RE: PXE Boot issue - default.ipxe permssion denied

OK tried setting the default to /tftpboot and it had no effect - same problem occurs. If I read it right, reading the [URL=‘https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man8/tftpd.8.html’]man page for tftpd[/URL] it looks like using “/” in the file name will definitely get refused by the OSX tftp server unfortunately. Can’t quite see a way around this.

Edit: Success! But nervous of the cost. I fixed it by allowing the TFTP server access to “/” and making a symlink there to /tftpboot/default.ipxe. But that does allow TFTP access to the root directory of my OSX server…as I’m the only one imaging perhaps I’ll turn off TFTP access unless I’m using it…

[quote=“Uncle Frank, post: 44487, member: 28116”]Did you ever try to download ‘/default.ipxe’ (WITH slash!) from another PC??[/quote]

Good Point. Just tried this and it fails…Error on server ??? Connect request failed
I’m guessing that the OSX Tftp server does attempt to get from the root directory but because it’s outside /private/tftpboot it fails. I’ll try moving my tftp default directory to /tftpboot but that will probably fail for the same reason I imagine…

[quote=“Uncle Frank, post: 44484, member: 28116”]Access rights…? Could it be that easy?? Why didn’t that come to my mind earlier?? Please post the output of ‘ls -al /tftboot’ on your OS X server!

Edit: Sorry, I just re-read your postings and saw that you have successfully downloaded default.ipxe from other host via TFTP… right??

Edit2: TFTP server’s root is /tftpboot. So ‘get /default.ipxe’ should translate to ‘/tftpboot/default.ipxe’ on the server. Does anyone know if Mac OS X is doing things different here?? Can’t find anything on the web about it… DEFAULT TFTP dir is: /private/tftpboot, right? ‘ls -al /private/tftpboot’ then…

Edit 3: Both links to pcap files are the same… can’t see any new one for Acer[/quote]

Yes - have successfully downloaded default.ipxe from the OSX server. The default is indeed /private/tftpboot. ls -la yields:
drwxrwxrwx 24 root wheel 816 27 Mar 09:54 .
drwxr-xr-x@ 8 root wheel 272 7 Jul 2014 …
-rw-r–r–@ 1 root wheel 6148 29 Aug 2014 .DS_Store
drwxrwxrwx 3 root wheel 102 18 Jul 2014 NetBoot
-rwxrwxrwx@ 1 service wheel 2425 1 Oct 15:41 at800s.txt
-rwxrwxrwx 1 service wheel 840 21 Nov 15:21 boot.txt
-rwxrwxrwx 1 service wheel 295 21 Nov 15:21 default.ipxe
drwxr-xr-x 5 root wheel 170 5 Mar 09:38 deploystudiopc
-rw-r–r-- 1 service wheel 3605993 27 Mar 09:41 dump.pcap
drwxrwxrwx 8 root wheel 272 27 Feb 14:27 fog
-rwxrwxrwx 1 service wheel 389009 21 Nov 15:21 ipxe.kkpxe
-rwxrwxrwx 1 service wheel 389057 21 Nov 15:21 ipxe.kpxe
-rwxrwxrwx 1 service wheel 388044 21 Nov 15:21 ipxe.krn
-rwxrwxrwx 1 service wheel 389073 21 Nov 15:21 ipxe.pxe
-rwxrwxrwx 1 service wheel 25340 21 Nov 15:21 memdisk
drwxr-xr-x 13 root wheel 442 5 Mar 09:38 pxelinux
-rwxrwxrwx 1 root wheel 16794 20 Dec 2013 pxelinux.0
-rwxrwxrwx 1 service wheel 16794 21 Nov 15:21 pxelinux.0.old
-rwxrwxrwx 1 service wheel 165088 21 Nov 15:21 snponly.efi
-rwxrwxrwx 1 service wheel 101989 21 Nov 15:21 undionly.kkpxe
-rwxrwxrwx 1 service wheel 102037 21 Nov 15:21 undionly.kpxe
-rwxrwxrwx 1 service wheel 382650 21 Nov 15:21 undionly.kpxe.INTEL
-rwxrwxrwx 1 service wheel 102053 21 Nov 15:21 undionly.pxe
-rwxrwxrwx 1 service wheel 147728 21 Nov 15:21 vesamenu.c32

Haven’t cleaned it up since migrating from 0.32…
Edit: Also I’ve set the Acer.pcap link correctly now I think…
Edit2: Also my OSX tftp server uses the insecure (-i) parameter - caused me no end of grief before getting 0.32 working…
Edit3: I can set the path on the TFTP server so maybe I should try it with /tftpboot (copying everything first of course)?
Cheers

