[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Why not include the workstations with auto dhcp IPs per default into the LDAP?

Dear Andreas,

thanks for addressing this elderly topic. Indeed NFS4 has some security 
issues - and it has been discussed if NFS5 can solve them. Anyway...:

Am Donnerstag 17 Mai 2007 20:46 schrieb Andreas Schockenhoff:
> The other problem is that I must include all the automatic assigned
> IPs in the DHCP range because I can not guarantee the old IP.

There is some scripts that extract your MAC addresses from dhcp-leases 
or daemon logs - if you sort them (-u "unique") you will easily find 
your labs by brands. In case you fail to spot them with google, we can 
try together ;)
> Use of static IPs in DHCP only can be a solution, make the security
> problem smaller but do not solve it.

If I assign an existing hostname (like dhcp001) to my personal laptop, I 
can easily play tricks to netgroup's security approach. If you think 
that there is hardly any risk with switching netgroups off, you can 
easily change the access rules.
> But a mass import of workstations with ldap should also be nice.

It was suggested years ago to have a similar protocoll as samba clients 
use: Accordingly, you could make any client join the netgroup by simply 
entering some authentification code (password). This client-server 
connection would add the clients MAC address to the dhcpd-conf and add 
the corresponding hostname to the netgroup.


Reply to: