Skip to ContentSun and Oracle Channel Sun How to Buy Log In

System Administration Guide: Naming and Directory Services (FNS and NIS+)

View this book in:

Other Languages
日本語

Contained Within

Find More Documentation

Featured Support Resources

Download this book in PDF (2107 KB)

Appendix A Error Messages

This appendix alphabetically lists some common error messages for the DNS, NIS and NIS+ naming services in the Solaris operating environment. For each message there is an explanation and, where appropriate, a solution or a cross-reference to some other portion of this manual.

About Error Messages

Some of the error messages documented in this chapter are documented more fully in the appropriate man pages.

Error Message Context

Error messages can appear in pop-up windows, shell tool command lines, user console window, or various log files. You can raise or lower the severity threshold level for reporting error conditions in your /etc/syslog.conf file.

In the most cases, the error messages that you see are generated by the commands you issued or the container object (file, map, table or directory) your command is addressing. However, in some cases an error message might be generated by a server invoked in response to your command (these messages usually show in syslog). For example, a “permission denied” message most likely refers to you, or the machine you are using, but it could also be caused by software on a server not having the correct permissions to carry out some function passed on to it by your command or your machine.

Similarly, some commands cause a number of different objects to be searched or queried. Some of these objects might not be obvious. Any one of these objects could return an error message regarding permissions, read-only state, unavailability, and so forth. In such cases the message might not be able to inform you of which object the problem occurred in.

In normal operation, the naming software and servers make routine function calls. Sometimes those calls fail and in doing so generate an error message. It occasionally happens that before a client or server processes your most recent command, then some other call fails and you see the resulting error message. Such a message might appear as if it were in response to your command, when in fact it is in response to some other operation.

Note –

When working with a namespace you might encounter error messages generated by remote procedure calls. These RPC error messages are not documented here. Check your system documentation.

Context-Sensitive Meanings

A single error message might have slightly different meanings depending on which part of various naming software applications generated the message. For example, when a “Not Found” type message is generated by the nisls command, it means that there are no NIS+ objects that have the specified name, but when it is generated by the nismatch command it means that no table entries were found that meet the search criteria.

How Error Messages Are Alphabetized

The error messages in this appendix are sorted alphabetically according to the following rules:

Capitalization is ignored. Thus, messages that begin with “A” and “a” are alphabetized together.
Nonalphabetic symbols are ignored. Thus, a message that begins with _svcauth_des is listed with the other messages that begin with the letter “S.”
Error messages beginning with (or containing) the word NIS+ are alphabetized after messages beginning with (or containing) the word NIS.
Some error messages might be preceded by a date or the name of the host, application, program, or routine that generated the error message, followed by a colon. In these cases, the initial name of the command is used to alphabetize the message.
Many messages contain variables such as user IDs, process numbers, domain names, host names, and so forth. In this appendix, these variables are indicated by an italic typeface. Because variables could be anything, they are not included in the sorting of the messages listed in this appendix. For example, the actual message sales: is not a table (where sales is a variable) would be listed in this appendix as: name: is not a table and would be alphabetized as: is not a table among those messages beginning with the letter “I”.
Error messages that begin with asterisks, such as **ERROR: domainname does not exist, are generated by the NIS+ installation and setup scripts. Messages are alphabetized according to their first letter, ignoring the asterisks.

Numbers in Error Messages

Many messages include an IP address. IP addresses are indicated by n.n.n.n.
Some error messages include numbers such as process ID numbers, number of items, and so forth. Numbers in error messages are indicated: nnnn.

Common Namespace Error Messages

abort_transaction: Failed to action NIS+ objectname

The abort_transaction routine failed to back out of an incomplete transaction due to a server crash or some other unrecoverable error. See “NIS Troubleshooting” in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) for further information.

abort_transaction: Internal database error abort_transaction: Internal error, log entry corrupt NIS+ objectname

These two messages indicate some form of corruption in a namespace database or log. See “NIS Troubleshooting” in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) for additional information.

add_cleanup: Cant allocate more rags.

This message indicates that your system is running low on available memory. See “NIS Troubleshooting” in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) for information on insufficient memory problems.

add_pingitem: Couldn't add directoryname to pinglist (no memory)

See “NIS Troubleshooting” in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) for information on low memory problems.

add_update: Attempt add transaction from read only child. add_update Warning: attempt add transaction from read only child

An attempt by a read-only child rpc.nisd process to add an entry to a log. An occasional appearance of this message in a log is not serious. If this message appears frequently, contact the Sun Solutions Center.

Attempting to free a free rag!

This message indicates a software problem with rpc.nisd. The rpc.nisd should have aborted. Run ps -ef | grep rpc.nisd to see if rpc.nisd is still running. If it is, kill it and restart it with the same options as previously used. If it is not running, restart it with the same options as previously used. Check /var/nis to see if a core file has been dumped. If there is a core file, delete it.

Note –

If you started rpc.nisd with the -YB option, you must also kill the rpc.nisd_reply daemon.

Attempt to remove a non-empty table

An attempt has been made by nistbladm to remove an NIS+ table that still contains entries. Or by nisrmdir to remove a directory that contains files or subdirectories.

If you are trying to delete a table, use niscat to check the contents of the table and nistbladm to delete any existing contents.
If you are trying to delete a directory, use nisls -l -R to check for existing files or subdirectories and delete them first.
If you are trying to dissociate a replica from a domain with nisrmdir -s, and the replica is down or otherwise out of communication with the master, you will get this error message. In such cases, you can run nisrmdir -f -s replicaname on the master to force the dissociation. Note, however, that if you use nisrmdir -f -sto dissociate an out-of-communication replica, you must run nisrmdir -f -s again as soon as the replica is back on line in order to clean up the replica's /var/nis file system. If you fail to rerun nisrmdir -f -s replicaname when the replica is back in service, the old out-of-date information left on the replica could cause problems.

This message is generated by the NIS+ error code constant: NIS_NOTEMPTY. See the nis_tables man page for additional information.

authdes_marshal: DES encryption failure

DES encryption for some authentication data failed. Possible causes:

Corruption of a library function or argument.
A problem with a DES encryption chip, if you are using one.

Call the Sun Solutions Center for assistance.

authdes_refresh: keyserv is unable to encrypt session key

The keyserv process was unable to encrypt the session key with the public key that it was given. See “NIS Troubleshooting” in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) for additional information.

authdes_refresh: unable to encrypt conversation key

The keyserv process could not encrypt the session key with the public key that was given. This usually requires some action on your part. Possible causes are:

The keyserv process is dead or not responding. Use ps -ef to check whether the keyserv process is running on the keyserv host. If it is not, then start it, and then run keylogin.
The client has not performed a keylogin. Do a keylogin for the client and see if that corrects the problem.
The client host does not have credentials. Run nismatch on the client's home domain cred table to see if the client host has the proper credentials. If it does not, create them.
A DES encryption failure. See the authdes_marshal: DES encryption failure error message).

See “NIS Troubleshooting” in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) for additional information regarding security key problems.

authdes_refresh: unable to synchronize clock

This indicates a synchronization failure between client and server clocks. This will usually correct itself. However, if this message is followed by any time stamp related error, you should manually resynchronize the clocks. If the problem reoccurs, check that remote rpcbind is functioning correctly.

authdes_refresh: unable to synch up w/server

The client-server clock synchronization has failed. This could be caused by the rpcbind process on the server not responding. Use ps -ef on the server to see if rpcbind is running. If it is not, restart it. If this error message is followed by any time stamp-related message, then you need to use rdate servername to manually resync the client clock to the server clock.

authdes_seccreate: keyserv is unable to generate session key

This indicates that keyserv was unable to generate a random DES key for this session. This requires some action on your part:

Check to make sure that keyserv is running properly. If it is not, restart it along with all other long-running processes that use Secure RPC or make NIS+ calls such as automountd, rpc.nisd and sendmail. Then do a keylogin.
If keyserv is up and running properly, restart the process that logged this error.

authdes_seccreate: no public key found for servername

The client side cannot get a DES credential for the server named servername. This requires some action on your part:

Check to make sure that servername has DES credentials. If it does not, create them.
Check the switch configuration file to see which naming service is specified and then make sure that service is responding. If it is not responding, restart it.

authdes_seccreate: out of memory

See “NIS Troubleshooting” in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) for information on insufficient memory problems.

authdes_seccreate: unable to gen conversation key

The keyserv process was unable to generate a random DES key. The most likely cause is that the keyserv process is down or otherwise not responding. Use ps -ef to check whether the keyserv process is running on the keyserv host. If it is not, then start it and run keylogin.

