for possible causes.

NIS+ server for string-variable not responding still trying

  See "Slow Performance and System Hang Problems" on page 332 for
  possible causes.

NIS+ server not responding

See "Slow Performance and System Hang Problems" on page 332 for possible causes.

NIS+ server needs to be checkpointed. Use nisping -C
domainname

This message is generated at the LOG_CRIT level on the server's system log. It indicates that the log is becoming too large. Use nisping -C domainname to truncate the log by checkpointing.

See also "Logs Grow too Large" on page 309 for additional information on log size.

NIS+ servers unreachable

This soft error indicates that a server for the desired directory of the named table object could not be reached. This can occur when there is a network failure or the server has crashed. A new attempt may succeed. See the description of the HARD_LOOKUP flag in the nis_tables and nis_names man pages.

This message is generated by the NIS+ error code constant:

  NIS_NaMEUNREACHABLE.

NIS+ service is unavailable or not installed

Self-explanatory.

This message is generated by the NIS+ error code constant: NIS_UNAVAIL.

NIS+: write ColdStart File: xdr_directory_obj failed

The most likely causes for this message are:

• Bad or incorrect parameters. Check the syntax and accuracy of whatever command you most recently entered.
• An attempt to allocate system memory failed. See "Insufficient Memory" on page 337 for a discussion of memory problems.

• If your command syntax is correct, and your system does not seem to be short of memory, contact the Sun Solutions Center.

nis_checkpoint_svc: readonly child instructed to checkpoint
ignored.
  This is simply a status message indicating that a read-only process
  attempted to perform an operation restricted to the parent process, and the
  attempt was aborted. No action need be taken.

nis_dumplog_svc: readonly child called to dump log, ignored
  This is simply a status message indicating that a read-only process
  attempted to perform an operation restricted to the parent process, and the
  attempt was aborted. No action need be taken.

nis_dump_svc: load limit reached.
  The maximum number of child processes permitted on your system has
  been reached.

nis_dump_svc: one replica is already resyncing.

Only one replica can resync from a master at a time. Try the command later.

See "Replica Update Failure" on page 341 for information on these three error messages.

nis_dump_svc: Unable to fork a process.

  The fork system call has failed. See the fork man page for possible causes.

nis_mkdir_svc: readonly child called to mkdir, ignored

This is simply a status message indicating that a read-only process attempted to perform an operation restricted to the parent process, and the attempt was aborted. No action need be taken.

nis_ping_svc: readonly child was pung ignored.

This is simply a status message indicating that a read-only process attempted to perform an operation restricted to the parent process, and the attempt was aborted. No action need be taken.

nis_rmdir_svc: readonly child called to rmdir, ignored
  This is simply a status message indicating that a read-only process
  attempted to perform an operation restricted to the parent process, and the
  attempt was aborted. No action need be taken.

nisaddcred: no password entry for uid userid
nisaddcred: unable to create credential.

These two messages are generated during execution of the nispopulate script. The NIS+ command nisaddcred failed to add a LOCAL credential for the user ID userid on a remote domain. (This only happens when you are trying to populate the passwd table in a remote domain.)

To correct the problem, add a table path in the local passwd table:

# nistbladm -u -p passwd.org_dir.remote-domain passwd.org_dir

The remote-domain must be the same domain that you specified with the -d option when you ran nispopulate. Rerun the script to populate the passwd table.

No file space on server

Self-explanatory.

This message is generated by the NIS+ error code constant: NIS_NOFILESPACE.

No match

This is most likely an error message from the shell, caused by failure to escape the brackets when specifying an indexed name. For example, failing to set off a bracketed indexed name with quote marks would generate this message because the shell would fail to interpret the brackets as shown as follows:

# nistbladm -m shell=/bin/csh [name=miyoko],passwd.org_dir No match

The correct syntax is:

# nistbladm -m shell=/bin/csh '[name=miyoko],passwd.org_dir'

No memory
  Your system does not have enough memory to perform the specified
  operation. See "System Resource Problems" on page 337 for additional
  information on memory problems.

Non NIS+ namespace encountered

The name could not be completely resolved. This usually indicates that the name passed to the function resolves to a namespace that is outside the NIS+ name tree. In other words, the name is contained in an unknown directory. When this occurs, this error is returned with an NIS+ object of type DIRECTORY.

This message is generated by the NIS+ error code constant: NIS_FOREIGNNS. See the nis_tables or nis_names man pages for additional information.

