Aquesta wiki forma part dels materials d'un curs | |
|---|---|
| Curs: | DissenyXarxesLinux, LinuxAdministracioAvancada |
| Fitxers: | ServidorsDHCPiDNS.pdf (ServidorsDHCPiDNS.odp) |
| Repositori SVN: | https://[email protected]/svn/iceupc/LinuxAdministracioAvan%c3%a7ada |
| Usuari: | anonymous |
| Paraula de pas: | sense paraula de pas |
| Autors: | Sergi Tur Badenas |
IMPORTANT: Segurament degut a que el servidor de DHCP del ISC (tot i ser el servidor de DHCP lliure més utilitzat) no és l'únic servidor de DHCP que hi ha, a les últimes versions d'Ubuntu (11.04 en endavant) el paquet ara és diu isc-dhcp-server i no només dhcp-server. Alguns apartats d'aquesta documentació tot i ser encara vàlids poden ser obsolets
Una de les feines més pesades del administrador de xarxes, es haver d'anar a equip a equip per tal de realitzar la configuració IP de les màquines d'una xarxa. Ja sigui per què s'ha d'incorporar un nou equip a la xarxa o per canvi d'estructura de la xarxa, si la xarxa creix es fa més complicat mantenir-la. Es pot posar fi a les molésties que tot això implica, configurant en pocs minuts la xarxa amb DHCP.
El grup de treball de la Internet Engineering Task Force, va decidir resoldre el problema desenvolupant un Protocol per Configuració Dinàmica de Terminals de xarxa anomenat DHCP. Aquest protocol esta basat en un altre d'anterior (BOOTP Boostrap Protocol) però amb unes característiques millors. El protocol està descrit en el RFC 2131.
El servidor DHCP proporciona les dades TCP/IP que ordinadors clients necessiten per connectar-se a la xarxes (adreça IP, màscara de xarxa, gateway, servidors DNS, etc.) facilitant el manteniment del ordinadors clients i si hi hagués algun canvi de configuració no caldria anar a cada equip modificant les dades TCP/IP.
Actualment DHCP és el protocol més utilitzat per configurar nodes de xarxa però històricament s'han utilitzat altres sistemes/protocols com:
Altres protocols relacionats són:
Per a més informació consulteu la secció See Also de l'article sobre DHCP de la wikipedia.
DHCP és un servei que es fa servir per:
DHCP té dos components principals:
Però sobre tot, DHCPP és un model de client-servidor.
Consulteu l'apartat Technical Details de l'article sobre DHCP a la wikipedia.
Utilitzar per clients Windows per obtenir informació sobre paràmetres de xarxa DHCP, tot i no estar configurats per DHCP.
Recursos:
DHCP utilitza el protocol UDP.
El port que utilitza el servidor de DHCP és el 67.
Al fitxer /etc/services el port apareix amb el nom del protocol bootp.
$ cat /etc/services | grep bootp bootps 67/tcp # BOOTP server bootps 67/udp bootpc 68/tcp # BOOTP client bootpc 68/udp
Com podeu veure el client també utilitza un port concret: el port 68.
Per comprovar si un servidor de DHCP funciona podeu utilitzar la comanda NMAP:
$ sudo nmap -sU 192.168.1.1 -p 67 Starting Nmap 4.20 ( http://insecure.org ) at 2008-01-24 12:56 CET Interesting ports on mygateway1.ar7 (192.168.1.1): PORT STATE SERVICE 67/udp open|filtered dhcps MAC Address: 00:15:E9:CA:34:A5 (D-Link) Nmap finished: 1 IP address (1 host up) scanned in 0.650 seconds
authoritative: adjetivo. 1 (de confianza, oficial) autorizado,-a. 2 Pol, etc, autoritario,-a
Un servidor DHCP és autoritari si un client demana una IP desconeguda o incorrecta al servidor per a un determinat segment de xarxa i el servidor envia un DHCPNAK indicant al client que deixi d'utilitzar aquesta IP.
Per tal que el servidor tingui aquest comportament cal utilitzar la directiva:
authoritative;
NOTA: El servidor DHCP d'ISC ens avisa durant la instal·lació que el seu servidor a la versió 3 és per defecte no autoritari.
IMPORTANT: Si no hi han més servidors de DHCP a la xarxa cal posar authoritative en la configuració de DHCP.
Recursos:
Protocol).
d'adreces IP a les màquines d'una xarxa.
Al instal·lar un sistema DHCP en la xarxa, treu treball de configuració per la xarxa, només es configura un servidor per entregar els números IP per els clients de xarxa. Totes les màquines demanen informació de la xarxa i es configuren automàticament, s'entregan tots els paràmetres bàsics de TCP/IP. És vell però molt recomanable per a una administració fàcil.
Al entregar els números IP dins de la xarxa, havent un DNS, no hi ha un pont intermig entre DNS i DHCP directe. Es té que agregar les màquines "a mà" en el DNS.
NOTA: La terminologia exclusions i reservation no s'indica en cap moment al RFC de DHCP. Són termes utilitzats per servidors DHCP privatius com els de Microsoft
Els paquets són:
$ dpkg -l | grep dhcp ii isc-dhcp-client 4.1.1-P1-17ubuntu10 ISC DHCP client ii isc-dhcp-common 4.1.1-P1-17ubuntu10 common files used by all the isc-dhcp* packages ii isc-dhcp-server 4.1.1-P1-17ubuntu10 ISC DHCP server for automatic IP address assignment
IMPORTANT: Abans de la versió 11.04 d'Ubuntu els paquets s'anomenaven dhcp3-server i dhp3-client
Observeu que hi ha un paquet comú que es dependència tant del client com del servidor:
$ dpkg -L isc-dhcp-common /. /usr /usr/share /usr/share/doc /usr/share/doc/isc-dhcp-common /usr/share/doc/isc-dhcp-common/RELNOTES.gz /usr/share/doc/isc-dhcp-common/README.gz /usr/share/doc/isc-dhcp-common/copyright /usr/share/doc/isc-dhcp-common/api+protocol.gz /usr/share/doc/isc-dhcp-common/changelog.Debian.gz /usr/share/doc/isc-dhcp-common/README.Debian /usr/share/lintian /usr/share/lintian/overrides /usr/share/lintian/overrides/isc-dhcp-common /usr/share/man /usr/share/man/ja /usr/share/man/ja/man5 /usr/share/man/ja/man5/dhcp-eval.5.gz /usr/share/man/ja/man5/dhclient.leases.5.gz /usr/share/man/ja/man5/dhcp-options.5.gz /usr/share/man/ja/man5/dhclient.conf.5.gz /usr/share/man/ja/man8 /usr/share/man/ja/man8/dhclient.8.gz /usr/share/man/ja/man8/dhclient-script.8.gz /usr/share/man/man5 /usr/share/man/man5/dhcp-eval.5.gz /usr/share/man/man5/dhcp-options.5.gz /usr/share/man/man1 /usr/share/man/man1/omshell.1.gz /usr/bin /usr/bin/omshell
La majoria de distribucions Linux modernes ja porten instal·lat el client de DHCP. Cal tenir en compte que la majoria de xarxes LAN SoHo (Small Office Home Office) es configuren amb DHCP.
En tot cas el paquet que proporciona el suport client per a DHCP, a sistemes de la família Debian és isc-dhcp-client:
$ sudo apt-get install isc-dhcp-client
IMPORTANT: En versions anteriors a la 11.04 d'Ubuntu el nom del paquet és dhcp3-client. La instal·lació seria:
$ sudo apt-get install dhcp3-client
Els fitxers proporcionats són:
$ dpkg -L isc-dhcp-client /. /etc /etc/network /etc/network/if-pre-up.d /etc/dhcp /etc/dhcp/dhclient-exit-hooks.d /etc/dhcp/dhclient-exit-hooks.d/debug /etc/dhcp/dhclient-exit-hooks.d/rfc3442-classless-routes /etc/dhcp/dhclient-enter-hooks.d /etc/dhcp/dhclient-enter-hooks.d/debug /etc/dhcp/dhclient.conf /etc/apparmor /etc/apparmor/init /etc/apparmor/init/network-interface-security /etc/apparmor.d /etc/apparmor.d/sbin.dhclient /var /var/run /var/lib /var/lib/dhcp /sbin /sbin/dhclient /sbin/dhclient-script /usr /usr/share /usr/share/doc /usr/share/doc/isc-dhcp-client /usr/share/doc/isc-dhcp-client/copyright /usr/share/doc/isc-dhcp-client/NEWS.Debian.gz /usr/share/apport /usr/share/apport/package-hooks /usr/share/apport/package-hooks/isc-dhcp-client.py /usr/share/lintian /usr/share/lintian/overrides /usr/share/lintian/overrides/isc-dhcp-client /usr/share/man /usr/share/man/man5 /usr/share/man/man5/dhclient.leases.5.gz /usr/share/man/man5/dhclient.conf.5.gz /usr/share/man/man8 /usr/share/man/man8/dhclient.8.gz /usr/share/man/man8/dhclient-script.8.gz /etc/apparmor/init/network-interface-security/sbin.dhclient /sbin/dhclient3 /usr/share/doc/isc-dhcp-client/changelog.Debian.gz /usr/share/doc/isc-dhcp-client/README.Debian /usr/share/man/man8/dhclient3.8.gz
A sistemes de la família Debian es pot instal·lar el servidor DHCP del ISC des dels repositoris utilitzant l'ordre apt-get:
$ sudo apt-get install isc-dhcp-server
IMPORTANT: En anteriors versions d'Ubuntu el paquet s'anomenava dhcp3-server
$ sudo apt-get install dhcp3-server
$ dpkg -L isc-dhcp-server /. /etc /etc/dhcp /etc/dhcp/dhcpd.conf /etc/init.d /etc/init.d/isc-dhcp-server /etc/apparmor.d /etc/apparmor.d/usr.sbin.dhcpd /var /var/run /var/lib /var/lib/dhcp /usr /usr/share /usr/share/doc /usr/share/doc/isc-dhcp-server /usr/share/doc/isc-dhcp-server/examples /usr/share/doc/isc-dhcp-server/examples/dhcpd.conf /usr/share/doc/isc-dhcp-server/copyright /usr/share/doc/isc-dhcp-server/NEWS.Debian.gz /usr/share/doc/isc-dhcp-server/changelog.Debian.gz /usr/share/apport /usr/share/apport/package-hooks /usr/share/apport/package-hooks/isc-dhcp-server.py /usr/share/lintian /usr/share/lintian/overrides /usr/share/lintian/overrides/isc-dhcp-server /usr/share/man /usr/share/man/man5 /usr/share/man/man5/dhcpd.conf.5.gz /usr/share/man/man5/dhcpd.leases.5.gz /usr/share/man/man8 /usr/share/man/man8/dhcpd.8.gz /usr/sbin /usr/sbin/dhcpd /usr/share/doc/isc-dhcp-server/README.Debian
La configuració del client és la més fàcil. Per configurar un equip GNU/Linu conectat a un servidor DHCP, només es necessari dir-li a la targeta de xarxa que treballarà amb DHCP.
Consulteu l'article:
Un exemple de com configurar el fitxer interfaces per tal d'utilitzar dhcp:
$ cat /etc/network/interfaces auto lo iface lo inet loopback auto eth0 iface eth0 inet dhcp
El paquet amb el client de dhcp és dhcp3-client. Normalment ja esta instal·lat. Si executem
$ dpkg -L dhcp3-client /. /etc /etc/dhcp3 /etc/dhcp3/dhclient-enter-hooks.d /etc/dhcp3/dhclient-enter-hooks.d/debug /etc/dhcp3/dhclient-exit-hooks.d /etc/dhcp3/dhclient-exit-hooks.d/debug /etc/dhcp3/dhclient.conf /var /var/run /var/lib /var/lib/dhcp3 /usr /usr/share /usr/share/man /usr/share/man/man5 /usr/share/man/man5/dhclient.conf.5.gz /usr/share/man/man5/dhclient.leases.5.gz /usr/share/man/man8 /usr/share/man/man8/dhclient3.8.gz /usr/share/man/man8/dhclient-script.8.gz /usr/share/lintian /usr/share/lintian/overrides /usr/share/lintian/overrides/dhcp3-client /usr/share/doc /usr/share/doc/dhcp3-client /usr/share/doc/dhcp3-client/README.Debian /usr/share/doc/dhcp3-client/copyright /usr/share/doc/dhcp3-client/changelog.Debian.gz /sbin /sbin/dhclient3 /sbin/dhclient-script /lib /lib/dhcp3-client /lib/dhcp3-client/call-dhclient-script /usr/share/man/man8/dhclient.8.gz /sbin/dhclient
Podem veure els fitxers que formen part del paquet.
Fitxers executables:
$ dpkg -L dhcp3-client | grep bin /sbin /sbin/dhclient3 /sbin/dhclient-script /sbin/dhclient
Fitxers de configuració:
$ dpkg -L dhcp3-client | grep etc /etc /etc/dhcp3 /etc/dhcp3/dhclient-enter-hooks.d /etc/dhcp3/dhclient-enter-hooks.d/debug /etc/dhcp3/dhclient-exit-hooks.d /etc/dhcp3/dhclient-exit-hooks.d/debug /etc/dhcp3/dhclient.conf
La comanda dhclient és el client DHCP.
Recursos:
Les comandes dhclient i dhclient3 són equivalents. De fet dhclient és un enllaç simbòlic a dhclient3:
$ ls -la /sbin/dhclient lrwxrwxrwx 1 root root 9 2008-11-18 08:54 /sbin/dhclient -> dhclient3
Per tant, de fet estem utilitzant la versió 3 de la comanda dclient.
Tal i com ens confirma l'ordre file:
$ file /sbin/dhclient3 /sbin/dhclient3: ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.15, stripped
dhclient3 és un executable binari.
El client es configura al fitxer /etc/dhcp3/dhclient.conf.
L'ordre dhclient sense opcions intenta configurar totes les targetes de xarxa que suportin broadcast:
$ sudo dhclient
Podem indicar només una targeta de xarxa amb:
$ sudo dhclient eth0
Un cop s'ha aconsguit una configuració el client de dhcp passa a executar-se a segon terme, sent un domini que s'encarrega de la gestió del client DHCP (per exemple és l'encarregat de renovar el préstec si el temps de préstec caduca). Del manual:
The DHCP client will normally run in the foreground until it has configured an interface, and then will revert to running in the background. To run force dhclient to always run as a foreground process, the -d flag should be specified. This is useful when running the client under a debugger, or when running it out of inittab on System V systems.
Podeu veure el client en execució amb:
$ ps aux | grep dhclient root 13097 0.0 0.0 2144 312 ? Ss 18:25 0:00 dhclient eth0
Si l'heu executat manualment o:
$ ps aux | grep dhclient root 1398 0.0 0.0 2140 944 ? S 11:31 0:00 /sbin/dhclient -d -sf /usr/lib/NetworkManager/nm-dhcp-client.action -pf /var/run /dhclient-eth0.pid -lf /var/lib/dhcp3/dhclient-b7d96c9c-0c95-49fd-9ea5-7f6a6563ed62-eth0.lease -cf /var/run/nm-dhclient-eth0.conf eth0
si ho fa Network Manager o:
$ ps aux | grep dhclient root 13948 0.0 0.0 2144 308 ? Ss 18:44 0:00 dhclient3 -e IF_METRIC=100 -pf /var/run/dhclient.eth0.pid -lf /var/lib/dhcp3/dhclient.eth0.leases eth0
NOTA: Tingueu en compte que podeu perfectament tenir dos clients en execució si combineu comandes amb sistemes com Network-manager o la configuració clàsica de xarxa a Linux. Heu de tenir en compte que això pot provocar que us caduqui un configuració manual per culpa de la configuració del sistema. Podeu matar els clients de sobres amb kill
Els missatges de configuració inicials apareixen per la línia d'ordres però un cop passa a executar-se com dimoni els missatges s'envien a syslog.