If restarting keyserv fails to correct the problem, it might be that other processes that use Secure RPC or make NIS+ calls are not running (for example, automountd, rpc.nisd, or sendmail). Check to see whether these processes are running; if they are not, restart them.

See “NIS Troubleshooting” in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) for additional information regarding security key problems.

authdes_validate: DES decryption failure

See authdes_marshal: DES decryption failure for authentication data failure.

authdes_validate: verifier mismatch

The time stamp that the client sent to the server does not match the one received from the server. (This is not recoverable within a Secure RPC session.) Possible causes:

Corruption of the session key or time stamp data in the client or server cache.
Server deleted from this cache a session key for a still active session.
Network data corruption.

Try re-executing the command.

CacheBind: xdr_directory_obj failed.

The most likely causes for this message are:

Bad or incorrect parameters being passed to the xdr_directory_obj routine. Check the syntax and accuracy of whatever command you most recently entered.
An attempt to allocate system memory failed. See “NIS Troubleshooting” in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) for a discussion of memory problems.
If your command syntax is correct, and your system does not seem to be short of memory, contact the Sun Solutions Center.

Cache expired

The entry returned came from an object cache that has expired. This means that the time-to-live value has gone to zero and the entry might have changed. If the flag -NO_CACHE was passed to the lookup function, then the lookup function will retry the operation to get an unexpired copy of the object.

This message is generated by the NIS+ error code constant: NIS_CACHEEXPIRED. See the nis_tables and nis_names man pages for additional information.

Callback: - select failed message nnnn

An internal system call failed. In most cases this problem will correct itself. If it does not correct itself, make sure that rpc.nisd has not been aborted. If it has, restart it. If the problem reoccurs frequently, contact the Sun Solutions Center.

CALLBACK_SVC: bad argument

Cannot grow transaction log error string

The system cannot add to the log file. The reason is indicated by the string. The most common cause of this message is lack of disk space. See “NIS Troubleshooting” in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP).

Cannot truncate transaction log file

An attempt has been made to checkpoint the log, and the rpc.nisd daemon is trying to shrink the log file after deleting the checkpointed entries from the log. See the ftruncate man pages for a description of various factors that might cause this routine to fail. See also “NIS Troubleshooting” in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP).

Cannot write one character to transaction log, errormessage

An attempt has been made by the rpc.nisd daemon to add an update from the current transaction into the transaction log, and the attempt has failed for the reason given in the message that has been returned by the function. Additional information can be obtained from the write routine's man page.

Can't compile regular expression variable

Returned by the nisgrep command when the expression in keypat was malformed.

Can't get any map parameter information.

See “NIS Troubleshooting” in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP).

Can't find name service for passwd

Either there is no nsswitch.conf file or there is no passwd entry in the file, or the passwd entry does not make sense or is not one of the allowed formats.

Can't find name 's secret key

Possible causes:

You might have incorrectly typed the password.
There might not be an entry for name in the cred table.
NIS+ could not decrypt the key (possibly because the entry might be corrupt).
The nsswitch.conf file might be directing the query to a local password in an /etc/passwd file that is different than the NIS+ password recorded in the cred table.

See “NIS Troubleshooting” in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) for information on diagnosing and solving these type of problem.

checkpoint_log: Called from read only child ignored.

This is a status message indicating that a read-only process attempted to perform an operation restricted to the parent process, and the attempt was aborted. No action need be taken.

checkpoint_log: Unable to checkpoint, log unstable.

An attempt was made to checkpoint a log that was not in a stable state. (That is, the log was in a resync, update, or checkpoint state.) Wait until the log is stable, and then rerun the nisping command.

check_updaters: Starting resync.

This is a system status message. No action need be taken.

Child process requested to checkpoint!

This message indicates a minor software problem that the system is capable of correcting. If these messages appear often, you can change the threshold level in your /etc/syslog.conf file. See the syslog.conf man page for details.

Column not found: columnname

The specified column does not exist in the specified table.

Could not find string 's secret key

Possible causes:

You might have incorrectly typed the password.
There might not be an entry for name in the cred table.
NIS+ could not decrypt the key (possibly because the entry might be corrupt)
The nsswitch.conf file might have the wrong publickey policy. It might be directing the query to a local public key in an /etc/publickey file that is different from the NIS+ password recorded in the cred table.

See “NIS Troubleshooting” in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) for information on diagnosing and solving these types of problem.

Could not generate netname

The Secure RPC software could not generate the Secure RPC netname for your UID when performing a keylogin. This could be due to the following causes:

You do not have LOCAL credentials in the NIS+ cred table of the machine's home domain.
You have a local entry in /etc/passwd with a UID that is different from the UID you have in the NIS+ passwd table.

string: could not get secret key for 'string

Possible causes:

You might have incorrectly typed the password.
There might not be an entry for name in the cred table.
NIS+ could not decrypt the key (possibly because the entry might be corrupt)
The nsswitch.conf file might have the wrong publickey policy. It might be directing the query to a local publickey in an /etc/publickey file that is different from the NIS+ password recorded in the cred table.

See “NIS Troubleshooting” in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) for information on diagnosing and solving these type of problem.

Couldn't fork a process!

The server could not fork a child process to satisfy a callback request. This is probably caused by your system reaching its maximum number of processes. You can kill some unneeded processes, or increase the number of processes your system can handle. See “NIS Troubleshooting” in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) for additional information.

Couldn't parse access rights for column string

This message is usually returned by the nistbladm -u command when something other than a + (plus sign), a - (minus sign), or an = (equal sign) is entered as the operator. Other possible causes are failure to separate different column rights with a comma, or the entry of something other than r,d,c, or m for the type of permission. Check the syntax for this type of entry error. If everything is entered correctly and you still get this error, the table might have been corrupted.

Database for table does not exist

At attempt to look up a table has failed. See “NIS Troubleshooting” in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP)for possible causes.

This message is generated by the NIS+ error code constant: NIS_NOSUCHTABLE. See the nis_tables and nis_names man pages for additional information.

_db_add: child process attempting to add/modify _db_addib: non-parent process attempting an add

These messages indicate that a read-only or nonparent process attempted to add or modify an object in the database. In most cases, these messages do not require any action on your part. If these messages are repeated frequently, call the Sun Solutions Center.

db_checkpoint: Unable to checkpoint string

This message indicates that for some reason NIS+ was unable to complete checkpointing of a directory. The most likely cause is that the disk is full See “NIS Troubleshooting” in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) for additional information).

_db_remib: non-parent process attempting an remove _db_remove: non-parent process attempting a remove

These messages indicate that a read-only or non-parent process attempted to remove a table entry. In most cases, these messages do not require any action on your part. If these messages are repeated frequently, call the Sun Solutions Center.

Do you want to see more information on this command?

This indicates that there is a syntax or spelling error on your script command line.

Entry/Table type mismatch

This occurs when an attempt is made to add or modify an entry in a table, and the entry passed is of a different type from the table. For example, if the number of columns is not the same. Check that your update correctly matches the table type.

This message is generated by the NIS+ error code constant: NIS_TYPEMISMATCH. See the nis_tables man page for additional information.

**ERROR: chkey failed again. Please contact your network administrator to verify your network password.

This message indicates that you typed the wrong network password.

