Amazing job man 
that’s a super guide! 15 likes so far show that people appreciated your effort.
Keep it up!
1 Like
…my collegue will like it as well … this is the first bit of documentation I wrote 
4 Likes
Yes, it was. I havent seen it lately in my last 3 installs. I would be happy to check again, or test a scenario if some testing needs to be done.
Just for the record, that bug was fixed
2 Likes
Heya @MrE
Your scenario is my scenario pretty much. My users are a 15 person software development company with no regards for past 20 years of development in any but our own software.
I have a opted for the following:
1x supermicro server with 2x 10 dualcores = 40 cores for virtualization and 256GB of memory, and a disk to boot from and store the config.
1x TrueNAS (or equivalent) Z20 with raid 10 over 10 disks, giving me 40TB to play with on a ZFS storage layer, exported with NFS to that supermicro proxmox server.
On top of that is running 9x NethServer, 1 as in this guide, a SOGo mailserver that connects to this one, a SAMBA File and VSFTPD FTPES server, various webservices on their own dedicated virtual server, and like 30 Windows 10 clients, mostly for VPN connections. I can virtualize most of our company without running out of resources, and am a verry happy camper.
Netserver can fill all these roles you mention, and even help with transitioning, as it is easy to set up and at no cost but resources on the virtual environment, you get to try a lot without much consequences.
A FreeNAS would be equally good, or the other one people promote lately… just make sure you have at least 10 drives in it, and use RAID10. Nothing worse then slow disk performance on a VM environment.
Use the cache options as well … we have SSD’s for cache, and otherwise just spinning rust, and outperform most VMware solutions we encounter at customers, while those cost a multiple of our environment.
So yeah, Nethserver can help you out, and I am writing the mailserver guide at a slow pace atm, but it will be there, and we run it in production already 
Dragged you here cuz the threat would be derailed by this answer 
From
4 Likes
Also,l read this as: DO NOT use virtualisation WITHOUT investing in these at least 10 disks, to get RAID10. You will pay dearly in speed penalty if you do. If you have users with on average 10GB mailboxes, and they start syncing while you boot a windows client and someone tries to cpy their pictures over, you will get a ringing phone.
1 Like
Agreed on getting as many spindels as possible. It will increase I/O drasticly (and you will need it)
I feel that I have a little different scenario, but equally demanding.
I haven’t see and tried the NS mail option; so I can compare with our current mail server, it use Citadel (I like it) in debian w/2 SATA drives (software raid). Is really simple to manage and just works. But I make a little mistake: I leave it un managed for a few months and the database grow so large that I can’t really do fast backups (it takes almost 2 hours of downtime). This version can’t recover free space from deleted message, but the new version will have that process.
Mostly we use POP user accounts, so I can keep and eyes in the space used on the mail server. A few are using IMAP; but I see some users messing up their IMAP folders.
Later I’ll try to find and read what email solution is used in NS, how the mails are stored, and what anti-spam/virus capabilities have. Including the administration tasks.
@planet_jeroen, @robb : I feel my hardware short after reading your comments:
This is a Dell server R320 24 GB RAM and 4 SATA DISK 1 TB each.
The four disks in ZFS as RAID 10; and limited to 8GB the ZFS system.
options zfs zfs_arc_max=8589934592
Because it haven’t any load right now, I can’t see if I’ll hit a wall; need more tests before going to production. I really need to replace our old w2k server.
What I like is the idea of ZFS snapshots for safety upgrades in NS and peace of mind.
So, if I see that I only can have the NS in this hardware; I will give less RAM to NS, and extend the 8GB RAM for ZFS. I hope that I can have at least to VMs: 1 NS, and other one for a payroll system in windows, so I can take out another hardware at least.
Edit1: sadly, this system can’t hold more disks. Just more ram and hopefully bigger disks later.
Reading this guide avidly. 
If you wont be running a lot of virtual machines, and the systems you named are not very demanding, you can probably get away with it. If you are going to install clients as well on there, this becomes a must.
If your server can hold them, get a few more disks tho. They are relatively cheap and it makes it so much more versatile.
I only run 2 2TB disks on my ProxMox server. But it is a home server and not very extensively used. So in the end it all depends on your use.
But as @planet_jeroen said, as soon you are going to run a lot of VM’s and containers, Have very larghe mailboxes that need to be synced all the time for a lot of users, the best thing you can do, (maybe even before adding RAM) is adding disks/spindels so you increase I/O.
Maybe this could serve you
3 Likes
I, too, would like to know if this setup is compatible with RSAT and which tools are working properly - e.g. DNS, DHCP, ADUC, GPO, etc.
Also, can Windows computers connect as domain members without issue?
What about domain trusts, specifically Nethserver Samba ADDC <–> FreeIPA ?? On same subnet / network segment, or separate subnets?
Thanks for the writeup!
Unless you have a real specific scenario, that I have not encountered, yes to all of the above.
You will have a bit of extra work setting the DNS up correctly according to MS standards, but that can be done using the appropriate snapin.
Trusts should work, I have never tested it. Samba documentation states they should work tho, and since Samba is running in a very default mode in a container, that should pose little issue.
Subnets have no influence on trusts. If there is a route from a to b, they will work.
For specific questions about how compatible it is, the SAMBA project page is the best resource. For implementation specifics on NethServer, NethServer is the best source.
Let me know if this answered you questions, and feel free to add to them 
1 Like
Thank you, yes that is very helpful!
I think the thing that has been hardest for me to figure out about integrating FreeIPA with AD is the suggestion that they be on separate subnets, so I think that will require Zebra/Quagga/RIP or something similar that can handle a next-hop situation (I guess standard Linux routing could suffice).
Right now I’m just using WS 2012R2 which still has the Unix Attributes for managing Linux/FreeBSD/Solarish clients on AD, all networking on a single /24 subnet, but from what I understand 2012 is going to stop getting updates in 2020, so not a viable long-term solution… was thinking FreeIPA looked pretty nice specifically for *NIX clients. Do you have any experience with it?
Also, Samba will continue getting updates and is functionally compatible with WS 2008R2 so that suggests that it should be compatible with Unix Attributes/IDMU and NIS, so I suppose I could just move to Samba once Microsoft stops supporting WS 2012…
…as long as you are aware it is a suggestion, and usually these are aimed at the larger corporations that have different vlans active anyway, and where possitioning is a strategic choice.
If you dont currently have them, you can do without, and in the mean while get some experience and search for a reason to use vlans in the future
Not yet, but you prompted me to spend longer then intended on their webpage, and it looks like I want to give that a spin as well. Thanks!
Main issue will be not having an Exchange mailserver, if that is what you are running now. If you have a cloud based version or use something else entirely, there wont be much issues. People used to Exchange will make all kinds of noises when their agendas start behaving differently 
Nope, no Exchange here so not encumbered by that mess… just need something for authenticating and dealing with users on a mix of Windows and *NIX boxes. Not really a big deal, but having software meant specifically for managing each one has always appealed to me more than the one-size-fits-all AD used to try to be but gave up on in Windows 2016.
I’m surprised Nethserver doesn’t have FreeIPA, it’s a Red Hat development and it seems like they’re pretty geared toward carrying Red Hat stuff, being on CentOS and all.