| /dhcpd/isc/home/dhcpd-classes/class-apple-intel-netboot.conf |
|---|
| @@ -0,0 +1,186 @@ |
|---|
| ########################################################################### |
| ## Copyright (C) Wizardry and Steamworks 2017 - License: GNU GPLv3 ## |
| ## Please see: http://www.gnu.org/licenses/gpl.html for legal details, ## |
| ## rights of fair usage, the disclaimer and warranty conditions. ## |
| ########################################################################### |
| ## A class declaration for Apple NetBoot clients. ## |
| ## original by Bennett Perkin & Brandon (aka Sedorox) ## |
| ## ## |
| ## You will have to change this file in order to change some addresses ## |
| ## and settings that cannot be parametrized. ## |
| ## ## |
| ## Current configuration that needs to be changed: ## |
| ## * The server dishes out OSX image files and is located at: ## |
| ## 192.168.0.1 (hex: C0:A8:00:01) ## |
| ## * This file serves netboot images for El Capitan and Snow Leopard ## |
| ## * The images are served through TFTP (boot) and NFS (image) ## |
| ########################################################################### |
| |
| class "Apple-Intel-NetBoot" { |
| # Limit this class to only Intel Apple machines |
| match if substring (option vendor-class-identifier, 0, 14) = "AAPLBSDPC/i386"; |
| |
| # From: http://www.iana.org/assignments/bootp-dhcp-parameters/bootp-dhcp-parameters.xml |
| # 1 - Subnet Mask |
| # 3 - Router |
| # 17 - Root Path |
| # 43 - Vendor Specific |
| # 60 - Class ID |
| # Send these options to the client (possibly forcing it, if the client didn't request it) |
| option dhcp-parameter-request-list 1,3,17,43,60; |
| |
| if (option dhcp-message-type = 8) { |
| # on DHCPInform Messages, Us/Our (Server), Them (Client) |
| # Let Them know we're responding with Apple BSDP Information |
| option vendor-class-identifier "AAPLBSDPC"; |
| if (substring(option vendor-encapsulated-options, 0, 3) = 01:01:01) { |
| log(info, "BSDP_LIST"); |
| # BSDP List |
| # Let Them know this is the let, what server, the server's priority, what our default image is, and provide the image list. |
| option vendor-encapsulated-options |
| # Start BSDP Inform/List Option 1 (01:), Length 1 (01:), Message Type List(1) (01:) |
| 01:01:01: |
| # BSDP option code 3 (length 04) -- Server Identifier |
| 03:04: |
| # Server IP (192.168.0.1), Dec->Hex |
| C0:A8:00:01: |
| # BSDP option code 4 (length 02) -- Server Priority |
| 04:02: |
| # Priority (32768) Dec -> Hex |
| 80:00: |
| # BSDP option code 7 (length 04) -- Default Image ID |
| 07:04: |
| # This is what is picked as Default when you only hold down N on the client |
| # |
| # 01 breaks into: 0 or 8 for Non-Install (NetBoot) set or Install (NetInstal) set, |
| # Then 0 for Mac OS 9, 1 for Mac OS X (Client) 2 for OS X Server, and 3 for Hardware Diagnostics |
| # |
| # 4 through 127 (x4:00-xf:ff) reversed for future use |
| # |
| # And the last two are for the Image ID (Dec->Hex) |
| # |
| # IDs 1-4095 (00:01-0F:FF) are for Server-Specific Images (You will probably want an ID in this range) |
| # IDs 4096-65535 (10:00-FF:FF) Are "Globally-Unique", Multiple servers can present this same ID |
| # and the client will only see one image, and pick a random(?) server to talk to. |
| # |
| # Image ID - (137) Dec->Hex |
| 01:00:00:89: |
| # BSDP option code 9 -- Boot image list |
| 09: |
| # Length = 5 * <number of images> + <sum of the number of characters in the image name> |
| # For this case: 5 * (2 images) + (20 characters + 23 characters) = 53 = 35 in hexadecimal |
| 50: |
| # This only appears once in the package, no matter how many images you have below |
| # Image ID (137) -- dec->hex, see above (Default Image ID) for how to formulate the full ID |
| 01:00:00:89: |
| # Format: <sum of characters in image name>:<the name of the image in Hex> |
| # For this example: 20 characters so 14 hex:N:e:t:B:o:o:t: :(:E:l: :C:a:p:i:t:a:n:): |
| 14:4e:65:74:42:6f:6f:74:20:28:45:6c:20:43:61:70:69:74:61:6e:29: |
| # Image ID -- 138 |
| 81:00:00:8A: |
| # Note that since no other images follow, this is ended by the semi-colon (;) - otherwise |
| # this segment would end with colon (:) after which the other images would follow. |
