1. Summary
  2. Files
  3. Support
  4. Report Spam
  5. Create account
  6. Log in

Main Page

From phpdhcpadmin

Jump to: navigation, search

File:Logo.png

Contents

♠ About phpDHCPAdmin ♠

The phpDHCPAdmin application was originally developed to replace a simple spreadsheet used by client computers that obtained and auto-configured themselves for network access.

Due to inherit problems utilizing a flat file to store numerous machine records, this application was conceived as a method to eliminate problems associated with this method. This includes the need for syntax checking in regards to IPv4, MAC (hardware addressing) and RFC compliant hostnames for part time employees that need access to specific elements of one file.

♠ Features for phpDHCPAdmin ♠

  1. Commonly used global options (RFC-2131, RFC-2132)
  2. Dynamic DNS zone transfers (RFC-2136)
  3. Multiple DNSSEC key support for use with DNS zone transfers (RFC-1034, RFC-1035)
  4. Failover (peer/master) per (RFC-2131)
  5. Multiple DNSSEC key definition support
  6. Multiple DNS zone configuration support
  7. Multiple Subnet w/ or w/o dynamic scope support
  8. Multiple PXE groups w/ or w/o static host support
  9. Dynamic Classes configuration support
  10. Multiple Pool configuration support
  11. Static host support (assign to subnet and/or pxe group) support
  12. Search option for large scale static host configurations
  13. Lease management support
  14. Group support (for large scale environments where access to department configurations should be limited)
  15. Access level support (also for tiered access to global configuration options vs. the need to edit and restart the dhcpd service)
  16. Dynamic processing of currently configured network interfaces
  17. Dynamic graphing support for traffic, subnet to host assignments etc.

♠ Demo phpDHCPAdmin ♠

There is a demo setup to test drive this application before downloading and using on ISC DHCPD server installations.

There are several test user accounts setup to allow demos of the various access level and group assignment permissions.

  1. Root level user/Root level group user:
    admin:password
    
  2. PC Group Administrative user:
    PCAdmin:password
    
  3. MAC Group Administrative user:
    MACAdmin:password
    
  4. PC Group member user:
    PCUser:password
    
  5. MAC Group member user:
    MACUser:password
    

phpDHCPAdmin-0.9.4-beta Demo

♠ Sytem requirements ♠

This project has a couple of requirements. If you run into problems during initial setup please check your php configuration and the necessary global variable definitions. This information should also be the README documentation in the distribution.

  1. Apache or other webserver
  2. MySQL server
  3. PHP
      Additional modules
    • php-mysql
    • php-mhash
    • php-mcrypt

♠ Download & Setup for phpDHCPAdmin ♠

Currently I only have a beta version for release but it should be stable enough for most installations.

[httphttps://sourceforge.net/apps/mediawiki/phpdhcpadmin/skins/common/images/button_bold.png://sourceforge.net/projects/phpdhcpadmin/files/ phpDHCPAdmin-0.9.4-beta]

Once you have downloaded the application to set it up, it will need to be changed into the root directory for your webserver and extracted like so:

%> tar zxvf phpDHCPAdmin-0.9.4-beta.tgz

♠ Configuration Examples ♠

To configure the phpDHCPAdmin application for your site I am going to provide a lazy and a secure example.

Default unconfigured inc.config.php file:

<?PHP
/*
 * phpDHCPAdmin
 * Jason Gerfen [jason.gerfen@gmail.com]
 *
 * inc.config.php - Pre-defined global variables
 */

// database configuration
$defined['hostname']    = "";
$defined['dbhost']      = "localhost";
$defined['username']    = "";
$defined['password']    = "";
$defined['dbname']      = "phpDHCPAdmin";

// support & log notification email addresses
$defined['mail']        = "";

// application path information
$defined['virpath']     = "";

// this folder needs write permissions
// also used for temporary file writes and dhcpd.conf
$defined['confpath']    = $defined['virpath'] . "conf/";

// path to the dhcpd.leases file this allows
// lease management if permissions allow (write access)
$defined['leases']      = $defined['confpath'] . "dhcpd.leases";

// title and copyright information
$defined['title']       = "phpDHCPAdmin-0.9.2-beta";
$defined['description'] = "Manage the ISC DHCPD service";

// if this is removed the GPL license is out of compliance
// please refer to the LICENSE file regarding GPL licensing
$defined['disclaimer']  = "All rights reserved 2008 ® Jason Gerfen";

// default error and success images used for messages
$defined['error']       = "templates/images/error.gif";
$defined['good']        = "templates/images/good.jpg";
$defined['error_small'] = "templates/images/error-small.gif";

// path for application templates
$defined['templates']   = "templates";

// enable debugging support?
$defined['debug']       = "TRUE";

// where is the dhcpd service service restart inet/inetd script?
$defined['dhcpd_cmd']   = "/usr/sbin/dhcpd -cf " . $defined['confpath'] . "/dhcpd.conf -lf " . $defined['leases'];
$defined['dhcpd_tst']   = "/usr/sbin/dhcpd -t -cf " . $defined['confpath'] . "/dhcpd.test -lf " . $defined['leases'] . " >> log";

// a few network and log parsing commands
// (these are used to gather statistical info for graphing and process status)
$defined['netstat']     = "/bin/netstat";
$defined['ifconfig']    = "/sbin/ifconfig";
$defined['tail']        = "/bin/tail";
$defined['ps']          = "/bin/ps";

// authentication timeout 1800 seconds = 30 minutes
$defined['timeout']     = "3600";

// data used with session authentication token (do NOT modify)
$defined['enckeygen']   = $defined['virpath'] . "templates/images/shared/";

// include our class files
require 'inc.libraries.php';

// include our error codes
require 'inc.errors.php';

?>

♠ Lazy Configuration Example ♠

This application has a simple setup as I designed it to be easy and secure. Below are some configuration directives and the path information for the file containing these settings.

For a quick unsecured setup you will only need to configure a couple of directives. Details on these follow: The 'hostname' directive should be configured like so:

$defined['hostname']    = "www.hostname.com"; #Or the IP of the server

The 'dbhost' directive is the hostname of the MySQL server you are utilizing:

$defined['dbhost']      = "localhost";

The 'username' is a limited access MySQL user that the application and use to perform queries etc.

$defined['username']    = "phpDHCPAdmin-username";

The 'password' directive should be the password associated with the user

$defined['password']    = "some-password";

The 'dbname' directive specifies the database name (if you used the phpDHCPAdmin-0.9.4-beta.sql file located in the setup directory this should remain a default value) as shown below:

$defined['dbname']      = "phpDHCPAdmin";

The 'mail' directive can be used for an administrative user to be notified if the dhcpd service goes down, or for other alerts

$defined['mail']        = "";

The 'virpath' directive is the path to the phpDHCPAdmin installation. An example is given below:

$defined['virpath']     = "/path/to/htdocs/phpDHPCAdmin-0.9.4-beta/";

Installation of the accompanying MySQL file should be fairly easy. An example using 'mysqlimport' is here:

mysqlimport -u root -p < /path/to/htdocs/phpDHCPAdmin-0.9.4-beta/setup/phpDHCPAdmin-0.9.4-beta.sql

Next you will need to set read & write permissions on the '/path/to/htdocs/phpDHCPAdmin-0.9.4-beta/conf/' folder. *This is necessary for auto-configuration of the available network interfaces, network traffic, lease file management as well as the dhcpd.conf file management.

%> chmod 0777 /path/to/htdocs/phpDHCPAdmin-0.9.4-beta/conf/

And finally you will need to create a crontab entry for the root user which will check to see if the ISC DHCPD Service needs to be restarted. An example of this is as follows:

*/1 * * * * cd /path/to/phpDHCPAdmin-0.9.4-beta/bin/; php ./cron.restart.dhcpd.php

♠ Secure Configuration Example ♠

For a more secure configuration the following steps should be taken before extracting the archive file. The first step would be to create a 'symlink' file within your 'htdocs' or webserver root folder pointing outside of the web root like so:

The installation folder for phpDHCPAdmin outside of the web root. This is the folder you would want to extract the archive to.

/path/to/webserver/phpDHCPAdmin

The symlink location inside of the webroot.

/path/to/webserver/htdocs/phpDHCPAdmin

To create the symlink you may use the following command:

%> ln -s /path/to/webserver/phpDHCPAdmin /path/to/webserver/htdocs/phpDHCPAdmin

The primary reason for this essentially 'more' secure installation is in regards to the folder permissions which are necessary for the webserver user to write out the dhcpd.conf & dhcpd.leases files.

Next configure the 'scripts/inc.config.php' file to reflect your server environment some examples are provided below: The 'hostname' directive should be configured like so:

$defined['hostname']    = "www.hostname.com"; #Or the IP address

The 'dbhost' directive is the hostname of the MySQL server you are utilizing:

$defined['dbhost']      = "localhost";

The 'username' is a limited access MySQL user that the application and use to perform queries etc.

$defined['username']    = "phpDHCPAdmin-username";

The 'password' directive should be the password associated with the user

$defined['password']    = "some-password";

The 'dbname' directive specifies the database name (if you used the phpDHCPAdmin-0.9.2-beta.sql file located in the setup directory this should remain a default value) as shown below:

$defined['dbname']      = "phpDHCPAdmin";

The 'mail' directive can be used for an administrative user to be notified if the dhcpd service goes down, or for other alerts.

$defined['mail']        = "";

The 'virpath' directive is the path to the phpDHCPAdmin installation. An example is given below:

$defined['virpath']     = "/path/to/htdocs/phpDHPCAdmin-0.9.4-beta/";

Installation of the accompanying MySQL file should be fairly easy. An example using 'mysqlimport' is here:

mysqlimport -u root -p < /path/to/htdocs/phpDHCPAdmin-0.9.4-beta/setup/phpDHCPAdmin-0.9.2-beta.sql

Next, set the read & write permissions on the '/path/to/htdocs/phpDHCPAdmin-0.9.4-beta/conf/' folder. *This is necessary for auto-configuration of the available network interfaces, network traffic, lease file management as well as the dhcpd.conf file management.

%> chmod 0777 /path/to/htdocs/phpDHCPAdmin-0.9.4-beta/conf/

And finally, create a crontab entry for the root user which will check to see if the ISC DHCPD Service needs to be restarted. An example of this is as follows:

*/1 * * * * cd /path/to/phpDHCPAdmin-0.9.2-beta/bin/; php ./cron.restart.dhcpd.php

Point a web browser (IE is not supported), to the URL holding your installation EX: http://www.server.com/phpDHCPAdmin-0.9.4-beta/ and log in with the default username and password of 'admin' & 'phpDHCPAdmin'. Once authenticated you will see a form to reset your password.

♠ Usage & Screenshot Information ♠

Here is a walk through of the various configuration options, definitions of the options available as well as demonstrations of proper usage for each area.

♠ Authentication For the phpDHCPAdmin Application ♠

In order to begin using the phpDHCPAdmin application you must first authenticate your user. A screen shot is shown below:

Authentication area
Successful Authentication Screen

The authentication process is as follows:

  1. Username & Password combination is queried from database
  2. If user entered a valid matching username & password an authentication token is generated which contains application specific data for access level and group membership permissions:
    1. Access Level of user
    2. Group Membership of user
    3. Login time of user

The initial login screen once your user is authenticated should like like the example shown. An example authentication token is also provided.

Ab123=:QwXzz=:7uWOa=:hHqrZS=:a9487bclk5234yew598e9qg43t55jaf415341

♠ Global Configuration Options (Admin Users) ♠

The global configuration options for the ISC DHCPD service are fairly straight forward. A screen shot is shown below:

File:Global-general.png
Global DHCPD Options

The list of options available are as follows:

  1. Domain Name - Used to limit the DHCPD requests to a specific domain. EX: mydomain.com
  2. DNS List - Used to assign global DNS lookup servers to client address requests. EX: dns1.domain.com, dns2.domain.com
  3. Default Lease Time - Used to specify the amount of time a lease should be valid in seconds. EX: 1800 = 5 minutes
  4. Maximum Lease Time - Used to specify the maximum amount of time a lease issued is valid on the client. EX: 3600 = 30 minutes
  5. Option Time Offset - Used to specify a clockskew between client and server for synchronization in seconds. EX: 1800 = 5 minutes
  6. Option Routers - Specify a list of routers for clients to utilize. EX: 192.168.1.1, 192.168.2.1, 192.168.3.1
  7. LPR Server List - Is used to specify a list of Line Printer Daemon servers. EX: lpr1.domain.com, lpr2.domain.com
  8. Broadcast Address - Use this if you are using only one VLAN as it specifies a default broadcast address. EX: 192.168.1.255
  9. Subnet Mask - Use this if you are using on one VLAN as it will specify a default subnet mask for clients. EX: 255.255.255.0
  10. Server Identification - A unique DHCP Server IDENT string. A somewhat depreciated option that should not be configured unless you know what your doing. EX: myDHCPserver
  11. DDNS Update Style - There are only a few methods for Dynamic DNS Updates. ad-hoc, interim, none
  12. Authoritative - This specifies the role of the DHCP server as authoritative or not in regards to DDNS updates.
  13. BOOTP Option - Specifies if the BOOTP flag should be appended to the DHCPREQ and DHCPACK packet types.

♠ PXE Bootp Configuration Options ♠

The global PXE/BOOTP configuration options for the ISC DHCPD service are described below. A screen shot is shown below:

File:Global-pxe.png
Global PXE/BOOTP Options

The list of options available are as follows:

  1. Enable Global PXE/BOOTP Options - This selection will globally turn on or off the PXE Group configurations for static clients
  2. Option Space - Option space is a pretty option that should NOT be changed. EX: ip-address
  3. mtftp-ip code 1 - mtfp-ip code 1 is a static option that should NOT be changed. EX: unisgned integer 16
  4. mtftp-cport code 2 - mtfp-cport code 2 is a static option that should NOT be changed. EX: unisgned integer 16
  5. mtftp-sport code 3 - mtfp-sport code 3 is a static option that should NOT be changed. EX: unisgned integer 16
  6. mtftp-tmout code 4 - mtfp-tmout code 4 is a static option that should NOT be changed. EX: unisgned integer 8
  7. mtftp-delay code 5 - mtfp-delay code 5 is a static option that should NOT be changed. EX: unisgned integer 8
  8. discovery-control code 6 - discovery-control code 6 is a static option that should NOT be changed. EX: unisgned integer 8
  9. discovery-mcast-addr code 7 - discovery-mcast-addr code 7 is a static option that should NOT be changed. EX: ip-address

♠ Managing DNSSEC Keys ♠

The DNSSEC Key configuration options allow you to configure the ISC DHCPD server to provide secure DNS records. You will need to make use of the 'dnssec-keygen' tool to provide a valid passphrase for replication to your BIND DNS server. The options for the DNSSEC configuration are described below. A screen shot is shown below:

File:Global-dnssec.png
Global DNSSEC Key Options

The list of options available are as follows:

  1. Key name - This is a unique identifier you can use to keep the list of DNSSEC keys manageable
  2. Algorithm - The algorithm selection box provides a list of available ciphers available for your DNSSEC keys. The common item is the HMAC-MD5 selection.
  3. Passphrase - The passphrase field is the hash used to perform a secure DNS zone transfer. EX: pRPabFapFoJ95JEL06sv4PQ==

♠ Managing DNS Zones ♠

The DNS zone configuration area will allow you configure the ISC DHCPD service to provide client record transfers to zone files on an ISC BIND DNS server. The DNS zone configuration options for the ISC DHCPD service are described below. A screen shot is shown below:

File:Global-dns.png
Global DNS Zone Options

The list of options available are as follows:

  1. Zone - This should be something similar to a specific domain name listed in the ISC BIND Zone records
  2. Primary - Name of the primary DNS server within that particular zone
  3. Use DNSSEC - Optional feature to provide use of the DNSSEC protocol (requires existing DNSSEC keys to be configured)
  4. DNSSEC Key - If DNSSEC Keys have been configured and you would like to use them for DNS zone transfers select if from the list

♠ Managing Failover Options ♠

The ISC DHCPD service allows for failover server synchronization. The failover configuration options for the ISC DHCPD service are described below. A screen shot is shown below:

File:Global-failover.png
Global Failover Options

The list of options available are as follows:

  1. Failover Peer Name - This should be specified as the unique server name of the failover peer that synchronization of leases should be enabled with
  2. Primary - You can enable a primary or secondary server type
  3. Address - The address field should be the IP or server hostname of the primary server that replication will take place with
  4. Port - The port number is the primary server port that will be used for synchronization connections (default is TCP Port 519)
  5. Peer Address - The address field should be the IP or server hostname of the secondary server that replication will take place with
  6. Peer Port - The port number is the secondary server port that will be used for synchronization connections (default is TCP Port 519)
  7. Max Delay - This should be a numerical value in seconds that a delay is accepted
  8. Max unacked updates - This value is a numerical indication of the number of packets *not accepted with the ACK flag not set (common value is 10)
  9. Max Lead Time - The max lead time value is a clock skew for accepted synchronization in seconds (default or common value is 5)
  10. Split - The split value should *always be set to a numerical value of 128. Strange synchronization behavior is common if 128 is not used.
  11. Load Max Seconds - Is used to specified the max load time in seconds before replication takes place

♠ Subnet Configuration Options (Admin Users) ♠

Under the 'Subnet Options' main menu you can configure custom classes, address pools, pxe/bootp groups and subnets. Details on each sub-menu item follow.