No password entry for uid userid
No password entry found for uid userid

Both of these two messages indicate that no entry for this user was found in the passwd table when trying to create or add a credential for that user. (Before you can create or add a credential, the user must be listed in the passwd table.)

• The most likely cause is misspelling the user's userid on the command line. Check your command line for correct syntax and spelling.
• Check that you are either in the correct domain, or specifying the correct domain on the command line.

• If the command line is correct, check the passwd table to make sure the user is listed under the userid you are entering. This can be done with nismatch:

mymachine# nismatch uid=userid passwd.org_dir.

If the user is not listed in the passwd table, use nistbladm or nisaddent to add the user to the passwd table before creating the credential.

no permission

  FNS error message. The operation failed because of access control problems.
  See ""No Permission" Messages (FNS)" on page 344. See also "No
  Permission" on page 319.

No shadow password information

This means that password aging cannot be enforced because the information used to control aging is missing.

no such attribute

FNS error message. The object did not have an attribute with the given identifier.

no supported address

FNS error message. No shared library could be found under the /usr/lib/fn directory for any of the address types found in the reference bound to the FNS name. Shared libraries for an address type are named according to this convention: fn_ctx_address_type.so. Typically there is a link from fn_ctx_address_type.so to fn_ctx_address_type.so.1.

For example, a reference with address type onc_fn_nisplus would have a shared library in the path name: /usr/lib/fn/fn_ctx_onc_fn_nisplus.so.

not a context

FNS error message. The reference does not correspond to a valid context.

Not found
String Not found

Names context. The named object does not exist in the namespace.

Table context. No entries in the table matched the search criteria. If the search criteria was null (return all entries), then this result means that the table is empty and may safely be removed.

If the FOLLOW_PATH flag was set, this error indicates that none of the tables in the path contain entries that match the search criteria.

This message is generated by the NIS+ error code constant: NIS_NOTFOUND. See the nis_tables and nis_names man pages for additional information.

See also "Object Not Found Problems" on page 314 for general information on this type of problem.

Not Found no such name

This hard error indicates that the named directory of the table object does not exist. This could occur when the server that should be the parent of the server that serves the table, does not know about the directory in which the table resides.

This message is generated by the NIS+ error code constant: NIS_NOSUCHNAME. See the nis_names and nis_names man pages for additional information.

See also "Object Not Found Problems" on page 314 for general information on this type of problem.

Not master server for this domain

This message may mean that an attempt was made to directly update the database on a replica server.

This message may also mean that a change request was made to a server that serves the name, but it is not the master server. This can occur when a directory object changes and it specifies a new master server. Clients that have cached copies of that directory object in their /var/nis/NIS_SHARED_DIRCACHE file should run ps to obtain the

process ID of the nis_cachemgr, kill the nis_cachemgr process, remove the /var/nis/NIS_SHARED_DICACHE file, and then restart

  nis_cachemgr.

This message is generated by the NIS+ error code constant: NIS_NOTMASTER. See the nis_tables and nis_names man pages for additional information.

Not owner

  The operation you attempted can only be performed by the object's owner,
  and you are not the owner.

This message is generated by the NIS+ error code constant: NIS_NOTOWNER.

operation not supported

  FNS error message. The operation is not supported by the context. For
  example, trying to destroy an organization is not supported.

Object with same name exists
  An attempt was made to add a name that already exists. To add the name,
  first remove the existing name and then add the new name or modify the
  existing named object.

This message is generated by the NIS+ error code constant: NIS_NAMEEXISTS. See the nis_tables and nis_names man pages for additional information.

parse error: string-variable (key variable)

This message is displayed by the nisaddent command when it attempts to use database files from a /etc directory and there is an error in one of the file's entries. The first variable should describe the problem, and the variable after key should identify the particular entry at fault. If the problem is with the /etc/passwd file, you can use /usr/sbin/pwck to check it.

partial result returned

FNS error message. The operation returned a partial result.

Partial Success

This result is similar to NIS_NOTFOUND, except that it means the request succeeded but resolved to zero entries.

When this occurs, the server returns a copy of the table object instead of an entry so that the client may then process the path or implement some other local policy.

This message is generated by the NIS+ error code constant: NIS_PARTIAL. See the nis_tables man page for additional information.

Passed object is not the same object on server

  An attempt to remove an object from the namespace was aborted because
  the object that would have been removed was not the same object that was
  passed in the request.

