Client/user Static IP HELP

[neckoblack]

I was wonder if its possible to assign Static IPs to users in windows server 2012 R2

I have DHCP and DNS services running , users and i know a client pc can be assigned an ip but what i want to do is so that when a user logs in from any client there ip changes to the users assigned ip and when they log out and a new user logs in from that client pc the ip changes to either an assigned one or a random one from the ip pool

To explain my self a bit more i want user Sam to log on from client-PC 1 and be assigned a specific ip, then he logs out and user Guest logs on but the ip changed to one from the pool and the logs out and user April logs in and gets an assigned ip

is it even possible????

[kb5zue]

3 minutes ago, neckoblack said:

I was wonder if its possible to assign Static IPs to users in windows server 2012 R2

I have DHCP and DNS services running , users and i know a client pc can be assigned an ip but what i want to do is so that when a user logs in from any client there ip changes to the users assigned ip and when they log out and a new user logs in from that client pc the ip changes to either an assigned one or a random one from the ip pool

To explain my self a bit more i want user Sam to log on from client-PC 1 and be assigned a specific ip, then he logs out and user Guest logs on but the ip changed to one from the pool and the logs out and user April logs in and gets an assigned ip

is it even possible????

So you want to assign the IP to the user and not the device, right?  If so, then it wouldn't matter which device Sam logged in to, he would have the same IP no matter what.  Is that what I'm thinking?

[neckoblack]

10 minutes ago, kb5zue said:

So you want to assign the IP to the user and not the device, right?  If so, then it wouldn't matter which device Sam logged in to, he would have the same IP no matter what.  Is that what I'm thinking?

yes it is, tho it is assumed that he will only be logged on from 1 device at a time so not to cause conflict with the ip

[kb5zue]

Just now, neckoblack said:

yes it is

Hmmm...  Interesting idea.  Never thought of that idea before but it seems like it would be possible because the login i.d. and user password are static.  Sorry, but I don't have an answer to your question but I wanted to make sure I understood what exactly the question was.  I will have to track this and see what happens.  Good luck, really interesting idea.  If this is doable, then a network manager would be able to track his users no matter what device they used to log in to the network allowing the manager to keep track of what the user was doing on the network.

[brwainer]

The closest thing to this I can think of is 802.1X - which makes you log into the *network* before the device can connect. I know that it is possible via this to assign the device to a specific VLAN based on the user that logs in, but I don't know if that can assign an IP address based on the user.

[neckoblack]

On 8/5/2017 at 7:58 PM, kb5zue said:

Hmmm...  Interesting idea.  Never thought of that idea before but it seems like it would be possible because the login i.d. and user password are static.  Sorry, but I don't have an answer to your question but I wanted to make sure I understood what exactly the question was.  I will have to track this and see what happens.  Good luck, really interesting idea.  If this is doable, then a network manager would be able to track his users no matter what device they used to log in to the network allowing the manager to keep track of what the user was doing on the network.

I found a clue in the AD DS (active Directory) in user properties in one of the option it has the option to assign a static ip but i don't have wind7 pro to test it out, ill keep you informed if its possible or what else i run into. Im using a spanish version of the windows 2012 so i dont know whats it called in english, sorry

 

[brwainer]

On 8/5/2017 at 8:09 PM, neckoblack said:

I found a clue in the AD DS (active Directory) in user properties in one of the option it has the option to assign a static ip but i don't have wind7 pro to test it out, ill keep you informed if its possible or what else i run into. Im using a spanish version of the windows 2012 so i dont know whats it called in english, sorry

I'm not going to open a word document attached to a forum, that's asking for a virus. Ignoring that, my understanding of the IP section of the user properties only takes affect if the user is remoting in to the network. If a user is local to the network, then they already have an IP address assigned to the computer before they are able to log in to AD at all.

[kb5zue]

On 8/5/2017 at 8:09 PM, neckoblack said:

I found a clue in the AD DS (active Directory) in user properties in one of the option it has the option to assign a static ip but i don't have wind7 pro to test it out, ill keep you informed if its possible or what else i run into. Im using a spanish version of the windows 2012 so i dont know whats it called in english, sorry

Lociento, yo hablo espanol muy poco.  Yo vivo in Zaragoza, Espana por cinco anyo in 1983-1988.  My spanish sux big time.  Good Luck.

[neckoblack]

Just now, brwainer said:

I'm not going to open a word document attached to a forum, that's asking for a virus. Ignoring that, my understanding of the IP section of the user properties only takes affect if the user is remoting in to the network. If a user is local to the network, then they already have an IP address assigned to the computer before they are able to log in to AD at all.

did not know that, tho wouldnt the server change the ip address?

