Netboot and TCPWrappers

Similar Messages

• Netboot and a Parental Control managed account

  I am trying to set up a group of kiosks (Mac Minis) using NetBoot off of OS X Server 10.5.2. I've created a netbootable disk image with two accounts. One is an admin account, the other is a managed account with Parental Controls.
  My thinking was that I could lock down the managed account and limit the websites that can be visited as well as apps that can be launched using Parental Controls. Everything seems to work fine except one important piece. Neither Firefox or Safari can actually access the internet. I always get a connection error from the browsers. If I run network diagnostics, it returns green on all levels. Similarly, in a Terminal window under that same account, I can ping the webservers I'm trying to get to.
  Does anyone have any ideas why Parental Controls on that account seem to limit the ability for the browsers to see the Internet? It works fine when the original image is booted locally. Are managed Parental Control accounts not compatible with NetBoot? Any suggestions?

  Ok, this gets more interesting. Based on more testing, I believe there is an incompatibility between Netboot and a Parental Control account. I tried doing a port scan using Network Utility (ports 0-1000) in a variety of accounts both local drive boot and Netboot. The results are further below.
  For some reason, the Parental Control account on the Netboot device does not see port 80 (http) off the computer it is scanning. As you can see there are three different cases. The http and https protocols are where the discrepancy occurs. Anyone know if this is by design or a bug? I find it hard to believe I'm the only one trying such a solution but this seems to be a pretty significant roadblock.
  *_Netboot Parental Control account results:_*
  Port Scan has started ...
  Port Scanning host: 10.16.31.84
  Open TCP Port: 22 ssh
  Open TCP Port: 88 kerberos
  Open TCP Port: 139 netbios-ssn
  Open TCP Port: 443 https
  Open TCP Port: 445 microsoft-ds
  Open TCP Port: 548 afpovertcp
  Port Scan has completed ...
  *_Original HD/OS that is the source of the Netboot image in Parental Control account:_*
  Port Scan has started ...
  Port Scanning host: 10.16.31.84
  Open TCP Port: 22 ssh
  Open TCP Port: 80 http
  Open TCP Port: 88 kerberos
  Open TCP Port: 139 netbios-ssn
  Open TCP Port: 443 https
  Open TCP Port: 445 microsoft-ds
  Open TCP Port: 548 afpovertcp
  Port Scan has completed ...
  *_Other instances results:_*
  *(Includes Netbooted Admin account,*
  *Netbooted Standard account,*
  *3rd machine hard drive boot as an additional example)*
  Port Scan has started ...
  Port Scanning host: 10.16.31.84
  Open TCP Port: 22 ssh
  Open TCP Port: 80 http
  Open TCP Port: 88 kerberos
  Open TCP Port: 139 netbios-ssn
  Open TCP Port: 445 microsoft-ds
  Open TCP Port: 548 afpovertcp
  Port Scan has completed ...

• Lion NetBoot and NetInstall causing kernel panic

  I'm trying to get NetBoot and NetInstall working on a recently set up a new Mac Mini with OS X Lion Server.
  We previously had Snow Leopard server and moved the existing images onto the Lion Server. However, when trying to boot off either image the machines kernel panic.
  Have tried creating new images, but with the same result.
  Anyone with similar issues who have managed to fix it?

