Netbooting Macs under Linux

There are numerous web pages describing Apple's Netbooting technology and how to set it up under Mac OS X server. This web page describes how to use a Linux server to netboot Macs.

It is not for the faint-hearted - a good working knowledge of Linux and especially how to patch and compile software is needed.

However with a bit of perseverance excellent results can be achieved - I have had 100% success with netbooting machines under Linux.

As far as I am aware it is only possible to boot New World ROM Macs, i.e. any iMac, iBook, B&W G3s; any G4 and PowerBook (FireWire) and presumably the G4 PowerBook.

I have never tried using any other variety of Unix to netboot Macs but there is no reason why this would not be possible.

Please e-mail me on ali@gwc.org.uk to let me know how you get on. If you are stuck I will try and help. Please also email me if you have comments or corrections about this web page.


Credits

Check out this other web site about netbooting Macs from Linux. It provided me with lots of useful info and the basis for my patch to dhcpd.
http://libweb.sonoma.edu/mike/macnc/


Things you will need

A server machine (I have only used x86 based servers but other architectures should be OK as long as it will run Linux and Netatalk. The faster the better especially if you want to boot lots of machines. Memory is more important then processor speed. I use a dual PIII 1GHz with 2G of RAM and LVD160 scsi disks and gigabit ethernet to netboot around 300 machines. The machine runs other services too and keeps up with demand without any problems.)

One or more client Apple Macs (see above).

A network (fast ethernet recommended though not absolutely necessary. Gigabit ethernet to the server recommended if you are using a ton of clients).

A copy of MacOS to suit your client machines. Presumably you need a legal licence to use MacOS (and any other software) on each machine you intend to netboot. See section below "Which version of MacOS".


Things you won$t need

MacOS X
An expensive Apple Server


Basic overview of netbooting

Stages involved in netbooting a mac are as follows:
1. Mac broadcasts a network packet requesting information necessary for netbooting. Older Macs use Bootp; newer ones use DHCP.
2. Server responds with a packet containing the necessary information.
3. Mac connects to the server using tftp protocol to retrieve Mac OS ROM file.
4. Mac connects to the server using AFP over TCP protocol and mounts a standard Disk Copy image as its boot volume. Although the boot volume appears as a read-write hard disk the master image on the server is never written to. To achieve this each client has its own private disk image on the server where any writes to the "hard disk" are stored. This private disk image starts out small when the client boots up and grows each time something is written to the "hard disk".
5. Mac boots up as normal. Open Transport TCP-IP is configured by DHCP. Machine name (as in File Sharing control panel) is set according to parameter sent by netboot server.
6. When the client shuts down the connection to the netboot server is broken. Next time the client is re-booted the private disk image is effectively zeroed out so the client "hard disk" reverts to its original state each time the client reboots.


Do I really need Linux?

No, probably not. The three things required are a version of DHCPd that understands netbooting Macs; a tftp server; and an AFP/IP server e.g. AppleShareIP, MacOS X server, new versions of Netatalk running on some kind of Unix, ShareWay IP (part of MacOS 9) or possibly even Win2000. I use Linux with Netatalk because it is both free and fast especially compared to the other products mentioned above.


Which Version of MacOS?

MacOS 8.5 or newer will work with older machines but I strongly recommend MacOS 9.1. In particular with older versions of MacOS you may have to play games with different versions of ROM files to make your Macs boot.


Suitable Clients

Any New World ROM Mac will do; i.e. any iMac, iBook, B&W G3s; any G4 and PowerBook (FireWire) and presumably the G4 PowerBook.

It is only possible to boot using a Mac's built in ethernet port. Add-in network cards won't work and neither will Airport due to lack of Open Firmware drivers.

It is also very important to update the firmware on your clients to the latest version, especially with older tray-loading iMacs. Firmware updates are available from Apple's web site but it can be difficult to work out what the latest version for your computer is. The MacOS 9.1 CD contains a folder under CD Extras which has all the latest firmware updates.

You will need to know the hardware address of each client. This is on a label on the back of G3s and G4s; on the bottom of slot-loading iMacs; inside the cable hatch on the right hand side of tray-loading iMacs; underneath Cubes and under the keyboard of iBooks. Alternatively switch User Mode to Advanced in either the TCP-IP or AppleTalk control panels and click on the button marked Info.


Removing Hard Drives from Clients

This is totally optional! It will almost certainly void any warranty your machines may have.

Once you get netbooting up and running you may wish to disconnect or remove altogether the hard drives in your clients. This reduces the amount of heat and noise produced by machines. In particular slot-loading iMacs and cubes will become totally silent. The hard drives can be used for other things if removed.

