Security :: IP Assignment To Authorized User Only Through DHCP Server?
Jan 15, 2010
I've a DHCP server in RHEL 5 and 100+ users in my network. I mapped 30 users MAC address with ip. Rest are getting ip address automatically. In my network, users tend to move from one department to another frequently. I've created scopes according to departments. (i.e. Dept A - 172.19.54.10-172.19.54.30 and so on for other departments).
1) I want to configure DHCP server in this way, that a client have to autheticated by DHCP server before receive and IP address.
2) Second, Whether DHCP server have free IPs in scope, but only clients can obtain IPs those MACs are mapped, rest should not without authentication or authorization.
A DHCP server in RHEL 5 and 100+ users in my network. I mapped 30 users MAC address with ip. Rest are getting ip address automatically. In my network, users tend to move from one department to another frequently. I've created scopes according to departments. (i.e. Dept A - 172.19.54.10-172.19.54.30 and so on for other departments).1) I want to configure DHCP server in this way, that a client have to autheticated by DHCP server before receive and IP address.2) Second, Whether DHCP server have free IPs in scope, but only clients can obtain IPs those MACs are mapped, rest should not without authentication or authorization
NIC is connected to a LINKSYS WRT54G running DHCP. There are plenty of available IP assignments. All other PC that I have connected to the LINKSYS work fine. The CAT 5 cable is fine.Why is this NIC not taking a DHCP assignment ?
I have a lab with 1 switch and 2 machines attached. One XP station and a debian lenny server. My debian runs dhcpd with this configuration
subnet 192.168.1.0 netmask 255.255.255.0 { range 192.168.1.31 192.168.1.254; default-lease-time 345600;
[code]....
I'm trying to restrict dhcp to only provide setting for a list of MAC addresses (about 300 macs) Using the following option is not good to me because I have not a pattern in my clients mac.
class "private-hosts" { match if substring (option hardware,1,11) = "01:00:50:56"; }
[code]....
I've try using iptables with following configuration, but XP still getting IP from dhcpd:
I have a lab with 1 switch and 2 machines attached. One XP station and a debian lenny server. My debian runs dhcpd with this configuration: subnet 192.168.1.0 netmask 255.255.255.0 { range 192.168.1.31 192.168.1.254; default-lease-time 345600; max-lease-time 691200; option routers 192.168.1.1; option subnet-mask 255.255.255.0; option domain-name "lab.com"; option domain-name-servers 192.168.1.12; option netbios-name-servers 192.168.1.12; option netbios-node-type 8; option broadcast-address 192.168.1.255; option ntp-servers 192.168.1.12; ddns-updates on; ddns-update-style interim; }
I'm trying to restrict dhcp to only provide setting for a list of MAC addresses (about 300 macs) Using the following option is not good to me because I have not a pattern in my clients mac.
class "private-hosts" { match if substring (option hardware,1,11) = "01:00:50:56"; } pool { range 192.168.1.31 192.168.1.254; allow members of "private-hosts"; }
I've try using iptables with following configuration, but XP still getting IP from dhcpd: iptables -P INPUT DROP iptables -P FORWARD ACCEPT iptables -P OUTPUT ACCEPT # Full from Localhost to Localhost iptables -A INPUT -i lo -j ACCEPT # Full from My PC iptables -A INPUT -s 192.168.1.2 -j ACCEPT So I can't limit DHCP for specific macs.
Two users on both Ubuntu server and Windows 7. Both users admins on Windows. Used SWAT to set up Samba. Printer is local to Ubuntu server. User A can access both file share and printer on Ubuntu server from Windows. User B can access the file share but can only see the printer, not use it. Have looked everywhere I can think of to find out why one user has access and the other doesn't on both Windows side and Ubuntu side. As far as I can tell, they are set up the same. Can anyone provide some direction on what I should look at to find out what might be preventing User B from being authorized to use the printer on Ubuntu?
