Upgrade Nethserver 6.9 to 7 study case

No…I didn’t made a screenshot, but I can affirm that the first NIC is configured as GREEN, and the second NIC was without attributed rules…

When connecting for the first time, on the first green NIC, I had the message than there’s a NIC without rule.
And when I gone to configure this second NIC, to attribute a green rule too… I had the little windows "configuring shorewall "… until loosing the connection:
Apparently, Nethserver, don’t like configuring 2 GREEN NICs, with 2 different subnet and without RED.

I was stuck, three time in this exact ste I had to doing three time the installation until thinking a way to dribble this point !!! :grin:

What I do to bypass this step:
I made the same install, but the first time I go to configure this NIC, I change the first GREEN NIC, to the RED rules…
When it was done, after this, and only after this, I was able to configure the second NIC as GREEN without the annoying NethGUI lost of connection. :grin:

For this reason, I make the suggestion to have the possibility to attribute the rule before going to the Nethgui for the first time, or make all the NICs RED ( by default, the access to the GUI on the RED side is authorised)…
That can resolve lot off issues… I think.
And close all by default is better, in the security point of view…

If you are aware of this fact… that’s ok.
You are probably thinking about a solution :wink:
But please, think about the case when Nethserver is configured only as Firewall Gateway :grinning:

I would like to continue and to make some comments about the Nethserver 7…
I’m continuing to be surprise with the ergonomic and the (poor) logic in the NethGUI.

One exemple:
There’s the “applications” entry in the left menu bar, here’s there’s Lightsquid and Ntop.


Clicking in the LightSquid open bottom

So, I really can’t understand why there’s an “Web Proxy Stat” left menu entry?

Why not use the same logic, and use the “Application” entry, and put the “web Proxy Stat” here?

It’s exactly this lack of logic, this lack of ergonomy that let a not so good feeling about the NethGUI.
Actually, the “Application” menu is not well exploited… Is not entirely exploited.
I did you understand what I mean?

Yes, of course!

The reason for having such behavior is the following.

In early ns6 release there was no integration with Server Manager for such applications. They are accessible with a randomly generated URL only because it could be useful to share their URL with someone that is not an admin (your customer, for example).

Then came the Server Manager integrated view. But the sharing URL remains and is still available from “Applications”, as in origin.

Thank you for the explanation @davidep.
I understand better the reasons of what look like inconsistency.

There’s no way to conciliate these left entries with the Application entry ? or is it really difficult?

In the applications panel you could have other apps too, like NextCloud. In fact It doesn’t have its own entry on the left menu

To talk about this, I will re-open the “Organise left menu bar” :wink:

For now I’m stuck the account provider choice!!
I read the doc and these two discussions… And I continue don’t own what to choose.


I actually mount my 1gb drive in /opt.
I want this /opt shared via SMB as Time Machine for backup the Mac.

What I actually understand is:

  • LDAP: Easy to configure, does not support authenticated access to shared folders
    So it’s seem it not this one …( but not sure )

  • Active Directory: Enables all shared folders features, requires advanced configuration options…
    For 1, only share directory !!!:fearful:

I must admit I know the SMB share in a Windows environment, but I don’t know in a mixed environment, and here in a non-Windows environment

I finally install an AD…
But I continue to be stuck the next step…

After creating a user tmbackup, set the password.
Going to the shared folders, I don’t see the information “what to share”

The shared folder are subdirs of

/var/lib/nethserver/ibay/

You have to move your contents there, or bind-mount them.

Arf… my 1tb disk is in /opt.

How to bind-mount? What is it? It’s the first time I hear that…

Is a symbolic link can help here?

If possible, move it to the new destination. It’s the simplest thing to do!

I’m not sure Samba follows symbolic links outside of the share path.

I didn’t experiment it, but I bet it works

From mount manpage:

The bind mounts.
Since Linux 2.4.0 it is possible to remount part of the file hierarchy somewhere else. The call is
mount --bind olddir newdir

or shortoption
mount -B olddir newdir

or fstab entry is:
/olddir /newdir none bind

After this call the same contents is accessible in two places. One can also remount a single file (on a single file).
This call attaches only (part of) a single filesystem, not possible submounts. The entire file hierarchy including submounts is attached a second place using

So, if I’m well understanding the deal:
Unmount the disk from /opt
and mount it in a /var/lib/nethserver/ibay/TimeMachine folder.

But ( and :dizzy_face: ) I didn’t understand how to attribute the shared recourse in the Nethgui.

