Netbooting Mac Links from Head Page:
[NB-OS-X-]
[Problems]
[Analysis]
[Mimicry-]
[A-How-To]
[Security]

Webspace Sponsored by:


    This page has two separate parts:
  1. Choose your patch where you choose from one of 3 (well , 2 really) patches based on your needs in a DHCP Server: version 2, or version 3.
  2. Follow detailed directions or my How-To to configure your server and client to actually netboot in Linux. (No Images provided for you to download from this site. You must have all of the software. The Linux part is "free", and if you have a MacOS CD-ROM for System installation, you can download or find the rest of the software "on the net")
Choices of patches and descriptions

When I first made a set of patch files for making Macintosh Netbooting with non-Apple Server, I created two patch systems. One systems was very uncomplicated but difficult to use with dhcp as you needed to remember numbered options and their use. The second one was a more advanced patch, but it created new naming systems for options codes that were not standard. After creating my code, I stopped improving it. Alistair Riddell took a sample copy of my more advanced patch for dhcp-2.0 (ISC's source code provided dhcp server), and has added much more to it. I only offer my old diff patches for academic purposes. Instead of keeping an unmaintained "fork", I suggest you use his or Rob's patches (see below) and standardize on one of them.

One more layer of complication: (read choice or option) is a new patch for ISC's DHCP server version 3. This patch for verson 3 of the DHCP server was written by Rob Lineweaver. You can check out information on this at http://staff.harrisonburg.k12.va.us/~rlineweaver/macnb/ for more information on his maintained patch for ISC's v2.0 DHCP server and allowing it to netboot.

If you would like to use the more recent DHCP server from ISC such as Version 3, Rob Lineweaver has ported the patches from ISC's DHCPv2 to ISC's DHCPv3! (Cool Deal!) Please check out http://staff.harrisonburg.k12.va.us/~rlineweaver/macnb/ for more information. He has provided not only a source patche, but RPMs of a dhcp server for various distros of linux.

My original patches are not suppoerted by me. They worked with a no longer available copy of ISC's DHCP Server v2, but I have no time to maintain them. If you really want to see them, then you can browse: in this UNSUPPORTED web folder or in this VERY-UNSUPPORTED web folder (heh) , but you do so at your own risk! (These no longer even allow the latest v2.0 of DHCP server from ISC to compile when applied, so just be nice to yourself and go with Rob's or Alistair's solutions for v3 or v2 DHCP Servers respectively.)

You should still be cautioned to only use one of the three possible packages available. I suggest you go with either Alistair's or Rob's patches depending on which version DHCP server you are planning to run.

With this stated, you will need to get either Alistair Riddell's copy of dhcpd-2.0pl5 patches from: http://frank.gwc.org.uk/%7Eali/nb/dhcp-2.0+macnb.0.1.diff OR Rob Lineweaver's patches (or RPMs) from his web site: http://staff.harrisonburg.k12.va.us/~rlineweaver/macnb/.

Also, on the topic of DHCP Servers. You should only have one installed and running at any one time. You should not try to run a version 3 dhcp server and a verison 2 dhcp server on the same interface on the same network, or even two dhcp servers of the same version. It will most likely not even work, and also likely cause problems on your network. (I could see multiple DHCP servers running on the same box with each on a different interface, and there may be more exceptions, but unless you know what you are doing - only run one server per box, per network/subnet.)

Details on How-To set up a netbooting server

(Someting missing? Something not descriptive enough? Find a problem? Send me an e-mail with the complaint. Instructions can be found at te end of each of the pages.)

This is a brief description (ha!) of how to make Net-Booting happen with your valid copy of Mac OS 9.1 from CDROM (What I am using in this example), a *NIX box like Linux, a copy of asun-netatalk, a DHCP server, a TFTP server, and a blue and white G3 series PowerMac or later (I am using a G4) or iMac with latest firmware upgrade. I try to offer major points closer to the left margin, and deeper nesting of information offers more detail for those that need or want it.

  1. Get your materials ready:
      Get / install:
    1. A Linux server (x86 based Intel for this example) with enough free disk space for Mac HD Images. (~4Gb to be used in this sample)
    2. Install a TFTP server (tftpd) on your server box
      • Note where its service root point is: you will probably want to set its root to be somewhere in your fs root like /tftproot or /tftpboot, or /boot/kernel etc. For this demo, I modified tftpd's root to be "/tftproot".
      • Note: Installing any new service on a server frequently adds risk for security being compromised in the service via buffer over-run, DoS, or information loss. "tftpd" allows for unauthenticated transfer of files. You should not place anything sensitive in tftpd's root.
      • I am using a Debian install for my demo. Its tftpd service is started from inetd in this release of Debian. To modify tftpd's root, I hand edited /etc/inetd.conf after installing tftpd, and changed the argument "/boot" at the end of the line to /tftproot and then created /tftproot , chown root.root and chmod 775
      • For more specific help with tftp and tftpd check with a HOWTO on the subject. http://www.tldp.org/ may have what you need, but locations change too fast for me to keep them up to date.
    3. Get the source code for a DHCP Server (dhcpd) like dhcp-2.0pl5.tar.gz from http://www.isc.org/, or visit ISC's DHCP Server Version 3 page to find out how to get the latest version 3 release candidate.
      • Note: You may consider using one of Rob's RPM source or binary packages on his website.
      • Note: If you have a network admin for the network in which you plan to run your own DHCP Server, you will probably want to speak with them before starting it. Not discussing with them the possible problems with running multiple DHCP Servers on the same serviced network and getting a list of IP addresses you can serve can be risky, and cause you serious problems with your network admin. You have been warned! If you are doing this at home or on your own network, then just try to only use one DHCP Server at a time unless you know what you are doing.
      • I use the above source tree in my example. Yes, dhcpd-3.x from ISC is out and you can use Rob's DHCP v3 patches instead.
      • You may use an alternate DHCP server if you can find a way to have it determine if a booting client is a netbooting Mac, and account for the larger MMS for the service to send the extra vendor options necessary for Macintosh netbooting.
    4. Unpack the DHCP Server source tree and patch it
      • See patches section of this page for where you can get a diff file patch.
      • Make sure your copy of dhcp was downloaded in binary mode (Image Mode) or else unpacking it won't work. If unpacking works fine, then you likely ftp-ed it properly.
      • I suggest you place the dhcp-2.0+macnb.0.1.diff and dhcp-2.0pl5.tar.gz in /usr/local/src on your machine.
      • Unpack the DHCP Service source tree and patch it with my patch
        • # cd /usr/local/src

          You should see a new prompt ("#").
        • # zcat dhcp-2.0pl5.tar.gz | tar xvf -

          A bunch of files should be uncompressed and unpacked into /usr/local/src. The words you see flying by your screen are what files re being uncompressed and unpacked. Mine ended with the last three lines of the extraction showing:
          dhcp-2.0pl5/server/dhcpd.conf.cat5
          dhcp-2.0pl5/server/dhcpd.leases.5
          dhcp-2.0pl5/server/dhcpd.leases.cat5
          
        • # patch -p0 < dhcp-2.0+macnb.0.1.diff

          This should patch the dhcp-2.0pl5 source tree. This patch includes my addition of dealing with the Apple-MMS-DHCP bug and includes more code from Alistair Riddell allows this DHCP Service to know how to better tell the difference between a netbooting Mac client and a non-netbooting Mac client. In this patch, only 6 files are patched. Here is what you might see after applying the above patch command:
          patching file `dhcp-2.0pl5/common/options.c'
          patching file `dhcp-2.0pl5/common/tables.c'
          patching file `dhcp-2.0pl5/includes/dhcp.h'
          patching file `dhcp-2.0pl5/includes/dhcpd.h'
          patching file `dhcp-2.0pl5/server/bootp.c'
          patching file `dhcp-2.0pl5/server/dhcp.c'
          

          You may wish to instead try patches created by Rob Lineweaver for version 3 of the DHCP Server from ISC. These can be found at http://staff.harrisonburg.k12.va.us/~rlineweaver/macnb/

    5. Make the new DHCP Service
      • # cd /usr/local/src/dhcp-2.0pl5/

        Allows me to change dirs to the source tree.
      • # ./configure

        This is a program that tells ISC's dhcp source tree what kind of system you have so it may properly be compiled to work for your system. In this case, I am running Linux and a 2.2 series kernel, so configure reported:
        System Type: linux-2.2
        
      • # make all

        This should go through and compile a DHCP Server. The last lines in my build of the DHCP service binaries gave me a warning about needing to migrate my DHCP leases directory. if you have never run DHCP server then you can ignore this. If you have run a DHCP server with a different storage location for DHCP leases, then like me, you know what this means and will abide by its instructions. (Configuring your desktop workstation to use DHCP for IP Assignment is an example of a client for DHCP not a server. A Server is what hands out the addresses, and is usually admined by your network admin.
        Also, this release of the patch file does not permit the dhcpcd (dhcp client for obtaining leases) compile. You will need to manually copy over the dhcpd server.
        You may see this page of output from make letting you know the client did not compile and caused the compilation process to terminate:
        Making all in client
        make[1]: Entering directory `/usr/local/src/dhcp-2.0pl5/client'
        cc -g  -I.. -I../includes -DLINUX_MAJOR=2 -DLINUX_MINOR=2 -DCLIENT_PATH='"PATH=/usr/ucb:/usr/bin:/usr/sbin:/bin:/sbin"'   -c -o dhclient.o dhclient.c
        dhclient.c: In function `make_discover':
        dhclient.c:1455: warning: passing arg 8 of `cons_options' makes integer from pointer without a cast
        dhclient.c:1455: too few arguments to function `cons_options'
        dhclient.c: In function `make_request':
        dhclient.c:1567: warning: passing arg 8 of `cons_options' makes integer from pointer without a cast
        dhclient.c:1567: too few arguments to function `cons_options'
        dhclient.c: In function `make_decline':
        dhclient.c:1671: warning: passing arg 8 of `cons_options' makes integer from pointer without a cast
        dhclient.c:1671: too few arguments to function `cons_options'
        dhclient.c: In function `make_release':
        dhclient.c:1736: warning: passing arg 8 of `cons_options' makes integer from pointer without a cast
        dhclient.c:1736: too few arguments to function `cons_options'
        make[1]: *** [dhclient.o] Error 1
        make[1]: Leaving directory `/usr/local/src/dhcp-2.0pl5/client'
        make: *** [all] Error 1
        

        If you need dhcpcd (a dhcp client) then you can install one from a package, or use the source code to make a client and server, then install, and then patch the source tree and make a new server only. I am assuming you have a system for getting your IP address, and only the dhcp server for netbooting Macs is missing.

      • # cp /usr/local/src/dhcp-2.0pl5/server/dhcpd /usr/sbin/dhcpd

        You may want to "mv" (move) your old dhcpd server to a new location like /usr/sbin/dhcpd.orig before you perform the above as it will over-write whatever was there before.
      • You may wish to examine Rob's patch instead. If it compiles cleanly, then instead of the above "cp" commans, you could type:
        # make install
        
        but may want to think about that step. If you "make install" you may overwrite a previous dhcp server you installed. Please be cautious! Manually copying just the server as an executable may be a better idea.
    6. Install a copy an of AppleFileshare service that can do AppleShare over IP such as the asun-netatalk. You may try this with a packaged copy which is often easiest or get your own source tree and compile it.
      • You can try to see if there is a new copy at ftp://ftp.cobaltnet.com/pub/users/asun/ or look at http://netatalk.sourceforge.net/ if you wish. I am going to take the easy way out, and use a prepackaged copy with my Debian Linux install.
      • When you see "netatalk" you should also verify that it is either a new "asun" distro (which can do AppleShare over IP) or is another that can do AppleShare over IP.
    7. Get the necessary networking information for setting up a client on your network to access the Internet (or intranet, extranet, othernet, etc. that uses TCP/IP.)
      All of this information will be used when configuring the dhcp server (in /etc/dhcpd.conf ) by using the on-line form - will be discussed later
      • An Example list may include:
        • Range or group of IP Addresses to hand out to clients
        • Subnet Mask (Netmask) for the IP Addresses above
        • Gateway/Router for above Subnet Mask (Netmask) and range of IP Addresses you have been given
        • Compute the network address/name for the network that is limited by the above Subnet Mask and contains the IP Addresses listed above. (I'll try to find how-to's to explain this procedure and link to them from here. If you know about this, then the network address/name is the very first IP address of the chosen subnet that often ends with a zero "0".)
        • Compute the broadcast address for the network that is limited by the above Subnet Mask and contains the IP Addresses listed above. (I'll try to find how-to's to explain this procedure and link to them from here. If you know about this, then the broadcast address is the last IP of the chosen subnet often ending in "255".
        • The MAC (Media Access Channel) Address/HW (Hardware) Address, ENet (Ethernet) Address of the machine that will be looking to netboot. This should be 6 hexadecimal values often separated with colons (":"). For Mac running Mac OS 8 or 9, you can go to the TCP/IP control panel and choose GET INFO from one of the pull down menus, or click a button INFO in the control panel or press COMMAND-I. (Earlier Mac OS Versions allowed OPTION clicking on the interface in the networking or MacTCP control panel, but that is off topic.)
        • Choose a unique name for your Macintosh that will be different from other names assigned to netbooting machine. For my Demo, I will use "mac-nc01"
        • Figure out a password. It will be passed across the net in plain text, so make sure it is not a "secure" password used in encrypted transactions or your ATM card PIN. ;-) When you use the form, I suggest you do not use the password you think of now, as the posting of the form will send your chosen password across to my server and back in plain-text and back again. The output text can be copied and pasted into the /etc/dhcpd.conf text file, and it should be obvious where you would locally edit the file to store your real chosen password for network access.
    8. Install Mac OS (In this case, Mac OS 9.1 on a G4)
      • I'll assume you can do this on your own. Some suggestions:
        • Start out from scratch: delete all data on your HD, repartition the drive, and format, low-level (if possible) and zero-out HD (Initialization Options with Apples HD Utility.)
        • Initially, make 3 partitions:
          1. Install your System on partition 1 (I set this to use 1Gb) Note:You will want to make your images smaller than 2Gb if using Linux 2.2 or earlier kernels due to the maximum file size limit. 2.4 series kernels are not limited by 2Gb for file sizes. I called my partition 1 / volume 1 "HD1".