G3s and G4s are easy. Tray-loading iMacs take a bit of practice. Slot loading iMacs are easy - simply disconnect the power connector from the back of the hard drive by reaching through the memory / airport access hatch. Removing the hard drive is a bit harder but not impossible. Cubes are tricky but not impossible - you will need a suitable TORX driver. iBooks are nigh on impossible - they were clearly not designed to be readily disassembled!


How to do it

1. Get Linux. I use SlackWare Linux but other distributions should do.

2. Install Linux on your server and make it work. Make sure your Linux machine talks to your network without problems.

3. Get Netatalk and make it work. You must use one of the newer versions that support AFP over TCP-IP. The latest version is available at http://www.sourceforge.net/projects/netatalk/. Some distributions ship with a suitable version. Make sure that you can connect from your Macs to your Linux server through the Chooser. Make sure that network volumes are connected by TCP-IP (do Get Info on one of your Linux server shares and look for "via TCP/IP" under "Where".

4. Get DHCPd and make it work. Get the soure code from ftp://ftp.isc.org/isc/dhcp/. I use version 2.0pl5. Compile and install. Don't use a pre-compiled binary as you will have to patch and re-compile dhcpd later on and you might as well learn how to compile it now.

Set up a dhcpd.conf entry for one of your Macs. In the TCP-IP control panel set Configure Via to DHCP and make sure your Mac correctly obtains a valid IP address. It will be much easier if you have a block of static IP addresses on your subnet rather than using dynamic allocation.

5. Get a version of tftpd and make it work. Most distributions ship with this pre-installed.

6. Make up your netboot shared hard disk images. See section below for how to do this. Copy them to your netatalk server.

7. Make up your private disk images. Use Apple&39;s Disk Copy. Go to Image... Create New Image. Make sure Format is set to Read/Write. Make sure size is set to 1.4MB floppy (actually any size will do). Uncheck Mount Image and Zero Blocks. Save the disk image on your server. You will need one such disk image per client but it is OK just to duplicate the image.

8. Drag a copy of the Mac OS ROM file from the System Folder of your shared hard disk image to the server. Copy it to /tftpboot or wherever your tftpd looks for files. Make sure it is world readable.

9. Patch dhcpd with this patch: http://frank.gwc.org.uk/~ali/nb/dhcp-2.0+macnb.0.1.diff and recompile. This patch is against ISC DHCPd 2.0pl5. Other versions probably won't patch cleanly. This patch wil stop the dhcp client from compiling so you will need to keep a separate source tree if you want to compile the client.

10. Set up your dhcd.conf. Here is an extract from mine, with comments to explain. Obviously most of the values willl have to be changed to match your setup.

default-lease-time 600;
max-lease-time 7200;
option subnet-mask 255.255.252.0;
option broadcast-address 212.240.19.255;
option routers 212.240.16.1;
option domain-name "gwc.org.uk";
option domain-name-servers 212.240.16.5, 212.240.16.7;
allow bootp;
not authoritative;
#above are basic parameters that belong in any dhcpd.conf

filename "/tftpboot/Mac OS ROM";
#this sets the path of the Mac OS ROM files the client will retrieved by tftp.

server-name "212.240.16.7";
next-server 212.240.16.7;
#these lines tell the client the address of the server from which to retrieve the ROM file.

option mac-version 0:0:0:0;
#This specifies the protocol version? and is always set to four nuls.

option mac-user-name "netboot";
#this specifies the user name which clients will use to log on to the server

option mac-password "abcdefg";
#this specifies the password which clients will use to log on to the server

option mac-nb-img d4:f0:10:7:2:24:2:6E:62:0:0:0:0:2:6:73:68:0:68:64:31;
#this specifies the path to the shared HD image. See section below on AFP paths.
#this represents a file called "hd1" in a folder called "sh" on a server volume called "nb".

option mac-apps-img d4:f0:10:7:2:24:2:6E:62:0:0:0:0:2:6:73:68:0:68:64:30;
#this specifies the path to the Applications HD image. I point this to a blank image. See below.
#this represents a file called "hd0" in a folder called "sh" on a server volume called "nb".

subnet 212.240.16.0 netmask 255.255.252.0 {
#tells dhcpd which subnet to expect queries from.

host nb-153 {
#client hostname - only used internally by dhcpd

hardware ethernet 00:50:E4:B9:EC:24;
#specifies the hardware address of this particular client

fixed-address 212.240.19.153;
#specifies the IP address to be used by the client. obviously this must be unique.

option mac-machine-name "NB-BML-FictLib-1533-IP19.153";
#specifies the machine name (as in File Sharing control panel)

option mac-client-nb-img
d4:f0:10:7:2:24:2:6E:62:0:0:0:0:2:6:43:6C:0:31:35:33;
#this specifies the path to the client's private disk image. this must be unique.
#this represents a file called "153" in a folder called "Cl" on a server volume called "nb".
}

}

This is a very basic configuration for a single machine. Most of the values will have to be changed for your setup. Obviously you will need one host entry for each machine you intend to netboot.

