Environment
Novell Open Enterprise Server 11 (OES 11) Linux Support Pack
2
Situation
Start DHCP with:
rcnovell-dhcpd start
The DHCP service fails to load and the messages file shows errors like to these:
May 19 09:45:36 fs1 dhcpd: LDAP line 733: unknown key my-tsig-key
May 19 09:45:36 fs1 dhcpd: key my-tsig-key;
May 19 09:45:36 fs1 dhcpd: ^
May 19 09:45:36 fs1 dhcpd: LDAP line 737: unknown key my-tsig-key
May 19 09:45:36 fs1 dhcpd: key my-tsig-key;
May 19 09:45:36 fs1 dhcpd: ^
May 19 09:45:36 fs1 dhcpd: LDAP: cannot parse dhcpService entry 'cn=service1_fs1,ou=DHCP,o=MYTREE'
May 19 09:45:36 fs1 dhcpd: Configuration file errors encountered -- exiting
rcnovell-dhcpd start
The DHCP service fails to load and the messages file shows errors like to these:
May 19 09:45:36 fs1 dhcpd: LDAP line 733: unknown key my-tsig-key
May 19 09:45:36 fs1 dhcpd: key my-tsig-key;
May 19 09:45:36 fs1 dhcpd: ^
May 19 09:45:36 fs1 dhcpd: LDAP line 737: unknown key my-tsig-key
May 19 09:45:36 fs1 dhcpd: key my-tsig-key;
May 19 09:45:36 fs1 dhcpd: ^
May 19 09:45:36 fs1 dhcpd: LDAP: cannot parse dhcpService entry 'cn=service1_fs1,ou=DHCP,o=MYTREE'
May 19 09:45:36 fs1 dhcpd: Configuration file errors encountered -- exiting
Resolution
TSIG keys can only be defined at the dhcpService level.
If a single DHCP server services multiple dhcpServices
- And you define the exact same TSIG key name and key secret in each dhcpService
- And you assign one of those identical TSIG keys to the DHCP server in it's omapi-key setting
You can see these errors and the DHCP service will fail to load.
The recommended configuration, and the solution to this issue at this point in time, is to have each dhcpService declare a unique TSIG key.
Any one of the unique TSIG keys can be used by the DHCP server OR you can create an additional TSIG key for the DHCP server in one of the dhcpServices serviced by the DHCP server.
Example
Our Network
|
-- Service1
|
TSIGKEY1 (Used inside this service only)
DHCPSERVTSIG (Use by the DHCP server only)
|
-- Service2
|
TSIGKEY2 (Used inside this service only)
|
-- Service3
|
TSIGKEY3 (Used inside this service only)
In the management console after selecting the DHCP server, select the Settings tab.
This is where you can add or modify the omapi-key setting for the DHCP server and choose a TSIG key for it to use.
In this example I have created a DHCPSERVTSIG key for the server to use.
However, it could use any one of the other unique TSIG keys and have no TSIG key declared for the DHCP server itself.
What you cannot have is an identical TSIG key same and secret in each service, and then assign one of those identical keys to the DHCP server's omapi-key setting.
If a single DHCP server services multiple dhcpServices
- And you define the exact same TSIG key name and key secret in each dhcpService
- And you assign one of those identical TSIG keys to the DHCP server in it's omapi-key setting
You can see these errors and the DHCP service will fail to load.
The recommended configuration, and the solution to this issue at this point in time, is to have each dhcpService declare a unique TSIG key.
Any one of the unique TSIG keys can be used by the DHCP server OR you can create an additional TSIG key for the DHCP server in one of the dhcpServices serviced by the DHCP server.
Example
Our Network
|
-- Service1
|
TSIGKEY1 (Used inside this service only)
DHCPSERVTSIG (Use by the DHCP server only)
|
-- Service2
|
TSIGKEY2 (Used inside this service only)
|
-- Service3
|
TSIGKEY3 (Used inside this service only)
In the management console after selecting the DHCP server, select the Settings tab.
This is where you can add or modify the omapi-key setting for the DHCP server and choose a TSIG key for it to use.
In this example I have created a DHCPSERVTSIG key for the server to use.
However, it could use any one of the other unique TSIG keys and have no TSIG key declared for the DHCP server itself.
What you cannot have is an identical TSIG key same and secret in each service, and then assign one of those identical keys to the DHCP server's omapi-key setting.