♠ Managing Custom Classes ♠

The ISC DHCPD service allows for custom class configurations. The various class configuration options for the ISC DHCPD service are described below. Please note that multiple class options are allowed and can be enabled by clicking the '[+] Add class option' link. A screen shot is shown below:

File:Subnets-classes.png
Managing Custom Class Options

The list of options available are as follows:

  1. Class name - The class name field is a unique identifier for the class options you will be adding.
  2. Select option - The select box lists all available options you can add to your custom class and also specifies the data type allowed per option
  3. Match radio button - The match radio button allows specification of a REGEX style match (useful primarily with the dhcp-client-identifier option)
  4. Match option type - The match option select box specifies the type of match option (if enabled) to utilize
  5. Substring radio button - The substring radio button allows you to enable substring REGEX style matching on various DHCPDREQ packet flags
  6. Substring Start & End values - The start and end values should be numerical and specify the start and stop number to be used in conjunction with an enabled substring REGEX style class option
  7. REGEX value - This field may be misleading in its naming convention but is to be used as the data holder for matching, substrings and any option used in your custom class

♠ Managing Pools ♠

The ISC DHCPD service allows for multiple custom pool configurations. The pool configuration options for the ISC DHCPD service are described below. A screen shot is shown below:

File:Subnets-pools.png
Managing Custom Pools Options

The list of options available are as follows:

  1. Pool name - This is a unique identifier used to manage the availability of custom pools
  2. Scope Range Start - This should be the starting IPv4 address of the custom pool configuration EX: 192.168.15.10
  3. Scope Range End - This should be the ending IPv4 address of the custom pool configuration EX: 192.168.15.250
  4. DNS Server 1 - This is a IPv4 address of the DNS server this pool of addresses should receive
  5. DNS Server 2 - This is a IPv4 address of the DNS server this pool of addresses should receive
  6. Allow/Deny - This will allow you to allow, deny or not assign values from the allow/deny select list
  7. Allow/Deny Select list - Utilize this for any allow/deny selection for your custom pool

♠ Managing Managing PXE/BOOTP Groups ♠

The ISC DHCPD service allows for dynamic BOOTP client requests which can be configured using the PXE Group management portion of this software. The PXE/BOOTP Group configuration options for the ISC DHCPD service are described below. A screen shot is shown below:

File:Subnets-pxe-groups.png
Managing PXE/BOOTP Group Options

The list of options available are as follows:

  1. PXE Group Name - This is a unique identifier designed to allow easier management of PXE Group configurations
  2. PXE Server - The PXE server option is the IP or Hostname of the TFTP server to be used for BOOTP client requests
  3. BOOTP File Name - The BOOTP file name field should specify the file holding dynamic BOOTP settings EX: pxelinux.0
  4. Assign Subnet - This is depreciated. Should not be configured and will be removed in future distributions

♠ Managing Subnets ♠

The ISC DHCPD service allows for multiple subnet configurations. The various subnet configuration options for the ISC DHCPD service are described below. A screen shot is shown below:

File:Subnets-subnets.png
Managing Subnet Options

The list of options available are as follows:

  1. Subnet name - A unique identifier to allow easier management of multiple subnets
  2. Subnet - This should be configured as the broadcast address for any particular subnet the server is configured to listen on. EX: 192.168.15.0
  3. Subnet Mask - The subnet mask field should be the proper mask used for this subnet EX: 255.255.255.0
  4. DNS Server 1 - The DNS Server field should be a valid IPv4 address of a DNS server for this subnet
  5. DNS Server 2 - The DNS Server field should be a valid IPv4 address of a DNS server for this subnet
  6. Router - The router is the active gateway this subnet should use for external networks EX: 192.168.15.1
  7. Assign Pool - If custom pools are configured a list will be generated allowing you to assign that pool to the subnet you are adding or editing
  8. Enable Scope - If you do not wish to assign a pool or do not have any configured but would still like to allow a dynamic scope set this to TRUE
  9. Scope Range Start - This should be the starting IPv4 address available for clients within this subnet configuration
  10. Scope Range End - This should be the ending IPv4 address available for clients within this subnet configuration
  11. IP Forwarding - You can enable IP forwarding for this subnet as well
  12. Broadcast Address - The broadcast address here should be the same IPv4 address defined in the subnet field unless you want the server to have unpredictable leasing behavior
  13. NTP Servers - You may also assign a list of NTP servers to this subnet EX: time1.domain.com, time2.domain.com
  14. NETBIOS Servers - The NETBIOS server list should be used for MS DHCP Clients if necessary
  15. Default Lease - You can assign custom lease options per subnet and the default lease option is the amouont of time in seconds a lease is generally valid for EX: 1800 = 5 min
  16. Min Lease - Specify a minimum lease time in seconds.
  17. Max Lease - The max lease time will force leases to renew after X amount of time EX: 3600 = 30 min

Other areas of the 'Manage Subnets' area display a list of currently assigned virtual and physical adapters on the DHCPD server and their assigned broadcast address.

