krypted.com

Tiny Deathstars of Foulness

View Your Old Settings

The first step to moving services from macOS Server for pretty much all services is to check out the old settings. The second step is to probably ask if where you’re going to put the service is a good idea. For example, these days I prefer to run DHCP services on a network appliance. But it can absolutely be run on a Mac. And so let’s look at how to do that. Here, we’ll use the serveradmin command to view the settings of the DHCP service:

/Applications/Server.app/Contents/ServerRoot/usr/sbin/serveradmin settings dhcp

The output is an array of subnets with different settings per subnet.

dhcp:static_maps = _empty_array
dhcp:subnets:_array_id:22217FF5-4DDB-4841-A731-EF5DA080E672:WINS_primary_server = ""
dhcp:subnets:_array_id:22217FF5-4DDB-4841-A731-EF5DA080E672:dhcp_router = "10.15.40.1"
dhcp:subnets:_array_id:22217FF5-4DDB-4841-A731-EF5DA080E672:WINS_secondary_server = ""
dhcp:subnets:_array_id:22217FF5-4DDB-4841-A731-EF5DA080E672:net_range_start = "10.15.40.2"
dhcp:subnets:_array_id:22217FF5-4DDB-4841-A731-EF5DA080E672:net_range_end = "10.15.43.253"
dhcp:subnets:_array_id:22217FF5-4DDB-4841-A731-EF5DA080E672:dhcp_domain_name = "clients.msp.jamfsw.corp"
dhcp:subnets:_array_id:22217FF5-4DDB-4841-A731-EF5DA080E672:dhcp_domain_name_server:_array_index:0 = "8.8.8.8"
dhcp:subnets:_array_id:22217FF5-4DDB-4841-A731-EF5DA080E672:dhcp_domain_name_server:_array_index:1 = "4.4.4.4"
dhcp:subnets:_array_id:22217FF5-4DDB-4841-A731-EF5DA080E672:lease_max = 36000
dhcp:subnets:_array_id:22217FF5-4DDB-4841-A731-EF5DA080E672:net_mask = "255.255.252.0"
dhcp:subnets:_array_id:22217FF5-4DDB-4841-A731-EF5DA080E672:dhcp_ldap_url = _empty_array
dhcp:subnets:_array_id:22217FF5-4DDB-4841-A731-EF5DA080E672:WINS_node_type = "NOT_SET"
dhcp:subnets:_array_id:22217FF5-4DDB-4841-A731-EF5DA080E672:dhcp_enabled = yes
dhcp:subnets:_array_id:22217FF5-4DDB-4841-A731-EF5DA080E672:WINS_NBDD_server = ""
dhcp:subnets:_array_id:22217FF5-4DDB-4841-A731-EF5DA080E672:net_address = "10.15.40.0"
dhcp:subnets:_array_id:22217FF5-4DDB-4841-A731-EF5DA080E672:WINS_scope_id = ""
dhcp:subnets:_array_id:22217FF5-4DDB-4841-A731-EF5DA080E672:selected_port_name = "en1"
dhcp:subnet_defaults:logVerbosity = "MEDIUM"
dhcp:subnet_defaults:routers:en0 = "10.15.40.1"
dhcp:subnet_defaults:WINS_node_type_list:_array_index:0 = "BROADCAST_B_NODE"
dhcp:subnet_defaults:WINS_node_type_list:_array_index:1 = "HYBRID_H_NODE"
dhcp:subnet_defaults:WINS_node_type_list:_array_index:2 = "NOT_SET"
dhcp:subnet_defaults:WINS_node_type_list:_array_index:3 = "PEER_P_NODE"
dhcp:subnet_defaults:WINS_node_type_list:_array_index:4 = "MIXED_M_NODE"
dhcp:subnet_defaults:WINS_node_type = "NOT_SET"
dhcp:subnet_defaults:dhcp_domain_name = "krypted.com"
dhcp:subnet_defaults:logVerbosityList:_array_index:0 = "LOW"
dhcp:subnet_defaults:logVerbosityList:_array_index:1 = "MEDIUM"
dhcp:subnet_defaults:logVerbosityList:_array_index:2 = "HIGH"
dhcp:subnet_defaults:dhcp_domain_name_server:_array_index:0 = "8.8.8.8"
dhcp:subnet_defaults:dhcp_domain_name_server:_array_index:1 = "4.4.4.4"
dhcp:subnet_defaults:selected_port_key = "en0"
dhcp:subnet_defaults:selected_port_key_list:_array_index:0 = "en0"
dhcp:subnet_defaults:selected_port_key_list:_array_index:1 = "bridge0"
dhcp:logging_level = "MEDIUM"

Configure DHCP Settings

The easy thing is to configure a DHCP server is using Internet Sharing from the Sharing System Preference pane. To do so, simply open System Preferences, click on Sharing and then Internet Sharing. But wait, where do you configure a scope, or the DNS Server or… The answer is “the command line” but don’t be put off by that. In this case I prefer it. 

