host-identifier with IPv6

Frank Sweetser fs at WPI.EDU
Wed Mar 4 22:41:13 UTC 2009


Ted Lemon wrote:
> On Mar 4, 2009, at 3:23 PM, Simon Hobson wrote:
>> And please explain WHAT the registrar is going to enter in his  
>> database ?
> 
> First, remember the context - we're talking about registering a  
> student's machine.   The way I would implement this would be to have  
> the student turn on their machine and bring up a browser, which would  
> bring them to the captive network registration page.   They'd type in  
> their name, and indicate whether the machine was new, or just  
> reinstalled.   The database would record this information.   The  
> student would then go down to the registrar's office and present ID.    
> The registrar would check the ID, key in the student's name, and  
> verify that the student was registering the particular machine that  
> came up on screen.   Upon verification, the machine's DUID would wind  
> up in your database.

We actually use a variant on this process here for v4 here.  The registrar
sends them a PIN upon acceptance.  Once they plug in and fire up the web
browser, the captive portal ACL pages allow them to use the PIN to create
their general purpose accounts, which they then in turn use to authenticate to
the machine registration system, which uses its local ARP tables (the system
happens to also be the router for the relevant subnets, but it could also
query the DHCP server lease database via OMAPI) to pre-fill the MAC address.

Quick, reliable, and requires zero administrator intervention.

-- 
Frank Sweetser fs at wpi.edu  |  For every problem, there is a solution that
WPI Senior Network Engineer   |  is simple, elegant, and wrong. - HL Mencken
    GPG fingerprint = 6174 1257 129E 0D21 D8D4  E8A3 8E39 29E3 E2E8 8CEC



More information about the dhcp-users mailing list