DRBL, pools and ACLs

Nicolas Costes nicolas.costes at univ-nantes.fr
Thu Jun 5 16:17:27 UTC 2014 

Hi all,

I'm trying to setup our dhcpd to serve adresses to both production worstations 
and the ones being cloned with DRBL+Clonezilla. Additionnaly, we do not allow 
unknown hosts to get an IP adress.

Needed behaviour:

- If the machine is booting with PXE while cloning with DRBL (whether it has a 
dhcp declaration or not) : give an IP from a small pool.

- If the machine is booting for normal use AND has a dhcp declaration, give 
its reserved IP from the large pool
 
- If the machine has no declaration AND is NOT booting with DRBL, reject its 
request.

This is not working as expected, I think I did not get correctly the 
principles of pools and ACLs. And trust me, I spent hours and days to read the 
docs and perform tests ;)

For example, with the following setup, a machine can get an IP and parameters 
from the DRBL pool ONLY if has never got them from the "normal" pool OR has no 
declaration. It seems that a "DRBL" machine with an  active lease gets 
directed to the "normal" pool anyway : this is not what I want.


Can you please help me ? How do exectly multiple deny/allow clauses work 
together ? Are pools the right container to do this ? Where in dhcpd.conf 
should the declarations be written ?

Thanks in advance.


==Here is our dhcpd.conf==

authoritative;

class "DRBL-Client" {
  match if
  (substring(option vendor-class-identifier, 0, 9) = "PXEClient") or
  (substring(option vendor-class-identifier, 0, 9) = "Etherboot") or
  (substring(option vendor-class-identifier, 0, 10) = "DRBLClient") ;
}

subnet xx.xx.0.0 netmask 255.255.252.0 {

        # Machines booting with DRBL
        pool {
                range xx.xx.0.220 xx.xx.0.239;
                allow members of "DRBL-Client";
                next-server xx.xx.0.16; # DRBL server
                server-name "drbl";
        } # End of DRBL pool

        # Normal booting pool
        pool {
                range xx.xx.1.0 xx.xx.1.150;
                deny members of "DRBL-Client";
                deny unknown-clients;
        } # End or normal

        # Machines managed by another dhcp server
        pool{
                range xx.xx.1.151 xx.xx.1.254;
                deny all clients;
                not authoritative;
        } # End of others

} # end of subnet

include "/etc/dhcp/fixed_adresses.conf"


==Here is the declarations file==

host this-PC {
        hardware ethernet XX:XX:XX:XX:F4:7E;
        fixed-address xx.xx.1.37;
}






-- 
Nicolas Costes
Responsable de parc informatique
IUT de la Roche-sur-Yon
Université de Nantes
Tél.: 02 51 47 40 29

More information about the dhcp-users mailing list