Zentyal Radius

0 views
Skip to first unread message

Andree Vandestreek

unread,
Aug 3, 2024, 10:27:12 AM8/3/24
to pucompmicta

Some people may be familiar with the Microsoft Small Business Server (SBS), now called Windows Server Essentials. Zentyal is a similar product that is based on Linux, and more specifically Ubuntu. Zentyal is also a drop-in replacement for Microsoft SBS and Microsoft Exchange Servers. Since Zentyal is open source, it is a cost-effective choice.

The Community Edition has all the latest features, stable or otherwise. No official support is offered by the company for technical issues. No cloud services are provided with the Community Edition. A new version is released every three months with unofficial support for the most recent release. Users are unlimited.

The Commercial Edition has all the latest features, stable and tested. Support is offered based on the Small and Medium Business Edition. Cloud Services are integrated into the server and based on the SMB Edition. The number of users supported by the Commercial Edition is based on the SMB Edition purchased. A new Commercial Edition is released every two years and supported for four years.

Zentyal is Debian-based and built on the latest Ubuntu Long Term Support (LTS) version. The current hardware requirements for Zentyal 3.5 are based on Ubuntu Trusty 14.04.1 LTS (kernel 3.5). Zentyal uses the LXDE desktop and the Openbox window manager.

The minimum hardware requirements for Ubuntu Server Edition include 300 MHz CPU, 128 MB of RAM, and 500 MB of disk space. Of course, these are bare minimums and would produce undesired responses on a network when running multiple network services.

Keep in mind that every network service requires different hardware resources and the more services installed, the more hardware requirements are increased. In most cases, it is best to start with the basic services you require and then add other services as needed. If the server starts to lag in processing user requests, you should consider upgrading your server plan.

Depending on your number of users, and which Zentyal services you plan to run, your hardware requirements will change. These are the Zentyal recommendations. For DigitalOcean deployments, you should go by the RAM column:

Because of the SSL certificate, an error is generated that the site is untrusted. You need to click on the line I Understand the Risks. Then click on the Add Exception button. Select Confirm Security Exception. After the exception is added, it is a permanent listing that does not occur again unless the server IP Address should change.

Your Zentyal username and password are the same user and password that you use to SSH to your Ubuntu server. This user must be added to the sudo group. (Granting full permissions to the user by some other method will NOT work.) If an existing user account needs to be added to the sudo group, run the following command:

Once you have selected the necessary updates, you can click on the UPDATE button at the bottom of the page. The download and installation of the update packages will begin as shown below.

For a small or medium business, Zentyal is a server that can do it all. Services can be enabled as they are needed and disabled when they are not needed. Zentyal is also user-friendly enough that novice administrators can perform system updates and profile/module installation, using the command line or the Graphical User Interface (GUI).

Great old story, but unfortunately outdated! Please adjust or remove because the latest version of Zentyal 4x does not support all the modules mentioned. Especially squid is not maintained by Zentyal anymore. It was so simple to add websites and adverts to block and now I have to use webmin and use that to install and maintain squid.

Hi Jarret,The missing thing in your guide is the firewall settings. For example if you just want to set up an openchange server and openchange web mail packages for native exchange support the firewall blocks the ssh port and 443 or 8443 (for zentyal version 4). This is an issue that I face when I try to deploy a zentyal server to a cloud droplet.

One other thing is that I know Zentyal could run regular backup of the network drives/shares. We need to make sure these are done. Honestly we are trying to consolidate the programs we use for backups as my coworker who admins this spends a good chunk of his day checking these backup. Yes I know for a company of our size we have no excuse, except that there are only 4 of us and literally over 1000 users we have to manage.

If your objective is to stop users giving out the Wi-Fi code, either setup WPA2-Enterprise with radius and have users install a certificate (complicated setup, but secure) or have something like a captive portal where the password changes daily or where users are rate limited.

As far as I can say, the new release policy of Zentyal is very annoying on the first place. I cost me almost a week to recover a system, when updating a 12.04 server, which in case lead to an update on Ubuntu 13.04 which was not intended!

But, after doing a lot of updates on my zentyal installations and reading about the facts, I can agree with the decission of Zentyal going this way. They are getting rid of parts, which can be dealed easily whith native system tools. They focus on networking (firewall), gateway, office and open change as an exchange server replacement. I think, this is a good way - however no easy way for users of the commiunity version of zentyal.

Tips for the SSH server ( see [1] ): For security reasons configure it to use certificate authenitfication only, which is in fact almost the same like a VPN connection (sshd_config: PasswordAuthentication no, UsePAM no, AllowedUsers special_user, RootLogin no). Use another port - not 22. Installing Fail2ban is also a good idea! You should generally NOT use the root login for your zentyal server!

When the firewall module of Zentyal is restarted, all iptable-rules (see NAT) will be reset. So it is wise to use the zentyal hook system to reset the desired rules! A detailed explanation you'll find here: Zentyal#Customization

Then configure your network cards with zentyal and be sure to enable the WAN switch, if you are using zentyal on an internetserver without a gateway in front of it, that is, if your server ip is an internet ip address:

Every service on a Linux system is configured in its own configuration file. Mostly living in /etc/.... Zentyal stores the setting of all services in so called "stubs". These templates can be overridden using hooks.

But using hooks make the system more complex. This means: when doing updates of your zentyal system, you have to be careful and integrate actual changes of zentyal's stub into your own hook. Your own hooks are not updated automatically as well.

c80f0f1006
Reply all
Reply to author
Forward
0 new messages