Mac Authentication
Brian Masney
masneyb at ntelos.net
Mon Sep 8 16:50:06 UTC 2003
On Mon, Sep 08, 2003 at 05:50:30PM +0200, Markus Schabel wrote:
> Keith Patton wrote:
> > All,
> > I have a need to have a distributed database for dhcp mac addresses..
> > The dhcp.conf file will have
> > logistic problems keeping it in sync with 40+ servers with 20+ different
> > people managing from all parts of the world and languages.. The reason
> > for the sync is that many people travel between sites, and we have
> > numerous visitors. This would permit dhcp to give out addresses to our
> > employees since the mac would be registered, yet deny visitors whom have
> > been know to possess viri and that freely distribute them to us by
> > plugging in.
> >
> >
> > I was thinking about having dhcp query our corp wide ldap database for
> > valid mac addresses. The ldap would contain a branch that would be
> > equivalent to the host statement in the dhcp.conf file.
>
> That seems like a good solution. Take a look at the dhcp-ldap-patch:
> http://home.ntelos.net/~masneyb/ - it is documented that it queries the
> directory for each DHCP request, but here it doesn't seem to do this,
> instead it is reading LDAP at startup and that was it. (You can
> configure this, maybe I've just done wrong..) - Works fine (but the
> patched dhcp version here is a few months old, so I'm not sure if it
> applies on the actual release candidate)
The patch on my website is against 3.0.11rc11. I hope to have a patch out for
rc12 in a day or two. (it's fairly trivial to do, I just need to find the
time to do it.)
I have received a lot of positive feedback about this patch. I would eventually
like to see it get merged into the main DHCP distribution. (hint hint ;)
Brian
More information about the dhcp-hackers
mailing list