Re: Why not include the workstations with auto dhcp IPs per default into the LDAP?
thanks for addressing this elderly topic. Indeed NFS4 has some security
issues - and it has been discussed if NFS5 can solve them. Anyway...:
Am Donnerstag 17 Mai 2007 20:46 schrieb Andreas Schockenhoff:
> The other problem is that I must include all the automatic assigned
> IPs in the DHCP range because I can not guarantee the old IP.
There is some scripts that extract your MAC addresses from dhcp-leases
or daemon logs - if you sort them (-u "unique") you will easily find
your labs by brands. In case you fail to spot them with google, we can
try together ;)
> Use of static IPs in DHCP only can be a solution, make the security
> problem smaller but do not solve it.
If I assign an existing hostname (like dhcp001) to my personal laptop, I
can easily play tricks to netgroup's security approach. If you think
that there is hardly any risk with switching netgroups off, you can
easily change the access rules.
> But a mass import of workstations with ldap should also be nice.
It was suggested years ago to have a similar protocoll as samba clients
use: Accordingly, you could make any client join the netgroup by simply
entering some authentification code (password). This client-server
connection would add the clients MAC address to the dhcpd-conf and add
the corresponding hostname to the netgroup.