Setting Up User Access to DHCP Commands

To allow users other than root to execute dhcpconfig, dhtadm, and pntadm commands without first becoming superuser, you must set up role-based access control (RBAC) for those commands. RBAC enables you to more precisely define which users can perform which tasks on the system. See rbac(5), exec_attr(4), and user_attr(4) man pages for more information.

The following procedure explains how to assign a user the DHCP Management profile, which enables the user to execute the DHCP commands.

How to Grant Users Access to DHCP Commands

1. Become superuser on the DHCP server system.

2. Edit the file /etc/user_attr to add an entry of the following form for each user you want to be able to manage the DHCP service:

   username::::type=normal;profiles=DHCP Management

   For example, for user ram, add the following entry:

   ram::::type=normal;profiles=DHCP Management

Starting and Stopping the DHCP Service

The starting and stopping of the DHCP service encompasses several degrees of action you can take to affect the operation of the DHCP daemon. You must understand what it means to start/stop, enable/disable, and configure/unconfigure the DHCP service in order to select the correct procedure to obtain the result you want. The terms are explained below.

• Start, stop, and restart commands affect the daemon only at the current session. For example, if you stop the DHCP service, the daemon terminates but restarts when you reboot the system. DHCP data tables are not affected when you stop the service.

• Enable and disable commands affect the daemon for current and future sessions. If you disable the DHCP service, the currently running daemon terminates and does not start when you reboot the server. You must enable the DHCP daemon for the automatic start at system boot to occur. DHCP data tables are not affected. You can disable and enable the DHCP service only from DHCP Manager.

• Unconfigure command shuts down the daemon, prevents the daemon from starting on system reboot, and enables you to remove the DHCP data tables. Unconfiguration is described in Chapter 9, Configuring DHCP Service (Task).

---

Note - If a server has multiple network interfaces and you do not want to provide DHCP services on all the networks, see "Specifying Network Interfaces to Monitor for DHCP Service".

---

This section provides the procedures to help you start and stop the DHCP service, and enable and disable it.

How to Start and Stop the DHCP Service (DHCP Manager)

1. Become superuser on the DHCP server system.

2. Start DHCP Manager.

   See "How to Start and Stop DHCP Manager" for the procedure.

3. Select one of the following operations:

   1. Choose Start from the Service menu to start the DHCP service.

   2. Choose Stop from the Service menu to stop the DHCP service.

      The DHCP daemon stops until it is manually started again, or the system reboots.

   3. Choose Restart from the Service menu to stop the DHCP service and immediately restart it.

How to Start and Stop the DHCP Service (Command Line)

1. Become superuser on the server system.

2. Choose one of the following operations:

   1. To start the DHCP service, type the following command:

      # /etc/init.d/dhcp start

      The DHCP daemon starts, using the configuration parameters set in /etc/inet/dhcpsvc.conf.

   2. To stop the DHCP service, type the following command:

      # /etc/init.d/dhcp stop

      The DHCP daemon stops until it is manually started again, or the system reboots.

How to Enable and Disable the DHCP Service (DHCP Manager)

1. Start DHCP Manager.

2. Choose one of the following operations:

   1. Choose Enable from the Service menu to start the DHCP service immediately and configure it for automatic startup when the system boots.

   2. Choose Disable from the Service menu to stop the DHCP service immediately and prevent it from starting automatically when the system boots.

Modifying DHCP Service Options (Task Map)

You can change values for some additional features of the DHCP service, some of which were not offered during the initial configuration with DHCP Manager. If you configured your server with dhcpconfig, the server is using default values for these options. You can use the Modify Service Options dialog box in DHCP Manager or specify options on the in.dhcpd command to change service options.

The following task map shows the tasks related to service options and the procedures to use:

Task	Description	Instructions
Change logging options	Enable or disable verbose logging, enable or disable logging of DHCP transactions, and select a syslog facility to use for logging DHCP transactions.	"How to Generate Verbose DHCP Log Messages (DHCP Manager)" "How to Generate Verbose DHCP Log Messages (Command Line)" "How to Enable and Disable DHCP Transaction Logging (DHCP Manager)" "How to Enable and Disable DHCP Transaction Logging for Current Session (Command Line)" "How to Log DHCP Transactions to a Separate syslogFile"
Change DNS update options	Enable or disable server's adding DNS entries for clients that supply a host name, and determine the maximum time the server should spend attempting to update DNS.	"How to Enable Dynamic DNS Updating for DHCP Clients"
Enable or disable duplicate IP address detection	Enable or disable the DHCP server's determination that an IP address is not already in use before offering it to a client.	"How to Customize DHCP Server Performance Options (DHCP Manager)" "How to Customize DHCP Server Performance Options (Command Line)"
Change options for DHCP server's reading of configuration information	Enable or disable automatic reading of dhcptab at specified intervals, or change the interval between reads.	"How to Customize DHCP Server Performance Options (DHCP Manager)" "How to Customize DHCP Server Performance Options (Command Line)"
Change the number of relay agent hops	Increase or decrease the number of networks a request can travel through before being dropped by the DHCP daemon.	"How to Customize DHCP Server Performance Options (DHCP Manager)" "How to Customize DHCP Server Performance Options (Command Line)"
Change the length of time an IP address offer is cached	Increase or decrease the number of seconds that the DHCP service reserves an offered IP address before offering to a new client.	"How to Customize DHCP Server Performance Options (DHCP Manager)" "How to Customize DHCP Server Performance Options (Command Line)"

The following figure shows DHCP Manager's Modify Service Options dialog box.

Figure 10-3 Modify Service Options Dialog Box

Changing DHCP Logging Options

The DHCP service can log DHCP service messages and DHCP transactions to syslog. See thesyslogd(1M) andsyslog.conf(4) man pages for more information about syslog.

DHCP service messages logged to syslog include:

• Error messages, which notify the administrator of conditions that prevent the DHCP service from fulfilling a request by a client or by the administrator.

• Warnings and notices, which notify the administrator of conditions that are abnormal, but do not prevent the DHCP service from fulfilling a request.

You can increase the amount of information reported by using the verbose option for the DHCP daemon. Verbose message output can help you troubleshoot DHCP problems. See "How to Generate Verbose DHCP Log Messages (DHCP Manager)".

Another useful troubleshooting technique is transaction logging. Transactions provide information about every interchange between a DHCP server or BOOTP relay and clients. DHCP transactions include:

• ASSIGN - IP address assignment

• ACK - Server acknowledges that client accepts the offered IP address, and sends configuration parameters

• EXTEND - Lease extension

• RELEASE - IP address release

• DECLINE - Client is declining address assignment

• INFORM - Client is requesting network configuration parameters but not an IP address

• NAK - Server does not acknowledge a client's request to use a previously used IP address

• ICMP_ECHO - Server detects potential IP address is already in use by another host.