Zentyal is a Linux small business server that can be configured as a gateway, infrastructure manager, unified threat manager, office server, unified communication server or a combination of them. All network services managed by Zentyal are tightly integrated, automating most tasks. This saves time and helps to avoid errors in network configuration and administration. Zentyal is open source, released under the GNU General Public License (GPL) and runs on top of Ubuntu GNU/Linux.

Zentyal consists of a series of packages (usually one for each module) that provide a web interface to configure the different servers or services. The configuration is stored on a key-value Redis database, but users, groups, and domains-related configuration is on OpenLDAP. When you configure any of the available parameters through the web interface, final configuration files are overwritten using the configuration templates provided by the modules. The main advantage of using Zentyal is a unified, graphical user interface to configure all network services and high, out-of-the-box integration between them.

Zentyal publishes one major stable release once a year based on the latest Ubuntu LTS release.


If you would like to create a new user to access the Zentyal web interface, run:

sudo adduser username sudo

Add the Zentyal repository to your repository list:

sudo add-apt-repository "deb http://archive.zentyal.org/zentyal 3.5 main extra"

Import the public keys from Zentyal:

sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 10E239FF
wget -q http://keys.zentyal.org/zentyal-4.2-archive.asc -O- | sudo apt-key add -

Update your packages and install Zentyal:

sudo apt update
sudo apt install zentyal

During installation you will be asked to set a root MySQL password and confirm port 443.

First steps

Any system account belonging to the sudo group is allowed to log into the Zentyal web interface. The user created while installing Ubuntu Server will belong to the sudo group by default.

To access the Zentyal web interface, point a browser to https://localhost/ or to the IP address of your remote server. As Zentyal creates its own self-signed SSL certificate, you will have to accept a security exception on your browser. Log in with the same username and password used to log in to your server.

Once logged in you will see an overview of your server. Individual modules, such as Antivirus or Firewall, can be installed by simply clicking them and then clicking Install. Selecting server roles like Gateway or Infrastructure can be used to install multiple modules at once.

Modules can also be installed via the command line:

sudo apt install <zentyal-module>

See the list of available modules below.

To enable a module, go to the Dashboard, then click Module Status. Click the check box for the module, then Save changes.

To configure any of the features of your installed modules, click the different sections on the left menu. When you make any changes, a red “Save changes” button appears in the upper right corner.

If you need to customize any configuration file or run certain actions (scripts or commands) to configure features not available on Zentyal, place the custom configuration file templates on /etc/zentyal/stubs/<module>/ and the hooks on /etc/zentyal/hooks/<module>.<action>. Read more about stubs and hooks here.


Zentyal 2.3 is available on Ubuntu DISTRO-REV-SHORT Universe repository. The modules available are:

  • zentyal-core & zentyal-common: the core of the Zentyal interface and the common libraries of the framework. Also includes the logs and events modules that give the administrator an interface to view the logs and generate events from them.

  • zentyal-network: manages the configuration of the network. From the interfaces (supporting static IP, DHCP, VLAN, bridges or PPPoE), to multiple gateways when having more than one Internet connection, load balancing and advanced routing, static routes or dynamic DNS.

  • zentyal-objects & zentyal-services: provide an abstraction level for network addresses (e.g. LAN instead of and ports named as services (e.g. HTTP instead of 80/TCP).

  • zentyal-firewall: configures the iptables rules to block forbiden connections, NAT and port redirections.

  • zentyal-ntp: installs the NTP daemon to keep server on time and allow network clients to synchronize their clocks against the server.

  • zentyal-dhcp: configures ISC DHCP server supporting network ranges, static leases and other advanced options like NTP, WINS, dynamic DNS updates and network boot with PXE.

  • zentyal-dns: brings ISC Bind9 DNS server into your server for caching local queries as a forwarder or as an authoritative server for the configured domains. Allows to configure A, CNAME, MX, NS, TXT and SRV records.

  • zentyal-ca: integrates the management of a Certification Authority within Zentyal so users can use certificates to authenticate against the services, like with OpenVPN.

  • zentyal-openvpn: allows to configure multiple VPN servers and clients using OpenVPN with dynamic routing configuration using Quagga.

  • zentyal-users: provides an interface to configure and manage users and groups on OpenLDAP. Other services on Zentyal are authenticated against LDAP having a centralized users and groups management. It is also possible to synchronize users, passwords and groups from a Microsoft Active Directory domain.

  • zentyal-squid: configures Squid and Dansguardian for speeding up browsing thanks to the caching capabilities and content filtering.

  • zentyal-samba: allows Samba configuration and integration with existing LDAP. From the same interface you can define password policies, create shared resources and assign permissions.

  • zentyal-printers: integrates CUPS with Samba and allows not only to configure the printers but also give them permissions based on LDAP users and groups.

Not present on Ubuntu Universe repositories, but on Zentyal Team PPA you will find these other modules:

  • zentyal-antivirus: integrates ClamAV antivirus with other modules like the proxy, file sharing or mailfilter.

  • zentyal-asterisk: configures Asterisk to provide a simple PBX with LDAP based authentication.

  • zentyal-bwmonitor: allows to monitor bandwith usage of your LAN clients.

  • zentyal-captiveportal: integrates a captive portal with the firewall and LDAP users and groups.

  • zentyal-ebackup: allows to make scheduled backups of your server using the popular duplicity backup tool.

  • zentyal-ftp: configures a FTP server with LDAP based authentication.

  • zentyal-ids: integrates a network intrusion detection system.

  • zentyal-ipsec: allows to configure IPsec tunnels using OpenSwan.

  • zentyal-jabber: integrates ejabberd XMPP server with LDAP users and groups.

  • zentyal-thinclients: a LTSP based thin clients solution.

  • zentyal-mail: a full mail stack including Postfix and Dovecot with LDAP backend.

  • zentyal-mailfilter: configures amavisd with mail stack to filter spam and attached virus.

  • zentyal-monitor: integrates collectd to monitor server performance and running services.

  • zentyal-pptp: configures a PPTP VPN server.

  • zentyal-radius: integrates FreeRADIUS with LDAP users and groups.

  • zentyal-software: simple interface to manage installed Zentyal modules and system updates.

  • zentyal-trafficshaping: configures traffic limiting rules to do bandwidth throttling and improve latency.

  • zentyal-usercorner: allows users to edit their own LDAP attributes using a web browser.

  • zentyal-virt: simple interface to create and manage virtual machines based on libvirt.

  • zentyal-webmail: allows to access your mail using the popular Roundcube webmail.

  • zentyal-webserver: configures Apache webserver to host different sites on your machine.

  • zentyal-zarafa: integrates Zarafa groupware suite with Zentyal mail stack and LDAP.


Zentyal Official Documentation page.

Zentyal Community Wiki.

Visit the Zentyal forum for community support, feedback, feature requests, etc.

Last updated 3 days ago. Help improve this document in the forum.