February 21, 2014

Syncing Zentyal CA between two Zentyal servers

Xavy Bahillo

This document describes the procedure to set up CA sync between two Zentyal servers. We will use for this rsync being run in a cron job.
We will use root in the side that starts the connection (provided script will be run by cron) and ebox for the side that receives it. We could use any other user, but using user ebox avoid having to create extra unneeded configurations. For the sake of the example we’ll be referring to two servers here:

  1. (Server A) The server on which the CA existed previously, and from which the files for the CA will be taken.
  2. (Server B). The secondary server to which we want to export the CA which exists on Server A.

In order to better understand the procedure we must keep in mind that:
Zentyal CA files are stored on /var/lib/zentyal/CA
This folder has these permissions:

drwx r-x --x 9 ebox ebox

ebox user has as his home the folder /var/lib/zentyal/

  • With this information, we’ll proceed to follow these steps:Check that rsync is installed in server B, and if not install it.
 sudo apt-get install rsync
  • Check if root has a rsa key in server B. If it did not have, create if with ssh-keygen
 if [ ! -f /root/.ssh/id_rsa.pub ] ; then /usr/bin/ssh-keygen" ; else echo "Key Already exists" ; fi


  • Create folder /var/lib/zentyal/.ssh/ and create file authorized_keys
sudo mkdir -p /var/lib/zentyal/.ssh/
sudo touch /var/lib/zentyal/.ssh/authorized_keys
  • Chown both to ebox.ebox:
sudo chown -R ebox.ebox /var/lib/zentyal/.ssh/
  • Copy the root public key to /var/lib/zentyal/.ssh/authorized_keys of server A. Given ebox user has no password you will have to do it by hand, as long as you won’t be able to do it with ssh-copy-id . Thus, open /root/.ssh/id_rsa.pub and paste its contents into /var/lib/zentyal/.ssh/authorized_keys of server A.
  • Test that you can ssh without using password from root as ebox user:
sudo ssh ebox@SERVER-A-IP
  • Now you can:

1. Limit connections from IP:

To do so edit in SERVER A /var/lib/zentyal/.ssh/authorized_keys, and add prior to the ssh-rsa this:

from="SERVER-B-IP" ssh-rsa dasghgdgh+RqUVx5wzgnaMxH2Km5KRx0Wzvsa5YvxjwERVVXs2mUEes5mDpoDMX9pUAwKqPCS5C
jhfg/Pr5jqH+jhfjfgj/jhfgjh+9kErROS1z root@hostname

2.  Ensuring that only rsync is used for this ssh connection:
To do so edit in SERVER A /var/lib/zentyal/.ssh/authorized_keys, and add prior to the ssh-rsa this:

command="/usr/share/bin/check_command.sh” ssh-rsa fdasghgdgh+RqUVx5wzgnaMxH2Km5KRx0Wzvsa5YvxjwERV
2XkkFUYUOdUniYc99NsIxY1/51+/jjhfgjhfg/Pr5jqH+jhfjfgj/jhfgjh+9kErROS1z root@hostname

Now, you must add the script it mentions this line (script taken from http://troy.jdmz.net/rsync/index.html)


echo "Rejected"
echo "Rejected"
echo "Rejected"
echo "Rejected"
echo "Rejected"
echo "Rejected"
echo "Rejected"
rsync\ --server*)
echo "Rejected"

If you use both, separate them with a “,”:

from="SERVER-B-IP",command="/usr/share/bin/check_command.sh” ssh-rsa fdasghgdgh+RqUVx5wzgnaMxH2Km5KRx0Wzvsa5Y
FUYUOdUniYc99NsIxY1/51+/jjhfgjhfg/Pr5jqH+jhfjfgj/jhfgjh+9kErROS1z root@hostname


  • Create the folder where you’re going to store the script that will do the sync and give it appropriate permissions:
mkdir /var/local/rsync-ca
chmod 754 /var/local/rsync-ca


  • Create the script file and give it proper permissions:
 chmod 740 /var/local/sync-ca/rsync-ca


  • Place the following content on the script (change variables as needed)


  • Test the script and confirm that it works as expected


  • Create the cron job for the script we have just created. For instance, to run this daily write under /etc/cron.d/rsync-ca :
 # /etc/cron.d/rsync-ca - Runs the script that syncs CA with SERVERA daily


# Log data for report hourly
@daily root /var/local/rsync-ca/rsync-ca

January 31, 2014

ANSTE 0.11 released!

Jose Antonio Calvo

It has been a long time since a new version of ANSTE was officially published, but this is also the biggest release so far. It’s not only a bugfixing release with minor improvements, this one has big changes. It’s not 1.0 yet, but we’re almost there :)

So, let’s summarize the main highlights:

  • New anste-init command to easily create the skeleton of a new project
  • Added python-anste wrapper for python-selenium
  • Completed migration to YAML format, removed old XML support
  • Allow to auto-download images from a server instead of creating them
  • Use QCOW2 format instead of RAW for images
  • Snapshots support via new anste-snapshot tool
  • Tons of fixes and improvements

Full changelog is availabe at: https://github.com/Zentyal/anste/blob/master/ChangeLog

You have all the information about ANSTE at the brand new http://www.anste.org webpage, which features a fresh and renewed style, and also a demo screencast will be published coming very soon! :)

And by the way, if you are going to FOSDEM, don’t miss the ANSTE talk there!



June 28, 2013

Mail server in Zentyal – Understanding differences between Mail and Groupware modules

Xavy Bahillo

Many people get confused when installed Zentyal about the differences between Zentyal Mail and Zentyal Groupware modules.

Zentyal provides mail functionality through Zentyal Mail module. It uses Postfix as the daemon to provide smtp functionality, and Dovecot as the daemon for POP3(s) and IMAP(s) functionalities. Where are mails stored? It stores mail files in /var/vmail/. You can enable which services (POP/IMAP) you want to have enabled in the Zentyal GUI:


Finally, you can use Zentyal Webmail module in order for your users to be able to check email using a browser. Zentyal uses Roundcube for this.

Zentyal Groupware (zarafa)provides as well mail functionality. Zarafa will store mail on its database (Zarafa MySQL database when using Zentyal 3.0),and provides Webaccess as the interface for webmail. So What’s the difference with them?

