Linux based Mac BSDP and NetBoot Server

The Goal

So in my continuing deletion of all things Apple Server, I am tasking myself with also getting rid of our BSDP NetBoot server for Mac clients. Our setup is simple. We don’t do any thin-client stuff. We have a number of NetInstall images and a single “thin-client” image for System Diagnostics (has a few helpful utilities). I have heard rumor that Deploy Studio can act as a BSDP server (Apple’s netboot protocol), but it is also a bit overkill for what I need. So let’s just see if Linux comes to the rescue.

For those that just want to check out the BSDP project, head over to github and you can check out the code there.

The Plan

Here is what we are going to build:

  • Ubuntu 14.04 (what is with Ubuntu and their minor version numbers?).
  • Network volume access (AFP and SMB) for loading NetBoot images.
  • Netatalk for AFP connections.
  • Samba for SMB connections (my directory server does not currently have the Samba schema, so I have not installed it yet).
  • BSDP server.
  • TFTP server for kernel images.
  • HTTP server for disk images.
  • NFS server for disk images.

The Process

Okay, so we start with an Ubuntu 14.04 Server install. I love server installs. No GUI to take up space or CPU cycles and a really small footprint to my VM system. During the install process we installed the OpenSSH server and nothing else.

Support Packages

Now lets add in some packaged requirements:

sudo apt-get install tftpd-hpa apache2 apache2-utils netatalk git nfs-kernel-server python-configparser

Next we need to create a place to store all the netboot files. I recommend you use a dedicated hard drive/partition for this and set it up to mount at boot at the appropriate location, but this is up to you and an exercise for you to perform yourself. Anyway we are going to put everything under the /netboot folder. The commands below create the needed paths and set appropriate permissions so they are group-owned by the admin group, group writable and ownership/permissions are sticky(inherited) when new files are created.

sudo mkdir /netboot /netboot/Images /netboot/Clients
sudo chgrp adm /netboot/Images /netboot/Clients
sudo chmod g+w /netboot/Images /netboot/Clients
sudo chmod +s /netboot/Images /netboot/Clients

We also need a user for the netboot clients to connect as. Apple’s NetBoot solution uses 50 different user accounts for this, I think maybe as some sort of security to make it difficult for one user to look at another user’s files. This is only used for diskless booting (i.e. booting the entire live machine via NetBoot rather than just an install image) and the only time I use those is for testing, so there are no user files to be worried about. Anyway we will be creating just a single netboot user. When asked for the password, enter whatever you like (letters and numbers only), just write it down somewhere as you will need it later in the process when you configure the BSDP server.

sudo useradd -M netboot
sudo passwd netboot

TFTP Server

Please note in the command above that we are using the tftpd-hpa package, not the standard tftpd package. The HPA TFTP server includes support for some TFTP options that the basic tftpd package does not, and newer Mac clients need these options to NetBoot correctly. Edit the /etc/default/tftpd-hpa file and change the TFTP_DIRECTORY value to match the line below:


After that is done execute the following command to reload the configuration for the TFTP server:

sudo service tftpd-hpa restart

Your TFTP server is now ready to serve up the kernel boot images.

Netatalk (AFP)

Next setup Netatalk to share the same folder via AFP.

sudo nano /etc/netatalk/AppleVolumes.default

Go to the bottom of the file and comment out the Home Directory line and add these new lines below it. This will share the Images folder and make it accessible only to members of the adm group (admin group on Ubuntu), the second line will share the Clients folder for diskless boot clients that need a shadow image for writing and make it accessible by the netboot user and the admin group. If you are using a directory server for authenticating your (admin) users then include the group your admin users belong to below instead of adm.

/netboot/Images “NetBoot” allow:@adm
/netboot/Clients “NetBootClients” allow:netboot,@adm

Finally you need to restart the netatalk service to apply the changes.

sudo service netatalk restart

Apache (WWW)

By default Apache shares a folder that is not as helpful to us, so lets update the config file.

sudo nano /etc/apache2/sites-available/000-default

Find the DocumentRoot line and change the path to /netboot/Images. Below that line add the following.

<Directory /netboot/Images>
    Options None
    AllowOverride None
    Require all granted

Finally reload the Apache configuration.

sudo apachectl graceful

 NFS Server

Most network boot images are configured to use NFS because it is faster. We need to share the /netboot/Images folder for NFS so that those images can work as well.

sudo nano /etc/exports

Once in the editor add the following line to the config file:

/netboot/Images *(ro,no_subtree_check,no_root_squash,insecure)

After the file has been edited we need to reload the configuration so the new directory is exported. If you have not rebooted your server yet since installing the packages, we also need to manually start the NFS service.

sudo exportfs -a
sudo service nfs-kernel-server start

 BSDP Server

We need to get the source code for the server from git and then run the install script. From your home directory run the following commands. This will install everything under /usr/local.

git clone
cd pybsdp
sudo ./

Next edit the config file at /etc/pybsdp.conf and update the paths and username/password to match your configuration. Finally we need to start the pybsdp service (it is set to run at boot, but it has not been started yet).

sudo service pybsdp start

Note: See comments below if you are using Ubuntu 16 or later as they changed the service commands.


You should now be able to connect to your netboot server via AFP and select the Images sharepoint. Drop a NBI in there and, with a little luck, it will show up in your netboot selection list when you hold down the Option key.

I have tested this configuration with the following images and it works correctly over both NFS and HTTP:

  • 10.6.3 Install
  • 10.8.5 Install
  • 10.9.0 Install
  • 10.9.3 Diskless Boot (note, this requires either a very new computer or a hack to the boot image. This is not a bug in this program but in the way Apple is building their kernel caches. Standard TFTP cannot load a file greater than 32MB, which the kernel cache in the latest version is greater than 32MB).


The BSDP server is an ongoing project. This doesn’t mean it is under active development but there will likely be small future improvements. Right now it listens and responds on all active interfaces. It would be good to have config file options limiting which interfaces it responds on. These are not necessary for me right away so I will probably hit them later. The code is functional but I will likely find some bugs and fix them as they come up.

How well this whole system would work under heavy load as a diskless boot server I don’t know, that is not something I will test. We have a single diskless boot image and it is strictly for diagnosing problems. It has some hardware test tools and data recovery tools. Everything else we NetBoot is install images. For that, it seems to work fantastic.

17 comments for “Linux based Mac BSDP and NetBoot Server

  1. April 11, 2016 at 11:18 am

    I’m very interested in this project, and am looking more into diskless booting. Could you please provide more information on this subject? I know you haven’t tested it, but a point in the right direction would be great. I’d like to use this to boot to the Yosemite 10.10 install disk, so that I could run the installer on each PC. Please email me for more information.

  2. April 23, 2016 at 7:56 pm

    As far as I know, you just need to use the System Imaging Utility to make a NetBoot image instead of a NetInstall image. I did this briefly but the speed was poor. I was using it just for a bootable system that had some useful utilities on it. I switched to a few cheap USB drives instead because of the performance.

  3. Jay
    July 7, 2016 at 9:30 pm

    Hi Daniel,

    Thanks for the detailed instruction! That is really helpful.
    I have followed the steps. I could see the NetBoot Image copied to the netboot folder.
    However, when I select the image, it automatically boot to the local HD. I am just wondering if there is anything I missed. Have you seen this kind of issue before?

    Thanks in advance for your help.

  4. July 8, 2016 at 11:54 am

    It sounds vaguely familiar, but nothing specific comes to mind. Are you sure the Mac you are trying to boot is compatible with the image you are using to boot? You might try booting with command-V to see if anything shows up (like an attempt to netboot and then failure) and/or using a packet sniffer on the netboot server to see if there are any issues on that side.

  5. Jay
    July 11, 2016 at 5:18 am

    Hi Daniel,

    Thanks for your reply.
    I had a look at the log file on my server. And couldn’t find any BSDP related packets anywhere, even the image is showing up in the Mac startup disk app.

    I think I might just get an idea of the issue, not confirmed yet.
    My guess is that it could have something to do with the OS X version.
    I have read for El Capitan, the IP address of the server needs to be added as a trusted node. So I probably need to bless the address to the image when creating the netboot image. I will try it tomorrow and let you know.

    Many thanks.

  6. July 11, 2016 at 7:08 am

    The BSDP packets would be DHCP (the discovery process, which is working since the volume shows up on the client) and then TFTP packets (randomized port number). The easiest way to see what is going on is, on the server, do a packet trace and filter it to the client’s IP address. You should see the DHCP request+response and then after you pick the volume to boot you should see a TFTP request and, hopefully, an error message to give you an indication of the problem. If it seems to be working fine and you can see the file being sent to the client, then keep on eye on the packet size. If it is 512 bytes then you are probably using an unsupported TFTP server (which is limited to 32MB files). The newer servers increase the block size to 1468 bytes for 93MB total file size, which is required by pretty much any OS image after 10.5.

  7. Jay
    July 12, 2016 at 5:27 am

    By using packet tracer, it shows TFTP unreachable. It turns out I need to change TFTP_ADDRESS = “[::]:69″ to TFTP_ADDRESS=””

  8. John
    August 3, 2016 at 5:52 pm

    Question – Is it possible to pass on a non-MacOS X image to a Mac using this process? Like say net booting into Linux?

  9. August 3, 2016 at 5:55 pm

    I do not know unfortunately. I suppose it is hypothetically possible, but you would probably have to customize the Linux kernel a bit to deal with getting all it’s boot information (such as where the root FS is, the initRD image, etc.) from BSDP data instead of the normal way.

  10. Erwin
    October 17, 2016 at 1:55 pm

    Hi, Daniel.

    Thank you for posting write-up. Do you know if this is supposed to work with Ubuntu Server 16.04.x??

    I am trying to set it up on my server and I’m stuck on the following step:
    sudo service pybsdp start

    I consistently get the following error message:
    Failed to start pybsdp.service: Unit pybsdp.service not found.

    16.04 comes with Python3 and I wonder if this maybe what’s causing the problem? I managed to set my default python from another post so that when I issue a python –version command, it reports “Python 2.7.12”

    Any ideas? Im a noob on this stuff…

  11. October 17, 2016 at 3:19 pm

    Ubuntu changed the way services are started in 16 and I haven’t had a chance to update the post in an elegant way. Here is the quick and dirty:

    Create the file /etc/systemd/system/pybsdp.service with:

    Description=BSDP NetBoot Service



    You should then be able to start it with sudo systemctl start pybsdp and enable it for auto-start with sudo systemctl enable pybsdp.

  12. Erwin
    October 21, 2016 at 11:57 am

    Thanks, Daniel.

    pybsdp.service is now running on my server.

    I am currently copying my nbi and my base OSX 10.11.4 dmg file on /netboot folder. When I did this with my other server – Ubuntu v14 – I was only able to select the NBI image when I held down the option key while booting. It did not appear to have loaded the nbi image – it continued to load the OS from the local HDD. The actual nbi image is located within a subfolder in /netboot; should i move it to /netboot? Also, I am guessing that my “base” image should go into /netboot/Images directory?

    Anyhow, I am hoping that this new server will work out better.

    Thanks for your assistance!

  13. October 21, 2016 at 1:09 pm

    Not entirely sure what you mean. You said that it only worked when you held down the option key and selected the NBI image. That is pretty normal unless you go through System Preferences and lock it to always boot from the NBI. If when you hold down the option key your NBI does not show up then that probably means it’s in the wrong folder.

  14. bill
    October 12, 2017 at 2:58 am

    I have set up the Server and the two Folders NetBoot and NetBoot Clients are visible over AFP. The only Problem I have is to copy the file onto the Folder because it says, that there is not enough space. How can I change that?

  15. October 12, 2017 at 8:17 am

    You would need to increase the hard disk space of the server to give more space.

  16. bill
    February 27, 2018 at 6:35 am

    Does that work for High Sierra too?

  17. Florian
    June 7, 2019 at 3:13 am

    I have put the .nbi file into the /netboot/Images folder, but when i hold down the option key there doesn’t show up the netboot image. Does anyone know why?

Leave a Reply

Your email address will not be published. Required fields are marked *