Nethserver-wapt needs testers

The documentation link https://wiki.nethserver.org/doku.php?id=wapt

WAPT is a tool to install and follow updates with an installed agent on your windows client. For instance if you have a Samba AD network, users not in the group administrator cannot install executable binaries, it is a secure feature. WAPT can help you to push updates, decide what software can be installed, give you the list of installed software and the hardware specification.

In short the target is the system administrator.

WAPT can be configured in three way

  • no authentication (except ssl verification)
  • kerberos authentication (and ssl verification)
  • console admin password (and ssl verification)

kerberos is workable as far I know

6 Likes

WOW!
As usually, :clap: :clap: :clap:

@stephdl

Hi

As I’m starting a new job coming Tuesday, complete with a fairly large scale test environment (2 * Proxmox, 24 cores & 128 GB RAM each. Both with ZFS and an additional FreeNAS ZFS Storage and each about 10 NICs…)

This environment is big and powerful enough that I can simply create a whole Network inside both Proxmox, and have a dedicated NethServer for testing and as AD.

By end of next week I’ll have done a few tests on Windows clients (I have three Win10 VMs for testing…). I do also have older Win VMs, like a Win7, but any other Windows Workstation OS besides Win10 is anyway obsolete, so no real need for testing. Older than Win10 should only be used for special cases, and then “isolated”…

My 2 cents
Andy

1 Like

Only tested with VMs of W10 pro

One for the Console
One for the Client

My laptop cannot run more VM :smiley:

For the Server VM, I used proxmox, two VM, one for the AD, other running WAPT bound to the AD

@stephdl

My Test-Platform on Proxmox:

More than enough to run 10-20 VMs/CTs on EACH Proxmox!
And this is all only a Test-LAB! :slight_smile:

My 2 cents
Andy

2 Likes

The module worked in a first test with no authentication. :+1: Great work as usual!

I used WAPT to install abiword on XP, 7 and 10.
Win 10 has the waptclient management console, XP and 7 have agents.

I think we should not stop apache to have a full Nethserver and instead use another port and if possible apache reverse proxy (nice to have). From the documentation the port change should be supported (at least on Windows):

https://www.wapt.fr/en/doc/waptserver-install/windows/change-port.html

I already tested the port change here and it worked without auth.

Minor issue:

Configuring nginx ends with an error but it works though.

grafik

Aug 30 23:04:41 testserver systemd: Starting The nginx HTTP and reverse proxy server...
Aug 30 23:04:41 testserver nginx: nginx: [warn] "ssl_stapling" ignored, issuer certificate not found for certificate "/opt/wapt/waptserver/ssl/cert.pem"
Aug 30 23:04:41 testserver nginx: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
Aug 30 23:04:41 testserver nginx: nginx: configuration file /etc/nginx/nginx.conf test is successful
Aug 30 23:04:41 testserver nginx: nginx: [warn] "ssl_stapling" ignored, issuer certificate not found for certificate "/opt/wapt/waptserver/ssl/cert.pem"
Aug 30 23:04:41 testserver systemd: Failed to parse PID from file /run/nginx.pid: Invalid argument
Aug 30 23:04:41 testserver systemd: Started The nginx HTTP and reverse proxy server.

Hi Andy I am starting also to but a training job for 4 months
Me and my new college task assignments

3 proxmox also with zfs raidz2=raid6… 2 nics each proxmox 1 gui, 1for ceph cluster, 1 central prod proxmox and 2 central San: 2 dell poweredge r740 with proxmox for vm backup (1 for main proxmox server and the other for backup the first dell poweredge proxmox backup server), with switch failover, all the servers with zfs raidz2… It’s only the lab to explore to go to the production level, the gpu passtrough is in our thoughts also to and audio passtrough into the windows and Linux vms, nethserver will be the star in the middle, also too

Congratulations for your new job Andy

1 Like

Holly god…

My Hpz600 is more modest…

I am waiting for my training job with the dell poweredge r740 :smiling_imp::smiling_imp::smiling_imp:

1 Like

Your lab is more an prelude to an data center evolution hehehe

:ok_hand::+1:

@Vitor_Hugo_Barbosa

Those are 8 years old servers (second life). Imagine what they cost then, must have been a medium fortune! :slight_smile:

But they’re still fast and VERY usable.
They have each 10 NICs, and 10 GBE cards and swwitches are in the cupboard…

Andy

1 Like

Maybe possible in a second time but not now, nginx is configured by a ninja template that is not a config no replace in the rpm, so a change will be overwritten.

As I said the target is sysadmin with a lot of computers, my Friend uses the community version with 1500 clients, now he is going to the enterprise. You can have a dedicated VM

I think he doen’t use the kerberos authentication, only password and certificate verification

The certificate is not signed by an authorithy, this is an error that a letsencrypt certificate should remove. We use the default certificate of nethserver

1 Like

Deploying the waptagent with waptdeploy via GPO from NethServer Samba AD works well.

I just needed to add the correct waptsetup url to the script parameters because waptdeploy defaults to http and we use https:

--hash=AGENTHASH --minversion=1.8.2.7267 --wait=15 --waptsetupurl=https://WAPT_IP/wapt/waptagent.exe

grafik

BTW, it also works with Windows Server 2016 and 2019.

WAPT really is a nice deployment/inventoring/sysadmin tool.

3 Likes

Wooooow I would love a documentation on gpo deploy … A lot behond my skill :slight_smile:

I saw that my screenshots are in french, I need to make it in english

I am happy you can see something interesting in this sofware. I try to be in touch with the french society to make some changes inside

2 Likes

I did not tested also the group software of wapt, in short if you create a group software called by the same name of a group of computers in the AD, then the softwares are pushed to the computers

Would be nice a doc also

1 Like

It’s already there:

Nice, I need to check how it works…

1 Like

I think I love this software :smiley:

1 Like