  • Zarafa provides you an address book with your LDAP users, so they don’t need to include their collegues by hand.
  • Zarafa allows you to use (collaborative) calendar where you can write and share your day-by-day events.
  • And the main one: Zarafa provides you with the possibility of allowing your users to use Exchange accounts for your domain (using the so-called Outlook Connectors) and to use their mobiles for Exchange accounts (using z-push).

So far so easy isn’t it? But many people get confused when configuring these. In order to clarify these, we’ll try to make clearer how Zarafa works, so configuration should be easier.
We’ll take for this a simple environment, with no Mailfilter module involved (as it will be transparent for this), and Zentyal Mail, Webmail, Zentyal Zarafa and Zentyal Webaccess (which is installed when installed zentyal-zarafa module)

For the first step, let’s take an environment with Zentyal Mail with POP3, Secure POP3, IMAP, and IMAPS configured and Zentyal Webmail modules. In this environment we have a single domain, say zentyal-domain.loc, and three users:

  • john@zentyal-domain.loc
  • doe@zentyal-domain.loc
  • foo@zentyal-domain.loc

User john retrieves his mail through a Thunderbird/Outlook client with IMAP  and when he’s abroad, he checks it using it IMAPS on its mobile)

User doe retrieves his mail through POP3, and when he is abroad he checks it using IMAPS on its mobile)

User foo check his mail using webmail.

So, in this state-of-things any user can check his email using any method he might prefer (POP3, POP3S, IMAP, IMAPS or Webmail). But now we install the Zarafa module, and a new user bar@zentyal-domain.loc , and we define this user as a Zarafa user:



So, our user goes straight away to its Thunderbird mail client, and configures it but…gets nothing. We know that the should at least have received the welcome to the company email, so… what might have happened? He also checks webmail… and he finds the same result.

As we had told standard mail stores mail in /var/vmail while Zarafa does in MySQL. When a user is marked as non-Zarafa user its mail is sent to the filesystem, and if it is a Zarafa user mail is sent to MySQL. Now let us have a look to the first screenshot of this article. Yes, we still have enabled POP3, POP3S, IMAP and IMAPS. So meanwhile  we keep this configuration, no client can be used to check a zarafa account (unless using a Exchange account with an Outlook connector) as every method is still reserved for standard mail.  About the webmail, well you might have guessed, you user should point his browser to /webaccess (or /webapp, if webapp has been installed)  in order to check Zarafa mail, as Webmail module only checks standard mail.

So, in order for our user bar to be able to use Thunderbird, we have to disable in mail configuration some service. For our example we’ll leave the secure protocols for mail.


After saving changes, you’ll be able to enable the POP3 and IMAP gateways for Zarafa, and our user will be able to check Zarafa mail using these protocols. Don’t try enabling any gateway without disabling first on mail module config, as it will logically complain, as  the same port cannot be bind by two services:



June 17, 2013

Zentyal Auth and Shared Folders configuration on Linux

Guest Stars

Xavy Bahillo has just published a short article on configuration of Authentication and Shared Folders on Ubuntu using Zentyal as server.

He is showing a solution with SSSD and pam_mount.




June 05, 2013

How to easily deploy and manage an IT network in a secondary school with Zentyal

Guest Stars

Zentyal server includes the most common network infrastructure services required by any type of organization. In fact, besides being used in small and medium enterprises, it is very popular in the education sector. Thanks to its ease of deployment and maintenance, many primary and secondary schools meet their network infrastructure needs using Zentyal server.

In this post we would like bring your attention to this Master Thesis project entitled ZentyES: Managing a secondary school network with Zentyal that will be useful for those system administrators and computer teachers looking for a complete network management solution for their education center. In this document you will find detailed information about how to deploy a Zentyal-based computer network in a secondary school and how to set it up quickly through Zentyal’s easy-to-use web interface.

The author of this project Guadalupe Bermejo has done a great job and we are proud to broadcast it on our channels. Her Master’s Thesis, written in Spanish, has been carried out within the Master in Free Software of Università Oberta de Catalunya. The project provides an analysis of requirements and alternatives, together with an implementation study with great attention to detail, extensive documentation and justification of decisions, all with an impressive level of professionalism.

The network architecture proposed in the project meets the current requirements of the center, but also takes into account the future needs. A thorough description of the implementation, with detailed screenshots and explanations have been included for the present and future system administrators to ease the understanding. Concretely, Bermejo proposes how to manage the local network infrastructure with DHCP and DNS services, to use the gateway for Internet access, and HTTP proxy for content filtering. [1]

If interested, you can learn about some other real use cases in schools where Zentyal-based solutions are used. For example, the use case of Studenterkursus High School in Aalborg, Denmark, that uses Zentyal as Office Server, Gateway and infrastructure manager. And the use case in the Department of Education of Aragon (Spain), that has deployed over 80 Zentyal servers in schools across the region.

During these years we have found out that many times it is the computer science teachers who actually take charge of maintaining their center’s network infrastructure and thanks to this, many learn about Zentyal. In case of vocation education centers, when teachers find out that Zentyal server includes most of the functionality they teach to their students, grouped in an all-in-one solution with an easy-to-use web interface, they often decide to include Zentyal studies in their training programs. And this is how Zentyal Academy, training program for official vocational education centers, was born! Read more about Zentyal Academy in this post about our participation in PUE’s Tech Learning Day and at Academy Program-page.

[1] Please note that the project is based on Zentyal 2.2, so if you plan to use it step by step to create your own Zentyal network, you might find out that there are some slight changes. But in essence it is very similar to Zentyal 3.0 so that it can perfectly serve as a basic guide.


May 24, 2013

Spoiler alert! A new Zentyal.org site coming soon!

Guest Stars

Zentyal Team is proud to announce that a new Zentyal.org website is coming soon! This is something that we have had in our minds for quite some time already and now we are extremely glad to let you know that next Wednesday May 29 is the day when it will go live!

The main goals have been to improve the hierarchy and structure of the website in order to make it easier to access and share interesting information. We have also wanted to highlight the How-tos and tutorials made by Zentyal users so that all this great content will become more accessible for the whole community to enjoy it!

The site has been divided in four major blocks of content with the aim of making it much easier and quicker to find what you are looking for. Moreover some new pages have been included: Technical features of Zentyal server, external how-tos, information on training, visual resources and ideas on how you can contribute to the project.

Here you can see a detail of the four main sections on the homepage:

And here you have a detail on how the News section will look like:

A full list of technical features of Zentyal server will be available at one sight:

So, stay tuned! The new site will go live on May 29 and you can join the Zentyal Team to spread the word of the coolest website in the world ;) !


May 03, 2013

Music at Zentyal’s HQ (pt. II)

Guest Stars

It seemed that five songs could be good enough for a post, so here we go with another five different songs from the people at Zentyal HQ. Suspicions were right, we are actually persons, sometimes even humans, and we use to work listening to music at our headphones. Thus, I hope you could know us a little ‘byte’ more with these posts.

xX_SpOiLeR aLeRt_Xx (xD) It seems that in this song squad classics have arrived, but also some Spanish themes, so get your ears ready for these songs chosen by people at Zentyal HQ. If there would be a hidden camera over here, you will notice that headbanging duels is a local sport. Guess why? Let’s discover it!

AC/DC – Thunderstruck

Ironman movie is cool, but we all agree that it is because of those AC/DC moments. Anyway, Mateo’s choice should be on that place where only brilliant songs deserve to be at. Thunderstruck is one of those, simple but great. Let’s listen to it in this live performance.

Jorn – Blacksong

Melodic guitars and Jorn Lande’s voice; perfect ingredients for a terrific recipe. It was hard for Neru to choose just only one song for these posts, but after several changes this was the chosen one. What do you think? Check it out at Youtube.

Joaquín Sabina – Y sin embargo

Joaquín Sabina is one of the best sing-songwriter in Spain. Some of his songs are widely know over here, and this is one of those. It does not matter which kind of music do you like, everyone will know these lyrics. Let’s check out Exekias’ choice in Youtube (You can turn on English subtitles, highly recommended).

The White Stripes – Seven Nation Army

Talking about classics, here it comes a newer one. Everyone who listen to that first song notes would recognise it. Maybe not the title or the band, but sooner or later everyone has listen to it. Do not know the song? Listen to Bencer’s choice!

Tachenko – Escapatoria

To conclude with this second instalment a local band come up. Tachenko is an indie pop band from Zaragoza, but it is also sixstone’s choice. It is impossible not cheering up while listening to this song, check it out.


April 01, 2013

Preview of the future Zentyal 3.2 theme

Guest Stars

Hi all,

One of our main goals for Zentyal 3.2 is to revamp the look and feel of the Zentyal interface, we want to give it a new fresh touch of kindness but making it also a bit more aggressive. We’ve done some work already and you can have a sneak peek if you do the following on a root shell of your Zentyal machine:

apt-get update
apt-get install z32-theme-preview

In the improbable case you get tired of it and want to switch back to the classic theme, you can do it with just:

apt-get purge z32-theme-preview

And remember the Zentyal team don’t sleep, we just wait.


March 31, 2013

Introducing the Zentyal configuration backup

Guest Stars

I am sure that I don’t need to drill you about the importance of backing up your system. Ideally the whole system is backed up, but this costs time and space.

However, as very convenient shortcut, there is an easy (and free) way of backing up the Zentyal server configuration. With this configuration backup you can quickly restore your Zentyal server to a production state. And it does not need to be the same box, you can also use the configuration backup to apply the configuration to a new server.

The configuration backup also includes all the user and group accounts so your users can continue logging in to the services they use.

There are several ways to make and restore the configuration backup. The more versatile is to use Zentyal Cloud Service that comes with the Free Account registration: this way the backup will reside in the cloud and you could apply it to any of your Zentyal boxes. You can get a free account here.

To access to this feature in the web interface, you must click in System -> Import/Export configuration. A console interface is also available through the programs ‘/usr/share/zentyal/make-backup’ and ‘/usr/share/zentyal/restore-backup’.

How this works?

To the curious among us, let me explain its internal workings. The backup is just an archive file in TAR format, that includes the files describing the configuration.

First, the backup process writes some files with metadata, like the current date or the packages installed in the system. Then it loops through the installed modules making each one to dump its configuration.

Remember that the configuration values we see reflected in the web interface are stored in a Redis backend. So each module must dump its Redis keys and value to a file. However the Redis keys are not sufficient for all modules. Remember that the users and its related data are stored in LDAP. In this case the users module does a dump of the full directory in LDIF format.

Likewise the samba module dumps its internal database and the modules which use OpenSSL certificates to store them in the backup archive.

When the backup is finished, it is stored in your local file system: you can download or restore it from the Zentyal web interface.

For restoring a backup the same process is run in reverse, picking each of the files and importing them to our Zentyal system.

Configuration backup and the Backup module

As you may known Zentyal also has a file backup module which allows you to set the files to be backed up, the destination of the backup and its frequency.

A configuration backup is added to the backup of the selected files to have better recovery odds.

Backup in the cloud

One problem remains in this configuration backup schema and it is to store it in a remote, always-accessible location. The location which meets these requirements is the Internet, now dubbed cloud.

Zentyal Remote offers this service. It checks daily your Zentyal configuration and the contents of the LDAP directory, if it finds any changes, it makes automatically a backup and sends it to the cloud.

The number of simultaneous held backups depends on the type of edition you have. A community edition with Free Account can store one configuration backup, a Small Bussiness or Enterprise edition can have up to seven configuration backups. Furthermore, the seven configuration backup-limit only applies to automatic backups, you can have as many manual backups as you like.

Once you have your backup in the cloud, you can restore it in any of your subscribed Zentyal servers using the web interface.

Post written by Javier Amor Garcia


March 25, 2013

Zentyal Internal Plumbing (Part II): Mail with groupware

Guest Stars

Hello again my fellow Zentyal plumbers. This post is very related with the first one, this time covering Zarafa and related subsystems.


Zarafa is a groupware suite, including mail, calendars, contacts, task and notes which offers fully-fledged collaboration, sharing and access permission mechanisms. A remarkable feature of Zarafa is its integration with Microsoft clients and mobile synchronization protocols.

Let’s jump to the plumbing diagram already:

(click to enlarge image)

First of all, this diagram is a simplified and Zentyal-contextualized version of some parts of the Zarafa documentation: Zarafa Architecture, Zarafa Components. We encourage you to visit the official Zarafa documentation to continue learning about this platform.

Point by point:

A: Most of the mail subsystem components explained in the first post Plumbing part I are exactly the same for this version, so you still have Postfix as your MTA and the optional parts like Amavis security suite, Postgrey, Fetchmail and so on. Zarafa replaces the MDA, and adds the groupware services and gateways for several protocols and platforms.

B: The zarafa-dagent is the equivalent of a MDA (performing some of the roles of Dovecot for the former blogpost), it uses LMTP, a simplified and local-only version of the SMTP protocol to communicate with the MTA. Take into account that different MDA means different mailboxes for your users, if you migrate your virtual mail domain from Dovecot to Zarafa, the user mail addresses may remain the same, but they are accessing a different Inbox in different storage backend.

C: MySQL database, related to the last point. Zarafa stores mail and some mail metadata in a proper database, as opposed to the file-system based mail storage present in traditional mail systems.

D: The zarafa-spooler sends the mail waiting in the outgoing queue through the MTA.

E: Zarafa is tightly integrated with the Apache server in Zentyal, so the ‘Web Server’ module is required to offer all the web-based interfaces and protocols available to the users.

F: ‘Web access’ and ‘Web app’ are two web interfaces that offer the user a very convenient and fully featured way to access the mail and groupware services by just using their web browser. ‘Web access’ is oriented to look and feel like a microsoft outlook interface, while ‘Web app’ uses modern web protocols to improve the experience and can even integrate with chat and voice IP subsystems.

G: Z-push, an implementation of Microsoft’s ActiveSync protocol, available in all the major smartphone operative systems. Using this gateway you can synchronize all your mail, contacts and calendars information in your phone, bidirectionally, without installing additional apps and over the air.

H: Zarafa gateway for common mail services, IMAP4(S) and POP3(S), take into account that if your plan to offer a mail gateway, IMAPS for example, first you have to make sure that this port is disabled in Dovecot.

I: Microsoft Oulook offers MAPI, an interface to perform the synchronization against third party software. The Zarafa Windows Client needs to be installed in the Desktop OS. It bridges the Zarafa groupware protocols and Microsoft Outlook clients in transparent way for the users.

J: The MAPI commands are encoded in web-service SOAP and synchronized against Zarafa server.

Hope you have now a clearer vision of all the features and possibilities that Zarafa brings to the table. An important piece is missing in the diagram: how Zarafa server and Postfix connect to the LDAP to retrieve user auth and directory information. In the next post I intend to cover the Samba and Kerberos subsystems.


March 15, 2013

Upgraded translation platform & how to see your translations right away

Guest Stars

We have now updated our Pootle translation platform to a newer version, fixing some persistent problems with the string search functions. We are migrating the translations and accounts to the new system, so the users should not notice any major changes. Please, send us a notification if you detect any problem with your account or your translations.

The internationalization packages are updated from time to time, so you can get a new language-pack-zentyal- containing your language fixes eventually. If you don’t like waiting and want to try your translations right away, you can click on the ‘Translate’ tab inside your language section and then download the ‘zentyal.po’ file, using the ‘Download’ link.


You will need a local copy of the github Zentyal repository:

apt-get install git (if needed)
git clone git://github.com/Zentyal/zentyal.git

You will then, replace the ‘.po’ file in the repository. In my example I will overwrite zentyal/extra/language-packs/po/es.po. The file downloaded from pootle is named zentyal.po, so you will need to rename it.

mv ~/Downloads/zentyal.po ~/repos/zentyal/extra/language-packs/po/es.po

You will also need the package building tools:

apt-get install dpkg-dev

By default behavior is to build all the language packs, you probably don’t want this, so make a backup of the zentyal/extra/language-packs/debian/control file and then delete the unwanted packages.

Example for Spanish only:

Source: zentyal-language-packs
Section: web
Priority: optional
Maintainer: Zentyal Packaging Maintainers
Build-Depends: debhelper (>= 5.0.0), cdbs, po-debconf
Standards-Version: 3.8.2

Package: language-packs-zentyal-all
Architecture: all
Depends: language-pack-zentyal-es
Description: Zentyal translations for all supported languages
Zentyal is a Linux small business server that can act as
a Gateway, Unified Threat Manager, Office Server, Infrastructure
Manager, Unified Communications Server or a combination of them. One
single, easy-to-use platform to manage all your network services.
This metapackage includes the translations for all the languages.

Package: language-pack-zentyal-es
Architecture: all
Depends: zentyal-common (>= 3.0), ${misc:Depends}
Description: Zentyal translations for language Spanish
Zentyal is a Linux small business server that can act as
a Gateway, Unified Threat Manager, Office Server, Infrastructure
Manager, Unified Communications Server or a combination of them. One
single, easy-to-use platform to manage all your network services.
This package contains translations for the Spanish language.

Then, from the directory zentyal/extra/language-packs you will
execute the command dpkg-buildpackage -us -uc. When this process
is complete, you will find the .deb package in zentyal/extra,
language-pack-zentyal-es_3.0.1_all.deb in my case.

Then, just copy and install this package to your Zentyal machine:

dpkg -i language-pack-zentyal-es_3.0.1_all.deb

Restart the web interface…

service zentyal apache restart

And you should be able to see your updated Strings.

We encourage you to review the state of your native language translation and take the effort to help make Zentyal native for the people around you.


March 04, 2013

Zentyal supports the Python Software Foundation

Guest Stars

Few weeks ago the Python Software Foundation asked for help in a trademark issue that involves “Python”.

As Zentyal uses Python as main programming language for our cloud based services and in the testing of Zentyal Server, we have decided to submit a letter for helping the Python Software Foundation as much as we can.

Please, if you use Python in any way, support them!!

Check out this letter template that might help you to send your own support letter to the Python Software Foundation.





February 21, 2013

Quality and FOSDEM talks

Guest Stars

FOSDEM LOGOThe first weekend of February, the ULB Campus in Brussels held one of the biggest events in Europe about open source communities and development, the FOSDEM. Some Zentyalers decide to take few days off and go to that nice city and enjoy the weather (just kidding although it wasn’t that bad… ), all the talks and interesting people that get together.

