Netmagis: Release notes
Release notes contain the significant changes in each Netmagis
A more detailed change log is provided in the CHANGES file.
Complete list of changes can be obtained by viewing the
Release date: 6 october 2017
The 2.3.4 release of Netmagis is a maintenance release, fixing
an important security issue reported by Daniel Liikamaa: when
using an LDAP directory hosted by Active Directory, any user
can log-in with an empty password (see issue 173).
Release date: 25 november 2016
The 2.3.3 release of Netmagis is a maintenance release, providing some
bug fixes and some improvements:
- Bug fixes:
- When searching for a name, an error was issued
if the name was a MX.
See issue 158.
- When trying to delete an alias in an unauthorized
domain, an internal error was generated.
See issue 160.
- When displaying an L2 or L3 map, an internal
error was generated due to an invalid syntax with
recent Graphviz versions.
See issue 166.
- Adding MX records to existing RR was rejected.
See issue 155.
- Followup about the validation of the CAS ticket:
the regular expression was still too restrictive.
- Improvements in the topo/detecteq modules:
- Add support for Rancid 3
- Add support for Cisco ASA.
See pull request 152 provided by
- Add support for routing-instance-access
for SNMP on Juniper routers
- Add basic support for MVRP on Juniper routers
Release date: 3 september 2015
The 2.3.2 release of Netmagis provides a fix to a bug introduced in the
2.3.1 release: validation of the CAS ticket (for CAS authentication)
was too restrictive in 2.3.0, so a patch has been proposed by Olivier
Le Monnier for 2.3.1 which has been extended (by Netmagis authors)
for genericity, but this extension in 2.3.1 was broken.
Release date: 28 august 2015
The 2.3.1 release of Netmagis is a maintenance release, providing some
- Validation of the CAS ticket was using a over-restrictive
See pull request 145 provided by
Olivier Le Monnier.
- Access to internal authentication menu items was broken.
Problem reported by Russell Sutherland.
See issue 146.
- An internal error message, that you should never see,
was still not translated to English.
See issue 147.
- Previous release introduced a fix in the topo
module. This fix revealed another subtile bug, which broke
the graph generation.
See issue 148.
- A minor improvement has been made in the topo module to
support the "analyzer" keyword in the ethernet-switching-options block on Juniper switches.
Release date: 25 june 2015
The 2.3.0 release of Netmagis is focused on the authentication
- Netmagis is no longer based on Apache authentication
and, as such, no longer requires additionnal Apache modules
such as mod_auth_pgsql which was not adapted to
modern Apache distributions. Instead, authentication is now
directly embedded in Netmagis itself, and the following
methods are supported:
- internal database authentication: accounts are
stored in the database, as with previous releases.
- LDAP-based authentication: user information and
passwords are accessed from an LDAP directory (only
group related information such as access rights are
stored in the database), as with previous releases.
- CAS (Central Authentication Service) authentication
with a LDAP directory for user information. This is
a new feature of Netmagis.
- It is now possible to disconnect from the application.
This is a feature which was awaited by many users from a
- The new authentication framework has anti-brute-force
protection. If many failed attempts are detected, delays
are introduced to slow down further attempts. Threshold
and delay values are all configurable from the Admin /
Application parameters menu.
- New Web pages have been introduced:
- The index page is now public (non
password-protected). it presents the Netmagis
functionnality, but provides only access to the
- The login page manages user login and
- The profile page lists the profile
of the user and its last connections.
- The who page (only from the
Administration menu) lists current or last
- Some configuration parameters (in netmagis.conf)
have been introduced or removed:
- The crypt parameter is no longer needed.
- A new random parameter has been
added to reference the non-blocking pseudo-random
- A new cafile parameter has been
added to point to the root certificate authority
file, which is needed for CAS authentication and
to retrieve the OUI file (for the mac
- Some application parameters (menu Admin / Application
parameters) have been introduced to support the new
- Database schema has been upgraded to 23, which means
that all modules must be upgraded to a 2.3.x version.
