Send dhcp-users mailing list submissions to
dhcp-users@lists.isc.org
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.isc.org/mailman/listinfo/dhcp-users
or, via email, send a message with subject or body 'help' to
dhcp-users-requ...@lists.isc.org
You can reach the person managing the list at
dhcp-users-ow...@lists.isc.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of dhcp-users digest..."
Today's Topics:
1. Re: Has an address record but no DHCID, not mine. (Bill Shirley)
2. Re: Has an address record but no DHCID, not mine.
(thomas.z...@oenb.at)
----------------------------------------------------------------------
Message: 1
Date: Mon, 4 Sep 2017 21:30:47 -0400
From: Bill Shirley <b...@c3po.polymerindustries.biz>
To: dhcp-users@lists.isc.org
Subject: Re: Has an address record but no DHCID, not mine.
Message-ID:
<7111ef2d-58dc-330d-0e14-daea46eeb...@c3po.polymerindustries.biz>
Content-Type: text/plain; charset=utf-8; format=flowed
The device is probably pulling addresses for both wired and wireless.? Check
to see if there are two different MAC address requesting address for the device.
Bill
On 9/4/2017 5:21 AM, thomas.z...@oenb.at wrote:
> The Clients can not have wireless and wirded connection at the same time, but
> the lease still is active. I tested it with a test Server today: (see my
> config below)
>
> Sep 4 10:29:52 anlpn35 dhcpd: Added new forward map from
> PC7345.ad.oenb.co.at to 172.20.17.22
> Sep 4 10:29:52 anlpn35 dhcpd: Added reverse map from
> 22.17.20.172.in-addr.arpa. to PC7345.ad.oenb.co.at
> Sep 4 10:35:11 anlpn35 dhcpd: Forward map from PC7345.ad.oenb.co.at to
> 10.101.90.45 FAILED: Has an address record but no DHCID, not mine.
> Sep 4 10:35:18 anlpn35 dhcpd: Forward map from PC7345.ad.oenb.co.at to
> 10.101.90.45 FAILED: Has an address record but no DHCID, not mine.
> Sep 4 10:35:20 anlpn35 dhcpd: Forward map from PC7345.ad.oenb.co.at to
> 10.101.90.45 FAILED: Has an address record but no DHCID, not mine.
> Sep 4 10:35:22 anlpn35 dhcpd: Forward map from PC7345.ad.oenb.co.at to
> 10.101.90.45 FAILED: Has an address record but no DHCID, not mine.
> Sep 4 10:35:25 anlpn35 dhcpd: Forward map from PC7345.ad.oenb.co.at to
> 10.101.90.45 FAILED: Has an address record but no DHCID, not mine.
> Sep 4 10:36:21 anlpn35 dhcpd: Added new forward map from
> PC7345.ad.oenb.co.at.ad.oenb.co.at to 10.101.90.45
> Sep 4 10:36:21 anlpn35 dhcpd: Added reverse map from
> 45.90.101.10.in-addr.arpa. to PC7345.ad.oenb.co.at.ad.oenb.co.at
> Sep 4 10:37:06 anlpn35 dhcpd: Forward map from PC7345.ad.oenb.co.at to
> 10.101.90.45 FAILED: Has an address record but no DHCID, not mine.
> Sep 4 10:41:26 anlpn35 dhcpd: DHCPRELEASE of 172.20.17.22 from
> f8:0b:cb:4f:db:dc (PC7345) via 212.39.196.110 (found)
> Sep 4 10:41:26 anlpn35 dhcpd: Removed forward map from PC7345.ad.oenb.co.at
> to 172.20.17.22
> Sep 4 10:50:41 anlpn35 dhcpd: Added new forward map from
> PC7345.ad.oenb.co.at to 10.101.90.45
> Sep 4 10:50:41 anlpn35 dhcpd: Added reverse map from
> 45.90.101.10.in-addr.arpa. to PC7345.ad.oenb.co.at
>
>
>
> # This is the Part of the dhcp.conf file for failover
> # Her are only configs for the MASTER !!!
> # To avoid missmatches in the configuration of primary and secondary we
> include dhcpd.master
>
>
> # Config for Failover Primary
> # Name is used for Pools where Failover is implimentet
> failover peer "BackUP" {
>
> secondary;
> address 10.115.221.35; # listen on Interface Address
> port 520; # listen on Port
> peer address 10.115.221.36; # communicate to Address
> peer port 519; # communicate to Port
> max-response-delay 60;
> max-unacked-updates 10;
> #mclt 3600; # only on primary !!!
> #split 128; # only on promary (only useful
> value...)
> load balance max seconds 3;
> auto-partner-down 300; #
> }
>
>
> include "/etc/dhcp/dhcpd.master"; #here is the rest of the config
> include "/etc/dhcp/dhcpd.static"; #here you finde the static leases
> include "/etc/dhcp/dhcpd.zones"; #here you finde the zone declarations for
> dynamic Updates
> include "/etc/dhcp/dhcpd.scopes";
>
> host PC7345 {
> fixed-address 10.101.90.45;
> hardware ethernet B5:B5:2F:AC:DC:B8;
> option host-name "PC7345";
> ddns-hostname "PC7345";
> }
>
> #### I added snips of the files below
>
>
> #/etc/dhcp/dhcpd.master
> # Defined local option
> option bpbatch code 135 = text; #PXE V1.0
> option bpbatch-script code 155 = text; #PXE V2.0
> option ProxyAutodiscoveryOption code 252 = text; #Proxy
> option Novell-TreeStandard code 86 = text; #Novell
> option Novell-Agent code 78 = { boolean , array of ip-address }; #Novell
> option Novell-Scope-Name code 79 = { boolean , text }; #Novell
> option time-offset code 2 = signed integer 32;
> option time-server code 4 = array of ip-address;
> option ldap-server code 95 = text;
> option HPLjConfigFile code 144 = text;
> option XDispMgr code 49 = array of ip-address;
> option DNS-Suffix-Search-List code 119 = text;
> option Cisco_LWAPP_AP code 241 = array of ip-address;
> option architecture-type code 93 = unsigned integer 16;
> option PXEClient code 60 = text;
>
> option space pxelinux;
> option pxelinux.magic code 208 = string;
> option pxelinux.configfile code 209 = text;
> option pxelinux.pathprefix code 210 = text;
> option pxelinux.reboottime code 211 = unsigned integer 32;
>
> #option PXEscriptName code 133 = text;
> option tftp-server-name code 66 = text;
> #for testing as global option
> #next-server tftpserver.ad.oenb.co.at; #tftp server location
> #server-identifier 10.211.223.100;
>
> #############################################################################
> # WINS
> # 1 = b-node (broadcasts)
> # 2 = p-node (point-to- point name queries to a WINS server),
> # 4 = m-node (broadcast then query name server)
> # 8 = h-node (query name server, then broadcast)
> # disabled 20080724 /jps # option netbios-node-type 8;
> # option netbios-name-servers 10.1.221.100, 10.1.221.101;
> # disabled 20080724 /jps # option netbios-name-servers 10.211.223.100,
> 10.211.223.101;
> #############################################################################
>
> #############################################################################
> # Optionen fuer Cisco Callmanager
> #############################################################################
> option TFTP-Server-for-CallManager code 150 = array of ip-address; #Cisco
> option TFTP-Server-for-CallManager 10.116.96.202,10.116.96.201; #Cisco
> (anlpn62 - CUCM Subscriber, anlpn61 - CUCM Publisher)
> #############################################################################
> # Ende CallManager
> #############################################################################
>
>
> #############################################################################
> # LDAP Server
> #############################################################################
>
> #option ldap-server "ldap://ldap/o=myorg,o=baseorg";;
>
> #############################################################################
> # Ende LDAP Server
> #############################################################################
> #############################################################################
> # Optionen fuer w2k Clients
> #############################################################################
> option space MSFT;
> option MSFT.release-on-shutdown code 2 = unsigned integer 32;
> # Microsoft server sends a 32-bit integer!!!!!!
> # option MSFT.release-on-shutdown code 2 = unsigned integer 8;
> option MSFT.disable-netbios-over-tcpip code 1 = unsigned integer 32;
>
> class "win2k-clients" {
> match if option vendor-class-identifier = "MSFT 5.0";
> vendor-option-space MSFT;
> # 20080724 /jps
> option MSFT.disable-netbios-over-tcpip 2; # disable
> # option MSFT.release-on-shutdown 1;
> #geht nicht allow-client-updates false;
> }
> class "vpn-clients-oenb" {
> #auf pos 24, 3Byte lang eine IP, binary to ascii vom 10(basis f?r Zahl),
> 8bit, . als Trennzeichen, source)
> match if binary-to-ascii(10,8,".",packet(24,3)) = "172.20.17";
> #set myClientID = pick ( option dhcp-client-identifier,0);
> #set dhcp-client-identifier =
> concat(substring(ClientID,26,6),"-inside");
> log (info, concat ("Class-VPN-Client: ",myClientID));
> }
>
> #############################################################################
> # ende w2k clients
> #############################################################################
> #############################################################################
> # DDNS Delete Old entries
> #############################################################################
>
> # I had to remove my on commit script.
> # With the scipt enabled static leases did not get renewed
>
> ############################End DDNS Delete Old
> entries######################
>
> #############################################################################
> # SERVER OPTIONS
> #############################################################################
>
> ddns-update-style standard; # how to update the DNS
> #ddns-update-style interim; # old non standard way used TXT records changed
> 20170718 to standard
> #ddns-update-style ad-hoc; # not supporter in future versions
> update-static-leases true; # reserved leases update
> ddns-ttl 900; # seconds after entry times out
> deny client-updates; # ingnore DNS update by Client
> ignore client-updates;
> update-conflict-detection true; # true, the server will perform standard
> DHCID multiple-client, one-name conflict detection
> update-optimization false; # if false client will allways be renewed in DNS
> # option definitions common to all supported networks...
> # DNS
> #option domain-name "w.oenb.co.at";
> #option domain-name-servers 10.115.241.100,10.115.221.35,10.115.221.36;
> option domain-name-servers 10.115.241.100,10.241.241.100;
> option ntp-servers 10.115.241.100;
> option time-server 10.115.241.100;
> option time-offset 3600;
>
> #What todo if the client send no hostname
> #pick first possible string as hostname:
> ddns-hostname = pick (option fqdn.hostname,option host-name,concat
> ("dhcp-",binary-to-ascii (16,8,"-",substring (hardware,1,6))));
>
>
>
> ####################################################################################################
>
>
> #option host-name = config-option server.ddns-hostname;
>
> #option all-subnets-local true;
> #option broadcast-address 255.255.255.255;
> #option router-discovery false;
>
> #option ProxyAutodiscoveryOption = "http://anxpc2.w.oenb.co.at/proxy.js";;
> #Proxy WPAD #Proxy WPAD TEMP 20150722/AF
> option Novell-TreeStandard = OENB; # Novell
> # option Novell-Agent true ANIA00; # Novell
> # Changed to cisco loadbalancer 20070111 /jps
> #option Novell-Agent true ANLA00, ANLA01; # Novell
> option Novell-Agent true ANLAV00,ANLAV03; # Novell mail Durst 20090811
> # option Novell-Agent true NWSLP; # Novell
> #option Novell-Scope-Name true "UNSCOPED"; # Novell
> option Novell-Scope-Name true "OENB"; # Novell
>
> default-lease-time 1209600; #604800; # seconds 1209600 14 Tage
> max-lease-time 2419200; # seconds
> min-lease-time 43200; # seconds
> one-lease-per-client true; # setzt alle Leases auf free, die auf die Mac
> gehen
> deny duplicates; #ist gegenden Standard. Verhinderet Mehrere Leases pro MAC
> bei verschiedenen UIDs (PXE Boot dann Linux oder Windows)
> stash-agent-options true; #merke dir die Forwarder Info
>
> lease-file-name "/var/dhcp/dhcpd.leases";
> pid-file-name "/var/run/dhcp/dhcpd.pid";
> ping-check on; # check if IP Address is free
> #server-identifier 10.115.255.255; # server address to send to client
> # not supported con router (no directed Brodcast)
> # Wegen HP-Jetdirects auf Mac Gefiltert!!!
> allow booting;
> allow bootp;
>
> log-facility local7; # where to write the logfile
>
> authoritative; # Clients trust this server more
>
>
> ###########################################################################
> # Definition for omshell connections to controll server in runtime
> key defomapi {
> algorithm hmac-md5;
> secret "****";
> }
> omapi-key defomapi; # optional key
> omapi-port 7911; # Port to listen to (and to enable)
> ############################################################################
>
> ############################################################################
> #
> # KEY s
> #
> ############################################################################
>
> key dhcp-update. {
> algorithm hmac-md5;
> secret "****";
> }
>
> ############################################################################
> #
> # CLASSEN
> #
> ############################################################################
>
>
> ####### Jet Direct Boxen
> ####### Alle anderen ausser den xxx Jet direct karten:
>
> Class "noJetDirect" {
>
> match if ((substring(hardware,1,3) != 00:01:E6) and
> (substring(hardware,1,3) != 00:10:83) and (substring(hardware,1,3) !=
> 00:30:c1) and (substring(hardware,1,3) != 00:60:b0) and not
> (substring(option vendor-class-identifier,0,9) = "PXEClient"));
> # server-identifier 10.115.241.100; # server address to
> send to client
> }
>
> # SunRay
> Class "SunRayClients" {
>
> match if ((substring(hardware,1,3) = 00:14:4F) or
> (substring(hardware,1,3)
> = 00:21:28));
>
> log (info, "Class Decission Sunray" );
> set relay-agent = binary-to-ascii(10,8,".",packet(24,3));
> log (info, concat("GW:",relay-agent) );
> # option tftp-server-name "srss02.w.oenb.co.at";
> # option XDispMgr 10.111.252.102;
> }
>
> #############################################################################
> # Definition of PXE-specific options
> # Code 1: Multicast IP address of bootfile
> # Code 2: UDP port that client should monitor for MTFTP responses
> # Code 3: UDP port that MTFTP servers are using to listen for MTFTP requests
> # Code 4: Number of secondes a client must listen for activity before trying
> # to start a new MTFTP transfer
> # Code 5: Number of secondes a client must listen before trying to restart
> # a MTFTP transfer
> # option bpbatch code 135 = text; #PXE V1.0 on top of Script
> # option bpbatch-script code 155 = text; #PXE V2.0 on top of Script
>
> option space PXE;
> option PXE.mtftp-ip code 1 = ip-address;
> option PXE.mtftp-cport code 2 = unsigned integer 16;
> option PXE.mtftp-sport code 3 = unsigned integer 16;
> option PXE.mtftp-tmout code 4 = unsigned integer 8;
> option PXE.mtftp-delay code 5 = unsigned integer 8;
> option PXE.discovery-control code 6 = unsigned integer 8;
> option PXE.discovery-mcast-addr code 7 = ip-address;
>
> option space SUNW;
> option SUNW.SrootIP4 code 2 = ip-address;
> option SUNW.SrootNM code 3 = text;
> option SUNW.SrootPTH code 4 = text;
> option SUNW.SinstIP4 code 10 = ip-address;
