Mac Authentication

Keith Patton kpatton at dallas.photronics.com
Tue Sep 9 13:13:01 UTC 2003 

Brian,
This looks good...

However, I have a few questions..

1.  Where are the failover attributes now,   in ldap or still /etc/dhcp.conf ?

2.  For our  large deployment,  I foresee  requiring  2  maybe 3 ldap trees.   A
server specific one,  a department one and a shared one.
     Server = local parameters, interface, peering information

     department = ( assuming multiple servers on same net )  Shared values,  dns,
wins, mask

     Shared = hwaddresses

    ---- > OR < ------

   use both, /etc/dhcp.conf and ldap where ldap contains shared information were the
conf file takes precedence..


thoughts?

-Keith



Brian Masney wrote:

> On Mon, Sep 08, 2003 at 06:57:13PM +0200, Markus Schabel wrote:
> > Brian Masney wrote:
> > > On Mon, Sep 08, 2003 at 05:50:30PM +0200, Markus Schabel wrote:
> > >
> > >>Keith Patton wrote:
> > >>
> > >>><snip/>
> > >>>I was thinking about having dhcp query our corp wide ldap database for
> > >>>valid mac addresses. The ldap would contain a branch that would be
> > >>>equivalent to the host statement in the dhcp.conf file.
> > >>
> > >>That seems like a good solution. Take a look at the dhcp-ldap-patch:
> > >>http://home.ntelos.net/~masneyb/ - it is documented that it queries the
> > >>directory for each DHCP request, but here it doesn't seem to do this,
> > >>instead it is reading LDAP at startup and that was it. (You can
> > >>configure this, maybe I've just done wrong..) - Works fine (but the
> > >>patched dhcp version here is a few months old, so I'm not sure if it
> > >>applies on the actual release candidate)
> > >
> > >
> > > The patch on my website is against 3.0.11rc11. I hope to have a patch out for
> > > rc12 in a day or two. (it's fairly trivial to do, I just need to find the
> > > time to do it.)
> >
> > I've changed the schema to work with OpenLDAP 2.1.x - not sure if you
> > have already done this, if you want you can have a look at my modified
> > version...
>
> I just uploaded a new LDAP patch against 3.0.11rc12 to my website. Newer
> versions of my patch include a dhcp.schema file that works properly against
> OpenLDAP 2.1.
>
> > (and the debian-style of the patch is a bit strange - shouldn't it be
> > called dhcp3-server-ldap or something similar? so that when you do a
> > dpkg-buildpackage you have all common dhcp3-* packages and additionally
> > the -ldap package?)
>
> I'll be more than glad to accept patches for this. The Debian packages are setup
> for my local environment here at work. If this patch gets merged into the
> main ISC tree, I don't think the debian/ files should go into there.
>
> The only thing I'd like to do with the patch is improve the
> dhcpd-conf-to-ldap.pl script. It needs tested some more and it will choke on
> some valid configuration files.
>
> Brian


-- Binary/unsupported file stripped by Ecartis --
-- Type: text/x-vcard
-- File: kpatton.vcf
-- Desc: Card for Keith Patton

More information about the dhcp-hackers mailing list