Send dhcp-users mailing list submissions to dhcp-users@lists.isc.org
To subscribe or unsubscribe via the World Wide Web, visit https://lists.isc.org/mailman/listinfo/dhcp-users or, via email, send a message with subject or body 'help' to dhcp-users-requ...@lists.isc.org You can reach the person managing the list at dhcp-users-ow...@lists.isc.org When replying, please edit your Subject line so it is more specific than "Re: Contents of dhcp-users digest..." Today's Topics: 1. Re: Has an address record but no DHCID, not mine. (Bill Shirley) 2. Re: Has an address record but no DHCID, not mine. (thomas.z...@oenb.at) ---------------------------------------------------------------------- Message: 1 Date: Mon, 4 Sep 2017 21:30:47 -0400 From: Bill Shirley <b...@c3po.polymerindustries.biz> To: dhcp-users@lists.isc.org Subject: Re: Has an address record but no DHCID, not mine. Message-ID: <7111ef2d-58dc-330d-0e14-daea46eeb...@c3po.polymerindustries.biz> Content-Type: text/plain; charset=utf-8; format=flowed The device is probably pulling addresses for both wired and wireless.? Check to see if there are two different MAC address requesting address for the device. Bill On 9/4/2017 5:21 AM, thomas.z...@oenb.at wrote: > The Clients can not have wireless and wirded connection at the same time, but > the lease still is active. I tested it with a test Server today: (see my > config below) > > Sep 4 10:29:52 anlpn35 dhcpd: Added new forward map from > PC7345.ad.oenb.co.at to 172.20.17.22 > Sep 4 10:29:52 anlpn35 dhcpd: Added reverse map from > 22.17.20.172.in-addr.arpa. to PC7345.ad.oenb.co.at > Sep 4 10:35:11 anlpn35 dhcpd: Forward map from PC7345.ad.oenb.co.at to > 10.101.90.45 FAILED: Has an address record but no DHCID, not mine. > Sep 4 10:35:18 anlpn35 dhcpd: Forward map from PC7345.ad.oenb.co.at to > 10.101.90.45 FAILED: Has an address record but no DHCID, not mine. > Sep 4 10:35:20 anlpn35 dhcpd: Forward map from PC7345.ad.oenb.co.at to > 10.101.90.45 FAILED: Has an address record but no DHCID, not mine. > Sep 4 10:35:22 anlpn35 dhcpd: Forward map from PC7345.ad.oenb.co.at to > 10.101.90.45 FAILED: Has an address record but no DHCID, not mine. > Sep 4 10:35:25 anlpn35 dhcpd: Forward map from PC7345.ad.oenb.co.at to > 10.101.90.45 FAILED: Has an address record but no DHCID, not mine. > Sep 4 10:36:21 anlpn35 dhcpd: Added new forward map from > PC7345.ad.oenb.co.at.ad.oenb.co.at to 10.101.90.45 > Sep 4 10:36:21 anlpn35 dhcpd: Added reverse map from > 45.90.101.10.in-addr.arpa. to PC7345.ad.oenb.co.at.ad.oenb.co.at > Sep 4 10:37:06 anlpn35 dhcpd: Forward map from PC7345.ad.oenb.co.at to > 10.101.90.45 FAILED: Has an address record but no DHCID, not mine. > Sep 4 10:41:26 anlpn35 dhcpd: DHCPRELEASE of 172.20.17.22 from > f8:0b:cb:4f:db:dc (PC7345) via 212.39.196.110 (found) > Sep 4 10:41:26 anlpn35 dhcpd: Removed forward map from PC7345.ad.oenb.co.at > to 172.20.17.22 > Sep 4 10:50:41 anlpn35 dhcpd: Added new forward map from > PC7345.ad.oenb.co.at to 10.101.90.45 > Sep 4 10:50:41 anlpn35 dhcpd: Added reverse map from > 45.90.101.10.in-addr.arpa. to PC7345.ad.oenb.co.at > > > > # This is the Part of the dhcp.conf file for failover > # Her are only configs for the MASTER !!! > # To avoid missmatches in the configuration of primary and secondary we > include dhcpd.master > > > # Config for Failover Primary > # Name is used for Pools where Failover is implimentet > failover peer "BackUP" { > > secondary; > address 10.115.221.35; # listen on Interface Address > port 520; # listen on Port > peer address 10.115.221.36; # communicate to Address > peer port 519; # communicate to Port > max-response-delay 60; > max-unacked-updates 10; > #mclt 3600; # only on primary !!! > #split 128; # only on promary (only useful > value...) > load balance max seconds 3; > auto-partner-down 300; # > } > > > include "/etc/dhcp/dhcpd.master"; #here is the rest of the config > include "/etc/dhcp/dhcpd.static"; #here you finde the static leases > include "/etc/dhcp/dhcpd.zones"; #here you finde the zone declarations for > dynamic Updates > include "/etc/dhcp/dhcpd.scopes"; > > host PC7345 { > fixed-address 10.101.90.45; > hardware ethernet