El client dhcp utilitza els següents fitxers:
Es poden canviar aquests fitxers per defecte amb els paràmetres -cf, -lf, -pf i -sf.
La configuració de les interfícies de xarxa les fa el fitxer /sbin/dhclient-script. POdeu obtenir més informació sobre el fitxer al manual:
$ man dhclient-script
Aquest fitxer no està pensat per ser modificat. Si cal fer algun canvi s'han de modificar els DHCP Hooks:
Si es vol modificar el comportament de la configuració de xarxa
Segons el manual:
$ man dhclient:
Acacha Wiki If the client is killed by a signal (for example at shutdown or reboot) it won't execute the dhclient-script (8) at exit. However if you shut the client down grace‐
fully with -r or -x it will execute dhclient-script (8) at shutdown with the specific reason for calling the script set.
$ cat /sbin/dhclient-script Contingut de /sbin/dhclient-script
Consulteu DHCP hooks
Instal·lació:
$ sudo apt-get install dhcping
Segons el manual:
$ man dhcping ... dhcping - send a DHCP request to DHCP server to see if it's up and running
És una ordre més un manual:
$ dpkg -L dhcping /. /usr /usr/share /usr/share/doc /usr/share/doc/dhcping /usr/share/doc/dhcping/copyright /usr/share/doc/dhcping/changelog.Debian.gz /usr/share/man /usr/share/man/man8 /usr/share/man/man8/dhcping.8.gz /usr/sbin /usr/sbin/dhcping
Per exemple:
$ dhcping -h 01:02:03:04 -s 192.168.1.30
This program should be installed setuid root or ran by root only. See SECURITY for more information.
On your DHCP server, add these lines to the dhcpd.conf:
host <your monitoring host FQDN> {
hardware ethernet <your monitor host mac address>;
fixed-address <your monitoring host IP address>;
}
Then try it:
$ dhcping -c your monitoring host IP address \
-s your DHCP server IP address \
-h your monitor host mac address
It will either respond with "no answer" or "Got answer from: your DHCP server IP address"
The DHCP server logfile will give:
DHCPREQUEST for 192.168.1.1 from 00:20:18:56:29:8f via ed0
DHCPACK on 192.168.1.1 to 00:20:18:56:29:8f via ed0
DHCPRELEASE of 192.168.1.1 from 00:20:18:56:29:8f via ed0 (found)
Running in DHCPINFORM mode with -i:
If you see "DHCPINFORM from 192.168.1.1 via xl0: not authoritative for subnet 192.168.1.0", you should add the authoritative statement to the subnet, See
dhcpd.conf(5) for details.
When running in very verbose mode, dhcping tries to dump all data of the send and received DHCP packets. It will first dump the packet in hex-format, then decodes
the header and finally the options.
Procés complet. Amb inicialització:
$ sudo dhclient eth0 Internet Systems Consortium DHCP Client V3.0.5 Copyright 2004-2006 Internet Systems Consortium. All rights reserved. For info, please visit http://www.isc.org/sw/dhcp/ Listening on LPF/eth0/00:30:1b:b7:cd:b6 Sending on LPF/eth0/00:30:1b:b7:cd:b6 Sending on Socket/fallback DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 6 DHCPOFFER from 192.168.1.1 DHCPREQUEST on eth0 to 255.255.255.255 port 67 DHCPACK from 192.168.1.1 bound to 192.168.1.4 -- renewal in 1540 seconds.
Procés de rebinding:
$ sudo dhclient eth0 There is already a pid file /var/run/dhclient.pid with pid 22064 killed old client process, removed PID file Internet Systems Consortium DHCP Client V3.0.5 Copyright 2004-2006 Internet Systems Consortium. All rights reserved. For info, please visit http://www.isc.org/sw/dhcp/ Listening on LPF/eth0/00:30:1b:b7:cd:b6 Sending on LPF/eth0/00:30:1b:b7:cd:b6 Sending on Socket/fallback DHCPREQUEST on eth0 to 255.255.255.255 port 67 DHCPACK from 192.168.1.1 bound to 192.168.1.4 -- renewal in 1639 seconds.
El client DHCP és un procés que és manté en execució pendent de controlar el client DHCP (renovar el préstec). Podeu veure el procés executant:
$ ps aux | grep dhcp dhcp 22147 0.0 0.0 2420 556 ? Ss 11:09 0:00 dhclient eth0 sergi 22172 0.0 0.0 2988 764 pts/1 R+ 11:10 0:00 grep dhcp
Si matem el procés:
$ sudo kill 2214
I executem:
$ sudo dhclient eth0 There is already a pid file /var/run/dhclient.pid with pid 22147 removed stale PID file Internet Systems Consortium DHCP Client V3.0.5 Copyright 2004-2006 Internet Systems Consortium. All rights reserved. For info, please visit http://www.isc.org/sw/dhcp/ Listening on LPF/eth0/00:30:1b:b7:cd:b6 Sending on LPF/eth0/00:30:1b:b7:cd:b6 Sending on Socket/fallback DHCPREQUEST on eth0 to 255.255.255.255 port 67 DHCPACK from 192.168.1.1 bound to 192.168.1.4 -- renewal in 1535 seconds.
No és suficient amb matar el procés i esborrar el fitxer PID: /var/run/dhclient.pid. Recordeu que el client guarda els seus préstecs al fitxer:
$ cat /var/lib/dhcp3/dhclient.leases
lease {
interface "eth0";
fixed-address 192.168.1.4;
option subnet-mask 255.255.255.0;
option dhcp-lease-time 3600;
option routers 192.168.1.1;
option dhcp-message-type 5;
option dhcp-server-identifier 192.168.1.1;
option domain-name-servers 192.168.1.3,192.168.1.1;
option host-name "ubuntu-sala";
renew 4 2008/1/24 10:36:39;
rebind 4 2008/1/24 11:03:34;
expire 4 2008/1/24 11:11:04;
}
Podeu forçar tornar a inicialitzar executant:
$ sudo dhclient -r eth0 There is already a pid file /var/run/dhclient.pid with pid 134519120 Internet Systems Consortium DHCP Client V3.0.5 Copyright 2004-2006 Internet Systems Consortium. All rights reserved. For info, please visit http://www.isc.org/sw/dhcp/ Listening on LPF/eth0/00:30:1b:b7:cd:b6 Sending on LPF/eth0/00:30:1b:b7:cd:b6 Sending on Socket/fallback DHCPRELEASE on eth0 to 192.168.1.1 port 67
Aquesta comanda envia un RELEASE al servidor. Ara el client començara des de l'estat d'inicialització:
$ sudo dhclient eth0 There is already a pid file /var/run/dhclient.pid with pid 134519120 Internet Systems Consortium DHCP Client V3.0.5 Copyright 2004-2006 Internet Systems Consortium. All rights reserved. For info, please visit http://www.isc.org/sw/dhcp/ Listening on LPF/eth0/00:30:1b:b7:cd:b6 Sending on LPF/eth0/00:30:1b:b7:cd:b6 Sending on Socket/fallback DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 4 DHCPOFFER from 192.168.1.1 DHCPREQUEST on eth0 to 255.255.255.255 port 67 DHCPACK from 192.168.1.1 bound to 192.168.1.4 -- renewal in 1456 seconds.
Per tal de fer proves pot ser interessant enviar peticions DHCP a màquines concretes en comptes de enviar missatges de difusió. Podem utilitzar el paràmetre -s
NOTA: Habitualment aquesta opció no funciona. Consulteu DHCP#Com_comprovar_un_servidor_DHCP_en_un_entorn_amb_m.C3.BAltiples_servidors
$ sudo dhclient -s 192.168.1.1 eth0 There is already a pid file /var/run/dhclient.pid with pid 134519120 Internet Systems Consortium DHCP Client V3.0.5 Copyright 2004-2006 Internet Systems Consortium. All rights reserved. For info, please visit http://www.isc.org/sw/dhcp/ Listening on LPF/eth0/00:30:1b:b7:cd:b6 Sending on LPF/eth0/00:30:1b:b7:cd:b6 Sending on Socket/fallback DHCPREQUEST on eth0 to 192.168.1.1 port 67 DHCPACK from 192.168.1.1 bound to 192.168.1.4 -- renewal in 1619 seconds.
Si tenim múltiples servidors de DHCP en un mateix segment de xarxa és difícil fer pràctiques ja que a priori no és possible determinar quin serà el servidor que es configurarà primer.
Podem però facilitar la feina configurant el client. Curiosament no existeix (AFAIK) un paràmetre per indicar al client quin servidor de DHCP ha d'utilitzar, però si que podem indicar quins servidors de DHCP NO volem utilitzar. Això es fa amb la directiva reject del fitxer /etc/dhcp3/dhclient.conf:
$ cat /etc/dhcp3/dhclient.conf ..... reject 192.168.1.1;
On 192.168.1.1 és un servidor de DHCP que no volem utilitzar. Vegem un exemple del que succeix amb una configuració com l'anterior:
$ sudo dhclient br0 killed old client process, removed PID file There is already a pid file /var/run/dhclient.pid with pid 13584 ............. DHCPREQUEST on br0 to 255.255.255.255 port 67 DHCPACK from 192.168.1.1 rejected. ... DHCPDISCOVER on br0 to 255.255.255.255 port 67 interval 8 DHCPOFFER from 192.168.1.6 DHCPREQUEST on br0 to 255.255.255.255 port 67 DHCPOFFER from 192.168.1.1 rejected. DHCPACK from 192.168.1.6 bound to 192.168.1.199 -- renewal in 32725 seconds.
Per defecte sembla que el paràmetre host-name és ignorat pels clients DHCP, segons el manual:
$ man dhcp-options ... option host-name string; This option specifies the name of the client. The name may or may not be qualified with the local domain name (it is preferable to use the domain-name option to specify the domain name). See RFC 1035 for character set restrictions. This option is only honored by dhclient-script(8) if the hostname for the client machine is not set.
A:
https://bugs.launchpad.net/ubuntu/+source/dhcp3/+bug/90388
S'explica força bé el problema. Pot semblar que una solució és doncs no posar nom de màquina al client, però es veu que sorgeixen altres problemes
NOTA: Cal tenir en compte que canviar el nom de la màquina té força implicacions (a les X no els agrada gaire que es canvii el nom de màquina). Sovint canviar el nom de màquina implica tenir que tornar a iniciar la màquina
Es proposa el següent DHCP Hook:
$ cat /etc/dhcp3/dhclient-exit-hooks.d/host-name
Amb el següent contingut:
# This script sets the machine hostname to the hostname sent from the DHCP # server. # Beware, if this happens while X is running, there will be problems, so # the script checks # for a running gdm and does not change the hostname if it detects one. # If you want to enable this script, change SETHOSTNAME to "yes" SETHOSTNAME="yes" #DEBUG: #new_host_name=bsfportatil if [ "$SETHOSTNAME" = "yes" ]; then if [[ -n $new_host_name ]]; then echo "$new_host_name" > /etc/hostname fi fi
També recomanen (però no acaba d'anar bé, això de canviar el nom un cop ja hem executat certs serveis):
hostname $new_host_name
Un altre opció que recomanen
=== /etc/dhcp3/dhclient-exit-hooks.d/sethostname ======================
# This script sets the machine hostname to the hostname sent from the DHCP server.
# Beware, if this happens while X is running, there will be problems, so the script checks
# for a running gdm and does not change the hostname if it detects one.
# If you want to enable this script, change SETHOSTNAME to "yes"
SETHOSTNAME="yes"
if [ "$SETHOSTNAME" = "yes" ]; then
if test -r /var/run/gdm.pid && ps -ef | grep $(cat /var/run/gdm.pid) | grep -q /usr/sbin/gdm ; then
echo "$(date): GDM running, not changing host name" >> /tmp/dhcp-sethostname.err ;
else
hostname $new_host_name;
fi
fi
A la carpeta:
/var/lib/dhcp3
Es guarden els préstecs del client.Per exemple, una màquina en un disc dur extraible que es connecta a varies xarxes diferents:
$ cat /var/lib/dhcp3/dhclient.leases
lease {
interface "eth1";
fixed-address 192.168.204.2;
option subnet-mask 255.255.255.0;
option dhcp-lease-time 3600;
option routers 192.168.204.1;
option dhcp-message-type 5;
option dhcp-server-identifier 192.168.204.1;
option domain-name-servers 192.168.204.1,213.4.132.1;
option host-name "profaula4";
option domain-name "aula4.iescopernic.com";
renew 2 2008/1/15 18:01:47;
rebind 2 2008/1/15 18:29:11;
expire 2 2008/1/15 18:36:41;
}
lease {
interface "eth2";
fixed-address 192.168.12.20;
option subnet-mask 255.255.255.0;
option routers 192.168.12.1;
option dhcp-lease-time 86400;
option dhcp-message-type 5;
option domain-name-servers 192.168.0.7,195.235.113.3,195.235.96.90;
option dhcp-server-identifier 192.168.12.1;
option broadcast-address 192.168.12.255;
option domain-name "iescopernic.com";
renew 6 2007/12/15 03:15:18;
rebind 6 2007/12/15 13:48:02;
expire 6 2007/12/15 16:48:02;
}
lease {
interface "eth3";
fixed-address 192.168.201.2;
option subnet-mask 255.255.255.0;
option routers 192.168.201.1;
option dhcp-lease-time 3600;
option dhcp-message-type 5;
option domain-name-servers 192.168.201.1,195.235.113.3;
option dhcp-server-identifier 192.168.201.1;
option host-name "profaula1";
option domain-name "aula1";
renew 1 2007/12/10 21:18:04;
rebind 1 2007/12/10 21:41:33;
expire 1 2007/12/10 21:49:03;
}
lease {
interface "eth6";
fixed-address 192.168.206.2;
option subnet-mask 255.255.255.0;
option dhcp-lease-time 3600;
option routers 192.168.206.1;
option dhcp-message-type 5;
option dhcp-server-identifier 192.168.206.1;
option domain-name-servers 192.168.206.1,195.235.113.3;
option host-name "profaula6";
option domain-name "aula6";
renew 5 2007/11/30 16:52:55;
rebind 5 2007/11/30 17:20:37;
expire 5 2007/11/30 17:28:07;
}
lease {
interface "eth4";
fixed-address 192.168.202.2;
option subnet-mask 255.255.255.0;
option dhcp-lease-time 3600;
option routers 192.168.202.1;
option dhcp-message-type 5;
option dhcp-server-identifier 192.168.202.1;
option domain-name-servers 192.168.202.1,213.4.132.1;
option host-name "profaula2";
option domain-name "aula2.iescopernic.com";
renew 5 2007/11/30 16:07:24;
rebind 5 2007/11/30 16:31:05;
expire 5 2007/11/30 16:38:35;
}
lease {
interface "eth5";
fixed-address 192.168.207.2;
option subnet-mask 255.255.255.0;
option routers 192.168.207.1;
option dhcp-lease-time 3600;
option dhcp-message-type 5;
option domain-name-servers 192.168.207.1,195.235.113.3;
option dhcp-server-identifier 192.168.207.1;
option host-name "profaula";
option domain-name "aula7.iescopernic.com";
renew 5 2007/11/30 16:28:42;
rebind 5 2007/11/30 16:53:49;
expire 5 2007/11/30 17:01:19;
}
lease {
interface "eth0";
fixed-address 192.168.208.2;
option subnet-mask 255.255.255.0;
option routers 192.168.208.1;
option dhcp-lease-time 3600;
option dhcp-message-type 5;
option domain-name-servers 192.168.208.1,213.4.132.1;
option dhcp-server-identifier 192.168.208.1;
option host-name "profaula8";
option domain-name "aula8.iescopernic.com";
renew 5 2007/11/30 17:14:46;
rebind 5 2007/11/30 17:37:43;
expire 5 2007/11/30 17:45:13;
}
lease {
interface "eth1";
fixed-address 192.168.204.2;
option subnet-mask 255.255.255.0;
option routers 192.168.204.1;
option dhcp-lease-time 3600;
option dhcp-message-type 5;
option domain-name-servers 192.168.204.1,213.4.132.1;
option dhcp-server-identifier 192.168.204.1;
option host-name "profaula4";
option domain-name "aula4.iescopernic.com";
renew 2 2008/1/15 18:04:17;
rebind 2 2008/1/15 18:29:24;
expire 2 2008/1/15 18:36:54;
}
Consulteu:
$ man dhclient.leases
Per obtenir més informació
Amb l'ordre ipconfig es pot alliberar i tornar a demanar una connexió. Per alliberar:
> ipconfig /release
Per tornar a demanar configuració IP:
> ipconfig /renew
TODO
Bones jovens, només per curiositat per si vos interesa. Fa dos dies que vaig actualitzar el serivodr de 10.10 a 11.04 i una de les coses que hem van cridar l'atenció és que el servidor de dhcp canvia d'ubicació i de nom d'execució. podem reduïr tot això a que els fitxers i ara estàn en:
/etc/dhcp/dhcpd.conf
i l'ordre és:
/etc/init.d/isc-dhcp-server restart
Per qui utilitze el FOG cal canviar una parell de fitxers de l'instal.lador, ho podreu trobar en:
Descarregar el servidor DHCP de l'ISC:
$ sudo apt-get install dhcpd
Instal·lat el programari del servidor, s'haurà de configurar dos arxius importants:
/etc/dhcpd.conf /var/state/dhcp/dhcp.leases.