OK didn’t know that wireshark provided in-built filters for tftp, many thanks for that. Really useful - I’ve struggled with trying to analyse the logs for tftp in the past so that’s great.
Anyway - [URL='https://drive.google.com/open?id=0B_kJyPnsAGFZVlpwY1lUNnk1REU&authuser=0’]here’s the pcap for the Dell[/URL]; it seems like it’s failing on the absolute path for /default.ipxe…not even sure where that would try and get the file from…I tried copying it to the root directory of my osx server but it made no difference. Had a brief look to see if I could remove the path from undionly.kpxe? but that looks not so trivial…
With my acer laptop that looks to be an entirely different issue, maybe the implementation of PXE on that isn’t compatible, as the requested TFTP filename seems screwed up with a string of appended bytes (the server address?). The [URL=‘https://drive.google.com/open?id=0B_kJyPnsAGFZMlJPZEVCaG85NnM&authuser=0’]Pcap for that is here[/URL], but that isn’t my main issue…
Cheers

Edit: Sorry - set the link for acer.pcap correctly now

Hi - Thanks. Ok I captured the boot of both the Dell and my Acer laptop, both up to the point of failure and then restarting (or in the case of the Dell waiting on F1 to retry). The difference between the two is that the Acer doesn’t ask for the TFTP server name (option 66) for some reason but the Dell does. The responses back from the DHCP server look right to me but I’m not really familiar with DHCP. And then after that …nothing. Here is the link to the [URL=‘https://drive.google.com/open?id=0B_kJyPnsAGFZQl9iU2s3c2dFZms&authuser=0’]Acer pcap[/URL] and the link to Dell pcap is [URL=‘https://drive.google.com/open?id=0B_kJyPnsAGFZOUlITXBvanVWUk0&authuser=0’]here[/URL]. My OSX DHCP/TFTP server IP is 10.250.144.2 and the Fog box 10.250.144.11.
Cheers

Ok many thanks for the replies, they were helpful. I wasn’t sure how default.ipxe was being accessed.
So from any other client machine on the network I can tftp get both undionly.kpxe and default.ipxe from my system TFTP server OSX10.9 or my Ubuntu FOG box (Ubuntu 14.4) with no problems. I’ve tried both windows and OSX machines. So permissions and firewall settings would seem to be OK.
It gets a bit more complicated when I try to PXE boot a different client machine (like my laptop - Acer Timeline 4820 - Windows 8). Then I get TFTP bootfile not found. This whilst still getting the original default.ipxe permission denied error on the older dell PC Optiplex GX620. So I’m figuring something is not set correctly in my OSX DHCP server in terms of options 66 & 67. I know that the inbuilt OSX DHCP server is notoriously fickle. It may be that I need to run the ISC-DHCP server. But I will investigate further.

I recently upgraded from Fog 0.32 to 1.2. I have a slightly unusual setup: OSX 10.9 DHCP server, with Fog on an Ubuntu 14.04 Box. This was all working fine on 0.32.
Basically when I try and PXE boot a PC, I get the initial iPXE starting OK and then it gets to:

Configuring (net0 <mac addr> … ok
/default.ipxe… Permission denied (fttp://ipxe.org/0212603c)
Selected boot device not available -

The OSX server has a mirror of /tftpboot from my Ubuntu box.
I can tftp get undionly.kpxe and default.ipxe from either of my OSX server or my Ubuntu server successfully.

What I don’t know is with the new php based boot method exactly what it is trying to do at this step…ie where and how it is trying to access default.ipxe (off my OSX server or my Ubuntu server) and how (via Tftp or Sftp or…)
Any pointers or help appreciated…

I’m looking for some help to do one of two things; either get Fog to update the tftpboot folder on my DHCP server hosted on an OSX 10.8 server box OR get the OSX box to successfully pass off the IP address of the FOG box as my TFTP server in its Bootpd settings.

My current setup is this:
DHCP & TFTP server is an OSX 10.8 box running Netboot and DeployStudio for imaging Macs. Fog server is on a separate Linux box (Ubuntu 13.10). I have PCs successfully booting under PXE and being imaged via the Fog box but only with me manually copying the contents of pxelinux.cfg between the two boxes before I want to do any imaging. Otherwise new PC clients happily update fog from the pxelinux menu which was initially copied from the Fog box to the OSX box after Fog was installed.

