/dhcpd/isc/dhcpd-classes/class-apple-intel-netboot.conf |
@@ -0,0 +1,186 @@ |
########################################################################### |
## Copyright (C) Wizardry and Steamworks 2017 - License: GNU GPLv3 ## |
## Please see: http://www.gnu.org/licenses/gpl.html for legal details, ## |
## rights of fair usage, the disclaimer and warranty conditions. ## |
########################################################################### |
## A class declaration for Apple NetBoot clients. ## |
## original by Bennett Perkin & Brandon (aka Sedorox) ## |
## ## |
## You will have to change this file in order to change some addresses ## |
## and settings that cannot be parametrized. ## |
## ## |
## Current configuration that needs to be changed: ## |
## * The server dishes out OSX image files and is located at: ## |
## 192.168.0.1 (hex: C0:A8:00:01) ## |
## * This file serves netboot images for El Capitan and Snow Leopard ## |
## * The images are served through TFTP (boot) and NFS (image) ## |
########################################################################### |
|
class "Apple-Intel-NetBoot" { |
# Limit this class to only Intel Apple machines |
match if substring (option vendor-class-identifier, 0, 14) = "AAPLBSDPC/i386"; |
|
# From: http://www.iana.org/assignments/bootp-dhcp-parameters/bootp-dhcp-parameters.xml |
# 1 - Subnet Mask |
# 3 - Router |
# 17 - Root Path |
# 43 - Vendor Specific |
# 60 - Class ID |
# Send these options to the client (possibly forcing it, if the client didn't request it) |
option dhcp-parameter-request-list 1,3,17,43,60; |
|
if (option dhcp-message-type = 8) { |
# on DHCPInform Messages, Us/Our (Server), Them (Client) |
# Let Them know we're responding with Apple BSDP Information |
option vendor-class-identifier "AAPLBSDPC"; |
if (substring(option vendor-encapsulated-options, 0, 3) = 01:01:01) { |
log(info, "BSDP_LIST"); |
# BSDP List |
# Let Them know this is the let, what server, the server's priority, what our default image is, and provide the image list. |
option vendor-encapsulated-options |
# Start BSDP Inform/List Option 1 (01:), Length 1 (01:), Message Type List(1) (01:) |
01:01:01: |
# BSDP option code 3 (length 04) -- Server Identifier |
03:04: |
# Server IP (192.168.0.1), Dec->Hex |
C0:A8:00:01: |
# BSDP option code 4 (length 02) -- Server Priority |
04:02: |
# Priority (32768) Dec -> Hex |
80:00: |
# BSDP option code 7 (length 04) -- Default Image ID |
07:04: |
# This is what is picked as Default when you only hold down N on the client |
# |
# 01 breaks into: 0 or 8 for Non-Install (NetBoot) set or Install (NetInstal) set, |
# Then 0 for Mac OS 9, 1 for Mac OS X (Client) 2 for OS X Server, and 3 for Hardware Diagnostics |
# |
# 4 through 127 (x4:00-xf:ff) reversed for future use |
# |
# And the last two are for the Image ID (Dec->Hex) |
# |
# IDs 1-4095 (00:01-0F:FF) are for Server-Specific Images (You will probably want an ID in this range) |
# IDs 4096-65535 (10:00-FF:FF) Are "Globally-Unique", Multiple servers can present this same ID |
# and the client will only see one image, and pick a random(?) server to talk to. |
# |
# Image ID - (137) Dec->Hex |
01:00:00:89: |
# BSDP option code 9 -- Boot image list |
09: |
# Length = 5 * <number of images> + <sum of the number of characters in the image name> |
# For this case: 5 * (2 images) + (20 characters + 23 characters) = 53 = 35 in hexadecimal |
50: |
# This only appears once in the package, no matter how many images you have below |
# Image ID (137) -- dec->hex, see above (Default Image ID) for how to formulate the full ID |
01:00:00:89: |
# Format: <sum of characters in image name>:<the name of the image in Hex> |
# For this example: 20 characters so 14 hex:N:e:t:B:o:o:t: :(:E:l: :C:a:p:i:t:a:n:): |
14:4e:65:74:42:6f:6f:74:20:28:45:6c:20:43:61:70:69:74:61:6e:29: |
# Image ID -- 138 |
81:00:00:8A: |
