Mac Authentication

Keith Patton kpatton at dallas.photronics.com
Wed Sep 10 18:18:34 UTC 2003 

Thanks,
 In my situation...

I have sys admins throughout that configure dhcp with no clue how to update ldap.  From
this,
I can let them modify the local /etc/dhcp.conf file and get the global stuff from ldap?

Then, I would like to use the local file first then ldap,  so I am making the assumption
that I need to switch the order of with the dynamic checking works ( internal tree, then
ldap ) instead of ldap then internal tree?

Otherwise, this should fit our needs,
thanks again,

-Keith

Brian Masney wrote:

> On Tue, Sep 09, 2003 at 08:13:01AM -0500, Keith Patton wrote:
> > Brian,
> > This looks good...
> >
> > However, I have a few questions..
> >
> > 1.  Where are the failover attributes now,   in ldap or still /etc/dhcp.conf ?
>
> You could put them into a dhcpStatement attribute or in your dhcp.conf file.
>
> > 2.  For our  large deployment,  I foresee  requiring  2  maybe 3 ldap trees.   A
> > server specific one,  a department one and a shared one.
> >      Server = local parameters, interface, peering information
> >
> >      department = ( assuming multiple servers on same net )  Shared values,  dns,
> > wins, mask
> >
> >      Shared = hwaddresses
> >
> >     ---- > OR < ------
> >
> >    use both, /etc/dhcp.conf and ldap where ldap contains shared information were the
> > conf file takes precedence..
>
> The stuff that goes into the conf file supplements what is already in LDAP.
> If you are running multiple DHCP servers you can have a shared LDAP tree for
> your configuration and then a server specific section. For example, to setup
> your DHCP server you first need to create an LDAP entry for your DHCP server:
>
> dn: cn=brian.ntelos.net, dc=ntelos, dc=net
> objectClass: top
> objectClass: dhcpServer
> cn: brian.ntelos.net
> dhcpServiceDN: cn=DHCP Service Config, dc=ntelos, dc=net
>
> Then, dhcpServiceDN points to the following LDAP entry:
>
> dn: cn=DHCP Service Config, dc=ntelos, dc=net
> cn: DHCP Service Config
> objectClass: top
> objectClass: dhcpService
> dhcpPrimaryDN: dc=ntelos, dc=net
> dhcpStatements: ddns-update-style none
> dhcpStatements: default-lease-time 600
> dhcpStatements: max-lease-time 7200
>
> You could make the first DHCP server point to this dhcpService entry, and
> then you can have other DHCP servers point to different dhcpService entries.
> In your dhcpService entry you can specify a dhcpGroupDN (or one of it's
> friends) to have it pull in a different LDAP tree for common configuration.
>
> Hope this is clear...
>
> Brian


-- Binary/unsupported file stripped by Ecartis --
-- Type: text/x-vcard
-- File: kpatton.vcf
-- Desc: Card for Keith Patton

More information about the dhcp-hackers mailing list