Upgrade from NethServer 6

The upgrade from NethServer 6 to NethServer 7 can be achieved using the Disaster recovery procedure.

Warning

Before running the upgrade procedure, read carefully all the sections of this chapter. Please also read Discontinued packages.

  1. Make sure to have an updated backup of the original installation.

  2. Install NethServer 7 and complete the initial steps using the first configuration wizard. The new machine must have the same hostname of the old one, to access the backup set correctly. Install and configure the backup module.

  3. Restore the configuration backup using the web interface. The network configuration is restored, too! If any error occurs, check the /var/log/messages log file for further information:

    grep -E '(FAIL|ERROR)' /var/log/messages
    
  4. If needed, go to Network page and fix the network configuration accordingly to the new hardware. If the machine was joined to an existing Active Directory domain, read Active Directory member upgrade.

  5. Complete the restore procedure with the following command:

    restore-data
    
  6. Check the restore logs:

    /var/log/restore-data.log
    /var/log/messages
    
  7. Each file under /etc/e-smith/templates-custom/ must be manually checked for compatibility with version 7.

Note

During the whole upgrade process, all network services will be inaccessible.

Accounts provider

There are different upgrade scenarios, depending on how the source machine was configured.

  • If the source system was a NT Primary Domain Controller (Samba server role was Primary Domain Controller – PDC) or a standalone file server (role was Workstation – WS), refer to Primary Domain Controller and Workstation upgrade.
  • If the source system was joined to an Active Directory domain (Samba server role was Active Directory member – ADS), refer to Active Directory member upgrade.
  • In any other case, the LDAP server is upgraded automatically to local LDAP accounts provider, preserving existing users, passwords and groups.

Primary Domain Controller and Workstation upgrade

After the restore procedure, go to Accounts provider page and select the Upgrade to Active Directory procedure. The button will be available only if network configuration has already been fixed accordingly to the new hardware.

An additional, free, IP address from the green network is required by the Linux container to run the local Active Directory accounts provider.

For instance:

  • server IP (green): 192.168.98.252
  • free additional IP in green network: 192.168.98.7

Ensure there is a working Internet connection:

# curl -I http://packages.nethserver.org/nethserver/
HTTP/1.1 200 OK

For more information about the local Active Directory accounts provider, see Samba Active Directory local provider installation.

Shared folder connections may require further adjustment.

Warning

Read carefully the Shared folders section, because the connection credentials may change when upgrading to NethServer 7.

The upgrade procedure preserves user, group and computer accounts.

Warning

Users not enabled for Samba in NethServer 6 will be migrated as locked users. To enable these locked users, the administrator will have to set a new password.

Active Directory member upgrade

After restoring the configuration, join the server to the existing Active Directory domain from the web interface. For more information see Join an existing Active Directory domain.

At the end, proceed with data restore.

Warning

Mail aliases from AD server are not imported automatically!

Shared folders

Shared folders have been split into two packages:

  • “Shared folders” page configures only Samba SMB shares; it provides data access using CIFS/SMB protocol and can be used to share files among Windows and Linux workstations
  • The “Virtual hosts” panel provides HTTP and FTP access, it has been designed to host web sites and web applications

SMB access

In NethServer 7 the SMB security model is based on Active Directory. As consequence when upgrading (or migrating) a file server in Primary Domain Controller (PDC) or Standalone Workstation (WS) role the following rule apply:

When connecting to a shared folder, the NetBIOS domain name must be either prefixed to the user name (i.e. MYDOMAIN\username), or inserted in the specific form field.

The upgrade procedure enables the deprecated [1] NTLM authentication method to preserve backward compatibility with legacy network clients, like printers and scanners.

Warning

Fix the legacy SMB clients configuration, then disable NTLM authentication.

  • Edit /var/lib/machines/nsdc/etc/samba/smb.conf
  • Remove the ntlm auth = yes line
  • Restart the samba DC with systemctl -M nsdc restart samba
[1]Badlock vulnerability http://badlock.org/

HTTP access

Every shared folder with web access configured in NethServer 6 can be migrated to a virtual host directly from the web interface by selecting the action Migrate to virtual host. After the migration, data inside the new virtual host will be accessible using only FTP and HTTP protocols.

See also Virtual hosts for more information about Virtual hosts page.

Mail server

All mailboxes options like SPAM retention and quota, along with ACLs, user shared mailboxes and subscriptions are preserved.

Mailboxes associated to groups with Deliver the message into a shared folder option enabled, will be converted to public shared mailboxes. The public shared folder will be automatically subscribed by all group members, but all messages will be markes as unread.

Let’s Encrypt

Let’s Encrypt certificates are restored during the process, but will not be automatically renewed.

After the upgrade process has been completed, access the web interface and reconfigure Let’s Encrypt from the Server certificate page.

Owncloud and Nextcloud

In NethServer 7, Owncloud has officially been replaced by Nextcloud.

However Owncloud 7 is still available to avoid service disruption after the upgrade.

Note

In case of upgrade from local LDAP to Samba AD, user data inside Owncloud will not be accessible either from the web interface or desktop/mobile clients. In such case, install and migrate to Nextcloud after the upgrade to Samba Active Directory has been completed.

Migration from Owncloud to Nextcloud is manual and can be arranged according to user’s need. The migration script will import all files and users from LDAP to Nextcloud, but shared resources will not be migrated.

To migrate users and data, use following command:

/usr/share/doc/$(rpm -q --queryformat "%{NAME}-%{VERSION}" nethserver-nextcloud)/owncloud-migrate

After the migration, please replace Owncloud clients with Nextcloud ones [2], then make sure to set the new application URL: https://<your_server_address>/nextcloud.

[2]Nextcloud clients download https://nextcloud.com/install/#install-clients

Phonebook

In NethServer 7, perl library NethServer::Directory has been replaced by NethServer::Password. Please update your custom scripts accordingly.

Example of old code:

use NethServer::Directory;
NethServer::Directory::getUserPassword('myservice', 0);

New code:

use NethServer::Password;
my $password = NethServer::Password::store('myservice');

Documentation available via perldoc command:

perldoc NethServer::Password