> option SUNW.SinstNM code 11 = text;
> option SUNW.SinstPTH code 12 = text;
> option SUNW.SbootURI code 16 = text;
>
>
> class "PXE" {
>
> match if substring(option vendor-class-identifier,0,9) = "PXEClient";
> default-lease-time 1800; # seconds 1800 30min
> max-lease-time 1800; # seconds
> # option vendor-class-identifier "PXEClient";
> set relay-agent = binary-to-ascii(10,8,".",packet(24,3));
> log (info, "Class PXE-Boot" );
> log (info, concat("GW:",relay-agent) );
> log (info, architecture-type );
>
> vendor-option-space PXE;
> # option PXE.mtftp-ip 0.0.0.0; #set to zero to use standard TFTP
> server
> # option tftp-server-name "tftpserver.ad.oenb.co.at"; #tftp
> Server
>
> if (relay-agent = "10.112.0") {
> option PXEClient "PXEClient"; # Bug with Windows Setup Server
> next-server anut123.w.oenb.co.at; #tftp server location
> bddserver
> filename "SUNW.i86pc"; # Bootfilename (incl path)
> } else {
> # next-server tftpserver.ad.oenb.co.at;
> #tftp server location
> bpbatch
> next-server bddserver1.ad.oenb.co.at; #tftp server location
> bddserver
> if (option architecture-type = 00:07) {
> option tftp-server-name "bddserver1.ad.oenb.co.at";
> #tftp Server ANCS04
> filename "\\boot\\x64\\wdsmgfw\.efi"; # Bootfilename
> (incl path)
> option PXEClient "PXEClient";
> } else {
> filename "\\boot\\pxeboot\.n12"; # Bootfilename (incl
> path)
> }
> }
> #
> # Intel EtherExpress PRO 100 with Intel Boot Agent 2.2
> #
> # Agent doesnt request option 155 needed by bpbatch. We force the
> # server to include it in its reply.
> if option dhcp-parameter-request-list =
> 01:03:3c:2b:43:80:81:82:83:84:85:86:87 {
>
> # 080123 tz option dhcp-server-identifier
> 10.211.223.100; #damit er
> sich das File vom TFTP Server holt
> option dhcp-server-identifier 10.115.221.35; #damit er sich das
> File vom
> TFTP Server holt
> # supersede dhcp-parameter-request-list
> #
> 1,3,60,43,66,67,128,129,130,131,132,133,134,135,155;
> }
> }
>
> class "SUNW.SPARC-Enterprise" {
> match if substring(option vendor-class-identifier,0,21) =
> "SUNW.SPARC-Enterprise";
> #option vendor-class-identifier "SUNW.SPARC-Enterprise";
> log (info, "Class SUNW" );
> vendor-option-space SUNW;
> option SUNW.SinstNM "anut123.w.oenb.co.at";
> option SUNW.SinstIP4 10.112.221.123;
> option SUNW.SinstPTH
> "/export/home/kits/INSTALLSERVER/sol-10-u6-ga1-sparc-dvd";
> option SUNW.SrootNM "anut123.w.oenb.co.at";
> option SUNW.SrootIP4 10.112.221.123;
> option SUNW.SrootPTH
> "/export/home/kits/INSTALLSERVER/sol-10-u6-ga1-sparc-dvd/Solaris_10/Tools/Boot";
> #option SUNW.SbootURI
> "tftp://anut123.w.oenb.co.at/SUNW.SPARC-Enterprise";;
> filename "0100144FB7D81E";
> }
>
>
> ############################### END PXE DEFINITION
> ###########################
>
>
> #############################################################
> #
> # Here are our Scopes
> #
> #############################################################
>
> # No service will be given on this subnet, but declaring it helps the
> # DHCP server to understand the network topology.
