dhcpv4, how to identify hosts by dhcp-client-identifier?

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

dhcpv4, how to identify hosts by dhcp-client-identifier?

Robert Senger
Hi there,

usually, dhcpv4 clients are identified in host { } statements by their
hardware address, however, there are situations (like multiboot
machines) where it is required to use additional/other information to
identify the client. I want to use the dhcp-client-identifier, which
can easily be set individually in Linux and FreeBSD dhclient.conf
configuration file. 


If I do it like this on the server and on a *nix client machine, it
works fine:

in client's dhclient.conf:

send dhcp-client-identifier "0c3f2fd7-c75c-4c27-8757-bbd71b9e0677";

in server's dhcpd.conf:

host alderamin {                                                                                                                               
        option dhcp-client-identifier "0c3f2fd7-c75c-4c27-8757-bbd71b9e0677";                                                                  
        include "/etc/dhcp/dhcp4event.conf.inc";                                                                                               
}                                                                                                                                              

So, in that case, in both server and client configuration, the dhcp-
client-identifier is configured as an ascii string.


However, Windows and OS X and also *nix if the quotes are omitted, do
not send the dhcp-client-identifier as an ascii string, instead, those
operating systems send their dhcp-client-identifier in some binary
format.

Now I am in trouble, since I cannot find a way to match the sent binary
dhcp-client-identifier to anything I can put into dhcpd.conf host { }
directive.

I figured out that if I do this on dhcp-client-identifier option:

set ClientID = binary-to-ascii(16, 8, ":", option dhcp-client-identifier);

then I get a human readable string that looks reasonable, like 
"1:00:3a:63:b:1c:33" (for a Windows 10 machine, "1:<MAC>"), or 
0c3f2fd7-c75c-4c27-8757-bbd71b9e0677 (for the above *nix client, 
without quotes around the value in dhclient.conf). 


I found this in the man pages:

> Please be aware that some DHCP clients, when configured with client
> identifiers that are ASCII text, will prepend a zero to the ASCII
> text. So you may need to write:
>    option dhcp-client-identifier "\0foo"; 
> rather than:
>    option dhcp-client-identifier "foo"; 

but that does not help me, since Windows and OS X do not send ascii
strings at all. More than that, if I try to prepend "\0" to the string
as said in the man pages, dhcpd refuses to start due to config error. I
tried to prepend "\000" (octal), "\0x00" (hex), and dhcpd starts, but
will not match dhcp-client-identifier to what the client sent.


I've tried a couple of ways to match against the binary-to-ascii
converted dhcp-client-identifier option, but with no luck.

So finally, the question is:

dhclient.conf:

send dhcp-client-identifier 0c3f2fd7-c75c-4c27-8757-bbd71b9e0677; # no quotes here!

dhcpd.conf:

host alderamin {                                                                                                                               
        option dhcp-client-identifier <What am I supposed to put here to match against binary dhcp-client-identifier?>;                                                                  
        include "/etc/dhcp/dhcp4event.conf.inc";                                                                                               
}                                                                                                                                              


Thanks for help.

Cheers,

Robert


--
Robert Senger


_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: dhcpv4, how to identify hosts by dhcp-client-identifier?

Simon Hobson
Robert Senger <[hidden email]> wrote:

> However, Windows and OS X and also *nix if the quotes are omitted, do
> not send the dhcp-client-identifier as an ascii string, instead, those
> operating systems send their dhcp-client-identifier in some binary
> format.

What you can do is simply specify a binary value to match against. So simply use (taking your example) 1:00:3a:63:b:1c:33 (note - no quotes) which means 7 bytes containing the values specified - ie 1, zero, 0x 3a, ...

If you put quotes around 1:00:3a:63:b:1c:33 (ie use "1:00:3a:63:b:1c:33" in the config file) then that means 19 bytes containing 0x31 (1), 0x3a (:), 0x30 (0), 0x30 (0), 0x3a (:), 0x33 (3), and so on.

If you look in the leases file, you'll see that the server can also work with a string with non-printable characters escaped - but that's not an easy format for humans to work with.

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: dhcpv4, how to identify hosts by dhcp-client-identifier?

Thomas Markwalder
On 12/3/16 5:21 PM, Simon Hobson wrote:

> Robert Senger <[hidden email]> wrote:
>
>> However, Windows and OS X and also *nix if the quotes are omitted, do
>> not send the dhcp-client-identifier as an ascii string, instead, those
>> operating systems send their dhcp-client-identifier in some binary
>> format.
> What you can do is simply specify a binary value to match against. So simply use (taking your example) 1:00:3a:63:b:1c:33 (note - no quotes) which means 7 bytes containing the values specified - ie 1, zero, 0x 3a, ...
>
> If you put quotes around 1:00:3a:63:b:1c:33 (ie use "1:00:3a:63:b:1c:33" in the config file) then that means 19 bytes containing 0x31 (1), 0x3a (:), 0x30 (0), 0x30 (0), 0x3a (:), 0x33 (3), and so on.
>
> If you look in the leases file, you'll see that the server can also work with a string with non-printable characters escaped - but that's not an easy format for humans to work with.
>
> _______________________________________________
> dhcp-users mailing list
> [hidden email]
> https://lists.isc.org/mailman/listinfo/dhcp-users

FYI

As of 4.3.4, you can instruct both the server and client to output ID
values in hex:

       The lease-id-format parameter

         lease-id-format format;

         The format parameter must be either octal  or  hex.   This
parameter
         governs  the format used to write certain values to lease
files. With
         the default format, octal, values are written as  quoted
strings  in
         which  non-printable  characters are represented as octal
escapes - a
         backslash character followed by three octal  digits.   When
the  hex
         format  is  specified,  values  are  written as an unquoted
series of
         pairs of hexadecimal digits, separated by colons.

         Currently, the values written out based on  lease-id-format
are  the
         server-duid,  the  uid  (DHCPv4  leases),  and  the IAID_DUID
(DHCPv6
         leases).  Note the server automatically reads the  values  in
either
         format.

This can make life easier when attempting to match values.  Note that
this only influences what one sees in the lease and log files and is
done for readability. The formats do not have to be the same between
server and client, although having them both output in hex is sort of
the point.

Thomas Markwalder

ISC Software Engineering




_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users