LDAP - Was: Re: Host declarations in different ranges within the same subnet
Marcio Merlone
marcio.merlone at a1.ind.br
Thu Jun 14 10:55:35 UTC 2012
Em 14-06-2012 04:04, Simon Hobson escreveu:
> Glenn Satchell wrote:
>> In that second pool you could have:
>> deny members of "classFirewallFullAccess";
>> rather than
>> deny unknown-clients;
>>
>> and do away with the host statements. As it is you need to add your
>> special hosts to a host statement *and* the subclass. Easier to just
>> do it
>> once.
>
> Actually, as I read it he's wanting to do something he never told us
> about - like that's unusual in here!
>
> Looks like he wants one subnet for stuff he knows about, with some of
> those getting preferential treatment. And for anything else (ie
> visitors etc) he wants to use a different subnet altogether.
> So 3 choices.
Yeah, 3 choices. Didn't mentioned the third one since it is damn simple
and trivial. Allow unknow-clientes. :)
> I'd be tempted to use two classes for known stuff rather than use a
> class for the privileged and hosts for the rest which will make it
> harder to maintain. In a DB you could keep a flag for which class the
> device is, then just spit out a list of MACs and class membership
> without having to have "if it's <something> then make a subclass, else
> make a host statement" stuff.
That is a KISS. Will do that when I get the time to automate it, feed a
DB with all hw addresses, etc but for now mixing hosts and classes
suffice. It is a small network anyway with only a couple hundreds clients.
BTW, is there how to make dhcpd read hosts/subclasses information live
from LDAP? :))) Or should I cron-dump it to a file?
Thanks a lot for all help and best regards.
--
*Marcio Merlone*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20120614/da857f5d/attachment.html>
More information about the dhcp-users
mailing list