Gene Cumm
2014-Mar-07 10:49 UTC
[syslinux] Cannot chain to another PXE server on the same subnet
On Fri, Mar 7, 2014 at 2:33 AM, Vieri <rentorbuy at yahoo.com> wrote:> So I take it it's more of a DHCP hack in which: > 1- client boots and gets DHCP response from 10.215.144.7 with PXE syslinux info > 2- client loads pxelinux.0 menu and selects menu that chains to Altiris PXE menu except, instead of calling pxechain.com or pxechn.c32 with the Altiris server's IP address, the client should "re-netboot" but this time, the DHCP server at 10.215.144.7 should not include any PXE information at all for this particular client/MAC, so Altiris can kick in. > > I don't know how to do this but is this basically what you're suggesting?1) Thinking about the responses again, I'm absolutely surprised that you can even boot PXELINUX. I would have expected the response from the Altiris server to override your attempts to block it. 2) There's at least one more thing we can try, a very long option 43. Either use the text-decimal tcpdump or a tool that can read the pcap (like Wireshark) and create a single large colon-separated string representation of the 3 option 43 values (should be over 1200 characters long, 3 times total length minus 1). Using wireshark and right-clicking on each option 43 instance, copy, bytes, as hexstream, and leaving the option 255s in I get: 01:04:e0:01:01:03:02:02:de:06:03:02:df:06:04:01:01:05:01:01:06:01:0b:08:70:aa:aa:01:0a:d7:90:3c:00:a0:01:0a:d7:90:3c:00:81:01:0a:d7:90:3c:00:a1:01:0a:d7:90:3c:00:a2:01:0a:d7:90:3c:00:a4:01:0a:d7:90:3c:00:a5:01:0a:d7:90:3c:00:a6:01:0a:d7:90:3c:00:a7:01:0a:d7:90:3c:00:a8:01:0a:d7:90:3c:00:a9:01:0a:d7:90:3c:00:aa:01:0a:d7:90:3c:00:ab:01:0a:d7:90:3c:00:ac:01:0a:d7:90:3c:00:83:01:0a:d7:90:3c:bb:bb:01:0a:d7:90:3c:ff:09:cb:00:00:16:4e:65:78:74:20:44:65:76:69:63:65:20:28:42:49:4f:53:2f:45:46:49:29:00:a0:0c:55:62:75:6e:74:75:4e:65:74:78:38:36:00:81:08:44:4f:53:20:55:4e:44:49:00:a1:0c:48:50:20:64:63:37:38:30:30:53:46:46:00:a2:0b:44:65:6c:6c:20:4f:70:74:33:36:30:00:a4:0b:47:58:35:32:30:26:47:58:36:32:30:00:a5:16:42:72:6f:61:64:4e:65:74:58:74:72:65:6d:65:20:49:49:20:47:69:67:61:00:a6:11:44:65:6c:6c:4f:70:74:47:58:36:30:20:45:31:30:30:62:00:a7:0e:44:72:61:67:65:72:20:52:54:4c:38:31:33:39:00:a8:05:6c:69:6e:75:78:00:aa:06:76:6d:77:61:72:65:00:ab:0a:48:50:38:30:30:30:45:53:46:46:00:ac:06:44:65:6c:6c:50:45:00:83:05:57:69:6e:50:45:0a:2e:05:50:72:65:73:73:20:5b:46:38:5d:20:74:6f:20:53:65:6c:65:63:74:20:61:20:62:6f:6f:74:20:6f:70:74:69:6f:6e:3a:20:49:4e:46:2d:56:4d:2d:44:53:ff:47:04:00:00:00:00:e0:02:00:00:ff So try "-o 43.x=<above-string>" on the append line. If that doesn't work, strip the two "ff"s in the middle. Otherwise, this is going to need rework for the pack/unpack and pxechn.c32 -- -Gene
Vieri
2014-Mar-07 13:09 UTC
[syslinux] Cannot chain to another PXE server on the same subnet
----- Original Message ----- From: Gene Cumm <gene.cumm at gmail.com>> 2) There's at least one more thing we can try, a very long option 43.To sum it all up I tried the following APPEND combinations with 'COM32 pxechn.c32' and all yield the same error message. ??? APPEND 10.215.144.60::/BStrap/x86pc/BStrap.0 ??? APPEND 10.215.144.60::/BStrap/x86pc/BStrap.0 -W ??? APPEND 10.215.144.60::/BStrap/x86pc/BStrap.0 -W -o 43.x=01:04:0a:d7:90:3c:ff ??? APPEND 10.215.144.60::Bstrap/X86PC/BStrap.0 -W -o 43.x=01:04:e0:01:01:03:02:02:de:06:03:02:df:06:04:01:01:05:01:01:06:01:0b:08:70:aa:aa:01:0a:d7:90:3c:00:a0:01:0a:d7:90:3c:00:81:01:0a:d7:90:3c:00:a1:01:0a:d7:90:3c:00:a2:01:0a:d7:90:3c:00:a4:01:0a:d7:90:3c:00:a5:01:0a:d7:90:3c:00:a6:01:0a:d7:90:3c:00:a7:01:0a:d7:90:3c:00:a8:01:0a:d7:90:3c:00:a9:01:0a:d7:90:3c:00:aa:01:0a:d7:90:3c:00:ab:01:0a:d7:90:3c:00:ac:01:0a:d7:90:3c:00:83:01:0a:d7:90:3c:bb:bb:01:0a:d7:90:3c:ff:09:cb:00:00:16:4e:65:78:74:20:44:65:76:69:63:65:20:28:42:49:4f:53:2f:45:46:49:29:00:a0:0c:55:62:75:6e:74:75:4e:65:74:78:38:36:00:81:08:44:4f:53:20:55:4e:44:49:00:a1:0c:48:50:20:64:63:37:38:30:30:53:46:46:00:a2:0b:44:65:6c:6c:20:4f:70:74:33:36:30:00:a4:0b:47:58:35:32:30:26:47:58:36:32:30:00:a5:16:42:72:6f:61:64:4e:65:74:58:74:72:65:6d:65:20:49:49:20:47:69:67:61:00:a6:11:44:65:6c:6c:4f:70:74:47:58:36:30:20:45:31:30:30:62:00:a7:0e:44:72:61:67:65:72:20:52:54:4c:38:31:33:39:00:a8:05:6c:69:6e:75:78:00:aa:06:76:6d:77:61:72:65:00:ab:0a:48:50:38:30:3 0:30:45:53:46:46:00:ac:06:44:65:6c:6c:50:45:00:83:05:57:69:6e:50:45:0a:2e:05:50:72:65:73:73:20:5b:46:38:5d:20:74:6f:20:53:65:6c:65:63:74:20:61:20:62:6f:6f:74:20:6f:70:74:69:6f:6e:3a:20:49:4e:46:2d:56:4d:2d:44:53:ff:47:04:00:00:00:00:e0:02:00:00:ff ??? APPEND 10.215.144.60::Bstrap/X86PC/BStrap.0 -W -o 43.x=01:04:e0:01:01:03:02:02:de:06:03:02:df:06:04:01:01:05:01:01:06:01:0b:08:70:aa:aa:01:0a:d7:90:3c:00:a0:01:0a:d7:90:3c:00:81:01:0a:d7:90:3c:00:a1:01:0a:d7:90:3c:00:a2:01:0a:d7:90:3c:00:a4:01:0a:d7:90:3c:00:a5:01:0a:d7:90:3c:00:a6:01:0a:d7:90:3c:00:a7:01:0a:d7:90:3c:00:a8:01:0a:d7:90:3c:00:a9:01:0a:d7:90:3c:00:aa:01:0a:d7:90:3c:00:ab:01:0a:d7:90:3c:00:ac:01:0a:d7:90:3c:00:83:01:0a:d7:90:3c:bb:bb:01:0a:d7:90:3c:09:cb:00:00:16:4e:65:78:74:20:44:65:76:69:63:65:20:28:42:49:4f:53:2f:45:46:49:29:00:a0:0c:55:62:75:6e:74:75:4e:65:74:78:38:36:00:81:08:44:4f:53:20:55:4e:44:49:00:a1:0c:48:50:20:64:63:37:38:30:30:53:46:46:00:a2:0b:44:65:6c:6c:20:4f:70:74:33:36:30:00:a4:0b:47:58:35:32:30:26:47:58:36:32:30:00:a5:16:42:72:6f:61:64:4e:65:74:58:74:72:65:6d:65:20:49:49:20:47:69:67:61:00:a6:11:44:65:6c:6c:4f:70:74:47:58:36:30:20:45:31:30:30:62:00:a7:0e:44:72:61:67:65:72:20:52:54:4c:38:31:33:39:00:a8:05:6c:69:6e:75:78:00:aa:06:76:6d:77:61:72:65:00:ab:0a:48:50:38:30:30:3 0:45:53:46:46:00:ac:06:44:65:6c:6c:50:45:00:83:05:57:69:6e:50:45:0a:2e:05:50:72:65:73:73:20:5b:46:38:5d:20:74:6f:20:53:65:6c:65:63:74:20:61:20:62:6f:6f:74:20:6f:70:74:69:6f:6e:3a:20:49:4e:46:2d:56:4d:2d:44:53:47:04:00:00:00:00:e0:02:00:00:ff ??? APPEND 10.215.144.60::Bstrap/X86PC/BStrap.0 -o 43.x=01:04:e0:01:01:03:02:02:de:06:03:02:df:06:04:01:01:05:01:01:06:01:0b:08:70:aa:aa:01:0a:d7:90:3c:00:a0:01:0a:d7:90:3c:00:81:01:0a:d7:90:3c:00:a1:01:0a:d7:90:3c:00:a2:01:0a:d7:90:3c:00:a4:01:0a:d7:90:3c:00:a5:01:0a:d7:90:3c:00:a6:01:0a:d7:90:3c:00:a7:01:0a:d7:90:3c:00:a8:01:0a:d7:90:3c:00:a9:01:0a:d7:90:3c:00:aa:01:0a:d7:90:3c:00:ab:01:0a:d7:90:3c:00:ac:01:0a:d7:90:3c:00:83:01:0a:d7:90:3c:bb:bb:01:0a:d7:90:3c:ff:09:cb:00:00:16:4e:65:78:74:20:44:65:76:69:63:65:20:28:42:49:4f:53:2f:45:46:49:29:00:a0:0c:55:62:75:6e:74:75:4e:65:74:78:38:36:00:81:08:44:4f:53:20:55:4e:44:49:00:a1:0c:48:50:20:64:63:37:38:30:30:53:46:46:00:a2:0b:44:65:6c:6c:20:4f:70:74:33:36:30:00:a4:0b:47:58:35:32:30:26:47:58:36:32:30:00:a5:16:42:72:6f:61:64:4e:65:74:58:74:72:65:6d:65:20:49:49:20:47:69:67:61:00:a6:11:44:65:6c:6c:4f:70:74:47:58:36:30:20:45:31:30:30:62:00:a7:0e:44:72:61:67:65:72:20:52:54:4c:38:31:33:39:00:a8:05:6c:69:6e:75:78:00:aa:06:76:6d:77:61:72:65:00:ab:0a:48:50:38:30:3 