♠ Managing Static Clients (user level access) ♠

If you utilize the static client assignment method available within the ISC DHCPD configuration this area will allow you add/edit/delete static clients, search for clients by hostname, ip, or mac addresses. And allow you to assign static clients to PXE/BOOTP groups and subnets. A screen shot detailing this area follows:

File:Manage-clients.png
Managing Static Clients
  1. Search field - This area will allow you search for static hosts by IPv4 address, MAC (hardware) address or hostnames
  2. Hostname - This field allows you to specify the clients hostname assignment provided with the DHCPOFFER packet
  3. IP Address - This field allows you to specify the clients IPv4 address assignment also provided with the DHCPOFFER packet
  4. MAC Address - The DNS Server field should be a valid IPv4 address of a DNS server for this subnet
  5. Assign Subnet - If an Admin level user has assigned custom subnets for the ISC DHCPD service you can assign any client here (this is more for managemet & inventory purposes)
  6. Assign PXE Group - If you wish the client the BOOTP option you can assign the client to a pre-configured PXE/BOOTP group here (note that any PXE/BOOTP group must be configured by and administrative level user)

♠ Managing Leases (User access level) ♠

If you wish to utilize the lease management for renewing and setting active states on available leases this area will allow you add/edit/delete leases, search for leases by IPv4, MAC Address, hostname and by specified date ranges. The data for this area is dynamically generated by comparing the filesize of the dhcpd.leases file and then process leases and 'attempts' to assign them a group ownership thereby disallowing cross group access to lease data. A screen shot detailing this area follows:

File:Manage-leaes.png
Managing Client Leases
  1. Search field - This area will allow you search for leases by IPv4 address, MAC (hardware) address or hostnames and specified date ranges
  2. Hostname - This field allows you to specify the clients hostname assignment provided with the DHCPOFFER packet
  3. IP Address - This field allows you to specify the clients IPv4 address assignment also provided with the DHCPOFFER packet
  4. MAC Address - The DNS Server field should be a valid IPv4 address of a DNS server for this subnet
  5. Current State - You can set an existing or new lease an active (in use) or free state utilizing these radio buttons
  6. Next State - The next available state for a lease can also be set to active or free using these radio selections
  7. Lease Start Time - Set the lease start time using this field. The '[x]' button to the right will give you a calendar to select from.
  8. Lease End Time - Set the lease end time using this field. The '[x]' button to the right will give you a calendar to select from.
  9. CLTT - Set the lease CLTT time using this field. The '[x]' button to the right will give you a calendar to select from.
  10. Abandoned? - Set the lease to an abandoned state using this field. The '[x]' button to the right will give you a calendar to select from.
  11. Circut ID - Set the circut ID value using this field (optional field and is automatically populated if data exists in lease file)
  12. Remote ID - Set the remote ID value using this field (optional field and is automatically populated if data exists in lease file)
  13. DDNS-Text - Set the DDNS-Text value using this field (optional field and is automatically populated if data exists in lease file)
  14. DDNS-FWD-Name - Set the DDNS-FWD-Name value using this field (optional field and is automatically populated if data exists in lease file)
  15. DDNS-Client-FQDN - Set the DDNS-Client-FQDN value using this field (optional field and is automatically populated if data exists in lease file)
  16. DDNS-REV-Name - Set the DDNS-REV-Name value using this field (optional field and is automatically populated if data exists in lease file)

The extra lease options are usually generated dynamically once a lease is issued to the client so you should not need to configure these options for a valid client lease.

♠ Managing Groups (Admin access level) ♠

This application was redeveloped with a Unix style permissions scheme to allow stricter access for ISC DHCPD environments which require limited access to subnets, pxe/bootp groups, custom class definitions, pool configurations, client management and lease management.

This area allows an Admin level user to manage groups assigned to the application ONLY if the authenticated user is a member of the 'admin' group which is designed to work as a 'root' level user thereby adding greater security between groups. A screen shot detailing this area follows:

File:Manage-groups.png
Managing Groups
  1. Name - Assign the group a unique identification name
  2. Manager - Assign a manager name for this group
  3. Phone - Assign a phone number to this group
  4. Description - Assign a brief description of the group

♠ Managing Users (Admin access level) ♠

This area allows an Admin level user to manage users assigned to their group. If the authenticated user is a member of the 'admin' group it can access ALL users defined in the application. A screen shot detailing this area follows:

File:Manage-users.png
Managing Users
  1. Username - Assign the user a unique username. This will be their authentication username
  2. First Name - Define the users first name
  3. Last Name - Define the users last name
  4. Access Level - Assign the users access level. The options are admin/user/view.
  5. Group - Assign the users access level. Depending on if the user is a member of the 'admin' group or a custom group already defined determines the group to which a user can be assigned.
  6. Department - A brief description of the users department
  7. Phone - Assign the user a contact phone number
  8. Email - This MUST be a valid email address for new accounts as a temporary password is sent to them at which time they can reset their password to something they wish

There is another section to this area specifically designed to reset user passwords either by generating a random one or entering a custom password for the user.

  1. User list - Select the username for which a password reset should occur
  2. Generate Random Password - Select this checkbox if you wish to have the application generate a random password
  3. Password field - Enter a custom password or user defined password for the selected user
  4. Confirm Password field - Enter a custom password or user defined password for the selected user

♠ Restarting DHCPD Service ♠

This area will allow you do a couple of things, review the dhcpd.conf before the file gets written, a flag getting set to restart the service (using the crontab entry setup during installation and setup), check the output for errors etc. A text example of the output (detailing all configurable options for the dhcpd.conf) is available here: example dhcpd.

  1. Generates new output for the dhcpd.conf file
  2. Checks output for errors prior to allowing service restart
  3. Writes new dhcpd.conf file
  4. Signals crontab entry that the service needs to be restarted (this function is checked every minute if crontab entry was setup correctly)

♠ Error Codes & Troubleshooting ♠

  1. The ISC DHCPD service is currently running - This message is used to indicate the ISC DHCPD Service in a running state
  2. The ISC DHCPD service is currently not running. - This message is used to indicate the ISC DHCPD Service in a down state
  3. Database configuration error, please contact administrator. - There is a misconfiguration of the phpDHCPAdmin service
  4. Database connection error, please check configuration - There was a problem when connecting to the phpDHCPAdmin database
  5. There was an error when performing search, syntax error. - Error indicates a syntax error when attempting to perform a search for static hosts
  6. Database selection error, please check configuration. - There was a problem when selecting the database
  7. There was an error looking up data from the database - An error occurred when performing a record search
  8. The information listed below has been entered into the database successfully - This message is shown when a new record has been added
  9. There was a problem inserting the new record. - This error indicates a problem with a new record creation
  10. The information listed below was modified within the database successfully - This message is shown when an existing record has been modified
  11. There was an error when modifying the database entry - This error occurs when an update to an existing record does not occur
  12. The information listed below has been deleted from the database records - The message indicates a sucessful deletion of an existing record or records
  13. There was an error when attempting to remove database record - This error inidicates an error when removing a database record
  14. The table was analyzed, checked and optimized - This error is displayed if table records were repaired or re-indexed
  15. Any order records that were unlinked from the items list or vice versa have been repaired - This error indicates cross linked records between tables have been repaired if errors were found
  16. A new user has been created and an email confirmation has been sent to the email address for this user to activate the account and reset their password - This message indicates the creation of a new user account and the successful emailing of their new account data
  17. There was an error when attempting to send out the users confirmation email, you may need to delete this user from the database and create a new user with a valid email address or check the web servers email configuration - This error indicates a problem in either the new account creation or a problem when sending the users confirmation email
  18. Missing data, please try again... - There are fields in the form that was just submitted that were not filled out
  19. Invalid string detected, allowable types are [a-z]. - An illegal string was found for a specific database record field type. Allowed string types are [a-zA-Z]
  20. Your password information is invalid. Allowed characters are [a-z0-9]+[-!#$%&\'*+\\./=?^_`{|}~<>] with a max length of 25 - This message is displayed when a new password for a user is reset or created or when a user logs in to reset their own password
  21. Your password information is invalid. The two password fields do not match, please try again. - This message indicates mismatched passwords
  22. An error occured when resetting the password information, details follow... - Generic error when password information is inaccurate
  23. Invalid Hostname, allowable types are [a-z0-9-] - Indicates an error with a valid hostname type. According to RFC1178 a valid hostname is [a-zA-Z0-90]
  24. Invalid IPv4 address detected, allowable types are [0-255].[0-255].[0-255].[0-255]. - Indicates an invalid IPv4 address
  25. Invalid data detected. IPv4, MAC or Hostname is invalid (please review the below for acceptable formats).- Generic error when dealing with one field and multiple valid data types
  26. Invalid MAC format detected, allowable types are [a-f0-9](:|-) x 6. Example: 00:aa:11:bb:22:cc - Invalid MAC address information detected
  27. Invalid data found, detected possible XSS/SQL injection attack. - Error used when data mimicking an XSS attack was detected.
  28. Invalid data found, must be a valid FQDN, possible XSS attack. - Another error dealing with the same type of invalid data
  29. Invalid data found, detected possible XSS/SQL injection attack. - Error displayed when data resembles a blind SQL injection
  30. Invalid data found, detected possible Buffer Overflow detected. Data must be reset. Re-directing... - Displayed with an invalid data length was found
  31. Invalid alphanumeric data found, allowable character sets are [a-z] and [0-9]. - Error displayed when anything but a valid Alpha-Numeric data type was detected
  32. Invalid number data found, allowable characters are [0-9]. - Error to indicate an invalid decimal type
  33. Invalid monetary amount detected, allowable format is [0-9]{0,40}.[0-9]{0,2} - Error to indicate an invalid monetary decimal data type
  34. Invalid paragraph format detected, only UTF-8 and alpha numeric characters allowed. - Used to indicate an error when paragraph data is expected with valid punctuation
  35. Invalid user, the credentials you entered were not found in the database. - Error to indicate an invalid user was processed
  36. Invalid user, you did not enter a username and password combination. - A invalid username or password was entered during authentication. No user found
  37. Timed out. Your session has been timed out due to inactivity. - Generic timeout error message
  38. Unauthorized access detected. Your access level is restricted. - Error displayed when user is attempting to access a restricted page
  39. You have chosen to log out. All authentication data has been destroyed and you will be re-directed to the log in page momentarily. - Log out message
  40. Undefined error. - Generic configuration error message
  41. Undefined SQL error. You may wish to check the configuration setup. - Used to display an error with the default configuration
  42. Your database query returned '0' results - Empty results search error message
  43. The configuration file is missing - Missing configuration file error message
  44. You configuration is invalid or this script is attempting to be accessed from another domain or IP address - Error displayed when a data type is attempting to run a remote script from the currently configured webserver