So how can I get Fog to update the pxelinux.cfg folder on the osx box directly? I can sftp put/get from linux to osx but not with the fog user, only a root user (even though the fog user is present on both boxes)…

Or how to get the osx box to actually read and use dhcp_option_66 from bootpd.plist, which it seems to ignore…

And forget DeployStudioPC…that’s what I’ve come from…

[quote=“Gilou, post: 10240, member: 3221”]Hi,
(yes, I’m answering a late message, but I just bumped into the issue…)

Using FOG, I couldn’t do proper imaging/netbooting for MAC. So I did load ubuntu on a Live USB key, and used partclone to do the imaging work on the NFS server, and it works fine… now to integrate that in FOG (i.e. [URL='http://www.fogproject.org/wiki/index.php?title=How_to_get_Macintosh’s_Netboot_working_with_your_FOG_server’]http://www.fogproject.org/wiki/index.php?title=How_to_get_Macintosh’s_Netboot_working_with_your_FOG_server[/URL] for the netboot part, and using partclone instead of partimage…), well, gotta see

Cheers
Gilou[/quote]
How did you get on with this? I have my Macs able to Netboot from my FOG server but need to get a method to apply images from inside the Netboot image…
cheers
timjak

I’m new to FOG, but pretty familiar with Windows Deployment and also DeployStudio for Mac. I now use FOG on both a Fedora 18 and Ubuntu 12 server. Great product. I’d like to be able to contribute to the Wiki with install problems found and resolved for both Fedora and Ubuntu.
Cheers

[quote=“David Dreggors, post: 10816, member: 3390”]Good job Tim!
I ran into several selinux issues myself regarding tftp contexts in the “/tftpboot” directory. I was able to fox them by cd’ing in to that directory and running the following command:

[CODE]for F in $(find ./* -type f); do chcon -t tftpdir_rw_t $F; done[/CODE][/quote]
Thanks for that David, but I already had selinux disabled. More problematic though is that I don’t want to run FOG with the firewall disabled. I’ve tried configuring the firewall ports to allow NFS by using static ports for the various RPC services, but the imaging process just fails to mount the NFS share with no route to host. Turning off the firewall allows it to work. I’m wondering if the TFTP kernel uses some other ports I don’t know about for communicating back to the fog server…

Just a further update…ran into the same problems others have reported with a blank task screen…I’m running PHP version 5.4.11…[URL=‘http://fogproject.org/forum/threads/error-creating-tasks-internal-service-error.3798/’]as reported elsewhere[/URL] I replaced &$tmp with $tmp throughout tasks.confirm.include.php and FOG is now scheduling tasks…and [I]@chad-bisd[/I]… not a production server!..a home server…although the install did break mediatomb…

OK…so just skirting around the side-issues here…I think I’ve solved the problem…seems to be an obscure thing relating to VSFTPD and Fedora 17/18 (and perhaps Redhat generally). [URL='https://bugzilla.redhat.com/show_bug.cgi?id=845980’]Here’s the thread[/URL] and I fixed it by adding “seccomp_sandbox=NO” to vsftpd.conf and restarting the service. I was then able to update the PXEMENU for the master password. Haven’t tested whether I can push and pull images yet.

I run a pile of other stuff on this server and have been using Fedora for awhile. Way too much effort. I guess I could setup a separate Ubuntu box and run Fog off it but that would only be temporary…so disappointing! I use DeployStudio for another setup I have (a dual Mac / PC site) and that works well, quirky but well. I was really hoping Fog would be a better windows solution.
I think looking further into it that maybe something is wrong with the VSFTPD setup because I can’t FTP into the box at all, even directly. I just get Oops 500, Child died, but not knowing how FOG is updating the PXE menu I’m hunting in the dark really.

Just an update…decided to reinstall from scratch just to check I hadn’t done anything wrong. So followed the uninstall (complete removal) instructions and then did a complete reinstall. Got an error message about NFS service during the install so I enabled the nfs service and restarted it. Went through the password updates suggested under fedora install…but same result…fails on updating the master password in the PXE menu step…with error message TFTP updated failed…unable to upload file…
How does the web interface update the \TFTPBOOT folder…via FTP, via TFTP or directly? Seems like it must be an authority issue between TFTPBOOT and the default fog user…tried enabling logging for VSFTPD but nothing showing…

I have 30 odd windows 7 computers to image and thought I’d use Fog.
Installed version 0.32 on Fedora 18.
I have a separate DHCP server.
Went though the setup fine and can boot clients successfully to the fog menu. I can do host registration and the clients show up in the client list.
Problems come when I try and upload an image. I understand that I have to set a master password under Other Settings -> PXE Boot Menu. This fails with the error message ->
"
[CENTER][FONT=Ubuntu][COLOR=#333333]PXE Menu updated failed![/COLOR][/FONT][/CENTER]
[CENTER][FONT=Ubuntu][COLOR=#333333]Unable to upload file."[/COLOR][/FONT][/CENTER]
[CENTER][FONT=Ubuntu][COLOR=#333333]Also the menu timeout value (10) - doesn’t match the actual timeout menu when I boot a client.[/COLOR][/FONT][/CENTER]
I’ve tried looking at the permissions on the TFTPBOOT folder, setting passwords under Storage Nodes and in the Fog Settings menu and nothing works.
I Can Get and Put to the TFTPBOOT folder from the command line.
Tearing my hair out here.

Also, if I try any of the client tasks (Upload, Debug, Hardware Info etc.) the client always just boots back to the Fog main menu…
Any help appreciated…