| Computers, printers, routers, and servers all communicate via IP addresses. But where do these addresses come from? There are routable addresses and nonroutable addresses, or public and private addresses. Chapter 3 discusses these address ranges. You now need to decide how you can best manage computers connected to your network. Perhaps they will obtain an address from your server; if that's the case, then understanding how to set up DHCP services is an essential piece of Mac OS X Server. Prior to turning on your DHCP service, you need to ask anyone else on your network if their computer is acting as the DHCP server. Having two DHCP servers on the same network can wreak havoc on the network and should be avoided at all costs. You can also quickly change the setting of any client computer to DHCP and see if it obtains anything but a 169.254.x.x address, or self-assigned address, indicating that there is no DHCP server on the local network. At the bottom of the Server Admin pane, there are four buttons that deal with DHCP: Overview shows whether the service is running and displays the current number of leases. Log displays the current log file for the DHCP service. Clients shows all the client machines that are using an address given to them by the DHCP service. Settings shows how many network ranges (called subnets) you're serving addresses to and what network interface you're using for each range. This tab also lets you set your desired level of logging.
Passing out information via DHCP Assuming you've done your homework and determined that your Mac OS X Server is going to be a DHCP server for your network, decide which addresses you want to pass out to the client computers. You should also decide whether passing out extra information with the address is necessary for your network. For example, Mac OS X DHCP server can pass out the following information to a client: IP address, subnet mask, router address, DNS addresses, search domains, LDAP information, and Windows WINS information. All this information is transferred from the server to the client when the client asks for an address. Let's examine what takes place when a DHCP server is on the network: 1. | The client machine starts up and searches for a DHCP server.
| 2. | The DHCP server responds to the client and offers the client an IP address and other information.
| 3. | The client formally requests the information from the server, and the server sends it down to the client.
| 4. | The client asks any other computers or printers on the network if the address offered is already taken.
| 5. | If no one responds that they have the IP address in question, the client then proceeds to commit the information to memory. The client is leasing the address from the server.
|
This process takes place every so often during the day. If you tell your server to give out addresses for eight hours, then your client will ask the server if it can renew the address it has at four hours, or half the lease time. Having leases that run for six months can be useful when you have only a handful of computers; but if you have laptops that come and go, and people hopping on and off their computers all day, it's better to set the lease time for 8 hours so that you're assured the client computers will ask for a renewal during a standard eight-hour day, thus potentially freeing up addresses for others to use the following day. Again, before you start the DHCP service on your Mac OS X Server, be sure no one else is providing DHCP services on your network. To change DHCP service settings 1. | In Server Admin, select the DHCP service for your server in the Computers & Services list.
| 2. | Click Settings and then select the Subnets tab (Figure 6.11).
Figure 6.11. Launch the Server Admin tool, and choose the DHCP service from the service list. 
| 3. | Click the plus button to open an Editing pane, where you can enter the following information (Figure 6.12):
- Subnet Name
- Starting IP Address
- Ending IP Address
- Subnet Mask
- Network Interface
- Router
- Lease Time
Figure 6.12. Double-clicking the DHCP subnet reveals the four settings tabs for that particular subnet. The General tab allows entry of standard DHCP data. 
| 4. | Select the DNS tab, and enter the appropriate DNS information you want the client computers to receive (Figure 6.13).
Figure 6.13. Data entered in the DNS tab is pushed down to the client with the IP information. 
You may enter more than one DNS and search domain.
| | | 5. | Click the back arrow in the top-left corner of the pane to return to the Subnets pane.
| 6. | Click the Enable check box, if it's not already checked (Figure 6.14).
Figure 6.14. Ensure the Enable check box is selected prior to starting the DHCP service. 
| 7. | Click Save and then click Start Service to start the DHCP service.
|
 Tip
You can set up two DHCP subnets on the same interface. You might do this if you already have a printer or a server within the range of addresses you wish to use. For example, if you have a server or a printer with an IP address of 192.168.1.50, you can have two DHCP rangesthe first going from 192.168.1.2 to 192.168.1.49 and the second range going from 192.168.1.51 to 192.168.1.200, thereby skipping the address users already know.
The ipconfig Tool You can always check your server to ensure you're pushing down the appropriate information, but how do you tell from the client side if the information makes it down to the client? When you're utilizing any DHCP server, you can check what information is being handed down to the client by using a command-line tool called ipconfig. You use the command ipconfig getpacket enx (where x is the number of your Ethernet connectionen0, en1, en2, and so on) to see what information your DHCP server is sending down to your client. Open the Terminal, type the command, and press Return. You'll see all the information your DHCP server is sending you. Using en0 tells the command to look at your built-in Ethernet connection. Use en1 if you want to look at the DHCP information that's gathered from a computer with an airport card. |
About DHCP and LDAP You've just learned how to push down IP address information that allows users to connect to your network. But what if your needs are bigger? What if you have home directories on your server and you want the client machines to automatically find them? As discussed in Chapter 3, you can make a Mac OS X Server an LDAP server; one function of that is allowing home folders to exist on the server. If you have more than 200 client machines, going to each machine to point it to the server is tedious and time consuming. A better way is to allow the DHCP server to push down the information to each client along with the IP address information. To set up the DHCP service to propagate LDAP information 1. | Select the DHCP service for your server in the Computers & Services list, click Settings, and then select the Subnets tab (Figure 6.15).
