Re: C7, encryption, and clevis

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



John Hodrien wrote:
> On Fri, 8 Jun 2018, m.roth@xxxxxxxxx wrote:
>
>> We've been required to encrypt h/ds, and so have been rolling that out
>> over the last year or so. Thing is, you need to put in a password, of
>> course, to boot the system. My manager found a way to allow us to reboot
>> without being at the system's keyboard, a package called clevis. Works
>> fine... except in a couple of very special cases.
>>
>> Those systems, the problem is that, due to older software, and *very*
>> expensive licenses that are tied to a MAC address, I have to spoof the
>> MAC address since my users got new(er) machines.
>>
>> Clevis is trying to contact its password server, using the *real* MAC
>> address, but our DHCP has to serve the *spoofed* MAC address. I know,
>> from trying, that I can't have two entries for the same system. Can anyone
>> suggest a solution?
>
> Nothing wrong with having two MAC addresses listed for one IP.  With ISC
> DHCP the label for a host has to be unique, but the hostname doesn't.

The IP's not the problem, it's dhcpd gagging on two entries, two MAC
addresses, for the same server name - think dhcpd.conf.local

     mark

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]


  Powered by Linux