Now, let’s go hacking around in your bootp.plist. This file is stored at /private/etc/bootpd.plist and you’ll need to sudo in order to edit the file. First, back it up. Next, let’s cat the file and cover a few basic examples of migrating the settings:

<?xml version=”1.0″ encoding=”UTF-8″?>
<!DOCTYPE plist PUBLIC “-//Apple//DTD PLIST 1.0//EN” “http://www.apple.com/DTDs/PropertyList-1.0.dtd”>
<plist version=”1.0″>
<dict>
<key>NetBoot</key>
<dict/>
<key>Subnets</key>
<array>
<dict>
<key>allocate</key>
<true/>
<key>dhcp_domain_name</key>
<string>krypted.com</string>
<key>dhcp_domain_name_server</key>
<array>
<string>8.8.8.8</string>
<string>4.4.4.4</string>
</array>
<key>dhcp_router</key>
<string>10.15.40.1</string>
<key>lease_max</key>
<integer>36000</integer>
<key>name</key>
<string>10.15.42/22 Wi-Fi</string>
<key>net_address</key>
<string>10.15.40.0</string>
<key>net_mask</key>
<string>255.255.252.0</string>
<key>net_range</key>
<array>
<string>10.15.40.2</string>
<string>10.15.43.253</string>
</array>
<key>selected_port_name</key>
<string>en1</string>
<key>uuid</key>
<string>22217FF5-4DDB-4841-A731-EF5DA080E672</string>
</dict>
</array>
<key>netboot_disabled</key>
<array>
<string>en8</string>
</array>
</dict>
</plist>

Let’s start with a simple example of copying the range from one of these to another. First, locate the net_range_startand the net_range_endkeys in your serveradmin output. Then find the net_range array in your bootp.plist. They’re the same in my two examples because the macOS Server app was just hacking the bootp.plist (OK it was doing more but that was the main thing it was doing). On a fresh new server you might have a very different plist, so you can borrow the above if ya’ need to. Replace the two values in the two strings with those in your server if needed. 

 Next, find the dhcp_routersetting for that subnet and match it to the same in the bootp.plist. Then, the net_mask. These are all that are required for DHCP to work (technically, the router isn’t required, but it’s super-weird on Apple stuff when there’s not a router, so it’s best to have one when possible. If you need WINS, domain names, DNS Servers, etc, simply repeat the process. You can also copy and paste the code block between the <dict> sections if you need multiple subnets. Or you could move the service to a network appliance more capable, if needed.

The settings for bootp  include the following, many of which can be seen in the above output:
  • dhcp_enabled – Used to enable dhcp for each network interface. Replace the <false/> immediately below with <array> <string>en0</string> </array>. For additional entries, duplice the string line and enter each from ifconfig that you’d like to use dhcp on.
  • bootp_enabled – This can be left as Disabled or set to an array of the adapters that should be enabled if you wish to use the bootp protocol in addition to dhcp. Note that the server can do both bootp and dhcp simultaneously.
  • allocate – Use the allocate key for each subnet in the Subnets array to enable each subnet once the service is enabled.
  • Subnets – Use this array to create additional scopes or subnets that you will be serving up DHCP for. To do so, copy the entry in the array and paste it immediately below the existing entry. The entry is a dictionary so copy all of the data between and including the <dict> and </dict> immediately after the <array> entry for the subnet itself.
  • lease_max and lease_min – Set these integers to the time for a client to retain its dhcp lease
  • name – If there are multiple subnet entries, this should be unique and reference a friendly name for the subnet itself.
  • net_address – The first octets of the subnet followed by a 0. For example, assuming a /24 and 172.16.25 as the first three octets the entry would be 172.16.25.0.
  • net_mask – The subnet mask clients should have
  • net_range – The first entry should have the first IP in the range and the last should have the last IP in the range. For example, in the following example the addressing is 172.16.25.2 to 172.16.25.253.
  • dhcp_domain_name_server – There should be a string for each DNS server supplied by dhcp in this array
  • dhcp_domain_search – Each domain in the domain search field should be suppled in a string within this array, if one is needed. If not, feel free to delete the key and the array if this isn’t needed.
  • dhcp_router – This entry should contain the router or default gateway used for clients on the subnet, if there is one. If not, you can delete the key and following string entries.

