Mac Authentication

Brian Masney masneyb at ntelos.net
Mon Sep 8 20:42:41 UTC 2003 

On Mon, Sep 08, 2003 at 06:57:13PM +0200, Markus Schabel wrote:
> Brian Masney wrote:
> > On Mon, Sep 08, 2003 at 05:50:30PM +0200, Markus Schabel wrote:
> > 
> >>Keith Patton wrote:
> >>
> >>><snip/>
> >>>I was thinking about having dhcp query our corp wide ldap database for
> >>>valid mac addresses. The ldap would contain a branch that would be
> >>>equivalent to the host statement in the dhcp.conf file.
> >>
> >>That seems like a good solution. Take a look at the dhcp-ldap-patch:
> >>http://home.ntelos.net/~masneyb/ - it is documented that it queries the
> >>directory for each DHCP request, but here it doesn't seem to do this,
> >>instead it is reading LDAP at startup and that was it. (You can
> >>configure this, maybe I've just done wrong..) - Works fine (but the
> >>patched dhcp version here is a few months old, so I'm not sure if it
> >>applies on the actual release candidate)
> > 
> > 
> > The patch on my website is against 3.0.11rc11. I hope to have a patch out for
> > rc12 in a day or two. (it's fairly trivial to do, I just need to find the
> > time to do it.) 
> 
> I've changed the schema to work with OpenLDAP 2.1.x - not sure if you
> have already done this, if you want you can have a look at my modified
> version...

I just uploaded a new LDAP patch against 3.0.11rc12 to my website. Newer 
versions of my patch include a dhcp.schema file that works properly against
OpenLDAP 2.1.

> (and the debian-style of the patch is a bit strange - shouldn't it be
> called dhcp3-server-ldap or something similar? so that when you do a
> dpkg-buildpackage you have all common dhcp3-* packages and additionally
> the -ldap package?)

I'll be more than glad to accept patches for this. The Debian packages are setup
for my local environment here at work. If this patch gets merged into the
main ISC tree, I don't think the debian/ files should go into there.

The only thing I'd like to do with the patch is improve the 
dhcpd-conf-to-ldap.pl script. It needs tested some more and it will choke on
some valid configuration files.

Brian

More information about the dhcp-hackers mailing list