  Thanks for your reply. I will try what you suggest and also read through the troubleshooting tips you linked to. Cheers!
  I do have have some furher information about the problem.
  Definitely some strange behaviour here - I'll try to explain is as well as I can.
  Started out activating one NetInstall image of Lion 10.7.2 (did not have 10.7.3 on hand). When testing with my MacBook Pro (17-inch, Mid 2009) currently runing Lion (came with Snow Leopard), I got a kernel panic. However, when choosing the NetInstall image as startup disk via System Prefrences, it boots up fine via this image.
  After a while I also added a Snow Leopard NetInstall image (newly created on one of our machines still running Snow Leopard). With the Lion set to be the default netboot image. When booting my machine into startup manager, then pressing 'N' to see netboot images, I only get one additional icon (despite there being two enabled images) with the server IP underneath. When selecting that icon, the machine boots up with the Snow Leopard installer (despite Lion being set as the default).
  Trying the same with an iMac without a hard drive, this iMac would have come with Snow Leopard preinstalled, shows me both NetInstall images in startup manager, but I get a kernel panic when trying to boot off the Snow Leopard image - not the Lion image. Selecting the Lion image as startup disk while booted from the SL image results in a successful boot from the Lion image.
  To recap:
  On MacBook Pro
  Startup manager, Lion boot = kernel panic
  Startup manager, SL boot = success
  Startup disk chooser, Lion boot = success
  Startup disk chooser, SL boot = success
  On iMac
  Startup manager, Lion boot = success
  Startup manager, SL boot = kernel panic
  Startup disk chooser, Lion boot = success
  Startup disk chooser, SL boot = success
  The above is true when sharing the images both over NFS and HTTP.

• NetBoot and imaging

  Greetings,
  I set up NetBoot on a 10.6 mini server with the intention of using the feature to image clients as well as to use diskutil for disk diagnostic and repair.
  I have no trouble booting into my NetBoot image. However, when I attempt to image the booted client's internal HD, I am unable to get the HD to unmount. If I force an unmount then the applications on the NetBoot image will not function correctly. It would seem that there is a lock on the internal volume. Dragging it to the trash or doing an unmountDisk yields a disk in use error.
  I am wondering if perhaps I have a corrupted shadow file, or otherwise perhaps I should re-create my boot image?
  Thanks for anything you care to offer.

  ********* SOLVED *********
  First I would like to thank everybody who thought about this issue. I see a lot of you were looking at it. You may have recently noticed some latency on your internet connection. That was me searching for an answer!
  OK, here it is:
  Launch your "Server Admin" utility.
  Select your Server Name below "Available Servers" in the left hand column.
  Select the "Access" icon at the top of the window.
  Select the "for selected services below:" radio button on top of the list of services.
  Select "AFP" in the services list.
  Make sure the *Allow all users and groups* radio button is selected under the "Services" tab.
  Click the "Save" button.
  The problem I experienced was caused by that setting *Allow all users and groups*, being set to "Allow only users and groups below", which was currently unpopulated, empty.
  That former setting caused the "Diskless" NetBoot setting to fail, as the afp share hosting the shadow file on the server failed to mount on the NetBooted client, resulting in the afp error: "SACL membership failure for user netboot101". The local disk was therefore unable to be unmounted and the shadow file was forced to be hosted on the local disk, rather than the afp share on the server- which is the normal process for diskless NetBooting.
  You could most likely populate a group in there and change the setting back, but for the time being I am happy that I am now able to NetBoot and Image a NetBooted computer.

• Netboot and the local hard drive?

  I got a quick netboot option running on a test server (before enabling or messing with the production Xserve) and I've been able to boot several workstations and it's actually faster than I thought it might be. However, I was hoping I could use this for a couple of troubleshooting operations that I don't seem to be able to run.
  For example, I would like to netboot a Mac and use the Disk Utility to "repair disk" on the local hard drive. The Disk Utility says that the operation failed because it could not unmount the volume.
  When we image a Mac through the Terminal, all the invisible folders, files and links appear. We normally repair this after imaging, but a few Macs were overlooked. I was hoping that, instead of carrying around and booting off a FireWire hard drive to repair them, I would be able to quickly netboot and run the terminal command to re-hide the files. Unfortunately, this causes the same kernel panic that occurs when you do this on the the booted hard drive.
  Perhaps I'm misunderstanding how netboot is supposed to work, but it appears that the local hard drive is still being used to the point where netbooting is really useless for these kinds of operations. Any advice or tips would be appreciated.
  -Doug

  There is a diskless option for netboot that works fine within a single subnet. It is not on by default and must be turned on from Server Admin -> NetBoot -> Images. You will also need AFP running on a sever in the subnet (preferably the same server).
  See page 46 and 49 of this document for more details:
  <http://images.apple.com/server/pdfs/SystemImage_and_SW_Updatev10.4C.pdf>
  You also may want to look into Remote Desktop as a way of running scripts on multiple Macs en masse.
  Diskless NetBooting works and works well. I use it at work with Remote Desktop to boot a remote Mac, run Disk Utility and Disk Warrior, then reboot. I have also used diskless netbooting for remote Panther to Tiger OS upgrades.
  Diskless NetBoot is slick and has saved me gobs of time.
  dual 2.0 GHz G5 (June 2004)   Mac OS X (10.4.6)   4 GB RAM 128 MB XT9600

• Netboot and DHCP

  I need to set up a Netboot server on the same network as an MS Windows Deployment Services(WDS).
  The problem is we only have one DHCP server. I wanted to know if I assign a static IP to one of the NICs on the xserver to a different IP subent could I point the Mac machines to that netboot server with out DHCP. I have never setup a netboot server so I don't fully understand how it works. My understanding is Mac machines will use DHCP to find the netboot server. Any suggestions will help.
  The basic problem is I need to run Netboot and WDS on the same physical network. I am open to any suggestions on getting it to work.

  DHCP needs to be enabled for Netboot to work, but if you disable all the DHCP subnets in "Server Admin > DHCP > Settings," the Mac DHCP service will start and run, but won't actually issue any IP's, and thus shouldn't interfere with your 3rd party DHCP server.

• Netboot and diskless operation

  Hello,
  I would like to boot an arbitrary workstation using a soloris disk image. I would like this to be performed from an arbitrary network server upon which the image is stored. The image should be loaded into workstation memory and run through diskless operation. If anyone has pointers on where I can find information pertaining to netboot and diskless operation of solaris, or any other useful information pertaining to what I tried to explain, the help would be greatly appreciated.
  Thanks,
  Joe

  You may want to search/look through docs.sun.com site.
  For installation/booting over the net, you may want to use jumpstart:
  check this out...
  http://docs.sun.com:80/ab2/coll.214.6/SPARCINSTALL/@Ab2TocView?Ab2Lang=C&Ab2Enc=iso-8859-1&DwebQuery=jumpstart&scope=BOOK&bc=prod&Search=Go+
  Hope this helps.
  Thx
  Tushar Patel

• 10.5 Server hosting 10.4 netboot and netinstall images

  It appears that 10.5 Server can only host 10.5 netboot and netinstall images, at least according to the documentation that accompanies System Image Utility. Does anyone know of a workaround? I have 10.5 Server on our office Xserve, but only have one 10.5 client and most of the computers we have can't run 10.5 anyway. I had a 10.4.x netinstall image and netboot image set up under 10.4 Server that worked beautifully, but apparently Apple seems to want to FORCE people to upgrade, which really angers me.
  Does anyone know a workaround that would allow me to continue using a 10.4 netinstall image and netboot image as hosted by 10.5 Server?

  I've not tried making any new images with the System Image Util yet but our old 10.4 images stayed on the server when I upgraded it from 10.4 to 10.5 and the images still work.
  Did you upgrade the NetBoot server from 10.4 or did you do a clean install? I just had to uncheck the images and check them again and restart NetBoot!
  Luckily we're about to go up to 10.5 on all the machines here!

• 7.1.1 with NETBOOT and HomeDirectories...crashes on launch

  We recently upgraded our office to 10.4.9 from 10.4.8 and itunes to 7.1.1 , however now, when launching itunes, the app bombs out and auto quits asking to report the problem to Apple. We have been running home dir and netboot for over 2 years and this is the first time having a problem with itunes.

  Hi,
  Thanks for the reply!
  There isn't an error message.  It just hangs.  I suppose I could do a restore to an hour ago..
  Windows 7 64 bit  LOTS of RAM

• Netboot and DHCP Issue - Setting up AST Diagnostic Gateway

  Hi everyone,
  I recently set up a new Mac Mini as a stand-alone server for the Apple Service Toolkit Diagnostic Gateway. Here are the specs of the Mini, if needed by anyone:
  Mac OS X 10.6 Server (patched to 10.6.8)
  2.66GHz Core 2 Duo
  8 GB DDR3 RAM
  I have followed Apple's instructions on how to install/configure AST Diagnostic Gateway from the Service Source page to the T. Installation was no problem and everything went smoothly.
  In Server Admin, I turned on only NFS and NetBoot services (as per the instructions) and configured NetBoot to work via Ethernet with the AST image as the default. Both services are running. I DO NOT have DHCP turned on on this machine, namely because:
  a.) We have a district DHCP server supplying IPs to all our machines, and
  b.) The instructions from Apple actually say to avoid running any services on the AST Gateway machine besides NFS and NetBoot.
  I gave the server a static IP and reserved it in our DHCP server. I also registered my Gateway Manager with my Apple ID and ASP location, etc. so it can connect to the repositories.
  However, when I plug in a remote host on the same network segment (same subnet), it will not netboot. I get the flashing globe for about 20 - 30 seconds and then the system boots normally into the OS. When going into System Preferences > Startup Disk, it does not see the AST server.
  If I turn AFP on, I can connect to it that way and view the image files, etc. The permissions are set so that everyone can read the image files.
  What am I missing? The only thing I have been able to find so far are these entires in the NetBoot log within Server Admin:
  Jul  6 13:06:48 localhost servermgrd[58]: servermgr_dhcp:bootp config:Error:Failed to create default subnet records
  Jul  6 11:47:43 localhost configd[32]: bootp_session_transmit: bpf_write(en1) failed: Network is down (50)
  It appears that the remote host is not getting a proper DHCP address and therefore cannot see the netboot server..?
  Any suggestions or help would be greatly appreciated!

  The NetBoot service does not need to run on a server also running DHCP so you are ok on that front, you will only need AFP if you are going to use diskless NetBoot. Can you however provide more details as to your NetBoot configuration, e.g. what Interfaces have you enabled it to serve on, what archictectures are supported, have you configured any restrictions as to models that can connect, have you configured a filter for MAC addresses, etc.?
  The first thing to do is to get things so the NetBoot image does show up in Startup Disks, then worry later about actually trying to NetBoot.
  The error you listed of "Jul  6 11:47:43 localhost configd[32]: bootp_session_transmit: bpf_write(en1) failed: Network is down (50)" might be suggesting you have enabled the NetBoot service on a network interface which is not in use. Some models of Mac such as the Mac Pro and XServe have two Ethernet interfaces. Even on the Mac mini you are using the built-in Ethernet and built-in AirPort (WiFi) still count as two interfaces. On the Mac mini normally en0 is the built-in Ethernet and en1 is the AirPort.

• NetBoot and Multiple DHCP Servers

  Hey everyone,
  We have a NetBoot machine running here at my school (where I work). It was working like a champ until a couple of weeks ago when our network got upgraded and there are now 2 DHCP servers on our network. That, for some reason, is totally screwing up our NetBooting process.
  Here's what I think is happening, and maybe someone can tell me if I right or wrong. NetBoot (or BSDP protocol) is a "broadcast" protocol. (That means it's always just floating around out there on the network. ) NetBoot (BSDP) protocol gets injected into the DHCP stream, and any machine that gets DHCP can get BSDP, and essentially NetBoot.
  The problem is with BSDP. BSDP protocol wants to have all of it's "broadcasts" come from the same server. So when we had 1 DHCP server, everything was fine, because client machines would get their whole NetBoot process from one machine... all of the BSDP broadcasts were coming from our 1 DHCP server.
  Now, we have 2 DHCP servers. What happens is, a client will get some of it's BSDP broadcasts from one DHCP server, and some from another... which it does not like at all.
  I recently read somewhere that it is possible to somehow make one of our DHCP servers the "authoritative" server, to which all of the clients will go to get their NetBooting info.
  Does this sound in any way right? Are we on the right track ? Has anyone seen this before? Any help would be greatly appreciated. Thanks a million.
  Mike