I am having some difficulties comprehending some networking concepts relating to multiple subnets and dhcp servers, or dhcp relay servers. I have built home networks many times before, and they have all followed a very simple formula. A single subnet, let's say 192.168.1.0 which is fairly typical for me. My network's DNS server is always also my networks DHCP server. Typically at 192.168.1.1. When a DHCP client broadcasts for an IP over the subnet, 192.168.1.1(My DNS/DHCP server) will not only tell the client what it's new IP is to be, but will also tell the client what it's Gateway server is. This is ALSO 192.168.1.1 for me typically.
In this manner, a client broadcasts for networking information and is given a usable IP, and told to use 192.168.1.1 for most other functionality. Very simple. However, I am uncertain how to expand this to other subnets. Say.. 192.168.2.0.
A: I can use a separate DHCP server for each subnet. or B: I can use a DHCP Relay agent for 192.168.2.0 to pass the DHCP requests to the primary DHCP server on the 192.168.1.0 subnet.
Option A: is fairly straight forward and have had it functioning fine, but it is really B: I want to know more about. It seems somehow much cleaner to me. I prefer to centralize as much of my network provisioning services as possible. It makes it easier to manage TYPICALLY. My question though is related to Gateways and the use of DHCP Relay Agents....
I have a user account which is required to run as part of the operating system and as a service. I am currently attempting to install my companies software on an Ubuntu desktop via wine just for the purpose of finding out if it's do-able.
Is there a way, in Ubuntu, for a user account to be given the local rights assignment to act as part of the operating system and to function as a service in the background?
When a user that has rsa public key set in ~/.ssh/authorized_keys file logs in via ssh an sshd process is started to handle the ssh session.Periodically we audit the authorized keys and remove them from the system and authorized_keys file. This means the next log in attempt will fail, which is fine.However we need to terminate current ssh sessions in progress that use the rsa key.I have not been able to determine a way to map sshd processes with authorized_keys entries.
Any basic description of how linux assigns drive letters? I understand that a drive letter assignment is not static. If I add a drive between /dev/sda and /dev/sdb, my /dev/sdb will become /dev/sdc and the new drive will become /dev/sdb. I have a hot swap tray and have come into some unexpected behavior. I removed /dev/sde from the hot swap tray and then loaded another drive into this same tray. When I mounted the new drive with options in fstab, it wouldn't mount because the new drive was /dev/sdf, not /dev/sde. Apparently, linux is looking at the id of the drive in addition to it's place in the BIOS chain.
My fstab entry is: /dev/sde /backups auto noauto,rw,noexec,async,user 0 0 I was avoiding using UUIDs in the fstab so that new HDDs would not have to be "registered" in the fstab prior to use. Is there a way to tell linux (or fstab) whatever drive is plugged into SATA channel X mount to /mountpoint?
Back in April I set up a Ubuntu DHCP server and a multiple VLAN network [URL] to migrate our various servers, workstations, etc off the 192.168.1.1 /24 network that everything was on because we where running out of address space. I built out the new network and everything worked great except our AD server would never get an IP address from the DHCP server (static reservation) and even if I set the IP statically on the AD server it couldn't ping the gateway and noone could log in. After several attempts to resolve this, including bringing in outside help, we where never able to figure out what the problem was.
Now 6 months later I have time to revisit the issue without effecting the live network. I used Acronis and imaged the AD server last Friday, cloned it on to another box with the same hardware, and put it up on the new network that's been sitting unused for the last 6 months. Today when I statically set the IP on the AD server (which is what I want) it connects and I can ping it's gateway 192.168.1.1 and all the way across vlans to a test sales agent workstation at 192.168.8.xxx on vlan 800 but only if I statically assign the agents station an IP address. When I try to get an IP address via DHCP it fails as destination unreachable. Nothing has changed in the last 6 months on the DHCP server but now it for some reason can't ping its default gateway 192.168.1.1. All of the config files are the same as they where left from the post linked above aside from the vlan id's used where changed from 1's to 100's (i.e. vlan 3 is now vlan 300) /etc/network/interfaces
Code:
auto lo iface lo inet loopback auto vlan100 iface vlan100 inet static
[code]....
why it can't reach the gateway, when I do a tcpdump I can see the DHCP requests come in on eth0 but the server never responds and I'm pretty sure its because it isn't "seeing" them since it thinks there isn't a network connection but I don't know how to trouble shoot to find out where the problem lies.