El primer serveix per configurar el servidor com es vulgui, mentre que el segon es una base de dades creada per el servidor, amb les assignacions de IP que es van realitzant. Ens permet verificar la activitat del servidor i permet portar la conta de les IPs que va donant als diferents clients, per conservar-les en cas de caiguda.
Verificar que existeix l'archiu /var/lib/dhcp/dhcpd.leases (en versions anteriors de dhcp per RedHat aquest arxiu es tenia que crear-lo a mà. I era una de les raons perquè dhcpd no iniciava).
DHCPD.CONF
#subnet 192.5.5.0 netmask 255.255.255.224 {
# range 192.5.5.26 192.5.5.30;
# option domain-name-servers bb.home.vix.com, gw.home.vix.com;
# option domain-name "vix.com";
# option routers 192.5.5.1;
# option subnet-mask 255.255.255.224;
# option broadcast-address 192.5.5.31;
# default-lease-time 600;
# max-lease-time 7200;
#}
DHCP.LEASES
En sistemes d'inicialització basats en System V, es poden especificar paràmetres extres d'execució del servidor als fitxes de la carpeta /etc/default:
$ cat /etc/default/dhcp3-server # Defaults for dhcp initscript # sourced by /etc/init.d/dhcp # installed at /etc/default/dhcp3-server by the maintainer scripts # # This is a POSIX shell fragment # # On what interfaces should the DHCP server (dhcpd) serve DHCP requests? # Separate multiple interfaces with spaces, e.g. "eth0 eth1". INTERFACES=""
En el nostre cas li estem indicant que escolti peticions provinents de totes les interfícies de xarxa.
Dubte: que passa amb les interfícies virtuals fetes amb IP aliasing, cal posar-les?
$ ps aux | grep dhcpd dhcpd 5869 0.0 0.1 2988 1548 ? Ss Feb05 0:00 /usr/sbin/dhcpd3 -q -pf /var/run/dhcp3-server/dhcpd.pid -cf /etc/dhcp3/dhcpd.conf
Recursos:
Per assignar una IP fixa segons l'adreça MAC (exemple extret del fitxer d'exemple de Debian):
host fantasia {
hardware ethernet 08:00:07:26:c0:a5;
fixed-address 192.168.0.5;
}
Es poden tenir diverses IP, aleshores només s'assignarà la IP del rang que correspon (la petició haurà arribat per una targeta de xarxa que pertany a certa subxarxa). També es pot assignar un nom de màquina DNS que resolgui a una iP concreta.
Consulteu el manual:
$ man dhcpd.conf fixed-address address [, address ... ]; The fixed-address declaration is used to assign one or more fixed IP addresses to a client. It should only appear in a host declaration. If more than one address is supplied, then when the client boots, it will be assigned the address that corresponds to the network on which it is booting. If none of the addresses in the fixed-address statement are valid for the network to which the client is connected, that client will not match the host declaration containing that fixed- address declaration. Each address in the fixed-address declaration should be either an IP address or a domain name that resolves to one or more IP addresses.
TODO:
Nota: cal configurar Ubuntu per tal que envii el nom de màquina al fer la petició de DHCP:
Un departament d'informàtica amb assignació fixa per MAC:
$ sudo cat /etc/dhcp3/dhcpd.conf ddns-update-style none; option domain-name-servers 192.168.0.7, 80.58.61.250, 80.58.61.254; option domain-name "iescopernic.com"; default-lease-time 86400; max-lease-time 604800; authoritative; # ******************* Ordinadors Departament ************** #subnet 192.168.12.0 netmask 255.255.255.0 include "/etc/dhcp3/dhcpd-departament.conf";
El fitxer inclòs:
$ cat /etc/dhcp3/dhcpd-departament.conf
subnet 192.168.12.0 netmask 255.255.255.0 {
range 192.168.12.100 192.168.12.199;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.12.255;
option routers 192.168.12.1;
option domain-name-servers 192.168.0.7, 195.235.113.3, 195.235.96.90;
}
host impresoraLaserjet2420 {
hardware ethernet 00:14:38:D4:55:48;
fixed-address 192.168.12.50;
}
host pc01 {
hardware ethernet 00:30:05:EB:39:9D;
fixed-address 192.168.12.11;
}
host pc02 {
hardware ethernet 00:30:05:EB:A3:98;
fixed-address 192.168.12.12;
}
host pc03 {
hardware ethernet 00:30:05:EB:3A:E7;
fixed-address 192.168.12.13;
}
host pc04 {
hardware ethernet 00:30:05:EB:3A:EA;
fixed-address 192.168.12.14;
}
host pc05 {
hardware ethernet 00:30:05:EB:39:A4;
fixed-address 192.168.12.15;
}
host pc06 {
hardware ethernet 00:30:05:EB:3B:52;
fixed-address 192.168.12.16;
}
host pc07 {
hardware ethernet 00:30:05:EB:3A:CF;
fixed-address 192.168.12.17;
}
host pc08 {
hardware ethernet 00:30:05:EB:A4:12;
fixed-address 192.168.12.18;
}
host pc09 {
hardware ethernet 00:30:05:EB:A3:9B;
fixed-address 192.168.12.19;
}
host pc10 {
hardware ethernet 00:30:05:EB:A3:8D;
fixed-address 192.168.12.20;
}
$ cat /etc/dhcp3/dhcpd.conf
#
# Sample configuration file for ISC dhcpd for Debian
#
# $Id: dhcpd.conf,v 1.1.1.1 2002/05/21 00:07:44 peloy Exp $
#
# The ddns-updates-style parameter controls whether or not the server will
# attempt to do a DNS update when a lease is confirmed. We default to the
# behavior of the version 2 packages ('none', since DHCP v2 didn't
# have support for DDNS.)
ddns-update-style none;
# option definitions common to all supported networks...
option domain-name "example.org";
option domain-name-servers ns1.example.org, ns2.example.org;
default-lease-time 600;
max-lease-time 7200;
# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
#authoritative;
# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;
# No service will be given on this subnet, but declaring it helps the
# DHCP server to understand the network topology.
#subnet 10.152.187.0 netmask 255.255.255.0 {
#}
# This is a very basic subnet declaration.
#subnet 10.254.239.0 netmask 255.255.255.224 {
# range 10.254.239.10 10.254.239.20;
# option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
#}
# This declaration allows BOOTP clients to get dynamic addresses,
# which we don't really recommend.
#subnet 10.254.239.32 netmask 255.255.255.224 {
# range dynamic-bootp 10.254.239.40 10.254.239.60;
# option broadcast-address 10.254.239.31;
# option routers rtr-239-32-1.example.org;
#}
# A slightly different configuration for an internal subnet.
#subnet 10.5.5.0 netmask 255.255.255.224 {
# range 10.5.5.26 10.5.5.30;
# option domain-name-servers ns1.internal.example.org;
# option domain-name "internal.example.org";
# option routers 10.5.5.1;
# option broadcast-address 10.5.5.31;
# default-lease-time 600;
# max-lease-time 7200;
#}
# Hosts which require special configuration options can be listed in
# host statements. If no address is specified, the address will be
# allocated dynamically (if possible), but the host-specific information
# will still come from the host declaration.
#host passacaglia {
# hardware ethernet 0:0:c0:5d:bd:95;
# filename "vmunix.passacaglia";
# server-name "toccata.fugue.com";
#}
# Fixed IP addresses can also be specified for hosts. These addresses
# should not also be listed as being available for dynamic assignment.
# Hosts for which fixed IP addresses have been specified can boot using
# BOOTP or DHCP. Hosts for which no fixed address is specified can only
# be booted with DHCP, unless there is an address range on the subnet
# to which a BOOTP client is connected which has the dynamic-bootp flag
# set.
#host fantasia {
# hardware ethernet 08:00:07:26:c0:a5;
# fixed-address fantasia.fugue.com;
#}
# You can declare a class of clients and then do address allocation
# based on that. The example below shows a case where all clients
# in a certain class get addresses on the 10.17.224/24 subnet, and all
# other clients get addresses on the 10.0.29/24 subnet.
#class "foo" {
# match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
#}
#shared-network 224-29 {
# subnet 10.17.224.0 netmask 255.255.255.0 {
# option routers rtr-224.example.org;
# }
# subnet 10.0.29.0 netmask 255.255.255.0 {
# option routers rtr-29.example.org;
# }
# pool {
# allow members of "foo";
# range 10.17.224.10 10.17.224.250;
# }
# pool {
# deny members of "foo";
# range 10.0.29.10 10.0.29.230;
# }
#}
Es poden configurar els servidors de WINS dels clients amb l'opció:
option netbios-name-servers 192.168.10.66, 192.168.10.97;
També podem modificar el tipus de nodes:
option netbios-node-type 2;
Segons la taula:
Consulteu NetBIOS_Name_Server#Tipus_de_nodes_NetBIOS.
$ tail -n 100 /var/log/syslog | grep dhcpd Sep 19 16:01:26 server1 dhcpd: DHCPDISCOVER from 00:0c:76:8b:c4:16 via eth0 Sep 19 16:01:26 server1 dhcpd: DHCPOFFER on 192.168.0.229 to 00:0c:76:8b:c4:16 (matze) via eth0 Sep 19 16:01:27 server1 dhcpd: DHCPDISCOVER from 00:0c:76:8b:c4:16 (matze) via eth0 Sep 19 16:01:27 server1 dhcpd: DHCPOFFER on 192.168.0.229 to 00:0c:76:8b:c4:16 (matze) via eth0 Sep 19 16:01:31 server1 dhcpd: DHCPDISCOVER from 00:0c:76:8b:c4:16 (matze) via eth0 Sep 19 16:01:31 server1 dhcpd: DHCPOFFER on 192.168.0.229 to 00:0c:76:8b:c4:16 (matze) via eth0 Sep 19 16:01:31 server1 dhcpd: Wrote 1 leases to leases file. Sep 19 16:01:31 server1 dhcpd: DHCPREQUEST for 192.168.0.229 (192.168.0.100) from 00:0c:76:8b:c4:16 (matze) via eth0 Sep 19 16:01:31 server1 dhcpd: DHCPACK on 192.168.0.229 to 00:0c:76:8b:c4:16 (matze) via eth0
$ cat /var/lib/dhcp3/dhcpd.leases
# All times in this file are in UTC (GMT), not your local timezone. This is
# not a bug, so please don't ask about it. There is no portable way to
# store leases in the local timezone, so please don't request this as a
# feature. If this is inconvenient or confusing to you, we sincerely
# apologize. Seriously, though - don't ask.
# The format of this file is documented in the dhcpd.leases(5) manual page.
# This lease file was written by isc-dhcp-V3.0.5
lease 192.168.12.197 {
starts 5 2007/06/22 14:20:56;
ends 6 2007/06/23 14:20:56;
tstp 6 2007/06/23 14:20:56;
binding state free;
hardware ethernet 00:17:a4:42:a8:5c;
}
lease 192.168.12.192 {
starts 4 2007/06/28 15:19:44;
ends 5 2007/06/29 15:19:44;
tstp 5 2007/06/29 15:19:44;
binding state free;
hardware ethernet 00:c0:9f:60:33:51;
}
lease 192.168.12.191 {
starts 4 2007/06/28 16:19:10;
ends 5 2007/06/29 16:19:10;
tstp 5 2007/06/29 16:19:10;
binding state free;
hardware ethernet 00:0e:9b:cd:74:4c;
uid "\001\000\016\233\315tL";
}
lease 192.168.12.193 {
starts 4 2007/06/28 16:35:59;
ends 5 2007/06/29 16:35:59;
tstp 5 2007/06/29 16:35:59;
binding state free;
hardware ethernet 00:c0:9f:60:33:51;
}
..................
Cal utilitzar un BOOTP/DHCP Relay Agent als routers. Paquet dhcp3-relay.
TODO
Obtenir les MAC:
$ sudo nmap 147.83.75.129/25 .....
Consultar les MAC:
$ sudo arp -n Address HWtype HWaddress Flags Mask Iface 147.83.75.143 ether 00:C0:A8:F9:7D:3D C eth1 147.83.75.141 ether 00:C0:A8:F9:86:6C C eth1 147.83.75.129 ether 00:0E:D6:A9:54:00 C eth1 147.83.75.131 ether 00:16:35:3C:3B:D1 C eth1 147.83.75.136 ether 00:C0:A8:FB:5E:A1 C eth1 147.83.75.144 ether 00:C0:A8:F9:8B:43 C eth1 147.83.75.142 ether 00:C0:A8:F9:82:1C C eth1 147.83.75.146 ether 00:C0:A8:F9:7B:87 C eth1 147.83.75.145 ether 00:C0:A8:F9:86:59 C eth1
Instal·lar el servidor de DHCP:
$ sudo apt-get install dhcp3-server S'està llegint la llista de paquets... Fet S'està construint l'arbre de dependències... Fet S'instal·laran els següents paquets NOUS: dhcp3-server 0 actualitzats, 1 nous a instal·lar, 0 a eliminar i 22 no actualitzats. Es necessita obtenir 292kB d'arxius. Després de desempaquetar s'usaran 836kB d'espai en disc addicional. Des:1 http://ftp.rediris.es etch/main dhcp3-server 3.0.4-13 [292kB] 292kB descarregats en 0s (982kB/s) S'estan preconfigurant els paquets... S'està seleccionant el paquet dhcp3-server prèviament no seleccionat. (S'està llegint la base de dades ... hi ha 90512 fitxers i directoris instal·lats actualment.) S'està desempaquetant dhcp3-server (de .../dhcp3-server_3.0.4-13_i386.deb) ... S'està configurant dhcp3-server (3.0.4-13) ... Generating /etc/default/dhcp3-server... Starting DHCP server: dhcpd3 failed to start - check syslog for diagnostics. invoke-rc.d: initscript dhcp3-server, action "start" failed.
L'error és per què cal configurar el servidor.
Fem una copia de seguretat del fitxer per defecte de configuració:
$ sudo mv /etc/dhcp3/dhcpd.conf /etc/dhcp3/dhcpd.conf.old
Editem el fitxer
$ sudo joe /etc/dhcp3/dhcpd.conf
El millor és utilitzar una plantilla per començar:
ddns-update-style none;
option domain-name-servers 80.58.61.250, 80.58.61.254;
#Si tenim un servidor de DNS propi a la xarxa la configuració sería:
#option domain-name-servers ip_servidor_dns 80.58.61.250, 80.58.61.254;
#option domain-name "casa";
default-lease-time 86400;
max-lease-time 604800;
authoritative;
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.100 192.168.1.199;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;
option routers 192.168.1.1;
}
I la modifiquem al nostre gust. Per exemple per l'aula Linux:
ddns-update-style none;
option domain-name-servers 147.83.21.41, 147.83.2.3;
option domain-name "aulalinux";
default-lease-time 86400;
max-lease-time 604800;
authoritative;
subnet 147.83.75.129 netmask 255.255.255.128 {
range 192.168.1.130 192.168.1.150;
option subnet-mask 255.255.255.254;
option broadcast-address 147.83.75.255;
option routers 147.83.75.129;
}
#HOSTS FIXES
host ali01 {
option host-name "ali01.aulalinux";
hardware ethernet 00:16:35:3C:3B:D1;
fixed-address 147.83.75.131;
}
host ali02 {
option host-name "ali02.aulalinux";
hardware ethernet XXXXXX;
fixed-address 147.83.75.132;
}
.........
Després de modificar el fitxer cal tornar a iniciar el servidor:
$ sudo /etc/init.d/dhcp3-server restart
Si voleu utilitzar un servidor DHCP en una targeta de xarxa que té múltiples IP lògiques (IP Aliasing) cal definir una xarxa compartida. Per exemple un targeta de xarxa com la següent:
$ ifconfig | grep -A 1 alumnat
alumnat Link encap:Ethernet HWaddr 00:16:3e:00:02:b1
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
--
alumnat:1 Link encap:Ethernet HWaddr 00:16:3e:00:02:b1
inet addr:192.168.2.1 Bcast:192.168.2.255 Mask:255.255.255.0
--
alumnat:2 Link encap:Ethernet HWaddr 00:16:3e:00:02:b1
inet addr:192.168.3.1 Bcast:192.168.3.255 Mask:255.255.255.0
--
alumnat:3 Link encap:Ethernet HWaddr 00:16:3e:00:02:b1
inet addr:192.168.4.1 Bcast:192.168.4.255 Mask:255.255.255.0
La configuració seria:
shared-network alumnat {
#Alumnat planta baixa
subnet 192.168.1.0 netmask 255.255.255.0 {
option subnet-mask 255.255.255.0;
range dynamic-bootp 192.168.1.200 192.168.1.254;
default-lease-time 21600;
max-lease-time 43200;
option domain-name-servers 192.168.1.1,192.168.0.46;
option domain-name "iesebre.com";
option routers 192.168.1.1;
option netbios-name-servers 192.168.0.8;
filename "pxelinux.0";
}
#Alumnat planta 1
subnet 192.168.2.0 netmask 255.255.255.0 {
option subnet-mask 255.255.255.0;
range dynamic-bootp 192.168.2.200 192.168.2.254;
default-lease-time 21600;
max-lease-time 43200;
option domain-name-servers 192.168.2.1,192.168.0.46;
option domain-name "iesebre.com";
option routers 192.168.2.1;
option netbios-name-servers 192.168.0.8;
filename "pxelinux.0";
}
#Alumnat planta 2
subnet 192.168.3.0 netmask 255.255.255.0 {
option subnet-mask 255.255.255.0;
range dynamic-bootp 192.168.3.200 192.168.3.254;
default-lease-time 21600;
max-lease-time 43200;
option domain-name-servers 192.168.3.1,192.168.0.46;
option domain-name "iesebre.com";
option routers 192.168.3.1;
option netbios-name-servers 192.168.0.8;
filename "pxelinux.0";
}
#Alumnat planta 3
subnet 192.168.4.0 netmask 255.255.255.0 {
option subnet-mask 255.255.255.0;
range dynamic-bootp 192.168.4.200 192.168.4.254;
default-lease-time 21600;
max-lease-time 43200;
option domain-name-servers 192.168.4.1,192.168.0.46;
option domain-name "iesebre.com";
option routers 192.168.4.1;
option netbios-name-servers 192.168.0.8;
filename "pxelinux.0";
}
}
Tingueu en compte que al fitxer /etc/default/dhcp3-server només indiqueu la interfície física.
$ sudo cat /etc/default/dhcp3-server # Defaults for dhcp initscript # sourced by /etc/init.d/dhcp # installed at /etc/default/dhcp3-server by the maintainer scripts # # This is a POSIX shell fragment # # On what interfaces should the DHCP server (dhcpd) serve DHCP requests? # Separate multiple interfaces with spaces, e.g. "eth0 eth1". INTERFACES="intranet alumnat professorat gestio"
Consulteu IP Aliasing.
Si només s'estableix
option domain-name "domini.com"
Aleshores el client tindrà al fitxer /etc/resolv.conf:
$ cat /etc/resolv.conf ... domain domini.com search domini.com
TODO...
subnet 192.168.202.0 netmask 255.255.255.0 {
option subnet-mask 255.255.255.0;
range dynamic-bootp 192.168.202.200 192.168.202.254;
default-lease-time 21600;
max-lease-time 43200;
option domain-name-servers 192.168.202.1,192.168.0.4;
option domain-name "informatica.iesebre.com";
option domain-search "iesebre.com";
option routers 192.168.202.1;
option netbios-name-servers 192.168.202.1;
filename "pxelinux.0";
}
Els clients quedaran quelcom similar a:
$ cat /etc/resolv.conf domain informatica.iesebre.com search informatica.iesebre.com iesebre.com. nameserver 192.168.202.1 nameserver 192.168.0.4
TODO:
The use-host-decl-names statement
use-host-decl-names flag;
If the use-host-decl-names parameter is true in a given scope, then for every host declaration within that scope, the name provided for the host declaration will be supplied to the client as its hostname. So, for example,
group {
use-host-decl-names on;
host joe {
hardware ethernet 08:00:2b:4c:29:32;
fixed-address joe.fugue.com;
}
}
is equivalent to
host joe {
hardware ethernet 08:00:2b:4c:29:32;
fixed-address joe.fugue.com;
option host-name "joe";
}
An option host-name statement within a host declaration will override the use of the name in the host declaration.
It should be noted here that most DHCP clients completely ignore the host-name option sent by the DHCP server, and there is no way to configure them not to do this. So you generally have a choice of either not having any hostname to client IP address mapping that the client will recognize, or doing DNS updates. It is beyond the scope of this document to describe how to make this determination.
Recordeu que el fitxer dhclient-script és invocat pel client de DHCP (dhclient) en el següents moments:
Segons el manual:
$ man dhclient-script ... HOOKS When it starts, the client script first defines a shell function, make_resolv_conf , which is later used to create the /etc/resolv.conf file. To override the default behaviour, redefine this function in the enter hook script. On after defining the make_resolv_conf function, the client script checks for the presence of an executable /etc/dhcp3/dhclient-enter-hooks script, and if present, it invokes the script inline, using the Bourne shell '.' command. The entire environment documented under OPERATION is available to this script, which may modify the environment if needed to change the behaviour of the script. If an error occurs during the execution of the script, it can set the exit_status variable to a nonzero value, and /sbin/dhclient-script will exit with that error code immediately after the client script exits. After all processing has completed, /sbin/dhclient-script checks for the presence of an executable /etc/dhcp3/dhclient-exit-hooks script, which if present is invoked using the '.' command. The exit status of dhclient-script will be passed to dhclient-exit-hooks in the exit_status shell variable, and will always be zero if the script succeeded at the task for which it was invoked. The rest of the environment as described previously for dhclient-enter-hooks is also present. The /etc/dhcp3/dhclient-exit-hooks script can modify the valid of exit_status to change the exit status of dhclient-script.
És a dir l'script no està pensat per ser modificat directament, cal canviar o el fitxer de configuració /etc/dhcp3/dhclient.conf o cal utilitzar HOOKS.
Els hooks s'utilitzen per a:
Es poden passar les següents variables d'entorn:
MEDIUM, PREINIT, BOUND, RENEW, REBIND, REBOOT, EXPIRE, FAIL, STOP, RELEASE, NBI and TIMEOUT.
Per saber quin tipus d'operació cal realitzar. Del manual:
OPERATION
When dhclient needs to invoke the client configuration script, it defines a set of variables in the environment, and then invokes /sbin/dhclient-script. In all
cases, $reason is set to the name of the reason why the script has been invoked. The following reasons are currently defined: MEDIUM, PREINIT, BOUND, RENEW,
REBIND, REBOOT, EXPIRE, FAIL, STOP, RELEASE, NBI and TIMEOUT.
Es controlen amb dos carpetes del client:
$ ls -l /etc/dhcp3/ ... dhclient-enter-hooks.d dhclient-exit-hooks.d
Recursos:
$ cat /etc/dhcp3/dhclient-enter-hooks.d$ cat debug
# $Id: debug-enter,v 1.2 2003/06/18 18:11:21 peloy Exp $
#
# The purpose of this script is just to show the variables that are
# available to all the scripts in this directory. All these scripts
# are called from /etc/dhcp3/dhclient-script, which exports all the
# variables shown before. If you want to debug a problem with your DHCP
# setup you can enable this script and take a look at
# /tmp/dhclient-script.debug.
# To enable this script set the following variable to "yes"
RUN="no"
if [ "$RUN" = "yes" ]; then
echo `date`: entering dhclient-enter-hooks.d, dumping variables. \
>> /tmp/dhclient-script.debug
for i in reason interface medium alias_ip_address new_ip_address \
new_subnet_mask new_domain_name new_domain_search \
new_domain_name_servers \
new_routers new_static_routes old_ip_address old_subnet_mask \
old_domain_name old_domain_search old_domain_name_servers \
old_routers old_static_routes; do
echo $i=\'${!i}\' >> /tmp/dhclient-script.debug
done
echo '--------------------------' >> /tmp/dhclient-script.debug
fi
Al servidor cal especificar l'opció:
option ntp-servers 192.168.1.100;
Consulteu l'article NTP.
Recursos:
El client DHCP del ISC configura el client ntpdate amb el fitxer:
$ cat /etc/dhcp3/dhclient-exit-hooks.d/ntpdate
NTPDATE_CONF=/etc/default/ntpdate
NTPDATE_DHCP_CONF=/etc/default/ntpdate.dhcp
ntp_servers_setup_remove() {
rm -f $NTPDATE_DHCP_CONF
}
ntp_servers_setup_add() {
if [ -e $NTPDATE_DHCP_CONF ] && [ "$new_ntp_servers" = "$old_ntp_servers" ]; then
return
fi
if [ -z "$new_ntp_servers" ]; then
ntp_servers_setup_remove
return
fi
tmp=$(mktemp "$NTPDATE_DHCP_CONF.XXXXXX") || return
chmod --reference=$NTPDATE_CONF $tmp
chown --reference=$NTPDATE_CONF $tmp
(
echo "# NTP server entries received from DHCP server"
echo "NTPSERVERS='$new_ntp_servers'"
) >>$tmp
mv $tmp $NTPDATE_DHCP_CONF
}
ntp_servers_setup() {
case $reason in
BOUND|RENEW|REBIND|REBOOT)
ntp_servers_setup_add
;;
EXPIRE|FAIL|RELEASE|STOP)
ntp_servers_setup_remove
;;
esac
}
ntp_servers_setup
i el servidor NTP gràcies al fitxer:
$ cat /etc/dhcp3/dhclient-enter-hooks.d/ntp
NTP_CONF=/etc/ntp.conf
NTP_DHCP_CONF=/etc/ntp.conf.dhcp
ntp_server_restart() {
invoke-rc.d ntp try-restart
}
ntp_servers_setup_remove() {
if [ ! -e $NTP_DHCP_CONF ]; then
return
fi
rm -f $NTP_DHCP_CONF
ntp_server_restart
}
ntp_servers_setup_add() {
if [ -e $NTP_DHCP_CONF ] && [ "$new_ntp_servers" = "$old_ntp_servers" ]; then
return
fi
if [ -z "$new_ntp_servers" ]; then
ntp_servers_setup_remove
return
fi
tmp=$(mktemp "$NTP_DHCP_CONF.XXXXXX") || return
chmod --reference=$NTP_CONF $tmp
chown --reference=$NTP_CONF $tmp
(
echo "# This file was copied from $NTP_CONF with the server options changed"
echo "# to reflect the information sent by the DHCP server. Any changes made"
echo "# here will be lost at the next DHCP event. Edit $NTP_CONF instead."
echo
echo "# NTP server entries received from DHCP server"
for server in $new_ntp_servers; do
echo "server $server iburst"
done
echo
sed -r -e '/^ *(server|peer).*$/d' $NTP_CONF
) >>$tmp
mv $tmp $NTP_DHCP_CONF
ntp_server_restart
}
ntp_servers_setup() {
case $reason in
BOUND|RENEW|REBIND|REBOOT)
ntp_servers_setup_add
;;
EXPIRE|FAIL|RELEASE|STOP)
ntp_servers_setup_remove
;;
esac
}
ntp_servers_setup
Consulteu Samba (Samba#Configuraci.C3.B3_amb_DHCP) i WINS (WINS#Configurar_el_servidor_Wins_amb_DHCP).
Durant el primer trimestre del 2008-09 i al principi del segon, s'han anat retirant IPCOP i configurant DHCP aula a aula. Actualment hi ha un fitxer de configuració per aula:
El fitxer principal de configuració és /etc/dhcp3/dhcpd.conf:
ddns-update-style none option domain-name-servers 192.168.0.7, 80.58.61.250, 80.58.61.254; option domain-name "iescopernic.com"; default-lease-time 86400; max-lease-time 604800; authoritative; # ******************* Ordinadors Departament ************** #subnet 192.168.12.0 netmask 255.255.255.0 include "/etc/dhcp3/dhcpd-departament.conf"; # ******************* Ordinadors Aula 1 ************** # subnet 192.168.1.0 netmask 255.255.255.0 include "/etc/dhcp3/dhcpd-aula1.conf"; # ******************* Ordinadors Aula 2 ************** # subnet 192.168.2.0 netmask 255.255.255.0 include "/etc/dhcp3/dhcpd-aula2.conf"; # ******************* Ordinadors Aula 3 ************** # subnet 192.168.3.0 netmask 255.255.255.0 include "/etc/dhcp3/dhcpd-aula3.conf"; # ******************* Ordinadors Aula 4 ************** # subnet 192.168.4.0 netmask 255.255.255.0 include "/etc/dhcp3/dhcpd-aula4.conf"; # ******************* Ordinadors Aula 5 ************** # subnet 192.168.5.0 netmask 255.255.255.0 include "/etc/dhcp3/dhcpd-aula5.conf"; # ******************* Ordinadors Aula 6 ************** # subnet 192.168.6.0 netmask 255.255.255.0 include "/etc/dhcp3/dhcpd-aula6.conf"; # ******************* Ordinadors Aula 7 ************** # subnet 192.168.6.0 netmask 255.255.255.0 include "/etc/dhcp3/dhcpd-aula7.conf"; # ******************* Ordinadors Aula 8 ************** # subnet 192.168.8.0 netmask 255.255.255.0 include "/etc/dhcp3/dhcpd-laboratori.conf";
Aquest fitxers s'ha anat obtenint a mà. Un cop estiguin totes les aules, es passarà a la configuració definitiva on tota la configuració del centre està en un únic fitxer que es pot generar amb un script.