This message is generated by the NIS+ error code constant: NIS_NOTSAMEOBJ. See the nis_tables and nis_names man pages for additional information.

Password does not decrypt secret key for name

Possible causes:

• You may have incorrectly typed the password.
• There may be no entry for name in the cred table.
• NIS+ could not decrypt the key (possibly because the entry might be corrupt).
• The Secure RPC password does not match the login password.
• The nsswitch.conf file may be directing the query to a local password in an /etc/passwd file that is different from the NIS+ password recorded in the cred table. (Note that the actual encrypted passwords are stored locally in the /etc/shadow file.)

See "Security Problems" on page 321 for information on diagnosing and solving these type of problem.

Password has not aged enough

This message indicates that your password has not been in use long enough and that you cannot change it until it has been in use for N (a number of) days. See "Changing Your Password" on page 140 for further information.

Permission denied

Returned when you do not have the permissions required to perform the operation you attempted. See "Ownership and Permission Problems" on page 318 for additional information.

This message might be related to a login or password matter, or an NIS+ security problem. The most common cause of a Permission denied message is that the password of the user receiving it has been locked by an administrator or the user's account has been terminated. See Chapter 8, "Administering Passwords" and the "Security Problems" section of the "Problems and Solutions" appendix.

Permissions on the password database may be too restrictive

  You do not have authorization to read (or otherwise use) the contents of the
  passwd field in an NIS+ table. See Chapter 7, "Administering NIS+ Access
  Rights," for information on NIS+ access rights.

Please notify your System Administrator

When displayed as a result of an attempt to update password information with the passwd command, this message indicates that the attempt failed for one of many reasons. For example, the service might not be available, a necessary server is down, there is a "permission denied" type problem, and so forth. See "Security Problems" on page 321 for a discussion of various types of security problems.

Please check your /etc/nsswitch.conf file

  The nsswitch.conf file specifies a configuration that is not supported for
  passwd update. See "nsswitch.conf File Requirements" on page 144 for
  supported configurations.

Probable success

Name context. The request was successful; however, the object returned came from an object cache and not directly from the server. (If you do not wish to see objects from object caches, you must specify the flag NO_CACHE when you call the lookup function.)

Table context. Even though the request was successful, a table in the search path was not able to be searched, so the result may not be the same as the one you would have received if that table had been accessible.

This message is generated by the NIS+ error code constant: NIS_S_SUCCESS. See the nis_tables and nis_names man pages for additional information.

Probably not found

The named entry does not exist in the table; however, not all tables in the path could be searched, so the entry may exist in one of those tables.

This message is generated by the NIS+ error code constant: NIS_S_NOTFOUND. See the nis_tables man page for additional information.

Query illegal for named table

A problem was detected in the request structure passed to the client library.

This message is generated by the NIS+ error code constant: NIS_BADREQUEST. See the nis_tables man page for additional information.

replica_update: Child process attempting update, aborted

  This is simply a status message indicating that a read-only process
  attempted an update and the attempt was aborted.

replica_update: error result was string

This message indicates a problem (identified by string) in carrying out a dump to a replica. See "Replica Update Failure" on page 341 for further information.

replica_update: error result was Master server busy, full
dump rescheduled
replica_update: master server busy rescheduling the resync.
replica_update: master server is busy will try later.
replica_update: nis dump result Master server busy, full
dump rescheduled

These messages all indicate that the server is busy and the dump will be done later.

replica_update: nis dump result nis_perror error string
  This message indicates a problem (identified by the error string) in carrying
  out a dump to a replica. See "Replica Update Failure" on page 341 for
  further information.

replica_update: number updates number errors

A status message indicating a successful update.

replica_update: WARNING: last_update(directoryname) returned
0!
  A NIS+ process could not find the last update time stamp in the transaction
  log for that directory. This will cause the system to perform a full resync of
  the problem directory.

Results Sent to callback proc

This is simply a status message. No action need be taken.

This message is generated by the NIS+ error code constant: NIS_CBRESULTS. See the nis_tables man page for additional information.

root_replica_update: update failed string-variable: could not
fetch object from master.
  This message indicates a problem in carrying out a dump to a replica. See
  "Replica Update Failure" on page 341 for further information.

Security exception on local system. UNABLE TO MAKE REQUEST.

This message may be displayed if a user has the same login ID as a machine name. See "User Login Same as Machine Name" on page 319 for additional information.

Server busy, try again

The server was too busy to handle your request.

• For the add, remove, and modify operations, this message is returned when either the master server for a directory is unavailable or it is in the process of checkpointing its database.
• This message can also be returned when the server is updating its internal state.

• In the case of nis_list, if the client specifies a callback and the server does not have enough resources to handle the callback.

Retry the command at a later time when the server is available.

This message is generated by the NIS+ error code constant: NIS_TRYAGAIN. See the nis_tables and nis_names man pages for additional information.

Server out of memory

In most cases this message indicates a fatal result. It means that the server ran out of heap space.

This message is generated by the NIS+ error code constant: NIS_NOMEMORY. See the nis_tables and nis_names man pages for additional information.

Sorry

  This message is displayed when a user is denied permission to login or
  change a password, and for security reasons the system does not display the
  reason for that denial because such information could be used by an
  unauthorized person to gain illegitimate access to the system.

Sorry: less than N days since the last change

This message indicates that your password has not been in use long enough and that you cannot change it until it has been in use for N days. See "Changing Your Password" on page 140 for further information.

Success

(1) The request was successful. This message is generated by the NIS+ error code constant: NIS_SUCCESS. See the nis_tables man page for additional information.

(2) FNS error message. Operation succeeded.

_svcauth_des: bad nickname

The nickname received from the client is invalid or corrupted, possibly due to network congestion. The severity of this message depends on what level of security you are running. At a low security level, this message is informational only; at a higher level, you may have to try the command again later.

_svcauth_des: corrupted window from principal-name

The window that was sent does not match the one sent in the verifier.

The severity of this message depends on what level of security you are running. At a low security level, this message is primarily for your information; at a higher level you may have to try the command again at some later time or take corrective action as described below.

Possible causes:

• The server's key pair has been changed. The client used the server's old public key while the server has a new secret key cached with keyserv. Run keylogin on both client and server.
• The client's key pair has been changed and the client has not run keylogin on the client system, so system is still sending the client's old secret key to the server, which is now using the client's new public key. Naturally, the two do not match. Run keylogin again on both client and server.
• Network corruption of data. Try the command again. If that does not work, use the snoop command to investigate and correct any network problems. Then run keylogin again on both server and client.

_svcauth_des: decryption failure for principal-name

DES decryption for some authentication data failed. Possible causes:

• Corruption to a library function or argument.
• A problem with a DES encryption chip, if you are using one.

The severity of this message depends on what level of security you are running. At a low security level, this message is primarily for your information; at a higher level, you may have to call the Sun Solutions Center for assistance. If the problem appears to be related to a DES encryption chip, call the Sun Solutions Center.

svcauth_des: encryption failure

DES encryption for some authentication data failed. Possible causes:

• Corruption of a library function or argument.
• A problem with a DES encryption chip, if you are using one.

The severity of this message depends on what level of security you are running. At a low security level, this message is primarily for your information; at a higher level, you may have to call Sun Solutions Center for assistance.

_svcauth_des: invalid timestamp received from principal-name

  The time stamp received from the client is corrupted, or the server is trying
  to decrypt it using the wrong key. Possible causes:

• Congested network. Retry the command.
• Server cached out the entry for this client. Check the network load.

_svcauth_des: key_decryptsessionkey failed for principal-name

The keyserv process failed to decrypt the session key with the given public key. Possible causes are:

• The keyserv process is dead or not responding. Use ps -ef to check if the keyserv process is running on the keyserv host. If it is not, then restart it and run keylogin.
• The server principal has not keylogged in. Run keylogin for the server principal.
• The server principal (host) does not have credentials. Run nismatch hostname.domainname. cred.org_dir on the client's home domain cred table. Create new credentials if necessary.
• keyserv may have been restarted, in which case certain long-running applications, such as rpc.nisd, sendmail, and automountd, also need to be restarted.
• DES encryption failure. Call the Sun Solutions Center.

_svcauth_des: no public key for principal-name

The server cannot get the client's public key. Possible causes are:

• The principal has no public key. Run nismatch on the cred table of the principal's home domain. If there is no DES credential in that table for the principal, use nisaddcred to create one, and then run keylogin for that principal.
• The name service specified by a nsswitch.conf file is not responding.

_svcauth_des: replayed credential from principal-name

The server has received a request and finds an entry in its cache for the same client name and conversation key with the time stamp of the incoming request before that of the one currently stored in the cache.

