Posts Tagged ‘hcr’

Configuring shared network with DHCP

Monday, August 20th, 2012

Say you have a DHCP server in the LAN serving /24 network and one day you’re running out of IP addresses. You want to add additional /24 network that should be distributed in the same LAN. Ugly, but what to do.

According to man dhcpd.conf:

The shared-network statement is used to inform the DHCP server that some IP subnets actually share the same physical network. Any subnets in a shared network should be declared within a shared-network statement. Parameters specified in the shared-network statement will be used when booting clients on those subnets unless parameters provided at the subnet or host level override them. If any subnet in a shared network has addresses available for dynamic allocation, those addresses are collected into a common pool for that shared network and assigned to clients as needed. There is no way to distinguish on which subnet of a shared network a client should boot.

Here is how you add additional network to be included into DHCP scope. Done on Ubuntu 9.10 (karmic) and ISC DHCP v3.1.2.

  1. shared-network "officea01" {
  2.   option domain-name "";
  3.   option domain-name-servers;
  4.     subnet netmask {
  5.       authoritative;
  6.       option routers;
  7.       allow unknown-clients;
  8.       range;
  9.     }
  10.     subnet netmask {
  11.       authoritative;
  12.       option routers;
  13.       allow unknown-clients;
  14.       range;
  15.     }
  16.   }

Instructions below are not necessary, however I decided to add an alias to the LAN interface so I can see addresses in the ARP table.

  1. ifconfig eth1:0 netmask up

And to make it permanent edit /etc/network/interfaces:

  1. auto eth1:0
  2. iface eth1:0 inet static
  3. address
  4. netmask
  5. broadcast
  6. network

LDAP replication with syncrepl

Wednesday, July 25th, 2012

Say you want to benefit from LDAP replication so one OpenLDAP server acts as a Provider (aka Master) and another one acts as a Consumer (aka Slave).

Here is what you configure on the Provider. In my case it’s Ubuntu 10.04.2 LTS (lucid) and OpenLDAP 2.4.21. I’m using old school slapd.conf on both servers:

  1. moduleload syncprov
  3. overlay syncprov
  4. syncprov-checkpoint 100 10
  5. syncprov-sessionlog 100

And the Consumer part of slapd.conf. Ubuntu 12.04 LTS (precise) and OpenLDAP 2.4.28:

  1. syncrepl rid=001
  2.         provider=ldaps://
  3.         tls_reqcert=never
  4.         searchbase="dc=domain,dc=org"
  5.         filter="(objectClass=*)"
  6.         bindmethod=simple
  7.         binddn="cn=admin,dc=domain,dc=org"
  8.         credentials=xxxxxxx
  9.         retry="60 +"
  10.         type=refreshAndPersist
  11.         scope=sub
  12.         attrs="*,+"
  13.         schemachecking=off
  14.         interval=00:00:05:00