Of course I was one of team members who joined the event, and besides the great beer, I especially liked a talk that the community of Libre Office gave. It was about the path they have been following lately and how they have refactored and improved such a great application. Here is a link to the video in case you want to enjoy an interesting talk.

There were two things that really touched me. The first one was the culture shift they suffer to allow them to build a better product and empower new contributors to collaborate with them. Short iterations, don’t ask permission ask forgiveness, embrace change… and the most important of all of them, have fun developing :) Fantastic!!!

The second one, was quality. They have done a big effort to build quality in the core of their project. Doing unit tests, refactoring to improve the code and its maintainability and what’s more important, giving the quality the necessary importance to reduce the bugs to a minimum. We definitively share that vision and have always considered that the best way to assure quality is to build it from the beginning, inside your products, not leaving it for the last part of the project or any other phase.

At Zentyal we have always put a great effort in building our products with the best quality. Moreover, in the past months we have done a similar switch to a more quality centered development. We are still working on fully changing our focus, but you can see already some of the improvements in the community version as well as in the Software and Security updates of the commercial commercial versions.

By the way, Libre Office has just released the 4.0 version. Check it out, at Zentyal we use it in our daily work and it’s great.


January 25, 2013

Music at Zentyal’s HQ (pt. I)

Guest Stars

One of the most recurrent topics at Zentyal’s HQ is music. In fact it use to conclude with some actual plush toy throwings and a heavy rain of axes. Our tastes may not differ a lot, but we actually love those confrontations. So, why not writing some lines to share our tastes with you all?

Firstly I thought that it would be fine to ask my everyone at the HQ for one of their favourite songs. Though if was harder than expected, for some it was pretty hard to narrow down the scope, and others were just only lazy, here there are some of the ones I gathered. Hope you like them… or not (mind your head, axes will be flying towards it).

Smoke On The Water – Deep Purple

Julio, our quality assurance guru just kept that simple with a classic: Smoke On The Water from the great Deep Purple (Glover, Blackmore and friends). In fact this song represented one of his first hard rock songs when he was a child, so it was a good way to introduce himself into the rock world, isn’t it? You can watch a live performance on Youtube if you want.

A.D.I.D.A.S. – Korn

Let’s come close to the present with Fernando’s choice. Nowadays it could even be considered a classic, but A.D.I.D.A.S. from the American band Korn is what he needs to cheer himself up while working. Again here you have the link to the official video on Youtube.

The Final Sacrifice – Avantasia

Hard rock classics, nu metal pioneers on our list, so now you can imagine how could our talks verse about. But here shows up Zei with his choice. Avantasia is a power metal supergroup headed by Tobias Sammet, and The Final Sacrifice is one of their bests. Prepare you ears, and listen it on Youtube.

Adagio For Tron – Tron Legacy OST

Well, it seems that guitars, basses and drums cope out music taste… but Blaxter has always something different in mind. The song he sent me is from the Tron Legacy OST, and it would chill down everyone here at the HQ. Check it out at Youtube, it is Adagio For Tron from Daft Punk.

Only For The Weak – In Flames

It is time for the last song of this post. Let me show my own choice. It always gives me a plus while developing, fingers seems to type faster and everything seem easier. My choice is Only For The Weak, from the Swedish band In Flames. It is great, and by far, it is the best song of this list (of course, it’s mine!). Check their live performance out at Youtube.

Image | 9gag


January 24, 2013

“Zentyal is secure by default”

Guest Stars

We have had special guests at Zentyal HQ during the first weeks of the year. A few staff members of the Malawi Defence Force (MDF) visited us to take a training course, focused especially on security and how to optimize Zentyal server configuration to guarantee security in institutional environments. The course was jointly delivered by Zentyal and ACS Labs, UK-based IT support and service provider specialized in information security and Zentyal Partner.

Mussa Khonje, Computer Security Director at ACS Labs, UK, Nathan Soko and Duncain Taipi, respectively IT Officer and Director of Communications of Malawi Defence Force explained us why Zentyal software responds successfully to the main challenges regarding information security.

Zentyal: What would you say are the typical IT needs and challenges in defence force environments?

ACS Labs: The need to protect the banks, for example, is internationally recognized. When the armed conflict between Russia and Georgia took place in 2008, one of its effects was that people in Georgia could not draw money from banks. Since then organizations such as United Nations or NATO have implemented more rules to safeguard information security and how to tackle cyber operations. This is a new threat that is growing and changing all the time so there is a need to invest in this and it is also the direction the defence forces are taking.

MDF: Defence forces are not anymore all about armed defense, we believe that one must also be prepared for software attacks, to mitigate these attacks and to secure information. If your IT systems are being attacked or hacked, you should be able to make sure these systems can not be easily penetrated, that you are able to keep the information safe and secure the correct functioning of the government.

Zentyal: What are the benefits of Zentyal in comparison to other solutions?

ACS Labs: Zentyal’s position is unique because it is a one platform with so many solutions. It is a well-tested system, with constant security updates and also very flexible to changes on technology. With other solutions you find a big gap: you need to download the software updates and implement them to the machines, what takes a week or more, and during this time the hackers can attack your system. Zentyal offers customers fast and automatic updates.

MDF: Zentyal includes many services that in other software solutions come in different packages. Moreover, Zentyal integrates these services in all-in-one solution and it is very easy-to-use, just by clicking. We believe it is a powerful software that helps to control many security issues.

Zentyal: So, we heard that during the course you were simulating attacks to different machines in order to test their vulnerability. What were the results?

MDF: Yes, we were going into Zentyal software and other software products to test how difficult is to penetrate them. It took us five minutes to go into the proprietary product. Zentyal instead resisted the attack even though we know Zentyal rather well. When you configure it properly, it mitigates completely the attack.

ACS Labs: In the Zentyal Summit of 2012 ACS Labs tested and presented the findings we knew about the strength of Zentyal. It is intelligent to use Zentyal because it is secure by default. If you configure Zentyal very well and you have great security policy, you will always keep your infrastructure protected.

Zentyal: What would you highlight from the course?

MDF: The teacher, Mateo Burillo, went far much deeper than we expected. We believe you Zentyal guys have chosen someone who has deep knowledge about what we were interested in.


