Moving (?) from Zentyal to nethserver

I do want to see it :wink: really really curious!

Let’s do an “Ultimate Zentyal to NethServer migration guide” hihi

Thanks for the welcome. I will begin to participate more once I have installed and become familiar with Nethserver.

Sure let’s do it and share you’re feelings!

I’ve been using Zentyal for several years, and prior to that ClearOS preceded by IPCOP. In each case I’ve needed a network gateway that can do content filtering, traffic management, VPN and multi-wan. As Zentyal has moved away from gateway services, NethServer was recommended by a fellow Zentyal user. I just today got a test gateway running that has most of what I need. I’m very pleased with how easy it was to get started and with the robust support for gateway services. I especially appreciate the fact that ntopng and intrusion detection are easily installed, and that free filter blacklists are part of the web proxy package.

All in all, NethServer seems to be very well thought out. Thanks to all who have labored to create such a fine gateway/server package.

5 Likes

Thanks for these compliments! I’m forwarding them to the whole team!
@AZChas @half_life1052 if you want to be helpful that’s a good starting point

1 Like

As soon as Samba4 is integrated, this will be replacing all of my Zentyal deployments. The environments I manage are just too diverse to not have AD/GPO capability. This is a great product! Keep it up!

3 Likes

I moved 11 posts to a new topic: Why not Samba4/AD on NethServer?

I just made the move from Zentyal to Nethserver and I’m very pleased. Zentyal 4.1 has abandoned the gateway functions that I needed; Nethserver has those functions, including transparent proxy, web filtering, traffic shaping, firewall rules and multi-wan. This site has about 100 clients on two local networks, blue and green, and Nethserver manages that traffic to and from a 100Mb Internet connection.

I really appreciate the integration of Ntopng. Zentyal didn’t have any built-in traffic analysis tool, so I usually added Ntopng to my servers, but updates often clobbered my installs. I’m used to the idea of green, blue, orange and red interfaces from using IPCop – I use all 4 types on my network – so I like the way that model is used throughout NS.

I have a blacklist filter source that I have used, but I find that the included blacklists that come with NS work very well, and it’s a nice addition that they are automatically updated.

I have found that traffic moves through my NS gateway about 5-10% faster than it did through Zentyal, suggesting that your design is very efficient.

There are a few things about Zentyal that might make useful additions to NethServer.

Upload blacklist from file: Zentyal has no built-in recommended blacklists, but it does allow you to import a blacklist of your own from a tar.gz file.

Export/import confg backups. The NS automatic backup to USB drive is very nice. Zentyal only supported downloading a config backup to a local computer, which would be a useful addition to the current backup scheme. I keep a hot spare gateway running and attempt to keep the primary and backup machines configured identically, so that I can quickly swap them if I have a hardware failure. I found that I could clone the main server to the spare by moving my backup hard drive from one to the other and doing a restore, but the process would be simpler if I could just upload and restore a config file.

In doing the above cloning, I discovered that the server certificate was not part of the backup and did not copy from my main server to my hot spare. Creating a true clone machine would require moving that certificate manually. It would be nice if this could be changed.

Zentyal has a dashboard notification of updates to installed software, which was nice. It seemed like updates came out daily for either Zentyal or the underlying Ubuntu linux. I haven’t seen many updates for NS, and perhaps they are less frequent. (Also, both of my machines are having issues with the software center, so perhaps I’m not seeing them.)

Zentyal used the L7 filter and then dropped it. L7 is a very nice concept but is woefully out of date and really didn’t work well. If there is a better system for packet analysis and traffic shaping based on classes of services (libprotoident looks interesting), that would be a very useful future addition.

A final comment. I could not have moved to NS so quickly without the help of your excellent user docs and a very responsive user/developer community. The resources for learning about NethServer and the quick responses to questions are far better than anything I experienced when using Zentyal. Thanks!

7 Likes

Certificates added manually have to be added to the /etc/backup-config.d/custom.include.
Here’s mine as an example:
/etc/pki/tls/private/nethesis.key
/etc/pki/tls/certs/nethesis_2015-17.crt

The interface still misses a page to upload the backup, you’ll need to use scp to copy it prior to restore.

Updates are released almost daily, I think you should debug your problems with the software center.
Start with:

yum repolist

You should have:
centos-base
centos-updates
nethserver-base
nethserver-updates
Then a:

yum update

should offer updates or no errors.

l7-filter development seems to have stopped, maybe libprotoident is also stopped.
A promising tool we are evaluating is nDPI (http://www.ntop.org/products/deep-packet-inspection/ndpi/).

Whoa, good point :wink: happy to hear this

Like it, please add a new feature request about. You can use “Reply as linked topic function” on left side

Are you speaking about this?


Please create a new topic on Feature category

New software center has already this functionality, check:
http://www.nethserver.org/nethserver-6-6-released/

Thank you so much friend, this kind of feedback tell us that we’re on the right way!

Alessio: Blacklists are installed in Zentyal from the UI by uploading a blacklist file. NethServer’s approach is a better one, having blacklists built-in. You can always SSH in and add your own blacklists if you wanted something different, and NS does let you create custom categories from the UI, but I was referring to allowing a user to upload an entire list from the UI. Not a big deal.

Filippo: Yes, as soon as I get some time I want to try to find out what is killing the software center. I’ll report back.

Filippo: I don’t want to hijack this thread, but when I do yum update I get the following error:

Loaded plugins: changelog, fastestmirror, nethserver_events, presto
Setting up Update Process
Determining fastest mirrors
YumRepo Error: All mirror URLs are not using ftp, http[s] or file. Eg. Invalid release/
removing mirrorlist with no valid mirrors: /var/cache/yum/x86_64/6/centos-base/mirrorlist.txt
Error: Cannot find a valid baseurl for repo: centos-base

For some reason the mirrorlist.txt files are missing from centos-base and centos-updates, but they are both there for nethserver-base and nethserver-updates. Any thoughts on what might have deleted those files?

Hello… I see there’s many users have move from Zentyal to Nethserver (or are looking for an alternative).
In fact, that’s why I came up to here… I’m a Zentyal user, since version 2.0, about five years ago I guess.
Since then, I’ve installed almost 30 servers, but now, we need to go away, and migrate (or not) some things.
The basic problem is that the gateway functions has been removed from the server, and also, the performance of the 3.5 and above versions are bad (in some aspescts).
For example, the proxy server is a turtle server. And now, there’s no more proxy.
It’s sad for us to leave, 'cause we’re have invested a lot of hours, and we have many clients that use Zentyal, but it’s a taken decition. What we are watching out, is the new server.
Nethserver is very interesting; however, Samba4 is not a part of the server, and there’s a few of samba4 implementations that would be necesary to migrate, and right now, it’s not possible.
In all the other things, I’m absilutely shure that we will give a try!

(sorry for my english!!)

4 Likes

Samba4 is kinda bloatware :stuck_out_tongue: and still is not considered stable enough.
Also, if you want to implement Samba 4 you need to implement a huge number of workarounds to mess with MS stuff.
It’s a really really big effort: Zentyal had to leave behind all other modules to focus on Samba 4.

We do not want to do this for now. Please search the forum for other articles related to Samba 4.
The only viable option is a dedicated virtual machine or container but also this solution requires too much resources.

But, if anyone has a strong know-how on this and want to share ideas (and a good/solid implementation), I’m ready to help!

1 Like

I moved 5 posts to a new topic: NS parallel to the Zentyal AD server

I know that Samba4 is still under development, and that also Red Hat doesn’t take it yet.
I don’t know if Zentyal leaved the other modules because of that, anyway, that’s a fatc right now.
May be, we can work with both servers in parallel, and, once the samba4 is incorporated, see the migratin effort.
I think that, in the future, Samba4 will be a “must have”, but the time will tell. In my opinion, it’s important in corporate enviroments, that can be moving from MS WS AD to Linux (Nethserver!).

Cheers

Just wanted to add my 2 pence as another Zentyal refugee looking for a new home.

I reluctantly upgraded to 3.5 despite it removing a couple of features that I used, but thankfully were easy to replace with native Ubuntu versions. However, the direction that Zentyal has taken since before 3.5 to move away from a network gateway server to be a Micro$haft Exchange replacement has forced me to look for alternatives. All I’m looking for, is the sharp front end for an internal network to connect to the “big bad interweb”, which is what Zentyal are shying away from now.

I’m not really interested in what version Samba is installed, as long as it does what Samba was designed for: To integrate Windows sharing technology in Linux.

And to a couple of replies earlier in this thread, with Zentyal 3.5, or at least what I’m seeing, is that the automatic notification of updates has gone away. You have to go to the Dashboard and select the components option to see if there are any.

As soon as my ESXi server is back on-line, I’ll be running some serious testing to enable me to leave the Zentyal world to be the Exchange fan-boi they aspire to be. Good luck to them in that arena.

Cheers.

2 Likes

Ehi @EddieA hanks for sharing your story and welcome aboard! Please, could you describe yourself here?