If this is the first time you are initializing this machine, contact your network administrator to verify the network password.
If this machine has been initialized before as an NIS+ client of the same domain, try typing the root login password at the Secure RPC password prompt.
If this machine is currently an NIS+ client and you are trying to change it to a client of a different domain, remove the /etc/.rootkey file, and rerun the nisclient script, using the network password given to you by your network administrator (or the network password generated by the nispopulate script).

Error: Could not create a valid NIS+ coldstart file

This message is from nisinit, the NIS+ initialization routine. It is followed by another message preceded by a string that begins: “lookup:..”. This second message will explain why a valid NIS+ cold-start file could not be created.

**ERROR: could not restore file filename

This message indicates that NIS+ was unable to rename filename.no_nisplus to filename.

Check your system console for system error messages.

If there is a system error message, fix the problem described in the error message and rerun nisclient -i.
If there aren't any system error messages, try renaming this file manually, and then rerun nisclient -i.

**ERROR: Couldn't get the server NIS+_server's address.

The script was unable to retrieve the server's IP address for the specified domain. Manually add the IP address for NIS+_server into the /etc/hosts or /etc/inet/ipnodes file, then rerun nisclient -i.

**ERROR: directory directory-path does not exist.

This message indicates that you typed an incorrect directory path. Type the correct directory path.

**ERROR: domainname does not exist.

This message indicates that you are trying to replicate a domain that does not exist.

If domainname is spelled incorrectly, rerun the script with the correct domain name.
If the domainname domain does not exist, create it. Then you can replicate it.

**ERROR: parent-domain does not exist.

This message indicates that the parent domain of the domain you typed on the command line does not exist. This message should only appear when you are setting up a nonroot master server.

If the domain name is spelled incorrectly, rerun the script with the correct domain name.
If the domain's parent domain does not exist, you have to create the parent domain first, and then you can create this domain.

**ERROR: Don't know about the domain “domainname”. Please check your domainname.

This message indicates that you typed an unrecognized domain name. Rerun the script with the correct domain name.

**ERROR: failed dumping tablename table.

The script was unable to populate the cred table because the script did not succeed in dumping the named table.

If niscat tablename .org_dir fails, make sure that all the servers are operating, then rerun the script to populate the tablename table.
If niscat tablename.org_dir is working, the error might have been caused by the NIS+ server being temporarily busy. Rerun the script to populate the tablename table.

**ERROR: host hostname is not a valid NIS+ principal in domain domainname. This host name must be defined in the credential table in domain domainname. Use nisclient -c to create the host credential

A machine has to be a valid NIS+ client with proper credentials before it can become an NIS+ server. To convert a machine to an NIS+ root replica server, the machine first must be an NIS+ client in the root domain. Follow the instructions on how to add a new client to a domain, then rerun nisserver -R.

Before you can convert a machine to an NIS+ nonroot master or a replica server, the machine must be an NIS+ client in the parent domain of the domain that it plans to serve. Follow the instructions on how to add a new client to a domain, then rerun nisserver -M or nisserver -R.

This problem should not occur when you are setting up a root master server.

Error in accessing NIS+ cold start file is NIS+ installed?

This message is returned if NIS+ is not installed on a machine or if for some reason the file /var/nis/NIS_COLD_START could not be found or accessed. Check to see if there is a /var/nis/NIS_COLD_START file. If the file exists, make sure your path is set correctly and that NIS_COLD_START has the proper permissions. Then rename or remove the old cold-start file and rerun the nisclient script to install NIS+ on the machine.

This message is generated by the cache manager that sends the NIS+ error code constant: NIS_COLDSTART_ERR. See the write and open man pages for additional information on why a file might not be accessible.

Error in RPC subsystem

This fatal error indicates the RPC subsystem failed in some way. Generally, there will be a syslog message on either the client or server side indicating why the RPC request failed.

This message is generated by the NIS+ error code constant: NIS_RPCERROR. See the nis_tables and nis_names man pages for additional information.

**ERROR: it failed to add the credential for root.

The NIS+ command nisaddcred failed to create the root credential when trying to set up a root master server. Check your system console for system error messages:

If there is a system error message, fix the problem described in the error message and then rerun nisserver.
If there aren't any system error messages, check to see whether the rpc.nisd process is running. If it is not running, restart it and then rerun nisserver.

**ERROR: it failed to create the tables.

The NIS+ command nissetup failed to create the directories and tables. Check your system console for system error messages:

If there is a system error message, fix the problem described in the error message and rerun nisserver.
If there aren't any system error messages, check to see whether the rpc.nisd process is running. If it is not running, restart it and rerun nisserver.

**ERROR: it failed to initialize the root server.

The NIS+ command nisinit -r failed to initialize the root master server. Check your system console for system error messages. If there is a system error message, fix the problem described in the error message and rerun nisserver.

**ERROR: it failed to make the domainname directory

The NIS+ command nismkdir failed to make the new directory domainname when running nisserver to create a nonroot master. The parent domain does not have create permission to create this new domain.

If you are not the owner of the domain or a group member of the parent domain, rerun the script as the owner or as a group member of the parent domain.
If rpc.nisd is not running on the new master server of the domain that you are trying to create, restart rpc.nisd.

**ERROR: it failed to promote new master for the domainname directory

The NIS+ command nismkdir failed to promote the new master for the directory domainname when creating a nonroot master with the nisserver script.

If you do not have modify permission in the parent domain of this domain, rerun the script as the owner or as a group member of the parent domain.
If rpc.nisd is not running on the servers of the domain that you are trying to promote, restart rpc.nisd on these servers and rerun nisserver.

**ERROR: it failed to replicate the directory-name directory

The NIS+ command nismkdir failed to create the new replica for the directory directory-name.

If rpc.nisd is not running on the master server of the domain that you are trying to replicate, restart rpc.nisd on the master server, rerun nisserver.
If rpc.nisd is not running on the new replica server, restart it on the new replica and rerun nisserver.

**ERROR: invalid group name. It must be a group in the root-domain domain.

This message indicates that you used an invalid group name while trying to configure a root master server. Rerun nisserver -r with a valid group name for root-domain.

**ERROR: invalid name “client-name” It is neither an host nor an user name.

This message indicates that you typed an invalid client-name.

If client-name was spelled incorrectly, rerun nisclient -c with the correct client-name.
If client-name was spelled correctly, but it does not exist in the proper table, put client-name into the proper table and rerun nisclient -c. For example, a user client belongs in the passwd table, and a host client belongs in the hosts table.

**ERROR: hostname is a master server for this domain. You cannot demote a master server to replica. If you really want to demote this master, you should promote a replica server to master using nisserver with the M option.

You cannot directly convert a master server to a replica server of the same domain. You can, however, change a replica to be the new master server of a domain by running nisserver -M with the replica host name as the new master. This automatically makes the old master a replica.

**ERROR: missing hostnames or usernames.

This message indicates that you did not type the client names on the command line. Rerun nisclient -c with the client names.

**ERROR: NIS+ group name must end with a “.”

This message indicates that you did not specify a fully qualified group name ending with a period. Rerun the script with a fully qualified group name.

**ERROR: NIS+ server is not running on remote-host. You must do the following before becoming an NIS+ server: 1. become an NIS+ client of the parent domain or any domain above the domain which you plan to serve. (nisclient) 2. start the NIS+ server. (rpc.nisd)

This message indicates that rpc.nisd is not running on the remote machine that you are trying to convert to an NIS+ server. Use the nisclient script to become an NIS+ client of the parent domain or any domain above the domain you plan to serve; start rpc.nisd on remote-host.

**ERROR: nisinit failed.

nisinit was unable to create the NIS_COLD_START file.

Check the following:

That the NIS+ server you specified with the -H option is running—use ping
That you typed the correct domain name
That rpc.nisd is running on the server
That the nobody class has read permission for this domain

**ERROR: NIS map transfer failed. tablename table will not be loaded.

NIS+ was unable to transfer the NIS map for this table to the NIS+ database.