January 17, 2013

Zentyal’s Scrum

Guest Stars

After the fantastic workshop we have the last month about Agile Methodologies, the two development teams working in Zentyal decide to start doing Scrum.

scrum in zentyal
We will start doing it bit a bit, not all at the same time. In this way people will get used to it and will feel more like a Kaizen process than a big Kaikaku. Stand up’s, visualization of the workflow in a task board and retrospectives will be the starting point for the two teams. From there we hope to be adding more stuff incrementally till it starts looking more like a proper Scrum, with sprints, planning meetings and all the other stuff. We will experiment with all this, see what fit us and thrown away the things that don’t fit in our company culture.

So, as you can see we have a large path to walk. We will try to improve our process a lot and hopefully you will notice this improvement in a even better quality of our products.


December 28, 2012

Agile methods improve your workflow and are contagious!

Guest Stars

Amid laughs, Lego plays, origami papers, plastic sheets and colorful pencils is how you could see Zentyal staff at HQ on the 21st of December. The reason was the Agile workshop Teresa Oliver had prepared for Zentyal crew. But what is Agile? Is it really useful tool to improve the project development? Teresa, founder of Skok and in charge of this Agile training session, was pleased to respond to some questions for those who still don’t know what Agile techniques can do for your work-flow.

Zentyal: What is Agile?
Teresa Oliver: It is a different way of managing projects and teams. It is based on giving value to the customer as soon as possible, as frequently as possible and adapting to the change all the time. It means not to have complex and fixed requirements at the beginning of the project, but build and deliver them at the end of it because there are many possibilities of not doing everything right from the beginning, not to have understood the requirements properly or it might also happen that customer needs change during the project. For this to work it is vital that the teams share and practice a range of values like confidence, communication, respect and absolute transparency, and this is not always easy.

Z: Why games can help to overcome these issues?
T. O.: We combine many short games to stimulate the conversation about different Agile values with other longer games such as Lego and the ones with board and pieces in order to understand the complete cycle of a project. These games helps to embrace and fix concepts much more clearly than a traditional presentation.

Teresa Oliver delivering Agile training at Zentyal HQ

Z: If I want to practice Agile methodologies, what are the first steps to be taken?
T. O.: When we -Skok- collaborate in a company, we start with a basic workshop for the whole team, comparing their common everyday work with an Agile one. Afterwards we choose a pilot project, we apply Agile principles from the start and we learn what happens: What works and what has to be adapted to this specific environment. And later we extend, little by little, the learning to the rest of the projects. It uses to be very contagious.

Z: Is it possible to apply Agile in other environments apart from software development? Some people say they use it in their lives.
T. O.: Of course! In fact it is done more and more: At universities and schools, for managing ONGs, for organizing children tasks in families, to mobilize multidisciplinary teams for transversal projects in big organizations… Agile can be useful in every environment where there is a set of people sharing a common goal and dealing with uncertainty and a fast adaptation to change.

Z: In case I want to learn more, to whom I should turn to for advice?
T. O.: Apart from books and blogs, I recommend to meet people in your local community that share these interests. In Zaragoza we have Agile Aragon, a small but very active community, that meets periodically to organize events, talks, bring people from other cities to share their experiences, make Agile programming sessions, etc. There is nothing like personal contact.

Z: How can I find my local Agile community?
T. O.: In Spain local communities are listed here. A good worldwide list, can be found here.

Thanks Teresa for making Zentyal Team a little more agile :) !


December 21, 2012

Step by step: small goals and reward yourself

Guest Stars

Awesomeness by small and affordable tasks

We all know that goals are important in our life. Yes, you are right, I said “life” and not only “work”. If you are used to work with goals, have you tried with them in your personal life? But I am not writing about life goals. Today I would like to write about some of those epidemics that are spreading all around the world: Poor concrete goals.

Doh! “Poor concrete” would not be the right words. Your goal in this project is to develop a huge web administration tool, users will be able to…. and administrator will be able to delete… when a “friend” is deleted a soft deletion will take place… and… do not forget to enable… is it clear? Of course it is. But, once you have to play the ball, the goal would seem to be huge and unaffordable.

We all have started a work day and felt that that day we did not want to do anything. Better sleeping habits could help, but probably the problem was the task that had to be done. Too complex? Too repetitive? Too difficult for you? Or you just simply do not like it. Let’s take a magic spacecraft.

Maybe you could fly up away your task. This would give you a clear and motivational context. Isn’t it clear? Don’t be so tight! Imaginary fuel is free, you can fly up higher and higher. Now you can see your company’s main direction and you may take a look at how it aligns to your personal and family life.

But I told you this was about avoiding “poor concrete goals”, once you have achieved a fully (I am always optimistic) motivational state it is time to dive deep into that task with we do not want to face up, let’s use again our magic spacecraft. It is everything about divide and conquer. Simple and smaller tasks use to be more affordable and motivating. Why do not use them? Now you only have to manage those tasks.

Internet is plenty of web tools that would help, but this is not about platforms, this is about you. It sounds aggressive, but it I promise, it is all about you. Sometimes simple is best. You can write them out on a whiteboard, on a piece of paper, or why not?, on a window glass with that whiteboard marker you have. But writing them out is not enough.

Apart from doing them, the key point is deleting them from your list. You can play basketball with the post-it, or you might burn it; maybe you would rather cross off the task with unusual passion. You have finished a task, you deserve a reward, so take it! No one is gonna give it to you (at least sooner enough), you have to take it by yourself. Take it and enjoy your work.


December 19, 2012

Tune up your Fluffy (Xmas update)!

Heidi Vilppola

Christmas themed Fluffy

To celebrate the holiday season and the brand new year 2013, Zentyal Team has prepared a Xmas-themed update for your Fluffy! Happy holidays!


1. Download and print the Fluffy cube template
2. Download and print the Xmas update
3. Get a pair of scissors, some glue and follow the instructions
4. Upload a picture of your Fluffy to your Facebook or Twitter account and tag Zentyal :)!


December 13, 2012

Status of the Samba 4.0 integration in Zentyal 3.0

Jose Antonio Calvo

As you may already know, when we started the Zentyal 2.3 development, we took the decision of integrating Samba4, which was about to enter the beta phase. This sounded risky and was questioned by some, but as we have the ambitious goal of being a full Active Directory replacement, and improve the migration processes from Windows server environments we decided to go for Samba4 integration and we do not regret it.