            NOTE: Please allow extra space when you make your partitions that will be imaged and make sure that you do not shrink the image being built to match the exact size of data with no free space.
            A problem was reported by Dan Baker who also found the solution
            [Credit included to him on this] (more info below):

              The encountered problem had the following characteristics:
            • The client machine would start to boot
            • Get the required information from the DHCP server (where to tftp the ROM file, the username, password and locations of AS/IP volumes to mount and where to find the images, etc.)
            • Complete a tftp download the MacOS ROM from the server
            • Load and use the "MacOS ROM" file
            • Continue the netboot procees using AppleShare over IP (AS/IP)
            • Log into the AS/IP (asun-netatalk) network fileshare with the proper username and password. (This information can be found in the netatalk log file.)
            • Client then disconnects from share, and reboots (or hangs).

              After some work, Dan Baker troubleshot, diagnosed, and fixed the problem - Insufficient free space in the image. (This is not an obvious solution, so please take warning now and leave enough free space on the partition you will image as well as the image itself!)

              How much is enough? I would suggest the following: (2 * (Total Client RAM in MB) + 100MB), but you are always welcome to experiment!

              If you have the above problems, take this into consideration when making a new image at this step. (Thanks Dan for the work in finding this problem and solution!)

          2. Install your Applications on partition 2 (I set this to use 1Gb) Note:You will want to make your images smaller than 2Gb if using Linux 2.2 or earlier kernels due to the maximum file size limit. 2.4 series kernels are not limited by 2Gb for file sizes.I called my partition 2 / volume 2 "HD2".
          3. Partition 3 may be used to temporarily store images of partitions 1 and 2 so partition 3 should be at least the size of partition 1 plus partition 2.I called my partition 3 / volume 3 "HD3".
        • After you are done imaging the partitions, and moving them to the server (later) you can destroy the 3 partition system and install your local OS on one big partition. Dont forget to make sure the newly created image has extra "free" space! (See warning above.)
        • If you have the option to install your OS for "Any Macintosh" even though it will install extensions and control panels you can't use, do it. It will make netbooting from other models easier and does not use that much more space.
        • After your OS is installed, run the Apple Software update, and update it all.
        • Make sure your Networking settings on the installation are set to use DHCP for IP resolution. Make as many settings as possible automatically gathered from the network. Either leave the name of the machine blank (in AppleShare control panel) or remember what you set it to use.
        • Eliminate the trash and readme files/folders that you do not need. I would suggest you do not disable extensions and control panels unless you are sure you will never need them.
        • If you have a utility for defragmenting and optimizing your HD, try to put it on floppy so it can be used just before imaging the 2 partitions. You do not need to do this, but it could improve performance from the server assuming the server's stored image file is not fragmented during the copy later.
        • You may also want to disable Virtual memory at a cost: Applications assume you have lots of RAM when you disable this, but OTOH, you can remove the HD from the machine. Your call.
        • You may want to have Netscape and MSIE use ZERO Disk space for caching documents. This is especially handy when you set the System Volume to be Read Only for guest users. :-/
        • I Added a RAM Disk of 4Mb because I have 256Mb on this G4 used in testing.
        • Many of the above settings help decrease traffic across the wire - especially for memory issues with virtual memory!
        • Many of the above help contribute towards allowing you to make all of your booting system image not need any writes or updates so you could possibly make all of the images that are "shared" into READ ONLY images for multiple clients to share. For testing purposes and for single users, you may want to keep your booting system as readable and writable. For larger implementations, you will want to secure your booting images, and share them among several users to conserve disk space.
    9. Further configure your Mac OS installation before imaging:
      • You may want to examine some of the suggested settings above before examining these settings.
      • You should either:
        • Choose to use the Extension Manager and disable the "Multiple Users" control panel and the "Multiple Users Startup" Extension, or
        • if you choose to keep them enabled, set a username and password
          If you choose to enable Multiple Users instead of disabling it, then:
          1. Locate and open/run the Multiple Users control panel on the Mac you are setting up.
          2. Double-click the "owner" icon and you should see a new window pop up.
          3. Set a username and password. For convenience, I set the same username as I used in the dhcpd config (in example form submission for mac-nc01 as seen later), but the password was not the same as what I used in my /etc/dhcpd.conf. Then close this window and return to the control panel window.
          4. From the control panel window choose "Options"
          5. In the new window that is spawned, choose the "Other" tab.
          6. I chose to click to enable guest access. Your choice on this is left to you.
          7. Make sure the radio buttons for "choose names with pull down menus" and "Multiple user accounts (local)" are selected unless you know to do otherwise.
          8. Choose to "Save" and then once back at the open control panel, choose to close it.
          9. I chose to enable Multiple User Access within this window. The most important thing is to set a password.
    10. You may want to examine some of Apple's Software for managing Macintosh machines. If so, you may start with ftp://ftp.apple.com/Apple_Support_Area/Apple_Software_Updates/English-North_American/Mac_OS_X_Server/. No more detail on that software is discussed here at this time, but is left to the reader.
  2. Create images of the two partitions (You can just use a System partition if you don't want the application partition to be mounted as a volume) Dont forget! Allow free space im your image or suffer! (See notice above on free space in the partition )
    • The Mac OS 9.1 Generic Install CD comes with Disk Copy 6.33. When you boot from the Mac OS 9.1 CD (which can be done on modern Macs by powering down the computer with the bootable MacOS (in this case 9.1) install CD and holding down the "c" key until you see the "happy mac" face on your screen in the center), and do not run or access files from the first two partitions, you can be pretty sure, you have no open files, or weirdness on those partitions. This allows you to make fairly safe images of the partitions not in use. (You should be able to locate Disk Copy in the Utilities folder of the CD-ROM.)
    • To image a partition or volume you see mounted, drag the volume onto the Disk Copy application. A new window will come up. Choose to save the image as a "Read/Write image". (Do not Choose: "read-only" or "read-only compressed"!) Make the saving location the 3rd partition/volume and make sure you leave free space (now noted as result of information from Dan Baker where insufficient free space on the image would cause a failure of the netbooting clients as they tried to connect to the netatalk server and use the image.)
    • After you have all of your images desired, you can reboot your machine off the HD to have network Access for moving the image files to the server as well as the special "Mac OS ROM" file*.
      *- You should read the rights to your license before copying over the ROM file. It may be illegal for you to copy this file without permission in writing from Apple computers. If you have legal questions on any of this, you should consult a lawyer as I am not offering legal advice on what you should do legally - only what can be done with the right equipment and this information.

      A problem with this procedure was reported by Dan Baker [Credit included to him on this] (more info below):

        When you place the images on the server, if they are placed up there with read/write permission for your "Netbooting Macintosh User" then only one user can use that image at a time. (Exclusive write access.) This will prevent other users from being able to net boot. (Dan Reports "Error -60" which makes sense when you think about it.) Thanks Dan!

        For this, you have two know solutions, and maybe more:

        1. Some method to ensure that user has only read access to the image/file: (chown to root or some other non netboot user and group should work too so long as the last octal is not set with a write bit.)
          # chmod 444 image.name.img
        2. Make one image for each and every station and make sure each stations gets a custom boot message on what image to get. (This of course allows thes netbooted systems to be modified unless other security software is included.)
  • Configure what you have to make it work...
    1. Configure the tftp server with the proper files for netbooting:
      1. tftp server: Consult your installation of the tftp server. In my copy of Debian, the tftp service is started from inetd. As art of its reference, an argument is handed to it to specify a starting directory. Here is the line from my /etc/inetd.conf that references starting the tftp service when it is needed:
        tftp           dgram   udp     wait    nobody  /usr/sbin/tcpd  /usr/sbin/in.tftpd /tftproot
         

        (If your line starts with a "#" before the "tftp dgram..." then that service is disabled. You may be able to edit the file to remove the "#" at the beginning of that line, and then as root type "killall -HUP inetd" to restart the tftp service.)
        Notice the argument "/tftproot" after the path to starting the tftp service as needed? That is the directory you should store the "Mac OS ROM" file. Make sure the file is set owned by root but "chmod 644" so everyone may read it. If the directory argument handed to your tftp service is different, then you should take notice of this difference as you will need it in the "dhcpd.conf" configuration later. This directory argument is the location you should locate the "Mac OS ROM" file. (For examples on how to get the Mac OS ROM File from your mac to the server as a complete unmodified file, check down below in the tftp service configuration section.)
        # chmod 644 /tftproot/Mac\ OS\ ROM
        

        (The "\" help to "escape" the spaces fro the shell so it does not treat the chmod command as an instruction to modify 3 files, each called "Mac" , "OS" and "ROM".)
        Also, you will want to make sure the path leading up to the tftp served ROM file is able to be read by "everyone" for anonymous download (For my example directory of "/tftproot" you might see):
        # chmod 755 /tftproot
        

        • Assuming you have "fetch" for the macintosh, you can ftp (not the same as tftp) a copy of the special "Mac OS ROM" file from your newly installed Mac OS 9.1 machine's "System Folder" to the server. You may need to enable an ftp server (in addition to the tftp server) on the server that will be handing out this ROM file. When you are able to ftp to the server, ftp a copy of the ROM to the server in "BINARY" mode. Do not use "MacBinary" (bin), "BinHex" (hqx), ASCII, or Automatic. Binary mode will ensure the resource fork and data fork are copied to the server.
        • If you do not have fetch or do not have or want to start an ftp service (not tftp service) on your server, then you may want to examine getting a copy of "NCSA Telnet" for the Macintosh. It has an FTP Server you can enable on the mac, and then from the server you may ftp a copy of the "Mac OS ROM" file in Binary Mode from the Macintosh and then turn off the ftp service in "NCSA Telnet" on that Mac.
          Configuration of the NCSA Telnet Server to also act as an FTP Server is really left up to you. However, you may want to eliminate " " (spaces) from the filename after you copy it to the hard disk's lowest directory (under "Systems Folder", not in it) or copy it into the folder you specified in NCSA Telnet for anonymous FTP users. A good name to choose might be "MacOSROM" instead of "Mac OS ROM". Do not change the name of the file that is left in your "System Folder"! When you connect up to the Macintosh ftp server to ftp the file off of the Mac, you need to specify binary mode. Here is an example on how to do this from a common shell based ftp client in *NIX:
          ftp 192.168.1.200    (This is a sample IP address used just for this example)
          Connected to 192.168.1.200
          220 NCSA Telnet FTP Server (NCSAFTPD) [192.168.1.200]
          name (192.168.1.200:username): anonymous (or whatever name you configured in NCSA Telnet's FTP Server's authorized username.)
          Password:                                (not echoed back, but whatever you configured in NCSA Telnet FTP Service.)
          230 Anonymous access granted, restrictions apply
          Remote System is MacOS
          Using ASCII mode to transfer files
          ftp> bin                   (set mode to binary for transfers)
          200 Type set to I.         (Type "I" is for "images" while "A" would be ASCII)
          ftp> get filename          (In this case, you would want to get your ROM file)
          local: filename remote: filename
          200 PORT command successful
          150 Opening BINARY mode data connection for filename (XXXXXX bytes).
          226 Transfer complete.
          XXXXXX bytes received in YY.YY secs (ZZ.Z kB/s)
          ftp> quit
          221 Goodbye.
          