Configure DHCP Reservations

To configure reservations, use the /etc/bootptab file. This file should have a column for the name of a computer, the hardware type (1), the hwaddr (the MAC address) and ipaddr for the desired IP address of each entry:

%%
# hostname hwtype hwaddr ipaddr bootfile
a.pretendco.com 1 00:00:00:aa:bb:cc 172.16.25.25
b.pretendco.com 1 00:00:00:aa:bb:cc 172.16.25.29

Starting and Stopping the Service

Once everything is configured, fire it up using the following command:

sudo /bin/launchctl load -w /System/Library/LaunchDaemons/bootps.plist

And terminate using the following command:

sudo /bin/launchctl unload -w /System/Library/LaunchDaemons/bootps.plist

Once configured, configure the service to start automatically. To do so, open /System/Library/LaunchDaemons/bootps.plist. Here, just change the Disabled key to False, by changing the word True in line 6 to False.

Troubleshooting: Inspect Leases on Clients

I did an article some time ago about how DHCP leases work. Once you have clients using the DHCP server, you can also renew and view their leases from the command line, which does not usually show you a new lease in the GUI immediately. To reset the DHCP lease from the command line, use ipconfig:

ipconfig set en0 BOOTP
ipconfig set en0 DHCP


If the information is displayed on the screen, then it has to be stored somewhere, right? When your system sends an acceptance for a lease, the leases are then stored in /var/db/dhcpclient/leases. These are stored in standard property list form using the interface, followed by the MAC address of the interface followed by .plist. For example, if your MAC address is en0-1,10:9a:cc:ab:5d:ac then the lease would cat as follows:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>IPAddress</key>
<string>192.168.210.94</string>
<key>LeaseLength</key>
<integer>86400</integer>
<key>LeaseStartDate</key>
<date>2018-02-31T15:36:59Z</date>
<key>PacketData</key>
<data>
AgEGAMHrfCMAAAAAAAAAAMCo0l4AAAAAAAAAABCa3atdrAAAAAAAAAAAAAD/AAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAA/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEFNgTAqNIBAQT///8A
MwQAAVGANAEDAwTAqNIBBghEV02CRFdIgv8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
</data>
<key>RouterHardwareAddress</key>
<data>
AAaxLwVA
</data>
<key>RouterIPAddress</key>
<string>192.168.210.1</string>
</dict>
</plist>

The keys in this file make it easier to script figuring out a few things about your active leases, such as when they’re going to expire, when the lease was accepted or even whether or not the system has a lease (especially when it shouldn’t have a lease). But they can cause misreporting. If the information seems “stuck” in the System Preferences pane you can then rm the dhcp lease file.

Note: If the RouterIPAddress cannot be reached, the lease will be delayed in processing, causing the lease to appear to take a long time to be obtained even though it’s looping to hopefully find a more appropriate lease with a RouterIPAddress that can be reached.

For anyone who uses a shell script to reset their IP address, I recommend using the following as the full script, rather than the two lines most commonly used (where $leasefile is the name of your lease file):

ipconfig set en0 BOOTP
ipconfig set en0 DHCP
rm /var/db/dhcpclient/leases/$leasefile


Being the nerd I am, I called mine ipcfg.exe and end with an echo of the IP:

ipconfig getifaddr en0

Finally, a very effective way I’ve seen people reset leases that are seriously stuck is to swap locations and then swap back. Let’s say your users generally use the “Automatic” location and you have one called “TEMP”. You can use the scselect command to see locations and switch between them. So to switch to TEMP, we would simply:

scselect TEMP

And then to select Automatic again:

scselect Automatic

Now be careful with this last little tidbit. As if you have TEMP and don’t have any interfaces active and are running remotely then you might have some walking (or driving) around to do…

Configure DHCP Options

The DHCP Service also has a number of DHCP options available; most notably the options available in the GUI. But what about options that aren’t available in the GUI, such as NTP. Well, using /etc/bootpd.plist, the same file we used to define servers allowed to relay, you can also define other options. These begin with the following keys that can be added into your property list:
  • dhcp_time_offset (option 2)
  • dhcp_router (option 3)
  • dhcp_domain_name_server (option 6)
  • dhcp_domain_name (option 15)
  • dhcp_network_time_protocol_servers (option 42)
  • dhcp_nb_over_tcpip_name_server (option 44)
  • dhcp_nb__over_tcpip_dgram_dist_server (option 45)
  • dhcp_nb_over_tcpip_node_type (option 46)
  • dhcp_nb_over_tcpip_scope (option 47)
  • dhcp_smtp_server (option 69)
  • dhcp_pop3_server (option 70)
  • dhcp_nntp_server (option 71)
  • dhcp_ldap_url (option 95)
  • dhcp_netinfo_server_address (option 112)
  • dhcp_netinfo_server_tag (option 113)
  • dhcp_url (option 114)
  • dhcp_domain_search (option 119)
  • dhcp_proxy_auto_discovery_url (option 252)
But you can also add options by their numerical identifier. To add them, add the following into your /etc/bootpd.plist file and then restart the DHCP service:

