We've been required to encrypt h/ds, and so have been rolling that out
over the last year or so. Thing is, you need to put in a password, of
course, to boot the system. My manager found a way to allow us to reboot
without being at the system's keyboard, a package called clevis. Works
fine... except in a couple of very special cases.
Those systems, the problem is that, due to older software, and *very*
expensive licenses that are tied to a MAC address, I have to spoof the MAC
address since my users got new(er) machines.
Clevis is trying to contact its password server, using the *real* MAC
address, but our DHCP has to serve the *spoofed* MAC address. I know, from
trying, that I can't have two entries for the same system. Can anyone
suggest a solution?
mark
On Fri, 8 Jun 2018, m.roth at 5-cent.us wrote:> We've been required to encrypt h/ds, and so have been rolling that out > over the last year or so. Thing is, you need to put in a password, of > course, to boot the system. My manager found a way to allow us to reboot > without being at the system's keyboard, a package called clevis. Works > fine... except in a couple of very special cases. > > Those systems, the problem is that, due to older software, and *very* > expensive licenses that are tied to a MAC address, I have to spoof the MAC > address since my users got new(er) machines. > > Clevis is trying to contact its password server, using the *real* MAC > address, but our DHCP has to serve the *spoofed* MAC address. I know, from > trying, that I can't have two entries for the same system. Can anyone > suggest a solution?Nothing wrong with having two MAC addresses listed for one IP. With ISC DHCP the label for a host has to be unique, but the hostname doesn't. jh
John Hodrien wrote:> On Fri, 8 Jun 2018, m.roth at 5-cent.us wrote: > >> We've been required to encrypt h/ds, and so have been rolling that out >> over the last year or so. Thing is, you need to put in a password, of >> course, to boot the system. My manager found a way to allow us to reboot >> without being at the system's keyboard, a package called clevis. Works >> fine... except in a couple of very special cases. >> >> Those systems, the problem is that, due to older software, and *very* >> expensive licenses that are tied to a MAC address, I have to spoof the >> MAC address since my users got new(er) machines. >> >> Clevis is trying to contact its password server, using the *real* MAC >> address, but our DHCP has to serve the *spoofed* MAC address. I know, >> from trying, that I can't have two entries for the same system. Can anyone >> suggest a solution? > > Nothing wrong with having two MAC addresses listed for one IP. With ISC > DHCP the label for a host has to be unique, but the hostname doesn't.The IP's not the problem, it's dhcpd gagging on two entries, two MAC addresses, for the same server name - think dhcpd.conf.local mark