        • You may choose to ftp the file to another location on the server. If you do, then do not forget to copy it to the directory argument for the tftp service (mentioned above in this example as /tftproot for service.)
      2. Once you have ensured a binary copy of the "Mac OS ROM" resides on the server, you may choose to disable the ftp server, but should not disable the tftp server if you want netbooting to work.
      3. test the tftp server:
        1. Assuming you have a tftp client called "tftp", as root, cd to /tmp and make sure you do not have any files named "test" is /tmp or in the tftp server root (in my example /tftproot)
        2. Here is a list of commands to test your tftp server and what should happen if it works (Many tftp clients do not support whitespaces as part of filenames even thought the server does. For this reason, I have a cp (copy) command included to copy the ROM file to a filename without spaces):
          # cd /tftproot
          # cp Mac\ OS\ ROM MacOSROM
          # cd /tmp
          # ls /tftproot/Mac*
          /tftproot/Mac OS ROM
          /tftproot/MacOSROM
          # ls /tmp/MacOSROM
          ls: /tmp/MacOSROM: No such file or directory
          # tftp 127.0.0.1
          tftp> get MacOSrom
          Received XXXXXXX bytes in YY.Y seconds (Where XXXXXXX is the length of the file, and YY.Y was the time in seconds.)
          tftp> quit
          # ls /tmp/MacOSROM
          /tmp/MacOSROM
          
        3. If the above offers a copy of the "MacOSROM" file in /tmp with the same length as the one stored in the /tftproot directory on the server, then the tftp portion of the setup should be ready for use. If you copied the "Mac OS ROM" to "MacOSROM" then you can use either name when you configure the dhcpd.conf file later by telling the web page form about your choice for the name.
        4. If you encounter errors, you may wish to read the man pages on tftp or consult a web page for suggestions.
    2. Configure the installed copy of netatalk:
      1. Assuming you have an IP version of netatalk available (like the asun fork) you will need to create a new volume name and specify a mount location on the hard drive large enough to store the same amount of space as an image of the bootable volume, and two image copies of the Applications volume.
      2. Be sure to enable "cleartext passwords" in your netatalk configuration! (See problem reported by Thomas Kaiser and can be found posted here at http://www.geocrawler.com/mail/msg.php3?msg_id=8042125&list=19948 and solved by the original poster here at http://www.geocrawler.com/mail/msg.php3?msg_id=8056833&list=19948
        To do this, examine your "afpd.conf" file and check to see how your service is called. If you see "-nocleartxt" as an option that is included in the service startup, then clear text password have been disabled. Change this to "-cleartxt" to enable it for the service.
        (Clients may use clear-text passwords and may not have support for rand2num or randnum from initial netboot even if the netbooted OS does.)
      3. Most asun netatalk AppleShare IP Service have several files they reference somewhere on the server. Names of some files that we are interested in modifying include:
        • AppleVolume.default
        • afpd.conf
        • ~macusername/.AppleVolumes *
        • ~macusername/.passwd *
          (* - These may or may not be needed depending upon how your netatalk is configured.)
      4. AppleVolumes.default contains a list of volumes you will be serving. This is important. the name "volume" will be referenced on the dhcpd.conf creation form. Remember what names you use here!
        • Here is a sample of a very simple AppleVolumes.default that serves only 3 default volumes:
          #Local directory:               Name in Macintosh chooser / volume name:
          /home/netboot/pub          MOS9_NBS
          /home/netboot/master       MOS9_NBS_ORIG
          /home/netboot/test         MOS9_NBS_TEST
          
        • In my case, my /home mounted partition has about 21Gb free - more than enough for my HD1 partition, and 2 copies of my HD2 partition.
        • Next, I will need to make sure the directories I specified above actually exist and have owners and file permissions to permit me to have either read access (see the volumes as available from the server while in the chooser and be able to mount them for reading) or read/write permission (see the volumes as available from the server while in the chooser and be able to mount them for reading and writing)
          As root, you may want to create a new user with a name "mac-nc01". On many systems this can be done with "adduser" or "useradd". On my system, I have adduser, and this procedure would look like this on *my* system (Your results will likely vary.):
          # adduser mac-nc01
          adduser: Please enter a username consisting of a lower case letter
          followed by lower case letters and numbers.  Use the `--force-badname'
          option to allow underscores, dashes, and uppercase.
          (OK, adduser did not like the "-" in the name, so:)
          # adduser --force-badname mac-nc01
          Allowing use of questionable username.
          Adding user mac-nc01...
          Adding new group mac-nc01 (50000).
          Adding new user mac-nc01 (50000) with group mac-nc01.
          Creating home directory /home/mac-nc01.
          Copying files from /etc/skel
          Changing password for mac-nc01
          Enter the new password (minimum of 5, maximum of 8 characters)
          Please use a combination of upper and lower case letters and numbers.
          New password:                    (Here you may set a password. Don't forget it!)
          Re-enter new password:           (Here you retype the above password again.)
          Password changed.
          Changing the user information for mac-nc01
          Enter the new value, or press return for the default
          
                  Full Name []: Mac Netbooting User    (Entering in some data...)
                  Room Number []: none
                  Work Phone []: none
                  Home Phone []: none
                  Other []: none
          Is the information correct? [y/n] y
          #                                            (Done!)
          

          With a new user and username (mac-nc01), we can change the ownership of the same directories to be served from netatalk. In my example, these directories are "/home/netboot/pub", "/home/netboot/master", and "/home/netboot/test". Now we can make sure they are all owned by "mac-nc01" (our example):
          # cd /home
          (I am going to assume the directories have not yet been made, and will make them now:)
          # mkdir netboot
          # chown mac-nc01 netboot
          # chmod 755 netboot
          # cd netboot
          # mkdir pub master test
          # chmod 755 pub master test
          