  Now, we have 2 DHCP servers. What happens is, a
  a client will get some of it's BSDP broadcasts from
  one DHCP server, and some from another... which it
  does not like at all.
  Not unless your new DHCP server is also a NetBoot server and is set to provide NetBoot services. BSDP and DHCP are not the same thing. If what you were saying were true, it wouldn't be possible to have DHCP and NetBoot offered by different servers.
  It IS possible, however, that the two DHCP servers are causing problems by both servicing DHCP requests for the same clients. If you've got multiple DHCP servers on the same subnet (or your router's configured to pass DHCP requests between subnets), you should make sure that only one of the DHCP servers answers requests from any given client. In our world, our Novell server is the default DHCP server on our subnet, but I keep a list of excluded MAC addresses on that server so that my Macintosh clients don't get addresses from it. On the Mac OS X server, I'm careful to limit my address ranges only to those machines which have static address maps in NetInfo. That way, our servers coexist, but they don't overlap.
  It's not clear from your message whether your previously solitary DHCP server was your Mac OS X server, or whether one of the two DHCP servers is that box. But whatever the servers are, it might be helpful to turn off one of them to see if the same problem occurs (assuming you can, without major network disruptions). If that's not possible, can you talk to your network admins to see if there's some way to isolate your clients and one of the servers--in other words, see if there's some way to keep DHCP servers from responding to the same requests.
  There may be any number of other reasons why this problem has cropped up. You may need to dust off a hub and a copy of Ethereal or EtherPeek to sniff what's happening on the network. You might also try NetBooting in verbose mode, to see where the process craps out. IIRC, there'a decent guide for this kind of troubleshooting over at Bombich's site (www.bombich.com).
  Good luck.
  David Walton

• Netboot and wireless, can it be done?

  Hi, just trying out some network changes. And had a free port on my server so put it on our wireless network. Is it possible to get netboot working over Airport or are there restrictions? Didn't succeed and couldn't see anything obvious in the logs to see where I'm going wrong. Netboot is setup the same as on my normal ports. Thanks, Pat

  Sorry, but NetBoot does not work over wireless. You must have a wired Ethernet connection.

• Netbooting and NetInstalling Problems

  Hello All!
  I have a problem, I have created an image off of a known to be working (I am using it now) install from my personal computer to boot off of for computer problems. But, when testing it out my computer would startup, display the rotating globe, then, where the apple is going to come up, a large black box appears and the progress wheel freezes.
  I tried a NetInstall off of the Tiger Install disc and when booting off of it, the computer does the rotating globe, the apple appears then the computer completely shuts down.

  How did you create the image? And as with any other service, DNS needs to be configured correctly for Netboot/Netinstall to function reliably.
  Jeff

• NetBoot and ASD

  Hey all,
  Is anyone aware of a method to make NetBoot images of ASDs? So I could keep them on the server instead of on several Tech Drives?
  Thanks for reading!

  Hi,
  we already have all the ASD on partitioned usb drive, when i want to run ASD on a mac i'm booting on this drive with [option], choosing the partition corresponding to my model. The problem is that we are several technicien who use these usb drive , so when there is a new ASD release we need to update all the usb drive of all the technician. The idea is to put all the ASD on a netboot server that will be accessible by all of them on a local network. Ideally i'd like to have choice between all ASD after netboot, like with [option] when i switch on mac ... I don't know if it is possible, maybe with a script that would look after the model of the client and boot finally on the corresponding ASD on the netboot server ... If you have an idea i'm listenning, how did you do when you intalled it at the repair center ?
  thanks from france.

• Netboot and applications

  I have done a lot of searching and haven't found the answer to this question:
  Can I set up a disk image for netboot on the server, but have software such as FCP, Adobe Creative Suite, Aperture and Logic Studio installed locally on the client Macs? In other words I want all the client Macs (15 iMacs in a lab) to use netboot just for the OS but have all the other applications installed on the local hard drive.

  Sure. Unless the software won't run unless it's in the Applications folder for some reason.
  The downside is that some Apple software doesn't (or at least hasn't in the past) always update properly from Software Update if it's not located in the Applications folder.