Per passar a la configuració definitiva caldrà executar:
$ sudo cp dhcpd.conf.definitiu dhcpd.conf
El servei de DHCP de les aules del departament d'informàtica està centralitzat al router on estan connectades totes les aules. A aquesta màquina l'anomenem:
Router del centre
Els fitxers de configuració es troben a:
/etc/dhcp3
El fitxer principal de configuració és /etc/dhcp3/dhcpd.conf:
# ******************* Totes les aules ************** # subnet 192.168.1.0 netmask 255.255.255.0 include "/etc/dhcp3/dhcpd-AulesInformaticaiescopernic.conf"; # ******************* Ordinadors Departament ************** #subnet 192.168.12.0 netmask 255.255.255.0 include "/etc/dhcp3/dhcpd-departament.conf";
Com podeu veure, hi ha un fitxer específic de configuració per al departament i un altre per a les aules del departament d'informàtica. El fitxer /etc/dhcp3/dhcpd-AulesInformaticaiescopernic.conf es genera amb la comanda:
$/etc/dhcp3/generadorFitxersDHCP/generador.sh > /etc/dhcp3/dhcpd-AulesInformaticaiescopernic.conf
Les adreces IP s'assignen de la següent forma (on x és el número d'aula):
A altres màquines com portàtils, se'ls hi assigna adreces en el rang:
range 192.168.x.25-50;
Les dades generals es troben al principi de l'script generador, definides per variables:
#!/bin/bash PREFIX_FITXER_MACS="macs_aula"; EXTENSIO_FITXER_MACS="txt"; PREFIX_FITXERS_CONF="dhcpd-aula"; SUFIX_FITXERS_CONF=".conf"; #Exemple Fitxer CONF: dhcpd-aula6.conf #Exemple Fitxer MACS: macs_aula MASK="255.255.255.0"; BROADCAST_SUFIX=".255" SUBNET_PREFIX="192.168."; SUBNET_SUFIX=".0"; MIN_IP=".25"; MAX_IP=".50"; ROUTER_IP=".1"; DNS1="192.168.0.7"; DNS2="195.235.113.3"; DNS3="195.235.96.90"; PREFIX_PC="pc"; PREFIX_PROFE="profe"; PREFIX_PUNT_ACCES="pa"; PREFIX_SWITCH_CISCO="cisco"; SUFIX_IP_PROFE=".2"; TERMINACIO_IP_PROFE="2" TERMINACIO_IP_SWITCH_CISCO="20"; TERMINACIO_IP_PUNT_ACCES="21";
NOTA: Es podria assignar uns temps de prèstecs més grans a les màquines fixes i uns de més petits als portàtils i altres màquines?
Aquest fitxers es poden generar automàticament amb un script que trobareu a la carpeta:
/etc/dhcp3/generadorFitxersDHCP
i que s'anomena:
generador.sh
Per executar-lo:
$/etc/dhcp3/generadorFitxersDHCP/generador.sh > /etc/dhcp3/dhcpd-AulesInformaticaiescopernic.conf
Aquest generador "s'alimenta" de les dades dels fitxers:
/etc/dhcp3/generadorFitxersDHCP/macs_aula1.txt /etc/dhcp3/generadorFitxersDHCP/macs_aula2.txt /etc/dhcp3/generadorFitxersDHCP/macs_aula3.txt /etc/dhcp3/generadorFitxersDHCP/macs_aula4.txt /etc/dhcp3/generadorFitxersDHCP/macs_aula5.txt /etc/dhcp3/generadorFitxersDHCP/macs_aula6.txt /etc/dhcp3/generadorFitxersDHCP/macs_aula7.txt /etc/dhcp3/generadorFitxersDHCP/macs_aula8.txt
Que contenen les MACs de les màquines del centre, incloent la IP de profe, del punt d'accés (si hi ha, s'esta pensat en treure'ls? - --Sergi 19:58, 21 gen 2009 (CET) -) i del switch Cisco.
A mode d'exemple el contingut del fitxer de l'aula1:
# **** Macs de l'Aula 1 **** # No toqueu els comentaris d'aquest fitxer. Només modifiqueu el valors de # les MAC allà on correspongui. # Primer va la MAC del professor. Després del punt d'accés i el commutador # Cisco. Despreś ve una llista ordenada de les MAC de la classe # Cada aula disposa d'un mapa que està a l'armari de comunicacions de l'aula # També podeu consultar els mapes a la wiki del departament: # https://www.iescopernic.com/departament/index.php/Configuraci%C3%B3_de_la_xarxa._Aules # #Punt accés pa 00:80:5A:4B:89:C8 #Switch cisco cisco 00:15:FA:9B:A7:C0 #Profe profe 00:30:05:eb:38:55 #Alumnes pc1 00:0f:fe:de:90:e7 pc2 00:0f:fe:de:83:89 pc3 00:0f:fe:de:81:7d pc4 00:0f:fe:de:85:57 pc5 00:0f:fe:de:81:87 pc6 00:0f:fe:de:80:e5 pc7 00:0f:fe:de:81:f7 pc8 00:0f:fe:de:84:17 pc9 00:0f:fe:de:82:9b pc10 00:0f:fe:de:84:f9 pc11 00:0f:fe:de:84:51 pc12 00:0f:fe:de:7c:9b pc13 00:0f:fe:de:8f:89 pc14 00:0f:fe:de:90:4b pc15 00:0f:fe:de:84:67 pc16 00:0f:fe:de:7b:65
NOTA:Per al correcte funcionament del generador cal respectar l'ordre de les màquines i no esborrar els comentaris.
Al curs 2008/09 tenim les següents MAC:
https://www.iescopernic.com/mediawiki/index.php/2008-2009/Aula1 https://www.iescopernic.com/mediawiki/index.php/2008-2009/Aula2 https://www.iescopernic.com/mediawiki/index.php/2008-2009/Aula3 https://www.iescopernic.com/mediawiki/index.php/2008-2009/Aula4 https://www.iescopernic.com/mediawiki/index.php/2008-2009/Aula5 https://www.iescopernic.com/mediawiki/index.php/2008-2009/Aula6 https://www.iescopernic.com/mediawiki/index.php/2008-2009/Aula7 https://www.iescopernic.com/mediawiki/index.php/2008-2009/Aula8
Podeu obtenir més informació sobre DHCP a:
http://acacha.dyndns.org/mediawiki/index.php/DHCP
#!/bin/bash
PREFIX_FITXER_MACS="macs_aula";
EXTENSIO_FITXER_MACS="txt";
PREFIX_FITXERS_CONF="dhcpd-aula";
SUFIX_FITXERS_CONF=".conf";
#Exemple Fitxer CONF: dhcpd-aula6.conf
#Exemple Fitxer MACS: macs_aula
MASK="255.255.255.0";
BROADCAST_SUFIX=".255"
SUBNET_PREFIX="192.168.";
SUBNET_SUFIX=".0";
MIN_IP=".25";
MAX_IP=".50";
ROUTER_IP=".1";
DNS1="192.168.0.7";
DNS2="195.235.113.3";
DNS3="195.235.96.90";
PREFIX_PC="pc";
PREFIX_PROFE="profe";
PREFIX_PUNT_ACCES="pa";
PREFIX_SWITCH_CISCO="cisco";
SUFIX_IP_PROFE=".2";
TERMINACIO_IP_PROFE="2"
TERMINACIO_IP_SWITCH_CISCO="20";
TERMINACIO_IP_PUNT_ACCES="21";
i=1;
ls ${PREFIX_FITXER_MACS}*.$EXTENSIO_FITXER_MACS | while read FILENAME;
do
#ITERACIo FITXER A FITXER
echo "";
echo "";
echo "#*************** CONFIGURACIÓ DHCP AULA $i *****************************"
#Configuració general
echo "subnet ${SUBNET_PREFIX}${i}${SUBNET_SUFIX} netmask $MASK {";
echo " range ${SUBNET_PREFIX}${i}$MIN_IP ${SUBNET_PREFIX}${i}$MAX_IP;";
echo " option subnet-mask ${MASK};";
echo " option broadcast-address ${SUBNET_PREFIX}${i}${BROADCAST_SUFIX};";
echo " option routers ${SUBNET_PREFIX}${i}$ROUTER_IP;";
echo " option domain-name-servers $DNS1, $DNS2, $DNS3;";
echo "}";
echo "";
#MAC PROFESSOR
echo "host pcprofe_aula$i {";
echo " hardware ethernet `cat $FILENAME | grep -v '^#' | grep $PREFIX_PROFE | awk '{print $2}'`;";
echo " fixed-address 192.168.${i}.$TERMINACIO_IP_PROFE;";
echo "}";
echo "";
#MAC SWITCH CISCO
echo "host switch_cisco_aula$i {";
echo " hardware ethernet `cat $FILENAME | grep -v '^#' | grep $PREFIX_SWITCH_CISCO | awk '{print $2}'`;";
echo " fixed-address 192.168.${i}.$TERMINACIO_IP_SWITCH_CISCO;";
echo "}";
echo "";
#MAC PUNT ACCES
echo "host punt_acces_aula$i {";
echo " hardware ethernet `cat $FILENAME | grep -v '^#' | grep $PREFIX_PUNT_ACCES | awk '{print $2}'`;";
echo " fixed-address 192.168.${i}.$TERMINACIO_IP_PUNT_ACCES;";
echo "}";
echo "";
j=1;
k=3;
cat $FILENAME | grep -v '^#' | grep pc | awk '{print $2}' | while read MAC;
do
echo "host pc${j}_aula$i {";
echo " hardware ethernet $MAC;";
echo " fixed-address 192.168.${i}.${k};";
echo "}";
echo "";
j=$(($j + 1))
k=$(($k + 1))
done
i=$(($i + 1))
done
La següent comanda instal·la Pump i desinstal·la dhclient:
$ sudo apt-get install pump dhclient-
No disposo més informació sobre pump.
If your routers are cisco like just add "ip helper-address dhcp.server.ip.address" configuration in each vlan interface like: Switch>enable Switch#configure terminal Switch(config)#interface vlan 1968 Switch(config-if)#ip helper-address 192.168.100.200 Switch(config-if)#end
then the router will relay dhcp packets between dhcp server and dhcp client
if you want to use a dhcp server with many virtual interface to do this you need 1. a nic with 802.1q vlan support on your dhcp server 2. define virtual interfaces on your dhcp server machine 3. define a trunk port which directly connect to dhcp server's nic and brings all vlan tag to the nic of dhcp server cisco like config is : Switch>enable Switch#configure terminal Switch(config)#vtp mode transparent Switch(config)#interface gigabitEthernet 0/12 Switch(config-if)#switchport trunk encapsulation dot1q Switch(config-if)#switchport mode trunk Switch(config-if)#end
4. tell dhcp server to listen dhcp packets on virtual interfaces
however, maybe nic won't support more than 64 vlans so, i think you need both router's dhcp relay and dhcp server's virtual interface configuration (mix L2 and L3 traffic on the router or core switch)
finally, you can download cisco's "Multilayer Switch Software Configuration Guide" of their products on cisco's web site, their manual is really easy to understand.
Vegeu l'opció:
shared-network
Consulteu:
DHCP#Xarxes_compartides_.28shared_networks.29._M.C3.BAltiples_interf.C3.ADcies_virtuals_en_una_mateixa_targeta_de_xarxa_f.C3.ADsica
Recursos:
Alguns commutadors com Cisco poden enrutar paquets DHCPamb el que s'anomena ip-helper
"fast-spanning-tree" or "spanning-tree-fast" for the user-ports.
Documentació de Cisco:
Consulteu també l'apartat Spanning tree protocol i problemes amb PXE/Etherboot de l'article sobre drbl.
Recursos
Podeu tornar a demanar una IP amb la comanda:
$ sudo dhclient eth0
Sembla que hi ha un error relacionat amb el rellotge del sistema:
$ cat /etc/default/rcS # # /etc/default/rcS # # Default settings for the scripts in /etc/rcS.d/ # # For information about these variables see the rcS(5) manual page. # # This file belongs to the "initscripts" package. TMPTIME=60 SULOGIN=no DELAYLOGIN=no UTC=no VERBOSE=no FSCKFIX=no
Cal canviar el rellotge UTC a si:
UTC=yes
Afegir a /etc/network/interfaces:
pre-up sleep 10
Problemes amb els temps de préstec i els els renews d'aquest préstecs. Al client es poden consultar els préstecs al fitxer :
$ /var/lib/dhcp3/dhclient.eth1.leases
Ok, I think I found the problem: The networking initscript in /etc/rcS.d is started *before* hwclock.sh (which sets the correct local time). dhcp3 picks up the wrong time and, depending on the UTC-Offset, thinks its lease is still valid and never sends a DHCP-Request. I fixed it by starting hwclock.sh earlier (for example renaming it to S09hwclock.sh) and deleting /var/lib/dhcp3/dhclient.eth0.leases .
Create a file named WindowsTimeFixUTC.reg with the following contents and then double click on it to merge the contents with the registry:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\TimeZoneInformation]
"RealTimeIsUniversal"=dword:00000001
Recursos:
Consulteu:
Pxelinux#Configuraci.C3.B3_de_DHCP
i TFTP.
#/bin/bash
FILENAME=hosts_ordenat.csv
cat $FILENAME | while read line;
do
NAME=`echo $line | awk '{print $1}'`
IP=`echo $line | awk '{print $2}'`
MAC=`echo $line | awk '{print $3}'`
echo "host ${NAME} {";
echo " hardware ethernet ${MAC};";
echo " fixed-address ${IP};";
echo "}";
echo "";
done
o amb heredoc:
#/bin/bash
FILENAME=hosts_ordenat.csv
cat $FILENAME | while read line;
do
NAME=`echo $line | awk '{print $1}'`
IP=`echo $line | awk '{print $2}'`
MAC=`echo $line | awk '{print $3}'`
cat <<EOF
host ${NAME} {
hardware ethernet ${MAC};
fixed-address ${IP};
}
EOF
done
NOTA: El EOF de tancament ha d'estar a l'inici de la fila
On el fitxers és:
$ cat hosts_ordenat.csv A20-2PC01 192.168.7.101 00:10:5c:f2:be:38 A20-2PC02 192.168.7.102 00:1a:92:9d:db:ab A20-2PC03 192.168.7.103 00:1b:fc:65:cc:1b A20-2PC04 192.168.7.104 00:10:5C:F2:BE:39 A20-2PC05 192.168.7.105 00:10:5C:F2:ED:D2 A20-2PC06 192.168.7.106 00:1b:fc:08:75:42 ...