B5:B5:2F:AC:DC:B8; > option host-name "PC7345"; > ddns-hostname "PC7345"; > } > > #### I added snips of the files below > > > #/etc/dhcp/dhcpd.master > # Defined local option > option bpbatch code 135 = text; #PXE V1.0 > option bpbatch-script code 155 = text; #PXE V2.0 > option ProxyAutodiscoveryOption code 252 = text; #Proxy > option Novell-TreeStandard code 86 = text; #Novell > option Novell-Agent code 78 = { boolean , array of ip-address }; #Novell > option Novell-Scope-Name code 79 = { boolean , text }; #Novell > option time-offset code 2 = signed integer 32; > option time-server code 4 = array of ip-address; > option ldap-server code 95 = text; > option HPLjConfigFile code 144 = text; > option XDispMgr code 49 = array of ip-address; > option DNS-Suffix-Search-List code 119 = text; > option Cisco_LWAPP_AP code 241 = array of ip-address; > option architecture-type code 93 = unsigned integer 16; > option PXEClient code 60 = text; > > option space pxelinux; > option pxelinux.magic code 208 = string; > option pxelinux.configfile code 209 = text; > option pxelinux.pathprefix code 210 = text; > option pxelinux.reboottime code 211 = unsigned integer 32; > > #option PXEscriptName code 133 = text; > option tftp-server-name code 66 = text; > #for testing as global option > #next-server tftpserver.ad.oenb.co.at; #tftp server location > #server-identifier 10.211.223.100; > > ############################################################################# > # WINS > # 1 = b-node (broadcasts) > # 2 = p-node (point-to- point name queries to a WINS server), > # 4 = m-node (broadcast then query name server) > # 8 = h-node (query name server, then broadcast) > # disabled 20080724 /jps # option netbios-node-type 8; > # option netbios-name-servers 10.1.221.100, 10.1.221.101; > # disabled 20080724 /jps # option netbios-name-servers 10.211.223.100, > 10.211.223.101; > ############################################################################# > > ############################################################################# > # Optionen fuer Cisco Callmanager > ############################################################################# > option TFTP-Server-for-CallManager code 150 = array of ip-address; #Cisco > option TFTP-Server-for-CallManager 10.116.96.202,10.116.96.201; #Cisco > (anlpn62 - CUCM Subscriber, anlpn61 - CUCM Publisher) > ############################################################################# > # Ende CallManager > ############################################################################# > > > ############################################################################# > # LDAP Server > ############################################################################# > > #option ldap-server "ldap://ldap/o=myorg,o=baseorg"; > > ############################################################################# > # Ende LDAP Server > ############################################################################# > ############################################################################# > # Optionen fuer w2k Clients > ############################################################################# > option space MSFT; > option MSFT.release-on-shutdown code 2 = unsigned integer 32; > # Microsoft server sends a 32-bit integer!!!!!! > # option MSFT.release-on-shutdown code 2 = unsigned integer 8; > option MSFT.disable-netbios-over-tcpip code 1 = unsigned integer 32; > > class "win2k-clients" { > match if option vendor-class-identifier = "MSFT 5.0"; > vendor-option-space MSFT; > # 20080724 /jps > option MSFT.disable-netbios-over-tcpip 2; # disable > # option MSFT.release-on-shutdown 1; > #geht nicht allow-client-updates false; > } > class "vpn-clients-oenb" { > #auf pos 24, 3Byte lang eine IP, binary to ascii vom 10(basis f?r Zahl), > 8bit, . als Trennzeichen, source) > match if binary-to-ascii(10,8,".",packet(24,3)) = "172.20.17"; > #set myClientID = pick ( option dhcp-client-identifier,0); > #set dhcp-client-identifier = > concat(substring(ClientID,26,6),"-inside"); > log (info, concat ("Class-VPN-Client: ",myClientID)); > } > > ############################################################################# > # ende