Back in April I set up a Ubuntu DHCP server and a multiple VLAN network [URL] to migrate our various servers, workstations, etc off the 192.168.1.1 /24 network that everything was on because we where running out of address space. I built out the new network and everything worked great except our AD server would never get an IP address from the DHCP server (static reservation) and even if I set the IP statically on the AD server it couldn't ping the gateway and noone could log in. After several attempts to resolve this, including bringing in outside help, we where never able to figure out what the problem was.
Now 6 months later I have time to revisit the issue without effecting the live network. I used Acronis and imaged the AD server last Friday, cloned it on to another box with the same hardware, and put it up on the new network that's been sitting unused for the last 6 months. Today when I statically set the IP on the AD server (which is what I want) it connects and I can ping it's gateway 192.168.1.1 and all the way across vlans to a test sales agent workstation at 192.168.8.xxx on vlan 800 but only if I statically assign the agents station an IP address.
When I try to get an IP address via DHCP it fails as destination unreachable. Nothing has changed in the last 6 months on the DHCP server but now it for some reason can't ping its default gateway 192.168.1.1. All of the config files are the same as they where left from the post linked above aside from the vlan id's used where changed from 1's to 100's (i.e. vlan 3 is now vlan 300) /etc/network/interfaces
Code:
auto lo iface lo inet loopback auto vlan100
[code]....
why it can't reach the gateway, when I do a tcpdump I can see the DHCP requests come in on eth0 but the server never responds and I'm pretty sure its because it isn't "seeing" them since it thinks there isn't a network connection but I don't know how to trouble shoot to find out where the problem lies.
I am puzzled with trying to configure a linux (openSUSE) client to dhcp to eBox DHCP server. I am using dhclient to lease an IP address with dhclient eth0 -s 10.45.48.108 and get a response
openSUSE11232CL1 dhclient: DHCPDISCOVER on eth0 to 10.45.48.108 port 67 interval 4 openSUSE11232CL1 dhclient: DHCPOFFER from 10.45.48.108 openSUSE11232CL1 dhclient: DHCPREQUEST on eth0 to 10.45.48.108 port 67 openSUSE11232CL1 dhclient: send_packet: Network is unreachable openSUSE11232CL1 dhclient: send_packet: please consult README file regarding broadcast address.
The server reports eBox141 dhcpd: DHCPDISCOVER from 00:0c:29:3e:57:a3 (openSUSE11232CL1.domain.net) via eth0 eBox141 dhcpd: DHCPOFFER on 10.45.200.2 to 00:0c:29:3e:57:a3 (openSUSE11232CL1.domain.net) via eth0
I interpret this as the server receives the request and the client accepting it but the lease does not last long and the connection breaks. what this could be and why the connection breaks? Or my undestanding is totally wrong on how it works and should work? And BTW, where is that README file that's referenced in the message I receive on the client?
Currently I have my eth0 interface getting a DHCP address but at times the DHCP server will not be reachable. Sooo what I would like my server to do is if it cannot find a DHCP server assign a static address to eth0. Then start the DHCP service so it can then dish out some addresses.How can I do this? Surely it is possible
I have an embedded device for which I've created an html configuration page. This page allows you to set static IPs, dhcp, and can scan for wireless devices.My problem is that in order to access the device it requires that it runs as a dhcp server otherwise people are not assigned an IP and so can not access the embedded devices static IP. (This config page is for the laymen and so they are not the type who are able to set up their own static IPs). One of the potential options is to have the device connect to the network on eth0 acting as a dhcp client. However this prevents me from running a dhcp server.One solution I can think of is running a dhcp server only if it doesn't detect another dhcp server running on the network.
