How to clear the DHCP GUI in OSX Server? Ghost clients in the building

dhcpdhcpdmac-osxmac-osx-server

I have a few client machines showing up in the network (not only in Server.app but also in various logs), which have "Computer Names" (Bonjour names in Apple-speak) which I don't recognize, but probably are old clients or more likely old names of active clients. I haven't yet been able to match the MAC addresses with newer Computer Names or hostnames in the logs, etc., either, and I don't have much historical data to work with for example previous, confirmed clients on the network.

To make things little weirder, the same clients show up in the logs of some Cisco switches, and are not always on the same floor of the building, which is strange because the MACs lookup by manufacturer to likely be iMacs. I see 2-4 of these fairly consistently, in a network where we have around 100 of similar iMacs, which would have all been imaged in a similar way, but do not have this cached data, or whatever it is.

It temporarily clears the names out of the dhcp list by turning off dhcp (in this case by using the GUI in Server.app), then deleting or editing /var/db/dhcpd_leases, and turning back on the service, but then they appear again after a few minutes. How can I remove them?… or should I have other network and/or security concerns?

Any tips more generically about how manage DHCP in Darwin/OSX on the command line, would help as well. The entire DHCP setup in Server.app seems buggy/laggy to me.

This question is in regards to a server with OSX Server 5.0 over OSX 10.11 running clients on 10.10 and 10.11.

Best Answer

The ghosts have been captured.

The real lesson here

...is to always fully research, overview, and document all new hardware in your networks.

Make time to proactively volunteer to set things up right the first time, even if it is not your sole responsibility, and even if your boss wants to setup the new devices.

Specific details

In my case one client was a laptop from a former employee, now an outside consultant, whose machine was running on the wrong LAN, and had not been properly checked to be on that network; and the other client was a phone which had also not been confirmed and checked-in to my hardware lists. (The comment that both MAC numbers were iMacs was a mistake).
My method of clearing DHCP on OSX Server, was correct; I've cited it again below.
In regards to how manage DHCP on OSX & Darwin, especially on the command line, read on--I've self-answered and left a small trail of interesting links:

OSX DHCP Overview

The quintessential guie to Mac OS X Server Command-Line Administration, which is directly from Apple, albeit from a previous version of OSX, contains enough information about managing Macs from the command line to keep you busy reading through an entire vacation.

If that is not enough, there is also a massive article on OSX DHCP at Krypted.com.

Turning off DHCP (several methods are described just below) then deleting or editing /var/db/dhcpd_leases and turning back on the service, is indeed the best way to clear the leases.

You can turn off and on DHCP using the giant switch icon on the DHCP tab, at the upper-right of the screen, in the GUI of the current version of Server.app.

Alternatively, on the command line, you can execute (likely as root): serveradmin stop dhcp to stop DHCP and serveradmin start dhcp.

You can get loads of information about DHCP by typing:

serveradmin fullstatus dhcp

A Note about Bootstrap Protocol

For your log-reading pleasure, it is also important to know that Bootpd handles bootp instructions (internet bootstrap protocol), which is intertwined with DHCP, and the community of Wikipedians had the best definition I saw after a bit of searching about this relationship:

"... The Bootstrap Protocol (BOOTP) is a computer networking protocol used in Internet Protocol networks to automatically assign an IP address to network devices from a configuration server... While some parts of BOOTP have been effectively superseded by the Dynamic Host Configuration Protocol (DHCP), which adds the feature of leases, parts of BOOTP are used to provide service to the DHCP protocol. DHCP servers also provide the legacy BOOTP functionality."

This Technet article from Microsoft has also a very interesting comparison of the relationship between these two daemons, as well, for an additional resource.

You may also be able to use launchd, in a pinch, to essentially disable and re-enable DHCP, since DHCP depends on its services, for example, it's particular leases are stored at /etc/bootpd.leases, but contrary to old information floating around the web, this will not necessarily clear current versions of OSX Server DHCP information.

For example:

sudo /bin/launchctl unload -w /System/Library/LaunchDaemons/bootps.plist followed by sudo /bin/launchctl load -w /System/Library/LaunchDaemons/bootps.plist will restart the bootstrap service.

Related Solutions

Some DHCP clients end up with wrong DNS server

I would run a packet dump on a few of these boxes until it happens. See if you can find anything network related. Maybe you will see some packets that give you an idea if it is not that.

Can a group policy in Windows set the DNS server. Maybe somehow there has been a strange GP applied on the domain?

Update:
I have never done this, but since it seems like you are getting a little desperate, what about blowing away the current DHCP database. These instructions say how to back up the mdb file, so maybe moving it somehwere else will make it so DHCP creates a new one after restarting. That might fix the problem...

The thing that doesn't jive in my mind, :-), is why clients would be getting new information if their lease hasn't expired yet and they haven't rebooted... is this what is happening?

Active Directory – Move DHCP/DNS Services to Linux

The problem you're going to run into is that Active Directory uses DNS to tell client machines where to find various resources, so turning off DNS on the Windows server will eventually stop things that require Active Directory from working. It sounds like it worked for a number of hours because clients had it cached, but then the cache expired.

My suggestion would be to run bind on your Linux server, and make it act as a secondary to your Windows server, and then configure your DHCP server to give out the Linux server as the DNS server clients should be using. That way, your DNS queries are offloaded onto the Linux server whilst retaining the ability to use Active Directory.

You'll need a line in your named.conf (or such) a bit like this:-

zone "ad.internal.company.com"
{
  type slave;
  file "/etc/bind/db.ad.internal.company.com";
  masters { aaa.bbb.ccc.ddd; };
};

Not sure which version of SBS you're on, but for 2003, open up the dnsmgmt console, go to the properties for your active directory domain, and add your Linux server as a nameserver on the Name Servers tab. You'll also want to make sure Allow zone transfers is ticked on the Zone Transfers tab, along with Only to servers listed on the Name Servers tab. Additionally, you'll want to make sure that when you click Notify... (also on the Zone Transfers tab), that Automatically notify and Servers listed on the Name Servers tab are selected.

Reload (or restart) bind on your Linux server, and keep an eye on the logs, and you should see bind requesting a copy of the zonefile from the Windows server. To make sure everything's working, try making an addition to the zonefile on the Windows server and make it's propagated to bind on the Linux server.

Hope that helps!

How to clear the DHCP GUI in OSX Server? Ghost clients in the building

Best Answer

The real lesson here

Specific details

OSX DHCP Overview

Related Topic