[prev in list] [next in list] [prev in thread] [next in thread]
List: dhcp-server
Subject: Re: deny leases to RAS clients
From: "David W. Hankins" <David_Hankins () isc ! org>
Date: 2004-10-06 16:15:40
Message-ID: 20041006161540.GD25540 () isc ! org
[Download RAW message or body]
*** From dhcp-server -- To unsubscribe, see the end of this message. ***
On Wed, Oct 06, 2004 at 11:57:02AM -0400, Will Saxon wrote:
> if substring (option dhcp-client-identifier, 0, 4) = "RAS " {
> deny booting;
> }
>
> lease 128.227.28.199 {
> starts 3 2004/10/06 15:52:21;
> ends 3 2004/10/06 16:22:21;
> binding state active;
> next binding state free;
> hardware ethernet 00:0d:56:ac:4c:ce;
> uid "\001RAS \000\015V\254L\316\000\000\000\000\000\000";
> set vendor-id = "MSFT 5.0";
> client-hostname "Drew";
> }
if it were me:
class "RAS" {
match if substring (option dhcp-client-identifier, 1, 4) = "RAS ";
deny booting;
}
> These leases are causing some problems with other tracking systems we > have. Am I \
> supposed to be matching uid instead of > dhcp-client-identifier?
no. uid is a lease-file specific synonym for the client identifier.
it has more to do with "the server's unique identifier for a client,
lease, or host" and less to do with the client identifier option per
se.
> How do I stop the above leases from being > created? My knowledge here is very \
> limited.
the if-statement you had above is a fine approach. the lease limit of
zero is a weird configuration...i think it would result in strange
behaviour of the server (the size of one of the class fields gets
calculated as lease_limit * sizeof(a structure)).
at any rate, don't do that.
it seems the substring you were using on your second attempt was
starting at index zero, which from looking at your lease is actually
"\001RAS" not "RAS ". so you need to bump the start index from zero
to one.
if you continue to have problems, try:
log (concat("Ras-Check: ", <substring you're using here> ));
and see what shows up in your logs.
the concat is actually important since it works around a log() bug
that has not been fixed in any released version of 3.0.
--
David W. Hankins "If you don't do it right the first time,
Operations Engineer you'll just have to do it again."
Internet Systems Consortium, Inc. -- Jack T. Hankins
-----------------------------------------------------------------------
List Archives : http://www.isc.org/ops/lists/
Unsubscribe : http://www.isc.org/sw/dhcp/dhcp-lists.php
-or- : mailto:dhcp-server-request@isc.org?Subject=unsubscribe
-----------------------------------------------------------------------
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic