Neth Server Experiences vs SME

Ok, well… This will sound like whinging, and yes, in part this is just me venting. I hope though that it’s also useful feedback for the project, and that it’s useful to other people coming in from SME Server.

Some of these may be caused by Centos7. Some may also be present in SME 10 (alpha) which I’ve never used. I’m comparing with SME 9.2 which is end-of-life.

I didn’t run every problem right to ground, so a lot of this might have just been me doing it wrong, but if it happened to me then it’s possible that it happened to someone else, and maybe some keywords here will help other converts figure stuff out.

I’ve been using SME since version four – so what’s that, over twenty years i think maybe? Close to… anyway, so moving away from it is slightly… emotional maybe? Anyway, I built the backbone of my linux footprint with SME, so it’s “a thing” for me.

Let’s begin:


I know this is a CentOS thing but anyway… If your disks are over 2TB, you will need a magic partition; biosboot if the system boots legacy style, efi partition if the system boots uefi. SME couldn’t cope with this either, I got around it by using less of the disk, and keeping the total size under 2TB. I don’t think this really belongs here but I’m documenting my experience, and this was part of it.

So the CentOS installer really struggles to set this up properly without help, at least mine did; and at the end you have one drive that can boot the system, and then a different one which has a copy of all the paritions except the magic one. This means if the primary drive fails, you system cannot boot without some serious help.

With sub-2TB drives, or manual work to duplicate this magic partition to both drives and then leave it alone, you can pull one drive, drop it into identical hardware and bootup two identical servers; or at the very least, be able to reboot after drive failure.

The rsync backup is really good – but I really want you to let me give you a mount point to backup to. That way I can set my backups over fuse-ssh or filesystem-over-gmail or whatever… my preference is /dev/sdc formatted directly ( ie no partition table) but nethserver won’t let me. Not a massive problem, but a bit annoying, especially as the backup routine wants to mount and unmount the filesystem, so I can’t easily use the same volume for backing up other non-neth nodes remotely.

However, not having it all in tar files is handy and the other modern options are cool so overall I think backups are improved over SME.

Under SME I can have a server called and a bunch of other domains configured too. If I make a user, I’m pretty sure that the user gets an email address under each domain by default. With neth, I need to create the extra email addresses. Also neth doesn’t have ‘domains’, we just put them in as aliases under the hostname setting, as far as I can tell. No real dramas.

Oh my god!! Well, you can’t create a user outside the context of the LDAP or MS/Windows directory service. I didn’t mess with the LDAP stuff, but the windows service, behind the scenes, adds a virtual machine and requires a bonded network card (eg br0).

It doesn’t say anything about the network changes or the VM in the GUI. I hope it doesn’t become standard practice to create a new VM and IP address for every service in CentOS, this could get very complex very fast! :wink:

If the admin removes that bonded NIC, no errors are offered and it goes away, but nsdc will never start, throws file permission errors(!?) in the log, and all the user accounts vanish! If you try and fix this by removing and re-adding the accounts provider, it can be made to work, but a reboot makes it go away again :slight_smile: This continues until you deliberately recreate br0 or reinstall nethserver.

It’s terrifying. Don’t mess with br0. This also means that you can no longer see the proper name of the physical LAN card in the manager, much less make any changes to it…

So now my server has samba right? No! locate smbclient shows /var/lib/machines/nsdc/usr/bin/smbclient but because it’s from a VM the dependencies aren’t there and you can’t load .so files. yum install samba-client gets smbclient installed if you need it.

So if you stop the nsdc service from the CLI, nothing restarts it by force like SME likes to, and the GUI will tell you it’s stopped, but won’t give you a way to start it.

So you can’t manage users in /etc/passwd, they just aren’t there. Neth maintains special user login files for postfix, but ssh ( I think ) uses the LDAP providing VM. I could be wrong there.

I know a hell of a lot less about Linux than the nethserver development mob, so I’m sure there are good reasons for all of this, but not being able to control users in /etc/passwd and /etc/shadow means that I need to make a bunch of changes. When I ssh in as a user, I can’t even read my homedir…

So maybe there are good reasons for avoiding the traditional /etc/passwd, but whatever that reason is, it’s very annoying (to me).

ibays & vhosts
Used to be if you make an ibay you get a website/page, samba share, ftp & username.

So on SME, for example, I had an ibay ‘business’

\server\business has all my office docs.
http://server/business has the php app for invoicing.
If I need to share with someone else I can give them username business, password asdliuasd and they can access the resources of that ibay, but don’t get an email account or any other server access. Also doesn’t link to an individual, which is better where staff turnover might be high (but here it’s only me).

Can I do this with nethserver?

No. The basic concept of an ibay – a data ‘zone’ wherin you could turn on or off different access methods, is gone.

Now you need to make a user if you want one, make a windows share and configure permissions for that user, and make a new host[name]/vhost if you want one.

So you can’t have http://server/business, you need to have, which is fine I guess, but the folder on disk that holds the data is called alek3bqgk57834581u3, and the user is also called alek3bqgk57834581u3, and you can’t change these. So that’s a bit messy.

Also, it’s not fine. It means that for SSL to work properly I need to use a wildcard cert, or have an entry in my cert and update it for each and every vhost! A pain either way, especially as the certificates system in the GUI won’t accept an asterisk in the input, so then I’m off on the CLI to sort that out. A wildcard seems to work better for http verification unless you also have wildcard DNS so that LE can find your neth server.

All that worked well, but the 15 seconds DNS delay is hard-coded in the script where it could be a config property, and it wouldn’t be necessary if the GUI supported

Conceptually, I am very comfortable with the idea of having lots of apps on one server using different url /suffixes to choose the app. SME would let you add a hostname/alias/domain and redirect the root of that to an ibay anyway, thus allowing either or Neth server only supports, so that’s what you have to use.

Oh yeah, and if you want FTP on your ibay? Well you can use sftp to access user accounts, configured in one place, or reach a vhost via the alek3bqgk57834581u3 in the vhosts config, or just create new ftp-only users that only exist for FTP and nothing else, but there’s no ibay so the business processes can be split over a range of accounts and services.


The server does not act as a gateway between the LAN and the WAN unless you install the firewall application. Then it’s fine, but will go offline for a short time if you try to configure windows account services (the creation of br0 messes with the network for a little bit). I still need to setup PPTP or OpenVPN.


SME has a bunch of these curated add-on modules, listed at

They have about three times as many for SME as there are apps for Neth. Of course, a lot of these are of limited use (eg motd), but then, a lot of the neth ones are standard in SME by design (eg restore backups, IPSec). I suspect (hope?) that there are many neth server apps that I haven’t configured my server for yet, like rtorrent maybe or zabbix, dansguardian, zoneminder, local bitwarden… whatever. Cool stuff like this.

I feel like I’m just getting the official feed and there’s an optional apps feed, but I haven’t looked yet.

Anyway, that’s my ramble. I am really grateful that the devs have put so much work into this, it is cool and I think it will work well as a replacement, but I really miss the old iBay arrangements…

Thanks for reading, any who bothered.


It’s by design.
Using NS6 you could do almost the same things that you’re using with SME Server, since 7, NethServer went “full LDAP”, with intenal (OpenLDAP/Samba DC) or esternal authentication server.
This can allow the distro to have the same behavior between 3 different user cases:

  • External LDAP Server (which can be also Windows AD Domain Controller)
  • Internal LDAP server
  • Internal DC

Pros: users are not in the system and you can connect to the authentication server more services.
Cons: if the authentication server is down (internal, esternal, DC) only root could access.

Firewall module of NethServer compared with one of SMEserver is like a full fledged toolbox with a swiss army knife with 4 layers. I’m not saying that the one provided with SMEServer do not work, but it’s… simply not enough. (I have a Victorinox Spartan in my pocket, no disrespect for Swiss knives).

iBay was a nice concept, but not everyone could/would use it. And it had a flaw: address predictability. On GDPR times, is not a nice feature.

Last but not least: thanks for critics. :slight_smile: maybe NethServer is not for you, can happen. I know that SMEServer has a much more history (and contributions) from the userbase, but it’s stuck to… 3/4 years ago?
10.1 has been in alpha for years and has the same EOL of NS7. I hope the best for the project, and if it suits you (SMEServer) go for it! :slight_smile: NethService (previous Nethesis product) was based on SMEServer, but… now IMVHO NethServer is quite more flexible and usable.
Support SMEServer if you like it, better software as competitor allows better improvements on both sides.


But lots of others could and did. I agree with @freakwent here that Neth’s behavior is a major step backward. Also in that it requires AD to have user-level permissions on shared directories. This isn’t much of an issue for me in recent years; I use Free/TrueNAS as a fileserver rather than SME or Neth. But it’s a loss in functionality unless you want (or can live with) the overhead and complexity of the AD ecosystem.

They aren’t really curated; anyone can add a wiki page. And my impression when I was using SME (I moved to Neth about 3 years ago) was that even then, many of those were very out of date.

There’s a Nethserver wiki as well, of course (link at the top of the page), and anyone can put pages there, but this community doesn’t seem to use it as much as does the SME community. You can find lots of stuff in the Howto category on this board that isn’t on the wiki. And occasionally you’ll run across things that aren’t even there, like this:

As NetWare? :smile: Anyone that will miss one or more feature there will be in every software comparision.

Right. But when Neth came from SME (it literally started as a fork of SME), it’s puzzling that they’d drop that feature. It was widely-used and well-implemented. And if they’re wanting people to migrate from SME (and they’ve put some effort into a tool to facilitate that), removing a major feature from SME doesn’t seem like a smart way to do it.

Thanks for the insights guys – I didn’t mean to sound combative, but perhaps adding ‘vs’ in the subject didn’t help!

I mean, it works, it’s just different I guess. Some stuff feels like it isn’t intuitive, but I am too close, I can’t tell if it’s actually slightly odd, or if it’s just me being sensitive…

For example, I’ve added my account to have permissions on a windows share, but it’s not working… do I need to have the client PC added to the ‘domain’? It’s unclear to my NS n00b self.

I just want CIFS fileshares, not the other fancy features. I’ll keep peeking and poking it.

For example, the backup routine says there are no previous backups; but of course there are, it just can’t find them, so the disk is full and they fail.

Anyway if I get properly stuck with a real problem that I can’t fix, I’ll write it up as a proper support request. Until then, thanks again, and stay safe.

The major feature (according to your words) had quite some downsides…

  • create and mantain costrains about share names, that should not ever interfere with modules that had an application context (as example. zabbix, sogo, and so on)
  • have an FTP server working anyway (and IMVHO no file share should allow public access on FTP nowadays)
  • no chance to pick which services should be used for sharing (webdav, samba, FTP, https, none of them?) or even integration between iBay and other modules…

You and other people liked that, and i can agree with you than it sucks when something’s missing (like L2TP on NethServer 7, for instance, which I miss), but… it fits you, and maybe not all the people. You’re used to that, it feels like “some good old SME times”…

It’s “distro politics” i know. A choice has been made, and it comes with fans and booers :slight_smile:

1 Like