In addition, the following modification have been done in this
- Netmagis provides support for Apache 2.4.x only. Support
for Apache 2.2.x has been dropped since it does not provide
the REQUEST_SCHEME variable. See issue 143 for a complete
description, and the StackOverflow discussion
for a work-around if you really want to stick with Apache 2.2.x.
- The OUI fetching was a maintenance nightmare since the
URL of the IEEE OUI database was a constantly moving
target. We now accept the Wireshark manuf file
format and the ouiurl configuration parameter
(in netmagis.conf) has been updated accordingly.
See issue 138.
- Debian packaging has been improved by Christophe Martin.
See pull request 141.
- Many minor improvements or bug fixes has been done for the
- Support for Rancid3 has been added (while keeping
compatibility with Rancid2)
- Support for irb interfaces on Juniper
EX4300 has been added
- Support for MTU has been added on interface definition
on Juniper equipements
- A bug has been fixed on when encoutering a
description before an interface statement on
- A bug has been fixed in Port-channel analysis
on Cisco equipements
- A bug has been fixed on Juniper post-processing
- Support has been added for mixed-case interface
names on HP switches
Release date: 18 december 2014
The 2.2.4 release of Netmagis is a maintenance release, providing some
- The nologinfile keyword was incorrectly
spelled in the the netmagis.conf
file (missing "file" in "nologinfile").
Problem detected and corrected by Christophe Martin.
See pull request 134.
Update your own netmagis.conf to reflect the
valid parameter name.
- The IEEE OUI list, needed for the mac
module, has moved. The sample configuration file
now reflects the new URL, thanks to Mathieu Parent. See
pull request 133.
- In addition, the netmagis-getoui has been
updated to follow HTTP redirections. See issue 137.
- To summarize, for users of previous Netmagis versions,
update your netmagis.conf:
- replace the nologin parameter by
- optionally replace the ouiurl URL
Release date: 3 october 2014
The 2.2.3 release of Netmagis is a maintenance release, providing some
Release date: 28 march 2014
The 2.2.2 release of Netmagis is a maintenance release, providing some
- a new program netmagis-dbupgrade has been
created to ease database schema upgrading when a new version
is issued. This solution for upgrading is different from the
one proposed in issue 103, since we
don't want automatic upgrade by package post-install scripts
which could possibly break an production system.
- update package www: it was broken by recent
Linux distributions which default to Apache 2.4 and no longer
provide the mod-auth-pgsql prerequisite.
- new example httpd.conf, adapted to Apache versions 2.2
and 2.4, without using the mod-auth-pgsql
- the netmagis-config is modified:
- to accept an alternate configuration file with
the -f flag (see issue 119)
- to return the current configuration file
with the pseudo-parameter _conffile
(see issue 119)
- to return the current Netmagis code version
with the pseudo-parameter _version
(see issue 120)
- some minor bug fixes:
- in netmagis-dbmaint translation
(see issue 118)
- in a rare error message in programs from
the package utils
(see issue 121)
- in the URL returned by the version consistency
Release date: 16 january 2014
The 2.2.1 release of Netmagis is a maintenance release, providing some
- it was impossible to delete aliases (see
- it was impossible to modify interfaces of an equipment in the
topo module (see
- no command was sent to equipments in the topo module
- the ifchg CGI script, part of the topo module, was
expecting a FQDN
- the initial zone serial number was not conforming to specification
- a partial fix is provided to
no database upgrade script is provided, but the version check is
Release date: 26 june 2013
The 2.2.0 release of Netmagis is a major release, providing a
most wanted feature (support of multiple DNS views) as well as
large infrastructure changes.
Multiple DNS views, also called "Split-DNS", is a facility to
serve different data based on the source address (the view point).
For example, a host "www.example.com" may have the address 172.16.1.1
for the internal network, and 198.51.100.1 for the rest of the
Internet. Netmagis provide support for an illimited number of views.
Note that if you don't need multiple views, Netmagis will consider
that you are using only one view, named "default". The support of
multiple views in Netmagis has the following consequences:
- When you are adding a host or an alias, you need to
provide the view. The menu is visible only if your group
has access to more than one view.
- When you are using the search block or the map, there
is no view menu: an address is considered as free only if no
name is declared for this address in all views.
If you choose an address on the map, you will then be asked
for the view.
- When you are modifying a deleting a host, you only have
to give the name. If more than one view match, you will be
presented a page to choose the appropriate view.
- Mail roles may point to hosts in different views. For
example, the mail role "sales.example.com" in view
"external" may point to the host "mbox.example.com" in
view "internal". With this mail role, a MX record for
"sales.example.com" will be advertised on the Internet (e.g.
"external" view), which points to the mail relay, and the
mail relay can forward this mail to the "mbox.example.com"
- The administrator menu has a new entry to manage individual
views. With this menu, you can add or delete views, as well as
modify their name.
- Each zone is associated with a view. Note that a single
domain may be associated with multiple views (hence multiple
zones). For example, you may have two zones for the domain
"example.com", one for the internal view, one for
the external view, each associated to a different file name.
- The group edition page (in the admin menu) now provides
access to views. You can then allow fine grain access rights.
- All programs in the utils package (dnsaddhost, dnsdelip, etc.) now require a
new (mandatory) argument for the view name, even you have
only one view. Adapt your scripts if you have ones.
- All programs in the server package (mkzone, mkdhcp, etc.) now accept a new
(optional) argument for the view name (-w viewname).
- A new example script shows how to import data with
multiple views in the Netmagis database.
- An integrity constraint has been removed from the
database (no more link from topo.ifchanges to dns.rr):
hosts for which interface status may change are just
a name (rather than a reference to a RR). This change
is needed to simplify handling of multiple views.
This release offers also some internal architectural changes:
- Include a check on database version number in order to
ease database upgrades. Now, a new read-only application
parameter "schemaversion" is provided by database creation
script and upgrade procedures. This parameter is checked by
all Netmagis programs. If the value in database differ from
the hard-coded value in programs, an error is generated and
the database is not corrupted.
- All database tables and columns have been translated
into English (from French) in order to welcome more
contributions from all users.
- In the same vein, %...% holes in Web pages have been
translated into English.
- Database creation logic have been splitted in table
creation, function creation and trigger creation. All these
logics are now located in their own SQL file, and thus can
be shared with upgrade scripts.
- If you use the detecteq module and have
changed your radius.conf file, please modify
the SQL request according to the new column names.
- If you use the "Addtl RR" facility in zone edition,
please change %NOM% into %NAME%
- The "jourfmt" application parameter has been renamed
- Parameters for the dnsmodattr (in the
utils package have been translated. Please
modify your scripts using dnsmodattr.
Other changes include:
- A new search facility has been designed: it aims to be
the central point of Netmagis GUI in future versions. At this
time, you can search for hosts, aliases, IP or MAC addresses
and group names. More objects will be added in future
- Improve DNS zone generation latency: the mkzone
program can run each minute (with cron),
thanks to a new algorithm which allows for more than 100
changes a day while keeping the serial number under the
format YYYYMMDDnn (if there are more than 100 changes on
the 2013/01/31, the serial will become 2013013200 for the
101th change, 2013013201 for the 102th change, etc. The first
change on 2013/02/01 will make the serial become
- The never used" web roles" have been removed from Netmagis.
- The "delete" menu allows you to enter a fully-qualified
domain name (without using the domain menu) if you are
a keyboard addict.
- The "consult" menu item can now export a list of hosts
in CSV format.
- Some error messages are clarified.
- A new object "L2-only network" has been added in group
access rights. This allows access to Topo informations for
networks not associated with IP addresses.
- Topo: the bridge-domains directive is now
supported on JunOS routers.
At last, this release provides bug fixes:
- In the "modify users and groups" menu, IP permissions
outside any allowed network are now checked (but
administrators may force these permissions).
- The "modify reverse IPv zone" admin menu now correctly
order zones by address.
- Integrity constraints were not enforced on zone_* tables.
- Topo: descriptions and sensors are no longer removed
when editing configuration of multiple interfaces.
- Topo: bridge nodes are now associated with an equipment
in the graph.
- Topo: JunOS comments are no longer (incorrectly) parsed.
Release date: 27 february 2013.
This release is mainly a bug-fix release in order to ease
installation for new users.
- fixes about various special characters in passwords
(reported by Martin Oesting and Christophe Martin)
- fix message when an error occurs early in application
- various fixes on Topo package: descriptions were removed
when editing multiple interfaces at once, and sensor names
were not checked for syntax conformance)
- Debian package fixes with adapted dependancy (reported
by Thomas van Oudenhove) and proper symbolic link (reported
by Martin Oesting and Christophe Martin)
- FreeBSD port is now in sync with FreeBSD ports tree
thanks to Olli Hauer and Chris Rees
Release date: 22 june 2012.
This release is the first since the initial Netmagis release in
november 2011. It brings integration of two major tools (Metro and
Mac packages) and focuses on ease of installation, even if it
provides some other new and nice features.
- The Metro package is now integrated. If equipments
are configured with proper sensor names,
the metrology package periodically polls them for traffic
information, and traffic graphs are available in the
Netmagis Web interface.
- The MAC package is now integrated. It register in the
Netmagis database (or another database if you fear performance
problems) MAC-Ports associations as well as MAC-IP associations.
These informations are available in the Netmagis Web interface.
- Linux Debian/Ubuntu packages are now provided (as well
as FreeBSD ports) for ease of installation. Appropriate
documentation is provided as well.
- Greatly improve installation documentation.
- PostgreSQL users are now simplified: you need to create
only one user, which will be used everywhere.
- Symbols used in L2 and L3 graphs (topology package) may now
be modified by the administrator through the Netmagis Web
- Some parameters such as paper format and pdflatex program
path are now configurable through the Netmagis Web admin
- The Rancid configuration has been simplified: the
ranciddb and rancidconfdir
parameters are removed and the new ranciddir
replaces them in netmagis.conf file.
- Configuration commands (used to determine which commands
are to be sent to an equipment in order to modify port
configuration) are now editable through the Web application
and are no longer hard-coded in the toposend program.
- The generated network graph built by the topology
package is now copied from the topo server (by the topographd program) to the www server (if they are distinct
servers). This brings more performance to the Web application.
- Graphviz dot and neato commands are the same command. The
netmagis.conf file is simplified accordingly.
See upgrade instructions
for upgrading from version 2.0.
Release date : 23 november 2011
This release is the first Netmagis release. Previous releases were
called WebDNS. It brings many fundamental modifications.
- Name changed to Netmagis to reflect the new
functionnalities introduced, which form a real network
information system rather than a simple management tool.
- Netmagis has a new logo.
- Application is internationalized. Web pages and messages
are translated in both French and English. All scripts have
- Topo package has been integrated.
- Installation process is easier, by providing more
scripting and modularization.
- FreeBSD ports are provided for a very easy installation.
- The configuration system has been centralized in the
database (for host independant configuration) and in a
local netmagis.conf file (for host dependant
- A single data import script is now provided, which
more generic import instructions.
- Database is now splitted into different schemas to
provide further extensibility and separation.
- A new IPv4 address map allows users to easily find
- New option in host addition page allow for searching
a pool of IPv4 free addresses.
- DHCP generation allows for one machine to get a different
IP address within each connected network.
- DHCP generation supports DHCP server high availability
- Bug fix in dnsmodattr : HINFO specification was
See upgrade instructions
for upgrading from WebDNS v1.5.
Previous Netmagis/WebDNS versions
Previous Netmagis/WebDNS are described on the
old WebDNS web site.