Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
appnotes:authmenus [2009/02/25 13:31]
mcb30
appnotes:authmenus [2013/03/04 15:34] (current)
genec Fix cmd.c32 -> gpxecmd.c32
Line 13: Line 13:
     SSLRequireSSL     SSLRequireSSL
  
-and a file "boot.php" ​containing+You must choose between being able to load vesamenu.c32 directly ​and loading the current version of vesamenu.c32. 
 +==== vesamenu.c32 current ==== 
 +The current version of vesamenu.c32 can not be loaded directly from gPXE and requires PXELINUX as an intermediate layer. ​ You will need two PHP files, ​a boot.php containing
  
-    ​<?php +  ​<?php 
-     +   
-    header ( "​Content-type:​ text/​plain"​ ); +  header ( "​Content-type:​ text/​plain"​ ); 
-     +  echo "#​!gpxe\n";​ 
-    echo "#​!gpxe\n";​ +   
-    echo "​imgfree\n";​ +  $proto = "​https";​ 
-    echo "​login\n";​ +  // Comment out/remove the following if strictly using HTTPS 
-    echo "kernel -menu ". +  if (!isset($_SERVER["​HTTPS"​])) 
-          "https://​\${username:​uristring}:​\${password:​uristring}@"​. +    ​$proto = "​http";​ 
-          $_SERVER["SERVER_NAME"]+   
-          ​dirname ​$_SERVER["REQUEST_URI"). +  // This assigns the host that gPXE should use using the most logical variables 
-          "/vesamenu.c32 menu.php\n";​ +  if ( $_SERVER["​HTTP_HOST"​] != ""​ ) { 
-    ​echo ​"boot menu\n";​ +    ​$host=$_SERVER["​HTTP_HOST"​];​ 
-    ?>+  } else { 
 +    if ( $_SERVER["​SERVER_NAME"​] != 0) { 
 +  $host=$_SERVER["​SERVER_NAME"​];​ 
 +    } else { 
 +  $host=$_SERVER["​SERVER_ADDR"​];​ 
 +    } 
 +  } 
 +   
 +  // Comment out/remove the following if you are running on a standard port 
 +  if (!((! isset($_SERVER["​HTTPS"​]) ) && ($_SERVER["​SERVER_PORT"​] == 80)) 
 +    && !(isset($_SERVER["​HTTPS"​]) && ($_SERVER["​SERVER_PORT"​] == 443)) ){ 
 +      if (strrpos($host,​ ":"​) == FALSE) 
 +        $host=$host.":"​.$_SERVER["​SERVER_PORT"​];​ 
 +  } 
 +   
 +  $uri=$_SERVER["​REQUEST_URI"​];​ 
 +  $dir=substr ( $uri, 0, strrpos ($uri, "/"​) + 1); 
 +   
 +  ​echo "#​!gpxe\n";​ 
 +  echo "​imgfree\n";​ 
 +  echo "​login\n";​ 
 +  echo "set 209:string bootcfg.php\n"; 
 +  echo "set 210:​string ​". 
 +       $proto."://​\${username:​uristring}:​\${password:​uristring}@"​. 
 +       ​$host.$dir."\n"
 +  echo "chain \${210:​string}pxelinux.0\n"; 
 +  ?>​ 
 + 
 +and a bootcfg.php containing 
 + 
 +  <?php 
 +   
 +  header ​( "Content-type:​ text/plain" ); 
 +   
 +  echo "UI runmenu\n\n";​ 
 +  echo "LABEL runmenu\n";​ 
 +  echo "​COM32 ​vesamenu.c32\n"; 
 +  echo "​APPEND ​menu.php\n";​ 
 +  ?>​ 
 + 
 +Selecting this method will require that you use gpxecmd.c32 to execute gPXE commands and scripts. 
 +==== vesamenu.c32 directly ==== 
 +You will need a file "boot.php" containing 
 + 
 +  <?php 
 +   
 +  header ( "​Content-type:​ text/​plain"​ ); 
 +   
 +  $uri=$_SERVER["​REQUEST_URI"​];​ 
 +  $dir=substr ( $uri, 0, strrpos ($uri, "/"​) + 1); 
 +   
 +  echo "#​!gpxe\n";​ 
 +  echo "​imgfree\n";​ 
 +  echo "​login\n";​ 
 +  echo "chain ". 
 +       "​https://​\${username:​uristring}:​\${password:​uristring}@"​. 
 +       ​$_SERVER["​HTTP_HOST"​].$dir. 
 +       "​vesamenu.c32 ​menu.php\n"; 
 +  ?> 
 + 
 +In order to use vesamenu.c32 directly from gPXE, you must use Syslinux-3.86 from [[http://​www.kernel.org/​pub/​linux/​utils/​boot/​syslinux/​3.xx/​]] and not the latest version.
  
 +==== Setup part 1 continued ====
 Configure your DHCP server to hand out //​boot.php//​ as the boot file, using something like (for ISC dhcpd)((If you are using PXE-chaining,​ you may want to investigate the various methods for avoiding infinite loops described in the [[:​pxechaining|PXE chainloading]] HowTo.)): Configure your DHCP server to hand out //​boot.php//​ as the boot file, using something like (for ISC dhcpd)((If you are using PXE-chaining,​ you may want to investigate the various methods for avoiding infinite loops described in the [[:​pxechaining|PXE chainloading]] HowTo.)):
  
     filename "​https://​my.web.server/​boot/​boot.php";​     filename "​https://​my.web.server/​boot/​boot.php";​
  
-Download the latest //​syslinux//​ tarball from [[http://​www.kernel.org/​pub/​linux/​utils/​boot/​syslinux/​]] and build it.  Copy the files //​com32/​menu/​vesamenu.c32//​ and //​com32/​modules/​cmd.c32//((At the time of writing, //cmd.c32// is not yet integrated into a //​syslinux//​ release; you will need to apply the patch from [[http://​rom.etherboot.org/​share/​mcb30/​syslinux-cmd.patch]] before building //​syslinux//,​ or just grab the prebuilt //cmd.c32// binary from [[http://​rom.etherboot.org/​share/​mcb30/​cmd.c32]].)) ​into the "​boot"​ directory on the web server.+Download the latest //​syslinux//​ tarball from [[http://​www.kernel.org/​pub/​linux/​utils/​boot/​syslinux/​]] and extract ​it.  Copy the files //​com32/​menu/​vesamenu.c32//​ and //​com32/​modules/​gpxecmd.c32// into the "​boot"​ directory on the web server.
  
 ===== Setup (interesting part) ===== ===== Setup (interesting part) =====
Line 71: Line 134:
     function sanboot ( $label, $root_path ) {     function sanboot ( $label, $root_path ) {
       label ( $label );       label ( $label );
-      echo " ​ kernel ​cmd.c32\n";​+      echo " ​ kernel ​gpxecmd.c32\n";​
       echo " ​ append sanboot "​.$root_path."​\n";​       echo " ​ append sanboot "​.$root_path."​\n";​
       echo "​\n";​       echo "​\n";​
Line 172: Line 235:
     label item1     label item1
       menu label ^1 MS-DOS 6.22       menu label ^1 MS-DOS 6.22
-      kernel ​cmd.c32+      kernel ​gpxecmd.c32
       append sanboot iscsi:​chipmunk.tuntap::::​iqn.2007-07.chipmunk:​msdos622       append sanboot iscsi:​chipmunk.tuntap::::​iqn.2007-07.chipmunk:​msdos622
     ​     ​
     label item2     label item2
       menu label ^2 Windows 2k3       menu label ^2 Windows 2k3
-      kernel ​cmd.c32+      kernel ​gpxecmd.c32
       append sanboot iscsi:​chipmunk.tuntap::::​iqn.2007-07.chipmunk:​win2k3       append sanboot iscsi:​chipmunk.tuntap::::​iqn.2007-07.chipmunk:​win2k3
     ​     ​
Line 201: Line 264:
  
   * //​DefaultPassword//​ - set to password from iBFT   * //​DefaultPassword//​ - set to password from iBFT
- 
- 
  
   * //​AutoAdminLogon//​ - set to 1   * //​AutoAdminLogon//​ - set to 1
  
-  * //​AutoLogonCount//​ - set to 1, so that Windows erases((Hopefully Windows will erase the credentials. ​ If it doesn'​t then this single sign-on approach would be a really bad idea, since the //​Winlogon//​ key is by default readable by all users on the system.)) the credentials from the registry as soon as they have been used+  * //​AutoLogonCount//​ - set to 1, so that Windows erases((Hopefully Windows will erase the credentials. ​ If it doesn'​t then this single sign-on approach would be a really bad idea, since the //​Winlogon//​ key is by default readable by all users on the system.)) the credentials from the registry as soon as they have been used.
  
 +Note that Windows imposes a minimum password length of 12 characters, and a maximum of 16 characters, for iSCSI authentication;​ this scheme will silently break unless your password policy enforces an appropriate min/max password length of 12<​-->​16 characters.

QR Code
QR Code appnotes:authmenus (generated for current page)