Figure 6.15. Starting and viewing the subnet for the DHCP service. 
| 2. | Double-click the subnet to open an Editing pane.
| | | 3. | Select the LDAP tab and enter the appropriate information (Figure 6.16):
- Server Name is the fully qualified domain name of your server, such as xserver.example.com. This entry is different from those of DNS and should not have a trailing dot at the end of the name.
- Search Base is the LDAP search base of your server. In most cases, this looks something like dc=servername, dc=example,dc=com, which parses your domain name into standard LDAP structure. For more information on what to enter here, refer back to the "To create a master directory" task in Chapter 3.
- Port lets you enter a port for the information to go over, or leave this field blank to use the default port.
- Click the LDAP over SSL check box to secure your connection over Secure Socket Layer (discussed in Chapter 10, "Security").
Figure 6.16. Double-click the subnet, and enter the LDAP data to be pushed down to the client. 
| 4. | Click the back arrow in the top-left corner of the pane to return to the Subnets pane.
| 5. | When you've finished making changes, click Save.
If the DHCP service is already running, you'll be prompted to restart the service. Doing so implements your changes.
|
Tip Recall that the LDAP information is needed so the client machine can see the server. In this manner, the client can authenticate against the server and obtain a home folder or other shared folders. If the client machines are already configured to accept a DHCP address, all you have to do is ensure that the LDAP information is passed down along with the IP information.
To set up the client to search for DHCP-supplied LDAP information 1. | On Mac OS X computer(s), launch Directory Access, click the lock in the lower-left corner, and select the Services tab (Figure 6.17).
Figure 6.17. Opening Directory Access on a Mac OS X computer to check the LDAP plug-in status. 
| 2. | Select the LDAP plug-in and double-click it to open a new pane.
| 3. | Click the "Add DHCP-supplied LDAP servers" check box, if it's not already selected, and click OK (Figure 6.18).
Figure 6.18. Be sure the "Add DHCP-supplied LDAP servers" option is selected, which allows the client to obtain the LDAP information from the DHCP server. 
| 4. | Select the Authentication tab and from the Search pop-up menu, choose Automatic as the path where Open Directory searches for authentication information (Figure 6.19).
Figure 6.19. Check the Authentication tab of the Directory Access application. LDAP information is being pushed down from the DHCP server. 
Your client machine is now ready to look for LDAP information. If your client machine is getting the DHCP LDAP information, you should see your server's information in the authentication list. If you don't, be sure your DHCP server is sending down the appropriate information.
|
Tips One other set of data can be pushed down to a client machine: WINS data. Windows Internet Naming Service (WINS) is used by Windows computers to locate one another on a network across subnets. If you have Windows clients obtaining an address from a Mac OS X Server, you configure the DHCP server to push down the WINS information. Using Mac OS X Server as a DHCP server is an excellent way to reduce dependency on an existing Windows server that can now be retired.
Restricting DHCP There may be a time when you wish to specify which computers receive a certain IP address. For example, you may have computers and printers that always need the same address, yet you do not want your users to set their computers and printers with static addresses. Use the Static Maps tab of the DHCP service to restrict which computers receive a given IP address from a Mac OS X Server DHCP service. To restrict IP addresses to specific computers 1. | Launch Server Admin and select the DHCP service for your server in the Computers & Services list.
| 2. | Click Settings and select the Static Maps tab (Figure 6.20).
Figure 6.20. Static Maps force a given IP address to a specific device. 
| 3. | Click the plus button to open a pane where you can add the hardware address of the built-in Ethernet interface that is associated with the machines that you want to allow or deny an address from the DHCP service (Figure 6.21).
Figure 6.21. Entering data to map a given IP address to a given hardware address. 
| | | 4. | Click OK to return to the Static Maps pane and review your changes to the IP addresses (Figure 6.22).
Figure 6.22. Viewing all mapped hardware addresses and their associated IP addresses. 
| 5. | When you've finished making changes, click Save.
Your DHCP service will now map given IP addresses to the devices listed in the Static Map window.
| 6. | To restart the DHCP service and have the devices request a new address, restart the devices or unplug the Ethernet cable and plug it back in.
|
Tips All DHCP service data is stored in the NetInfo database. You can view and edit this information directly by open NetInfo Manager and going to the /config/dhcp/subnets record. For best results, you should create a DHCP subnet that includes all of your statically mapped addresses.
|