<string>dhcp_option_120</string> <data> 192.168.210.7 </data>

In the above, you’d replace the option 120 (SIP) with the option you wish to use. Numbers correspond to options as follows:
0 – Pad
1 – Subnet Mask
3 – Router
4 – Time Server
5 – Name Server
6 – Domain Name Server
7 – Log Server
8 Quote Server
9 – LPR Server
10 – Impress Server
11 – Resource Location Server
12 – Host Name
13 – Boot File Size
14 – Merit Dump File
15 – Domain Name
16 – Swap Server
17 – Root Path
18 – Extensions Path
19 – IP Forwarding
20 – WAN Source Routing
21 – Policy Filter
22 – Maximum Datagram Reassembly Size
23 – Default IP Time-to-live
24 – Path MTU Aging Timeout
25 – Path MTU Plateau Table
26 – Interface MTU
27 – All Subnets are Local
28 – Broadcast Address
29 – Perform Mask Discovery
30 – Mask supplier
31 – Perform router discovery
32 – Router solicitation address
33 – Static routing table
34 – Trailer encapsulation.
35 – ARP cache timeout
36 – Ethernet encapsulation
37 – Default TCP TTL
38 – TCP keep alive interval
39 – TCP keep alive garbage
40 – Network Information Service Domain
41 – Network Information Servers
42 – NTP servers
43 – Vendor specific information
44 – NetBIOS over TCP/IP name server
45 – NetBIOS over TCP/IP Datagram Distribution Server
46 – NetBIOS over TCP/IP Node Type
47 – NetBIOS over TCP/IP Scope
48 – X Window System Font Server
49 – X Window System Display Manager
50 – Requested IP Address
51 – IP address lease time
52 – Option overload
53 – DHCP message type
54 – Server identifier
55 – Parameter request list
56 – Message
57 – Maximum DHCP message size
58 – Renew time value
59 – Rebinding time value
60 – Class-identifier
61 – Client-identifier
62 – NetWare over IP Domain Name
63 – NetWare over IP information
64 – Network Information Service Domain
65 – Network Information Service Servers
66 – TFTP server name
67 – Bootfile name
68 – Mobile IP Home Agent
69 – Simple Mail Transport Protocol Server
70 – Post Office Protocol Server
71 – Network News Transport Protocol Server
72 – Default World Wide Web Server
73 – Default Finger Server
74 – Default Internet Relay Chat Server
77 – User Class Information
78 – SLP Directory Agent
79 – SLP Service Scope
80 – Rapid Commit
81 – Fully Qualified Domain Name
82 – Relay Agent Information
83 – Internet Storage Name Service
85 – NDS servers
86 – NDS tree name
87 – NDS context
88 – BCMCS Controller Domain Name list
89 – BCMCS Controller IPv4 address list
90 – Authentication
91 – Client Last Transaction Time
92 – Associated IP
93 – Client System Architecture Type
94 – Client Network Interface Identifier
95 – LDAP, Lightweight Directory Access Protocol
97 – Client Machine Identifier
98 – Open Group User Authentication
100 – IEEE 1003.1 TZ String
101 – Reference to the TZ Database
112 – NetInfo Parent Server Address
113 – NetInfo Parent Server Tag
114- URL
116 – Auto-Configure
117 – Name Service Search
118 – Subnet Selection
119 – DNS domain search list
120 – SIP Servers DHCP Option
121 – Classless Static Route Option
123 – GeoConfiguration
124 – Vendor-Identifying Vendor Class
125 – Vendor-Identifying Vendor Specific
128 – TFPT Server IP address
129 – Call Server IP address
130 – Discrimination string
131 – Remote statistics server IP address
132 – 802.1P VLAN ID
133 – 802.1Q L2 Priority
134 – Diffserv Code Point
135 – HTTP Proxy for phone-specific applications
136 – PANA Authentication Agent
139 – IPv4 MoS
140 – IPv4 Fully Qualified Domain Name MoS
150 – TFTP server address
176 – IP Telephone
220 – Subnet Allocation
221 – Virtual Subnet Selection
252 – Proxy auto-discovery
254 – Private use
255 – End
And that’s it. This whole thing can take 5-10 minutes. In fact, if you were using macOS Server then just backup your bootp.plist and copy it to another machine, assuming the network interface (en0, en1, etc) hasn’t changed. Or change it if it has. But, for all the other weird stuff that was in the UI (or even the stuff that was never in the UI), here’s a pretty lengthy explanation of how to manage all of it from the command line. Building a GUI to configure these wouldn’t be that hard either, assuming you have bootp built into the Mac for awhile (and I think you need it for Internet sharing). Oh, that reminds me, Internet sharing is likely to overwrite any custom settings, so once you hack the plist, don’t go back to System Preferences-based management.

