/var/log/daemon.log shows entries like
Oct 19 20:09:02 ucs42 dhcpd: DHCPINFORM from 192.168.156.xx1 via eth0: not authoritative for subnet 192.168.156.0
The configuration is missing the “authoritative” statement
man 5 dhcpd.conf:
The authoritative statement authoritative; not authoritative; The DHCP server will normally assume that the configuration information about a given network segment is not known to be correct and is not authoritative. This is so that if a naive user installs a DHCP server not fully understanding how to configure it, it does not send spurious DHCPNAK messages to clients that have obtained addresses from a legitimate DHCP server on the network. Network administrators setting up authoritative DHCP servers for their networks should always write authoritative; at the top of their configuration file to indicate that the DHCP server should send DHCPNAK messages to misconfigured clients. If this is not done, clients will be unable to get a correct IP address after changing subnets until their old lease has expired, which could take quite a long time. Usually, writing authoritative; at the top level of the file should be sufficient. However, if a DHCP server is to be set up so that it is aware of some networks for which it is authorita‐ tive and some networks for which it is not, it may be more appropriate to declare authority on a per-network-segment basis. Note that the most specific scope for which the concept of authority makes any sense is the physical network segment - either a shared-network statement or a subnet statement that is not contained within a shared-network statement. It is not meaningful to specify that the server is authoritative for some subnets within a shared network, but not authoritative for others, nor is it meaningful to specify that the server is authoritative for some host declarations and not others.
Given that the the DHCP-Service provided by UCS should act as authoritative it is required to add a “DHCP statements” policy as mentioned in Further DHCP policies which at least should contain the “authoritative” configuration.
$ udm policies/dhcp_statements list DN: cn=default dhcp statements,cn=statements,cn=dhcp,cn=policies,dc=... authoritative: yes boot-unknown-clients: None getLeaseHostnames: None ldapFilter: None name: default dhcp statements pingCheck: None serverIdentifier: None serverName: None
If there is no policy with an “
authoritative” variable you have to create it. Use either web based UMC or use udm as follows:
udm policies/dhcp_statements create --position "cn=policies,dc=domain,dc=de" --set name="DHCP authoritative" --set authoritative=yes
Once the policy is created, attach it to the DHCP service (Again, through UMC or udm):
udm dhcp/service modify --dn "cn=domain.de,cn=dhcp,dc=domain,dc=de" --policy-reference "cn=DHCP authoritative,cn=policies,dc=domain,dc=de"
$ udm dhcp/service list DN: cn=servicename,cn=dhcp,... service: servicename [...] univentionPolicyReference: cn=DHCP authoritative,cn=policies,dc=domain,dc=de
Web based with UMC as Web-UI
Navigate to Domain --> DHCP --> RIGHT click on Domain --> select Policies
Select Policy "DHCP Statement” and RIGHT click to Edit Policy
Set “Authoritative” to “Yes”