3

I have the following situation: Multiple offices with multiple firewall/dhcp servers.

Every time the IT team of some office plugs a new network printer i need to create a fixed-address entry, and delete the lease that this printer already got before this reservation happens. Sometimes i get warned that the printer is already online and this fixed ip is needed by other application(cups server).

Is there a way to "auto expire" a lease when you add a fixed-address? On the current situation i need to manually remove the lease or wait the 3 hours that is my configured max-lease-time.

Why i want this? To make more dinamic the creation of new fixed address hosts through ssh without the need of login on that server and erase a lease(or edit 2 files every time). dhcp-relay is not an option cause we have a circuit on our isp that will not support it.

Snip of some config files

ddns-update-style ad-hoc;
authoritative;
allow bootp;
deny declines;
deny duplicates;
option domain-name "xxx.net";
option domain-name-servers y.y.y.y, y.y.y.2;
option interface-mtu 1500;
option ntp-servers ntp.xxx.xxx.xxx;
default-lease-time 7200; # default lease 2 hours
max-lease-time 10800; # max lease 3 hours
one-lease-per-client true; # 1 lease per client

subnet 10.0.0.0 netmask 255.255.255.0 {
        range 10.0.0.100 10.0.0.200;
        option routers 10.0.0.254;
        option broadcast-address 10.0.0.255;
}


host printserver001 {
        hardware ethernet 00:24:81:XX:XX:XX;
        fixed-address 10.0.0.30;
}

Solution that i already tried: Create a class called printers, add all fixed address to that class and add a deny members of "printers" on that ip range/pool. It will not work and the printer will still get the lease until is expired.

Solution that i think might work: Zero the default-lease-time parameter. I just don´t know if the default behavior of all printers when they restart will be request the same lease or send a new DHCPREQUEST, and how isc-dhcp will manage this request.

Edit 1: Using omapi does not work either. I´m trying to delete a lease only knowing the mac address, and this is what i get when i try to delete it:

omshell << END_OF_INPUT
server localhost
port 7911
key omapi_key my_key_xxxxxxxxxxxxxxxxxx==
connect
new lease
set hardware-address = 00:e0:c5:4e:2d:a4
open
remove
END_OF_INPUT


> can't destroy object: not implemented
obj: lease
hardware-address = 00:e0:c5:4e:2d:a4
state = 00:00:00:02
ip-address = c0:a8:03:e6
dhcp-client-identifier = 01:00:e0:c5:4e:2d:a4
client-hostname = "xxxxx03"
subnet = 00:00:00:06
pool = 00:00:00:07
hardware-type = 00:00:00:01
ends = 53:72:14:ce
starts = 53:71:f8:ae
tstp = 00:00:00:00
tsfp = 00:00:00:00
atsfp = 00:00:00:00
cltt = 53:71:f8:ae
flags = 00
ddns-fwd-name = "xxxxx03.xxxxx.net"
ddns-rev-name = "xx.xx.xx.192.in-addr.arpa."

I´m using ISC-dhcp 3.1.1.

Any ideas?

  • 4
    Might OMAPI help? "The ISC DHCP server provides an application programming interface (API) to query and manipulate lease data while the server is running. The Object Management API (OMAPI) enables remote access via a TCP/IP connection." – Mark Wagner May 09 '14 at 22:20
  • OMAPI is the nice way of doing this. The not-so-nice method is to edit the leases database and remove the entry. – devicenull May 11 '14 at 00:47
  • I´m almost achieving with OMAPI :) . It seems that is not a trivial task to delete a host based on it´s mac address. I´m having some issues with this delete thing. Keys = OK, Connect = OK, creating a new lease with the same mac and delete it =Trouble. The documentation of omapi is way too obscure. –  May 12 '14 at 12:33

4 Answers4

0

The normal way of doing this would be to make a (possibly small) dynamic pool, and keep this separate from your fixed addresses. Put a small (< 1 hour) lease time for the small pool.

Then either power-cycle the device, or wait till it renews its lease (the DHCP server will NAK the address and provide its correct -- new -- address).

Cameron Kerr
  • 3,919
  • 18
  • 24
  • Could be an option, but we have legacy systems that depends on ip addresses to print so, a dynamic pool could be a solution if this system could accept printing using hostnames and not ip addresses. That´s why i need the fixed address on every printer –  May 13 '14 at 11:26
  • If you need a fixed IP regardless of device behind it, then you might find NAT useful - e.g. have a server that redirects 'the printer IP' on the fly. – Sobrique May 15 '14 at 14:35
0

LDAP.

Assuming you are using dhcp-4.2+ it is built into isc-dhcp-server-ldap

Full guide here:

http://wiki.herzbube.ch/index.php/ISCDHCP#Configuration_with_LDAP

Or: http://edmann.com/Computers-Technology/2008/01/08/ISC-DHCP-and-Ldap-Backend

ldap-server "localhost";
ldap-port 389;
ldap-username "cn=dhcp-service,ou=users,dc=yourdomain,dc=com";
ldap-password "secret";
ldap-base-dn "dc=yourdomain,dc=com";
# Dynamic = Hosts are looked up every time a DHCP request comes in
# Static = Read entire configuration, including hosts, only once at startup
ldap-method dynamic;
ldap-debug-file "/var/log/dhcp-ldap-startup.log";

Pretty sure, you can then just manage your clients from within the LDAP database, with all the API's that work with it for automating MAC->IP lookups etc.. Each DHCP server can refer to the LDAP global database for single-point-of-contact administration.

Grizly
  • 2,053
  • 15
  • 20
  • Unfortunately it´s not an option. Using `isc-dhcp-3.1.1` here. Sorry –  May 13 '14 at 11:00
  • Damn. There are patches! :D But might be more work that its worth. Next best guess would be simply set 4 min expiry on printers, that way they refresh every 2 min and would therefore only be out of service for max of 2 min on move/install. – Grizly May 13 '14 at 23:50
0

You cannot delete the leases via OMAPI. However, you can forcibly RELEASE them, which will cause dhcpd to see it as no longer an active lease. Make the fixed-address entry, forcibly release the lease the printer obtained previously, and on the next DHCP negotiation the printer will be moved to the fixed address, including NAKing the renewal request and giving the client the new IP.

Oesor
  • 300
  • 1
  • 2
  • 16
  • Yeah. I found some of this missinformation around the internet. Some people say that you can delete leases through OMAPI and others don't(and after tests, this seems to be the ultimate truth). Is there a parameter that i need to set that will forcibly release a Lease to a determined mac address, when a `fixed-address` allocation is found? –  May 16 '14 at 16:56
  • No. It's easy enough to script adding a fixed-address and releasing any active leases for that MAC, though. – Oesor May 16 '14 at 19:22
0

Change max-lease-time to a lower value, 10 minutes.

MatsK
  • 103
  • 4