#!/bin/bash
PREFIX_FITXER_MACS="macs_aula";
EXTENSIO_FITXER_MACS="txt";
PREFIX_FITXERS_CONF="dhcpd-aula";
SUFIX_FITXERS_CONF=".conf";
#Exemple Fitxer CONF: dhcpd-aula6.conf
#Exemple Fitxer MACS: macs_aula
MASK="255.255.255.0";
BROADCAST_SUFIX=".255"
SUBNET_PREFIX="192.168.";
SUBNET_SUFIX=".0";
MIN_IP=".25";
MAX_IP=".50";
ROUTER_IP=".1";
DNS1="192.168.0.7";
DNS2="195.235.113.3";
DNS3="195.235.96.90";
PREFIX_PC="pc";
PREFIX_PROFE="profe";
PREFIX_PUNT_ACCES="pa";
PREFIX_SWITCH_CISCO="cisco";
SUFIX_IP_PROFE=".2";
TERMINACIO_IP_PROFE="2"
TERMINACIO_IP_SWITCH_CISCO="20";
TERMINACIO_IP_PUNT_ACCES="21";
i=1;
ls ${PREFIX_FITXER_MACS}*.$EXTENSIO_FITXER_MACS | while read FILENAME;
do
#ITERACIo FITXER A FITXER
echo "";
echo "";
echo "#*************** CONFIGURACIÓ DHCP AULA $i *****************************"
#Configuració general
echo "subnet ${SUBNET_PREFIX}${i}${SUBNET_SUFIX} netmask $MASK {";
echo " range ${SUBNET_PREFIX}${i}$MIN_IP ${SUBNET_PREFIX}${i}$MAX_IP;";
echo " option subnet-mask ${MASK};";
echo " option broadcast-address ${SUBNET_PREFIX}${i}${BROADCAST_SUFIX};";
echo " option routers ${SUBNET_PREFIX}${i}$ROUTER_IP;";
echo " option domain-name-servers $DNS1, $DNS2, $DNS3;";
echo "}";
echo "";
#MAC PROFESSOR
echo "host pcprofe_aula$i {";
echo " hardware ethernet `cat $FILENAME | grep -v '^#' | grep $PREFIX_PROFE | awk '{print $2}'`;";
echo " fixed-address 192.168.${i}.$TERMINACIO_IP_PROFE;";
echo "}";
echo "";
#MAC SWITCH CISCO
echo "host switch_cisco_aula$i {";
echo " hardware ethernet `cat $FILENAME | grep -v '^#' | grep $PREFIX_SWITCH_CISCO | awk '{print $2}'`;";
echo " fixed-address 192.168.${i}.$TERMINACIO_IP_SWITCH_CISCO;";
echo "}";
echo "";
#MAC PUNT ACCES
echo "host punt_acces_aula$i {";
echo " hardware ethernet `cat $FILENAME | grep -v '^#' | grep $PREFIX_PUNT_ACCES | awk '{print $2}'`;";
echo " fixed-address 192.168.${i}.$TERMINACIO_IP_PUNT_ACCES;";
echo "}";
echo "";
j=1;
k=3;
cat $FILENAME | grep -v '^#' | grep pc | awk '{print $2}' | while read MAC;
do
echo "host pc${j}_aula$i {";
echo " hardware ethernet $MAC;";
echo " fixed-address 192.168.${i}.${k};";
echo "}";
echo "";
j=$(($j + 1))
k=$(($k + 1))
done
i=$(($i + 1))
done
Exemple de fitxers de MACS:
$ cat macs_aula1.txt # **** Macs de l'Aula 1 **** # No toqueu els comentaris d'aquest fitxer. Només modifiqueu el valors de # les MAC allà on correspongui. # Primer va la MAC del professor. Després del punt d'accés i el commutador # Cisco. Despreś ve una llista ordenada de les MAC de la classe # Cada aula disposa d'un mapa que està a l'armari de comunicacions de l'aula # També podeu consultar els mapes a la wiki del departament: # https://www.iescopernic.com/departament/index.php/Configuraci%C3%B3_de_la_xarxa._Aules # #Punt accés pa 00:80:5A:4B:89:C8 #Switch cisco cisco 00:15:FA:9B:A7:C0 #Profe profe 00:30:05:eb:38:55 #Alumnes pc1 00:13:8f:bc:70:9d pc2 00:13:8f:db:85:79 pc3 00:13:8f:bc:6f:94 pc4 00:13:8f:bc:70:79 pc5 00:13:8f:bc:70:85 pc6 00:13:8f:bc:6e:e0 pc7 00:13:8f:bb:77:28 pc8 00:13:ff:ff:70:a9 pc9 00:13:8f:bc:70:84 pc10 00:13:8f:bc:70:82 pc11 00:13:8f:bc:70:90 pc12 00:13:8f:bc:70:80 pc13 00:19:66:b6:c7:94 pc14 00:13:8f:bc:70:a5 pc15 00:13:8f:bc:70:7c pc16 00:13:8f:bc:6b:29
He creat un Servei per a FOG que crea les assignacions fixes automàticament. Consulteu FOg
Aquest paràmetre pot ser clau per tal de permetre tenir més d'un servidor de DHCP al mateix segment de xarxa.
NOTA: Si hi ha al menys un servidor de DHCP a la xarxa amb l'opció allow unknown-clients aleshores sempre es poden tenir problemes ja que aquest servidor pot ser més ràpid en contestar i sobreescriure qualsevol configuració de la resta de servidors
Una possible solució és utilitzar l'opció ignore booting. Per exemple es pot utilitzar màquina a màquina, posant al servidor que no ha de fer el booting PXE:
host demohost {hardware ethernet 00:42:23:11:be:af;ignore booting;}
Altres paràmetres relacionats:
IMPORTANT: El ús d'aquestes opcions està deprecated a els scopes, cal utilitzar-los als pools
Recursos
Podeu utilitzar boot-unknown-clients, segons el manual:
$ man dhcpd.conf The boot-unknown-clients statement boot-unknown-clients flag; If the boot-unknown-clients statement is present and has a value of false or off, then clients for which there is no host declaration will not be allowed to obtain IP addresses. If this statement is not present or has a value of true or on, then clients without host declarations will be allowed to obtain IP addresses, as long as those addresses are not restricted by allow and deny statements within their pool declarations.
TODO
Es pot utilitzar els paràmetres ping-check i ping-timeout. Cal tenir en compte que introdueix un retard en la resposta que pot ser important segons el tipus de client.
The ping-check statement
ping-check flag;
When the DHCP server is considering dynamically allocating an IP address to a client, it first sends an ICMP Echo request (a ping) to the address being assigned.
It waits for a second, and if no ICMP Echo response has been heard, it assigns the address. If a response is heard, the lease is abandoned, and the server does
not respond to the client.
This ping check introduces a default one-second delay in responding to DHCPDISCOVER messages, which can be a problem for some clients. The default delay of one
second may be configured using the ping-timeout parameter. The ping-check configuration parameter can be used to control checking - if its value is false, no
ping check is done.
The ping-timeout statement
ping-timeout seconds;
If the DHCP server determined it should send an ICMP echo request (a ping) because the ping-check statement is true, ping-timeout allows you to configure how many
seconds the DHCP server should wait for an ICMP Echo response to be heard, if no ICMP Echo response has been received before the timeout expires, it assigns the
address. If a response is heard, the lease is abandoned, and the server does not respond to the client. If no value is set, ping-timeout defaults to 1 second.
TODO
The server-identifier statement
server-identifier hostname;
The server-identifier statement can be used to define the value that is sent in the DHCP Server Identifier option for a given scope. The value specified must be
an IP address for the DHCP server, and must be reachable by all clients served by a particular scope.
The use of the server-identifier statement is not recommended - the only reason to use it is to force a value other than the default value to be sent on occasions
where the default value would be incorrect. The default value is the first IP address associated with the physical network interface on which the request
arrived.
The usual case where the server-identifier statement needs to be sent is when a physical interface has more than one IP address, and the one being sent by default
isn’t appropriate for some or all clients served by that interface. Another common case is when an alias is defined for the purpose of having a consistent IP
address for the DHCP server, and it is desired that the clients use this IP address when contacting the server.
Supplying a value for the dhcp-server-identifier option is equivalent to using the server-identifier statement.
use-host-decl-names flag;
If the use-host-decl-names parameter is true in a given scope, then for every host declaration within that scope, the name provided for the host declaration will
be supplied to the client as its hostname. So, for example,
group {
use-host-decl-names on;
host joe {
hardware ethernet 08:00:2b:4c:29:32;
fixed-address joe.fugue.com;
}
}
is equivalent to
host joe {
hardware ethernet 08:00:2b:4c:29:32;
fixed-address joe.fugue.com;
option host-name "joe";
}
Al fitxer:
$ cat /etc/dhcp3/dhclient.conf
La línia:
send host-name "<hostname>";
Estableix el nom de màquina que s'envia el servidor (utilitzat per a DNS dinàmic enllaçant DNS i DHCP)
Consulteu també:
Client_DNS#Establir_el_nom_de_m.C3.A0quina
El servidor DHCP del ISC es pot configurar per tal que llegeixi la seva configuració d'una base de dades Ldap. Primer cal instal·lar els paquets:
$ sudo apt-get install dhcp3-server dhcp3-server-ldap
IMPORTANT: En les noves versions de paquets a Debian i Ubuntu (a partir de la versió 11.04? --acacha 17:26, 28 des 2011 (UTC)) hi ha hagut canvis al nom del servidor i en alguns fixers (les versions antigues les trobareu tatxades a partir d'aquest moment):
$ sudo apt-get install isc-dhcp-server isc-dhcp-server-ldap
Veureu que se substitueix l'executable del servidor :
$ dpkg -L isc-dhcp3-server$ dpkg -L isc-dhcp-server ... desviat per dhcp3-server-ldap cap a: /usr/sbin/dhcpd3-noldap
$ dpkg -L dhcp3-server-ldap$ dpkg -L isc-dhcp-server-ldap ... el paquet desvia a d'altres cap a /usr/sbin/dhcpd3-noldap
És a dir ara hi ha dos executables:
El paquet dhcp3-server-ldap inclou un schema de Ldap per donar suport a DHCP. S'ha de configurar el servidor Ldap per tal d'utilitzar aquest esquema i també es recomanable crear els següents índexs:
index dhcpHWAddress eq index dhcpClassData eq
Per afegir els índexs cal connectar-se al servidor Ldap a la base de dades de configuració (cn=config). Es pot fer amb Apache Directory Studio i a l'objecte:
olcDatabase={1}hdb,cn=config
Afegir:
olcDbIndex dhcpHWAddress,dhcpClassData eq
Per acabar de crear l'index atureu ldap:
$ sudo /etc/init.d/slapd stop
I utilitzar slapindex:
$ sudo /usr/sbin/slapindex $ sudo chown openldap:openldap -R /var/lib/ldap
Torneu a arrancar Ldap:
$ sudo /etc/init.d/slapd start
Ara cal crear la base de dades Ldap amb la informació de configuració del servidor Ldap. Consulteu:
Gosa#DHCP
La nova configuració de DHCP serà similar a:
IMPORTANT: A ubuntu 11.04 o superior el fitxer és: /etc/dhcp/dhcpd.conf
$ sudo joe /etc/dhcp3/dhcpd.conf$ sudo joe /etc/dhcp/dhcpd.conf ldap-server "localhost"; ldap-port 389; ldap-username "cn=DHCP User, dc=ntelos, dc=net"; ldap-password "blah"; ldap-base-dn "dc=ntelos, dc=net"; ldap-method dynamic; ldap-debug-file "/var/log/dhcp-ldap-startup.log"; ldap-ssl off;
On:
$ sudo touch /var/log/dhcp-ldap-startup.log $ sudo chown dhcpd:dhcpd /var/log/dhcp-ldap-startup.log
Un altre exemple de fitxer de configuració:
ldap-server "192.168.0.8"; ldap-port 389; # No cal posar l'usuari per què el accés anònim és permès #ldap-username "cn=DHCP User, dc=ntelos, dc=net"; #ldap-password "blah"; ldap-base-dn "ou=servers,ou=systems,ou=Servidors,ou=Computers,dc=iesebre,dc=com"; #Server: #cn=Cop,ou=servers,ou=systems,ou=Servidors,ou=Computers,dc=iesebre,dc=com ldap-method dynamic; ldap-debug-file "/var/log/dhcp-ldap-startup.log"; ldap-ssl off;
Podeu depurar/veure els errors amb:
$ sudo /etc/init.d/dhcp3-server restart$ sudo /etc/init.d/isc-dhcp-server restart dhcpd self-test failed. Please fix the config file. The error was: Internet Systems Consortium DHCP Server V3.1.2 Copyright 2004-2008 Internet Systems Consortium. All rights reserved. For info, please visit http://www.isc.org/sw/dhcp/ Error opening debug LDAP log file /var/log/dhcp-ldap-startup.log: Permission denied Connecting to LDAP server 192.168.0.8:389 Successfully logged into LDAP server 192.168.0.8 Error: Cannot find LDAP entry matching (&(objectClass=dhcpServer)(|(cn=BSFHPCasa)(cn=BSFHPCasa.BSF))) Configuration file errors encountered -- exiting
Fixeu-vos quin nom de servidor es busca, si no especifiqueu:
ldap-dhcp-server-cn "cn del servidor";
Cal posar el cn o common name i no pas tot el DN. Per exemple no poseu:
cn=cop.iesebre.com,ou=Sistemes,ou=All,dc=iesebre,dc=com
simplement poseu
cop.iesebre.com
Per exemple:
ldap-server "localhost"; ldap-port 389; # No cal posar l'usuari per què el accés anònim és permès #ldap-username "cn=DHCP User, dc=ntelos, dc=net"; #ldap-password "blah"; ldap-base-dn "ou=Sistemes,ou=All,dc=iesebre,dc=com"; #Server: ldap-dhcp-server-cn "cop.iesebre.com"; # #Útil per depurar noms de màquina: ldap-method dynamic; ldap-debug-file "/var/log/dhcp-ldap-startup.log"; ldap-ssl off;
NOTA: Per a localhost no cal SSL, però podeu activar-lo i indicar altres paràmetres SSL com ldap-tls-reqcert never
Per defecte és busca amb el nom de la màquina on executeu el servidor DNS:
$ hostname BSFHPCasa $ cat /etc/hosts ... 127.0.1.1 BSFHPCasa.BSF BSFHPCasa
La configuració la podreu consultar al fitxer que especifiqueu per depurar:
$ sudo tail -f /var/log/dhcp-ldap-startup.log range 172.16.0.201 172.16.0.254; filename "172.16.0.4"; next-server pxelinux.0; option routers 172.16.0.1; option domain-name "www.iesebre.com"; option domain-name-servers 172.16.0.1,192.168.0.46; option subnet-mask 255.255.252.0; option broadcast-address 172.16.3.255; option netbios-name-servers 192.168.0.8; }
IMPORTANT: En cas que utilitzeu dynamic, a aquest fitxer de log només trobareu la configuració de les xarxes, la configuració de les màquines se demana amb consultes al servidor Ldap cada cop que hi ha un request. Ho podeu veure a:
$ sudo tail -f /var/log/syslog | grep dhcp Feb 1 20:10:28 cop dhcpd: Found dhcpHWAddress LDAP entry cn=a206pcprofe,cn=172.16.0.0,cn=dhcp,cn=cop.iesebre.com,ou=servers,ou=systems,ou=Servidors,ou=Sistemes,ou=All,dc=iesebre,dc=com Feb 1 20:10:28 cop dhcpd: Sending the following options: 'fixed-address 172.16.2.10;#012option host-name a206pcprofe;#012' Feb 1 20:10:28 cop dhcpd: DHCPREQUEST for 172.16.2.10 from 00:21:5a:72:cc:b2 via alumnat Feb 1 20:10:28 cop dhcpd: DHCPACK on 172.16.2.10 to 00:21:5a:72:cc:b2 via alumnat Feb 1 20:10:32 cop dhcpd: Searching for (&(objectClass=dhcpHost)(dhcpHWAddress=ethernet 00:0e:7f:41:e8:09)) in LDAP tree cn=dhcp,cn=cop.iesebre.com,ou=servers,ou=systems,ou=Servidors,ou=Sistemes,ou=All,dc=iesebre,dc=com Feb 1 20:10:32 cop dhcpd: No host entry for (&(objectClass=dhcpHost)(dhcpHWAddress=ethernet 00:0e:7f:41:e8:09)) in LDAP tree cn=dhcp,cn=cop.iesebre.com,ou=servers,ou=systems,ou=Servidors,ou=Sistemes,ou=All,dc=iesebre,dc=com Feb 1 20:10:32 cop dhcpd: Searching for (&(objectClass=dhcpHost)(dhcpHWAddress=ethernet 00:0e:7f:41:e8:09)) in LDAP tree cn=dhcp,cn=cop.iesebre.com,ou=servers,ou=systems,ou=Servidors,ou=Sistemes,ou=All,dc=iesebre,dc=com Feb 1 20:10:32 cop dhcpd: No host entry for (&(objectClass=dhcpHost)(dhcpHWAddress=ethernet 00:0e:7f:41:e8:09)) in LDAP tree cn=dhcp,cn=cop.iesebre.com,ou=servers,ou=systems,ou=Servidors,ou=Sistemes,ou=All,dc=iesebre,dc=com Feb 1 20:10:32 cop dhcpd: DHCPREQUEST for 192.168.20.201 from 00:0e:7f:41:e8:09 (DepSanitat_impressoraHPLasP2015) via professorat Feb 1 20:10:32 cop dhcpd: DHCPACK on 192.168.20.201 to 00:0e:7f:41:e8:09 (DepSanitat_impressoraHPLasP2015) via professorat Feb 1 20:10:34 cop dhcpd: Searching for (&(objectClass=dhcpHost)(dhcpHWAddress=ethernet 00:15:60:9c:85:2f)) in LDAP tree cn=dhcp,cn=cop.iesebre.com,ou=servers,ou=systems,ou=Servidors,ou=Sistemes,ou=All,dc=iesebre,dc=com Feb 1 20:10:34 cop dhcpd: Found dhcpHWAddress LDAP entry cn=a206pc13,cn=172.16.0.0,cn=dhcp,cn=cop.iesebre.com,ou=servers,ou=systems,ou=Servidors,ou=Sistemes,ou=All,dc=iesebre,dc=com Feb 1 20:10:34 cop dhcpd: Sending the following options: 'fixed-address 172.16.2.23;#012option host-name a206pc13;#012' Feb 1 20:10:34 cop dhcpd: DHCPREQUEST for 172.16.2.23 from 00:15:60:9c:85:2f via alumnat Feb 1 20:10:34 cop dhcpd: DHCPACK on 172.16.2.23 to 00:15:60:9c:85:2f via alumnat Feb 1 20:10:36 cop dhcpd: Searching for (&(objectClass=dhcpHost)(dhcpHWAddress=ethernet 1c:c1:de:64:fe:c4)) in LDAP tree cn=dhcp,cn=cop.iesebre.com,ou=servers,ou=systems,ou=Servidors,ou=Sistemes,ou=All,dc=iesebre,dc=com Feb 1 20:10:36 cop dhcpd: Found dhcpHWAddress LDAP entry cn=a33- pc04,cn=172.16.0.0,cn=dhcp,cn=cop.iesebre.com,ou=servers,ou=systems,ou=Servidors,ou=Sistemes,ou=All,dc=iesebre,dc=com Feb 1 20:10:36 cop dhcpd: Sending the following options: 'fixed-address 172.16.3.94;#012option host-name a33-pc04;#012' Feb 1 20:10:36 cop dhcpd: DHCPREQUEST for 172.16.3.94 from 1c:c1:de:64:fe:c4 via alumnat Feb 1 20:10:36 cop dhcpd: DHCPACK on 172.16.3.94 to 1c:c1:de:64:fe:c4 via alumnat
Si no troba la màquina el missatge serà similar a:
Feb 1 20:12:25 cop dhcpd: No host entry for (&(objectClass=dhcpHost)(dhcpHWAddress=ethernet 00:1f:29:2a:03:e5)) in LDAP tree cn=dhcp,cn=cop.iesebre.com,ou=servers,ou=systems,ou=Servidors,ou=Sistemes,ou=All,dc=iesebre,dc=com Feb 1 20:12:25 cop dhcpd: DHCPREQUEST for 192.168.20.225 from 00:1f:29:2a:03:e5 (DepAd_impressoraHPLaserjetP2015) via professorat Feb 1 20:12:25 cop dhcpd: DHCPACK on 192.168.20.225 to 00:1f:29:2a:03:e5 (DepAd_impressoraHPLaserjetP2015) via professorat
Cal recordar que al servidor Ldap heu de tenir objectes amb la configuració. Ho podeu fer amb Gosa o podeu omplir el servidor Ldap amb un fitxer ldif similar a (cal adaptar-lo a les vostres característiques):
dn: cn=brian.ntelos.net, dc=ntelos, dc=net objectClass: top objectClass: dhcpServer cn: brian.ntelos.net dhcpServiceDN: cn=DHCP Service Config, dc=ntelos, dc=net # Here is the config tree that brian.ntelos.net points to. dn: cn=DHCP Service Config, dc=ntelos, dc=net cn: DHCP Service Config objectClass: top objectClass: dhcpService dhcpPrimaryDN: dc=ntelos, dc=net dhcpStatements: ddns-update-style none dhcpStatements: default-lease-time 600 dhcpStatements: max-lease-time 7200 # Set up a shared network segment dn: cn=WV Test, cn=DHCP Service Config, dc=ntelos, dc=net cn: WV objectClass: top objectClass: dhcpSharedNetwork # Set up a subnet declaration with a pool statement. Also note that we have # a dhcpOptions object with this entry dn: cn=10.100.0.0, cn=WV Test, cn=DHCP Service Config, dc=ntelos, dc=net cn: 10.100.0.0 objectClass: top objectClass: dhcpSubnet objectClass: dhcpOptions dhcpOption: domain-name-servers 10.100.0.2 dhcpOption: routers 10.100.0.1 dhcpOption: subnet-mask 255.255.255.0 dhcpOption: broadcast-address 10.100.0.255 dhcpNetMask: 24 # Set up a pool for this subnet. Only known hosts will get these IPs dn: cn=Known Pool, cn=10.100.0.0, cn=WV Test, cn=DHCP Service Config, dc=ntelos, dc=net cn: Known Pool objectClass: top objectClass: dhcpPool dhcpRange: 10.100.0.3 10.100.0.254 dhcpPermitList: deny unknown-clients # Set up another subnet declaration with a pool statement dn: cn=10.200.0.0, cn=WV Test, cn=DHCP Service Config, dc=ntelos, dc=net cn: 10.200.0.0 objectClass: top objectClass: dhcpSubnet objectClass: dhcpOptions dhcpOption: domain-name-servers 10.200.0.2 dhcpOption: routers 10.200.0.1 dhcpOption: subnet-mask 255.255.255.0 dhcpOption: broadcast-address 10.200.0.255 dhcpNetMask: 24 # Set up a pool for this subnet. Only unknown hosts will get these IPs dn: cn=Known Pool, cn=10.200.0.0, cn=WV Test, cn=DHCP Service Config, dc=ntelos, dc=net cn: Known Pool objectClass: top objectClass: dhcpPool dhcpRange: 10.200.0.3 10.200.0.254 dhcpPermitList: deny known clients # Set aside a group for all of our known MAC addresses dn: cn=Customers, cn=DHCP Service Config, dc=ntelos, dc=net objectClass: top objectClass: dhcpGroup cn: Customers # Host entry for my laptop dn: cn=brianlaptop, cn=Customers, cn=DHCP Service Config, dc=ntelos, dc=net objectClass: top objectClass: dhcpHost cn: brianlaptop dhcpHWAddress: ethernet 00:00:00:00:00:00
També se us proporciona un script de perl que permet pasar a Ldap una configuració dhcp existent:
/usr/share/doc/dhcp3-server-ldap
L'esquema Ldap és el següent (--acacha 16:09, 21 nov 2010 (UTC)):
attributetype ( 2.16.840.1.113719.1.203.4.1
NAME 'dhcpPrimaryDN'
EQUALITY distinguishedNameMatch
DESC 'The DN of the dhcpServer which is the primary server for the configuration.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.2
NAME 'dhcpSecondaryDN'
EQUALITY distinguishedNameMatch
DESC 'The DN of dhcpServer(s) which provide backup service for the configuration.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
attributetype ( 2.16.840.1.113719.1.203.4.3
NAME 'dhcpStatements'
EQUALITY caseIgnoreIA5Match
DESC 'Flexible storage for specific data depending on what object this exists in. Like conditional statements, server
parameters, etc. This allows the standard to evolve without needing to adjust the schema.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 2.16.840.1.113719.1.203.4.4
NAME 'dhcpRange'
EQUALITY caseIgnoreIA5Match
DESC 'The starting & ending IP Addresses in the range (inclusive), separated by a hyphen; if the range only contains one
address, then just the address can be specified with no hyphen. Each range is defined as a separate value.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 2.16.840.1.113719.1.203.4.5
NAME 'dhcpPermitList'
EQUALITY caseIgnoreIA5Match
DESC 'This attribute contains the permit lists associated with a pool. Each permit list is defined as a separate value.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 2.16.840.1.113719.1.203.4.6
NAME 'dhcpNetMask'
EQUALITY integerMatch
DESC 'The subnet mask length for the subnet. The mask can be easily computed from this length.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.7
NAME 'dhcpOption'
EQUALITY caseIgnoreIA5Match
DESC 'Encoded option values to be sent to clients. Each value represents a single option and contains (OptionTag,
Length, OptionValue) encoded in the format used by DHCP.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 2.16.840.1.113719.1.203.4.8
NAME 'dhcpClassData'
EQUALITY caseIgnoreIA5Match
DESC 'Encoded text string or list of bytes expressed in hexadecimal, separated by colons. Clients match subclasses based
on matching the class data with the results of match or spawn with statements in the class name declarations.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.9
NAME 'dhcpOptionsDN'
EQUALITY distinguishedNameMatch
DESC 'The distinguished name(s) of the dhcpOption objects containing the configuration options provided by the server.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
attributetype ( 2.16.840.1.113719.1.203.4.10
NAME 'dhcpHostDN'
EQUALITY distinguishedNameMatch
DESC 'the distinguished name(s) of the dhcpHost objects.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
attributetype ( 2.16.840.1.113719.1.203.4.11
NAME 'dhcpPoolDN'
EQUALITY distinguishedNameMatch
DESC 'The distinguished name(s) of pools.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
attributetype ( 2.16.840.1.113719.1.203.4.12
NAME 'dhcpGroupDN'
EQUALITY distinguishedNameMatch
DESC 'The distinguished name(s) of the groups.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
attributetype ( 2.16.840.1.113719.1.203.4.13
NAME 'dhcpSubnetDN'
EQUALITY distinguishedNameMatch
DESC 'The distinguished name(s) of the subnets.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
attributetype ( 2.16.840.1.113719.1.203.4.14
NAME 'dhcpLeaseDN'
EQUALITY distinguishedNameMatch
DESC 'The distinguished name of a client address.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE)
attributetype ( 2.16.840.1.113719.1.203.4.15
NAME 'dhcpLeasesDN'
DESC 'The distinguished name(s) client addresses.'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
attributetype ( 2.16.840.1.113719.1.203.4.16
NAME 'dhcpClassesDN'
EQUALITY distinguishedNameMatch
DESC 'The distinguished name(s) of a class(es) in a subclass.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
attributetype ( 2.16.840.1.113719.1.203.4.17
NAME 'dhcpSubclassesDN'
EQUALITY distinguishedNameMatch
DESC 'The distinguished name(s) of subclass(es).'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
attributetype ( 2.16.840.1.113719.1.203.4.18
NAME 'dhcpSharedNetworkDN'
EQUALITY distinguishedNameMatch
DESC 'The distinguished name(s) of sharedNetworks.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
attributetype ( 2.16.840.1.113719.1.203.4.19
NAME 'dhcpServiceDN'
EQUALITY distinguishedNameMatch
DESC 'The DN of dhcpService object(s)which contain the configuration information. Each dhcpServer object has this
attribute identifying the DHCP configuration(s) that the server is associated with.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
attributetype ( 2.16.840.1.113719.1.203.4.20
NAME 'dhcpVersion'
DESC 'The version attribute of this object.'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.21
NAME 'dhcpImplementation'
EQUALITY caseIgnoreIA5Match
DESC 'Description of the DHCP Server implementation e.g. DHCP Servers vendor.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.22
NAME 'dhcpAddressState'
EQUALITY caseIgnoreIA5Match
DESC 'This stores information about the current binding-status of an address. For dynamic addresses managed by DHCP, the values should be restricted to the following: "FREE", "ACTIVE", "EXPIRED", "RELEASED", "RESET", "ABANDONED", "BACKUP". For other addresses, it SHOULD be one of the following: "UNKNOWN", "RESERVED" (an address that is managed by DHCP that is reserved for a specific client), "RESERVED-ACTIVE" (same as reserved, but address is currently in use), "ASSIGNED" (assigned manually or by some other mechanism), "UNASSIGNED", "NOTASSIGNABLE".'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.23
NAME 'dhcpExpirationTime'
EQUALITY generalizedTimeMatch
DESC 'This is the time the current lease for an address expires.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.24
NAME 'dhcpStartTimeOfState'
EQUALITY generalizedTimeMatch
DESC 'This is the time of the last state change for a leased address.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.25
NAME 'dhcpLastTransactionTime'
EQUALITY generalizedTimeMatch
DESC 'This is the last time a valid DHCP packet was received from the client.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.26
NAME 'dhcpBootpFlag'
EQUALITY booleanMatch
DESC 'This indicates whether the address was assigned via BOOTP.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.27
NAME 'dhcpDomainName'
EQUALITY caseIgnoreIA5Match
DESC 'This is the name of the domain sent to the client by the server. It is essentially the same as the value for DHCP option 15 sent to the client, and represents only the domain - not the full FQDN. To obtain the full FQDN assigned to the client you must prepend the "dhcpAssignedHostName" to this value with a ".".'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.28
NAME 'dhcpDnsStatus'
EQUALITY integerMatch
DESC 'This indicates the status of updating DNS resource records on behalf of the client by the DHCP server for this address. The value is a 16-bit bitmask.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.29
NAME 'dhcpRequestedHostName'
EQUALITY caseIgnoreIA5Match
DESC 'This is the hostname that was requested by the client.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.30
NAME 'dhcpAssignedHostName'
EQUALITY caseIgnoreIA5Match
DESC 'This is the actual hostname that was assigned to a client. It may not be the name that was requested by the client. The fully qualified domain name can be determined by appending the value of "dhcpDomainName" (with a dot separator) to this name.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.31
NAME 'dhcpReservedForClient'
EQUALITY distinguishedNameMatch
DESC 'The distinguished name of a "dhcpClient" that an address is reserved for. This may not be the same as the "dhcpAssignedToClient" attribute if the address is being reassigned but the current lease has not yet expired.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.32
NAME 'dhcpAssignedToClient'
EQUALITY distinguishedNameMatch
DESC 'This is the distinguished name of a "dhcpClient" that an address is currently assigned to. This attribute is only present in the class when the address is leased.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.33
NAME 'dhcpRelayAgentInfo'
EQUALITY octetStringMatch
DESC 'If the client request was received via a relay agent, this contains information about the relay agent that was available from the DHCP request. This is a hex-encoded option value.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.34
NAME 'dhcpHWAddress'
EQUALITY caseIgnoreIA5Match
DESC 'The clients hardware address that requested this IP address.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.35
NAME 'dhcpHashBucketAssignment'
EQUALITY octetStringMatch