[neckoblack]

Just now, kb5zue said:

Lociento, yo hablo espanol muy poco.  Yo vivo in Zaragoza, Espana por cinco anyo in 1983-1988.  My spanish sux big time.  Good Luck.

My english is at a native level, thank you tho

[Jarsky]

As brwainer pointed out, AD doesn't do static IP assignment based on user. It does IP reservation based on mac address. Your router/switch will assign the IP address based on the DHCP Scope. 
 

I'm also unsure if there is some way to do this, but the user would have to authenticate first, and then have an IP address assigned and the network released/renewed - there may be some sort of software that does this, but tieing a specific user to a specific IP address afaik hasn't really been a requirement for a long time. Not even ISP's do this. 

[neckoblack]

6 minutes ago, Jarsky said:

As brwainer pointed out, AD doesn't do static IP assignment based on user. It does IP reservation based on mac address. Your router/switch will assign the IP address based on the DHCP Scope. 
 

I'm also unsure if there is some way to do this, but the user would have to authenticate first, and then have an IP address assigned and the network released/renewed - there may be some sort of software that does this, but tieing a specific user to a specific IP address afaik hasn't really been a requirement for a long time. Not even ISP's do this. 

Thank you, tho if it was a requirement a while back , could there be a way to do it today in windows server 2012 R2? i know an ip can be assigned to a client based on the client mac address, basically the user logs in and then based on the mac the DHCP server will asign it the ip , i have no idea if there is a way for the ip to be assigned after the user logs in and the DHCP serve on windows 2012 assigns it a specific ip based on the user and no the mac address its self...

[Jarsky]

31 minutes ago, neckoblack said:

Thank you, tho if it was a requirement a while back , could there be a way to do it today in windows server 2012 R2?

That comment was specifically talking about PPP authentication which was done via CHAP 

31 minutes ago, neckoblack said:

i know an ip can be assigned to a client based on the client mac address, basically the user logs in and then based on the mac the DHCP server will asign it the ip

That's not how it works. The IP address is assigned via the DHCP server after then nic is initialized. The user logging in doesn't have anything to do with the DHCP process. 

 

31 minutes ago, neckoblack said:

 i have no idea if there is a way for the ip to be assigned after the user logs in and the DHCP serve on windows 2012 assigns it a specific ip based on the user and no the mac address its self...

You won't be able to use Windows Server DHCP to do this if it's possible. 

[neckoblack]

10 minutes ago, Jarsky said:

That comment was specifically talking about PPP authentication which was done via CHAP 

That's not how it works. The IP address is assigned via the DHCP server after then nic is initialized. The user logging in doesn't have anything to do with the DHCP process. 

 

You won't be able to use Windows Server DHCP to do this if it's possible. 

Thank you

[burnsmorgan14]

On 8/5/2017 at 8:09 PM, neckoblack said:

I found a clue in the AD DS (active Directory) in user properties in one of the option it has the option to assign a static ip but i don't have wind7 pro to test it out, ill keep you informed if its possible or what else i run into. Im using a spanish version of the windows 2012 so i dont know whats it called in english, sorry

I think this is if the user connects via a VPN? Not 100% sure though

[Jarsky]

18 minutes ago, burnsmorgan14 said:

I think this is if the user connects via a VPN? Not 100% sure though

 

He's looking at Remote Access Settings.

This setting is for dialup/isdn connections.

 

 

 

[Mikensan]

Well I assume you're trying to achieve something by doing this, so lets start there. Why do you need/want the IP address to follow the user? It doesn't really achieve anything to the best of my knowledge.

 

That said, the best way is probably going to be using a captive portal. But the DHCP and captive portal together are going to need to be handled by your firewall/gateway. pfSense supports captive portals.

 

Or you could put the computers into a secure VLAN with access to nothing but a VPN server, and force every client to dial into the VPN server. The the VPN server can hand out IP addresses.

 

The issue with changing IP addresses by user is it'll get an IP before anyone logs in, and will obtain a lease. This lease is usually set for xx amount of time and will not bother looking for an IP address until the lease expires. It's also not good to a computer to be changing IP addresses so frequently, lot of services might get confused (just because it's supposed to work doesn't mean it always does).

 

If it's logging, most firewalls support some form of AD-integration and as such your logs will reflect who did what when most of the time. Newer firewalls go a step further since they're UTMs / Endpoint Protection services bundled together.