Facing this issue where I need to ssh from a solaris server to Linux server.The flow is as below: -Oracle Webserver on solaris server (oracle user) initiates a cgi script -The CGI script then executes a shell on the solaris server that tries to ssh to linux server
Have already tried the below: -Checked the permissions for the .ssh and related folder/files -authorized keys updated correctly -tried alternative ssh login from another user which works fine
Issue could be- -I must try the first login manually, where I'll need to enter password and then the solaris server will get registered in the known_hosts of the linux server -Cant do this because I donot have the oracle user access.
Please suggest a work-around to the issue that can be done from my end. Or is it that I must simply ask the DBA to execute an ssh from their ends?
I am having many mails transferred through my Sendmail server,but I want to configure only authorised email address through our server.optimize my mail server's configuration.
This dhcp server is configured with redhat enterprise edition. I found that logs are generating in the following path /var/log my doubt is how can i setup the logs generating for a specified day.
I installed Ubuntu Server and want to change the default user name to increase the difficulty of accessing the server.Is it possible to do this? If not, can I effect the same change by creating a new user and transferring over permissions, files, and etc.?
i am trying to setup a very basic samba share on RHEL.after editing smb.conf ,testparm output is ok,(though it shows STANDALONE SERVER.)the directive i have used are
We have 4 servers having rhel 5.2. We have several users logged in on one of them. We have nis server/client running on them and have common home area mounted on all of them. Now we want to disable/block the accounts of the users who have not accessed our servers in last 2 months from today.What logic should we apply to do so? We were checking stat of .bashrc of each user but is not correct logic. We are going to write shell script for the same. We dont want to do anything in users home area or their files.
My goal is this: Allow a user to connect to a server via SSH with any login name or password without checking to see if that account exists on that server. Their account would be captured by a universal account say, 'generic_user', and then they would be directed to one of my python scripts with the username and password they supplied for initial login. At this point my script would capture their SSHD process ID and allow/deny their existence based upon a MySQL/Subscription check.
The part I'm having trouble with is with PAM and allowing the user to login with any credentials and be successfully authenticated under the generic account. Beyond that, everything is great.
I wanted to set up Computer Lab. loading Fedora 11 OS and one system acting as a Server to store Users(Student) Login Informations. When students do a programs, all programs (eg, C++ programs) files should be saved in the local fedora system but when login to the system, the login should be validate by a Server System.
I am looking for an answer about how to allow just one trusted DHCP server and block others ?I am using Centos 5.5, iptables and dhclient.I have read that it is impossible to block DHCP Replay using iptables: URL...So how can I do that ? Maybe another dhcp client?
I have recently purchase a Dyxel DMA-1100p and have had a great success rate using the native MS windows software to broadcast my media files from the server to the TV that the DMA is connected to. I have install ushare on Fedora 12 and have not had much luck streaming media to the TV with it.
I have all the ports outlined in [URL] set to forward to the DMA, when accessing the server menu of the DMA "Fedora" shows in the server list but cannot be access. I either receive "starting server" or "Not authorized to browse this server" I have tried with router setting for UPNP enabled and disabled without any luck.
I'm attempting to write a web service that works only on my LAN and is not accessible via the internet. I need to restart the DHCP service without granting full root access, but I'm having trouble using the [/etc/init.d/dhcp3-server restart] command. It gives back a failure message that reports nothing:
$ /etc/init.d/dhcp3-server restart dhcpd self-test failed. Please fix the config file. The error was: $
Looking at the script itself, I found the command its trying to execute, and it came back with this:
$ /usr/sbin/dhcpd3 -t -cf /etc/dhcp3/dhcpd.conf drop_privileges: could not set group id: Operation not permitted
So I went and changed the dhcp: and dhcpd: AND www-data: in /etc/group so that www-data (The apache user) was part of the group, and still the init.d script wouldn't run.
I would prefer to NOT give passwordless access to the www-data user as I do other web services on this machine, however, giving access to stop my DHCP server is a risk I'm willing to take.
how can I restart the DHCP with apache so I can apply changes?