DESC 'HashBucketAssignment bit map for the DHCP Server, as defined in DHC Load Balancing Algorithm [RFC 3074].'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.36
NAME 'dhcpDelayedServiceParameter'
EQUALITY integerMatch
DESC 'Delay in seconds corresponding to Delayed Service Parameter configuration, as defined in DHC Load Balancing Algorithm [RFC 3074]. '
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.37
NAME 'dhcpMaxClientLeadTime'
EQUALITY integerMatch
DESC 'Maximum Client Lead Time configuration in seconds, as defined in DHCP Failover Protocol [FAILOVR]'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.38
NAME 'dhcpFailOverEndpointState'
EQUALITY caseIgnoreIA5Match
DESC 'Server (Failover Endpoint) state, as defined in DHCP Failover Protocol [FAILOVR]'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.39
NAME 'dhcpErrorLog'
EQUALITY caseIgnoreIA5Match
DESC 'Generic error log attribute that allows logging error conditions within a dhcpService or a dhcpSubnet, like no IP addresses available for lease.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.40
NAME 'dhcpLocatorDN'
EQUALITY distinguishedNameMatch
DESC 'The DN of dhcpLocator object which contain the DNs of all DHCP configuration objects. There will be a single dhcpLocator object in the tree with links to all the DHCP objects in the tree'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
attributetype ( 2.16.840.1.113719.1.203.4.41
NAME 'dhcpKeyAlgorithm'
EQUALITY caseIgnoreIA5Match
DESC 'Algorithm to generate TSIG Key'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.42
NAME 'dhcpKeySecret'
EQUALITY octetStringMatch
DESC 'Secret to generate TSIG Key' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.43
NAME 'dhcpDnsZoneServer'
EQUALITY caseIgnoreIA5Match
DESC 'Master server of the DNS Zone'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.44
NAME 'dhcpKeyDN'
EQUALITY distinguishedNameMatch
DESC 'The DNs of TSIG Key to use in secure dynamic updates. In case of locator object, this will be list of TSIG keys. In case of DHCP Service, Shared Network, Subnet and DNS Zone, it will be a single key.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12)
attributetype ( 2.16.840.1.113719.1.203.4.45
NAME 'dhcpZoneDN'
EQUALITY distinguishedNameMatch
DESC 'The DNs of DNS Zone. In case of locator object, this will be list of DNS Zones in the tree. In case of DHCP Service, Shared Network and Subnet, it will be a single DNS Zone.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12)
attributetype ( 2.16.840.1.113719.1.203.4.46
NAME 'dhcpFailOverPrimaryServer'
EQUALITY caseIgnoreIA5Match
DESC 'IP address or DNS name of the server playing primary role in DHC Load Balancing and Fail over.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 2.16.840.1.113719.1.203.4.47
NAME 'dhcpFailOverSecondaryServer'
EQUALITY caseIgnoreIA5Match
DESC 'IP address or DNS name of the server playing secondary role in DHC Load Balancing and Fail over.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 2.16.840.1.113719.1.203.4.48
NAME 'dhcpFailOverPrimaryPort'
EQUALITY integerMatch
DESC 'Port on which primary server listens for connections from its fail over peer (secondary server)'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
attributetype ( 2.16.840.1.113719.1.203.4.49
NAME 'dhcpFailOverSecondaryPort'
EQUALITY integerMatch
DESC 'Port on which secondary server listens for connections from its fail over peer (primary server)'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
attributetype ( 2.16.840.1.113719.1.203.4.50
NAME 'dhcpFailOverResponseDelay'
EQUALITY integerMatch
DESC 'Maximum response time in seconds, before Server assumes that connection to fail over peer has failed'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
attributetype ( 2.16.840.1.113719.1.203.4.51
NAME 'dhcpFailOverUnackedUpdates'
EQUALITY integerMatch
DESC 'Number of BNDUPD messages that server can send before it receives BNDACK from its fail over peer'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
attributetype ( 2.16.840.1.113719.1.203.4.52
NAME 'dhcpFailOverSplit'
EQUALITY integerMatch
DESC 'Split between the primary and secondary servers for fail over purpose'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
attributetype ( 2.16.840.1.113719.1.203.4.53
NAME 'dhcpFailOverLoadBalanceTime'
EQUALITY integerMatch
DESC 'Cutoff time in seconds, after which load balance is disabled'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
attributetype ( 2.16.840.1.113719.1.203.4.54
NAME 'dhcpFailOverPeerDN'
EQUALITY distinguishedNameMatch
DESC 'The DNs of Fail over peers. In case of locator object, this will be list of fail over peers in the tree. In case of Subnet and pool, it will be a single Fail Over Peer'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
#List of all servers in the tree
attributetype ( 2.16.840.1.113719.1.203.4.55
NAME 'dhcpServerDN'
EQUALITY distinguishedNameMatch
DESC 'List of all DHCP Servers in the tree. Used by dhcpLocatorObject'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
attributetype ( 2.16.840.1.113719.1.203.4.56
NAME 'dhcpComments'
EQUALITY caseIgnoreIA5Match
DESC 'Generic attribute that allows coments within any DHCP object'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
# Classes
objectclass ( 2.16.840.1.113719.1.203.6.1
NAME 'dhcpService'
DESC 'Service object that represents the actual DHCP Service configuration. This is a container object.'
SUP top
MUST (cn)
MAY ( dhcpPrimaryDN $ dhcpSecondaryDN $ dhcpServerDN $ dhcpSharedNetworkDN $ dhcpSubnetDN $ dhcpGroupDN $ dhcpHostDN $ dhcpClassesDN $ dhcpOptionsDN $ dhcpZoneDN $ dhcpKeyDN $ dhcpFailOverPeerDN $ dhcpStatements $dhcpComments $ dhcpOption) )
objectclass ( 2.16.840.1.113719.1.203.6.2
NAME 'dhcpSharedNetwork'
DESC 'This stores configuration information for a shared network.'
SUP top
MUST cn
MAY ( dhcpSubnetDN $ dhcpPoolDN $ dhcpOptionsDN $ dhcpZoneDN $ dhcpStatements $dhcpComments $ dhcpOption) X-NDS_CONTAINMENT ('dhcpService' ) )
objectclass ( 2.16.840.1.113719.1.203.6.3
NAME 'dhcpSubnet'
DESC 'This class defines a subnet. This is a container object.'
SUP top
MUST ( cn $ dhcpNetMask )
MAY ( dhcpRange $ dhcpPoolDN $ dhcpGroupDN $ dhcpHostDN $ dhcpClassesDN $ dhcpLeasesDN $ dhcpOptionsDN $ dhcpZoneDN $ dhcpKeyDN $ dhcpFailOverPeerDN $ dhcpStatements $ dhcpComments $ dhcpOption ) X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork') )
objectclass ( 2.16.840.1.113719.1.203.6.4
NAME 'dhcpPool'
DESC 'This stores configuration information about a pool.'
SUP top
MUST ( cn $ dhcpRange )
MAY ( dhcpClassesDN $ dhcpPermitList $ dhcpLeasesDN $ dhcpOptionsDN $ dhcpZoneDN $dhcpKeyDN $ dhcpStatements $ dhcpComments $ dhcpOption )
X-NDS_CONTAINMENT ('dhcpSubnet' 'dhcpSharedNetwork') )
objectclass ( 2.16.840.1.113719.1.203.6.5
NAME 'dhcpGroup'
DESC 'Group object that lists host DNs and parameters. This is a container object.'
SUP top
MUST cn
MAY ( dhcpHostDN $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ dhcpOption )
X-NDS_CONTAINMENT ('dhcpSubnet' 'dhcpService' ) )
objectclass ( 2.16.840.1.113719.1.203.6.6
NAME 'dhcpHost'
DESC 'This represents information about a particular client'
SUP top
MUST cn
MAY (dhcpLeaseDN $ dhcpHWAddress $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ dhcpOption)
X-NDS_CONTAINMENT ('dhcpService' 'dhcpSubnet' 'dhcpGroup') )
objectclass ( 2.16.840.1.113719.1.203.6.7
NAME 'dhcpClass'
DESC 'Represents information about a collection of related clients.'
SUP top
MUST cn
MAY (dhcpSubClassesDN $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ dhcpOption)
X-NDS_CONTAINMENT ('dhcpService' 'dhcpSubnet' ) )
objectclass ( 2.16.840.1.113719.1.203.6.8
NAME 'dhcpSubClass'
DESC 'Represents information about a collection of related classes.'
SUP top
MUST cn
MAY (dhcpClassData $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ dhcpOption) X-NDS_CONTAINMENT 'dhcpClass' )
objectclass ( 2.16.840.1.113719.1.203.6.9
NAME 'dhcpOptions'
DESC 'Represents information about a collection of options defined.'
SUP top AUXILIARY
MUST cn
MAY ( dhcpOption $ dhcpComments )
X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork' 'dhcpSubnet' 'dhcpPool' 'dhcpGroup' 'dhcpHost' 'dhcpClass' ) )
objectclass ( 2.16.840.1.113719.1.203.6.10
NAME 'dhcpLeases'
DESC 'This class represents an IP Address, which may or may not have been leased.'
SUP top
MUST ( cn $ dhcpAddressState )
MAY ( dhcpExpirationTime $ dhcpStartTimeOfState $ dhcpLastTransactionTime $ dhcpBootpFlag $ dhcpDomainName $ dhcpDnsStatus $ dhcpRequestedHostName $ dhcpAssignedHostName $ dhcpReservedForClient $ dhcpAssignedToClient $ dhcpRelayAgentInfo $ dhcpHWAddress )
X-NDS_CONTAINMENT ( 'dhcpService' 'dhcpSubnet' 'dhcpPool') )
objectclass ( 2.16.840.1.113719.1.203.6.11
NAME 'dhcpLog'
DESC 'This is the object that holds past information about the IP address. The cn is the time/date stamp when the address was assigned or released, the address state at the time, if the address was assigned or released.'
SUP top
MUST ( cn )
MAY ( dhcpAddressState $ dhcpExpirationTime $ dhcpStartTimeOfState $ dhcpLastTransactionTime $ dhcpBootpFlag $ dhcpDomainName $ dhcpDnsStatus $ dhcpRequestedHostName $ dhcpAssignedHostName $ dhcpReservedForClient $ dhcpAssignedToClient $ dhcpRelayAgentInfo $ dhcpHWAddress $ dhcpErrorLog)
X-NDS_CONTAINMENT ('dhcpLeases' 'dhcpPool' 'dhcpSubnet' 'dhcpSharedNetwork' 'dhcpService' ) )
objectclass ( 2.16.840.1.113719.1.203.6.12
NAME 'dhcpServer'
DESC 'DHCP Server Object'
SUP top AUXILIARY
MUST ( cn )
MAY (dhcpServiceDN $ dhcpLocatorDN $ dhcpVersion $ dhcpImplementation $ dhcpHashBucketAssignment $ dhcpDelayedServiceParameter $ dhcpMaxClientLeadTime $ dhcpFailOverEndpointState $ dhcpStatements $ dhcpComments $ dhcpOption)
X-NDS_CONTAINMENT ('organization' 'organizationalunit' 'domain') )
objectclass ( 2.16.840.1.113719.1.203.6.13
NAME 'dhcpTSigKey'
DESC 'TSIG key for secure dynamic updates'
SUP top
MUST (cn $ dhcpKeyAlgorithm $ dhcpKeySecret )
MAY ( dhcpComments )
X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork' 'dhcpSubnet') )
objectclass ( 2.16.840.1.113719.1.203.6.14
NAME 'dhcpDnsZone'
DESC 'DNS Zone for updating leases'
SUP top
MUST (cn $ dhcpDnsZoneServer )
MAY (dhcpKeyDN $ dhcpComments)
X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork' 'dhcpSubnet') )
objectclass ( 2.16.840.1.113719.1.203.6.15
NAME 'dhcpFailOverPeer'
DESC 'This class defines the Fail over peer'
SUP top
MUST ( cn $ dhcpFailOverPrimaryServer $ dhcpFailOverSecondaryServer $ dhcpFailoverPrimaryPort $ dhcpFailOverSecondaryPort) MAY (dhcpFailOverResponseDelay $ dhcpFailOverUnackedUpdates $ dhcpMaxClientLeadTime $ dhcpFailOverSplit $ dhcpHashBucketAssignment $ dhcpFailOverLoadBalanceTime $ dhcpComments )
X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork' 'dhcpSubnet') )
objectclass ( 2.16.840.1.113719.1.203.6.16
NAME 'dhcpLocator'
DESC 'Locator object for DHCP configuration in the tree. There will be a single dhcpLocator object in the tree with links to all the DHCP objects in the tree'
SUP top
MUST ( cn )
MAY ( dhcpServiceDN $dhcpServerDN $ dhcpSharedNetworkDN $ dhcpSubnetDN $ dhcpPoolDN $ dhcpGroupDN $ dhcpHostDN $ dhcpClassesDN $ dhcpKeyDN $ dhcpZoneDN $ dhcpFailOverPeerDN $ dhcpOption $ dhcpComments)
X-NDS_CONTAINMENT ('organization' 'organizationalunit' 'domain') )
Recursos:
subnet 192.168.200.0 netmask 255.255.255.0 {
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.200.255;
option routers 192.168.200.1;
option domain-name-servers 192.168.200.1;
pool {
failover peer "dhcp-failover";
max-lease-time 1800; # 30 minutes
range 192.168.200.100 192.168.200.254;
}
}
The following configuration would be placed on the secondary server:
authoritative;
ddns-update-style none;
failover peer "dhcp-failover" {
secondary; # declare this to be the secondary server
address 192.168.200.3;
port 520;
peer address 192.168.200.2;
peer port 520;
max-response-delay 30;
max-unacked-updates 10;
load balance max seconds 3;
}
subnet 192.168.200.0 netmask 255.255.255.0 {
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.200.255;
option routers 192.168.200.1;
Page 13 of 16
option domain-name-servers 192.168.200.1;
pool {
failover peer "dhcp-failover";
max-lease-time 1800; # 30 minutes
range 192.168.200.100 192.168.200.254;
}
Amb DHCP es poden definir rutes estàtiques que calgui instal·lar a la taula de rutes dels clients DHCP. Es pot fer de dos formes:
Single Route. Opció DHCP 33
Cal tenir en compte que la configuració s'ha de posar en Hexadecimal. Primer es posa l'adreça de destinació (no es poden posar rangs de xarxa, consulteu l'opció 121) i després el router:
Destination: 192.168.123.234 --> (Hex: C0:A8:7B:EA) Router/Gateway: 10.34.72.42 --> (Hex: 0A:22:48:2A)
El valor que cal posar és: C0:A8:7B:EA:0A:22:48:2A tot concatenat. Podeu utilitzar un conversor web com:
http://www.ipaddresslocation.org/convertip.php
Classless Static Routing
TODO
The DHCP option 121 follows a slightly different format. The format is <width of the subnetmask>:<netaddress>:<router address> (again, in hex).
Exemple:
Destination: 192.168.123.0 (Hex: C0:A8:7B:0) Router: 10.34.72.42 (Hex: 0A:22:48:2A) Subnet mask width: 24
Value: 24.192.168.123.10.34.72.42, in hex 18:C0:A8:7B:0A:22:48:2A
To provide multiple static routes, just concat all encoded values. According to RFC 3442, you should include the default route in the DHCP option 121, since clients are allowed to ignore the "default route" DHCP option if the server provides a value for the classless static routing option. The default route option is: 00:0A:0A:0A:02 (the routers ip is 10.10.10.2, the last 4 bytes), combined: 00:0A:0A:0A:02:18:C0:A8:7B:0A:22:48:2A.
IMPORTANT: Windows systems up to Windows XP/Windows Server 2003 do not request the dhcp option 121 (they have to be tweaked manually to request this option). The linux dhcp client "dhcpcd" requests this option per default (if not, set option classless_static_routes in /etc/dhcpcd.conf).
Consulteu també Rutes estàtiques