| # |
| # 23 characters so 17 hex:N:e:t:I:n:s:t:a:l:l: :(:E:l: :C:a:p:i:t:a:n:): |
| 17:4e:65:74:49:6e:73:74:61:6c:6c:20:28:45:6c:20:43:61:70:69:74:61:6e:29: |
| # Image ID -- 139 |
| 01:00:00:8B: |
| # 22 characters so 16 hex:N:e:t:B:o:o:t: :(:S:n:o:w: :L:e:o:p:a:r:d:): |
| 16:4e:65:74:42:6f:6f:74:20:28:53:6e:6f:77:20:4c:65:6f:70:61:72:64:29; |
| } elsif (substring(option vendor-encapsulated-options, 0, 3) = 01:01:02) { |
| log(info, "BSDP_SELECT"); |
| # This is BSDP Option 3 (Length 04) |
| # |
| # BSDP Select, This is the client selecting which image they want to boot from |
| # Here we basically do if statements to catch what image is referenced |
| # Since we MIGHT be clustered, Check to see if we're the server being asked. |
| # |
| # In this example "AC:10:01:01" is the hex representation of "192.168.0.1" which |
| # is the IP address of the server dishing out the image files for net booting. |
| if (substring(option vendor-encapsulated-options, 9, 4) = C0:A8:00:01) { |
| log(info, "BSDP_SELECT-Responding, Client is talking to us."); |
| # Catch Image ID 01:00:00:89 defined above (NetBoot) |
| if (substring(option vendor-encapsulated-options, 15, 4) = 01:00:00:89) { |
| log(info, "BSDP_SELECT-Image: NetBoot (El Capitan)"); |
| |
| # This file is retrieved from System Image Utility on OS X when it creates a NetBoot image. |
| # The "booter" file along with all the other files are created by the System Image Utility |
| # on OS X and placed where the .NBI folder is created under i386/. The files must be then |
| # be copied from OSX and then served by the server through tftpd (Trivial FTP) by this server. |
| # |
| # Tree structure is: |
| # /srv |
| # + |
| # | |
| # +- /tftp |
| # + |
| # | |
| # + /Apple |
| # + |
| # | |
| # + /NetBoot |
| # + |
| # | |
| # +- /macnbi-i386 |
| # + |
| # | |
| # +- booter |
| # +- PlatformSupport.plist |
| # +- x86_64 |
| # + |
| # | |
| # +- kernelcache |
| # |
| filename "/srv/tftp/pxe/Mac/NetBoot/El\ Capitan/macnbi-i386/booter"; |
| |
| # In this example HTTP is used to serve the image. |
| # |
| # Tree structure is: |
| # Web Server Root |
| # + |
| # | |
| # +- /Apple |
| # + |
| # | |
| # +- /Netboot |
| # + |
| # | |
| # +- El Capitan (space encoded with %20) |
| # + |
| # | |
| # +- NetBoot.dmg |
| # +- NBImageInfo.plist |
| # |
| |
| ## Serve images either through HTTP... |
| ## option root-path "http://192.168.0.1/Apple/NetBoot/El%20Capitan/NetBoot.dmg"; |
| ## ... or NFS. |
| option root-path "nfs:192.168.0.1:/srv/nfs/pxe/Mac/NetBoot/El\ Capitan:NetBoot.dmg"; |
| |
| # Catch Image ID 81:00:00:8A defined above (NetBoot) |
| } elsif(substring(option vendor-encapsulated-options, 15, 4) = 81:00:00:8A) { |
| log(info, "BSDP_SELECT-Image: NetInstall (El Capitan)"); |
| filename "/srv/tftp/pxe/Mac/NetInstall/El\ Capitan/macnbi-i386/booter"; |
| ## Serve images either through HTTP... |
| ## option root-path "http://192.168.0.1/Apple/NetInstall/El%20Capitan/NetInstall.dmg"; |
| ## ... or NFS. |
| option root-path "nfs:192.168.0.1:/srv/nfs/pxe/Mac/NetInstall/El\ Capitan:NetInstall.dmg"; |
| ## |
| } elsif(substring(option vendor-encapsulated-options, 15, 4) = 01:00:00:8B) { |
| log(info, "BSDP_SELECT-Image: NetBoot (Snow Leopard)"); |
| filename "/srv/tftp/pxe/Mac/NetBoot/Snow\ Leopard/macnbi-i386/booter"; |
| ## Serve images either through HTTP... |
| ## option root-path "http://192.168.0.1/Apple/NetBoot/Snow%20Leopard/NetBoot.dmg"; |
| ## ... or NFS. |
| option root-path "nfs:192.168.0.1:/srv/nfs/pxe/Mac/NetBoot/Snow\ Leopard:NetBoot.dmg"; |
| ### |
| } else { |
| log(info,"BSDP_SELECT-ERROR: Client responded with an image we don't have a match for! -- (Image added to list, but not in select catch?)"); |
| } |
| } else { |
| # Client is talking to a different machine. |
| log(info,"BSDP_SELECT-Ignoring, Client is talking to another server!"); |
| } |
| } |
| } |
| } |
| /dhcpd/isc/home/dhcpd-subnets/subnet-192.168.0.0.conf |
|---|
| @@ -0,0 +1,58 @@ |
|---|
| ########################################################################### |
| ## Copyright (C) Wizardry and Steamworks 2017 - License: GNU GPLv3 ## |
| ## Please see: http://www.gnu.org/licenses/gpl.html for legal details, ## |