# Note that since no other images follow, this is ended by the semi-colon (;) - otherwise |
# this segment would end with colon (:) after which the other images would follow. |
# |
# 23 characters so 17 hex:N:e:t:I:n:s:t:a:l:l: :(:E:l: :C:a:p:i:t:a:n:): |
17:4e:65:74:49:6e:73:74:61:6c:6c:20:28:45:6c:20:43:61:70:69:74:61:6e:29: |
# Image ID -- 139 |
01:00:00:8B: |
# 22 characters so 16 hex:N:e:t:B:o:o:t: :(:S:n:o:w: :L:e:o:p:a:r:d:): |
16:4e:65:74:42:6f:6f:74:20:28:53:6e:6f:77:20:4c:65:6f:70:61:72:64:29; |
} elsif (substring(option vendor-encapsulated-options, 0, 3) = 01:01:02) { |
log(info, "BSDP_SELECT"); |
# This is BSDP Option 3 (Length 04) |
# |
# BSDP Select, This is the client selecting which image they want to boot from |
# Here we basically do if statements to catch what image is referenced |
# Since we MIGHT be clustered, Check to see if we're the server being asked. |
# |
# In this example "AC:10:01:01" is the hex representation of "192.168.0.1" which |
# is the IP address of the server dishing out the image files for net booting. |
if (substring(option vendor-encapsulated-options, 9, 4) = C0:A8:00:01) { |
log(info, "BSDP_SELECT-Responding, Client is talking to us."); |
# Catch Image ID 01:00:00:89 defined above (NetBoot) |
if (substring(option vendor-encapsulated-options, 15, 4) = 01:00:00:89) { |
log(info, "BSDP_SELECT-Image: NetBoot (El Capitan)"); |
|
# This file is retrieved from System Image Utility on OS X when it creates a NetBoot image. |
# The "booter" file along with all the other files are created by the System Image Utility |
# on OS X and placed where the .NBI folder is created under i386/. The files must be then |
# be copied from OSX and then served by the server through tftpd (Trivial FTP) by this server. |
# |
# Tree structure is: |
# /srv |
# + |
# | |
# +- /tftp |
# + |
# | |
# + /Apple |
# + |
# | |
# + /NetBoot |
# + |
# | |
# +- /macnbi-i386 |
# + |
# | |
# +- booter |
# +- PlatformSupport.plist |
# +- x86_64 |
# + |
# | |
# +- kernelcache |
# |
filename "/srv/tftp/pxe/Mac/NetBoot/El\ Capitan/macnbi-i386/booter"; |
|
# In this example HTTP is used to serve the image. |
# |
# Tree structure is: |
# Web Server Root |
# + |
# | |
# +- /Apple |
# + |
# | |
# +- /Netboot |
# + |
# | |
# +- El Capitan (space encoded with %20) |
# + |
# | |
# +- NetBoot.dmg |
# +- NBImageInfo.plist |
# |
|
## Serve images either through HTTP... |
## option root-path "http://192.168.0.1/Apple/NetBoot/El%20Capitan/NetBoot.dmg"; |
## ... or NFS. |
option root-path "nfs:192.168.0.1:/srv/nfs/pxe/Mac/NetBoot/El\ Capitan:NetBoot.dmg"; |
|
# Catch Image ID 81:00:00:8A defined above (NetBoot) |
} elsif(substring(option vendor-encapsulated-options, 15, 4) = 81:00:00:8A) { |
log(info, "BSDP_SELECT-Image: NetInstall (El Capitan)"); |
filename "/srv/tftp/pxe/Mac/NetInstall/El\ Capitan/macnbi-i386/booter"; |
## Serve images either through HTTP... |
## option root-path "http://192.168.0.1/Apple/NetInstall/El%20Capitan/NetInstall.dmg"; |
## ... or NFS. |
option root-path "nfs:192.168.0.1:/srv/nfs/pxe/Mac/NetInstall/El\ Capitan:NetInstall.dmg"; |
## |
} elsif(substring(option vendor-encapsulated-options, 15, 4) = 01:00:00:8B) { |
log(info, "BSDP_SELECT-Image: NetBoot (Snow Leopard)"); |
filename "/srv/tftp/pxe/Mac/NetBoot/Snow\ Leopard/macnbi-i386/booter"; |
## Serve images either through HTTP... |
## option root-path "http://192.168.0.1/Apple/NetBoot/Snow%20Leopard/NetBoot.dmg"; |
## ... or NFS. |
option root-path "nfs:192.168.0.1:/srv/nfs/pxe/Mac/NetBoot/Snow\ Leopard:NetBoot.dmg"; |
### |
} else { |
log(info,"BSDP_SELECT-ERROR: Client responded with an image we don't have a match for! -- (Image added to list, but not in select catch?)"); |
} |
} else { |
# Client is talking to a different machine. |
log(info,"BSDP_SELECT-Ignoring, Client is talking to another server!"); |
} |
} |
} |
} |
/dhcpd/isc/dhcpd-subnets/subnet-192.168.0.0.conf |
@@ -0,0 +1,58 @@ |
########################################################################### |