March 20th, 2018

Posted In: Mac OS X, Mac OS X Server

Tags: , , , , , , , , , ,

DHCP, or Dynamic Host Control Protocol, is the service used to hand out IP addresses and other network settings by network appliances and servers. The DHCP Server built into macOS Server 5.2 on Sierra is similar to the DHCP service that was included in Server 10.2 from the good ‘ole Panther days. It’s pretty simple to use and  transparent, just as DHCP services should be. To install the service, open the Server app and then click on the Show button beside Advanced in the server sidebar. Then click on DHCP. screen-shot-2016-09-28-at-10-20-57-am At the DHCP screen, you’ll see two tabs: Settings, used for managing the service and Clients, used to see leases in use by computers that obtain IP address information from the server. You’ll also see an ON and OFF switch, but we’re going to configure our scopes, or Networks as they appear in the Server app, before we enable the service. To configure a scope, double-click on the first entry in the Networks list. screen-shot-2016-09-28-at-10-21-37-am Each scope, or Network, will have the following options:
  • Name: A name for the scope, used only on the server to keep track of things.
  • Lease Duration: Select an hour, a day, a week or 30 days. This is how long a lease that is provided to a client is valid before the lease expires and the client must find a new lease, either from the server you’re configuring or a different host.
  • Network Interface: The network interface you’d like to share IPs over. Keep in mind that you can tag multiple VLANs on a NIC, assign each an interface in OS X and therefore provide different scopes for different VLANs with the same physical computer and NIC.
  • Starting IP Address: The first IP address used. For example, if you configure a scope to go from 192.168.210.200 to 192.168.210.250 you would have 50 useable IP addresses.
  • Ending IP Address: The last IP address used in a scope.
  • Subnet Mask: The subnet mask used for the client configuration. This setting determines the size of the network.
  • Router: The default gateway, or router for the network. Often a .1 address for the subnet used in the Starting and Ending IP address fields. Note that while in DHCP you don’t actually have to use a gateway, OS X Server does force you to do so or you cannot save changes to each scope.
  • DNS: Use the Edit button for DNS to bring up a screen that allows you to configure the DNS settings provided as part of each DHCP scope you create, taking note that by default you will be handing out a server of 0.0.0.0 if you don’t configure this setting.
The DNS settings in the DHCP scope are really just the IP addresses to use for the DNS servers and the search domain. The search domain is the domain name appended to all otherwise incomplete Fully Qualified Domain Names. For example, if we use internal.krypted.lan and we have a DNS record for wiki.internal.krypted.lan then we could just type wiki into Safari to bring up the wiki server. Click the minus sign button to remove any data in these fields and then click on the plus sign to enter new values. screen-shot-2016-09-28-at-10-22-02-am Click OK to save DNS settings and then OK to save each scope. Once you’ve build all required scopes, start the service. Once started, verify that a new client on the network gets an IP. Also, make sure that there are no overlapping scopes and that if you are moving a scope from one device to another (e.g. the server you’re setting up right now) that you renew all leases on client systems, most easily done using a quick reboot, or using “ipconfig /release” on a Windows computer. If you have problems with leases not renewing in OS X, check out this article I did awhile back. So far, totally easy. Each time you make a change, the change updates a few different things. First, it updates the /etc/bootpd.plist property list, which looks something like this (note the correlation between these keys and the settings in the above screen shots.: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>NetBoot</key> <dict/> <key>Subnets</key> <array> <dict> <key>allocate</key> <true/> <key>dhcp_domain_name</key> <string>no-dns-available.example.com</string> <key>dhcp_domain_name_server</key> <array> <string>0.0.0.0</string> </array> <key>dhcp_domain_search</key> <array/> <key>dhcp_router</key> <string>192.168.210.1</string> <key>lease_max</key> <integer>3600</integer> <key>name</key> <string>192.168.210 