w2k clients > ############################################################################# > ############################################################################# > # DDNS Delete Old entries > ############################################################################# > > # I had to remove my on commit script. > # With the scipt enabled static leases did not get renewed > > ############################End DDNS Delete Old > entries###################### > > ############################################################################# > # SERVER OPTIONS > ############################################################################# > > ddns-update-style standard; # how to update the DNS > #ddns-update-style interim; # old non standard way used TXT records changed > 20170718 to standard > #ddns-update-style ad-hoc; # not supporter in future versions > update-static-leases true; # reserved leases update > ddns-ttl 900; # seconds after entry times out > deny client-updates; # ingnore DNS update by Client > ignore client-updates; > update-conflict-detection true; # true, the server will perform standard > DHCID multiple-client, one-name conflict detection > update-optimization false; # if false client will allways be renewed in DNS > # option definitions common to all supported networks... > # DNS > #option domain-name "w.oenb.co.at"; > #option domain-name-servers 10.115.241.100,10.115.221.35,10.115.221.36; > option domain-name-servers 10.115.241.100,10.241.241.100; > option ntp-servers 10.115.241.100; > option time-server 10.115.241.100; > option time-offset 3600; > > #What todo if the client send no hostname > #pick first possible string as hostname: > ddns-hostname = pick (option fqdn.hostname,option host-name,concat > ("dhcp-",binary-to-ascii (16,8,"-",substring (hardware,1,6)))); > > > > #################################################################################################### > > > #option host-name = config-option server.ddns-hostname; > > #option all-subnets-local true; > #option broadcast-address 255.255.255.255; > #option router-discovery false; > > #option ProxyAutodiscoveryOption = "http://anxpc2.w.oenb.co.at/proxy.js"; > #Proxy WPAD #Proxy WPAD TEMP 20150722/AF > option Novell-TreeStandard = OENB; # Novell > # option Novell-Agent true ANIA00; # Novell > # Changed to cisco loadbalancer 20070111 /jps > #option Novell-Agent true ANLA00, ANLA01; # Novell > option Novell-Agent true ANLAV00,ANLAV03; # Novell mail Durst 20090811 > # option Novell-Agent true NWSLP; # Novell > #option Novell-Scope-Name true "UNSCOPED"; # Novell > option Novell-Scope-Name true "OENB"; # Novell > > default-lease-time 1209600; #604800; # seconds 1209600 14 Tage > max-lease-time 2419200; # seconds > min-lease-time 43200; # seconds > one-lease-per-client true; # setzt alle Leases auf free, die auf die Mac > gehen > deny duplicates; #ist gegenden Standard. Verhinderet Mehrere Leases pro MAC > bei verschiedenen UIDs (PXE Boot dann Linux oder Windows) > stash-agent-options true; #merke dir die Forwarder Info > > lease-file-name "/var/dhcp/dhcpd.leases"; > pid-file-name "/var/run/dhcp/dhcpd.pid"; > ping-check on; # check if IP Address is free > #server-identifier 10.115.255.255; # server address to send to client > # not supported con router (no directed Brodcast) > # Wegen HP-Jetdirects auf Mac Gefiltert!!! > allow booting; > allow bootp; > > log-facility local7; # where to write the logfile > > authoritative; # Clients trust this server more > > > ########################################################################### > # Definition for omshell connections to controll server in runtime > key defomapi { > algorithm hmac-md5; > secret "****"; > } > omapi-key defomapi; # optional key > omapi-port 7911; # Port to listen to (and to enable) > ############################################################################ > > ############################################################################ > # > # KEY s > # > ############################################################################ > > key dhcp-update. { > algorithm hmac-md5; > secret "****"; > } > > ############################################################################ > # > # CLASSEN > # > ############################################################################ > > > ####### Jet Direct Boxen > ####### Alle anderen ausser den xxx Jet direct karten: > > Class "noJetDirect" { > > match if ((substring(hardware,1,3) != 00:01:E6) and > (substring(hardware,1,3) != 00:10:83) and (substring(hardware,1,3) != > 00:30:c1) and (substring(hardware,1,3) != 00:60:b0) and not > (substring(option vendor-class-identifier,0,9) = "PXEClient")); > # server-identifier 10.115.241.100; # server address to > send to client > } > > # SunRay > Class "SunRayClients" { > > match if ((substring(hardware,1,3) = 00:14:4F) or > (substring(hardware,1,3) > = 00:21:28)); > > log (info, "Class Decission Sunray" ); > set relay-agent = binary-to-ascii(10,8,".",packet(24,3)); > log (info, concat("GW:",relay-agent) ); > # option tftp-server-name "srss02.w.oenb.co.at"; > # option XDispMgr 10.111.252.102; > } > > ############################################################################# > # Definition of PXE-specific options > # Code 1: Multicast IP address of bootfile > # Code 2: UDP port that client should monitor for MTFTP responses > # Code 3: UDP port that MTFTP servers are using to listen for MTFTP requests > # Code 4: Number of secondes a client must listen for activity before trying > # to start a new MTFTP transfer > # Code 5: Number of secondes a client must listen before trying to restart > # a MTFTP transfer > # option bpbatch code 135 = text; #PXE V1.0 on top of Script > # option bpbatch-script code 155 = text; #PXE V2.0 on top of Script > > option space PXE; > option PXE.mtftp-ip code 1 = ip-address; > option PXE.mtftp-cport code 2 = unsigned integer 16; > option PXE.mtftp-sport code 3 = unsigned integer 16; > option PXE.mtftp-tmout code 4 = unsigned integer 8; > option PXE.mtftp-delay code 5 = unsigned integer 8; > option PXE.discovery-control code 6 = unsigned integer 8; > option PXE.discovery-mcast-addr code 7 = ip-address; > > option space SUNW; > option SUNW.SrootIP4 code 2 = ip-address; > option SUNW.SrootNM code 3 = text; > option SUNW.SrootPTH code 4 = text; > option SUNW.SinstIP4 code 10 = ip-address; > option SUNW.SinstNM code 11 = text; > option SUNW.SinstPTH code 12 = text; > option SUNW.SbootURI code 16 = text; > > > class "PXE" { > > match if substring(option vendor-class-identifier,0,9) = "PXEClient"; > default-lease-time 1800; # seconds 1800 30min > max-lease-time 1800; # seconds > # option vendor-class-identifier "PXEClient"; > set relay-agent = binary-to-ascii(10,8,".",packet(24,3)); > log (info, "Class PXE-Boot" ); > log (info, concat("GW:",relay-agent) ); > log (info, architecture-type ); > > vendor-option-space PXE; > # option PXE.mtftp-ip 0.0.0.0; #set to zero to use standard TFTP > server > # option tftp-server-name "tftpserver.ad.oenb.co.at"; #tftp > Server > > if (relay-agent = "10.112.0") { > option PXEClient "PXEClient"; # Bug with Windows Setup Server > next-server anut123.w.oenb.co.at; #tftp server location > bddserver > filename "SUNW.i86pc"; # Bootfilename (incl path) > } else { > # next-server tftpserver.ad.oenb.co.at; > #tftp server location > bpbatch > next-server bddserver1.ad.oenb.co.at; #tftp server location > bddserver > if (option architecture-type = 00:07) { > option tftp-server-name "bddserver1.ad.oenb.co.at"; > #tftp Server ANCS04 > filename "\\boot\\x64\\wdsmgfw\.efi"; # Bootfilename > (incl path) > option PXEClient "PXEClient"; > } else { > filename "\\boot\\pxeboot\.n12"; # Bootfilename (incl > path) > } > } > # > # Intel EtherExpress PRO 100 with Intel Boot Agent 2.2 > # > # Agent doesnt request option 155 needed by bpbatch. We force the > # server to include it in its reply. > if option dhcp-parameter-request-list = > 01:03:3c:2b:43:80:81:82:83:84:85:86:87 { > > # 080123 tz option dhcp-server-identifier > 10.211.223.100; #damit er > sich das File vom TFTP Server holt > option dhcp-server-identifier 10.115.221.35; #damit er sich das > File vom > TFTP Server holt > # supersede dhcp-parameter-request-list > # > 1,3,60,43,66,67,128,129,130,131,132,133,134,135,155; > } > } > > class "SUNW.SPARC-Enterprise" { > match if substring(option vendor-class-identifier,0,21) = > "SUNW.SPARC-Enterprise"; > #option vendor-class-identifier "SUNW.SPARC-Enterprise"; > log (info, "Class SUNW" ); > vendor-option-space SUNW; > option SUNW.SinstNM "anut123.w.oenb.co.at"; > option SUNW.SinstIP4 10.112.221.123; > option SUNW.SinstPTH > "/export/home/kits/INSTALLSERVER/sol-10-u6-ga1-sparc-dvd"; > option SUNW.SrootNM "anut123.w.oenb.co.at"; > option SUNW.SrootIP4 10.112.221.123; > option SUNW.SrootPTH > "/export/home/kits/INSTALLSERVER/sol-10-u6-ga1-sparc-dvd/Solaris_10/Tools/Boot"; > #option SUNW.SbootURI > "tftp://anut123.w.oenb.co.at/SUNW.SPARC-Enterprise"; > filename "0100144FB7D81E"; > } > > > ############################### END PXE DEFINITION > ########################### > > > ############################################################# > # > # Here are our Scopes > # > ############################################################# > > # No service will be given on this subnet, but declaring it helps the > # DHCP server to understand the network topology. > > subnet 10.114.0.0 netmask 255.255.0.0 { > } > subnet 10.115.0.0 netmask 255.255.0.0 { > } > subnet 10.100.0.0 netmask 255.255.0.0 { > } > > ############ Server Lans > > host anxn01_ping_test_W2K8 { > > hardware ethernet 00:50:56:8f:74:3f; > fixed-address 10.100.0.11; > } > > ########### Client Lans > > shared-network "TestDHCPClient" { > > subnet 10.188.0.0 netmask 255.255.0.0 { > > option subnet-mask 255.255.0.0; > option routers 10.188.0.1; > option broadcast-address 10.188.255.255; > option domain-name "adxml.oenb.co.at"; > #option domain-name-servers 10.211.229.110, 10.112.221.240, > 10.112.221.1, > 10.211.229.110; > ddns-domainname= "adxml.oenb.co.at"; # add to hostname > option bpbatch = "oenb"; > option bpbatch-script = "oenb"; > pool { > > range 10.188.0.100 10.188.0.200; # rage for Clients > failover peer "BackUP"; > deny dynamic bootp clients; > } > } > } > > zone 0.188.10.in-addr.arpa. { > > primary 10.211.229.110; #adxml anet10 > } > > #### zones all the same > zone 10.in-addr.arpa { > > primary 192.168.31.130; > key dhcp-update.; > } > > #### scopes all the same > shared-network "OeNB-RIB" { > > subnet 10.97.0.0 netmask 255.255.0.0 { > > option subnet-mask 255.255.0.0; > option domain-name "ad.oenb.co.at"; > ddns-domainname= "ad.oenb.co.at"; > pool { > > range 10.97.10.0 10.97.10.254; > failover peer "BackUP"; > deny dynamic bootp clients; > } > option routers 10.97.0.1; > option bpbatch "oenb"; > option bpbatch-script "oenb"; > } > } > > > > > -- > Sent from: http://isc-dhcp-users.2343191.n4.nabble.com/ > _______________________________________________ > dhcp-users mailing list > dhcp-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/dhcp-users ------------------------------ Message: 2 Date: Mon, 4 Sep 2017 23:45:56 -0700 (MST) From: "thomas.z...@oenb.at" <thomas.z...@oenb.at> To: dhcp-users@lists.isc.org Subject: Re: Has an address record but no DHCID, not mine. Message-ID: <1504593956275-0.p...@n4.nabble.com> Content-Type: text/plain; charset=us-ascii Hi Bill, Yes the mac is different: Sep 4 10:29:52 anlpn35 dhcpd: DHCPREQUEST for 172.20.17.22 from f8:0b:cb:4f:db:dc (PC7345) via 212.39.196.110 Sep 4 10:29:52 anlpn35 dhcpd: DHCPACK on 172.20.17.22 to f8:0b:cb:4f:db:dc (PC7345) via 212.39.196.110 Sep 4 10:50:41 anlpn35 dhcpd: DHCPREQUEST for 10.101.90.45 from d4:81:d7:77:15:16 via enp6s0 Sep 4 10:50:41 anlpn35 dhcpd: DHCPACK on 10.101.90.45 to d4:81:d7:77:15:16 via enp6s0 The difference is, the 172.20 Address is for a Cisco AnyConnect Client. Actually Requested by the Firewall with a different UID for each Session. MAC for all sessions is the same. Nevertheless anlpn35 added the A Record for 172.20.17.22 why does it say DHCID not mine?? Tom -- Sent from: http://isc-dhcp-users.2343191.n4.nabble.com/ ------------------------------ Subject: Digest Footer _______________________________________________ dhcp-users mailing list dhcp-users@lists.isc.org https://lists.isc.org/mailman/listinfo/dhcp-users ------------------------------ End of dhcp-users Digest, Vol 107, Issue 6 ******************************************