If the NIS server host is running, try running the script again. The error might have been due to a temporary failure.
If all tables have this problem, try running the script again using a different NIS server.

**ERROR: no permission to create directory domainname

The parent domain does not have create permission to create this new domain. If you are not the owner of the domain or as a group member of the parent domain, rerun the script as the owner, or as a group member of the parent domain.

**ERROR: no permission to replicate directory domainname.

This message indicates that you do not have permission to replicate the domain. Rerun the script as the owner or as a group member of the domain.

error receiving zone transfer

DNS error message. This usually indicates a syntax error in one of the primary server's DNS files. See “NIS Troubleshooting” in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP).

**ERROR: table tablename .org_dir.domainname does not exist.” tablename table will not be loaded.”

The script did not find the NIS+ table tablename.

If tablename is spelled incorrectly, rerun the script with the correct table name.
If the tablename table does not exist, use nissetup to create the table if tablename is one of the standard NIS+ tables. Or use nistbladm to create the private table tablename. Then rerun the script to populate this table.
If the tablename table exists, the error might have been caused by the NIS+ server being temporarily busy. Rerun the script to populate this tablename table.

**ERROR: this name “clientname” is in both the passwd and hosts tables. You cannot have an username same as the host name.

client-name appears in both the passwd and hosts tables. One name is not allowed to be in both of these tables. Manually remove the entry from either the passwd or hosts table. Then, rerun nisclient -c.

**ERROR: You cannot use the -u option as a root user.

This message indicates that the superuser tried to run nisclient -u. The -u option is for initializing ordinary users only. Superusers do not need be initialized as NIS+ clients.

**ERROR: You have specified the Z option after having selected the X option. Please select only one of these options [list]. Do you want to see more information on this command?

The script you are running allows you to choose only one of the listed options.

Type y to view additional information.
Type n to stop the script and exit.

After exiting the script, rerun it with just one of the options.

**ERROR: you must specify a fully qualified groupname.

This message indicates that you did not specify a fully qualified group name ending with a period. Rerun the script with a fully qualified group name.

**ERROR: you must specify both the NIS domainname (-y) and the NIS server host name (-h).

This message indicates that you did not type either the NIS domain name and/or the NIS server host name. Type the NIS domain name and the NIS server host name at the prompt or on the command line.

**ERROR: you must specify one of these options: -c, -i, -u, -r.

This message indicates that one of these options, -c, -i, -u, -r was missing from the command line. Rerun the script with the correct option.

**ERROR: you must specify one of these options: -r, -M or -R”

This message indicates that you did not type any of the -r or the -M or the -R options. Rerun the script with the correct option.

**ERROR: you must specify one of these options: -C, -F, or -Y

This message indicates that you did not type either the -Y or the -F option. Rerun the script with the correct option.

**ERROR: You must be root to use -i option.

This message indicates that an ordinary user tried to run nisclient -i. Only the superuser has permission to run nisclient -i.

Error while talking to callback proc

An RPC error occurred on the server while it was calling back to the client. The transaction was aborted at that time and any unsent data was discarded. Check the syslog on the server for more information.

This message is generated by the NIS+ error code constant: NIS_CBERROR. See the nis_tables man page for additional information.

First/Next chain broken

This message indicates that the connection between the client and server broke while a callback routine was posting results. This could happen if the server died in the middle of the process.

This message is generated by the NIS+ error code constant: NIS_CHAINBROKEN.

Generic system error

Some form of generic system error occurred while attempting the request. Check the syslog record on your system for error messages from the server.

This message usually indicates that the server has crashed or the database has become corrupted. This message might also be generated if you incorrectly specify the name of a server or replica as if it belonged to the domain it was servicing rather than the domain above. See “NIS Troubleshooting” in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) for additional information.

This message is generated by the NIS+ error code constant: NIS_SYSTEMERROR. See the nis_tables and nis_names man pages for additional information.

Illegal object type for operation

See “NIS Troubleshooting” in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) for a description of these type of problems.

This message is generated by the NIS+ error code constant: DB_BADOBJECT.

insufficient permission to update credentials.

This message is generated by the nisaddcred command when you have insufficient permission to execute an operation. This could be insufficient permission at the table, column, or entry level. Use niscat -o cred.org_dir to determine what permissions you have for that cred table. If you need additional permission, you or the system administrator can change the permission requirements of the object or add you to a group that does have the required permissions.

See “NIS Troubleshooting” in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) for additional information about permission problems.

Invalid Object for operation

Name context. The name passed to the function is not a legal NIS+ name.
Table context. The object pointed to is not a valid NIS+ entry object for the given table. This could occur if it had a mismatched number of columns, or a different data type (for example, binary or text) than the associated column in the table.

This message is generated by the NIS+ error code constant: NIS_INVALIDOBJ. See the nis_tables and nis_names man pages for additional information.

invalid usecs Routine_name: invalid usecs

This message is generated when the value in the tv_usecs field of a variable of type struct time stamp is larger than the number of microseconds in a second. This is usually due to some type of software error.

tablename is not a table

The object with the name tablename is not a table object. For example, the nisgrep and nismatch commands will return this error if the object you specify on the command line is not a table.

Link Points to illegal name

The passed name resolved to a LINK type object and the contents of the object pointed to an invalid name.

You cannot link table entries. A link at the entry level can produce this error message.

This message is generated by the NIS+ error code constant: NIS_LINKNAMEERROR. See the nis_tables and nis_names man pages for additional information.

Load limit of number reached!

An attempt has been made to create a child process when the maximum number of child processes have already been created on this server. This message is seen on the server's system log, but only if the threshold for logging messages has been set to include LOG_WARNING level messages.

login and keylogin passwords differ.

This message is displayed when you are changing your password with nispasswd and the system has changed your password, but has been unable to update your credential entry in the cred table with the new password and also unable to restore your original password in the passwd table. This message is followed by the instructions:

Use NEW password for login and OLD password for 
keylogin. Use “chkey -p” to reencrypt the credentials with 
the new login password. You must keylogin explicitly after 
your next login.

These instructions are then followed by a status message explaining why it was not possible to revert back to the old password. If you see these messages, be sure to follow the instructions as given.

Login incorrect

The most common cause of a “login incorrect” message is mistyping the password. Try it again. Make sure you know the correct password. Remember that passwords are case-sensitive (uppercase letters are considered different than lowercase letters) and that the letter “o” is not interchangeable with the numeral “0,” nor is the letter “l” the same as the numeral “1”.

For other possible causes of this message, see “NIS Troubleshooting” in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP).

log_resync: Cannot truncate transaction log file

Malformed Name or illegal name

The name passed to the function is not a legal or valid NIS+ name.

One possible cause for this message is that someone changed an existing domain name. Existing domain names should not be changed. See “NIS Troubleshooting” in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP).

This message is generated by the NIS+ error code constant: NIS_BADNAME. See the nis_tables man page for additional information.

_map_addr: RPC timed out.

A process or application could not contact NIS+ within its default time limit to get necessary data or resolve host names from NIS+. In most cases, this problem will solve itself after a short wait. See “NIS Troubleshooting” in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP)for additional information about slow performance problems.

Master server busy full dump rescheduled

This message indicates that a replica server has been unable to update itself with a full dump from the master server because the master is busy. See “NIS Troubleshooting” in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) for additional information.

String Missing or malformed attribute

The name of an attribute did not match with a named column in the table, or the attribute did not have an associated value.

This could indicate an error in the syntax of a command. The string should give an indication of what is wrong. Common causes are spelling errors, failure to correctly place the equals sign (=), an incorrect column or table name, and so forth.

This message is generated by the NIS+ error code constant: NIS_BADATTRIBUTE. See the nis_tables man page for additional information.