Wi-Fi</string> <key>net_address</key> <string>192.168.210.0</string> <key>net_mask</key> <string>255.255.255.0</string> <key>net_range</key> <array> <string>192.168.210.200</string> <string>192.168.210.253</string> </array> <key>selected_port_name</key> <string>en0</string> <key>uuid</key> <string>B03BAE3C-AB79-4108-9E5E-F0ABAF32179E</string> </dict> </array> <key>allow</key> <array/> <key>bootp_enabled</key> <false/> <key>deny</key> <array/> <key>detect_other_dhcp_server</key> <false/> <key>dhcp_enabled</key> <false/> <key>old_netboot_enabled</key> <false/> <key>relay_enabled</key> <false/> <key>relay_ip_list</key> <array/> </dict> </plist> Settings from this file include:
  • dhcp_enabled – Used to enable dhcp for each network interface. Replace the <false/> immediately below with <array> <string>en0</string> </array>. For additional entries, duplice the string line and enter each from ifconfig that you’d like to use dhcp on.
  • bootp_enabled – This can be left as Disabled or set to an array of the adapters that should be enabled if you wish to use the bootp protocol in addition to dhcp. Note that the server can do both bootp and dhcp simultaneously.
  • allocate – Use the allocate key for each subnet in the Subnets array to enable each subnet once the service is enabled.
  • Subnets – Use this array to create additional scopes or subnets that you will be serving up DHCP for. To do so, copy the entry in the array and paste it immediately below the existing entry. The entry is a dictionary so copy all of the data between and including the <dict> and </dict> immediately after the <array> entry for the subnet itself.
  • lease_max and lease_min – Set these integers to the time for a client to retain its dhcp lease
  • name – If there are multiple subnet entries, this should be unique and reference a friendly name for the subnet itself.
  • net_address – The first octets of the subnet followed by a 0. For example, assuming a /24 and 172.16.25 as the first three octets the entry would be 172.16.25.0.
  • net_mask – The subnet mask clients should have
  • net_range – The first entry should have the first IP in the range and the last should have the last IP in the range. For example, in the following example the addressing is 172.16.25.2 to 172.16.25.253.
  • dhcp_domain_name_server – There should be a string for each DNS server supplied by dhcp in this array
  • dhcp_domain_search – Each domain in the domain search field should be suppled in a string within this array, if one is needed. If not, feel free to delete the key and the array if this isn’t needed.
  • dhcp_router – This entry should contain the router or default gateway used for clients on the subnet, if there is one. If not, you can delete the key and following string entries.
If you run the serveradmin command, followed by the settings verb and then the dhcp service, you’ll see the other place that gets updated: serveradmin settings dhcp The output indicates that dhcp:static_maps = _empty_array dhcp:subnets:_array_id:B03BAE3C-AB79-4108-9E5E-F0ABAF32179E:WINS_secondary_server = "" dhcp:subnets:_array_id:B03BAE3C-AB79-4108-9E5E-F0ABAF32179E:selected_port_name = "en0" dhcp:subnets:_array_id:B03BAE3C-AB79-4108-9E5E-F0ABAF32179E:dhcp_router = "192.168.210.1" dhcp:subnets:_array_id:B03BAE3C-AB79-4108-9E5E-F0ABAF32179E:dhcp_domain_name_server:_array_index:0 = "192.168.210.2" dhcp:subnets:_array_id:B03BAE3C-AB79-4108-9E5E-F0ABAF32179E:net_mask = "255.255.255.0" dhcp:subnets:_array_id:B03BAE3C-AB79-4108-9E5E-F0ABAF32179E:WINS_NBDD_server = "" dhcp:subnets:_array_id:B03BAE3C-AB79-4108-9E5E-F0ABAF32179E:net_range_start = "192.168.210.200" dhcp:subnets:_array_id:B03BAE3C-AB79-4108-9E5E-F0ABAF32179E:lease_max = 3600 dhcp:subnets:_array_id:B03BAE3C-AB79-4108-9E5E-F0ABAF32179E:dhcp_domain_search:_array_index:0 = "internal.krypted.lan" dhcp:subnets:_array_id:B03BAE3C-AB79-4108-9E5E-F0ABAF32179E:descriptive_name = "192.168.210 Wi-Fi" dhcp:subnets:_array_id:B03BAE3C-AB79-4108-9E5E-F0ABAF32179E:WINS_primary_server = "" dhcp:subnets:_array_id:B03BAE3C-AB79-4108-9E5E-F0ABAF32179E:net_range_end = "192.168.210.253" dhcp:subnets:_array_id:B03BAE3C-AB79-4108-9E5E-F0ABAF32179E:dhcp_ldap_url = _empty_array dhcp:subnets:_array_id:B03BAE3C-AB79-4108-9E5E-F0ABAF32179E:WINS_node_type = "NOT_SET" dhcp:subnets:_array_id:B03BAE3C-AB79-4108-9E5E-F0ABAF32179E:net_address = "192.168.210.0" dhcp:subnets:_array_id:B03BAE3C-AB79-4108-9E5E-F0ABAF32179E:dhcp_enabled = yes dhcp:subnets:_array_id:B03BAE3C-AB79-4108-9E5E-F0ABAF32179E:dhcp_domain_name = "internal.krypted.lan" dhcp:subnets:_array_id:B03BAE3C-AB79-4108-9E5E-F0ABAF32179E:WINS_scope_id = "" dhcp:subnet_defaults:logVerbosity = "MEDIUM" dhcp:subnet_defaults:WINS_node_type_list:_array_index:0 = "BROADCAST_B_NODE" dhcp:subnet_defaults:WINS_node_type_list:_array_index:1 = "HYBRID_H_NODE" dhcp:subnet_defaults:WINS_node_type_list:_array_index:2 = "NOT_SET" dhcp:subnet_defaults:WINS_node_type_list:_array_index:3 = "PEER_P_NODE" dhcp:subnet_defaults:WINS_node_type_list:_array_index:4 = "MIXED_M_NODE" dhcp:subnet_defaults:dhcp_domain_name = "no-dns-available.example.com" dhcp:subnet_defaults:WINS_node_type = "NOT_SET" dhcp:subnet_defaults:routers = _empty_dictionary dhcp:subnet_defaults:logVerbosityList:_array_index:0 = "LOW" dhcp:subnet_defaults:logVerbosityList:_array_index:1 = "MEDIUM" dhcp:subnet_defaults:logVerbosityList:_array_index:2 = "HIGH" dhcp:subnet_defaults:dhcp_domain_name_server:_array_index:0 = "192.168.210.201" dhcp:subnet_defaults:selected_port_key = "en0" dhcp:subnet_defaults:selected_port_key_list:_array_index:0 = "bridge0" dhcp:subnet_defaults:selected_port_key_list:_array_index:1 = "en0" dhcp:subnet_defaults:selected_port_key_list:_array_index:2 = "p2p0" dhcp:subnet_defaults:selected_port_key_list:_array_index:3 = "en1" dhcp:logging_level = "MEDIUM" Notice the correlation between the uuid string in /etc/bootp.plist and the arrayid entry for each subnet/network/scope (too many terms referring to the same thing, ahhhh!). Using the serveradmin command you can configure a lot more than you can configure in the Server app gui. For example, on a dedicated DHCP server, you could increase logging level to HIGH (as root/with sudo of course): serveradmin settings dhcp:logging_level = "MEDIUM" You can also change settings within a scope. For example, if you realized that you were already using 192.168.210.200 and 201 for statically assigned IPs elsewhere you can go ahead and ssh into the server and change the first IP in a scope to 202 using the following (assuming the uuid of the domain is the same as in the previous examples): serveradmin settings dhcp:subnets:_array_id:B03BAE3C-AB79-4108-9E5E-F0ABAF32179E:net_range_start = "192.168.210.202" You can also obtain some really helpful information using the fullstatus verb with serveradmin: serveradmin fullstatus dhcp This output includes the number of active leases, path to log file (tailing that file is helpful when troubleshooting issues), static mappings (configured using the command line if needed), etc. dhcp:state = "RUNNING" dhcp:backendVersion = "10.11" dhcp:timeOfModification = "2016-10-04 04:24:17 +0000" dhcp:numDHCPActiveClients = 0 dhcp:timeOfSnapShot = "2016-10-04 04:24:19 +0000" dhcp:dhcpLeasesArray = _empty_array dhcp:logPaths:systemLog = "/var/log/system.log" dhcp:numConfiguredStaticMaps = 1 dhcp:timeServiceStarted = "2016-10-04 04:24:17 +0000" dhcp:setStateVersion = 1 dhcp:numDHCPLeases = 21 dhcp:readWriteSettingsVersion = 1 Once started, configure reservations using  the /etc/bootptab file. This file should have a column for the name of a computer, the hardware type (1), the hwaddr (the MAC address) and ipaddr for the desired IP address of each entry: %% # hostname hwtype hwaddr ipaddr bootfile a.krypted.lan 1 00:00:00:aa:bb:cc 192.168.210.230 b.krypted.lan 1 00:00:00:aa:bb:cc 192.168.210.240 You can start and stop the service either using the serveradmin command: serveradmin stop dhcp serveradmin start dhcp Or using the launchctl: sudo /bin/launchctl unload -w /System/Library/LaunchDaemons/bootps.plist sudo /bin/launchctl load -w /System/Library/LaunchDaemons/bootps.plist Finally, you can define DHCP options in /etc/bootp.plist. This process isn’t necessarily support, there is no GUI control for options, and options are not as widely used with devices as they once were. However, it’s absolutely an option if needed.