The severity of this message depends on what level of security you are running. At a low security level, this message is primarily for your information. At a higher level, you may have to take corrective action as described below.

Possible causes are:

• The client and server clocks are out of sync. Use rdate to resync the client clock to the server clock.
• The server is receiving requests in random order. This could occur if you are using multithreading applications. If your applications support TCP, then set /etc/netconfig (or your NETPATH environment variable) to tcp.

_svcauth_des: timestamp is earlier than the one previously
seen from principal-name

The time stamp received from the client on a subsequent call is earlier than one seen previously from that client. The severity of this message depends on what level of security you are running. At a low security level, this message is primarily for your information; at a higher level, you may have some corrective action as described below.

Possible causes are:

• The client and server clocks are out of sync. Use rdate to resynch the client clock to the server clock.
• The server cached out the entry for this client. The server maintains a cache of information regarding the current clients. This cache size equals 64 client handles.

_svcauth_des: timestamp expired for principal-name

The time stamp received from the client is not within the default 35-second window in which it must be received. The severity of this message depends on what level of security you are running. At a low security level, this message is primarily for your information; at a higher level, you may have to take corrective action as described below.

Possible causes are:

• The 35-second window is too small to account for slow servers or a slow network.
• The client and server clocks are so far out of sync that the window cannot allow for the difference. Use rdate to resynchronize the client clock to the server clock.
• The server has cached out the client entry. Retry the operation.

syntax not supported

  FNS error message. The syntax type is not supported.

Too Many Attributes

The search criteria passed to the server had more attributes than the table had searchable columns.

This message is generated by the NIS+ error code constant: NIS_TOOMANYATTRS. See the nis_tables man page for additional information.

too many attribute values
  FNS error message. The operation attempted to associate more values with
  an attribute than the naming system supports.

Too many failures - try later
Too many tries; try again later

These messages refer to logging in or changing your password. They indicate that you have had too many failed attempts (or taken too long) to either log in or change your password. See "The Login incorrect Message" on page 139 or "Password Change Failures" on page 142 for further information.

Unable to authenticate NIS+ client

This message is generated when a server attempts to execute the callback procedure of a client and gets a status of RPC_AUTHERR from the RPC clnt_call. This is usually caused by out-of-date authentication information. Out-of-date authentication information can occur when the system is using data from a cache that has not been updated, or when there has been a recent change in the authentication information that has not yet been propagated to this server. In most cases, this problem should correct itself in a short period of time.

If this problem does not self-correct, it may indicate one of the following problems:

• Corrupted /var/nis/NIS_SHARED_DIRCACHE file. Kill the cache manager, remove this file, and restart the cache manager.
• Corrupted /var/nis/NIS_COLD_START file. Remove the file and then run nisinit to recreate it.
• Corrupted /etc/.rootkey file. Run keylogin -r.

This message is generated by the NIS+ error code constant: NIS_CLNTAUTH.

Unable to authenticate NIS+ server
  In most cases, this is a minor software error from which your system should
  quickly recover without difficulty. It is generated when the server gets a
  status of RPC_AUTHERR from the RPC clnt_call.

If this problem does not quickly clear itself, it may indicate a corrupted

  /var/nis/NIS_COLD_START, /var/nis/NIS_SHARED_DIRCACHE, or
  /etc/.rootkey file.

  This message is generated by the NIS+ error code constant: NIS_SRVAUTH.

Unable to bind to master server for name 'string-variable'

See "Object Not Found Problems" on page 314 for information on this type of problem. This particular message may be caused by adding a trailing dot to the server's domain name in the /etc/defaultdomain file.

Unable to create callback.

  The server was unable to contact the callback service on your machine. This
  results in no data being returned.

See the nis_tables man page for additional information.

Unable to create process on server

  This error is generated if the NIS+ service routine receives a request for a
  procedure number which it does not support.

This message is generated by the NIS+ error code constant: NIS_NOPROC.

String-variable: Unable to decrypt secret key for string-variable.

Possible causes:

• You may have incorrectly typed the password.
• There may be no entry for name in the cred table.
• NIS+ could not decrypt the key because the entry might be corrupt.
• The nsswitch.conf file may be directing the query to a local password in an /etc/passwd file that is different than the NIS+ password recorded in the cred table.

See "Security Problems" on page 321 for information on diagnosing and solving these type of problem.

unavailable

FNS error message. The name service on which the operation depends is unavailable.

Unknown error

  This is displayed when the NIS+ error handling routine receives an error of
  an unknown type.