>
> subnet 10.114.0.0 netmask 255.255.0.0 {
> }
> subnet 10.115.0.0 netmask 255.255.0.0 {
> }
> subnet 10.100.0.0 netmask 255.255.0.0 {
> }
>
> ############ Server Lans
>
> host anxn01_ping_test_W2K8 {
>
> hardware ethernet 00:50:56:8f:74:3f;
> fixed-address 10.100.0.11;
> }
>
> ########### Client Lans
>
> shared-network "TestDHCPClient" {
>
> subnet 10.188.0.0 netmask 255.255.0.0 {
>
> option subnet-mask 255.255.0.0;
> option routers 10.188.0.1;
> option broadcast-address 10.188.255.255;
> option domain-name "adxml.oenb.co.at";
> #option domain-name-servers 10.211.229.110, 10.112.221.240,
> 10.112.221.1,
> 10.211.229.110;
> ddns-domainname= "adxml.oenb.co.at"; # add to hostname
> option bpbatch = "oenb";
> option bpbatch-script = "oenb";
> pool {
>
> range 10.188.0.100 10.188.0.200; # rage for Clients
> failover peer "BackUP";
> deny dynamic bootp clients;
> }
> }
> }
>
> zone 0.188.10.in-addr.arpa. {
>
> primary 10.211.229.110; #adxml anet10
> }
>
> #### zones all the same
> zone 10.in-addr.arpa {
>
> primary 192.168.31.130;
> key dhcp-update.;
> }
>
> #### scopes all the same
> shared-network "OeNB-RIB" {
>
> subnet 10.97.0.0 netmask 255.255.0.0 {
>
> option subnet-mask 255.255.0.0;
> option domain-name "ad.oenb.co.at";
> ddns-domainname= "ad.oenb.co.at";
> pool {
>
> range 10.97.10.0 10.97.10.254;
> failover peer "BackUP";
> deny dynamic bootp clients;
> }
> option routers 10.97.0.1;
> option bpbatch "oenb";
> option bpbatch-script "oenb";
> }
> }
>
>
>
>
> --
> Sent from: http://isc-dhcp-users.2343191.n4.nabble.com/
> _______________________________________________
> dhcp-users mailing list
> dhcp-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
------------------------------
Message: 2
Date: Mon, 4 Sep 2017 23:45:56 -0700 (MST)
From: "thomas.z...@oenb.at" <thomas.z...@oenb.at>
To: dhcp-users@lists.isc.org
Subject: Re: Has an address record but no DHCID, not mine.
Message-ID: <1504593956275-0.p...@n4.nabble.com>
Content-Type: text/plain; charset=us-ascii
Hi Bill,
Yes the mac is different:
Sep 4 10:29:52 anlpn35 dhcpd: DHCPREQUEST for 172.20.17.22 from
f8:0b:cb:4f:db:dc (PC7345) via 212.39.196.110
Sep 4 10:29:52 anlpn35 dhcpd: DHCPACK on 172.20.17.22 to f8:0b:cb:4f:db:dc
(PC7345) via 212.39.196.110
Sep 4 10:50:41 anlpn35 dhcpd: DHCPREQUEST for 10.101.90.45 from
d4:81:d7:77:15:16 via enp6s0
Sep 4 10:50:41 anlpn35 dhcpd: DHCPACK on 10.101.90.45 to d4:81:d7:77:15:16
via enp6s0
The difference is, the 172.20 Address is for a Cisco AnyConnect Client.
Actually Requested by the Firewall with a different UID for each Session.
MAC for all sessions is the same.
Nevertheless anlpn35 added the A Record for 172.20.17.22 why does it say
DHCID not mine??
Tom
--
Sent from: http://isc-dhcp-users.2343191.n4.nabble.com/
------------------------------
Subject: Digest Footer
_______________________________________________
dhcp-users mailing list
dhcp-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/dhcp-users
------------------------------
End of dhcp-users Digest, Vol 107, Issue 6
******************************************
