-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Patrick J. LoPresti wrote:
| [EMAIL PROTECTED] writes:
|
| What I've investigated yet: ANI uses DHCP to pass basic
| options, unattended doesn't. But I guess that's not all.
|
|
| Actually, you can use DHCP option 233 to pass configuration data to
| Unattended. This is mentioned very briefly in the FAQ
| (http://unattended.sourceforge.net/faq.html#linux). It is a simple
| string of options, like this:
|
| z_user=DOM\myuser z_pass=sekrit z_path=//server/install
I didn't know it. Thanx for the correction.
|
| yes, that definetly needs to be explained somewhere, now that c't
| did an article about Unattended, we're getting also a lot more
| traffic from supposedly more people with your question and we
| will put the answer in a FAQ list.
|
|
| Our lists have received a flood of subscriptions from .de this week
| (Willkommen!).
great! my favorite dictionary (german/english) is http://dict.leo.org.
what is yours?
|
| Has anybody actually tried both systems in production? I think
| that would provide the most useful comparison.
I guess Carsten has some experience with both systems (@carsten:
???). He has had a big part in ANI developpement.
| upports user defined DHCP options to pass basic options (that
| results in a maintenance-free bootmedia) and DHCP-Userclasses,
| usefull to serve different client- or domain-types even in the
| same subnet.
|
|
| What do you mean by DHCP Userclasses? Our boot disk sends
| Unattended as the DHCP user class option (DHCP code 77, defined
| by http://www.faqs.org/rfcs/rfc3004.html), which allows the DHCP
| server to distinguish our boot disk's leases from other leases.
That is exact what I meant. We use DHCP user classes e.g to allow
clients to join different domain types even in the same subnet. Hence
we can use the same DHCP options for different client types.
| - The linux-bootmedia can be PXE, CD-Rom or floppy disk. We put a
| lot of effort into getting samba and linux so small that it fits
| a floppy disk. Unattended has NO floppy disk support, because
| they use a normal sized linux as base. We need floppy disk
| support because of older hardware not having CD-Rom (deliberetly)
| and no PXE-capable-NIc.
|
|
| I have a plan for supporting floppy boot, although it would require
| multiple floppies. I am not sure I will ever implement it,
| though. The set of machines which lack support for CD-ROM, network,
| and USB boot is small and shrinking. And older hardware tends to
| work OK with our DOS boot disk.
|
You're right. In future the floppy disk support will play a vanishing
role...(r.i.p)
| - ANI installs a so called hidden Maintenance- (with Windows
| installation files) and an installation media partition on the HD
| drive. Unattended has not. These partition allows us to trigger
| reinstallation of windows without access to the net and to do
| mass-reinstallation/upgrades of computers without having to
| download all files for each computer again, but instead only the
| few changed files are downloaded (important to reduce traffic).
| These partitions even allow us to reinstall/upgrade the OS
| remotely and centralised with scripts over night, as long as the
| computer's NIC supports Wake-On-Lan. Unattended needs the
| presence of a person at the computer to reinstall the OS.
|
|
| Some of our users have made fully unattended installations work.
| But you are correct that we do not contemplate it out of the box.
|
|
| - ANI provides integration abitlities of existing user and user
| group concepts (unattended?).
|
|
| I do not know what this means. Could you elaborate?
It's no big fead: in the post windows installation of ANI you have the
possibillity to add local users and groups and fill local groups with
other users or domain groups after the join2domain procedure. It may
be configured in a central configuration file (winset.tpl, have a look
at http://ani.sourceforge.net/configuration.php?lang=en#PostWindows
section c.1.12 and c.1.13). It's very simple, but you have nearly
every freedom to integrate existing group concepts.
| - ANI has a nice UI in case of errors, warnings :-)
|
|
| Um, uh, we print a diagnostic and Abort/Retry/Ignore :-).
:-)
| - ANI considers some security aspects, wich are desirable
| especially in big networks: -- We have encrypted passwords for
| the account to mount the install share and join the domain with
| the computer. The password is NEVER stored on the client side,
| either in encrypted or decrypted form. Unattended stores the
| password on the client side.
|
|
| True, but we delete it when we are done.
|
| I have never understood encrypting a password such that it can be
| decrypted automatically. If the machine can decrypt it, so can the
| user; isn't that just giving a false sense of security? Either
| you make a technician type the password when it is needed, or the
| password is available anonymously over the network. In real
| security terms, there is nothing in