| ## rights of fair usage, the disclaimer and warranty conditions. ## |
| ########################################################################### |
| ## Subnet declaration file. ## |
| ########################################################################### |
| |
| ### Dynamic DNS (DDNS) |
| include "/etc/dhcp/dhcpd-subnets/ddns-subnet-192.168.0.0.conf"; |
| |
| ### Subnet declaration. |
| subnet 192.168.0.0 netmask 255.255.255.0 { |
| option subnet-mask 255.255.255.0; |
| option broadcast-address 192.168.0.255; |
| option routers 192.168.0.1; |
| option ntp-servers 192.168.0.1; |
| option time-servers 192.168.0.1; |
| option domain-name "home"; |
| option domain-search "home"; |
| option domain-name-servers 192.168.0.1; |
| option netbios-name-servers 192.168.0.1; |
| option netbios-dgam-servers 192.168.0.1; |
| option netbios-dd-server 192.168.0.1; |
| option netbios-node-type 8; |
| option slp-directory-agent false 192.168.0.1; |
| option slp-service-scope false "DEFAULT"; |
| option interface-mtu 9000; |
| |
| ### A pool that can be used for special equipment that has to be |
| ### treated separately. Examples could possibly include: |
| ### - virtual machines |
| ### - Apple NetBoot |
| ### - PXE |
| ### - windows clients that have DHCPID set to "punchthrough" |
| pool { |
| allow members of "Apple-Intel-NetBoot"; |
| allow members of "PXE"; |
| allow members of "punchthrough"; |
| #deny unknown-clients; |
| |
| range dynamic-bootp 192.168.0.100 192.168.0.150; |
| } |
| |
| ### All other machines go into the default pool. |
| pool { |
| |
| deny members of "Apple-Intel-NetBoot"; |
| deny members of "PXE"; |
| deny members of "punchthrough"; |
| #allow unknown-clients; |
| |
| range dynamic-bootp 192.168.0.10 192.168.0.40; |
| # Path to the wpad.dat (proxy-autoconfiguration) file. |
| option proxy-auto-discovery "http://proxy.home/wpad.dat"; |
| |
| } |
| } |
| /dhcpd/isc/home/dhcpd.conf |
|---|
| @@ -0,0 +1,52 @@ |
|---|
| ########################################################################### |
| ## Copyright (C) Wizardry and Steamworks 2017 - License: GNU GPLv3 ## |
| ## Please see: http://www.gnu.org/licenses/gpl.html for legal details, ## |
| ## rights of fair usage, the disclaimer and warranty conditions. ## |
| ########################################################################### |
| |
| ### This is the key so that this DHCP server can authenticate to ISC BIND. |
| include "/etc/bind/rndc.key"; |
| |
| ### Include class declarations. |
| # Include Apple Intel NetBoot class from a separate file. |
| include "/etc/dhcp/dhcpd-classes/class-apple-intel-netboot.conf"; |
| # Include PXE class. |
| include "/etc/dhcp/dhcpd-classes/class-pxe.conf"; |
| # Include special "punchthrough" class. |
| include "/etc/dhcp/dhcpd-classes/class-punchthrough.conf"; |
| |
| ### This DHCP server is the primary DHCP server for the configured network. |
| authoritative; |
| ### Always broadcast responses for broken clients. |
| always-broadcast on; |
| ### The log facility to log DHCP messages to (Debian: local7). |
| log-facility local7; |
| ### Disable IPv6 if it is not used on the network. |
| noipv6rs; |
| ### Allow boot-time DHCP. |
| allow booting; |
| ### Additionally enable BOOTP for legacy clients. |
| allow bootp; |
| always-reply-rfc1048 on; |
| |
| ### Lease time configuration (in seconds). |
| default-lease-time 3600; |
| max-lease-time 86400; |
| ddns-ttl 1800; |
| |
| ### Custom definitions for DHCP messages. |
| ## Code 252 defined for sending proxy configurations to clients. |
| option proxy-auto-discovery code 252 = text; |
| ## Code 45 defined for NetBIOS clients. |
| option netbios-dgam-servers code 45 = ip-address; |
| |
| ### Subnet declarations. |
| include "/etc/dhcp/dhcpd-subnets/subnet-192.168.0.0.conf"; |
| |
| ### Static leases sorted into different files. |
| # Equipment leases range in the first segment of the IP block. |
| include "/etc/dhcp/dhcpd-static-leases/static-leases-equipment.conf"; |
| # Virtual machine leases are declared in this file. |
| include "/etc/dhcp/dhcpd-static-leases/static-leases-vms.conf"; |
| # All other leases go here. |
| include "/etc/dhcp/dhcpd-static-leases/static-leases-default.conf"; |