The various common parameters specified in the top part of the file can instead be specified on a per-host basis. This would allow you to use different disk images on different machines for example.


11. Start up the patched version of dhcpd.

12. Start up your client Mac. You will need to do one of the following the first time you netboot a Mac: hold down N at startup; set Startup Disk control panel to Network Disk; unbless the system folder on the hard disk; remove the hard disk.

13. That's it. email me at ali@gwc.org.uk to tell me if it works or not.

Setting up shared Hard Disk images

Easy technique:

1. Launch Disk Copy and do Image... New Image.

2. Change size to Custom and enter the size you want your disk image to be. You will need space for MacOS, any applications you want on the disk image and for virtual memory.

3. Uncheck the "zero blocks" option as this will slow the process down considerably.

4. Save the image on your netboot server.

5. Format the image as HFS Extended.

6. Put everything you want on the disk image, including a suitable system folder.

7. Unmount the image.

8. Do Get Info on the image file and tick the box marked Locked.


Slightly harder technique (recommended):

1. Get any Mac whose hard disk contents are not important.

2. Boot the Mac from CD and launch Drive Setup.

3. Select the hard disk and click initialise. Choose custom setup and make the first partition the size you want your netboot hard drive to be. You will need space for MacOS, any applications you want on the disk image and for virtual memory. Initialise the disk as Extended HFS.

4. Install MacOS on the hard disk, either from CD or over the network.

5. Install any apps etc. Basically make the machine the way you want your netboot clients to be.

6. You may wish to install the Netboot Drive Unmounter extension from Apple. This will temporarily prevent access to the hard disk while a machine is netbooted.

7. Boot from CD and log on to your netboot server.

8. Launch Disk Copy and drag the hard disk icon over the Disk Copy window.

9. Change Format to Read/Write (important) and uncheck Mount Image.

10. Save the image on your server.

11. Select the image file in the Finder and do Get Info. Check the Locked checkbox.

 

When devising netbooting Apple made provision for a second shared disk image, so that the system could be stored on one disk image and applications on a second. I found this feature to be totally useless but you need to provide the client with a valid path to this Applications disk image or the whole thing won't work. I suggest taking one of the client private disk images and putting a copy alongside your shared hard disk image. Do get info on the image and lock the file. Now on the server zero the file out by doing "cat /dev/null >filename' where filename is the name of the image.

There are various other techniques for setting up disk images I have learned. These are to do with dealing with printers, and with using login software such as MacAdministrator. Email me at ali@gwc.org.uk if you want to know about these.

Small tip - thanks to Michael Clark <michael@metaparadigm.com>. If your machine starts up and complains it can't find a Macintosh Manager server, remove the Multiple Users Startup extension on your hard disk image,


About AFP Paths in dhcp.conf

You will have to specify at least three paths in your dhcpd.conf - one for each of the shared images, plus one for each client's private disk image.

These paths are specified in a somewhat complicated hexadecimal representation. You may find "man ascii" useful. It makes things much easer if you can keep these paths short.

Here is an example path:
d4:f0:10:7:2:24:2:6E:62:0:0:0:0:2:6:73:68:0:68:64:31

Here is the same path tabulated with decimal and ASCII equivalents filled in where appropriate.

HEX D4 F0 10 07 02 24 02 6E 62 00 00 00 00 02 06 73 68 00 68 64 31
DEC 212 240 16 7 2 36 2 6
ASC n b s h h d 1


This breaks down as follows.

d4:f0:10:7 - this is the IP address of the server - in this case 212.240.16.7

2:24 - this is the TCP port number on the server - this is always 2:24 which is equivalent to 548

2 - this is the length in bytes of the following parameter

6E:62 - this is the name of the volume which the path points to - in this case "nb"

0:0:0:0:2 - this is always the same

6 - this is the length in bytes of the following parameter

73:68:0:68:64:31 - this is the path and filename - in this case "sh:hd1". Path delimiters (":" on Mac; "/" on Unix; "\" on DOS are represented by Nul (Hex 0).

So this path points to a file called "hd1" in a folder called "sh" on a volume called "nb" on the server 212.240.16.7.

Note that paths are case sensitive!
I.e. hex 61 = ascii "a" <> hex 41 = ascii "A".
Although hex 2d = hex 2D = ascii "-"


Security

to be done


It Doesn't Work!

Check your system log files and compare against the Basic Overview of Netbooting above. Try and work out at what point the process is going wrong. Try and fix it.

You can email me at ali@gwc.org.uk and I will try and help. I am likely to be less than sympathetic if you are having problems making Linux or Netatalk work. These are complicated products with their own support channels. If your problem lies elsewhere I will see what I can do.

Valid HTML 4.01!

Last modified 14 June, 2001. © Copyright ali@gwc.org.uk 2001.