Fajar A. Nugraha <fa...@fajar.net> wrote: > On Sun, Jun 7, 2009 at 8:09 PM, Arran > Cudbard-Bell<a.cudbard-b...@sussex.ac.uk> wrote: >> Karl Auer wrote: >>> On Sun, 2009-06-07 at 12:22 +0100, Alexander Clouter wrote: >>> >>>> I have been using DHCP with a LDAP patch that is getting harder and >>>> harder to maintain. FreeRADIUS can pretty much do the same, I get to >>>> keep my LDAP policy schema stuff (and write a unlang glue to use it) and >>>> you get proper DHCP load-balancing/failover. >>>> >>> >>> DHCP failover and load-balancing are not simple *at all*. >>> >> They're trivial once you're storing leases in a transactional database. > > Can freeradius also detect "rogue" clients which uses static IP > address? If yes, this could be THE dhcp server I'm looking for. > As already said, *nothing* can. Instead of arp'ing, which needs to be done on the local subnet, you can be clever with FreeRADIUS as you can use an external script to fire off an SNMP request to much the ARP table's of your switching infrastructure.
You could replace the SNMP with ICMP echo's lovin' though. > Last I check ISC's DHCP tries ping first, but newer Windows (with icmp > echo disabled by default) makes it somewhat less useful. > The better way to do this is get your network infrastructure to enforce this. Even really old Cisco switches support DHCP snooping, I understand HP and other venduh's have their own similar thing. http://www.cisco.com/web/DK/assets/docs/security2006/Security2006_Eric_Vyncke_2.pdf Cheers -- Alexander Clouter .sigmonster says: Faster, faster, you fool, you fool! -- Bill Cosby - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html