Unknown object

The object returned is of an unknown type.

This message is generated by the NIS+ error code constant: NIS_UNKNOWNOBJ. See the nis_names and nis_names man pages for additional information.

update_directory: number objects still running.
  This is a status message displayed on the server during the update of a
  directory during a replica update. You do not need to take any action.

User principalname needs Secure RPC credentials to login but
has none.
  The user has failed to perform a keylogin. This problem usually arises when
  the user has different passwords in /etc/shadow and a remote NIS+
  passwd table.

Warning: couldn't reencrypt secret key for <principal-name>

The most likely cause of this problem is that your Secure RPC password is different from your login password (or you have one password on file in a local /etc/shadow file and a different one in a remote NIS+ table) and you have not yet done an explicit keylogin. See "NIS+ Password and Login Password in /etc/passwd File" on page 330 and "Secure RPC Password and Login Passwords Are Different" on page 330 for more information on these types of problems.

WARNING: db::checkpoint: could not dump database: No such
file or directory

This message indicates that the system was unable to open a database file during a checkpoint. Possible causes:

• The database file was deleted.
• The server is out of file descriptors.
• There is a disk problem
• You or the host do not have correct permissions.

WARNING: db_dictionary::add_table: could not initialize
database from scheme

The database table could not be initialized. Possible causes:

• There was a system resource problem See "System Resource Problems" on page 337).
• You incorrectly specified the new table in the command syntax.
• The database is corrupted.

WARNING: db_query::db_query:bad index

  In most cases this message indicates incorrect specification of an indexed
  name. Make sure that the indexed name is found in the specified table.
  Check the command for spelling and syntax errors.

**WARNING: domain domainname already exists.

This message indicates that the domain you tried to create already exists.

• If you are trying to promote a new nonroot master server or are recovering from a previous nisserver problem, continue running the script.
• If domainname was spelled incorrectly, rerun the script with the correct domain name.

**WARNING: failed to add new member NIS+_principle into the
groupname group.
You will need to add this member manually:
1. /usr/sbin/nisgrpadm -a groupname NIS+_principal
  The NIS+ command nisgrpadm failed to add a new member into the NIS+
  group groupname. Manually add this NIS+ principal by typing:

# /usr/sbin/nisgrpadm -a groupname NIS+_principal

**WARNING: failed to populate tablename table.
  The nisaddent command was unable to load the NIS+ tablename table. A
  more detailed error message usually appears before this warning message.

**WARNING: hostname specified will not be used.
It will use the local hostname instead.

This message indicates that you typed a remote host name with the -H option. The nisserver -r script does not configure remote machines as root master servers.

• If the local machine is the one that you want to convert to an NIS+ root master server, no other action is needed. The nisserver -r script will ignore the host name you typed.

• If you actually want to convert the remote host (instead of the local machine) to an NIS+ root master server, exit the script. Rerun the nisserver -r script on the remote host.

**WARNING: hostname is already a server for this domain. If
you choose to continue with the script, it will try to
replicate the groups_dir and org_dir directories for this
domain.

This is a message warning you that hostname is already a replica server for the domain that you are trying to replicate.

• If you are running the script to fix an earlier nisserver problem, continue running the script.
• If hostname was mistakenly entered, rerun the script with the correct host name.

**WARNING: alias-hostname is an alias name for host
canonical_hostname. You cannot create credential for host
alias.

This message indicates that you have typed a host alias in the name list for nisclient -c. The script asks you if you want to create the credential for the canonical host name, since you should not create credentials for host alias names.

**WARNING: file directory-path/tablename does not exist!
tablename table will not be loaded.

The script was unable to find the input file for tablename.

• If directory-path/tablename is spelled incorrectly, rerun the script with the correct table name.
• If the directory-path/tablename file does not exist, create and update this file with the proper data. Then rerun the script to populate this table.

**WARNING: NIS auto.master map conversion failed.
auto.master table will not be loaded.

The auto.master map conversion failed while trying to convert all the dots to underscores in the auto_master table. Rerun the script with a different NIS server.

**WARNING: NIS netgroup map conversion failed.
netgroup table will not be loaded.
  The netgroup map conversion failed while trying to convert the NIS
  domain name to the NIS+ domain name in the netgroup map. Rerun the
  script with a different NIS server.

**WARNING: nisupdkeys failed on directory domainname. This
script will not be able to continue.
Please remove the domainname directory using 'nisrmdir'.
  The NIS+ command nisupdkeys failed to update the keys in the listed
  directory object. If rpc.nisd is not running on the new master server that
  is supposed to serve this new domain, restart rpc.nisd. Then use
  nisrmdir to remove the domainname directory. Finally, rerun nisserver.

WARNING: nisupdkeys failed on directory directory-name
You will need to run nisupdkeys manually:
 1. /usr/lib/nis/nisupdkeys directory-name
  The NIS+ command nisupdkeys failed to update the keys in the listed
  directory object. Manually update the keys in the directory object by typing:

# /usr/lib/nis/nisupdkeys directory-name

**WARNING: once this script is executed, you will not be
able to restore the existing NIS+ server environment.
However, you can restore your NIS+ client environment using
"nisclient -r" with the proper domainname and server
information. Use "nisclient -r" to restore your NIS+ client
environment.

These messages appear if you have already run the script at least once before to set up an NIS+ server. They indicate that NIS+-related files will be removed and recreated as needed if you decide to continue running this script.

• If it is all right for these NIS+ files to be removed, continue running the script.
• If you want to save these NIS+ files, exit the script by typing n at the Do you want to continue? prompt. Then save the NIS+ files in a different directory and rerun the script.

**WARNING: this script removes directories and files
related to NIS+ under /var/nis directory with the exception
of the NIS_COLD_START and NIS_SHARED_DIRCACHE files which
will be renamed to <file>.no_nisplus. If you want to save
these files, you should abort from this script now to save
these files first.
  See "WARNING: once this script is executed,..." above.

**WARNING: you must specify the NIS domainname.
  This message indicates that you did not type the NIS domain name at the
  prompt. Type the NIS server domain name at the prompt.

**WARNING: you must specify the NIS server hostname.
Please try again.
  This message indicates that you did not type the NIS server host name at
  the prompt. Type the NIS server host name at the prompt.

Window verifier mismatch

This is a debugging message generated by the _svcauth_des code. A verifier could be invalid because a key was flushed out of the cache. When this occurs, _svcauth_des returns the AUTH_BADCRED status.

You (string-variable) do not have Secure RPC credentials in NIS+
domain 'string-variable'

This message could be caused by trying to run nispasswd on a server that does not have the credentials required by the command. (Keep in mind that servers running at security level 0 do not create or maintain credentials.)

See "Ownership and Permission Problems" on page 318 for additional information on credential, ownership, and permission problems.

You may not change this password

This message indicates that your administrator has forbidden you to change your password.

You may not use nisplus repository
  You used -r nisplus in the command line of your command, but the
  appropriate entry in the NIS+ passwd table was not found. Check the
  passwd table in question to make sure it has the entry you want. Try adding
  nisplus to the nsswitch.conf file.

Your password has been expired for too long
Your password is expired
  These messages refer to password aging. They indicate that your password
  has been in use too long and needs to be changed now. See "The password
  expired Message" on page 139 for further information.

Your password will expire in N days
Your password will expire within 24 hours
  These messages refer to password aging. They indicate that your password
  is about to become invalid and should be changed now. See "The will expire
  Message" on page 140 for further information.

Your specified repository is not defined in the nsswitch
file!

This warning indicates that you have specified a password information repository with the -r option, but that password repository is not included in the passwd entry of the nsswitch.conf file. The command you have just used will perform its job and make whatever change you intend to the password information repository you specified with the -r flag. However, the change will be made to information that the nsswitch.conf file does not point to, so no one will ever gain the benefit of it until the switch file is altered to point to that repository.

For example, suppose the passwd entry of the switch file reads: files nis, and you used

passwd -r nisplus

to establish a password age limit. That limit would not affect anyone because they are still using a switch file set to files nis.

verify_table_exists: cannot create table for string
nis_perror message.

To perform an operation on a table, NIS+ first verifies that the table exists. If the table does not exist, NIS+ attempts to create it. If it cannot create the table, it returns this error message. The string portion of the message identifies the table that could not be located or created; the nis_perror message portion provides information as to the cause of the problem (you can look up that portion of the message as if it were an independent message in this appendix). Possible causes for this type of problem:

• The server was just added as a replica of the directory and it may not have the directory object. Run nisping -C to checkpoint.
• You are out of disk space. See "Insufficient Disk Space" on page 338.
• Database corruption.
• Some other type of software error. Contact the Sun Solutions Center.