          Now you may go to your Macintosh and go to the chooser. Choose AppleShare and then the button "Server by IP Address" and enter in the IP Address of your netatalk server. For username, type your new username (in this example "mac-nc01") and the password as you set it when you added that user. (There is a security risk in this, see below for more details in the section on the "~username/.passwd" file.) If you can see the 3 listed volumes (at least) then you are in a good position. Try mounting each one. After each is mounted, try creating a new folder in each one, and then trash the folder to verify you have write access. If this is a success, ten you may proceed. If not, then you should examine your setup and try to work at making access to these volumes work. There are mailing lists to help netatalk users, as well as web sites. If I get time, I will provide links to a few here.
        • Now from the mac, you may open the volume MOS9_NBS and create 2 new folders. One called "SharedImages" and the other called "Client Images" (Case sensitive! If the case is incorrect, then delete the folder, and recreate it again as many Linux filesystems (ext2 for example) are case sensitive and MacOS filesystems before OS X are mostly case insensitive.
        • Within the "ClientImages" folder create a new folder called "mac-nc01"
        • Within the "SharedImages" folder create a new folder called "mac-nc01"
        • Locate the 2 images you created (one of the booting system volume (HD1 in my example) and the other a blank filesystem (HD2 in my example)) and copy both into the "mac-nc01" folder of the "SharedImages" folder. Next make a second copy of the second blank filesystem image (HD2 in my example) into the "mac-nc01" folder of the "ClientImages" folder.
        • (Optional) If you wish to have backup copies of those image files for archival purposes, then duplicate the above procedure for the "MOS9_NBS_ORIG" volume you have mounted. You have MOS9_NBS_TEST for testing purposes if you wish.
        • Now that you can read and write to those volumes and have stored these files under that username, we can be certain that a netbooting procedure from an authenticated user of the same name (mac-nc01) can read and write to the images.
      5. afpd.conf can be used to enable special options of the AppleShare service. Some of these include forcing the authentication scheme to not allow plain-text and use RandNum or RandNum2 exchange systems. RandNum2 exchange requires you to keep a plain-text copy of the password used in ~username/.passwd and have that file owned by "username" (mac-nc01 in our example) and chmod 600. I will not go into the details of afpd.conf, except to let you know it exists and may be a source of further securing your netbooting server's password from password sniffers.
      6. ~username/AppleVolumes may be used to explicitly limit what volume the user "username" may see when they connect to the server. This is another security issue in case you desire to employ it. Newer versions of netatalk recognize ~username/.afpvols too.
      7. ~username/.passwd is needed if you enable randnum2 support in netatalk's afpd service. You can further explicitly disallow other schemes if you wish. This is another source of better server security as long as users do not have shells and your machine never is broken into by an unkind user. As plaintext copies of passwords are left in ~username/.passwd for AppleShare connections, they may find ways to use a mac to copy files to and from the machine once they read these ~username/.passwd files.
      8. (Further security may be possible by hand editing the /etc/passwd file and changing the default shell of the username (mac-nc01 in our example) to something like /dev/null or /bin/false but that is left up to you to figure out how to do on your own.)
    3. Configure dhcpd with modifications to /etc/dhcpd.conf: Use the above information and submit it through This Form linked from This Page in order to create a modified
      dhcpd.conf
      

      Using THIS FORM to create a modified /etc/dhcpd.conf (This should spawn a new window for many browsers so you may read this page and the form in separate windows and not loose your space here):
      1. You may choose to use a bogus password when you fill in that page and this is suggested. You will see the bogus password listed in the output page, and be able to modify the bogus password with your real password in your
        dhcpd.conf
        file on your end machine. Risks of putting the real password on this form include your sending in plain-text across the internet and back again in plain-text. Also, you cannot be 100% certain I do not store passwords within my CGI. I say I dont, and I really do not, but how can you trust me? Be safe. Use a bogus password in the form and use the real password when you have it copied to your local server.
        • You will notice the unique identification field is "mac-nc01" and if you have used the same examples included here, it may be kept as-is.
        • You will absolutely need the MAC access/hardware address, and you will need to enter it as shown with each hex value colon (":") separated until all 6 hex values are included. I suggest using all lowercase for letters, as they are easier to read when left next to numbers.
        • The IP Address for the Client IP should be one of the addresses from the range of addresses you may serve to booting clients as mentioned in the above section on network information needed.
        • I suggest you change the machine name from "Mac NC #1" to "mac-nc01". I have the other name there by default, as that is the name used by Apple with their netbooting server.
        • I suggest you change the username from "Mac NC #1" to "mac-nc01". I have the other name there by default, as that is the name used by Apple with their netbooting server.
        • For this password field, you may choose something that you will not really use on your site. You will be able to edit the resulting output on your local machine and the password field is immediately obvious on one of the commented lines in the host declaration. The password is not encoded into any of the hex-valued option fields to be generated in your output file. Changing only the password in your /etc/dhcpd.conf should not pose any need to re-compute your host configuration here.
        • The BootROM file may be changed if you created a copy of the boot ROM file under a different name. For instance, you may choose "/tftproot/MacOSROM" if you made sure to locate the ROM file at that location with that name and have it set to be read by "everyone" and tested it.
        • The IP Address for the TFTP Server is likely to be the same as you dhcp server and your netatalk (AppleTalk AppleShare server capable of doing AppleShare over IP)
        • Do not change the Server Version field unless you know what you are doing!
        • AFPIP Server IP(Boot HD Image): is the IP Address if the netatalk file server and will likely be the same as the dhcp server and tftp server. The very cool thing about this is that is is possible to have your tftp server be different from your dhcp server which is also different from your bootable image server, and your application image server and you client image server! (Talk about spreading your load across multiple servers! Wow!)
        • The AFPIP Port is the default port used by AppleShare over IP. Do not change this unless you know what you are doing! This first occurrence of this port number is for the port number of the netatalk netbooting bootable image server.
        • The AFPIP Server Volume Name(Boot HD Image) is the AppleShare network volume name (as specified in your AppleVolumes.default file) that contains your netbooting bootable image.
        • AFPIP Server Directory(Boot HD Image): This is the name of the *first* directory contained within the stated AppleShare network volume that will have your netbooting bootable image. (Note: The username above (suggested to be changed to mac-nc01) is expected to be a directory in *this* folder which is why we located your images in a folder with the name "mac-nc01" inside this directory.)
        • AFPIP Server File(Boot HD Image) may be changed from "NetBoot HD.img" to our suggested name of "HD1.img" if that is what you called your bootable image.
        • Like the above, you may specify different IP Addresses for your Applications image server and client's special shared image, but will probably end up using the same IP Address as your tftp,dhcp and first image server which are likely the same.
        • The port for AppleShare over IP is likely to remain the same "548" in the next two instances as well.
        • The directory names of the Applications server as "SharedImages" and the Client special image directory as "ClientImages" may also be left as-is if you used the above examples.
        • You may want to change the Applications image name to "HD2" if you used that name as above.
        • You may want to change the Client Special image to "HD2" if you used the above examples.
        • You will probably want to use the same volume name as listed above for the bootable netboot image server's network volume name for each instance listed below.
        • Next you should change the Machine Name from "Mac NC #1" to "mac-nc01"
        • With all of the above changes made, you should be able to press the button at the bottom called "COMPUTE IT" and may see a new web browser window spawned. This new window allows you to keep all of your modified settings in the previous window in case you want to verify any values, makes changes and recompute. (I don't like new windows being spawned, but felt this was a good use of that technology.)
        • Here is the top of an example output, cut out where it suggests. This is what would be saved to /etc/dhcpd.conf on your dhcp server's system:
          #COMMENTS START WITH A POUND "#" SIGN AND MAY BE REMOVED FROM THIS FILE
          #THEY ONLY EXIST TO REMIND YOU TO CUSTOMIZE SETTINGS FOR YOUR SITE, OR
          # REMIND YOU OF THE PURPOSE OF A STATED OPTION. FEEL FREE TO ELIMINATE IF
          # DESIRED
          #
          #Time in seconds for default lease of IP address:
          default-lease-time 600;
          #Time in seconds for maximum lease of IP address:
          max-lease-time 7200;
          #Specify the subnet mask to be assigned to the clients:
          # YOU WILL NEED TO CHANGE THIS TO YOUR SUBNETMASK:
          option subnet-mask 255.255.255.0;
          #Specify the broadcast address for the above subnet:
          # YOU WILL NEED TO CHANGE THIS TO THE BROADCAST ADDRESS OF YOUR NET:
          option broadcast-address 192.168.1.255;
          #Specify the router for dealing with routing packets to IP addresses 
          # not on the above subnet.
          # YOU WILL NEED TO CHANGE THIS TO BE THE GATEWAY/ROUTER ON YOUR NET:
          option routers 192.168.1.3;
          #the default searching domain name to attach to host names for
          # DNS lookup when no domain is included. Your value is likely different
          # YOU SHOULD CHANGE THIS TO YOUR DOMAIN NAME IF DESIRED:
          option domain-name "sonoma.edu";
          #The DNS that will be consulted when an IP address for a host is not
          # known. Your values will likely be different for your site:
          # YOU WILL NEED TO CHANGE THIS TO INCLUDE YOUR DNS, COMMA SEPARATED AS
          #  SHOWN BELOW IN THIS EXAMPLE:
          option domain-name-servers 130.157.2.5, 130.157.2.3, 130.157.2.2;
          # Allow dhcpd to respond to bootp clients (default)
          allow bootp;
          #Do not send DHCPNACK when a client requests an IP address for a 
          # network not described in the dhcpd.conf .
          not authoritative;
          