## Copyright (C) Wizardry and Steamworks 2017 - License: GNU GPLv3 ## |
## Please see: http://www.gnu.org/licenses/gpl.html for legal details, ## |
## rights of fair usage, the disclaimer and warranty conditions. ## |
########################################################################### |
## Subnet declaration file. ## |
########################################################################### |
|
### Dynamic DNS (DDNS) |
include "/etc/dhcp/dhcpd-subnets/ddns-subnet-192.168.0.0.conf"; |
|
### Subnet declaration. |
subnet 192.168.0.0 netmask 255.255.255.0 { |
option subnet-mask 255.255.255.0; |
option broadcast-address 192.168.0.255; |
option routers 192.168.0.1; |
option ntp-servers 192.168.0.1; |
option time-servers 192.168.0.1; |
option domain-name "home"; |
option domain-search "home"; |
option domain-name-servers 192.168.0.1; |
option netbios-name-servers 192.168.0.1; |
option netbios-dgam-servers 192.168.0.1; |
option netbios-dd-server 192.168.0.1; |
option netbios-node-type 8; |
option slp-directory-agent false 192.168.0.1; |
option slp-service-scope false "DEFAULT"; |
option interface-mtu 9000; |
|
### A pool that can be used for special equipment that has to be |
### treated separately. Examples could possibly include: |
### - virtual machines |
### - Apple NetBoot |
### - PXE |
### - windows clients that have DHCPID set to "punchthrough" |
pool { |
allow members of "Apple-Intel-NetBoot"; |
allow members of "PXE"; |
allow members of "punchthrough"; |
#deny unknown-clients; |
|
range dynamic-bootp 192.168.0.100 192.168.0.150; |
} |
|
### All other machines go into the default pool. |
pool { |
|
deny members of "Apple-Intel-NetBoot"; |
deny members of "PXE"; |
deny members of "punchthrough"; |
#allow unknown-clients; |
|
range dynamic-bootp 192.168.0.10 192.168.0.40; |
# Path to the wpad.dat (proxy-autoconfiguration) file. |
option proxy-auto-discovery "http://proxy.home/wpad.dat"; |
|
} |
} |
/dhcpd/isc/dhcpd.conf |
@@ -0,0 +1,52 @@ |
########################################################################### |
## Copyright (C) Wizardry and Steamworks 2017 - License: GNU GPLv3 ## |
## Please see: http://www.gnu.org/licenses/gpl.html for legal details, ## |
## rights of fair usage, the disclaimer and warranty conditions. ## |
########################################################################### |
|
### This is the key so that this DHCP server can authenticate to ISC BIND. |
include "/etc/bind/rndc.key"; |
|
### Include class declarations. |
# Include Apple Intel NetBoot class from a separate file. |
include "/etc/dhcp/dhcpd-classes/class-apple-intel-netboot.conf"; |
# Include PXE class. |
include "/etc/dhcp/dhcpd-classes/class-pxe.conf"; |
# Include special "punchthrough" class. |
include "/etc/dhcp/dhcpd-classes/class-punchthrough.conf"; |
|
### This DHCP server is the primary DHCP server for the configured network. |
authoritative; |
### Always broadcast responses for broken clients. |
always-broadcast on; |
### The log facility to log DHCP messages to (Debian: local7). |
log-facility local7; |
### Disable IPv6 if it is not used on the network. |
noipv6rs; |
### Allow boot-time DHCP. |
allow booting; |
### Additionally enable BOOTP for legacy clients. |
allow bootp; |
always-reply-rfc1048 on; |
|
### Lease time configuration (in seconds). |
default-lease-time 3600; |
max-lease-time 86400; |
ddns-ttl 1800; |
|
### Custom definitions for DHCP messages. |
## Code 252 defined for sending proxy configurations to clients. |
option proxy-auto-discovery code 252 = text; |
## Code 45 defined for NetBIOS clients. |
option netbios-dgam-servers code 45 = ip-address; |
|
### Subnet declarations. |
include "/etc/dhcp/dhcpd-subnets/subnet-192.168.0.0.conf"; |
|
### Static leases sorted into different files. |
# Equipment leases range in the first segment of the IP block. |
include "/etc/dhcp/dhcpd-static-leases/static-leases-equipment.conf"; |
# Virtual machine leases are declared in this file. |
include "/etc/dhcp/dhcpd-static-leases/static-leases-vms.conf"; |
# All other leases go here. |
include "/etc/dhcp/dhcpd-static-leases/static-leases-default.conf"; |