Register Workstations to Containers based on IP Address
Novell Cool Solutions: Trench
By Patrick Farrell
Digg This -
Posted: 29 Aug 2003
We wanted a way to register workstations to specified containers based on their IP address. We have users that float back and forth between multiple locations, and this would occasionally lead to a workstation from site B showing up in site A's container. In addition, on some small sites we have no server at all, and therefore we couldn't have a server-associated server package to separate those workstations into a separate container.
The goal was to have a workstation container for each branch, whether it had a server or not.
In our setup, we have unique IP subnets in each branch which are handed out via DHCP in most cases, and in the smaller branches they are static assigned. For example, Site1 might be 192.168.10.xx, Site2 192.168.20.xx, Site3 192.168.30.xx and so on. It is possible via the normal Novell login script to parse these addresses and execute a given policy with zwsreg (only tested with ZfD4). I have each branch's objects in its own OU. Under that OU I have a zen policy container, and a workstations container.
I created a server package policy under each site and filled in the appropriate details for the import policy so that it imports to the specified container for that OU. I also filled in the inventory service and the removal policies. I then associated that with the workstation container. This obviously will have no effect until workstations are in the container, but it's primarily done to handle removal.
I then used the workstation_address variable in the login script to determine if the IP address was in range. IP's are returned in hexadecimal format. For example 192.168.10.1 would be C0A80A01. Each pair of numbers represents an octet. I have a series of IF/Then statements that cover each branch's range, and I put these in the login scripts for all containers. The end result was exactly what I had hoped for, in that each site has its workstations in separate containers.
An example is provided below of the setup. One thing to take into account is notebook computers. I am not going into them with my example, but there are ways to handle this, such as setting an environment variable on the notebooks, and having them excluded from the IP address check and imported based on the variable in the login script.
Let's assume you have a top level O=CORP and three locations, each with its own OU of Site1, Site2, and Site3 respectively. Site1 has an IP range of 192.168.10.xx, Site2 is 192.168.20.xx and Site3 is 192.168.30.xx Under each Site OU we have an zfd4_pol OU to hold policies, and a workstations OU to hold the workstations object. For good measure I also created a workstation group object in each and set up the import policies to also add them to that group object on import in case I need this later.
Create a server package policy called site1-import in zfd4_pol.site1.corp. Specify the import policy to import workstations into the selected container of workstations.site1.corp. Make sure you add workstations.site1.corp to the containers screen to give it rights to create the objects. Specify removal, roll up, and ZENworks database policies if needed.
Repeat for Site2 and Site3, changing the import location for each to the workstation OU in the site's OU as well as the containers screen to allow creation rights.
Now in the login script for Site1, Site2, and Site3, add the following:
IF NETWORK_ADDRESS > "C0A80A00" AND NETWORK_ADDRESS < "C0A80AFF" THEN
@zwsreg -importserver 0 -importpolicy "Site1-IMPORT:General:Workstation Import.zfd4_pol.site1.corp"
IF NETWORK_ADDRESS > "C0A81400" AND NETWORK_ADDRESS < "C0A814FF" THEN @zwsreg -importserver 0 -importpolicy "Site2-IMPORT:General:Workstation Import.zfd4_pol.site2.corp" END
IF NETWORK_ADDRESS > "C0A81E00" AND NETWORK_ADDRESS < "C0A81EFF" THEN @zwsreg -importserver 0 -importpolicy "Site3-IMPORT:General:Workstation Import.zfd4_pol.site3.corp" END
This will result in all new workstation registrations getting sorted to their correct containers based on their IP address. You will need to delete the existing workstation objects in order for them to be imported into the new containers, or run zwsreg -unreg in the script before the IF/Then statements.
NOTE: Here's a potential gotcha. Make sure that you have no workstation import policies associated with the import servers. If you do, those will run before the login script and create the workstation in the location assigned in that policy. If you have an existing workstation object, the login script will not create a new one in the specified location, nor will it move the old one.
If you have any questions you may contact Patrick at firstname.lastname@example.org
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com