          #Identify the network being served:
          # YOU WILL NEED TO CHANGE THIS TO USE YOUR NETWORK AND SUBNETMASK:
          subnet 192.168.1.0 netmask 255.255.255.0 {
          
          #Hostname with unique ID to set it apart from all other entries
          # in this dhcpd.conf file.
          # EVERYTHING FROM THIS POINT DOWN TO AND INCLUDING THE FIRST "}"
          #  WAS TAKEN FROM YOUR FORM ENTRIES AND IS DYNAMIC. YOU SHOULD NOT NEED
          #  TO CHANGE ANYTHING BELOW HERE.
          # IF YOU NEED TO CHANGE AN ITEM BELOW HERE, IT IS SAFER TO GO BACK
          #  AND RE-SUBMIT YOUR CHANGES ON THE FORM FOR RE-PROCESSING.
          # IF YOU HAVE A PRE-EXISTING WORKING HEADER (ABOVE), YOU MAY JUST COPY
          #  THE SECTION BELOW FOR EACH SUBMISSION AND NEW CLIENT TO ALLOW
          #  SEVERAL MACS TO GET NETBOOT INFO FROM THE SAME DHCP SERVER.
          #  EACH CLIENT WOULD START WITH A UNIQUE HOST ENTRY (BELOW) AND
          #  CONTAIN THE BODY ENCLOSED WITHIN THE "{" AND "}" INCLUDING THE
          #  "{" AND "}".
          host mac-nc01 {
               hardware ethernet 0a:1b:2c:3d:4e:5f;
               fixed-address 192.168.1.50;
               filename "/tftproot/Mac OS ROM";
               server-name "192.168.1.3";
               next-server 192.168.1.3;
               #Used to grab Applications HD Image from server over AFP/IP for mounting
               option mac-version 0:0:0:0;
               #Username used to authenticate against the AFP/IP Server
               option mac-user-name "mac-nc01";
               # with specialized settings for this client's booting hard disk.
               option mac-machine-name "mac-nc01";
               #Password for use with the Username above when authenticating against
               # AFP/IP server for 3 images in 234, 235, and 238
               option mac-password "bogus";
               #Used to grab initial BOOT HD Image from server over AFP/IP for mounting
               option mac-nb-img c0:a8:1:3:2:24:8:4D:4F:53:39:5F:4E:42:53:0:0:0:0:2:14:53:68:61:72:65:64:49:6D:61:67:65:73:0:48:44:31:2E:69:6D:67;
               #Used to grab Applications HD Image from server over AFP/IP for mounting
               option mac-apps-img c0:a8:1:3:2:24:8:4D:4F:53:39:5F:4E:42:53:0:0:0:0:2:14:53:68:61:72:65:64:49:6D:61:67:65:73:0:48:44:32:2E:69:6D:67;
               #Used to grab Special Client HD Image from server over AFP/IP for
               # mounting
               option mac-client-nb-img c0:a8:1:3:2:24:8:4D:4F:53:39:5F:4E:42:53:0:0:0:0:2:1d:43:6C:69:65:6E:74:49:6D:61:67:65:73:0:6D:61:63:2D:6E:63:30:31:0:48:44:32:2E:69:6D:67;
          