October 13th, 2016

Posted In: Mac OS X Server, Network Infrastructure

Tags: , , , ,

Mac OS X Server comes with a number of DHCP options available; most notably the options available in the GUI. But what about options that aren’t available in the GUI, such as NTP. Well, using /etc/bootpd.plist, the same file we used to define servers allowed to relay, you can also define other options. These begin with the following keys that can be added into your property list:
  • dhcp_time_offset (option 2)
  • dhcp_router (option 3)
  • dhcp_domain_name_server (option 6)
  • dhcp_domain_name (option 15)
  • dhcp_network_time_protocol_servers (option 42)
  • dhcp_nb_over_tcpip_name_server (option 44)
  • dhcp_nb__over_tcpip_dgram_dist_server (option 45)
  • dhcp_nb_over_tcpip_node_type (option 46)
  • dhcp_nb_over_tcpip_scope (option 47)
  • dhcp_smtp_server (option 69)
  • dhcp_pop3_server (option 70)
  • dhcp_nntp_server (option 71)
  • dhcp_ldap_url (option 95)
  • dhcp_netinfo_server_address (option 112)
  • dhcp_netinfo_server_tag (option 113)
  • dhcp_url (option 114)
  • dhcp_domain_search (option 119)
  • dhcp_proxy_auto_discovery_url (option 252)
But you can also add options by their numerical identifier. To add them, add the following into your /etc/bootpd.plist file and then restart the DHCP service: <string>dhcp_option_120</string> <data> 192.168.210.7 </data>
In the above, you’d replace the option 120 (SIP) with the option you wish to use. Numbers correspond to options as follows:
0 – Pad
1 – Subnet Mask
3 – Router
4 – Time Server
5 – Name Server
6 – Domain Name Server
7 – Log Server
8 Quote Server
9 – LPR Server
10 – Impress Server
11 – Resource Location Server
12 – Host Name
13 – Boot File Size
14 – Merit Dump File
15 – Domain Name
16 – Swap Server
17 – Root Path
18 – Extensions Path
19 – IP Forwarding
20 – WAN Source Routing
21 – Policy Filter
22 – Maximum Datagram Reassembly Size
23 – Default IP Time-to-live
24 – Path MTU Aging Timeout
25 – Path MTU Plateau Table
26 – Interface MTU
27 – All Subnets are Local
28 – Broadcast Address
29 – Perform Mask Discovery
30 – Mask supplier
31 – Perform router discovery
32 – Router solicitation address
33 – Static routing table
34 – Trailer encapsulation.
35 – ARP cache timeout
36 – Ethernet encapsulation
37 – Default TCP TTL
38 – TCP keep alive interval
39 – TCP keep alive garbage
40 – Network Information Service Domain
41 – Network Information Servers
42 – NTP servers
43 – Vendor specific information
44 – NetBIOS over TCP/IP name server
45 – NetBIOS over TCP/IP Datagram Distribution Server
46 – NetBIOS over TCP/IP Node Type
47 – NetBIOS over TCP/IP Scope
48 – X Window System Font Server
49 – X Window System Display Manager
50 – Requested IP Address
51 – IP address lease time
52 – Option overload
53 – DHCP message type
54 – Server identifier
55 – Parameter request list
56 – Message
57 – Maximum DHCP message size
58 – Renew time value
59 – Rebinding time value
60 – Class-identifier
61 – Client-identifier
62 – NetWare over IP Domain Name
63 – NetWare over IP information
64 – Network Information Service Domain
65 – Network Information Service Servers
66 – TFTP server name
67 – Bootfile name
68 – Mobile IP Home Agent
69 – Simple Mail Transport Protocol Server
70 – Post Office Protocol Server
71 – Network News Transport Protocol Server
72 – Default World Wide Web Server
73 – Default Finger Server
74 – Default Internet Relay Chat Server
77 – User Class Information
78 – SLP Directory Agent
79 – SLP Service Scope
80 – Rapid Commit
81 – Fully Qualified Domain Name
82 – Relay Agent Information
83 – Internet Storage Name Service
85 – NDS servers
86 – NDS tree name
87 – NDS context
88 – BCMCS Controller Domain Name list
89 – BCMCS Controller IPv4 address list
90 – Authentication
91 – Client Last Transaction Time
92 – Associated IP
93 – Client System Architecture Type
94 – Client Network Interface Identifier
95 – LDAP, Lightweight Directory Access Protocol
97 – Client Machine Identifier
98 – Open Group User Authentication
100 – IEEE 1003.1 TZ String
101 – Reference to the TZ Database
112 – NetInfo Parent Server Address
113 – NetInfo Parent Server Tag
114- URL
116 – Auto-Configure
117 – Name Service Search
118 – Subnet Selection
119 – DNS domain search list
120 – SIP Servers DHCP Option
121 – Classless Static Route Option
123 – GeoConfiguration
124 – Vendor-Identifying Vendor Class
125 – Vendor-Identifying Vendor Specific
128 – TFPT Server IP address
129 – Call Server IP address
130 – Discrimination string
131 – Remote statistics server IP address
132 – 802.1P VLAN ID
133 – 802.1Q L2 Priority
134 – Diffserv Code Point
135 – HTTP Proxy for phone-specific applications
136 – PANA Authentication Agent
139 – IPv4 MoS
140 – IPv4 Fully Qualified Domain Name MoS
150 – TFTP server address
176 – IP Telephone
220 – Subnet Allocation
221 – Virtual Subnet Selection
252 – Proxy auto-discovery
254 – Private use
255 – End

October 6th, 2009

Posted In: Mac OS X Server, Mass Deployment, Network Infrastructure

Tags: , , , , , ,