Sun Microsystems, Inc.
spacerspacer
spacer www.sun.com docs.sun.com |
spacer
black dot
 
 
A.  Error Messages Common Namespace Error Messages  Previous   Contents   Next 
   
 

The severity of this message depends on what level of security you are running. At a low security level, this message is primarily for your information; at a higher level, you might have to call the Sun Solutions Center for assistance. If the problem appears to be related to a DES encryption chip, call the Sun Solutions Center.

 

_svcauth_des: corrupted window from principalname

The window that was sent does not match the one sent in the verifier.

The severity of this message depends on what level of security you are running. At a low security level, this message is primarily for your information; at a higher level you might have to try the command again at some later time or take corrective action as described below.

Possible causes:

  • The server's key pair has been changed. The client used the server's old public key while the server has a new secret key cached with keyserv. Run keylogin on both client and server.

  • The client's key pair has been changed and the client has not run keylogin on the client system, so system is still sending the client's old secret key to the server, which is now using the client's new public key. Naturally, the two do not match. Run keylogin again on both client and server.

  • Network corruption of data. Try the command again. If that does not work, use the snoop command to investigate and correct any network problems. Then run keylogin again on both server and client.

 

_svcauth_des: decryption failure for principalname

DES decryption for some authentication data failed. Possible causes:

  • Corruption to a library function or argument.

  • A problem with a DES encryption chip, if you are using one.

The severity of this message depends on what level of security you are running. At a low security level, this message is primarily for your information; at a higher level, you might have to call the Sun Solutions Center for assistance. If the problem appears to be related to a DES encryption chip, call the Sun Solutions Center.

 

_svcauth_des: invalid timestamp received from principalname

The time stamp received from the client is corrupted, or the server is trying to decrypt it using the wrong key. Possible causes:

  • Congested network. Retry the command.

  • Server cached out the entry for this client. Check the network load.

 

_svcauth_des: key_decryptsessionkey failed for principalname

The keyserv process failed to decrypt the session key with the given public key. Possible causes are:

  • The keyserv process is dead or not responding. Use ps -ef to check if the keyserv process is running on the keyserv host. If it is not, then restart it and run keylogin.

  • The server principal has not keylogged in. Run keylogin for the server principal.

  • The server principal (host) does not have credentials. Run nismatch hostname.domainname. cred.org_dir on the client's home domain cred table. Create new credentials if necessary.

  • keyserv might have been restarted, in which case certain long-running applications, such as rpc.nisd, sendmail, and automountd, also need to be restarted.

  • DES encryption failure. Call the Sun Solutions Center.

 

_svcauth_des: no public key for principalname

The server cannot get the client's public key. Possible causes are:

  • The principal has no public key. Run nismatch on the cred table of the principal's home domain. If there is no DES credential in that table for the principal, use nisaddcred to create one, and then run keylogin for that principal.

  • The naming service specified by a nsswitch.conf file is not responding.

 

_svcauth_des: replayed credential from principalname

The server has received a request and finds an entry in its cache for the same client name and conversation key with the time stamp of the incoming request before that of the one currently stored in the cache.

The severity of this message depends on what level of security you are running. At a low security level, this message is primarily for your information. At a higher level, you might have to take corrective action as described below.

Possible causes are:

  • The client and server clocks are out of sync. Use rdate to resync the client clock to the server clock.

  • The server is receiving requests in random order. This could occur if you are using multithreading applications. If your applications support TCP, then set /etc/netconfig (or your NETPATH environment variable) to tcp.

 

_svcauth_des: timestamp is earlier than the one previously seen from principalname

The time stamp received from the client on a subsequent call is earlier than one seen previously from that client. The severity of this message depends on what level of security you are running. At a low security level, this message is primarily for your information; at a higher level, you might have some corrective action as described below.

Possible causes are:

  • The client and server clocks are out of sync. Use rdate to resynch the client clock to the server clock.

  • The server cached out the entry for this client. The server maintains a cache of information regarding the current clients. This cache size equals 64 client handles.

 

_svcauth_des: timestamp expired for principalname

The time stamp received from the client is not within the default 35-second window in which it must be received. The severity of this message depends on what level of security you are running. At a low security level, this message is primarily for your information; at a higher level, you might have to take corrective action as described below.

Possible causes are:

  • The 35-second window is too small to account for slow servers or a slow network.

  • The client and server clocks are so far out of sync that the window cannot allow for the difference. Use rdate to resynchronize the client clock to the server clock.

  • The server has cached out the client entry. Retry the operation.

 

Too Many Attributes

The search criteria passed to the server had more attributes than the table had searchable columns.

This message is generated by the NIS+ error code constant: NIS_TOOMANYATTRS. See the nis_tables man page for additional information.

 

Too many failures - try later

 

Too many tries; try again later

These messages indicate that you have had too many failed attempts (or taken too long) to either log in or change your password. See "The Login incorrect Message" or "Password Change Failures" for further information.

 

Unable to authenticate NIS+ client

This message is generated when a server attempts to execute the callback procedure of a client and gets a status of RPC_AUTHERR from the RPC clnt_call(). This is usually caused by out-of-date authentication information. Out-of-date authentication information can occur when the system is using data from a cache that has not been updated, or when there has been a recent change in the authentication information that has not yet been propagated to this server. In most cases, this problem should correct itself in a short period of time.

If this problem does not self-correct, it might indicate one of the following problems:

  • Corrupted /var/nis/NIS_SHARED_DIRCACHE file. Kill the cache manager, remove this file, and restart the cache manager.

  • Corrupted /var/nis/NIS_COLD_START file. Remove the file and then run nisinit to recreate it.

  • Corrupted /etc/.rootkey file. Run keylogin -r.

This message is generated by the NIS+ error code constant: NIS_CLNTAUTH.

 

Unable to authenticate NIS+ server

In most cases, this is a minor software error from which your system should quickly recover without difficulty. It is generated when the server gets a status of RPC_AUTHERR from the RPC clnt_call.

If this problem does not quickly clear itself, it might indicate a corrupted /var/nis/NIS_COLD_START, /var/nis/NIS_SHARED_DIRCACHE, or /etc/.rootkey file.

This message is generated by the NIS+ error code constant: NIS_SRVAUTH.

 

Unable to bind to master server for name 'string'

See "NIS Troubleshooting" in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP)for information on this type of problem. This particular message might be caused by adding a trailing dot to the server's domain name in the /etc/defaultdomain file.

 

Unable to create callback.

The server was unable to contact the callback service on your machine. This results in no data being returned.

See the nis_tables man page for additional information.

 

Unable to create process on server

This error is generated if the NIS+ service routine receives a request for a procedure number which it does not support.

This message is generated by the NIS+ error code constant: NIS_NOPROC.

 

string: Unable to decrypt secret key for string.

Possible causes:

  • You might have incorrectly typed the password.

  • There might not be an entry for name in the cred table.

  • NIS+ could not decrypt the key because the entry might be corrupt.

  • The nsswitch.conf file might be directing the query to a local password in an /etc/passwd file that is different than the NIS+ password recorded in the cred table.

 		 
 
  Previous   Contents   Next