DRBL, pools and ACLs
Nicolas Costes
nicolas.costes at univ-nantes.fr
Thu Jun 5 16:17:27 UTC 2014
Hi all,
I'm trying to setup our dhcpd to serve adresses to both production worstations
and the ones being cloned with DRBL+Clonezilla. Additionnaly, we do not allow
unknown hosts to get an IP adress.
Needed behaviour:
- If the machine is booting with PXE while cloning with DRBL (whether it has a
dhcp declaration or not) : give an IP from a small pool.
- If the machine is booting for normal use AND has a dhcp declaration, give
its reserved IP from the large pool
- If the machine has no declaration AND is NOT booting with DRBL, reject its
request.
This is not working as expected, I think I did not get correctly the
principles of pools and ACLs. And trust me, I spent hours and days to read the
docs and perform tests ;)
For example, with the following setup, a machine can get an IP and parameters
from the DRBL pool ONLY if has never got them from the "normal" pool OR has no
declaration. It seems that a "DRBL" machine with an active lease gets
directed to the "normal" pool anyway : this is not what I want.
Can you please help me ? How do exectly multiple deny/allow clauses work
together ? Are pools the right container to do this ? Where in dhcpd.conf
should the declarations be written ?
Thanks in advance.
==Here is our dhcpd.conf==
authoritative;
class "DRBL-Client" {
match if
(substring(option vendor-class-identifier, 0, 9) = "PXEClient") or
(substring(option vendor-class-identifier, 0, 9) = "Etherboot") or
(substring(option vendor-class-identifier, 0, 10) = "DRBLClient") ;
}
subnet xx.xx.0.0 netmask 255.255.252.0 {
# Machines booting with DRBL
pool {
range xx.xx.0.220 xx.xx.0.239;
allow members of "DRBL-Client";
next-server xx.xx.0.16; # DRBL server
server-name "drbl";
} # End of DRBL pool
# Normal booting pool
pool {
range xx.xx.1.0 xx.xx.1.150;
deny members of "DRBL-Client";
deny unknown-clients;
} # End or normal
# Machines managed by another dhcp server
pool{
range xx.xx.1.151 xx.xx.1.254;
deny all clients;
not authoritative;
} # End of others
} # end of subnet
include "/etc/dhcp/fixed_adresses.conf"
==Here is the declarations file==
host this-PC {
hardware ethernet XX:XX:XX:XX:F4:7E;
fixed-address xx.xx.1.37;
}
--
Nicolas Costes
Responsable de parc informatique
IUT de la Roche-sur-Yon
Université de Nantes
Tél.: 02 51 47 40 29
More information about the dhcp-users
mailing list