Jochen Schulz wrote:
Yes, I think every DHCP server allows that. If you're not too familiar with these things, I suggest you use dnsmasq which primarily is a DNS server (as the name suggests), but it can also act as a DHCP server. This makes it possible to do DNS resolution for DHCP clients (even with dynamical IPs) very easy.
Well I already used bind9 and DHCP for quite some time now. Always been very pleased with both.
And using BIND makes it easy to share the administration burden with other sys admins, since BIND is the standard. Or at least the most used.
And making DHCP3 add the hostnames/ip addresses to BIND is not that hard, and already setup.
To answer your question for dnsmasq (at least partly): just comment out the option "read- ethers) in the example configuration and create a hosts style file named /etc/ethers. See 'man 5 ethers' for an example. This will give the same IPs to clients with a specific MAC address.
As some others already have noted, MAC filtering for security reasons is almost useless. It is very easy to spoof a MAC address if someone is already able to sniff some traffic (WEP encryption in wireless LANs doesn't help very much against that, too).
Ah so true!
MAC address security is just as good as no security, but security as to whom get's access to the wired lan (we have no Wireless LAN.) is already taken care of in other way's.
I just want to make sure that people who bring in laptops of there own do not get access to the Internet or even to the LAN at all.
And even if they know how to get around it, they will at least know that they are doing something they are not supposed to do.
Plus I check the logs reguraly, the access attempt together with the socket number will tell me how probably tried some mischief.
The way i'm doing it now is adding a new accepted computer like this:
host name {
hardware ethernet 00:00:00:00:00:e1
}etc.
It works, but is administrator heavy. Which is why I wanted to know if those hardware addresses can be added to a file, which I can tell write a cgi script for to update via special IT pages on our Intranet.
If I want to do such a thing now, i'd have to recreate the actual dhcp3 config file (DANGEROUS) everytime via such a CGI script. And then even restarting the DHCP server...
Thanks again, for thingking with me! -- Make everything as simple as possible, Not any simpler though.
begin:vcard fn:Mark Maas n:Maas;Mark adr;dom:;;;Amsterdam email;internet:[EMAIL PROTECTED] title:Systems Admin note;quoted-printable:-----BEGIN PGP PUBLIC KEY BLOCK-----=0D=0A= Version: GnuPG v1.2.4 (GNU/Linux)=0D=0A= =0D=0A= mQGiBEF/9pMRBADvHSlIl47a4t7phWb0zzHHlZDDJmBfdzKq6bBDofinF16u6Wig=0D=0A= C67aFPVu2eTDB7yhpVskL4e4eUpS8acS1NWfaBbbVFZv+JUXW1szD1rjmdH7XI0w=0D=0A= XxEHvO/TbyOK6UiIauVDDO2hdiTFas8xl5rUkJC7dyEJqYiVbXmgoszu4wCg37xP=0D=0A= l4Jkap0dD0o3a4XuJ7c4C+0EAJSEmDu91BMvVNwUl7rFbnfOT1S/hOGUaXuUY7fn=0D=0A= em0WoTFxVISKJH6r6nquSr+Dn8jljJM8Oe/4XIAgRpQ4kIupnoHHhSFd6P0W2InV=0D=0A= Zrm/t2AnhV66+dxpjz+2mJvuEssG31AzAGPFfweRnBenQvThKD1SpEd+Au3rO+0H=0D=0A= 4qZrA/9Hb1DiqcQO3vjtyWA4DdsPd92H121l491Vaqdy+6IRTDo6oDvqI3EfZshC=0D=0A= DIwNJUbXt0EjN1Xa44+gIaSFmgpJcG1M0w22XH47tbs0CQ7yQ3KyBA9VbdozchtS=0D=0A= HLz6WPVKNaDBAzFFOAYvWkR9h1IAQOc4UycHQDia60BhxSkRILYAAAAeTWFyayBN=0D=0A= YWFzIDxtYXJrQG1lbmVtLm1pbmUubnU+iFsEExECABsFAkF/9pMGCwkIBwMCAxUC=0D=0A= AwMWAgECHgECF4AACgkQ8SFyUHWnEvOObQCdEGDR7oR//IVVAynpWrpFuc5Xt0gA=0D=0A= oKzSyqPzoDXekHqBm/4BHwThpJhKuQENBEF/9p8QBACOazsQm/Fb9bBmQnxJ906W=0D=0A= NSPYn9Q1a8YdqqpJC2J0ezDioJOi2+629jeNrmQsCGYGWPsvQzQhaQ2u2IS3s5OX=0D=0A= M8HWOuNKtZyqUL+sf8Gr+PFmXxAFykXmfP299lI8LhqGJTZPHU7SQhtC+i1vmp3C=0D=0A= kTABetoHfafUSVyuMXg53wADBQQAhYjdoMmzMDyD+v8s4/9iMJWaP7pMtEWZsD2n=0D=0A= XWtbGLuazNn0xDc7kp5nAfwBlOeYVEPIEUYsYxbYLZ6HxOtvA8VihXV2hViB/13X=0D=0A= cYCT7Uo1TH/ON/CHyJ+lv0IqJmYprb+VEO+BMcweGs2/Ky0ubkwP9kGyXT+FJKqT=0D=0A= BEjl7UiIRgQYEQIABgUCQX/2nwAKCRDxIXJQdacS84/RAJ4yvx+rHKvink2f7a08=0D=0A= n5KyrxUNGgCePtpx7JBDLp2S+jmk5ua336yL6sY=3D=0D=0A= =3D7X3V=0D=0A= -----END PGP PUBLIC KEY BLOCK-----=0D=0A= x-mozilla-html:FALSE version:2.1 end:vcard