(I’m thinking, I remember to already see something about bays, in the old Nethserver doc, I’m going to read again this one )

Create a shared folder, “Time Machine”: you’ll find an empty folder where to mount your disk.

It’s exactly this that make me crazy!!!
I know how to make the folder… Not the “shared” :alien::stuck_out_tongue_winking_eye::stuck_out_tongue_winking_eye:

From your screenshot above, you already have one…

Arf… I see now…

I was far, far, far away

:joy::joy:

It’s seem ok

I just need to adequate the mount point volume, and do the real backup.

Not working as expected !!!

Edit: @dev_team,
it seem the Samba need a patch to be compatible with Time Machine Backup
https://bugzilla.samba.org/show_bug.cgi?id=12380

Edit2: https://developer.apple.com/library/content/releasenotes/NetworkingInternetWeb/Time_Machine_SMB_Spec/index.html

This means you’re out of luck

Yes… Really.

Shitty situation this depreciated AFP

I’m thinking about all these Mac users in a Unix network environment !!!
What’s the solution? Only a USB disk for backup? :scream:

I will wait for a @dev_team suggestion… :pray:

Edit: https://github.com/samba-team/samba/pull/64

Edit 2: I tried to work around the Avahi configuration too…
But nothing seem to go ahead.
I tried too to modifying the SMB.conf, but
# vi smb.conf

# ================= DO NOT MODIFY THIS FILE =================
#
# Manual changes will be lost when this file is regenerated.
#
# Please read the developer's guide, which is available
# at https://dev.nethesis.it/projects/nethserver/wiki/NethServer
# original work from http://www.contribs.org/development/
#
# Copyright (C) 2013 Nethesis S.r.l.
# http://www.nethesis.it - support@nethesis.it
#

So the @dev_team to unlock this step

For now, I install Netatalk.

It was a real painful because there’s a conflict between Samba and Netatalk…
I was obliged to stop Samba, to create a user in the unix way, to configure the afp.conf with this user.
To be able to see the Backup resource in the Time Machine, and connect here.

Actually, even connect the shared folder in the Finder don’t work !!!

THere’s an error in the afp log

Jun 11 14:23:08.587677 netatalk[37882] {afp_avahi.c:131} (error:AFPDaemon): Failed to add service: Not supported
Jun 11 14:23:09.414782 afpd[37883] {dsi_tcp.c:320} (error:DSI): dsi_tcp_init(192.168.144.0/24): getaddrinfo: Name or service not known
Jun 11 14:23:09.414853 afpd[37883] {dsi_tcp.c:476} (error:DSI): No suitable network config for TCP socket
Jun 11 14:24:07.649626 afpd[37899] {dsi_stream.c:504} (error:DSI): dsi_stream_read: len:0, unexpected EOF
Jun 11 14:28:01.900195 netatalk[37929] {afp_avahi.c:131} (error:AFPDaemon): Failed to add service: Not supported
Jun 11 14:28:02.239113 afpd[37930] {dsi_tcp.c:320} (error:DSI): dsi_tcp_init(192.168.144.0/24): getaddrinfo: Name or service not known

Jun 11 14:28:02.239184 afpd[37930] {dsi_tcp.c:476} (error:DSI): No suitable network config for TCP socket
Jun 11 14:30:23.060420 netatalk[37972] {afp_avahi.c:131} (error:AFPDaemon): Failed to add service: Not supported
Jun 11 14:30:23.343714 afpd[37973] {dsi_tcp.c:320} (error:DSI): dsi_tcp_init(192.168.144.0/24): getaddrinfo: Name or service not known

Jun 11 14:30:23.343786 afpd[37973] {dsi_tcp.c:476} (error:DSI): No suitable network config for TCP socket 

My temporary conclusion:

  1. Samba as is installed in NethServer lack of some parameter to be compatible with the Apple Time Machine

  2. Compiling Netatalk is ok, but there a conflict between Samba and Netatalk.

Edit: @dev_team , please take a look at this link too
http://netatalk.sourceforge.net/wiki/index.php/Netatalk_3.1.11_SRPM_for_Fedora_and_CentOS

and particularly in the “Interoperation with Samba”, there a specific samba configuration…

I’m at disposition to help you investigate this case :slight_smile:

Edit: The first backup is just finished… But actually, it’s really a dirty work :mask:

Edit 2: For now, it’s Nethserver that is MacOS enemy !!! :grin: