NethServer 7 alpha 3 released

After a few months of hard work, I’m proud to announce that NethServer 7 alpha 3 has been released and is publicly available.

NethServer Alpha 3 brings the Active Directory integration and a centralized account management (so-called “multi-site”).

We’re thrilled to share it with you and hear your feedback. We’ve got a lot of news to share with you, so let’s jump right into it.

Overview

NethServer is now designed to leverage existing Active Directory infrastructure and simplify administrative and user control. Administrators can quickly and securely roll out policy decisions using their existing Active Directory. Users authenticate against a single directory, removing the need for multiple accounts, syncing passwords or duplicating information.

Account management

Account management module is included in the ISO, so after the installation the following scenarios are supported out of the box:

  • connecting a remote NethServer running OpenLDAP,
  • connecting a remote Active Directory Domain Controller (Samba or Windows).

By installing additional modules from the Software Center, it is possible to run one of the following identity backends:

  • OpenLDAP,
  • Samba Active Directory.

Samba 4 technology

NethServer is now able to act as Samba Active Directory Controller. Samba Domain Controllers are compatible with the Microsoft Active Directory implementation, that means

  • NethServer can replace a Microsoft Active Directory Domain Controller
  • Native MS-Windows management tools, like RSAT tools and AD PowerShell are compatible with NethServer
  • Group policies can be deployed through native MS-Windows tools
  • Windows workstations can seamlessly join the AD Domain, no more registry tweaks are needed.

Differences from NethServer 6

On NethServer 6, we joined an Active Directory domain in Samba ADS mode, therefore some limitations came up:

  • only some services were configured to work with it,
  • the web UI did not show AD accounts at all,
  • the implementation and the configuration was very complex: 4K lines of code and 3 user databases to keep aligned.

The old Windows NT domain controller role, known as Primary Domain Controller (PDC) role is no more available.

The workstation (WS) role supports only guest access to file shares.

Upgrade of NethServer 6 is not implemented in Alpha 3. It is planned for the future releases. Both PDC and WS roles should be migrated to Active Directory, to keep the same user authenticated access on file shares.

Big mail server enhancements

Mail server received a lot of love from our developers:

  • all users automatically have a valid mail address: username@domain (of course, you can disable it)
  • mail alias page has been refactored and now you can create distribution lists with internal and external mail addresses
  • you can now create shared mailboxes and associate them to a custom mail alias
  • mail quota and mail queue status have been moved under the Status menu section

Under the Hood

We focused on one main aspect: replace the current user management layer with SSSD.

As you can imagine, this is a huge change at many levels, from e-smith layer to web interface.

Much work has been done and many modules must be adapted to the new core.

This release brings a limited number of supported modules, we will work hard in the next days to add all missing ones.

NethForge is now enabled by default

NethForge is the place where you can find extra modules built by the community.
The release RPM is now inside the default distribution, so it’s enabled by default and a new “NethForge” category will be available inside the Software Center.

Supported modules

  • IPS (Snort)
  • Backup
  • DNS and DHCP
  • Hylafax
  • Firewall
  • FTP
  • Printers
  • UPS
  • Bandwidth monitor (ntopng)
  • HTTPD
  • OpenVPN
  • Collectd with CGP
  • MariaDB (MySQL)
  • PostgreSQL
  • SNMP
  • Chat
  • Webtop 4
  • Roundecubemail

Following modules have been moved inside the NethForge:

  • SOGo
  • WebVirtMgr (KVM)

Temporary unsupported modules

  • Shared folder, including Samba and HTTP shares (a full refactor is needed)
  • Web proxy and web content filter
  • VPN IPSec (tunnels already work)
  • Owncloud (need testing with AD and OpenLDAP)
  • Pop3 proxy
  • Adagios and OCS inventory

Deprecated modules

  • Web fax client (Faxweb2)
  • Collectd web, replaced by CGP

Download and Test

We need your help to make NethServer 7 the best release yet, so please take some time to download and try out the Alpha and make sure the things that are important to you are working.

  • You can install it on a virtual machine or on a bare-metal server using a DVD or USB stick.
  • Please, note that upgrade from Alpha 2 is NOT supported.

If you find a bug, please report it replying to this topic – every bug you uncover is a chance to improve the experience for thousands of NethServer users worldwide, also our amazing beta testers team will be called upon to give its support on that!

Together, we can make NethServer rock-solid. We have a culture of coordinating new features and pushing fixes upstream as much as possible, and your feedback will help improve not only NethServer but Linux and free software as a whole.

Ready to check it out? Then head to the docs and download:

14 Likes

These modules are the main module for me . I hope it is really only temporary.

So, what I miss is a better manageability of certificates. In my opinion, every user needs a certificate for email encryption, for example. SSL, HTTPS and VPN is important, but the encryption of user directories with certificates that would be a good thing. Yes - You are right, the security means a lot.

3 Likes

Indeed! It’s only temporary, we’re already working on this. Owncloud is the first on our list

1 Like

Can you change the order to be “Shared folder, including Samba and HTTP shares” first?

I can live without “Owncloud” but what is the AD without shared folders?:wink:

1 Like

Can you please sort them by relevance?
Because for now POP3 proxy and monitoring are at the of our todo list (much work is needed).

Working on it! :slight_smile:

You can do it by enabling filesystem encryption!

This modules is already listed with high priority :wink:

4 Likes

Can you please sort them by relevance?
Because for now POP3 proxy and monitoring are at the of our todo list (much work is needed).

In my opinion, a server should meet the following criteria:

  • DHCP and DNS
  • Fileserver and printserver (Samba and avahi - you kown? MAC OS X) HTTP shares not necessary because ownCloud 's implemented. I would say, one of a cloud service is enough.
  • Account Management (Username, passwort, homedirectory, certificates, groups, Informations about user like Tel, address etc in a database like OpenLDAP)

Very important features are the security services:

  1. WEB Proxy and content filter for network security - specifically for the clients
  2. VPN and/or IPSec it’s ok but when you work with IPv6, then IPSec is already implemented.
  3. Firewall (Firewall? Would be great, but it is difficult when the users go through https or VPN in the Internet.)

Well, the special additional tools that you can always take are:

  • ownCloud and like them
  • OCS Inventory (not easy to configure but great when it works)
  • Adagio is also a very nice tool, but only an extra
  • POP3proxy

I hope, that’s not outrageous. :smirk:

5 Likes

Sounds reasonable to me, it might be a good priority list for our @dev_team

1 Like