As the only network support available in the TCP/IP BootPROM is TFTP, there is a special interest in enhancing TFTP servers for providing new capabilities.
InCom GmbH distributes with the TCP/IP BootPROM an enhanced TFTP server that can send packets of up to 1408 bytes instead of the standard 512 bytes. This is a great enhancement that you should use. This server is available on the TCP/IP Bootprom Utility disk for Solaris, Windows and as Netware NLM.
We built a modified version of Linux TFTP server that acts as InCom
enhanced TFTP server. Basically, we simply changed the packet size from
512 to 1408 bytes and the port from 69 to 59.
It is available from
http://cuiwww.unige.ch/info/pc/remote-boot/soft/etdtpd.tar.gz
.
We wrote a special TFTP server that serves as security gateway for
authenticating users. This server runs under Linux or Solaris,
and can authenticate users according to a Unix password database
(NIS and shadow passwords are supported), a Windows NT (or Samba)
server or a Radius server.
It is available from
http://cuiwww.unige.ch/info/pc/remote-boot/soft/stdtpd.tar.gz
,
with source and precompiled binaries.
The precompiled binaries do not
include NT password encryption as we cannot distribute libdes
but compilation is straightforward.
In order to use the security gateway, you just have to setup a trivial
security domains configuration file that describes to which
authentication server each logical security domains maps (the Unix
domain implicitely maps to the server Unix password database). This is
a sample configuration file:
#
# STFTPD configuration file
#
# This file specify the server of the "security domains". Two types of
# authentication servers are supported : radius or winnt (winnt includes
# NT Server and Samba)
#
# Format of radius servers
# radius <domain> <serveraddress> <secret>
#
# secret is the secret word as specified in your /etc/raddb/clients file
#
# Format of SMB servers
# winnt <domain> <serveraddress> <netbiosname>
#
# netbiosname is the NETBIOS name of your server
#
# Examples
radius sec-dom-rad radiusserver testing123
winnt sec-dom-nt1 192.168.1.1 NTSERVER1
winnt sec-dom-smb samba SAMBA1
Note that if you are using Samba, you must set security = user
.
You can also provide to the security server a file containing a list of users which are not allowed to log on (for which the check will fail anyways).
We wrote a special TFTP server that implements a home-made Broadcast
variant of TFTP. Using this server, we were able to download
images to 25 clients on a heavily loaded 10 Mb ethernet network
at 6 Mb/s (it is more efficient than the regular TFTP because
it does not need to acknowledge each packets).
This server runs under Linux or Solaris.
It is available from
http://cuiwww.unige.ch/info/pc/remote-boot/soft/btdtpd.tar.gz
,
with source and precompiled binaries.
As the TCP/IP bootprom does not support this protocol, our solution consist in booting a tiny ramdisk-based linux system using the tools described in this document, and running the Linux version of MrBatch which has built-in support for Broadcast TFTP. A simple batch file can the download all files to the cache in a few minutes, simultaneously on all client computers. You do not need to install Linux yourself to use this package, except if you have exotic hardware and cannot directly use the kernel provided in the package.
The process works as follow. First, you startup the broadcast server manually, giving the number of expected client computers as argument (remember, this procedure is not to be used every day but only when you changed an image and want to ensure it is immediately uploaded to all your client computers). Then, you turn on all client computers, which will run the following BpBatch script:
#
# This batch is run by bpbatch to launch a mini-linux using an initial
# ramdisk, which will then run mrbatch under linux.
#
# The broadcast TFTP protocol only works with the Linux implementation of
# mrbatch, because of the lack of broadcast support in the bootprom itself.
#
# 1. Setup a tiny partition, to let a lot of space for the cache
setpartitions "BIGDOS:50"
# 2. Clean the MBR
clean 0
# 3. Run a Linux Kernel with initrd (Initial Ramdisk) supprt, and use
# bcastrd.gz as the initial ramdisk (will be mounted root and then
# executed via /linuxrc). See initrd.txt for more details about
# initial ramdisks. You don't have to specify a root device (second
# parameter is null) to the kernel, it will use the initial ramdisk.
linuxboot "linux.krn" "" "bcastrd.gz"
# 4. The initial ramdisk will run dhcpcd to setup networking using DHCP.
# It will then run mrbatch -w bcastlx
The initial ramdisk contains:
dhcpcd
, a DHCP client used to setup networkingmrbatch
linuxrc
, a little wrapper automatically started by initrd and
that starts dhcpcd
then mrbatch
.usr/lib/terminfo/l/linux
, used by MrBatchdev/*
, devices needed to run Linux and mrbatchlibc.so
which is really huge. The resulting ramdisk is Gzipped and takes
less than 300 KB. The kernel itself takes 450 KB (with many network
cards and initrd support).
When Linux is up and running, MrBatch is called with the following script
(that you should edit for your needs):
# This file is executed when mrbatch is launched by the initial ramdisk
# bcastrd.gz
# It's main purpose is to "broacast copy" files to the cache
#
# 1. Be verbose
showlog
# 2. Don't want a "press a key"
set pauselog="OFF"
# 3. Set partitions at their final values.
# Important: Since you will copy files into the cache to be used in future
# boot, you need to specify the same partitions as in the future boots.
setpartitions "BIGDOS:1024"
# 4. Clean the CACHE partition
clean -1
# 5. And the copy files into the cache, using the Broadcast TFTP protocol
# (port 99)
#
# You can use the script "as is", but you surely need to modify the following
# line ! In our example, we download the file mblinux.imz, which is the image
# file for our installation of Linux.
copy "$BOOTP-Server-IP@99:mblinux.imz" "{:-1}mblinux.imz"
When the transfer is done, you can simply turn off all client computers
and change their initial boot script to your favorite menu.