PXE: Not Just for Server Networks Anymore!
to get the likewise package. After that, I had to get the Ubuntu server to “join” the Windows domain. I did this by running:
sudo domainjoin-cli join <fqdn.mydomain.com> <DomainAdminUID>
I wanted likewise to run when the machine boots, so I issued a:
sudo update-rc.d likewise-open defaults
I also wanted the logins to be checked against the default domain, so I added the following line to the /etc/samba/lwiauthd.conf file:
winbind use default domain = yes
Finally, I started the likewise-open dæmon using:
sudo /etc/init.d/likewise-open start
Now, my PXE LTSP clients could authenticate against the corporate Active Directory. Step one of the mission was complete!
The next step in my PXE adventures came when I was told I needed to refresh about 30 laptops with fresh builds of Windows. The method the previous Windows staff used to install Windows was through imaging the machine. Unfortunately, I could not locate the image files that had been used previously. Due to the issues and time constraints involved with trying to redevelop valid images for each hardware platform we had, I elected to do unattended installations of Windows.
I knew Windows included Remote Installation Service (RIS), but because I was in a time crunch, I was reluctant to learn a completely new technology. However, there was another option: Unattended, an open-source project. I'd found the Unattended project about a year earlier, and although I'd dabbled with it in my home lab, I'd never tried it in a corporate environment. Like many Linux administrators, I hear “Windows” and I cringe, but because I was tasked with this, I figured I'd do my best to make sense of the Windows install process, as well as get some repeatability and understanding out of it.
Unattended relies on the fact that the first step of the Windows 2000/XP installer is essentially a DOS program. What happens when a machine is PXE booted to an Unattended install is a little convoluted, but it allows for great flexibility. Basically, the machine boots to a Linux kernel and shell, where some scripts provided by Unattended step in. The script partitions the system's disk and creates a basic FAT filesystem, and then it walks you through some menus where you can make choices as to the OS type (if you've set up Unattended with different Microsoft OS flavors), installation options and optional software you may have packaged. You're asked all the questions for a particular installation up front, including the CD Key, User Name, workgroup or domain to join, and administrative users. The Unattended scripts automatically digest all of this and create an unattend.txt file, which is dropped on the newly created FAT filesystem. Then, a FreeDOS session is started, and the Windows installer and OS bits are copied from a Samba share on the Unattended server, and then the installer is launched using the unattend.txt file. At this point, the installation is hands-off and proceeds without administrator intervention. The Unattended team has even gone so far as to create custom scripts that can install other pieces of software you may want to add to your configuration (automated VPN or Microsoft Office, for example).
Because there is no packaged install for Unattended, and the install process is quite different from the standard ./configure && make install, I sat down for a bit and read the documentation on the site. Basically, the Unattended system leverages PXE and Linux as stated above, plus Samba for the distribution of the installation bits, and a bunch of Perl, shell and batch scripts to do a lot of the installation “magic”.
The documentation asks that you have a working DHCP and DNS server, as well as a Samba server. I had the DHCP and DNS figured out for the LTSP server, so as per the step-by-step documentation, a sudo apt-get install samba got the Samba server installed. Next, I downloaded the Unattended distribution from the Web site and unpacked it in /opt/unattended. Then, I created a CNAME record on our DNS server that pointed ntinstall to the real hostname of the installation server. I then configured the Samba server with the following share information in /etc/samba/smb.conf:
[global] ... guest account = guest unix extensions = off ... [install] comment = Unattended writable = no locking = no path = /path/to/unattended/install guest ok = yes
Finally, it was time to populate the OS distribution point with the Windows bits. This is done by creating a directory under the <unattended root>/install/os directory for whatever flavor of Windows you choose to install. In my case, I created an /opt/unattended/install/os/winxp directory and mounted that directory via Samba on my desktop. Then, I dropped the Windows installation media into the CD drive on my desktop and copied the /i386 directory from the CD to the /install/os/winxp share on the server. Now my Unattended server was, in theory, ready to install a system...except there was no way to select the Unattended install from a boot menu.
Here's where Kyle's article helped out again. What I needed was a PXE boot menu, and thanks to his article, I was able to whip up one in fairly short order. I had to take the bzImage and initrd files out of the tftpboot directory in the linuxboot zip file on the Unattended site and place them in the /var/lib/tftpboot/ltsp/i386/ directory (I renamed the bzImage to unat and the intird to unatin.img to help distinguish them better).
Then, I created a /var/lib/tftpboot/ltsp/i386/pxelinux.cfg/default file (Listing 1) on the server, containing a combination of the syslinux boot arguments from the LTSP server and the Unattended server's configurations. Note the DISPLAY and LABEL directives. The DISPLAY directive states that when the machine boots you see the file pxemenu.msg displayed on the screen. This contains the text of the menu. The LABEL directive is what you type to boot a particular menu option. In this case, if I type “1”, I get the Ubuntu LTSP session (this is also the default), and if I type “2”, I get the Unattended Windows install.
Bill Childers is the Virtual Editor for Linux Journal. No one really knows what that means.
|Android Candy: Copay—the Next-Generation Bitcoin Wallet||Sep 03, 2015|
|The True Internet of Things||Sep 02, 2015|
|September 2015 Issue of Linux Journal: HOW-TOs||Sep 01, 2015|
|September 2015 Video Preview||Sep 01, 2015|
|Using tshark to Watch and Inspect Network Traffic||Aug 31, 2015|
|Where's That Pesky Hidden Word?||Aug 28, 2015|
- The True Internet of Things
- Using tshark to Watch and Inspect Network Traffic
- Android Candy: Copay—the Next-Generation Bitcoin Wallet
- Problems with Ubuntu's Software Center and How Canonical Plans to Fix Them
- September 2015 Issue of Linux Journal: HOW-TOs
- Firefox Security Exploit Targets Linux Users and Web Developers
- Concerning Containers' Connections: on Docker Networking
- Where's That Pesky Hidden Word?
- A Project to Guarantee Better Security for Open-Source Projects
- My Network Go-Bag