0:30:45:53:46:46:00:ac:06:44:65:6c:6c:50:45:00:83:05:57:69:6e:50:45:0a:2e:05:50:72:65:73:73:20:5b:46:38:5d:20:74:6f:20:53:65:6c:65:63:74:20:61:20:62:6f:6f:74:20:6f:70:74:69:6f:6e:3a:20:49:4e:46:2d:56:4d:2d:44:53:ff:47:04:00:00:00:00:e0:02:00:00:ff ??? APPEND 10.215.144.60::Bstrap/X86PC/BStrap.0 -o 43.x=01:04:e0:01:01:03:02:02:de:06:03:02:df:06:04:01:01:05:01:01:06:01:0b:08:70:aa:aa:01:0a:d7:90:3c:00:a0:01:0a:d7:90:3c:00:81:01:0a:d7:90:3c:00:a1:01:0a:d7:90:3c:00:a2:01:0a:d7:90:3c:00:a4:01:0a:d7:90:3c:00:a5:01:0a:d7:90:3c:00:a6:01:0a:d7:90:3c:00:a7:01:0a:d7:90:3c:00:a8:01:0a:d7:90:3c:00:a9:01:0a:d7:90:3c:00:aa:01:0a:d7:90:3c:00:ab:01:0a:d7:90:3c:00:ac:01:0a:d7:90:3c:00:83:01:0a:d7:90:3c:bb:bb:01:0a:d7:90:3c:09:cb:00:00:16:4e:65:78:74:20:44:65:76:69:63:65:20:28:42:49:4f:53:2f:45:46:49:29:00:a0:0c:55:62:75:6e:74:75:4e:65:74:78:38:36:00:81:08:44:4f:53:20:55:4e:44:49:00:a1:0c:48:50:20:64:63:37:38:30:30:53:46:46:00:a2:0b:44:65:6c:6c:20:4f:70:74:33:36:30:00:a4:0b:47:58:35:32:30:26:47:58:36:32:30:00:a5:16:42:72:6f:61:64:4e:65:74:58:74:72:65:6d:65:20:49:49:20:47:69:67:61:00:a6:11:44:65:6c:6c:4f:70:74:47:58:36:30:20:45:31:30:30:62:00:a7:0e:44:72:61:67:65:72:20:52:54:4c:38:31:33:39:00:a8:05:6c:69:6e:75:78:00:aa:06:76:6d:77:61:72:65:00:ab:0a:48:50:38:30:30:3 0:45:53:46:46:00:ac:06:44:65:6c:6c:50:45:00:83:05:57:69:6e:50:45:0a:2e:05:50:72:65:73:73:20:5b:46:38:5d:20:74:6f:20:53:65:6c:65:63:74:20:61:20:62:6f:6f:74:20:6f:70:74:69:6f:6e:3a:20:49:4e:46:2d:56:4d:2d:44:53:47:04:00:00:00:00:e0:02:00:00:ff Thanks for your time. Vieri
Vieri
2014-Mar-07 13:35 UTC
[syslinux] Cannot chain to another PXE server on the same subnet
There's still something I don't quite grasp. I modified my dhcp.conf file at 10.215.144.7 just for kicks: ? class "pxeclient" { ??? match if substring(option vendor-class-identifier, 0, 9) = "PXEClient"; ??? vendor-option-space PXE; ??? option PXE.mtftp-ip 0.0.0.0; ??? next-server 10.215.144.60; ??? filename "Bstrap/X86PC/BStrap.0"; ? } I also set the Altiris server just like in the screenshot below: http://h30499.www3.hp.com/t5/image/serverpage/image-id/16553i5049E63425185BC0/image-size/original?v=mpbl-1&px=-1 Since it's set to "no dhcp server installed on PXE server" then I'm guessing Altiris will not try to override anything and that it will know that DHCP is done by another host at a different IP address. Anyway, I was expecting to PXE boot the Altiris menu correctly but it didn't. It still gave me the same error as in my first post. As if my dhcp config were lacking necessary data for Altiris... The only way I can correctly boot from Altiris is by removing the class "pxeclient" at 10.215.144.7 __no matter__ which "DHCP discovery" option I set on the Altiris server (see options in above screenshot). That's something that leaves me puzzled. Vieri
Jeffrey Hutzelman
2014-Mar-07 21:00 UTC
[syslinux] Cannot chain to another PXE server on the same subnet
On Fri, 2014-03-07 at 05:49 -0500, Gene Cumm wrote:> On Fri, Mar 7, 2014 at 2:33 AM, Vieri <rentorbuy at yahoo.com> wrote: > > > So I take it it's more of a DHCP hack in which: > > 1- client boots and gets DHCP response from 10.215.144.7 with PXE syslinux info > > 2- client loads pxelinux.0 menu and selects menu that chains to Altiris PXE menu except, instead of calling pxechain.com or pxechn.c32 with the Altiris server's IP address, the client should "re-netboot" but this time, the DHCP server at 10.215.144.7 should not include any PXE information at all for this particular client/MAC, so Altiris can kick in. > > > > I don't know how to do this but is this basically what you're suggesting? > > 1) Thinking about the responses again, I'm absolutely surprised that > you can even boot PXELINUX. I would have expected the response from > the Altiris server to override your attempts to block it.Nope. The PXE spec explicitly requires that a PXE response from the "real" DHCP server be given precedence.> 2) There's at least one more thing we can try, a very long option 43. > Either use the text-decimal tcpdump or a tool that can read the pcap > (like Wireshark) and create a single large colon-separated string > representation of the 3 option 43 values (should be over 1200 > characters long, 3 times total length minus 1).Oh, hm. That might work, at least experimentally. If it does (and maybe even if not), it might be interesting in the future to provide the ability to add/remove/replace individual vendor-encapsulated suboptions. Unfortunately, from what documentation I could find, the Altiris server generates its menu dynamically and makes no promise about what the item "types" will be. The boot item type appearing the menu will be sent by bstrap.0 in its next request, and must match one actually known to the Altiris server in order for it to provide correct boot responses. What that means is that any time you change anything about the Altiris menu, the option 43 embedded in your pxelinux config will become out of date. :-( Also, to get actually booting one of the Altiris menu items to work, you _may_ need to change your main DHCP server configuration so that it does not send a PXE response at all if the client sends PXE.pxe-boot-item other than (0 0). I can't recall whether the client will send a broadcast request in this case or a unicast to the selected server; in the latter case, of course, the main DHCP config won't matter at that point. -- Jeff
Gene Cumm
2014-Mar-07 22:46 UTC
[syslinux] Cannot chain to another PXE server on the same subnet
On Fri, Mar 7, 2014 at 4:00 PM, Jeffrey Hutzelman <jhutz at cmu.edu> wrote:> On Fri, 2014-03-07 at 05:49 -0500, Gene Cumm wrote:>> 1) Thinking about the responses again, I'm absolutely surprised that >> you can even boot PXELINUX. I would have expected the response from >> the Altiris server to override your attempts to block it. > > Nope. The PXE spec explicitly requires that a PXE response from the > "real" DHCP server be given precedence.So PXE from DHCP, PXE from PXE and file/sname from DHCP is the order of precedence. -- -Gene
Maybe Matching Threads
- Cannot chain to another PXE server on the same subnet
- Cannot chain to another PXE server on the same subnet
- Cannot chain to another PXE server on the same subnet
- Cannot chain to another PXE server on the same subnet
- Cannot chain to another PXE server on the same subnet