Setting Up User Access to DHCP Commands
To allow users other than root to execute dhcpconfig, dhtadm, and pntadm commands without first becoming superuser, you must set up role-based access control (RBAC) for those commands. RBAC enables you to more precisely define which users can perform which tasks on the system. See rbac(5), exec_attr(4), and user_attr(4) man pages for more information.
The following procedure explains how to assign a user the DHCP Management profile, which enables the user to execute the DHCP commands.
How to Grant Users Access to DHCP Commands
Become superuser on the DHCP server system.
Edit the file /etc/user_attr to add an entry of the following form for each user you want to be able to manage the DHCP service:
username::::type=normal;profiles=DHCP Management
For example, for user ram, add the following entry:
ram::::type=normal;profiles=DHCP Management
Starting and Stopping the DHCP Service
The starting and stopping of the DHCP service encompasses several degrees of action you can take to affect the operation of the DHCP daemon. You must understand what it means to start/stop, enable/disable, and configure/unconfigure the DHCP service in order to select the correct procedure to obtain the result you want. The terms are explained below.
Start, stop, and restart commands affect the daemon only at the current session. For example, if you stop the DHCP service, the daemon terminates but restarts when you reboot the system. DHCP data tables are not affected when you stop the service.
Enable and disable commands affect the daemon for current and future sessions. If you disable the DHCP service, the currently running daemon terminates and does not start when you reboot the server. You must enable the DHCP daemon for the automatic start at system boot to occur. DHCP data tables are not affected. You can disable and enable the DHCP service only from DHCP Manager.
Unconfigure command shuts down the daemon, prevents the daemon from starting on system reboot, and enables you to remove the DHCP data tables. Unconfiguration is described in Chapter 9, Configuring DHCP Service (Task).
Note - If a server has multiple network interfaces and you do not want to provide DHCP services on all the networks, see "Specifying Network Interfaces to Monitor for DHCP Service".
This section provides the procedures to help you start and stop the DHCP service, and enable and disable it.
How to Start and Stop the DHCP Service (DHCP Manager)
Start DHCP Manager.
See "How to Start and Stop DHCP Manager" for the procedure.
Select one of the following operations:
How to Start and Stop the DHCP Service (Command Line)
Choose one of the following operations:
To start the DHCP service, type the following command:
# /etc/init.d/dhcp start
The DHCP daemon starts, using the configuration parameters set in /etc/inet/dhcpsvc.conf.
To stop the DHCP service, type the following command:
# /etc/init.d/dhcp stop
The DHCP daemon stops until it is manually started again, or the system reboots.
How to Enable and Disable the DHCP Service (DHCP Manager)
Modifying DHCP Service Options (Task Map)
You can change values for some additional features of the DHCP service, some of which were not offered during the initial configuration with DHCP Manager. If you configured your server with dhcpconfig, the server is using default values for these options. You can use the Modify Service Options dialog box in DHCP Manager or specify options on the in.dhcpd command to change service options.
The following task map shows the tasks related to service options and the procedures to use:
Task | Description | Instructions |
---|---|---|
Change logging options | Enable or disable verbose logging, enable or disable logging of DHCP transactions, and select a syslog facility to use for logging DHCP transactions. | "How to Generate Verbose DHCP Log Messages (DHCP Manager)" "How to Generate Verbose DHCP Log Messages (Command Line)" "How to Enable and Disable DHCP Transaction Logging (DHCP Manager)" "How to Enable and Disable DHCP Transaction Logging for Current Session (Command Line)" |
Change DNS update options | Enable or disable server's adding DNS entries for clients that supply a host name, and determine the maximum time the server should spend attempting to update DNS. | |
Enable or disable duplicate IP address detection | Enable or disable the DHCP server's determination that an IP address is not already in use before offering it to a client. | "How to Customize DHCP Server Performance Options (DHCP Manager)" "How to Customize DHCP Server Performance Options (Command Line)" |
Change options for DHCP server's reading of configuration information | Enable or disable automatic reading of dhcptab at specified intervals, or change the interval between reads. | "How to Customize DHCP Server Performance Options (DHCP Manager)" "How to Customize DHCP Server Performance Options (Command Line)" |
Change the number of relay agent hops | Increase or decrease the number of networks a request can travel through before being dropped by the DHCP daemon. | "How to Customize DHCP Server Performance Options (DHCP Manager)" "How to Customize DHCP Server Performance Options (Command Line)" |
Change the length of time an IP address offer is cached | Increase or decrease the number of seconds that the DHCP service reserves an offered IP address before offering to a new client. | "How to Customize DHCP Server Performance Options (DHCP Manager)" "How to Customize DHCP Server Performance Options (Command Line)" |
The following figure shows DHCP Manager's Modify Service Options dialog box.
Figure 10-3 Modify Service Options Dialog Box
Changing DHCP Logging Options
The DHCP service can log DHCP service messages and DHCP transactions to syslog. See thesyslogd(1M) andsyslog.conf(4) man pages for more information about syslog.
DHCP service messages logged to syslog include:
Error messages, which notify the administrator of conditions that prevent the DHCP service from fulfilling a request by a client or by the administrator.
Warnings and notices, which notify the administrator of conditions that are abnormal, but do not prevent the DHCP service from fulfilling a request.
You can increase the amount of information reported by using the verbose option for the DHCP daemon. Verbose message output can help you troubleshoot DHCP problems. See "How to Generate Verbose DHCP Log Messages (DHCP Manager)".
Another useful troubleshooting technique is transaction logging. Transactions provide information about every interchange between a DHCP server or BOOTP relay and clients. DHCP transactions include:
ASSIGN - IP address assignment
ACK - Server acknowledges that client accepts the offered IP address, and sends configuration parameters
EXTEND - Lease extension
RELEASE - IP address release
DECLINE - Client is declining address assignment
INFORM - Client is requesting network configuration parameters but not an IP address
NAK - Server does not acknowledge a client's request to use a previously used IP address
ICMP_ECHO - Server detects potential IP address is already in use by another host.