Modification failed

Returned by the nisgrpadm command when someone else modified the group during the execution of your command. Check to see who else is working with this group. Reissue the command.

This message is generated by the NIS+ error code constant: NIS_IBMODERROR.

Modify operation failed

The attempted modification failed for some reason.

This message is generated by the NIS+ error code constant: NIS_MODFAIL. See the nis_tables and nis_names man pages for additional information.

Name not served by this server

A request was made to a server that does not serve the specified name. Normally this will not occur; however, if you are not using the built-in location mechanism for servers, you might see this if your mechanism is broken.

Other possible causes are:

Cold-start file corruption. Delete the /var/nis/NIS_COLD_START file and then reboot.
Cache problem such as the local cache being out of date. Kill the nis_cachemgr and /var/nis/NIS_SHARED_DIRCACHE, and then reboot. (If the problem is not in the root directory, you might be able to kill the domain cache manager and try the command again.)
Someone removed the directory from a replica.

This message is generated by the NIS+ error code constant: NIS_NOT_ME. See the nis_tables and nis_names man pages for additional information.

Named object is not searchable

The table name resolved to an NIS+ object that was not searchable.

This message is generated by the NIS+ error code constant: NIS_NOTSEARCHABLE. See the nis_tables man page for additional information.

Name/entry isn't unique

An operation has been requested based on a specific search criteria that returns more than one entry. For example, you use nistbladm -rto delete a user from the passwd table, and there are two entries in that table for that user name as shown as follows:

mymachine# nistbladm -r [name=arnold],passwd.org_dir 
Can't remove entry: Name/entry isn't unique

You can apply your command to multiple entries by using the -R option rather than -r. For example, to remove all entries for arnold:

mymachine# nistbladm -R name=arnold],passwd.org_dir

NIS+ error

The NIS+ server has returned an error, but the passwd command determines exactly what the error is.

NIS+ operation failed

This generic error message should be rarely seen. Usually it indicates a minor software problem that the system can correct on it own. If it appears frequently, or appears to be indicating a problem that the system is not successfully dealing with, contact the Sun Solutions Center.

This message is generated by the NIS+ error code constant: NIS_FAIL.

string: NIS+ server busy try again later.

See “NIS Troubleshooting” in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) for possible causes.

NIS+ server busy try again later.

Self explanatory. Try the command later.

NIS+ server for string not responding still trying

See “NIS Troubleshooting” in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) for possible causes.

NIS+ server not responding

See “NIS Troubleshooting” in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) for possible causes.

NIS+ server needs to be checkpointed. Use nisping -Cdomainname

Caution –

Checkpoint immediately! Do not wait!

This message is generated at the LOG_CRIT level on the server's system log. It indicates that the log is becoming too large. Use nisping -C domainname to truncate the log by checkpointing.

See also “NIS Troubleshooting” in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) for additional information on log size.

NIS+ servers unreachable

This soft error indicates that a server for the desired directory of the named table object could not be reached. This can occur when there is a network failure or the server has crashed. A new attempt might succeed. See the description of the -HARD_LOOKUP flag in the nis_tables and nis_names man pages.

This message is generated by the NIS+ error code constant: NIS_NaMEUNREACHABLE.

NIS+ service is unavailable or not installed

Self-explanatory. This message is generated by the NIS+ error code constant: NIS_UNAVAIL.

NIS+: write ColdStart File: xdr_directory_obj failed

The most likely causes for this message are:

Bad or incorrect parameters. Check the syntax and accuracy of whatever command you most recently entered.
An attempt to allocate system memory failed. See “NIS Troubleshooting” in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) for a discussion of memory problems.
If your command syntax is correct, and your system does not seem to be short of memory, contact the Sun Solutions Center.

nis_checkpoint_svc: readonly child instructed to checkpoint ignored.

This is a status message indicating that a read-only process attempted to perform an operation restricted to the parent process, and the attempt was aborted. No action need be taken.

nis_dumplog_svc: readonly child called to dump log, ignore

This is a status message indicating that a read-only process attempted to perform an operation restricted to the parent process, and the attempt was aborted. No action need be taken.

nis_dump_svc: load limit reached.

The maximum number of child processes permitted on your system has been reached.

nis_dump_svc: one replica is already resyncing.

Only one replica can resync from a master at a time. Try the command later.

See “NIS Troubleshooting” in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) for information on these three error messages.

nis_dump_svc: Unable to fork a process.

The fork system call has failed. See the fork man page for possible causes.

nis_mkdir_svc: read-only child called to mkdir, ignored

This is a status message indicating that a read-only process attempted to perform an operation restricted to the parent process, and the attempt was aborted. No action need be taken.

nis_ping_svc: read-only child was ping ignored.

This is a status message indicating that a read-only process attempted to perform an operation restricted to the parent process, and the attempt was aborted. No action need be taken.

nis_rmdir_svc: readonly child called to rmdir, ignored

This is a status message indicating that a read-only process attempted to perform an operation restricted to the parent process, and the attempt was aborted. No action need be taken.

nisaddcred: no password entry for uid userid nisaddcred: unable to create credential.

These two messages are generated during execution of the nispopulate script. The NIS+ command nisaddcred failed to add a LOCAL credential for the user ID userid on a remote domain. (This only happens when you are trying to populate the passwd table in a remote domain.)

To correct the problem, add a table path in the local passwd table:

# nistbladm -u -p passwd.org_dir.remote-domain passwd.org_dir

The remote-domain must be the same domain that you specified with the -d option when you ran nispopulate. Rerun the script to populate the passwd table.

No file space on server

Self-explanatory.

This message is generated by the NIS+ error code constant: NIS_NOFILESPACE.

No match

This is most likely an error message from the shell, caused by failure to escape the brackets when specifying an indexed name. For example, failing to set off a bracketed indexed name with quote marks would generate this message because the shell would fail to interpret the brackets as shown as follows:

# nistbladm -m shell=/bin/csh [name=miyoko],passwd.org_dir No match

The correct syntax is:

# nistbladm -m shell=/bin/csh `[name=miyoko],passwd.org_dir`

No memory

Your system does not have enough memory to perform the specified operation. See “NIS Troubleshooting” in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) for additional information on memory problems.

Non NIS+ namespace encountered

The name could not be completely resolved. This usually indicates that the name passed to the function resolves to a namespace that is outside the NIS+ name tree. In other words, the name is contained in an unknown directory. When this occurs, this error is returned with an NIS+ object of type DIRECTORY.

This message is generated by the NIS+ error code constant: NIS_FOREIGNNS. See the nis_tables or nis_names man pages for additional information.

No password entry for uid userid No password entry found for uid userid

Both of these two messages indicate that no entry for this user was found in the passwd table when trying to create or add a credential for that user. (Before you can create or add a credential, the user must be listed in the passwd table.)

The most likely cause is misspelling the user's userid on the command line. Check your command line for correct syntax and spelling.
Check that you are either in the correct domain, or specifying the correct domain on the command line.
If the command line is correct, check the passwd table to make sure the user is listed under the userid you are entering. This can be done with nismatch:

mymachine# nismatch uid=userid passwd.org_dir.

If the user is not listed in the passwd table, use nistbladm or nisaddent to add the user to the passwd table before creating the credential.

No shadow password information

This means that password aging cannot be enforced because the information used to control aging is missing.

Not found String Not found

Names context. The named object does not exist in the namespace.

Table context. No entries in the table matched the search criteria. If the search criteria was null (return all entries), then this result means that the table is empty and can safely be removed.

If the -FOLLOW_PATH flag was set, this error indicates that none of the tables in the path contain entries that match the search criteria.

This message is generated by the NIS+ error code constant: NIS_NOTFOUND. See the nis_tables and nis_names man pages for additional information.

See also “NIS Troubleshooting” in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) for general information on this type of problem.

Not Found no such name

This hard error indicates that the named directory of the table object does not exist. This could occur when the server that should be the parent of the server that serves the table, does not know about the directory in which the table resides.

This message is generated by the NIS+ error code constant: NIS_NOSUCHNAME. See the nis_names and nis_names man pages for additional information.

See also “NIS Troubleshooting” in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) for general information on this type of problem.

Not master server for this domain

This message might mean that an attempt was made to directly update the database on a replica server.

This message might also mean that a change request was made to a server that serves the name, but it is not the master server. This can occur when a directory object changes and it specifies a new master server. Clients that have cached copies of that directory object in their /var/nis/NIS_SHARED_DIRCACHE file should run ps to obtain the process ID of the nis_cachemgr, kill the nis_cachemgr process, remove the /var/nis/NIS_SHARED_DICACHE file, and then restart nis_cachemgr.

This message is generated by the NIS+ error code constant: NIS_NOTMASTER. See the nis_tables and nis_names man pages for additional information.

Not owner

The operation you attempted can only be performed by the object's owner, and you are not the owner.

This message is generated by the NIS+ error code constant: NIS_NOTOWNER.

Object with same name exists

An attempt was made to add a name that already exists. To add the name, first remove the existing name and then add the new name or modify the existing named object.

This message is generated by the NIS+ error code constant: NIS_NAMEEXISTS. See the nis_tables and nis_names man pages for additional information.

parse error: string (key variable): This message is displayed by the nisaddent command when it attempts to use database files from a /etc directory and there is an error in one of the file's entries. The first variable should describe the problem, and the variable after key should identify the particular entry at fault. If the problem is with the /etc/passwd file, you can use /usr/sbin/pwck to check it.

Partial Success

This result is similar to NIS_NOTFOUND, except that it means the request succeeded but resolved to zero entries.

When this occurs, the server returns a copy of the table object instead of an entry so that the client can then process the path or implement some other local policy.

This message is generated by the NIS+ error code constant: NIS_PARTIAL. See the nis_tables man page for additional information.

Passed object is not the same object on server

An attempt to remove an object from the namespace was aborted because the object that would have been removed was not the same object that was passed in the request.

This message is generated by the NIS+ error code constant: NIS_NOTSAMEOBJ. See the nis_tables and nis_names man pages for additional information.

Password does not decrypt secret key for name

Possible causes:

You might have incorrectly typed the password.
There might not be an entry for name in the cred table.
NIS+ could not decrypt the key (possibly because the entry might be corrupt).
The Secure RPC password does not match the login password.
The nsswitch.conf file might be directing the query to a local password in an /etc/passwd file that is different from the NIS+ password recorded in the cred table. (Note that the actual encrypted passwords are stored locally in the /etc/shadow file.)

See “NIS Troubleshooting” in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) for information on diagnosing and solving these types of problems.

Password has not aged enough

This message indicates that your password has not been in use long enough and that you cannot change it until it has been in use for N (a number of) days.

Permission denied

Returned when you do not have the permissions required to perform the operation you attempted. See “NIS Troubleshooting” in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) for additional information.

This message might be related to a login or password matter, or an NIS+ security problem. The most common cause of a Permission denied message is that the password of the user receiving it has been locked by an administrator or the user's account has been terminated.

Permissions on the password database may be too restrictive

You do not have authorization to read (or otherwise use) the contents of the passwd field in an NIS+ table. See Chapter 15, Administering NIS+ Access Rights, for information on NIS+ access rights.

Please notify your System Administrator

When displayed as a result of an attempt to update password information with the passwd command, this message indicates that the attempt failed for one of many reasons. For example, the service might not be available, a necessary server is down, there is a “permission denied” type problem, and so forth. See “NIS Troubleshooting” in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP)for a discussion of various types of security problems.

Please check your /etc/nsswitch.conf file

The nsswitch.conf file specifies a configuration that is not supported for passwd update. See nsswitch.conf File Requirements for supported configurations.

Probable success

Name context. The request was successful; however, the object returned came from an object cache and not directly from the server. (If you do not want to see objects from object caches, you must specify the flag -NO_CACHE when you call the lookup function.)

Table context. Even though the request was successful, a table in the search path was not able to be searched, so the result might not be the same as the one you would have received if that table had been accessible.

This message is generated by the NIS+ error code constant: NIS_S_SUCCESS. See the nis_tables and nis_names man pages for additional information.

Probably not found

The named entry does not exist in the table; however, not all tables in the path could be searched, so the entry might exist in one of those tables.

This message is generated by the NIS+ error code constant: NIS_S_NOTFOUND. See the nis_tables man page for additional information.

Query illegal for named table

A problem was detected in the request structure passed to the client library.

This message is generated by the NIS+ error code constant: NIS_BADREQUEST. See the nis_tables man page for additional information.

Reason: can't communicate with ypbind.

See “NIS Troubleshooting” in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP)

replica_update: Child process attempting update, aborted

This is a status message indicating that a read-only process attempted an update and the attempt was aborted.

replica_update: error result was string

This message indicates a problem (identified by string) in carrying out a dump to a replica. See “NIS Troubleshooting” in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) for further information.

replica_update: error result was Master server busy, full dump rescheduled replica_update: master server busy rescheduling the resync. replica_update: master server is busy will try later. replica_update: nis dump result Master server busy, full dump rescheduled

These messages all indicate that the server is busy and the dump will be done later.

replica_update: nis dump result nis_perror errorstring

This message indicates a problem (identified by the error string) in carrying out a dump to a replica. See “NIS Troubleshooting” in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) for further information.

replica_update: nnnn updates nnnn errors

A status message indicating a successful update.

replica_update: WARNING: last_update (directoryname) returned 0!

An NIS+ process could not find the last update time stamp in the transaction log for that directory. This will cause the system to perform a full resync of the problem directory.

Results Sent to callback proc

This is a status message. No action need be taken.

This message is generated by the NIS+ error code constant: NIS_CBRESULTS. See the nis_tables man page for additional information.

root_replica_update: update failed string: could not fetch object from master.

This message indicates a problem in carrying out a dump to a replica. See “NIS Troubleshooting” in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) for further information.

RPC failure: “RPC failure on yp operation.

This message is returned by ypcat when an NIS client's nsswitch.conf file is set to files rather than nis, and the server is not included in the /etc/hosts or /etc/inet/ipnodes file.

Security exception on local system. UNABLE TO MAKE REQUEST.

This message might be displayed if a user has the same login ID as a machine name. See “NIS Troubleshooting” in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) for additional information.

date: hostname: sendmail (nnnn) : gethostbyaddr failed

One common cause of this problem is entering IP addresses in NIS+, NIS, files, or DNS data sets with leading zeros. For example, you should never enter an IP address as 151.029.066.001. The correct way to enter that address is: 151.29.66.1.

Server busy, try again

The server was too busy to handle your request.

For the add, remove, and modify operations, this message is returned when either the master server for a directory is unavailable or it is in the process of checkpointing its database.
This message can also be returned when the server is updating its internal state.
In the case of nis_list, if the client specifies a callback and the server does not have enough resources to handle the callback.

Retry the command at a later time when the server is available.

This message is generated by the NIS+ error code constant: NIS_TRYAGAIN. See the nis_tables and nis_names man pages for additional information.

Server out of memory

In most cases this message indicates a fatal result. It means that the server ran out of heap space.

This message is generated by the NIS+ error code constant: NIS_NOMEMORY. See the nis_tables and nis_names man pages for additional information.

Sorry

This message is displayed when a user is denied permission to login or change a password, and for security reasons the system does not display the reason for that denial because such information could be used by an unauthorized person to gain illegitimate access to the system.

Sorry: less than nn days since the last change

This message indicates that your password has not been in use long enough and that you cannot change it until it has been in use for N days. See Changing Your Password for further information.

_svcauth_des: bad nickname

The nickname received from the client is invalid or corrupted, possibly due to network congestion. The severity of this message depends on what level of security you are running. At a low security level, this message is informational only; at a higher level, you might have to try the command again later.