During the whole year Samba4 has been evolving really fast and we were confident that at some point around the release date of Zentyal 3.0, or not too late, there would be a final Samba 4.0 stable version solving the problems of the first beta versions. We can also say that during this development we have tried to contribute as much as possible with the Samba team, by giving feedback, coding and sending patches.

The thing is that Samba 4.0 stable has been released already and sadly, as you can see in the official announcement, it has been released still with known issues that affect some scenarios that Zentyal aims to provide.

So, how to solve this situation in these scenarios? To start with, we have written a brief list of the current known issues. In the next days we are going to detail them, provide as much documentation as possible about the different scenarios, what works and what doesn’t, and what can be done, including best practices for deployments. The documentation will be ready during next week. We also plan to implement more checks in the Zentyal Samba module to avoid common configuration mistakes, and add the possibility to recover from them, for example, allowing easy reconfiguration if Samba has been provisioned with a wrong domain name.

We can assure you that we will keep working hard making Zentyal a full Active Directory replacement and you should expect clear information about the current issues and the updates on the zentyal-samba packages.

Thanks for using Zentyal and keep the feedback coming so that we can all make it the best Linux alternative to Windows Server!


December 10, 2012

Visiting BeCode’s facilities

Guest Stars

Zentyal stuff with Xavy at BeCode

A few days ago two of us went to “La Cueva” (The Cave) at Valencia. La Cueva is the name that BeCode’s people give to their facilities, guess why? Well, it is not that cold and dark, but it does not seem to be like other development companies facilities. It is a ground floor of a building they all share, and it is also the place where they also organise open workshops for the neighbourhood (bicycle fixing, guitar lessons, WordPress workshops, …).

Inspired by the Desk Surfing movement, we decided to ask them for a place to work and exchange knowledge and opinion. Thus we arrived and they all welcomed us at their daily meeting and started working. It seemed that we arrived there at one of the coldest week in Valencia, but the environment there (and the heaters) made feel us warmer.

In those three days we had time enough for talking about many topics. We could practice with fluid interfaces with a Javascript kata with Jasmine lead by Xavy. We also share points of view about testing strategies at complex architectures (like Zentyal’s one), and we also talked about design patterns and SOLID concepts in software development.

You managed to make us feel like if we were at home, so from this little internet corner we would like to thank you all your dedication and efforts. Be sure that we will back, better sooner than later, mainly because we already miss those beer talks. Thank you for everything.

More info | BeCode | DeskSurfing


November 28, 2012

Zentyal Internal Plumbing (Part I): Mail

Guest Stars

Hello all,

Some of our advanced users don’t have enough just interacting with the Zentyal interface, and want to go deeper in its entrails, to know the abstracted-out details. In this series of small blog posts I would try to clarify how the different components are interconnected.


I want to cover the following sub-systems:

  • Mail (Mail module only version)
  • Mail (Groupware version)
  • Samba4 and Kerberos & how it connects to other sub-systems
  • HTTP proxy

Let’s start with the Mail (Mail module only) and it’s general interconnection map:

(click to enlarge image)

This diagram also includes all the mailfilter capabilities.

Point by point:

A: Postfix is our Mail Transfer Agent, in charge of delivering and accepting mails from other mail servers.

B: The standard entry point for the SMTP protocol, it can support security via STARTTLS. Intended for communication with external MTAs.

C: Same than B, this port is intended for local users delivery.

D: Same than B, but with forced TLS communication.

E: Every time the MTA receives a new message, the associated domain can be checked against the Postgrey database, this mechanism can force retries to deter spamming bots.

F: Dovecot, our Mail Delivery Agent, distributes the mail to the users’ mail boxes.

G: Dovecot is able to accept SIEVE rules (filters, forwards, flags and so on) using this port.

H: SIEVE is sub-systems implementing a scripted language that performs the configured rules over the incoming mail. Take into account that SIEVE rules can, in turn, talk to the MTA to forward a mail again.

I: Your Mail User Agent (mail client) will retrieve the mails from the MDA, using POP, IMAP or their secure versions.

J: Amavis is a security suite that will use other components to filter potentially dangerous mail.

K: Messages are forwarded from the MTA to Amavis, checked, tagged according to their spam status and then returned to Postfix.

L: Amavis uses an unix socket to pass the messages to the ClamAV antivirus for inspection. Infected messages will be stored away in the quarantine folders, thus, they won’t be delivered to their recipients.

M: The Spamassassin suite uses multiple auto-adjusting mechanism to detect unwanted mail.

N: Fetchmail can periodically retrieve mail form external accounts and insert it in our system talking with the MTA.

O: The Webmail service can be deployed to communicate with the MTA and MUA using a webapp.

Hope this had shed some light, the next post will reuse a lot of this concepts.


November 23, 2012

Remember, remember the month of Movember

Guest Stars

Movember has arrived to Zentyal

Most of you would already know about that annual event called Movember. For those who don’t here is a brief summary: some dudes (Mo Bros) let grow their moustaches during the month of November. So there it is the combination of those two words, moustache and November, that builds the Movember event. I am sure you have noticed some other Mo Bros at the TV or maybe you just thought how horrible was that young guy with that ridiculous moustache. But everything has an explanation.

We let grow our moustaches during the month of November to raise the awareness of prostate cancer, other male diseases and associated charities. We want to “change the face of men’s health”, so one our duties consists in answering everyone who ask us about our moustache with a great speech about men’s health and the importance of getting an annual check-up.

We can also ask for donations to the Movember Foundation, which also has run events all around the world to raise founds for men’s health issues like the prior quoted prostate cancer, depression or testicular cancer. So here we are. Some of us at the Zentyal’s HQ are wearing a terrible moustache, it doesn’t look nice, but we do not care about it; we are proud to explain everyone, including our workmates, why we are wearing this.

Do not worry! It looks better day by day, and you will start recognising yourself after a few days. Now it is your turn. Now you might become the next antenna to spread Movember message, you will notice that you are not walking alone as you would see other Mo Bros around.

Let’s do it!

More info | Movember


November 22, 2012

We have a winning Fluffy picture!

