Some may recall that in 2003 I wrote a tool which provides a useful extension to the DHCP server of Windows 2000 – MACkerer (no support!!!), written in Delphi. Meanwhile years have gone by, but I wasn’t lazy. In 2004 I ported the extension to C and extended it by an installation program. Furthermore the syntax and the logging functions have been really enhanced during this process. I called the new version MACkerer2.
Sadly I have never made this version available to the public – mea culpa . This is done by this article now. Furthermore I have to announce that I am working on a C++ version of MACkerer2. This version will still be called MACkerer2 but will have an internal version number 2.x, while the C-version internally was a 1.x version (named MACkerer2). The 2 in the name has nothing to do with the actual version number, it shows that it was a complete rewrite. The version offered for download above has been tested on Windows 2003 Server meanwhile and worked without any problems.
But let us come back to the use of the extension. The MS-DHCP server offers to create reservations inside a scope, where you can assign the same IP to a certain machine identified by its MAC. That is quite useful but has its limits. Where, you ask? Well, that is easy to explain. As some readers may know, I was administrator of a PC pool at my university for some years. Somewhen users came with their laptops and asked whether they could connect to our network. The main university admins had no objections, but we did not want to loose control over the network. Sadly there was this significant problem – the limits of the MS-DHCP server. While you can create reservations, there is no solution if you want to allow a user base that is larger than the number of simultaneously available IP addresses to be limited in access to the DHCP server. Of course the case that all users would be online at once can be ruled out, so that we were stuck. No IPs could be assigned twice – an unsovable problem. But what for am I a software developer? I just created a solution for the problem!
The solution was – from its very beginning – an extension DLL for the MS-DHCP server. This DLL allowed to manipulate the output to the clients. The most important function is to read allowed MACs from a list. MACkerer2 can be configured to reject unknown MAC addresses (i.e. don’t assign IPs to them). Furthermore every MAC record can optionally contain a name, email address and status. This makes it possible to identify a specific user. Since the logging functionality has been enhanced significantly, one can track who requested an IP address from the server – or better, who plugged in the network cable at what time. Et voila you got what you wanted: a limited number of IP addresses can be shared by a bigger number of users while maintaining access restrictions.
Currently there is no GUI or other comfortable way to edit the configuration files – you have to do this manually. The syntax has been derived from the Apache configuration files. Here is an example:
# This is a comment <MAC 11-22-33-DD-EE-FF> Name = "Full Name" Status = 1 Email = "firstname.lastname@example.org" Registered = "2003-01-01@00-00-00" </MAC>
In the above example you can easily see the identification of the record by the MAC, while the record can contain optional attributes. In the current version of MACkerer2 all attributes are optional. The name is a simple text string. The
Status can take a value of 0 or 1. While 0 means that the user account is “active”. This means that if
AllowOnlyRegistered = 1 in the main configuration (see below) an IP will be assigned to the machine identified by this MAC address. If the value is 1 or otherwise not equal 0, the machine will be rejected and does not receive an IP from the DHCP server. Attention: currently only the values 0 and 1 are defined. Another value bigger than 1 has currently the same meaning as 1, which may change in future versions, though. Therefore it is recommended to stick to 0 and 1. If not explicit value was given, the default is 0 (i.e. “active”).
Despite the records for the MAC addresses, which – while optional – should be filled with useful values to provide for good log file output, there is the main configuration block of the configuration file. It controls for example which actions will be logged by MACkerer2 and where the log file is to be stored. Here is the main configuration block from the template configuration file which is located in
%SystemRoot%\System32\dhcp right after the installation:
<MAIN> # Log any events connected with start/restart/stop-ing the service # DEFAULT = 1 (On) LogDaemonEvents = 1 # Log all events when a packet has been dropped or denied # because of some reason # DEFAULT = 1 (On) LogDrop = 1 # Log events when a new packet was allowed to pass. # DEFAULT = 1 (On) LogPass = 1 # Log IP offers from the DHCP server # DEFAULT = 1 (On) LogOffer = 1 # Log IP released by client # DEFAULT = 1 (On) LogRelease = 1 # Log if a user has been added using the DLL functions # DEFAULT = 1 (On) LogAddUsr = 1 # Log if a user has been deleted using the DLL functions # DEFAULT = 1 (On) LogDelUsr = 1 # Log if a user has been updated using the DLL functions # (does not include deletetion!) # DEFAULT = 1 (On) LogUpdUsr = 1 # Note: This is highly technical and may only be interesting # for admins resolving DHCP server problems. This includes # events from DhcpPktDropHook() # DEFAULT = 0 (Off) LogDebugEvents = 0 # This defines wether any MAC is allowed to pass or only # registered ones AllowOnlyRegistered = 0 # Defines the path to the logfile(s) (without trailing backslash!) # It may contain environment variables, but the expanded # path must not exceed 255 characters! LogfilePath = "%SystemRoot%\System32\dhcp" </MAIN>
The new version on which I am working will also support UTF-8 and UCS-2 for configuration files which will aid in better internationalization. Furthermore features will be added which allow to manipulate the parameters for a client identified by its MAC individually without having to create a reservation (e.e. lease duration).
Have a lot of fun meanwhile