♠ Graphs & Descriptions ♠

There are several graphs to assist by providing a quick visual aid to determining the amount of network traffic per network interface, amount of leases per subnet or pool vs. amount of leases in use per subnet or pool, as well as amount of static hosts assigned to each subnet & or to pxe/bootp grouping.

  1. Network Traffic - Provides a visual representation of total amount of network traffic per configured network interface in the last 6 hours compared to the last 60 minutes. Fig. 2a
  2. Available Leases - Provides the amount of available leases vs. the amount of leases current in use per subnet and/or pool. Fig. 2b
  3. Hosts per subnet - Provides a pie chart detailing the amount of statically configured hosts per configured subnet. Fig. 2c
  4. Hosts per PXE/BOOTP Group - If hosts have been assigned to a configured pxe/bootp group this graph will show you percentages of static hosts per pxe/bootp group. Fig. 2d

♠ Details on access levels and group permissions ♠

Due to requests regarding stricter access to subnets, PXE/BOOTP groups, static hosts, DNSSEC key, DNS Zones, classes and pool configurations I have integrated *nix style permissions. Below are details regarding said permissions.

  1. Groups
    • Admin - The admin group is the default group and should not be removed as this group.
  2. Access Levels
    • admin - The admin access level is used for the global features available
    • user - The user access level is used for strict control of access and is good for 1st tier support to manage leases and static hosts
    • view - The view access level provides even stricter control and only allows access to restarting the service and viewing the various graphs
  3. Users
    • admin - The admin user is a member of the admin group. This user is setup upon primary installation and provides quick access to configure new groups and users

Now that I have laid out some of the basic information regarding default users, default groups and the access levels available within the application there are some 'best practices' you should be aware of.

When you first import the phpDHCPAdmin-0.9.4-beta.sql file it does a couple of things in regards to the access levels, users and groups. Below is a brief summary:

  1. Creates a table called 'conf_levels' which holds the various access levels to which a new user can be assigned.
    • admin access level has access to all features (this is not applicable if the new user is not a member of the 'admin' group
    • user access level has access to management of static hosts and current leases (if the user is NOT a member of the 'admin' group they cannot access other group's static hosts and/or leases
    • view access level has strict limited access to restarting the service and viewing the available graphing features
  2. Creates a table called 'conf_groups' which also creates one default group called 'admin'
  3. Creates a table called 'conf_users' which also creates one default user called 'admin' with the default password of 'phpDHCPAdmin' and prompts the user to change the password on first access
Personal tools