Guest Stars

Congrats to @Miripi! The picture of her exclusive, customized Fluffy cube was the most voted by Zentyal staff (we really loved it!). It really seems that the quickest way to win the hearths of Zentyal staff is to wear a heavy t-shirt ;)

As promised, the winner gets a small Zentyal gift package. Miripi, we hope you will enjoy it!

Did you already make your own Fluffy? Not yet? Check out this post where you can find the instructions to make your own Fluffy.


November 20, 2012

Keep Learning, the Kaizen path

Guest Stars

I would like to share with you a story that I recently read in this post blog.

The woodcutter story

Once upon a time a very strong woodcutter asked for a job with a timber merchant, and he got it. The salary was really good and so were the work conditions. For that reason, the woodcutter was determined to do his best.
His boss gave him an axe and showed him the area where he was supposed to work. The first day, the woodcutter brought 18 trees. “Congratulations,” the boss said. “Go on that way!” Very motivated by the boss’ words, the woodcutter tried harder the next day, but could bring 15 trees only. The third day he tried even harder, but could bring 10 trees only. Day after day he was bringing less and less trees.

“I must be losing my strength”, the woodcutter thought. He went to the boss and apologized, saying that he could not understand what was going on. “When was the last time you sharpened your axe?” the boss asked. “Sharpen? I had no time to sharpen my axe. I have been very busy trying to cut trees…”

Moral of the story : Working hard is not enough; one has to keep on sharpening one’s skills.

It amaze me when I read it the first time. It makes obvious something that normally when building software we forget, sharpening our axe. Some people will argue that it’s not the same, you don’t use and axe to program Zentyal or any other software. That’s right, it’s even worse. Our tools are more complex, and difficult to master, so things like testing, proper coding, estimation, etc. need more time to be studied and correctly used. The good news are that we, as developers, can do a lot more than sharpening an axe.

One philosophy that fits well with this story and that I really love and try to practice it’s the Japanese Kaizen. It means “continuous improvement” and it came from the Toyota Production System. In software and for me it means that we should trying to improve our process, continually. Never getting satisfied with a particular way of doing the things or the quality that we are delivering. It always can be better without a doubt. Perfection it’s not a state it’s a path.



October 19, 2012

Create your own Fluffy

Guest Stars

It has been a long time since we decided to create Fluffy, but finally, Fluffy is here among us.

Fluffy is here

Why a mascot?

Since the very beginning of the Zentyal project we always wanted to have a mascot for a number of reasons. In the first place, we think that a mascot is a positive eye-catcher, able to grab people’s attention more easily than a logo or any other visual resource.

It also helps to build good feeling among the community: people can identify more easily with a little human like mascot than just with a name or a logo and in addition, it can also help to spread the word of the project.

Apart from that, a mascot is a very versatile resource, it can be used to make the users smile during the installation process, reinforce messages, it can be helpful for creating merchandising, etc.

Why Fluffy is a panda bear?

So what is the reason that our mascot is an adorable, curious, big-headed panda bear? First of all because we like panda bears, they are robust like Zentyal products, peaceful like Zentyal family, and they come from oriental “Zen” culture that matches with the  Zentyal project philosophy.

The first drafts of Fluffy saw light as forum avatars, created by Antonio (a friend of the project), during a long road trip to Wacken festival. The aim of the avatars was to represent the different forum member levels, going from basic user level, “Apprentice” to most advance user level “Hero”, and they looked this this:

fluffy forums avatars

Why Fluffy is called Fluffy?

We got the name of Fluffy basically from the next scene of the movie Despicable Me. Zentyal staff has also a inclination to become fluffy over time, so it seemed an appropriate name for our mascot!

<iframe allowfullscreen="allowfullscreen" frameborder="0" height="270" src="http://www.youtube.com/embed/D4i7vS_UO4Q?fs=1&amp;feature=oembed" width="480"></iframe>

And finally, let’s make your own Fluffy!

Now to start off on the right foot with Fluffy, let’s see how you can create your very own Fluffy cube.

1- Download and print the template:  Fluffy cube template

2- Get a scissors, some glue and follow the instructions

3- When your Fluffy is ready, upload a picture of yourself and your Fluffy to your Facebook account and tag Zentyal (or send us the picture to info at zentyal.org). In one week Zentyal staff will choose the coolest pictures and will contact you to send you a small package by mail!

cube FluffyDIY Fluffy cube


October 17, 2012

First Zentyal – Zarafa webinar

Ignacio Correas


October 03, 2012

How metrics help to take decisions about free software? Find out during Zentyal Summit (1 day to go!)

Heidi Vilppola

Zentyal server project analysis by Bitergia

Jesús González Barahona, one of the keynote speakers of Zentyal Summit 2012 published today a basic analysis of the Zentyal server project based on the activity on the mailing lists and code management repository.

After a quick view to the data and jogging my memory, the major changes seem logical due to some internal changes we have carried out over the years. I’m quite curious to find out what else can be found out based on publicly available data and if there are any recommendations or best practices that could be carried out to improve the project based on this data.

Let’s see if we’ll find out this tomorrow! Jesús’ talk will be held from 11:00 to 11:30 a.m. and it will also be streamed.


October 02, 2012

Sneak peek to Zentyal Summit 2012 preparations (2 days to go!)

Heidi Vilppola

Assembling the over 200 Zentyal Summit 2012 badges

Assembling of the over 200 Zentyal Summit 2012 badges. Estimated time: 30 minutes. Photo taken: 4 hours later, some 50 badges still to go. Slogan of the day: Always optimistic!

If you want one of these cool badges, you totally have to be registered ;)! See you at Zentyal Summit in just two days!


October 01, 2012

It’s all coming together for the Summit (3 days to go!)

Heidi Vilppola

Some of the Zentyal Summit 2012 materials

So, little by little everything is coming together for the Zentyal Summit 2012! Zentyal staff members not usually located in Zaragoza have started to come together (yay!), big brown cardboard boxes can be found at every corner of the Zentyal HQ and starting from tomorrow, we’re expecting the very first guests to arrive. All very exciting :)! And more so, because today we hit the milestone of 200 registered attendees (double yay!)

Stay tuned or come to find out by yourself what’s all this fuss about ;)!