          }
          }
          

          I have tried to be clever, and included suggestions and comments in the output file. Anything that starts with a "#" may be eliminated. If you do this, it will condense the output to something more manageable like this:
          default-lease-time 600;
          max-lease-time 7200;
          option subnet-mask 255.255.255.0;
          option broadcast-address 192.168.1.255;
          option routers 192.168.1.3;
          option domain-name "sonoma.edu";
          option domain-name-servers 130.157.2.5, 130.157.2.3, 130.157.2.2;
          allow bootp;
          not authoritative;
          
          subnet 192.168.1.0 netmask 255.255.255.0 {
          
          host mac-nc01 {
               hardware ethernet 0a:1b:2c:3d:4e:5f;
               fixed-address 192.168.1.50;
               filename "/tftproot/Mac OS ROM";
               server-name "192.168.1.3";
               next-server 192.168.1.3;
               option mac-version 0:0:0:0;
               option mac-user-name "mac-nc01";
               option mac-machine-name "mac-nc01";
               option mac-password "bogus";
               option mac-nb-img c0:a8:1:3:2:24:8:4D:4F:53:39:5F:4E:42:53:0:0:0:0:2:14:53:68:61:72:65:64:49:6D:61:67:65:73:0:48:44:31:2E:69:6D:67;
               option mac-apps-img c0:a8:1:3:2:24:8:4D:4F:53:39:5F:4E:42:53:0:0:0:0:2:14:53:68:61:72:65:64:49:6D:61:67:65:73:0:48:44:32:2E:69:6D:67;
               option mac-client-nb-img c0:a8:1:3:2:24:8:4D:4F:53:39:5F:4E:42:53:0:0:0:0:2:1d:43:6C:69:65:6E:74:49:6D:61:67:65:73:0:6D:61:63:2D:6E:63:30:31:0:48:44:32:2E:69:6D:67;
          }
          
          }
          
      2. If you do not, or have never used dhcpd, you can virtually copy and paste the whole list of output into a new
        /etc/dhcpd.conf
        file and just make a few modifications for your network such as those lines that appear after the line:
        # YOU WILL NEED TO CHANGE THIS TO ...
        

        For these, you will need to use the gathered networking information from above and replace them as instructed in the file.
      3. Save the final changes to your /etc/dhcpd.conf !
  • Test the present settings:
    1. It can be useful to test your settings by manually running dhcpd in the foreground with debugging enabled:
      • After you get a root shell, try:
        # /usr/sbin/dhcpd -f -d eth0
        

        (The above assumes you will be serving addresses through your first ethernet interface on "eth0". I served my test through eth1 on a private network. For security reasons, you may want to check into performing netboot and offering its services on private networks, or networks better secured from random physical user access and a firewall policy for preventing outside users from accessing your local private network.)
      • If dhcpd complains and exits, it should offer you feedback on the line number which which it has found problems and and some useful information on why the line is disliked.
      • If dhcpd does not exit, but says it is ready and accepting requests, you are in a good state to start more testing with netbooting!
      • Here is a sample output from dhcpd when started from the command line as shown above:
        Starting dhcpd...Internet Software Consortium DHCP Server 2.0pl5
        Copyright 1995, 1996, 1997, 1998, 1999 The Internet Software Consortium.
        All rights reserved.
        
        Please contribute if you find this software useful.
        For info, please visit http://www.isc.org/dhcp-contrib.html
        
        Listening on Socket/eth0/192.168.1.0
        Sending on   Socket/eth0/192.168.1.0
        .
        
        
      • When you start dhcpd as above, it becomes a block process for your shell in that you cannot process other command while it runs. You may choose to tell dhcpd to quit by typing control-c, or if you want to keep your demo copy running and sending its output to your screen, you may choose to background it by pressing control-z and when you see a new "#", type and enter "bg" to background the process. When you desire to bring it back to the foreground, you can type "fg" and enter and will then be able to press control-c to tell it to quit. (After you press control-z, it will be "stopped" which means it is still in memory, but not running. the "bg" allows it to be backgrounded and continue running.)
    2. Once dhcpd is running in the foreground, you should be able to go to the macintosh and try to perform a netboot from your server. :-)
      1. I suggest you start up a process to watch your logfile from /var/log/daemon.log as this is the file that is often used to report dhcp requests from dhcpd, tftp requests from the tftp service, and AppleTalk client requests for mounts. It is possible to watch the log file's new output with a tail command such as:
        # tail -f /var/log/daemon.log
        Jun 23 18:51:30 intra dhcpd: Internet Software Consortium DHCP Server 2.0pl5
        Jun 23 18:51:30 intra dhcpd: Copyright 1995, 1996, 1997, 1998, 1999 The Internet
         Software Consortium.
        Jun 23 18:51:30 intra dhcpd: All rights reserved.
        Jun 23 18:51:30 intra dhcpd: 
        Jun 23 18:51:30 intra dhcpd: Please contribute if you find this software useful.
        Jun 23 18:51:30 intra dhcpd: For info, please visit http://www.isc.org/dhcp-cont
        rib.html
        Jun 23 18:51:30 intra dhcpd: 
        Jun 23 18:51:31 intra dhcpd: Listening on Socket/eth0/192.168.1.0
        Jun 23 18:51:31 intra dhcpd: Sending on   Socket/eth0/192.168.1.0
        

        and as new messages are written to the /var/log/daemon.log file, they should appear on this screen. If you wish to cancel the tail command, press control-c and you should see your "#" prompt again.
      2. reboot or start up your macintosh G4, Blue-and-white Series G3 (or later) or iMac and hold down the "N" key while it starts.
      3. Continue to hold the N key until you see the screen change to show a grey background with a flashing blue marble. You should also notice dhcpd let you know about the macintosh that was requesting networking information from it.
      4. If everything works as expected, you may see the log of /var/log/daemon.log tell you an IP Address was assigned to the mac, the "Mac OS ROM" file (or MacOSROM file) is copied to the client over tftp, and then 3 requests and mount of AppleShare volumes. Once you see the first AppleShare mount, try looking back at your macintosh and see if it has started booting.
      5. How do you know if it has failed? There are a few key items. First, of your mac seems to hang and then later you see a flashing file folder in the middle of the screen, the net booting process has failed. The machine will eventually give up trying and then resort to trying to boot from its local Hard Disk.
      6. For some other thoughts on items on troubleshooting, try looking over the troubleshooting section below.
  • Troubleshooting: (This section will be reserved for problems encountered by people in their attempts to make netbooting work.)
    1. While holding down the "N" key at start, it pauses for a long time, and then I get a flashing folder, or globe icon, but no "smiling mac" icon: What to check:
      • Did the client get an IP Address from the DHCP Server? Check the logs of the DHCP Server and compare the date/time and MAC Address/ Ethernet Address of the netbooting client to the entries in the logs. If no entry, then server did not respond to alleged request, or was not running, or did not get the request. Use of a sniffer may be wise here. Miguel Berniz