 

If it's control, there is a plethora of options for anything you can imagine.

[neckoblack]

5 hours ago, Mikensan said:

Well I assume you're trying to achieve something by doing this, so lets start there. Why do you need/want the IP address to follow the user? It doesn't really achieve anything to the best of my knowledge.

 

That said, the best way is probably going to be using a captive portal. But the DHCP and captive portal together are going to need to be handled by your firewall/gateway. pfSense supports captive portals.

 

Or you could put the computers into a secure VLAN with access to nothing but a VPN server, and force every client to dial into the VPN server. The the VPN server can hand out IP addresses.

 

The issue with changing IP addresses by user is it'll get an IP before anyone logs in, and will obtain a lease. This lease is usually set for xx amount of time and will not bother looking for an IP address until the lease expires. It's also not good to a computer to be changing IP addresses so frequently, lot of services might get confused (just because it's supposed to work doesn't mean it always does).

 

If it's logging, most firewalls support some form of AD-integration and as such your logs will reflect who did what when most of the time. Newer firewalls go a step further since they're UTMs / Endpoint Protection services bundled together.

 

If it's control, there is a plethora of options for anything you can imagine.

Thank you

[dalekphalm]

14 hours ago, neckoblack said:

Thank you

This is not the first time you've asked these questions.

 

And every time, you've ignored people when they try to find out WHY you need to assign an IP based on a user account.

 

If you actually want people to help you, you need to help us by explaining what your goal is.

[neckoblack]

4 hours ago, dalekphalm said:

This is not the first time you've asked these questions.

 

And every time, you've ignored people when they try to find out WHY you need to assign an IP based on a user account.

 

If you actually want people to help you, you need to help us by explaining what your goal is.

The goal was to use one client pc to demenstrat that certien users where assigned a specific ip address , we are using virtual box and have limitid phisical pcs with limited ram for each virtual client. I am also trying to creat a virtual private network either on virtual box using a virtual switch or windows server to acomplish this. i am having trouble installing hyper v , its giving me an error with the server.

[dalekphalm]

18 minutes ago, neckoblack said:

The goal was to use one client pc to demenstrat that certien users where assigned a specific ip address , we are using virtual box and have limitid phisical pcs with limited ram for each virtual client. I am also trying to creat a virtual private network either on virtual box using a virtual switch or windows server to acomplish this. i am having trouble installing hyper v , its giving me an error with the server.

You're not stating what the goal is.

 

WHY are you trying to demonstrate that certain users were assigned a specific IP Address?

 

Why does user "John" need IP 192.168.1.55, regardless of what computer he's on?

[neckoblack]

They need a static ip address and the goal was to give them a static ip address , which can be done with the mac add, how ever do to our limited resources we have for this project we wanted to see if it was possible to do this with the user, seeing that it cant be done this way , we are going to simulate it using additional network cards and use their mac address on virtual box, now what im looking to do is create a vpn on the server so a "department" can have access to a set pool of ips, i cant install hyper v for some reason on this virtual server so im looking for additional options to solve this problem

[neckoblack]

6 minutes ago, dalekphalm said:

You're not stating what the goal is.

 

WHY are you trying to demonstrate that certain users were assigned a specific IP Address?

 

Why does user "John" need IP 192.168.1.55, regardless of what computer he's on?

is there a version of windows 2012 r2 with hyper v that will work on virtual box?

[brwainer]

5 minutes ago, neckoblack said:

is there a version of windows 2012 r2 with hyper v that will work on virtual box?

Hyper V and Virtualbox aren't meant to be used together on the same system. You can only have one hypervisor running per OS (with server 2016 you can run a nested OS/hypervisor in a VM, but that still isn't the same as having both installed at once - one hypervisor is inside a VM of the other). If you want HyperV to install and start up, you have to uninstall Virtualbox, and vice versa.

[neckoblack]

5 minutes ago, brwainer said:

Hyper V and Virtualbox aren't meant to be used together on the same system. You can only have one hypervisor running per OS (with server 2016 you can run a nested OS/hypervisor in a VM, but that still isn't the same as having both installed at once - one hypervisor is inside a VM of the other). If you want HyperV to install and start up, you have to uninstall Virtualbox, and vice versa.

is there a virtual switch i can run in virtual box and configure it to work with windows server 2012 r2 and creat virtual LAN so that a "department" connects to the server and gets only a certin rang of ips or is it posible to "reserve" a rang of ips from one scope to be used for a certen group?