_svcauth_des: corrupted window from principalname

The window that was sent does not match the one sent in the verifier.

The severity of this message depends on what level of security you are running. At a low security level, this message is primarily for your information; at a higher level you might have to try the command again at some later time or take corrective action as described below.

Possible causes:

The server's key pair has been changed. The client used the server's old public key while the server has a new secret key cached with keyserv. Run keylogin on both client and server.
The client's key pair has been changed and the client has not run keylogin on the client system, so system is still sending the client's old secret key to the server, which is now using the client's new public key. Naturally, the two do not match. Run keylogin again on both client and server.
Network corruption of data. Try the command again. If that does not work, use the snoop command to investigate and correct any network problems. Then run keylogin again on both server and client.

_svcauth_des: decryption failure

DES decryption for some authentication data failed. Possible causes:

Corruption to a library function or argument.
A problem with a DES encryption chip, if you are using one.

The severity of this message depends on what level of security you are running. At a low security level, this message is primarily for your information; at a higher level, you might have to call the Sun Solutions Center for assistance. If the problem appears to be related to a DES encryption chip, call the Sun Solutions Center.

_svcauth_des: corrupted window from principalname

The window that was sent does not match the one sent in the verifier.

Possible causes:

The server's key pair has been changed. The client used the server's old public key while the server has a new secret key cached with keyserv. Run keylogin on both client and server.
The client's key pair has been changed and the client has not run keylogin on the client system, so system is still sending the client's old secret key to the server, which is now using the client's new public key. Naturally, the two do not match. Run keylogin again on both client and server.
Network corruption of data. Try the command again. If that does not work, use the snoop command to investigate and correct any network problems. Then run keylogin again on both server and client.

_svcauth_des: decryption failure for principalname

DES decryption for some authentication data failed. Possible causes:

Corruption to a library function or argument.
A problem with a DES encryption chip, if you are using one.

_svcauth_des: invalid timestamp received from principalname

The time stamp received from the client is corrupted, or the server is trying to decrypt it using the wrong key. Possible causes:

Congested network. Retry the command.
Server cached out the entry for this client. Check the network load.

_svcauth_des: key_decryptsessionkey failed for principalname

The keyserv process failed to decrypt the session key with the given public key. Possible causes are:

The keyserv process is dead or not responding. Use ps -ef to check if the keyserv process is running on the keyserv host. If it is not, then restart it and run keylogin.
The server principal has not keylogged in. Run keylogin for the server principal.
The server principal (host) does not have credentials. Run nismatch hostname.domainname. cred.org_dir on the client's home domain cred table. Create new credentials if necessary.
keyserv might have been restarted, in which case certain long-running applications, such as rpc.nisd, sendmail, and automountd, also need to be restarted.
DES encryption failure. Call the Sun Solutions Center.

_svcauth_des: no public key for principalname

The server cannot get the client's public key. Possible causes are:

The principal has no public key. Run nismatch on the cred table of the principal's home domain. If there is no DES credential in that table for the principal, use nisaddcred to create one, and then run keylogin for that principal.
The naming service specified by a nsswitch.conf file is not responding.

_svcauth_des: replayed credential from principalname

The server has received a request and finds an entry in its cache for the same client name and conversation key with the time stamp of the incoming request before that of the one currently stored in the cache.

The severity of this message depends on what level of security you are running. At a low security level, this message is primarily for your information. At a higher level, you might have to take corrective action as described below.

Possible causes are:

The client and server clocks are out of sync. Use rdate to resync the client clock to the server clock.
The server is receiving requests in random order. This could occur if you are using multithreading applications. If your applications support TCP, then set /etc/netconfig (or your NETPATH environment variable) to tcp.

_svcauth_des: timestamp is earlier than the one previously seen from principalname

The time stamp received from the client on a subsequent call is earlier than one seen previously from that client. The severity of this message depends on what level of security you are running. At a low security level, this message is primarily for your information; at a higher level, you might have some corrective action as described below.

Possible causes are:

The client and server clocks are out of sync. Use rdate to resynch the client clock to the server clock.
The server cached out the entry for this client. The server maintains a cache of information regarding the current clients. This cache size equals 64 client handles.

_svcauth_des: timestamp expired for principalname

The time stamp received from the client is not within the default 35-second window in which it must be received. The severity of this message depends on what level of security you are running. At a low security level, this message is primarily for your information; at a higher level, you might have to take corrective action as described below.

Possible causes are:

The 35-second window is too small to account for slow servers or a slow network.
The client and server clocks are so far out of sync that the window cannot allow for the difference. Use rdate to resynchronize the client clock to the server clock.
The server has cached out the client entry. Retry the operation.

Too Many Attributes

The search criteria passed to the server had more attributes than the table had searchable columns.

This message is generated by the NIS+ error code constant: NIS_TOOMANYATTRS. See the nis_tables man page for additional information.

Too many failures - try later

Too many tries; try again later

These messages indicate that you have had too many failed attempts (or taken too long) to either log in or change your password. See The Login incorrect Message or Password Change Failures for further information.

Unable to authenticate NIS+ client

This message is generated when a server attempts to execute the callback procedure of a client and gets a status of RPC_AUTHERR from the RPC clnt_call(). This is usually caused by out-of-date authentication information. Out-of-date authentication information can occur when the system is using data from a cache that has not been updated, or when there has been a recent change in the authentication information that has not yet been propagated to this server. In most cases, this problem should correct itself in a short period of time.

If this problem does not self-correct, it might indicate one of the following problems:

Corrupted /var/nis/NIS_SHARED_DIRCACHE file. Kill the cache manager, remove this file, and restart the cache manager.
Corrupted /var/nis/NIS_COLD_START file. Remove the file and then run nisinit to recreate it.
Corrupted /etc/.rootkey file. Run keylogin -r.

This message is generated by the NIS+ error code constant: NIS_CLNTAUTH.

Unable to authenticate NIS+ server

In most cases, this is a minor software error from which your system should quickly recover without difficulty. It is generated when the server gets a status of RPC_AUTHERR from the RPC clnt_call.

If this problem does not quickly clear itself, it might indicate a corrupted /var/nis/NIS_COLD_START, /var/nis/NIS_SHARED_DIRCACHE, or /etc/.rootkey file.

This message is generated by the NIS+ error code constant: NIS_SRVAUTH.

Unable to bind to master server for name 'string'

See “NIS Troubleshooting” in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP)for information on this type of problem. This particular message might be caused by adding a trailing dot to the server's domain name in the /etc/defaultdomain file.

Unable to create callback.

The server was unable to contact the callback service on your machine. This results in no data being returned.

See the nis_tables man page for additional information.

Unable to create process on server

This error is generated if the NIS+ service routine receives a request for a procedure number which it does not support.

This message is generated by the NIS+ error code constant: NIS_NOPROC.

string: Unable to decrypt secret key for string.

Possible causes:

You might have incorrectly typed the password.
There might not be an entry for name in the cred table.
NIS+ could not decrypt the key because the entry might be corrupt.
The nsswitch.conf file might be directing the query to a local password in an /etc/passwd file that is different than the NIS+ password recorded in the cred table.

See “NIS Troubleshooting” in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) for information on diagnosing and solving these type of problem.

Unknown error

This is displayed when the NIS+ error handling routine receives an error of an unknown type.

Unknown object

The object returned is of an unknown type.

This message is generated by the NIS+ error code constant: NIS_UNKNOWNOBJ. See the nis_names man page for additional information.

update_directory: nnnn objects still running.

This is a status message displayed on the server during the update of a directory during a replica update. You do not need to take any action.

User principalname needs Secure RPC credentials to login but has none.

The user has failed to perform a keylogin. This problem usually arises when the user has different passwords in /etc/shadow and a remote NIS+ passwd table.

Warning: couldn't reencrypt secret key for principalname

The most likely cause of this problem is that your Secure RPC password is different from your login password (or you have one password on file in a local /etc/shadow file and a different one in a remote NIS+ table) and you have not yet done an explicit keylogin. See “NIS Troubleshooting” in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) for more information on these types of problems.

WARNING: db::checkpoint: could not dump database: No such file or directory

This message indicates that the system was unable to open a database file during a checkpoint. Possible causes:

The database file was deleted.
The server is out of file descriptors.
There is a disk problem
You or the host do not have correct permissions.

WARNING: db_dictionary::add_table: could not initialize database from scheme

The database table could not be initialized. Possible causes:

There was a system resource problem See “NIS Troubleshooting” in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP)).
You incorrectly specified the new table in the command syntax.
The database is corrupted.

WARNING: db_query::db_query:bad index

In most cases this message indicates incorrect specification of an indexed name. Make sure that the indexed name is found in the specified table. Check the command for spelling and syntax errors.

**WARNING: domain domainname already exists.

This message indicates that the domain you tried to create already exists.

If you are trying to promote a new nonroot master server or are recovering from a previous nisserver problem, continue running the script.
If domainname was spelled incorrectly, rerun the script with the correct domain name.

**WARNING: failed to add new member NIS+_principle into the groupname group. You will need to add this member manually: 1. /usr/sbin/nisgrpadm -a groupname NIS+_principal

The NIS+ command nisgrpadm failed to add a new member into the NIS+ group groupname. Manually add this NIS+ principal by typing:

# /usr/sbin/nisgrpadm -a groupname NIS+_principal

**WARNING: failed to populate tablename table.

The nisaddent command was unable to load the NIS+ tablename table. A more detailed error message usually appears before this warning message.

**WARNING: hostname specified will not be used. It will use the local hostname instead.

This message indicates that you typed a remote host name with the -H option. The nisserver -rscript does not configure remote machines as root master servers.

If the local machine is the one that you want to convert to an NIS+ root master server, no other action is needed. The nisserver -rscript will ignore the host name you typed.
If you actually want to convert the remote host (instead of the local machine) to an NIS+ root master server, exit the script. Rerun the nisserver -rscript on the remote host.

**WARNING: hostname is already a server for this domain. If you choose to continue with the script, it will try to replicate the groups_dir and org_dir directories for this domain.

This is a message warning you that hostname is already a replica server for the domain that you are trying to replicate.

If you are running the script to fix an earlier nisserver problem, continue running the script.
If hostname was mistakenly entered, rerun the script with the correct host name.

**WARNING: alias-hostname is an alias name for host canonical_hostname. You cannot create credential for host alias.

This message indicates that you have typed a host alias in the name list for nisclient -c. The script asks you if you want to create the credential for the canonical host name, since you should not create credentials for host alias names.

**WARNING: file directory-path/tablename does not exist! tablename table will not be loaded.

The script was unable to find the input file for tablename.

If directory-path/tablename is spelled incorrectly, rerun the script with the correct table name.
If the directory-path/tablename file does not exist, create and update this file with the proper data. Then rerun the script to populate this table.

**WARNING: NIS auto.master map conversion failed. auto.master table will not be loaded.

The auto.master map conversion failed while trying to convert all the dots to underscores in the auto_master table. Rerun the script with a different NIS server.

**WARNING: NIS netgroup map conversion failed. netgroup table will not be loaded.

The netgroup map conversion failed while trying to convert the NIS domain name to the NIS+ domain name in the netgroup map. Rerun the script with a different NIS server.

**WARNING: nisupdkeys failed on directory domainname. This script will not be able to continue. Please remove the domainname directory using `nisrmdir'.

The NIS+ command nisupdkeys failed to update the keys in the listed directory object. If rpc.nisd is not running on the new master server that is supposed to serve this new domain, restart rpc.nisd. Then use nisrmdir to remove the domainname directory. Finally, rerun nisserver.

WARNING: nisupdkeys failed on directory directory-name You will need to run nisupdkeys manually: 1. /usr/lib/nis/nisupdkeys directory-name

The NIS+ command nisupdkeys failed to update the keys in the listed directory object. Manually update the keys in the directory object by typing:

# /usr/lib/nis/nisupdkeys directory-name

**WARNING: once this script is executed, you will not be able to restore the existing NIS+ server environment. However, you can restore your NIS+ client environment using “nisclient -r” with the proper domainname and server information. Use “nisclient -r” to restore your NIS+ client environment.

These messages appear if you have already run the script at least once before to set up an NIS+ server and indicate that NIS+-related files will be removed and recreated as needed if you decide to continue running this script.

If it is all right for these NIS+ files to be removed, continue running the script.
If you want to save these NIS+ files, exit the script by typing “n” at the Do you want to continue? prompt. Then save the NIS+ files in a different directory and rerun the script.

**WARNING: this script removes directories and files related to NIS+ under /var/nis directory with the exception of the NIS_COLD_START and NIS_SHARED_DIRCACHE files which will be renamed to <file>.no_nisplus. If you want to save these files, you should abort from this script now to save these files first.

See “WARNING: once this script is executed,...” above.

**WARNING: you must specify the NIS domainname.

This message indicates that you did not type the NIS domain name at the prompt. Type the NIS server domain name at the prompt.

**WARNING: you must specify the NIS server hostname. Please try again.

This message indicates that you did not type the NIS server host name at the prompt. Type the NIS server host name at the prompt.

Window verifier mismatch

This is a debugging message generated by the _svcauth_des code. A verifier could be invalid because a key was flushed out of the cache. When this occurs, _svcauth_des returns the AUTH_BADCRED status.

You (string) do not have Secure RPC credentials in NIS+ domain 'string'

This message could be caused by trying to run nispasswd on a server that does not have the credentials required by the command. (Keep in mind that servers running at security level 0 do not create or maintain credentials.)

See “NIS Troubleshooting” in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP)for additional information on credential, ownership, and permission problems.

You may not change this password

This message indicates that your administrator has forbidden you to change your password.

You may not use nisplus repository

You used -r nisplus in the command line of your command, but the appropriate entry in the NIS+ passwd table was not found. Check the passwd table in question to make sure it has the entry you want. Try adding nisplus to the nsswitch.conf file.

Your password has been expired for too long Your password is expired

These messages refer to password aging and indicate that your password has been in use too long and needs to be changed now. See The will expire Messagefor further information.

Your password will expire in nn days Your password will expire within 24 hours

These messages refer to password aging and indicate that your password is about to become invalid and should be changed now. See The will expire Message for further information.

Your specified repository is not defined in the nsswitch file!

This warning indicates that you have specified a password information repository with the -r option, but that password repository is not included in the passwd entry of the nsswitch.conf file. The command you have just used will perform its job and make whatever change you intend to the password information repository you specified with the -r flag. However, the change will be made to information that the nsswitch.conf file does not point to, so no one will ever gain the benefit of it until the switch file is altered to point to that repository.

For example, suppose the passwd entry of the switch file reads: files nis, and you used

passwd -r nisplus

to establish a password age limit. That limit would be ignored, as the switch file remains set to files nis.

verify_table_exists: cannot create table for string nis_perror message.

To perform an operation on a table, NIS+ first verifies that the table exists. If the table does not exist, NIS+ attempts to create it. If it cannot create the table, it returns this error message. The string portion of the message identifies the table that could not be located or created; the nis_perror message portion provides information as to the cause of the problem (you can look up that portion of the message as if it were an independent message in this appendix). Possible causes for this type of problem:

The server was just added as a replica of the directory and it might not have the directory object. Run nisping -C to checkpoint.
You are out of disk space. See “NIS Troubleshooting” in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP).
Database corruption.
Some other type of software error. Contact the Sun Solutions Center.

ypcat: can't bind to NIS server for domain domainname. Reason: can't communicate with ypbind.

See “NIS Troubleshooting” in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP)

yppoll: can't get any map parameter.

See “NIS Troubleshooting” in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP)