Threaded Mode | Linear Mode

Viator · (This post was last modified: 2013-03-25 10:09 by Viator.)

(2013-03-23 22:02)mcb30 Wrote: Thanks for giving detailed descriptions of your configuration. Unfortunately, you haven't said what the actual problem is anywhere. What error are you seeing?

Michael

Hello Michael!

Sorry for not mention this "detail". I get an "Operation not permitted (http://ipxe.org/410de13c)" on the client.
http://ipxe.org/410de13c tells me to use the latest version, I've checked out the latest version of ipxe.

The clients starts up fine if no client certificate verification is used.
btw. my ca.cnf is exactly the one from http://ipxe.org/crypto with the exception of default_md = sha1 instead of default. This is due to that default did not work on the Version of OpenSSl which ships with Debian and md5 isn't recommended by OpenSSL.

Thank you.

Thorsten

Just to give my complete config: I use the following embedded script and boostrap.ipxe

*********************************************
#!ipxe

imgtrust --permanent

dhcp

isset ${proxydhcp/next-server} && set next-server ${proxydhcp/next-server}

initrd --name bootstrap https://${next-server}/bootstrap.ipxe || shell.
imgverify bootstrap https://${next-server}/bootstrap.ipxe.sig || shell

boot bootstrap
#shell
*********************************************

bootstrap:

*********************************************
#!ipxe

imgtrust --permanent

initrd --name loader https://${next-server}/${mac}/loader.iso || shell
imgverify loader https://${next-server}/${mac}/loader.sig || shell

initrd --name kernel https://${next-server}/memdisk || shell
imgverify kernel https://${next-server}/memdisk.sig || shell

boot kernel iso

*********************************************