sun.com   |  docs.sun.com
How To Buy  |  My Sun  |  Worldwide Sites
         
 
Sun Microsystems Logo
 Products and Services
 		 Support and Training
 
 
System Administration Guide: IP Services >> 10.  Administering DHCP (Task) >> Supporting Solaris Network Installation with the DHCP Service (Task Map) 

Previous Previous     Contents     Index     Next Next

ProcedureHow to Create Macros to Support Solaris Installation (DHCP Manager)

  1. Select the Macros tab in DHCP Manager.

  2. Choose Create from the Edit menu.

    The Create Macro dialog box opens.

  3. Type the name of a macro.

    See Table 10-5 for macro names you might use.

  4. Click the Select button.

    The Select Option dialog box opens.

  5. Select Vendor in the Category list.

    The Vendor options you created are listed.

  6. Select an option you want to add to the macro and click OK.

  7. Type a value for the option.

    See Table 10-4 for the option's data type and refer to the information reported by add_install_client -d.

  8. Repeat Step 6 through Step 7 for each option you want to include.

    To include another macro, type Include as the option name and type the macro name as the option value.

  9. Click OK when the macro is complete.

Supporting Remote Boot and Diskless Boot Clients (Task Map)

The Solaris DHCP service can support Solaris client systems that mount their operating system files remotely from another machine, called the OS server. Such clients are often called diskless clients. They can be thought of as persistent remote boot clients in that each time they boot, they must obtain the name and IP address of the server that hosts their operating system files, and then boot remotely from those files.

Each diskless client has its own root partition on the OS server, which is shared to the client host name. This means that the DHCP server must always return the same IP address to the client, and that address must remain mapped to the same host name in the name service (such as DNS). To accomplish this, each diskless client must be assigned a consistent IP address.

In addition to the IP address and host name, the DHCP server can supply a diskless client with all the information needed to locate its operating system files on the OS server. However, you must create options and macros that can be used to pass the information in a DHCP message packet.

The following task map lists the tasks required to support diskless clients or any other persistent remote boot clients, and includes links to procedures to help you carry them out.

Task

Description

Instructions

Set up OS services on a Solaris server.

Use the smosservice command to create operating system files for clients.

"Managing Diskless Client Support (Tasks)" in System Administration Guide: Basic Administration

Also see the smosservice man page.

Set up DHCP Service to support network boot clients

Use DHCP Manager or dhtadm to create new Vendor options and macros which the DHCP server can use to pass booting information to the clients.

Note that if you already created the options for network install clients, you need only create macros for the Vendor client types of the diskless clients.

Supporting Solaris Network Installation with the DHCP Service (Task Map)

Assign reserved IP addresses to the diskless clients.

Use DHCP Manager or pntadm to mark addresses reserved (or manual) for diskless clients.

Setting Up DHCP Clients for a Consistent IP Address

Set up diskless clients for OS service

Use the smdiskless command to add operating system support on the OS server for each client. Specify the IP addresses you reserved for each client.

"Managing Diskless Client Support (Tasks)" in System Administration Guide: Basic Administration

Also see the smdiskless man page

Assign reserved IP addresses to the diskless clients.

Use DHCP Manager or pntadm to mark addresses reserved (or manual) for diskless clients.

Setting Up DHCP Clients for a Consistent IP Address

Set up diskless clients for OS service

Use the smdiskless command to add operating system support on the OS server for each client. Specify the IP addresses you reserved for each client.

"Managing Diskless Client Support (Tasks)" in System Administration Guide: Basic Administration

Also see the smdiskless man page

Setting Up DHCP Clients as NIS+ Clients

You can use the NIS+ name service on Solaris systems that are DHCP clients, but to do so requires you to partially circumvent one of the security-enhancing features of NIS+ - the creation of DES credentials. When you set up a NIS+ client that is not using DHCP, you add unique DES credentials for the new NIS+ client system to the cred table on the NIS+ server. There are several ways to accomplish this, such as using the nisclient script or the nisaddcred command.

For DHCP clients, you cannot use these methods because they depend on a static host name to create and store the credentials. If you want to use NIS+ and DHCP, you must create identical credentials to be used for all the host names of DHCP clients. In this way, no matter what IP address (and associated host name) a DHCP client receives, it can use the same DES credentials.

Note - Before you do this, remember that NIS+ was designed with security in mind, and this procedure weakens that security because it allows random DHCP clients to receive NIS+ credentials.

The following procedure shows you how to create identical credentials for all DHCP host names. This procedure is only valid if you know the host names that DHCP clients will use, such as when the host names are generated by the DHCP server.

ProcedureHow to Set Up Solaris DHCP Clients as NIS+ Clients

A DHCP client workstation that is to be a NIS+ client must use credentials copied from another NIS+ client workstation in the NIS+ domain. This procedure only produces credentials for the workstation, which apply only to the superuser logged in to the workstation. Other users logged in to the DHCP client workstation must have their own unique credentials in the NIS+ server, created according to the procedure in the System Administration Guide: Naming and Directory Services (FNS and NIS+).

  1. Type the following command on the NIS+ server to write the cred table entry for the NIS+ client to a temporary file.

    # nisgrep nisplus-client-name cred.org_dir > /tmp/file

  2. View the contents of the temporary file so you can copy the credentials and use them to create credentials for DHCP clients.

    You must copy the public key and private key, which are long strings of numbers and letters separated by colons.

  3. Type the following commands to add credentials for a DHCP client. Copy the public and private key information from the temporary file.

    # nistbladm -a cname=" dhcp-client-name@nisplus-domain" auth_type=DES \
auth_name="unix.dhcp-client-name@nisplus-domain" \
public_data=copied-public-data \ 
private_data=copied-private-data

  4. Type the following commands on each DHCP client system to remote copy NIS+ client files to the DHCP client system. 

    # rcp nisplus-client-name:/var/nis/NIS_COLD_START /var/nis
# rcp nisplus-client-name:/etc/.rootkey /etc
# rcp nisplus-client-name:/etc/defaultdomain /etc

    If you get a "permission denied" message, the systems may not be set up to allow remote copying. You can copy the files as a regular user to an intermediate location and then copy them to the proper location as root on the DHCP client systems.

  5. Type the following command on the DHCP client system to use the correct name service switch file for NIS+:

    # cp /etc/nsswitch.nisplus /etc/nsswitch.conf

  6. Reboot the DHCP client system.

    The DHCP client system should now be able to use NIS+ services.

Example - Setting up a Solaris DHCP Client as an NIS+ Client

The following example assumes that you have one workstation, nisei, which is a NIS+ client in the NIS+ domain dev.example.net, and one DHCP client, dhow, that you want to be a NIS+ client. 

(first log in as root on the NIS+ server)
# nisgrep nisei cred.org_dir > /tmp/nisei-cred
# cat /tmp/nisei-cred
nisei.dev.example.net.:DES:unix.nisei@dev.example.net:46199279911a84045b8e0
c76822179138173a20edbd8eab4:90f2e2bb6ffe7e3547346dda624ec4c7f0fe1d5f37e21cff63830
c05bc1c724b
# nistbladm -a cname="dhow@dev.example.net." \
auth_type=DES auth_name="unix.dhow@dev.example.net" \
public_data=46199279911a84045b8e0c76822179138173a20edbd8eab4 \
private_data=90f2e2bb6ffe7e3547346dda624ec4c7f0fe1d5f37e21cff63830\
c05bc1c724b
# rlogin dhow
(log in as root on dhow)
# rcp nisei:/var/nis/NIS_COLD_START /var/nis
# rcp nisei:/etc/.rootkey /etc
# rcp nisei:/etc/defaultdomain /etc
# cp /etc/nsswitch.nisplus /etc/nsswitch.conf
# reboot

The DHCP client system dhow should now be able to use NIS+ services.

Previous Previous     Contents     Index     Next Next
 
Copyright 1994-2002 Sun Microsystems