« back to all changes in this revision
Viewing changes to serverguide/po/th.po
- browse files at revision 94
- compare with another revision
- download diff
- download tarball
- view history from revision 94
- Committer: Bazaar Package Importer
- Author(s): Matthew East
- Date: 2010-09-19 11:35:42 UTC
- Revision ID: james.westby@ubuntu.com-20100919113542-mbxqe7yuo4ggnrw3
Tags: 10.10.3
* Amend font-family for browser startpage (LP: #195590)
* Add translations from Launchpad
* Add translations from Launchpad
- files added:
- internet/po/nn.po
- files removed:
- serverguide
- serverguide/C
- serverguide/po
- serverguide/sample
- files modified:
- about-ubuntu/po/ace.po
added
removed
serverguide/po/th.po
1
# Thai translation for ubuntu-docs
2
# Copyright (c) (c) 2006 Canonical Ltd, and Rosetta Contributors 2006
3
# This file is distributed under the same license as the ubuntu-docs package.
4
# FIRST AUTHOR <EMAIL@ADDRESS>, 2006.
5
#
6
msgid ""
7
msgstr ""
8
"Project-Id-Version: ubuntu-docs\n"
9
"Report-Msgid-Bugs-To: FULL NAME <EMAIL@ADDRESS>\n"
10
"POT-Creation-Date: 2010-03-29 08:26+0100\n"
11
"PO-Revision-Date: 2010-03-29 17:01+0000\n"
12
"Last-Translator: Matthew East <matt@mdke.org>\n"
13
"Language-Team: Thai <th@li.org>\n"
14
"MIME-Version: 1.0\n"
15
"Content-Type: text/plain; charset=UTF-8\n"
16
"Content-Transfer-Encoding: 8bit\n"
17
"X-Launchpad-Export-Date: 2010-04-17 14:53+0000\n"
18
"X-Generator: Launchpad (build Unknown)\n"
19
20
#: serverguide/C/serverguide-C.omf:6(creator) serverguide/C/serverguide-C.omf:7(maintainer)
21
msgid "ubuntu-doc@lists.ubuntu.com (Ubuntu Documentation Project)"
22
msgstr "ubuntu-doc@lists.ubuntu.com (โครงการเอกสารเกี่ยวกับการใช้งานอูบุนตู)"
23
24
#: serverguide/C/serverguide-C.omf:8(title) serverguide/C/serverguide-C.omf:11(description) serverguide/C/serverguide.xml:14(title) serverguide/C/bookinfo.xml:13(title)
25
msgid "Ubuntu Server Guide"
26
msgstr "คู่มือสำหรับอูบุนตูเซิร์ฟเวอร์"
27
28
#: serverguide/C/serverguide-C.omf:9(date)
29
msgid "2007-09-30"
30
msgstr "30 ก.ย. 2550"
31
32
#: serverguide/C/windows-networking.xml:13(title)
33
msgid "Windows Networking"
34
msgstr "เครือข่ายวินโดวส์"
35
36
#: serverguide/C/windows-networking.xml:15(para)
37
msgid ""
38
"Computer networks are often comprised of diverse systems, and while "
39
"operating a network made up entirely of Ubuntu desktop and server computers "
40
"would certainly be fun, some network environments must consist of both "
41
"Ubuntu and <trademark class=\"registered\">Microsoft</trademark><trademark "
42
"class=\"registered\">Windows</trademark> systems working together in "
43
"harmony. This section of the <phrase>Ubuntu</phrase> Server Guide introduces "
44
"principles and tools used in configuring your Ubuntu Server for sharing "
45
"network resources with Windows computers."
46
msgstr ""
47
"เครือข่ายคอมพิวเตอร์มีส่วนประกอบต่างๆมากมาย "
48
"ถึงแม้ว่าการจัดการเครือข่ายที่มีแต่เครื่องที่ใช้อูบุนตูจะน่าสนุก "
49
"แต่ไม่ใช่ทุกเครือข่ายที่เป็นแบบนี้ "
50
"บางเครือข่ายก็ประกอบไปด้วยเครื่องอูบุนตูและ<trademark "
51
"class=\"registered\">ไมโครซอฟท์</trademark><trademark "
52
"class=\"registered\">วินโดว์</trademark> ที่ทำงานร่วมกันเป็นอย่างดี "
53
"ส่วนนี้ของคู่มือสำหรับ<phrase>อูบุนตู</phrase>เซิร์ฟเวอร์จะแนะนำเกี่ยวกับหลัก"
54
"การและเครื่องมือที่คุณสามารถใช้เพื่อตั้งค่าของเครื่องเซิร์ฟเวอร์ให้ทำงานร่วมก"
55
"ับเครื่องวินโดว์ได้อย่างราบรื่น"
56
57
#: serverguide/C/windows-networking.xml:25(title) serverguide/C/virtualization.xml:402(title) serverguide/C/security.xml:354(title) serverguide/C/remote-administration.xml:22(title) serverguide/C/package-management.xml:20(title) serverguide/C/introduction.xml:13(title)
58
msgid "Introduction"
59
msgstr "คำนำ"
60
61
#: serverguide/C/windows-networking.xml:27(para)
62
msgid ""
63
"Successfully networking your Ubuntu system with Windows clients involves "
64
"providing and integrating with services common to Windows environments. Such "
65
"services assist the sharing of data and information about the computers and "
66
"users involved in the network, and may be classified under three major "
67
"categories of functionality:"
68
msgstr ""
69
"การเชื่อมต่อระหว่างระบบอูบุนตูและเครื่องลูกข่ายวินโดว์นั้นจะต้องมีการให้บริกา"
70
"รต่างๆที่ระบบวินโดว์ต้องการด้วย "
71
"เช่นบริการสำหรับแชร์ข้อมูลเกี่ยวกับเครื่องลูกข่ายและผู้ใช้ที่อยู่ในเครือข่ายเ"
72
"ป็นต้น บริการต่างๆเหล่านี้สามารถแบ่งออกเป็นสามหมวดหมู่คือ:"
73
74
#: serverguide/C/windows-networking.xml:35(para)
75
msgid ""
76
"<emphasis role=\"bold\">File and Printer Sharing Services</emphasis>. Using "
77
"the Server Message Block (SMB) protocol to facilitate the sharing of files, "
78
"folders, volumes, and the sharing of printers throughout the network."
79
msgstr ""
80
"<emphasis role=\"bold\">บริการแชร์ไฟล์และพรินเตอร์ (File and Printer Sharing "
81
"Services)</emphasis>. ใช้โปรโตคอล Server Message Block (SMB) "
82
"เพื่อสนับสนุนการแชร์ไฟล์ แฟ้มเอกสาร ดิสก์ และเครื่องพิมพ์ทั่วทั้งเครือข่าย"
83
84
#: serverguide/C/windows-networking.xml:41(para)
85
msgid ""
86
"<emphasis role=\"bold\">Directory Services</emphasis>. Sharing vital "
87
"information about the computers and users of the network with such "
88
"technologies as the Lightweight Directory Access Protocol (LDAP) and "
89
"Microsoft <trademark class=\"registered\">Active Directory</trademark>."
90
msgstr ""
91
"<emphasis role=\"bold\">บริการสมุดหน้าเหลืองหรือไดเรคทอรี เซอร์วิส "
92
"(Directory Services)</emphasis>. "
93
"แชร์ข้อมูลเกี่ยวกับเครื่องคอมพิวเตอร์และผู้ใช้ในเครือข่ายด้วยเทคโนโลยีเช่น "
94
"Lightweight Directory Access Protocol (LDAP) และไมโครซอฟท์ <trademark "
95
"class=\"registered\">Active Directory</trademark>."
96
97
#: serverguide/C/windows-networking.xml:48(para)
98
msgid ""
99
"<emphasis role=\"bold\">Authentication and Access</emphasis>. Establishing "
100
"the identity of a computer or user of the network and determining the "
101
"information the computer or user is authorized to access using such "
102
"principles and technologies as file permissions, group policies, and the "
103
"Kerberos authentication service."
104
msgstr ""
105
"<emphasis role=\"bold\">บริการการตรวจสอบผู้ใช้และลงชื่อเข้าใช้ระบบ "
106
"(Authentication and Access)</emphasis>. "
107
"เป็นบริการที่ทำหน้าที่ตรวจสอบว่าเครื่องลูกข่ายหรือผู้ใช้ได้รับอนุญาติให้เข้าใ"
108
"ช้ทรัพยากรในเครือข่ายและมีสิทธิ์ในการเข้าใช้บริการอะไรในเครือข่าย "
109
"โดยใช้เทคโนโลยีต่างๆเช่น สิทธิ์การใช้ไฟล์ (file permissions), นโยบายของกลุ่ม "
110
"(group policies), และการตรวจสอบโดยการใช้ Kerberos authentication"
111
112
#: serverguide/C/windows-networking.xml:56(para)
113
msgid ""
114
"Fortunately, your Ubuntu system may provide all such facilities to Windows "
115
"clients and share network resources among them. One of the principal pieces "
116
"of software your Ubuntu system includes for Windows networking is the Samba "
117
"suite of SMB server applications and tools."
118
msgstr ""
119
"โชคดีที่ระบบอูบุนตูของคุณสามารถให้บริการทั้งหมดนี้สำหรับเครื่องลูกข่ายวินโดว์"
120
"และแชร์ทรัพยากรต่างๆกับเครื่องลูกข่ายด้วย "
121
"โดยหนึ่งในเครื่องมือหลักที่ทำให้ระบบอูบุนตูทำงานร่วมกันกับวินโดว์ได้นั้นก็คือ"
122
"ชุดโปรแกรม SMB เซิร์ฟเวอร์ชื่อว่าแซมบ้า"
123
124
#: serverguide/C/windows-networking.xml:62(para)
125
msgid ""
126
"This section of the <phrase>Ubuntu</phrase> Server Guide will introduce some "
127
"of the common Samba use cases, and how to install and configure the "
128
"necessary packages. Additional detailed documentation and information on "
129
"Samba can be found on the <ulink url=\"http://www.samba.org\">Samba "
130
"website</ulink>."
131
msgstr ""
132
"ส่วนนี้ของคู่มือ <phrase>อูบุนตู</phrase> "
133
"เซิร์ฟเวอร์จะแนะนำกรณีทั่วไปที่แซมบ้ามักถูกนำไปใช้ "
134
"รวมไปถึงการติดตั้งและตั้งค่าต่างๆในแซมบ้า "
135
"คุณสามารถอ่านคู่มืออย่างละเอียดและข้อมูลเพิ่มเติมได้ที่เว็บไซต์ของแซมบ้าที่ "
136
"<ulink url=\"http://www.samba.org\">Samba website</ulink>"
137
138
#: serverguide/C/windows-networking.xml:70(title)
139
msgid "Samba File Server"
140
msgstr "แซมบ้าไฟล์เซิร์ฟเวอร์"
141
142
#: serverguide/C/windows-networking.xml:72(para)
143
msgid ""
144
"One of the most common ways to network Ubuntu and Windows computers is to "
145
"configure Samba as a File Server. This section covers setting up a "
146
"<application>Samba</application> server to share files with Windows clients."
147
msgstr ""
148
"หนึ่งในวิธีที่ง่ายที่สุดเพื่อให้เครื่องอูบุนตูและวินโดว์ทำงานร่วมกันได้คือการ"
149
"ติดตั้งแซมบ้าเป็นไฟล์เซิร์ฟเวอร์ "
150
"ส่วนนี้จะอธิบายวิธีการติดตั้งและตั้งค่าต่างๆของ "
151
"<application>Samba</application> ให้แชร์ไฟล์กับเครื่องลูกข่ายวินโดว์"
152
153
#: serverguide/C/windows-networking.xml:77(para)
154
msgid ""
155
"The server will be configured to share files with any client on the network "
156
"without prompting for a password. If your environment requires stricter "
157
"Access Controls see <xref linkend=\"samba-fileprint-security\"/>"
158
msgstr ""
159
"เครื่องเซิร์ฟเวอร์จะแชร์ไฟล์ให้เครื่องลูกข่ายทุกเครื่องโดยไม่ถามรหัสผ่าน "
160
"ถ้าเครือข่ายของคุณต้องการการรักษาความปลอดภัยที่เคร่งคัดกว่านี้ กรุณาดู <xref "
161
"linkend=\"samba-fileprint-security\"/>"
162
163
#: serverguide/C/windows-networking.xml:83(title) serverguide/C/windows-networking.xml:287(title) serverguide/C/windows-networking.xml:1302(title) serverguide/C/web-servers.xml:41(title) serverguide/C/web-servers.xml:675(title) serverguide/C/web-servers.xml:816(title) serverguide/C/web-servers.xml:940(title) serverguide/C/vpn.xml:33(title) serverguide/C/virtualization.xml:62(title) serverguide/C/virtualization.xml:2014(title) serverguide/C/vcs.xml:28(title) serverguide/C/vcs.xml:86(title) serverguide/C/vcs.xml:405(title) serverguide/C/remote-administration.xml:52(title) serverguide/C/remote-administration.xml:233(title) serverguide/C/network-config.xml:937(title) serverguide/C/network-auth.xml:52(title) serverguide/C/network-auth.xml:1581(title) serverguide/C/network-auth.xml:2092(title) serverguide/C/network-auth.xml:2483(title) serverguide/C/monitoring.xml:42(title) serverguide/C/monitoring.xml:428(title) serverguide/C/mail.xml:40(title) serverguide/C/mail.xml:496(title) serverguide/C/mail.xml:674(title) serverguide/C/mail.xml:823(title) serverguide/C/mail.xml:1315(title) serverguide/C/lamp-applications.xml:108(title) serverguide/C/lamp-applications.xml:287(title) serverguide/C/lamp-applications.xml:423(title) serverguide/C/installation.xml:13(title) serverguide/C/installation.xml:957(title) serverguide/C/file-server.xml:347(title) serverguide/C/file-server.xml:462(title) serverguide/C/dns.xml:23(title) serverguide/C/databases.xml:40(title) serverguide/C/databases.xml:164(title) serverguide/C/chat.xml:37(title) serverguide/C/chat.xml:141(title) serverguide/C/backups.xml:593(title)
164
msgid "Installation"
165
msgstr "การติดตั้ง"
166
167
#: serverguide/C/windows-networking.xml:85(para)
168
msgid ""
169
"The first step is to install the <application>samba</application> package. "
170
"From a terminal prompt enter:"
171
msgstr ""
172
"ก่อนอื่นคุณต้องติดตั้งชุดโปรแกรม <application>samba</application> "
173
"โดยพิมพ์คำสั่ง:"
174
175
#: serverguide/C/windows-networking.xml:90(command) serverguide/C/windows-networking.xml:299(command)
176
msgid "sudo apt-get install samba"
177
msgstr "sudo apt-get install samba"
178
179
#: serverguide/C/windows-networking.xml:93(para)
180
msgid ""
181
"That's all there is to it; you are now ready to configure Samba to share "
182
"files."
183
msgstr "แค่นี้คุณก็พร้อมที่จะตั้งค่าแซมบ้าให้แชร์ไฟล์ได้แล้ว"
184
185
#: serverguide/C/windows-networking.xml:99(title) serverguide/C/windows-networking.xml:304(title) serverguide/C/web-servers.xml:61(title) serverguide/C/web-servers.xml:726(title) serverguide/C/web-servers.xml:827(title) serverguide/C/web-servers.xml:967(title) serverguide/C/web-servers.xml:1067(title) serverguide/C/vpn.xml:138(title) serverguide/C/virtualization.xml:2088(title) serverguide/C/vcs.xml:39(title) serverguide/C/vcs.xml:423(title) serverguide/C/remote-administration.xml:74(title) serverguide/C/remote-administration.xml:258(title) serverguide/C/package-management.xml:387(title) serverguide/C/network-config.xml:959(title) serverguide/C/network-auth.xml:2131(title) serverguide/C/network-auth.xml:2504(title) serverguide/C/monitoring.xml:187(title) serverguide/C/monitoring.xml:454(title) serverguide/C/mail.xml:505(title) serverguide/C/mail.xml:684(title) serverguide/C/mail.xml:908(title) serverguide/C/mail.xml:1344(title) serverguide/C/lamp-applications.xml:128(title) serverguide/C/lamp-applications.xml:314(title) serverguide/C/lamp-applications.xml:453(title) serverguide/C/file-server.xml:360(title) serverguide/C/file-server.xml:488(title) serverguide/C/dns.xml:39(title) serverguide/C/databases.xml:84(title) serverguide/C/databases.xml:183(title) serverguide/C/clustering.xml:47(title) serverguide/C/chat.xml:57(title) serverguide/C/chat.xml:153(title) serverguide/C/backups.xml:616(title)
186
msgid "Configuration"
187
msgstr "การตั้งค่า"
188
189
#: serverguide/C/windows-networking.xml:101(para)
190
msgid ""
191
"The main Samba configuration file is located in "
192
"<filename>/etc/samba/smb.conf</filename>. The default configuration file has "
193
"a significant amount of comments in order to document various configuration "
194
"directives."
195
msgstr ""
196
"ไฟล์การตั้งค่าหลักของแซมบ้าอยู่ที่ <filename>/etc/samba/smb.conf</filename> "
197
"ไฟล์ที่มากับการติดตั้งแซมบ้านั้นเต็มไปด้วยคำอธิบายและข้อเสนอแนะเพื่ออธิบายวัต"
198
"ถุประสงค์ของคำสั่งแต่ละอัน"
199
200
#: serverguide/C/windows-networking.xml:106(para)
201
msgid ""
202
"Not all the available options are included in the default configuration "
203
"file. See the <filename>smb.conf</filename><application>man</application> "
204
"page or the <ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
205
"Collection/\">Samba HOWTO Collection</ulink> for more details."
206
msgstr ""
207
"มีคำสั่งบางตัวที่ไม่ได้รวมอยู่ในไฟล์การตั้งค่าเมื่อคุณติดตั้งแซมบ้า "
208
"กรุณาดูคู่มือ (<application>man</application> page) ของไฟล์ "
209
"<filename>smb.conf</filename> หรือดูที่ <ulink "
210
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba HOWTO "
211
"Collection</ulink> สำหรับรายละเอียดเพิ่มเติม"
212
213
#: serverguide/C/windows-networking.xml:116(para)
214
msgid ""
215
"First, edit the following key/value pairs in the "
216
"<emphasis>[global]</emphasis> section of "
217
"<filename>/etc/samba/smb.conf</filename>:"
218
msgstr ""
219
"ก่อนอื่น แก้ไขค่าเหล่านี้ในหมวด <emphasis>[global]</emphasis> ของไฟล์ "
220
"<filename>/etc/samba/smb.conf</filename>:"
221
222
#: serverguide/C/windows-networking.xml:121(programlisting) serverguide/C/windows-networking.xml:311(programlisting) serverguide/C/windows-networking.xml:776(programlisting) serverguide/C/windows-networking.xml:990(programlisting)
223
#, no-wrap
224
msgid ""
225
"\n"
226
" workgroup = EXAMPLE\n"
227
" ...\n"
228
" security = user\n"
229
msgstr ""
230
"\n"
231
" workgroup = EXAMPLE\n"
232
" ...\n"
233
" security = user\n"
234
235
#: serverguide/C/windows-networking.xml:127(para)
236
msgid ""
237
"The <emphasis>security</emphasis> parameter is farther down in the [global] "
238
"section, and is commented by default. Also, change "
239
"<emphasis>EXAMPLE</emphasis> to better match your environment."
240
msgstr ""
241
"ตัวแปร <emphasis>security</emphasis> นั้นอยู่ด้านล่างๆของหมวด [global] "
242
"และถูก comment ออกตั้งแต่ตอนคุณติดตั้ง แล้วก็อย่าลืมเปลี่ยน "
243
"<emphasis>EXAMPLE</emphasis> เป็นชื่อที่เหมาะกับเครือข่ายคุณด้วยล่ะ"
244
245
#: serverguide/C/windows-networking.xml:135(para)
246
msgid ""
247
"Create a new section at the bottom of the file, or uncomment one of the "
248
"examples, for the directory to be shared:"
249
msgstr ""
250
"สร้างหมวดใหม่ที่ท้ายไฟล์ หรือเอา comment "
251
"ในตัวอย่างที่อยู่ในไฟล์ออกซักอันเพื่อแชร์แฟ้มข้อมูลของคุณ:"
252
253
#: serverguide/C/windows-networking.xml:139(programlisting)
254
#, no-wrap
255
msgid ""
256
"\n"
257
"[share]\n"
258
" comment = Ubuntu File Server Share\n"
259
" path = /srv/samba/share\n"
260
" browsable = yes\n"
261
" guest ok = yes\n"
262
" read only = no\n"
263
" create mask = 0755\n"
264
msgstr ""
265
"\n"
266
"[share]\n"
267
" comment = Ubuntu File Server Share\n"
268
" path = /srv/samba/share\n"
269
" browsable = yes\n"
270
" guest ok = yes\n"
271
" read only = no\n"
272
" create mask = 0755\n"
273
274
#: serverguide/C/windows-networking.xml:151(para)
275
msgid ""
276
"<emphasis>comment:</emphasis> a short description of the share. Adjust to "
277
"fit your needs."
278
msgstr ""
279
"<emphasis>comment:</emphasis> คำอธิบายสั้นๆเกี่ยวกับแชร์ของคุณ "
280
"แก้ตามที่คุณต้องการ"
281
282
#: serverguide/C/windows-networking.xml:156(para)
283
msgid "<emphasis>path:</emphasis> the path to the directory to share."
284
msgstr "<emphasis>path:</emphasis> path ของแฟ้มข้อมูลทีคุณต้องการแชร์"
285
286
#: serverguide/C/windows-networking.xml:159(para)
287
msgid ""
288
"This example uses <filename>/srv/samba/sharename</filename> because, "
289
"according to the <emphasis>Filesystem Hierarchy Standard (FHS)</emphasis>, "
290
"<ulink url=\"http://www.pathname.com/fhs/pub/fhs-"
291
"2.3.html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM\">/srv</ulink> is where site-"
292
"specific data should be served. Technically Samba shares can be placed "
293
"anywhere on the filesystem as long as the permissions are correct, but "
294
"adhering to standards is recommended."
295
msgstr ""
296
"ตัวอย่างนี้ใช้ <filename>/srv/samba/sharename</filename> เพราะว่ามาตรฐาน "
297
"<emphasis>Filesystem Hierarchy Standard (FHS)</emphasis> "
298
"แนะนำให้แชร์ข้อมูลต่างๆจาก <ulink url=\"http://www.pathname.com/fhs/pub/fhs-"
299
"2.3.html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM\">/srv</ulink> "
300
"ในทางเทคนิคแล้วแฟ้มข้อมูลที่ถูกแชร์ผ่านแซมบ้าจะอยู่ที่ไหนในะระบบก็ได้ตราบใดที"
301
"่คุณให้สิทธิ์การเข้าถึงแฟ้มข้อมูลนั้นอย่างถูกต้อง "
302
"อย่างไรก็ตามเราแนะนำให้คุณตามมาตรฐานถ้าเป็นไปได้"
303
304
#: serverguide/C/windows-networking.xml:168(para)
305
msgid ""
306
"<emphasis>browsable:</emphasis> enables Windows clients to browse the shared "
307
"directory using <application>Windows Explorer</application>."
308
msgstr ""
309
"<emphasis>browsable:</emphasis> "
310
"อนุญาติให้เครื่องลูกข่ายวินโดว์สามารถมองเห็นแฟ้มข้อมูลที่ถูกแชร์โดยใช้โปรแกรม"
311
" <application>Windows Explorer</application>"
312
313
#: serverguide/C/windows-networking.xml:174(para)
314
msgid ""
315
"<emphasis>guest ok:</emphasis> allows clients to connect to the share "
316
"without supplying a password."
317
msgstr ""
318
"<emphasis>guest ok:</emphasis> "
319
"อนุญาติให้เครื่องลูกข่ายใช้งานแชร์โดยไม่ต้องระบุรหัสผ่าน"
320
321
#: serverguide/C/windows-networking.xml:179(para)
322
msgid ""
323
"<emphasis>read only:</emphasis> determines if the share is read only or if "
324
"write privileges are granted. Write privileges are allowed only when the "
325
"value is <emphasis>no</emphasis>, as is seen in this example. If the value "
326
"is <emphasis>yes</emphasis>, then access to the share is read only."
327
msgstr ""
328
329
#: serverguide/C/windows-networking.xml:184(para)
330
msgid ""
331
"<emphasis>create mask:</emphasis> determines the permissions new files will "
332
"have when created."
333
msgstr "<emphasis>create mask:</emphasis> ระบุสิทธิ์ของไฟล์ที่ถูกสร้างใหม่"
334
335
#: serverguide/C/windows-networking.xml:193(para)
336
msgid ""
337
"Now that <application>Samba</application> is configured, the directory needs "
338
"to be created and the permissions changed. From a terminal enter:"
339
msgstr ""
340
"เอาล่ะ หลังจากคุณได้ตั้งค่าต่างๆของ <application>แซมบ้า</application> แล้ว "
341
"ก็ถึงเวลาที่คุณจะสร้างแฟ้มข้อมูลและแก้ไขสิทธิ์ของแฟ้มข้อมูล ให้พิมพ์คำสั่ง:"
342
343
#: serverguide/C/windows-networking.xml:199(command)
344
msgid "sudo mkdir -p /srv/samba/share"
345
msgstr "sudo mkdir -p /srv/samba/share"
346
347
#: serverguide/C/windows-networking.xml:200(command)
348
msgid "sudo chown nobody.nogroup /srv/samba/share/"
349
msgstr "sudo chown nobody.nogroup /srv/samba/share/"
350
351
#: serverguide/C/windows-networking.xml:204(para)
352
msgid ""
353
"The <emphasis>-p</emphasis> switch tells mkdir to create the entire "
354
"directory tree if it doesn't exist. Change the share name to fit your "
355
"environment."
356
msgstr ""
357
"ตัวเลือก <emphasis>-p</emphasis> บอกให้ mkdir "
358
"สร้างแฟ้มข้อมูลขึ้นมาใหม่ทั้งหมดถ้าไม่มีอยู่ "
359
"เปลี่ยนชื่อของแฟ้มข้อมูลที่ถูกแชร์ตามที่คุณต้องการ"
360
361
#: serverguide/C/windows-networking.xml:213(para)
362
msgid ""
363
"Finally, restart the <application>samba</application> services to enable the "
364
"new configuration:"
365
msgstr ""
366
"ขั้นตอนสุดท้ายคือการเริ่มโปรแกรม <application>samba</application> "
367
"เพื่อให้การตั้งค่าใหม่มีผลบังคับใช้:"
368
369
#: serverguide/C/windows-networking.xml:218(command) serverguide/C/windows-networking.xml:331(command) serverguide/C/windows-networking.xml:468(command) serverguide/C/windows-networking.xml:567(command) serverguide/C/windows-networking.xml:937(command) serverguide/C/windows-networking.xml:1047(command) serverguide/C/windows-networking.xml:1162(command) serverguide/C/network-auth.xml:1860(command)
370
msgid "sudo /etc/init.d/samba restart"
371
msgstr "sudo /etc/init.d/samba restart"
372
373
#: serverguide/C/windows-networking.xml:225(para)
374
msgid ""
375
"Once again, the above configuration gives all access to any client on the "
376
"local network. For a more secure configuration see <xref linkend=\"samba-"
377
"fileprint-security\"/>."
378
msgstr ""
379
"การตั้งค่าตามด้านบนนั้นอนุญาติให้เครื่องลูกข่ายทำอะไรกับแฟ้มข้อมูลที่ถูกแชร์ "
380
" ถ้าคุณต้องการกำหนดสิทธิ์อย่างเคร่งคัดขึ้นกรุณาดู <xref linkend=\"samba-"
381
"fileprint-security\"/>"
382
383
#: serverguide/C/windows-networking.xml:231(para)
384
msgid ""
385
"From a Windows client you should now be able to browse to the Ubuntu file "
386
"server and see the shared directory. To check that everything is working try "
387
"creating a directory from Windows."
388
msgstr ""
389
"เพียงเท่านี้คุณก็น่าจะสามารถเห็นแฟ้มข้อมูลที่ถูกแชร์บนเซิร์ฟเวอร์อูบุนตูจากเค"
390
"รื่องลูกข่ายวินโดว์ได้แล้ว "
391
"ลองตรวจสอบว่าทุกอย่างทำงานได้ตามปกติโดยสร้างแฟ้มใหม่จากเครื่องวินโดว์ดู"
392
393
#: serverguide/C/windows-networking.xml:236(para)
394
msgid ""
395
"To create additional shares simply create new <emphasis>[dir]</emphasis> "
396
"sections in <filename>/etc/samba/smb.conf</filename>, and restart "
397
"<emphasis>Samba</emphasis>. Just make sure that the directory you want to "
398
"share actually exists and the permissions are correct."
399
msgstr ""
400
"คุณสามารถสร้างแชร์เพิ่มได้โดยเพิ่มหมวด <emphasis>[dir]</emphasis> ใหม่ในไฟล์ "
401
"<filename>/etc/samba/smb.conf</filename> จากนั้นให้เริ่มโปรแกรม "
402
"<emphasis>Samba</emphasis> ใหม่ "
403
"อย่าลืมตรวจสอบให้แน่ใจว่าแฟ้มที่คุณต้องการแชร์นั้นมีอยู่จริงและคุณได้กำหนดสิท"
404
"ธิ์ถูกต้อง"
405
406
#: serverguide/C/windows-networking.xml:243(title) serverguide/C/windows-networking.xml:341(title) serverguide/C/windows-networking.xml:696(title) serverguide/C/windows-networking.xml:1066(title) serverguide/C/windows-networking.xml:1273(title) serverguide/C/virtualization.xml:366(title) serverguide/C/virtualization.xml:1168(title) serverguide/C/reporting-bugs.xml:304(title) serverguide/C/remote-administration.xml:491(title) serverguide/C/network-config.xml:569(title) serverguide/C/network-config.xml:824(title) serverguide/C/network-auth.xml:1531(title) serverguide/C/network-auth.xml:1975(title) serverguide/C/network-auth.xml:2579(title) serverguide/C/network-auth.xml:3087(title) serverguide/C/installation.xml:892(title) serverguide/C/installation.xml:1173(title) serverguide/C/databases.xml:122(title) serverguide/C/databases.xml:273(title) serverguide/C/backups.xml:855(title)
407
msgid "Resources"
408
msgstr "แหล่งข้อมูล"
409
410
#: serverguide/C/windows-networking.xml:247(para) serverguide/C/windows-networking.xml:345(para) serverguide/C/windows-networking.xml:700(para) serverguide/C/windows-networking.xml:1070(para)
411
msgid ""
412
"For in depth Samba configurations see the <ulink "
413
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba HOWTO "
414
"Collection</ulink>"
415
msgstr ""
416
"สำหรับการตั้งค่าแซมบ้าขั้นสูง กรุณาดูที่ <ulink "
417
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba HOWTO "
418
"Collection</ulink>"
419
420
#: serverguide/C/windows-networking.xml:253(para) serverguide/C/windows-networking.xml:351(para) serverguide/C/windows-networking.xml:706(para) serverguide/C/windows-networking.xml:1076(para)
421
msgid ""
422
"The guide is also available in <ulink "
423
"url=\"http://www.amazon.com/exec/obidos/tg/detail/-/0131882228\">printed "
424
"format</ulink>."
425
msgstr ""
426
"คุณสามารถอ่านคู่มือนี้<ulink "
427
"url=\"http://www.amazon.com/exec/obidos/tg/detail/-"
428
"/0131882228\">ในแบบหนังสือ</ulink>ได้"
429
430
#: serverguide/C/windows-networking.xml:259(para) serverguide/C/windows-networking.xml:357(para)
431
msgid ""
432
"O'Reilly's <ulink "
433
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is "
434
"another good reference."
435
msgstr ""
436
"หนังสือ <ulink url=\"http://www.oreilly.com/catalog/9780596007690/\">Using "
437
"Samba</ulink> ของสำนักพิมพ์ O'Reilly ก็เป็นแหล่งข้อมูลที่ดีอีกอันหนึ่ง"
438
439
#: serverguide/C/windows-networking.xml:265(para) serverguide/C/windows-networking.xml:368(para) serverguide/C/windows-networking.xml:731(para) serverguide/C/windows-networking.xml:1100(para) serverguide/C/windows-networking.xml:1286(para)
440
msgid ""
441
"The <ulink url=\"https://help.ubuntu.com/community/Samba\">Ubuntu Wiki Samba "
442
"</ulink> page."
443
msgstr ""
444
445
#: serverguide/C/windows-networking.xml:274(title)
446
msgid "Samba Print Server"
447
msgstr "การใช้แซมบ้าเป็นเซิร์ฟเวอร์สำหรับการพิมพ์"
448
449
#: serverguide/C/windows-networking.xml:276(para)
450
msgid ""
451
"Another common use of Samba is to configure it to share printers installed, "
452
"either locally or over the network, on an Ubuntu server. Similar to <xref "
453
"linkend=\"samba-fileserver\"/> this section will configure Samba to allow "
454
"any client on the local network to use the installed printers without "
455
"prompting for a username and password."
456
msgstr ""
457
"ประโยชน์อีกอย่างนึงของแซมบ้าคือคุณสามารถแชร์เครื่องพิมพ์ผ่านแซมบ้าได้ "
458
"ไม่ว่าจะเป็นเครื่องพิมพ์ที่ต่อกับเซิร์ฟเวอร์อูบุนตูของคุณหรือเครื่องพิมพ์ที่อ"
459
"ยู่ที่อื่นๆในเครือข่าย เช่นเดียวกับในส่วน <xref linkend=\"samba-"
460
"fileserver\"/> "
461
"ส่วนนี้จะอธิบายการตั้งค่าแซมบ้าให้เครื่องลูกข่ายใช้เครื่องพิมพ์ผ่านแซมบ้าได้โ"
462
"ดยไม่ต้องระบุชื่อผู้ใช้และรหัสผ่าน"
463
464
#: serverguide/C/windows-networking.xml:282(para)
465
msgid ""
466
"For a more secure configuration see <xref linkend=\"samba-fileprint-"
467
"security\"/>."
468
msgstr ""
469
"ถ้าคุณต้องการตั้งค่าความปลอดภัยเพิ่มเติม กรุณาดู <xref linkend=\"samba-"
470
"fileprint-security\"/>"
471
472
#: serverguide/C/windows-networking.xml:289(para)
473
msgid ""
474
"Before installing and configuring Samba it is best to already have a working "
475
"<application>CUPS</application> installation. See <xref linkend=\"cups\"/> "
476
"for details."
477
msgstr ""
478
"ก่อนติดตั้งและตั้งค่าแซมบ้า คุณควรจะมีโปรแกรม "
479
"<application>CUPS</application> ที่ทำงานได้เสียก่อน ลองดู <xref "
480
"linkend=\"cups\"/> สำหรับรายละเอียดเกี่ยวกับ CUPS"
481
482
#: serverguide/C/windows-networking.xml:294(para)
483
msgid ""
484
"To install the <application>samba</application> package, from a terminal "
485
"enter:"
486
msgstr ""
487
"ติดตั้งชุดโปรแกรม <application>แซมบ้า</application> โดยพิมพ์คำสั่งดังนี้:"
488
489
#: serverguide/C/windows-networking.xml:305(para)
490
msgid ""
491
"After installing samba edit <filename>/etc/samba/smb.conf</filename>. Change "
492
"the <emphasis>workgroup</emphasis> attribute to what is appropriate for your "
493
"network, and change <emphasis>security</emphasis> to <emphasis "
494
"role=\"italic\">share</emphasis>:"
495
msgstr ""
496
"หลังติดตั้งแซมบ้า แก้ไขไฟล์ <filename>/etc/samba/smb.conf</filename> "
497
"โดยเปลี่ยนชื่อ <emphasis>workgroup</emphasis> เป็นชื่อที่คุณต้องการ "
498
"และเปลี่ยนค่า <emphasis>security</emphasis> เป็น <emphasis "
499
"role=\"italic\">share</emphasis>:"
500
501
#: serverguide/C/windows-networking.xml:317(para)
502
msgid ""
503
"In the <emphasis>[printers]</emphasis> section change the <emphasis>guest "
504
"ok</emphasis> option to <emphasis role=\"italic\">yes</emphasis>:"
505
msgstr ""
506
"ในหมวด <emphasis>[printers]</emphasis> เปลี่ยนค่า <emphasis>guest "
507
"ok</emphasis> เป็น <emphasis role=\"italic\">yes</emphasis>:"
508
509
#: serverguide/C/windows-networking.xml:321(programlisting)
510
#, no-wrap
511
msgid ""
512
"\n"
513
" browsable = yes\n"
514
" guest ok = yes\n"
515
msgstr ""
516
"\n"
517
" browsable = yes\n"
518
" guest ok = yes\n"
519
520
#: serverguide/C/windows-networking.xml:326(para)
521
msgid "After editing <filename>smb.conf</filename> restart Samba:"
522
msgstr ""
523
524
#: serverguide/C/windows-networking.xml:334(para)
525
msgid ""
526
"The default Samba configuration will automatically share any printers "
527
"installed. Simply install the printer locally on your Windows clients."
528
msgstr ""
529
"ค่าที่มากับการติดตั้งแซมบ้านั้นจะแชร์เครื่องพิมพ์ที่ต่อกับเครื่องโดยอัตโนมัติ"
530
" คุณแค่ต้องเพิ่มเครื่องพิมพ์ในเครื่องลูกข่ายวินโดว์ของคุณเท่านั้น"
531
532
#: serverguide/C/windows-networking.xml:363(para)
533
msgid ""
534
"Also, see the <ulink url=\"http://www.cups.org/\">CUPS Website</ulink> for "
535
"more information on configuring CUPS."
536
msgstr ""
537
"นอกจากนั้นลองดู <ulink url=\"http://www.cups.org/\">เว็บไซต์ของ CUPS</ulink> "
538
"สำหรับข้อมูลการตั้งค่า CUPS"
539
540
#: serverguide/C/windows-networking.xml:377(title)
541
msgid "Securing a Samba File and Print Server"
542
msgstr "การรักษาความปลอดภัยเซิร์ฟเวอร์แซมบ้า"
543
544
#: serverguide/C/windows-networking.xml:380(title)
545
msgid "Samba Security Modes"
546
msgstr "โหมดความปลอดภัยของแซมบ้า"
547
548
#: serverguide/C/windows-networking.xml:382(para)
549
msgid ""
550
"There are two security levels available to the Common Internet Filesystem "
551
"(CIFS) network protocol <emphasis>user-level</emphasis> and <emphasis>share-"
552
"level</emphasis>. Samba's <emphasis>security mode</emphasis> implementation "
553
"allows more flexibility, providing four ways of implementing user-level "
554
"security and one way to implement share-level:"
555
msgstr ""
556
"โปรโตคอลเครือข่าย Common Internet Filesystem (CIFS) "
557
"ได้ระบุระดับความปลอดภัยไว้สองระดับคือระดับผู้ใช้ (<emphasis>user-"
558
"level</emphasis>) และระดับแชร์ (<emphasis>share-level</emphasis>) "
559
"แซมบ้ามีระบบความปลอดภัยที่ยืดหยุ่นกว่าที่เรียกว่าโหมดความปลอดภัย "
560
"(<emphasis>security mode</emphasis>) ที่มีถึง 4 "
561
"วิธีในการรักษาความปลอดภัยสำหรับระดับผู้ใช้และอีก 1 วิธีสำหรับระดับแชร์:"
562
563
#: serverguide/C/windows-networking.xml:391(para)
564
msgid ""
565
"<emphasis>security = user:</emphasis> requires clients to supply a username "
566
"and password to connect to shares. Samba user accounts are separate from "
567
"system accounts, but the <application>libpam-smbpass</application> package "
568
"will sync system users and passwords with the Samba user database."
569
msgstr ""
570
"<emphasis>security = user:</emphasis> "
571
"บังคับให้เครื่องลูกข่ายต้องระบุชื่อผู้ใช้และรหัสผ่านเพื่อที่จะเชื่อมต่อเข้ากั"
572
"บแชร์ บัญชีผู้ใช้ของแซมบ้านั้นแยกกันกับบัญชีผู้ใช้ของระบบ แต่ว่าแพคเกจ "
573
"<application>libpam-smbpass</application> "
574
"จะช่วยทำให้ชื่อและรหัสผ่านของระบบเหมือนกันกับในฐานข้อมูลของแซมบ้าได้"
575
576
#: serverguide/C/windows-networking.xml:398(para)
577
msgid ""
578
"<emphasis>security = domain:</emphasis> this mode allows the Samba server to "
579
"appear to Windows clients as a Primary Domain Controller (PDC), Backup "
580
"Domain Controller (BDC), or a Domain Member Server (DMS). See <xref "
581
"linkend=\"samba-dc\"/> for further information."
582
msgstr ""
583
"<emphasis>security = domain:</emphasis> "
584
"โหมดนี้ทำให้เซิร์ฟเวอร์แซมบ้าทำตัวเป็น Primary Domain Controller (PDC), "
585
"Backup Domain Controller (BDC), หรือ Domain Member Server (DMS) "
586
"สำหรับเครื่องลูกข่ายวินโดว์ได้ กรุณาดูรายละเอียดเพิ่มเติมที่ <xref "
587
"linkend=\"samba-dc\"/>"
588
589
#: serverguide/C/windows-networking.xml:405(para)
590
msgid ""
591
"<emphasis>security = ADS:</emphasis> allows the Samba server to join an "
592
"Active Directory domain as a native member. See <xref linkend=\"samba-ad-"
593
"integration\"/> for details."
594
msgstr ""
595
"<emphasis>security = ADS:</emphasis> ทำให้เซิร์ฟเวอร์แซมบ้าเข้าร่วมกับโดเมน "
596
"Active Directory ในฐานะสมาชิกของโดเมน กรุณาดูรายละเอียดเพิ่มเติมที่ <xref "
597
"linkend=\"samba-ad-integration\"/>"
598
599
#: serverguide/C/windows-networking.xml:411(para)
600
msgid ""
601
"<emphasis>security = server:</emphasis> this mode is left over from before "
602
"Samba could become a member server, and due to some security issues should "
603
"not be used. See the <ulink url=\"http://samba.org/samba/docs/man/Samba-"
604
"HOWTO-Collection/ServerType.html#id349531\">Server Security</ulink> section "
605
"of the Samba guide for more details."
606
msgstr ""
607
"<emphasis>security = server:</emphasis> "
608
"โหมดนี้เป็นโหมดที่หลงเหลือก่อนที่แซมบ้าจะสามารถเป็นสมาชิกของโดเมนได้ "
609
"และเนื่องจากปัญหาเกี่ยวกับความปลอดภัยเราไม่แนะนำให้คุณใช้โหมดนี้ "
610
"กรุณาอ่านส่วน <ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
611
"Collection/ServerType.html#id349531\">การรักษาความปลอดภัยของเซิร์ฟเวอร์</ulin"
612
"k>ในคู่มือแซมบ้าเพื่อดูรายละเอียดเพิ่มเติม"
613
614
#: serverguide/C/windows-networking.xml:419(para)
615
msgid ""
616
"<emphasis>security = share:</emphasis> allows clients to connect to shares "
617
"without supplying a username and password."
618
msgstr ""
619
"<emphasis>security = share:</emphasis> "
620
"อนุญาติให้เครื่องลูกข่ายเชื่อมต่อเข้าไปที่แชร์โดยไม่ต้องระบุชื่อผู้ใช้และรหัส"
621
"ผ่าน"
622
623
#: serverguide/C/windows-networking.xml:426(para)
624
msgid ""
625
"The security mode you choose will depend on your environment and what you "
626
"need the Samba server to accomplish."
627
msgstr ""
628
"โหมดความปลอดภัยที่คุณเลือกขึ้นอยู่กับว่าคุณอยากให้เซิร์ฟเวอร์แซมบ้าของคุณทำอะ"
629
"ไร"
630
631
#: serverguide/C/windows-networking.xml:432(title)
632
msgid "Security = User"
633
msgstr "ความปลอดภัยระดับ Security = User"
634
635
#: serverguide/C/windows-networking.xml:434(para)
636
msgid ""
637
"This section will reconfigure the Samba file and print server, from <xref "
638
"linkend=\"samba-fileserver\"/> and <xref linkend=\"samba-printserver\"/>, to "
639
"require authentication."
640
msgstr ""
641
"ส่วนนี้จะแสดงการตั้งค่าแซมบ้าต่อจาก <xref linkend=\"samba-fileserver\"/> และ "
642
"<xref linkend=\"samba-printserver\"/> เพื่อให้มีการลงชื่อเข้าใช้แชร์"
643
644
#: serverguide/C/windows-networking.xml:439(para)
645
msgid ""
646
"First, install the <application>libpam-smbpass</application> package which "
647
"will sync the system users to the Samba user database:"
648
msgstr ""
649
"ก่อนอื่นคุณต้องติดตั้งแพคเกจ <application>libpam-smbpass</application> "
650
"ซึ่งจะทำให้ชื่อและรหัสผ่านของผู้ใช้ในระบบเหมือนกันกับในฐานข้อมูลผู้ใช้ของแซมบ"
651
"้า:"
652
653
#: serverguide/C/windows-networking.xml:445(command)
654
msgid "sudo apt-get install libpam-smbpass"
655
msgstr "sudo apt-get install libpam-smbpass"
656
657
#: serverguide/C/windows-networking.xml:449(para)
658
msgid ""
659
"If you chose the <emphasis>Samba Server</emphasis> task during installation "
660
"<application>libpam-smbpass</application> is already installed."
661
msgstr ""
662
"ถ้าคุณเลือกติดตั้ง <emphasis>เซิร์ฟเวอร์แซมบ้า</emphasis> ตอนติดตั้งอูบุนตู "
663
"แพคเกจ <application>libpam-smbpass</application> ได้ถูกติดตั้งเรียบร้อยแล้ว"
664
665
#: serverguide/C/windows-networking.xml:455(para)
666
msgid ""
667
"Edit <filename>/etc/samba/smb.conf</filename>, and in the "
668
"<emphasis>[share]</emphasis> section change:"
669
msgstr ""
670
"แก้ไขหมวด <emphasis>[share]</emphasis> ในไฟล์ "
671
"<filename>/etc/samba/smb.conf</filename>:"
672
673
#: serverguide/C/windows-networking.xml:459(programlisting)
674
#, no-wrap
675
msgid ""
676
"\n"
677
" guest ok = no\n"
678
msgstr ""
679
"\n"
680
" guest ok = no\n"
681
682
#: serverguide/C/windows-networking.xml:463(para)
683
msgid "Finally, restart Samba for the new settings to take effect:"
684
msgstr "จากนั้นเริ่มโปรแกรมแซมบ้าใหม่เพื่อให้การตั้งค่าใหม่มีผลบังคับใช้:"
685
686
#: serverguide/C/windows-networking.xml:471(para)
687
msgid ""
688
"Now when connecting to the shared directories or printers you should be "
689
"prompted for a username and password."
690
msgstr ""
691
"จากนี้ไปเมื่อคุณเชื่อมต่อเข้าใช้งานแฟ้มข้อมูลหรือเครื่องพิมพ์ที่แชร์ผ่านแซมบ้"
692
"า คุณจะต้องระบุชื่อผู้ใช้และรหัสผ่าน"
693
694
#: serverguide/C/windows-networking.xml:476(para)
695
msgid ""
696
"If you choose to map a network drive to the share you can check the "
697
"<quote>Reconnect at Logon</quote> check box, which will require you to only "
698
"enter the username and password once, at least until the password changes."
699
msgstr ""
700
"ถ้าคุณต้องการให้แฟ้มข้อมูลที่แชร์แสดงเป็นไดรฟ์ในวินโดว์ ให้เช็คเครื่องหมาย "
701
"<quote>Reconnect at Logon</quote> "
702
"ซึ่งจะบังคับให้คุณต้องใส่ชื่อผู้ใช้และรหัสผ่านแค่ครั้งเดียว "
703
"อย่างน้อยก็จนกว่ารหัสผ่านจะเปลี่ยนแปลง"
704
705
#: serverguide/C/windows-networking.xml:484(title)
706
msgid "Share Security"
707
msgstr "ระดับความปลอดภัยแบบแชร์"
708
709
#: serverguide/C/windows-networking.xml:486(para)
710
msgid ""
711
"There are several options available to increase the security for each "
712
"individual shared directory. Using the <emphasis>[share]</emphasis> example, "
713
"this section will cover some common options."
714
msgstr ""
715
"มีหลายวิธีที่คุณสามารถใช้ได้เพื่อรักษาความปลอดภัยให้กับแต่ละแฟ้มข้อมูลที่ถูกแ"
716
"ชร์ หมวดนี้จะแสดงตัวเลือกที่ใช้โดยทั่วไปโดยใช้ตัวอย่าง "
717
"<emphasis>[share]</emphasis> จากส่วนก่อนหน้า"
718
719
#: serverguide/C/windows-networking.xml:492(title)
720
msgid "Groups"
721
msgstr "กลุ่ม"
722
723
#: serverguide/C/windows-networking.xml:494(para)
724
msgid ""
725
"Groups define a collection of computers or users which have a common level "
726
"of access to particular network resources and offer a level of granularity "
727
"in controlling access to such resources. For example, if a group <emphasis "
728
"role=\"italic\">qa</emphasis> is defined and contains the users <emphasis "
729
"role=\"italic\">freda</emphasis>, <emphasis "
730
"role=\"italic\">danika</emphasis>, and <emphasis "
731
"role=\"italic\">rob</emphasis> and a second group <emphasis "
732
"role=\"italic\">support</emphasis> is defined and consists of users "
733
"<emphasis role=\"italic\">danika</emphasis>, <emphasis "
734
"role=\"italic\">jeremy</emphasis>, and <emphasis "
735
"role=\"italic\">vincent</emphasis> then certain network resources configured "
736
"to allow access by the <emphasis role=\"italic\">qa</emphasis> group will "
737
"subsequently enable access by freda, danika, and rob, but not jeremy or "
738
"vincent. Since the user <emphasis role=\"italic\">danika</emphasis> belongs "
739
"to both the <emphasis role=\"italic\">qa</emphasis> and <emphasis "
740
"role=\"italic\">support</emphasis> groups, she will be able to access "
741
"resources configured for access by both groups, whereas all other users will "
742
"have only access to resources explicitly allowing the group they are part of."
743
msgstr ""
744
"กลุ่มเป็นตัวแทนของกลุ่มของเครื่องลูกข่ายหรือกลุ่มของผู้ใช้ในเครือข่ายที่สมาชิ"
745
"กในกลุ่มได้รับสิทธิ์เหมือนๆกันในการใช้งานทรัพยากรเครือข่าย "
746
"และทำให้การกำหนดสิทธิ์ง่ายขึ้น ยกตัวอย่างเช่น ถ้ามีกลุ่มชื่อ <emphasis "
747
"role=\"italic\">qa</emphasis> ที่มีผู้ใช้ชื่อ <emphasis "
748
"role=\"italic\">freda</emphasis>, <emphasis "
749
"role=\"italic\">danika</emphasis>, และ <emphasis "
750
"role=\"italic\">rob</emphasis> และอีกกลุ่มหนึ่งชื่อ <emphasis "
751
"role=\"italic\">support</emphasis> ที่มีสมาชิกชื่อ <emphasis "
752
"role=\"italic\">danika</emphasis>, <emphasis "
753
"role=\"italic\">jeremy</emphasis>, และ <emphasis "
754
"role=\"italic\">vincent</emphasis> ทรัพยากรใดๆก็ตามที่กลุ่ม <emphasis "
755
"role=\"italic\">qa</emphasis> สามารถใช้งานได้ก็หมายความว่าสมาชิกในกลุ่มคือ "
756
"freda, danika, และ rob ก็สามารถใช้งานได้เช่นกัน แต่ jeremy และ vincent "
757
"จะไม่สามารถใช้งานได้เพราะไม่ใช่สมาชิกในกลุ่ม และเนื่องจากว่า <emphasis "
758
"role=\"italic\">danika</emphasis> เป็นสมาชิกของทั้งกลุ่ม <emphasis "
759
"role=\"italic\">qa</emphasis> และ <emphasis "
760
"role=\"italic\">support</emphasis> เธอจึงสามารถใช้ทรัพยากรของทั้งสองกลุ่มได้ "
761
"ต่างจากคนอื่นๆที่อยู่ในกลุ่มๆเดียวและสามารถใช้งานเฉพาะทรัพยากรที่กลุ่มนั้นๆได"
762
"้รับอนุญาติ"
763
764
#: serverguide/C/windows-networking.xml:508(para)
765
msgid ""
766
"By default Samba looks for the local system groups defined in "
767
"<filename>/etc/group</filename> to determine which users belong to which "
768
"groups. For more information on adding and removing users from groups see "
769
"<xref linkend=\"adding-deleting-users\"/>."
770
msgstr ""
771
"โดยปกติแซมบ้าจะหากลุ่มผู้ใช้ในระบบจากไฟล์ <filename>/etc/group</filename> "
772
"เพื่อดูว่าผู้ใช้เป็นสมาชิกของกลุ่มไหน "
773
"สำหรับข้อมูลเพิ่มเติมเกี่ยวกับการเพิ่งหรือลบผู้ใช้ออกจากกลุ่มลองดูที่ <xref "
774
"linkend=\"adding-deleting-users\"/>"
775
776
#: serverguide/C/windows-networking.xml:514(para)
777
msgid ""
778
"When defining groups in the Samba configuration file, "
779
"<filename>/etc/samba/smb.conf</filename>, the recognized syntax is to "
780
"preface the group name with an \"@\" symbol. For example, if you wished to "
781
"define a group named <emphasis role=\"italic\">sysadmin</emphasis> in a "
782
"certain section of the <filename>/etc/samba/smb.conf</filename>, you would "
783
"do so by entering the group name as <emphasis "
784
"role=\"bold\">@sysadmin</emphasis>."
785
msgstr ""
786
"เมื่อคุณสร้างกลุ่มในไฟล์การตั้งค่าของแซมบ้าที่ "
787
"<filename>/etc/samba/smb.conf</filename> "
788
"คุณต้องเริ่มต้นชื่อกลุ่มด้วยเครื่องหมาย \"@\" "
789
"เช่นถ้าคุณต้องการสร้างกลุ่มชื่อ <emphasis "
790
"role=\"italic\">sysadmin</emphasis> ในหมวดใดๆของไฟล์ "
791
"<filename>/etc/samba/smb.conf</filename> คุณต้องใส่ชื่อกลุ่มเป็น <emphasis "
792
"role=\"bold\">@sysadmin</emphasis>"
793
794
#: serverguide/C/windows-networking.xml:523(title)
795
msgid "File Permissions"
796
msgstr "สิทธิ์ของไฟล์"
797
798
#: serverguide/C/windows-networking.xml:525(para)
799
msgid ""
800
"File Permissions define the explicit rights a computer or user has to a "
801
"particular directory, file, or set of files. Such permissions may be defined "
802
"by editing the <filename>/etc/samba/smb.conf</filename> file and specifying "
803
"the explicit permissions of a defined file share."
804
msgstr ""
805
"สิทธิ์ของไฟล์เป็นตัวกำหนดว่าเครื่องคอมพิวเตอร์หรือผู้ใช้มีสิทธิ์ในการทำอะไรกั"
806
"บแฟ้มข้อมูล ไฟล์ หรือกลุ่มของไฟล์ได้บ้าง "
807
"คุณสามารถกำหนดสิทธิ์เหล่านี้โดยแก้ไฟล์ "
808
"<filename>/etc/samba/smb.conf</filename> และระบุสิทธิ์ต่างๆสำหรับแต่ละแชร์"
809
810
#: serverguide/C/windows-networking.xml:531(para)
811
msgid ""
812
"For example, if you have defined a Samba share called "
813
"<emphasis>share</emphasis> and wish to give <emphasis role=\"italic\">read-"
814
"only</emphasis> permissions to the group of users known as <emphasis "
815
"role=\"italic\">qa</emphasis>, but wanted to allow writing to the share by "
816
"the group called <emphasis role=\"italic\">sysadmin</emphasis> and the user "
817
"named <emphasis role=\"italic\">vincent</emphasis>, then you could edit the "
818
"<filename>/etc/samba/smb.conf</filename> file, and add the following entries "
819
"under the <emphasis>[share]</emphasis> entry:"
820
msgstr ""
821
"ยกตัวอย่างเช่น ถ้าคุณสร้างแชร์ในแซมบ้าชื่อ <emphasis>share</emphasis> "
822
"และต้องการให้สิทธิ์ <emphasis role=\"italic\">read-only</emphasis> "
823
"หรือให้เฉพาะสิทธิ์การอ่านกับกลุ่มของผู้ใช้ชื่อ <emphasis "
824
"role=\"italic\">qa</emphasis> "
825
"แต่ต้องการให้สิทธิ์การอ่านและเขียนกับกลุ่มของผู้ใช้ที่ชื่อ <emphasis "
826
"role=\"italic\">sysadmin</emphasis> และผู้ใช้ที่ชื่อ <emphasis "
827
"role=\"italic\">vincent</emphasis> คุณต้องแก้ไขไฟล์ "
828
"<filename>/etc/samba/smb.conf</filename> และตั้งค่าเหล่านี้ภายใต้หมวด "
829
"<emphasis>[share]</emphasis>:"
830
831
#: serverguide/C/windows-networking.xml:540(programlisting)
832
#, no-wrap
833
msgid ""
834
"\n"
835
" read list = @qa\n"
836
" write list = @sysadmin, vincent\n"
837
msgstr ""
838
"\n"
839
" read list = @qa\n"
840
" write list = @sysadmin, vincent\n"
841
842
#: serverguide/C/windows-networking.xml:545(para)
843
msgid ""
844
"Another possible Samba permission is to declare "
845
"<emphasis>administrative</emphasis> permissions to a particular shared "
846
"resource. Users having administrative permissions may read, write, or modify "
847
"any information contained in the resource the user has been given explicit "
848
"administrative permissions to."
849
msgstr ""
850
"สิทธิ์อีกแบบนึงที่คุณสามารถใช้ได้คือ "
851
"<emphasis>administrative</emphasis>หรือสิทธิ์ของผู้ดูแล "
852
"ซึ่งหมายความว่าใครก็ตามที่ได้สิทธิ์นี้จะสามารถอ่าน เขียน "
853
"แก้ไขข้อมูลใดๆก็ตามที่อยู่ในแชร์นั้นๆ"
854
855
#: serverguide/C/windows-networking.xml:551(para)
856
msgid ""
857
"For example, if you wanted to give the user <emphasis "
858
"role=\"italic\">melissa</emphasis> administrative permissions to the "
859
"<emphasis role=\"italic\">share</emphasis> example, you would edit the "
860
"<filename>/etc/samba/smb.conf</filename> file, and add the following line "
861
"under the <emphasis>[share]</emphasis> entry:"
862
msgstr ""
863
"ยกตัวอย่างเช่น ถ้าคุณต้องการให้สิทธิ์ผู้ดูแลกับ <emphasis "
864
"role=\"italic\">melissa</emphasis> สำหรับแชร์ในตัวอย่าง <emphasis "
865
"role=\"italic\">share</emphasis> ก่อนหน้านี้ คุณต้องแก้ไขไฟล์ "
866
"<filename>/etc/samba/smb.conf</filename> และเพิ่มบรรทัดต่อไปนี้ภายใต้หมวด "
867
"<emphasis>[share]</emphasis>:"
868
869
#: serverguide/C/windows-networking.xml:558(programlisting)
870
#, no-wrap
871
msgid ""
872
"\n"
873
" admin users = melissa\n"
874
msgstr ""
875
"\n"
876
" admin users = melissa\n"
877
878
#: serverguide/C/windows-networking.xml:562(para)
879
msgid ""
880
"After editing <filename>/etc/samba/smb.conf</filename>, restart Samba for "
881
"the changes to take effect:"
882
msgstr ""
883
"หลังจากแก้ไขไฟล์ <filename>/etc/samba/smb.conf</filename> "
884
"แล้วให้เริ่มโปรแกรมแซมบ้าใหม่เพื่อให้ข้อเปลี่ยนแปลงมีผลบังคับใช้:"
885
886
#: serverguide/C/windows-networking.xml:571(para)
887
msgid ""
888
"For the <emphasis>read list</emphasis> and <emphasis>write list</emphasis> "
889
"to work the Samba security mode must <emphasis>not</emphasis> be set to "
890
"<emphasis role=\"italic\">security = share</emphasis>"
891
msgstr ""
892
"การตั้งค่า <emphasis>read list</emphasis> และ <emphasis>write "
893
"list</emphasis> นั้นจะมีผลก็ต่อเมื่อโหมดรักษาความปลอดภัยของแซมบ้า<emphasis>ไม"
894
"่ใช่</emphasis> <emphasis role=\"italic\">security = share</emphasis> "
895
"เท่านั้น"
896
897
#: serverguide/C/windows-networking.xml:577(para)
898
msgid ""
899
"Now that Samba has been configured to limit which groups have access to the "
900
"shared directory, the filesystem permissions need to be updated."
901
msgstr ""
902
"หลังจากคุณตั้งค่าสิทธิ์ต่างๆในแซมบ้าแล้ว "
903
"คุณต้องไปแก้ไขสิทธิ์ในระบบไฟล์ของอูบุนตูด้วย"
904
905
#: serverguide/C/windows-networking.xml:582(para)
906
msgid ""
907
"Traditional Linux file permissions do not map well to Windows NT Access "
908
"Control Lists (ACLs). Fortunately POSIX ACLs are available on Ubuntu servers "
909
"providing more fine grained control. For example, to enable ACLs on "
910
"<filename>/srv</filename> an EXT3 filesystem, edit "
911
"<filename>/etc/fstab</filename> adding the <emphasis>acl</emphasis> option:"
912
msgstr ""
913
"สิทธิ์ของไฟล์ในลีนุกซ์นั้นไม่คล้ายกับสิทธิ์แบบ Access Control Lists (ACLs) "
914
"ของวินโดว์ซักเท่าไรนัก แต่โชคดีที่อูบุนตูเซิร์ฟเวอร์ก็มี POSIX ACLs "
915
"ซึ่งเพิ่มความสามารถในการปรับตั้งค่าสิทธิ์แบบละเอียดขึ้น ยกตัวอย่างเช่น "
916
"ถ้าคุณต้องการใช้งาน ACLs กับ <filename>/srv</filename> ซึ่งเป็นระบบไฟล์แบบ "
917
"EXT3 ให้เพิ่มตัวเลือก <emphasis>acl</emphasis> ในไฟล์ "
918
"<filename>/etc/fstab</filename> ดังนี้:"
919
920
#: serverguide/C/windows-networking.xml:589(programlisting)
921
#, no-wrap
922
msgid ""
923
"\n"
924
"UUID=66bcdd2e-8861-4fb0-b7e4-e61c569fe17d /srv ext3 noatime,relatime,acl "
925
"0 1\n"
926
msgstr ""
927
"\n"
928
"UUID=66bcdd2e-8861-4fb0-b7e4-e61c569fe17d /srv ext3 noatime,relatime,acl "
929
"0 1\n"
930
931
#: serverguide/C/windows-networking.xml:593(para)
932
msgid "Then remount the partition:"
933
msgstr "จากนั้นก็ mount พาร์ติชั่นใหม่โดยพิมพ์คำสั่ง:"
934
935
#: serverguide/C/windows-networking.xml:598(command)
936
msgid "sudo mount -v -o remount /srv"
937
msgstr "sudo mount -v -o remount /srv"
938
939
#: serverguide/C/windows-networking.xml:602(para)
940
msgid ""
941
"The above example assumes <filename>/srv</filename> on a separate partition. "
942
"If <filename>/srv</filename>, or wherever you have configured your share "
943
"path, is part of the <filename>/</filename> partition a reboot may be "
944
"required."
945
msgstr ""
946
"ตัวอย่างด้านบนนั้นสมมุติว่า <filename>/srv</filename> "
947
"อยู่บนพาร์ติชั่นอีกพาร์ติชั่นนึง ถ้า <filename>/srv</filename> "
948
"หรือที่ใดก็ตามที่คุณใช้เป็นแชร์เป็นส่วนหนึ่งของพาร์ติชั่น "
949
"<filename>/</filename> คุณอาจจะต้องบูตเครื่องของคุณหลังแก้ไขค่า"
950
951
#: serverguide/C/windows-networking.xml:609(para)
952
msgid ""
953
"To match the Samba configuration above the <emphasis>sysadmin</emphasis> "
954
"group will be given read, write, and execute permissions to "
955
"<filename>/srv/samba/share</filename>, the <emphasis>qa</emphasis> group "
956
"will be given read and execute permissions, and the files will be owned by "
957
"the username <emphasis>melissa</emphasis>. Enter the following in a terminal:"
958
msgstr ""
959
"เพื่อให้สิทธิ์ของไฟล์ตรงกับสิทธิ์ของแชร์ที่เราได้ตั้งค่าไว้ด้านบน "
960
"เราจะให้สิทธิ์การอ่าน เขียน และรันโปรแกรมใน "
961
"<filename>/srv/samba/share</filename> กับกลุ่มผู้ใช้ "
962
"<emphasis>sysadmin</emphasis> และให้เฉพาะสิทธิ์อ่านและรันโปรแกรมกับกลุ่ม "
963
"<emphasis>qa</emphasis> และผู้ใช้ชื่อ <emphasis>melissa</emphasis> "
964
"จะเป็นเจ้าของไฟล์ทั้งหมดที่อยู่ในแชร์นี้ ให้พิมพ์คำสั่งดังนี้:"
965
966
#: serverguide/C/windows-networking.xml:617(command)
967
msgid "sudo chown -R melissa /srv/samba/share/"
968
msgstr "sudo chown -R melissa /srv/samba/share/"
969
970
#: serverguide/C/windows-networking.xml:618(command)
971
msgid "sudo chgrp -R sysadmin /srv/samba/share/"
972
msgstr "sudo chgrp -R sysadmin /srv/samba/share/"
973
974
#: serverguide/C/windows-networking.xml:619(command)
975
msgid "sudo setfacl -R -m g:qa:rx /srv/samba/share/"
976
msgstr "sudo setfacl -R -m g:qa:rx /srv/samba/share/"
977
978
#: serverguide/C/windows-networking.xml:623(para)
979
msgid ""
980
"The <application>setfacl</application> command above gives "
981
"<emphasis>execute</emphasis> permissions to all files in the "
982
"<filename>/srv/samba/share</filename> directory, which you may or may not "
983
"want."
984
msgstr ""
985
"คำสั่ง <application>setfacl</application> ด้านบนนั้นให้สิทธิ์ "
986
"<emphasis>execute</emphasis> (สิทธิ์ในการรันโปรแกรมจากไฟล์) "
987
"กับทุกไฟล์ในแฟ้มข้อมูล <filename>/srv/samba/share</filename> "
988
"ซึ่งอาจเป็นสิ่งที่คุณต้องการหรือไม่ต้องการ"
989
990
#: serverguide/C/windows-networking.xml:629(para)
991
msgid ""
992
"Now from a Windows client you should notice the new file permissions are "
993
"implemented. See the <application>acl</application> and "
994
"<application>setfacl</application> man pages for more information on POSIX "
995
"ACLs."
996
msgstr ""
997
"ตอนนี้ถ้าคุณลองใช้งานแชร์จากเครื่องลูกข่ายวินโดว์คุณจะสั่งเกตุเห็นว่าสิทธิ์ให"
998
"ม่ได้มีผลบังคับใช้แล้ว ถ้าคุณต้องการข้อมูลเพิ่มเติมเกี่ยวกับ POSIX ACLs "
999
"กรุณาอ่านคู่มือ (man pages) ของ <application>acl</application> และ "
1000
"<application>setfacl</application>"
1001
1002
#: serverguide/C/windows-networking.xml:637(title)
1003
msgid "Samba AppArmor Profile"
1004
msgstr "โปรไฟล์ AppArmor ของแซมบ้า"
1005
1006
#: serverguide/C/windows-networking.xml:639(para)
1007
msgid ""
1008
"Ubuntu comes with the <application>AppArmor</application> security module, "
1009
"which provides mandatory access controls. The default AppArmor profile for "
1010
"Samba will need to be adapted to your configuration. For more details on "
1011
"using AppArmor see <xref linkend=\"apparmor\"/>."
1012
msgstr ""
1013
"อูบุนตูมาพร้อมกับโมดูลรักษาความปลอดภัยที่เรียกว่า "
1014
"<application>AppArmor</application> "
1015
"ซึ่งบังคับให้มีการกำหนดขอบเขตและสิทธิ์ที่โปรแกรมต่างๆสามารถมีได้ "
1016
"คุณสามารถปรับแต่งโปรไฟล์ AppArmor "
1017
"ของอูบุนตูที่มาพร้อมกับตอนติดตั้งให้เหมาะกับความต้องการของคุณได้ "
1018
"สำหรับรายละเอียดเพิ่มเติมกรุณาดู <xref linkend=\"apparmor\"/>"
1019
1020
#: serverguide/C/windows-networking.xml:645(para)
1021
msgid ""
1022
"There are default AppArmor profiles for <filename>/usr/sbin/smbd</filename> "
1023
"and <filename>/usr/sbin/nmbd</filename>, the Samba daemon binaries, as part "
1024
"of the <application>apparmor-profiles</application> packages. To install the "
1025
"package, from a terminal prompt enter:"
1026
msgstr ""
1027
"แพคเกจ <application>apparmor-profiles</application> จะทำการสร้างโปรไฟล์ "
1028
"AppArmor สำหรับโปรแกรมของแซมบ้าสองตัวคือ <filename>/usr/sbin/smbd</filename> "
1029
"และ <filename>/usr/sbin/nmbd</filename> "
1030
"ซึ่งเป็นโปรแกรมแซมบ้าที่ทำงานอยู่เบื้องหลัง (daemon) "
1031
"คุณสามารถติดตั้งแพคเกจนี้ได้โดยพิมพ์คำสั่ง:"
1032
1033
#: serverguide/C/windows-networking.xml:652(command) serverguide/C/security.xml:925(command)
1034
msgid "sudo apt-get install apparmor-profiles"
1035
msgstr "sudo apt-get install apparmor-profiles"
1036
1037
#: serverguide/C/windows-networking.xml:656(para)
1038
msgid "This package contains profiles for several other binaries."
1039
msgstr "แพคเกจนี้ยังมีโปรไฟล์สำหรับโปรแกรมอื่นๆอีกด้วย"
1040
1041
#: serverguide/C/windows-networking.xml:661(para)
1042
msgid ""
1043
"By default the profiles for <application>smbd</application> and "
1044
"<application>nmbd</application> are in <emphasis>complain</emphasis> mode "
1045
"allowing Samba to work without modifying the profile, and only logging "
1046
"errors. To place the <application>smbd</application> profile into "
1047
"<emphasis>enforce</emphasis> mode, and have Samba work as expected, the "
1048
"profile will need to be modified to reflect any directories that are shared."
1049
msgstr ""
1050
"ค่าเริ่มต้นของโปรไฟล์สำหรับ <application>smbd</application> และ "
1051
"<application>nmbd</application> จะอยู่ในโหมด <emphasis>complain</emphasis> "
1052
"ซึ่งอนุญาติให้แซมบ้าทำงานโดยห้ามแก้ไขโปรไฟล์และจะเก็บบันทึกของข้อผิดพลาดต่างๆ"
1053
"ที่เกิดขึ้นเท่านั้น ถ้าคุณต้องการให้โปรไฟล์สำหรับ "
1054
"<application>smbd</application> อยู่ในโหมด <emphasis>enforce</emphasis> "
1055
"คุณจะต้องแก้ไขโปรไฟล์และระบุแฟ้มข้อมูลใดๆก็ตามที่ถูกแชร์เพื่อให้แซมบ้าทำงานได"
1056
"้เป็นปกติ"
1057
1058
#: serverguide/C/windows-networking.xml:668(para)
1059
msgid ""
1060
"Edit <filename>/etc/apparmor.d/usr.sbin.smbd</filename> adding information "
1061
"for <emphasis>[share]</emphasis> from the file server example:"
1062
msgstr ""
1063
"แก้ไขไฟล์ <filename>/etc/apparmor.d/usr.sbin.smbd</filename> "
1064
"และเพิ่มข้อมูลเกี่ยวกับ <emphasis>[share]</emphasis> (จากตัวอย่างด้านบน):"
1065
1066
#: serverguide/C/windows-networking.xml:673(programlisting)
1067
#, no-wrap
1068
msgid ""
1069
"\n"
1070
" /srv/samba/share/ r,\n"
1071
" /srv/samba/share/** rwkix,\n"
1072
msgstr ""
1073
"\n"
1074
" /srv/samba/share/ r,\n"
1075
" /srv/samba/share/** rwkix,\n"
1076
1077
#: serverguide/C/windows-networking.xml:678(para)
1078
msgid ""
1079
"Now place the profile into <emphasis>enforce</emphasis> and reload it:"
1080
msgstr ""
1081
"จากนั้นคุณต้องโหลดโปรไฟล์ใหม่ในโหมด <emphasis>enforce</emphasis> "
1082
"โดยพิมพ์คำสั่ง:"
1083
1084
#: serverguide/C/windows-networking.xml:683(command)
1085
msgid "sudo aa-enforce /usr/sbin/smbd"
1086
msgstr "sudo aa-enforce /usr/sbin/smbd"
1087
1088
#: serverguide/C/windows-networking.xml:684(command)
1089
msgid "cat /etc/apparmor.d/usr.sbin.smbd | sudo apparmor_parser -r"
1090
msgstr "cat /etc/apparmor.d/usr.sbin.smbd | sudo apparmor_parser -r"
1091
1092
#: serverguide/C/windows-networking.xml:687(para)
1093
msgid ""
1094
"You should now be able to read, write, and execute files in the shared "
1095
"directory as normal, and the <application>smbd</application> binary will "
1096
"have access to only the configured files and directories. Be sure to add "
1097
"entries for each directory you configure Samba to share. Also, any errors "
1098
"will be logged to <filename>/var/log/syslog</filename>."
1099
msgstr ""
1100
1101
#: serverguide/C/windows-networking.xml:712(para) serverguide/C/windows-networking.xml:1082(para)
1102
msgid ""
1103
"O'Reilly's <ulink "
1104
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is "
1105
"also a good reference."
1106
msgstr ""
1107
"หนังสือ <ulink url=\"http://www.oreilly.com/catalog/9780596007690/\">Using "
1108
"Samba</ulink> จากสำนักพิพม์ O'Reilly ก็เป็นแหล่งอ้างอิงที่ดี"
1109
1110
#: serverguide/C/windows-networking.xml:718(para)
1111
msgid ""
1112
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/securing-"
1113
"samba.html\">Chapter 18</ulink> of the Samba HOWTO Collection is devoted to "
1114
"security."
1115
msgstr ""
1116
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/securing-"
1117
"samba.html\">บทที่ 18</ulink> ของ Samba HOWTO Collection "
1118
"ทั้งบทอธิบายเกี่ยวกับการรักษาความปลอดภัย"
1119
1120
#: serverguide/C/windows-networking.xml:724(para)
1121
msgid ""
1122
"For more information on Samba and ACLs see the <ulink "
1123
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
1124
"Collection/AccessControls.html#id397568\">Samba ACLs page </ulink>."
1125
msgstr ""
1126
"สำหรับข้อมูลเพิ่มเติมเกี่ยวกับแซมบ้าและ ACLs กรุณาอ่าน <ulink "
1127
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
1128
"Collection/AccessControls.html#id397568\">หน้า ACLs ของแซมบ้า </ulink>."
1129
1130
#: serverguide/C/windows-networking.xml:740(title)
1131
msgid "Samba as a Domain Controller"
1132
msgstr "การใช้แซมบ้าเป็นเครื่องควบคุมโดเมน (Domain Controller)"
1133
1134
#: serverguide/C/windows-networking.xml:742(para)
1135
msgid ""
1136
"Although it cannot act as an Active Directory Primary Domain Controller "
1137
"(PDC), a Samba server can be configured to appear as a Windows NT4-style "
1138
"domain controller. A major advantage of this configuration is the ability to "
1139
"centralize user and machine credentials. Samba can also use multiple "
1140
"backends to store the user information."
1141
msgstr ""
1142
"ถึงแม้ว่าแซมบ้าไม่สามารถทำงานได้เหมือนกับเครื่องควบคุมโดเมนหลัก (Primary "
1143
"Domain Controller หรือ PDC) ใน Active Directory "
1144
"แต่แซมบ้าก็สามารถทำงานเสมือนเครื่องควบคุมโดเมนแบบวินโดว์ NT4 ได้ "
1145
"โดยประโยชน์หลักของการทำแบบนี้คือการมีที่เดียวที่เป็นศูนย์กลางในการจัดการบัญชี"
1146
"ผู้ใช้และเครื่องคอมพิวเตอร์ในเครือขาย "
1147
"นอกจากนั้นแซมบ้าสามารถใช้ฐานเก็บข้อมูลผู้ใช้ได้หลายแบบอีกด้วย"
1148
1149
#: serverguide/C/windows-networking.xml:749(title)
1150
msgid "Primary Domain Controller"
1151
msgstr "เครื่องควบคุมโดเมนหลัก"
1152
1153
#: serverguide/C/windows-networking.xml:751(para)
1154
msgid ""
1155
"This section covers configuring Samba as a Primary Domain Controller (PDC) "
1156
"using the default smbpasswd backend."
1157
msgstr ""
1158
"ในส่วนนี้จะอธิบายวิธีการตั้งค่าแซมบ้าเป็นเครื่องควบคุมโดเมนหลักหรือ Primary "
1159
"Domain Controller (PDC) โดยใช้ฐานข้อมูลแบบ smbpasswd "
1160
"ที่เป็นแบบเริ่มต้นของแซมบ้า"
1161
1162
#: serverguide/C/windows-networking.xml:758(para)
1163
msgid ""
1164
"First, install Samba, and <application>libpam-smbpass</application> to sync "
1165
"the user accounts, by entering the following in a terminal prompt:"
1166
msgstr ""
1167
"ก่อนอื่นคุณต้องติดตั้งแซมบ้าและ <application>libpam-smbpass</application> "
1168
"เพื่อทำให้ข้อมูลผู้ใช้ของแซมบ้าและระบบตรงกันโดยพิมพ์คำสั่งดังนี้:"
1169
1170
#: serverguide/C/windows-networking.xml:764(command) serverguide/C/windows-networking.xml:980(command)
1171
msgid "sudo apt-get install samba libpam-smbpass"
1172
msgstr "sudo apt-get install samba libpam-smbpass"
1173
1174
#: serverguide/C/windows-networking.xml:770(para)
1175
msgid ""
1176
"Next, configure Samba by editing <filename>/etc/samba/smb.conf</filename>. "
1177
"The <emphasis>security</emphasis> mode should be set to <emphasis "
1178
"role=\"italic\">user</emphasis>, and the <emphasis>workgroup</emphasis> "
1179
"should relate to your organization:"
1180
msgstr ""
1181
"จากนั้นให้แก้ไขไฟล์ <filename>/etc/samba/smb.conf</filename> โดยเปลี่ยนโหมด "
1182
"<emphasis>security</emphasis> เป็น <emphasis role=\"italic\">user</emphasis> "
1183
" และเปลี่ยนชื่อ <emphasis>workgroup</emphasis> เป็นชื่อขององค์กรของคุณ:"
1184
1185
#: serverguide/C/windows-networking.xml:785(para)
1186
msgid ""
1187
"In the commented <quote>Domains</quote> section add or uncomment the "
1188
"following:"
1189
msgstr ""
1190
"ในส่วนของ <quote>Domains</quote> "
1191
"ที่ถูกคอมเม้นต์ไว้ในไฟล์ให้เพิ่มบรรทัดเหล่านี้ "
1192
"หรือจุเอาคอมเม้นต์ของบรรทัดเหล่านี้ออกก็ได้:"
1193
1194
#: serverguide/C/windows-networking.xml:789(programlisting)
1195
#, no-wrap
1196
msgid ""
1197
"\n"
1198
" domain logons = yes\n"
1199
" logon path = \\\\%N\\%U\\profile\n"
1200
" logon drive = H:\n"
1201
" logon home = \\\\%N\\%U\n"
1202
" logon script = logon.cmd\n"
1203
" add machine script = sudo /usr/sbin/useradd -N -g machines -c Machine -d "
1204
"/var/lib/samba -s /bin/false %u\n"
1205
msgstr ""
1206
1207
#: serverguide/C/windows-networking.xml:800(para)
1208
msgid ""
1209
"<emphasis>domain logons:</emphasis> provides the netlogon service causing "
1210
"Samba to act as a domain controller."
1211
msgstr ""
1212
"<emphasis>domain logons:</emphasis> ให้บริการ netlogon "
1213
"ซึ่งทำให้แซมบ้าทำงานเป็นเครื่องควบคุมหลักของโดเมน"
1214
1215
#: serverguide/C/windows-networking.xml:805(para)
1216
msgid ""
1217
"<emphasis>logon path:</emphasis> places the user's Windows profile into "
1218
"their home directory. It is also possible to configure a "
1219
"<emphasis>[profiles]</emphasis> share placing all profiles under a single "
1220
"directory."
1221
msgstr ""
1222
"<emphasis>logon path:</emphasis> "
1223
"เก็บโปรไฟล์ของผู้ใช้ในวินโดว์ไว้ในแฟ้มข้อมูลของผู้ใช้บนอูบุนตู (home "
1224
"directory) คุณสามารถแก้ไข <emphasis>[profiles]</emphasis> "
1225
"เพื่อให้ทุกโปรไฟล์อยู่ในแฟ้มข้อมูลเดียวกันได้"
1226
1227
#: serverguide/C/windows-networking.xml:811(para)
1228
msgid ""
1229
"<emphasis>logon drive:</emphasis> specifies the home directory local path."
1230
msgstr ""
1231
"<emphasis>logon drive:</emphasis> "
1232
"ระบุชื่อไดรฟ์ในวินโดว์ที่ชี้ไปหาแฟ้มข้อมูลของผู้ใช้บนอูบุนตู"
1233
1234
#: serverguide/C/windows-networking.xml:816(para)
1235
msgid ""
1236
"<emphasis>logon home:</emphasis> specifies the home directory location."
1237
msgstr ""
1238
"<emphasis>logon home:</emphasis> ระบุตำแหน่งของแฟ้มข้อมูลผู้ใช้บนอูบุนตู"
1239
1240
#: serverguide/C/windows-networking.xml:821(para)
1241
msgid ""
1242
"<emphasis>logon script:</emphasis> determines the script to be run locally "
1243
"once a user has logged in. The script needs to be placed in the "
1244
"<emphasis>[netlogon]</emphasis> share."
1245
msgstr ""
1246
"<emphasis>logon script:</emphasis> "
1247
"ระบุสคริปต์ที่ทำงานที่เครื่องวินโดว์หลังจากผู้ใช้ได้ลงชื่อเข้าใช้ระบบ "
1248
"โดยสคริปต์นี้จะต้องอยู่ในแชร์ชื่อ <emphasis>[netlogon]</emphasis>"
1249
1250
#: serverguide/C/windows-networking.xml:827(para)
1251
msgid ""
1252
"<emphasis>add machine script:</emphasis> a script that will automatically "
1253
"create the <emphasis>Machine Trust Account</emphasis> needed for a "
1254
"workstation to join the domain."
1255
msgstr ""
1256
"<emphasis>add machine script:</emphasis> "
1257
"สคริปต์เพื่อสร้างบัญชีเครื่องคอมพิวเตอร์ลูกข่ายหรือ <emphasis>Machine Trust "
1258
"Account</emphasis> "
1259
"ที่จะต้องมีเพื่อให้เครื่องลูกข่ายเข้าร่วมกับโดเมนได้โดยอัตโนมัติ"
1260
1261
#: serverguide/C/windows-networking.xml:831(para)
1262
msgid ""
1263
"In this example the <emphasis>machines</emphasis> group will need to be "
1264
"created using the <application>addgroup</application> utility see <xref "
1265
"linkend=\"adding-deleting-users\"/> for details."
1266
msgstr ""
1267
"ในตัวอยางนี้กลุ่มชื่อ <emphasis>machines</emphasis> "
1268
"จะถูกสร้างโดยใช้เครื่องมือชื่อ <application>addgroup</application> กรุณาดู "
1269
"<xref linkend=\"adding-deleting-users\"/> "
1270
"สำหรับรายละเอียดเพิ่มเติมในการเพิ่มและลบผู้ใช้"
1271
1272
#: serverguide/C/windows-networking.xml:839(para)
1273
msgid ""
1274
"If you wish to not use <emphasis>Roaming Profiles</emphasis> leave the "
1275
"<emphasis>logon home</emphasis> and <emphasis>logon path</emphasis> options "
1276
"commented."
1277
msgstr ""
1278
"ถ้าคุณไม่ต้องการจะใช้โปรไฟล์สัญจร (<emphasis>Roaming Profiles</emphasis>) "
1279
"ให้คอมเม้นต์ค่า <emphasis>logon home</emphasis> และ <emphasis>logon "
1280
"path</emphasis> เอาไว้"
1281
1282
#: serverguide/C/windows-networking.xml:848(para)
1283
msgid ""
1284
"Uncomment the <emphasis>[homes]</emphasis> share to allow the <emphasis "
1285
"role=\"italic\">logon home</emphasis> to be mapped:"
1286
msgstr ""
1287
"ให้เอาคอมเม้นต์ของแชร์ชื่อ <emphasis>[homes]</emphasis> "
1288
"ออกเพื่ออนุญาติให้วินโดว์สามารถ map <emphasis role=\"italic\">logon "
1289
"home</emphasis> ได้"
1290
1291
#: serverguide/C/windows-networking.xml:853(programlisting)
1292
#, no-wrap
1293
msgid ""
1294
"\n"
1295
"[homes]\n"
1296
" comment = Home Directories\n"
1297
" browseable = no\n"
1298
" read only = no\n"
1299
" create mask = 0700\n"
1300
" directory mask = 0700\n"
1301
" valid users = %S\n"
1302
msgstr ""
1303
"\n"
1304
"[homes]\n"
1305
" comment = Home Directories\n"
1306
" browseable = no\n"
1307
" read only = no\n"
1308
" create mask = 0700\n"
1309
" directory mask = 0700\n"
1310
" valid users = %S\n"
1311
1312
#: serverguide/C/windows-networking.xml:866(para)
1313
msgid ""
1314
"When configured as a domain controller a <emphasis>[netlogon]</emphasis> "
1315
"share needs to be configured. To enable the share, uncomment:"
1316
msgstr ""
1317
"เมื่อคุณตั้งค่าแซมบ้าเป็นเครื่องควบคุมหลักของโดเมน คุณจะต้องสร้างแชร์ชื่อ "
1318
"<emphasis>[netlogon]</emphasis> "
1319
"โดยให้เอาคอมเม้นต์ของบรรทัดนี้ออกเพื่อให้แชร์ทำงานได้:"
1320
1321
#: serverguide/C/windows-networking.xml:871(programlisting)
1322
#, no-wrap
1323
msgid ""
1324
"\n"
1325
"[netlogon]\n"
1326
" comment = Network Logon Service\n"
1327
" path = /srv/samba/netlogon\n"
1328
" guest ok = yes\n"
1329
" read only = yes\n"
1330
" share modes = no\n"
1331
msgstr ""
1332
"\n"
1333
"[netlogon]\n"
1334
" comment = Network Logon Service\n"
1335
" path = /srv/samba/netlogon\n"
1336
" guest ok = yes\n"
1337
" read only = yes\n"
1338
" share modes = no\n"
1339
1340
#: serverguide/C/windows-networking.xml:881(para)
1341
msgid ""
1342
"The original <emphasis>netlogon</emphasis> share path is "
1343
"<filename>/home/samba/netlogon</filename>, but according to the Filesystem "
1344
"Hierarchy Standard (FHS), <ulink url=\"http://www.pathname.com/fhs/pub/fhs-"
1345
"2.3.html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM\">/srv</ulink> is the correct "
1346
"location for site-specific data provided by the system."
1347
msgstr ""
1348
"แซมบ้าตั้งค่าของแชร์ <emphasis>netlogon</emphasis> ไปที่ "
1349
"<filename>/home/samba/netlogon</filename> โดยอัตโนมัติ "
1350
"แต่ถ้าคุณจะอ้างอิงตาม Filesystem Hierarchy Standard (FHS) "
1351
"ให้เปลี่ยนการตั้งค่าให้ชี้ไปที่ <ulink "
1352
"url=\"http://www.pathname.com/fhs/pub/fhs-"
1353
"2.3.html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM\">/srv</ulink> แทน"
1354
1355
#: serverguide/C/windows-networking.xml:892(para)
1356
msgid ""
1357
"Now create the <filename role=\"directory\">netlogon</filename> directory, "
1358
"and an empty (for now) <filename>logon.cmd</filename> script file:"
1359
msgstr ""
1360
"จากนั้นให้สร้างแฟ้มข้อมูลสำหรับ <filename "
1361
"role=\"directory\">netlogon</filename> และไฟล์ว่างๆที่ยังไม่มีเนื้อหา "
1362
"(สำหรับตอนนี้) ชื่อ <filename>logon.cmd</filename> :"
1363
1364
#: serverguide/C/windows-networking.xml:898(command)
1365
msgid "sudo mkdir -p /srv/samba/netlogon"
1366
msgstr "sudo mkdir -p /srv/samba/netlogon"
1367
1368
#: serverguide/C/windows-networking.xml:899(command)
1369
msgid "sudo touch /srv/samba/netlogon/logon.cmd"
1370
msgstr "sudo touch /srv/samba/netlogon/logon.cmd"
1371
1372
#: serverguide/C/windows-networking.xml:902(para)
1373
msgid ""
1374
"You can enter any normal Windows logon script commands in "
1375
"<filename>logon.cmd</filename> to customize the client's environment."
1376
msgstr ""
1377
"คุณสามารถใส่คำสั่งของวินโดว์ที่จะทำงานเมื่อผู้ใช้เข้าใช้ระบบในไฟล์ "
1378
"<filename>logon.cmd</filename> "
1379
"นี้เพื่อปรับค่าของเครื่องลูกข่ายตามที่คุณต้องการ"
1380
1381
#: serverguide/C/windows-networking.xml:910(para)
1382
msgid ""
1383
"With <emphasis>root</emphasis> being disabled by default, in order to join a "
1384
"workstation to the domain, a system group needs to be mapped to the Windows "
1385
"<emphasis>Domain Admins</emphasis> group. Using the "
1386
"<application>net</application> utility, from a terminal enter:"
1387
msgstr ""
1388
"เนื่องจากว่าผู้ใช้ <emphasis>root</emphasis> "
1389
"นั้นถูกป้องกันไม่ให้ถูกใช้งานโดยอัตโนมัติ "
1390
"คุณจะต้องสร้างความสัมพันธ์ระหว่างกลุ่มของผู้ดูแลโดเมนในอูบุนตูกับกลุ่มของผู้ด"
1391
"ูแลโดเมนในวินโดว์ (<emphasis>Domain Admins</emphasis>) โดยใช้คำสั่ง "
1392
"<application>net</application> ดังนี้:"
1393
1394
#: serverguide/C/windows-networking.xml:917(command)
1395
msgid ""
1396
"sudo net groupmap add ntgroup=\"Domain Admins\" unixgroup=sysadmin rid=512 "
1397
"type=d"
1398
msgstr ""
1399
"sudo net groupmap add ntgroup=\"Domain Admins\" unixgroup=sysadmin rid=512 "
1400
"type=d"
1401
1402
#: serverguide/C/windows-networking.xml:921(para)
1403
msgid ""
1404
"Change <emphasis role=\"italic\">sysadmin</emphasis> to whichever group you "
1405
"prefer. Also, the user used to join the domain needs to be a member of the "
1406
"<emphasis>sysadmin</emphasis> group, as well as a member of the system "
1407
"<emphasis>admin</emphasis> group. The <emphasis>admin</emphasis> group "
1408
"allows <application>sudo</application> use."
1409
msgstr ""
1410
"เปลี่ยนชื่อกลุ่มจาก <emphasis "
1411
"role=\"italic\">sysadmin</emphasis>เป็นชื่อที่คุณต้องการ "
1412
"ผู้ใช้ที่คุณใช้เมื่อทำให้เครื่องลูกข่ายเข้าร่วมกับโดเมนนั้นจะต้องเป็นผู้ใช้ที"
1413
"่อยู่ในกลุ่ม <emphasis>sysadmin</emphasis> และกลุ่ม "
1414
"<emphasis>admin</emphasis> เพราะว่ากลุ่ม <emphasis>admin</emphasis> "
1415
"อนุญาติให้ใช้โปรแกรม <application>sudo</application> ได้"
1416
1417
#: serverguide/C/windows-networking.xml:932(para)
1418
msgid "Finally, restart Samba to enable the new domain controller:"
1419
msgstr ""
1420
"จากนั้นให้เริ่มโปรแกรมแซมบ้าใหม่เพื่อให้แซมบ้าทำงานเป็นเครื่องควบคุมหลักของโด"
1421
"เมน"
1422
1423
#: serverguide/C/windows-networking.xml:943(para)
1424
msgid ""
1425
"You should now be able to join Windows clients to the Domain in the same "
1426
"manner as joining them to an NT4 domain running on a Windows server."
1427
msgstr ""
1428
"หลังจากเริ่มโปรแกรมแซมบ้า "
1429
"คุณน่าจะสามารถให้เครื่องลูกข่ายวินโดว์เข้าร่วมโดเมนเหมือนๆกับที่คุณทำในโดเมน "
1430
"NT4 ได้แล้ว"
1431
1432
#: serverguide/C/windows-networking.xml:953(title)
1433
msgid "Backup Domain Controller"
1434
msgstr "เครื่องควบคุมโดเมนสำรอง (Backup Domain Controller)"
1435
1436
#: serverguide/C/windows-networking.xml:955(para)
1437
msgid ""
1438
"With a Primary Domain Controller (PDC) on the network it is best to have a "
1439
"Backup Domain Controller (BDC) as well. This will allow clients to "
1440
"authenticate in case the PDC becomes unavailable."
1441
msgstr ""
1442
"เราแนะนำให้คุณติดตั้งเครื่องควบคุมโดเมนสำรองหรือ Backup Domain Controller "
1443
"(BDC) เพิ่มกรณีที่คุณมีเครื่องควบคุมโดเมนหลัก (PDC) อยู่ในเครือข่าย "
1444
"เนื่องจากว่าเครื่องลูกข่ายยังจะสามารถลงชื่อเข้าใช้เครือข่ายได้ถึงแม้ว่าเครื่อ"
1445
"งควบคุมโดเมนหลักจะเสียไม่สามารถให้บริการได้"
1446
1447
#: serverguide/C/windows-networking.xml:960(para)
1448
msgid ""
1449
"When configuring Samba as a BDC you need a way to sync account information "
1450
"with the PDC. There are multiple ways of accomplishing this "
1451
"<application>scp</application>, <application>rsync</application>, or by "
1452
"using <application>LDAP</application> as the <emphasis>passdb "
1453
"backend</emphasis>."
1454
msgstr ""
1455
"สำหรับการตั้งค่าแซมบ้าเป็น BDC "
1456
"นั้นคุณจะต้องมีวิธีที่จะคัดลอกข้อมูลเกี่ยวกับบัญชีต่างๆระหว่าง PDC และ BDC "
1457
"ซึ่งคุณสามารถทำได้หลายวิธีเช่นใช้ <application>scp</application>, "
1458
"<application>rsync</application> หรือจะใช้ <application>LDAP</application> "
1459
"เป็น <emphasis>passdb backend</emphasis> ก็ได้"
1460
1461
#: serverguide/C/windows-networking.xml:966(para)
1462
msgid ""
1463
"Using LDAP is the most robust way to sync account information, because both "
1464
"domain controllers can use the same information in real time. However, "
1465
"setting up a LDAP server may be overly complicated for a small number of "
1466
"user and computer accounts. See <xref linkend=\"samba-ldap\"/> for details."
1467
msgstr ""
1468
"การใช้ LDAP "
1469
"เป็นวิธีที่ดีที่สุดในการคัดลอกข้อมูลบัญชีเนื่องจากว่าข้อมูลในเครื่องควบคุมโดเ"
1470
"มนทั้งสองจะถ่ายโอนข้อมูลระหว่างกันทันทีเมื่อมีการเปลี่ยนแปลง "
1471
"แต่ว่าการติดตั้งเซิร์ฟเวอร์ LDAP "
1472
"ก็เป็นอะไรที่อาจจะซับซ้อนเกินความจำเป็นสำหรับเครือข่ายที่มีจำนวนผู้ใช้และเครื"
1473
"่องคอมพิวเตอร์ไม่เยอะ สำหรับรายละเอียดเพิ่มเติมกรุณาอ่าน <xref "
1474
"linkend=\"samba-ldap\"/>"
1475
1476
#: serverguide/C/windows-networking.xml:975(para)
1477
msgid ""
1478
"First, install <application>samba</application> and <application>libpam-"
1479
"smbpass</application>. From a terminal enter:"
1480
msgstr ""
1481
"ก่อนอื่น คุณต้องติดตั้งโปรแกรม <application>samba</application> และ "
1482
"<application>libpam-smbpass</application> โดยพิมพ์คำสั่ง:"
1483
1484
#: serverguide/C/windows-networking.xml:986(para)
1485
msgid ""
1486
"Now, edit <filename>/etc/samba/smb.conf</filename> and uncomment the "
1487
"following in the <emphasis>[global]</emphasis>:"
1488
msgstr ""
1489
"จากนั้นให้แก้ไขไฟล์ <filename>/etc/samba/smb.conf</filename> "
1490
"และเอาคอมเม้นต์ของบรรทัดเหล่านี้ในหมวด <emphasis>[global]</emphasis> ออก:"
1491
1492
#: serverguide/C/windows-networking.xml:999(para)
1493
msgid "In the commented <emphasis>Domains</emphasis> uncomment or add:"
1494
msgstr ""
1495
"ในหมวด <emphasis>Domains</emphasis> ที่ถูกคอมเม้นต์อยู่ ให้เอาคอมเม้นต์ออก "
1496
"หรือจะเพิ่มบรรทัดเหล่านี้ก็ได้:"
1497
1498
#: serverguide/C/windows-networking.xml:1003(programlisting)
1499
#, no-wrap
1500
msgid ""
1501
"\n"
1502
" domain logons = yes\n"
1503
" domain master = no\n"
1504
msgstr ""
1505
"\n"
1506
" domain logons = yes\n"
1507
" domain master = no\n"
1508
1509
#: serverguide/C/windows-networking.xml:1011(para)
1510
msgid ""
1511
"Make sure a user has rights to read the files in "
1512
"<filename>/var/lib/samba</filename>. For example, to allow users in the "
1513
"<emphasis>admin</emphasis> group to <application>scp</application> the "
1514
"files, enter:"
1515
msgstr ""
1516
"อย่าลืมตรวจสอบให้แน่ใจว่าผู้ใช้มีสิทธิ์ในการอ่านไฟล์ใน "
1517
"<filename>/var/lib/samba</filename> ด้วย ยกตัวอย่างเช่น "
1518
"ถ้าคุณต้องการอนุญาติให้ผู้ใช้ในกลุ่ม <emphasis>admin</emphasis> ใช้โปรแกรม "
1519
"<application>scp</application> กับไฟล์ได้ ให้พิมพ์คำสั่ง:"
1520
1521
#: serverguide/C/windows-networking.xml:1017(command)
1522
msgid "sudo chgrp -R admin /var/lib/samba"
1523
msgstr "sudo chgrp -R admin /var/lib/samba"
1524
1525
#: serverguide/C/windows-networking.xml:1023(para)
1526
msgid ""
1527
"Next, sync the user accounts, using <application>scp</application> to copy "
1528
"the <filename>/var/lib/samba</filename> directory from the PDC:"
1529
msgstr ""
1530
"จากนั้นให้ทำการคัดลอกบัญชีผู้ใช้โดยใช้ <application>scp</application> "
1531
"เพื่อคัดลอกแฟ้มข้อมูล <filename>/var/lib/samba</filename> "
1532
"จากเครื่องควบคุมโดเมนหลัก (PDC):"
1533
1534
#: serverguide/C/windows-networking.xml:1029(command)
1535
msgid "sudo scp -r username@pdc:/var/lib/samba /var/lib"
1536
msgstr "sudo scp -r username@pdc:/var/lib/samba /var/lib"
1537
1538
#: serverguide/C/windows-networking.xml:1033(para)
1539
msgid ""
1540
"Replace <emphasis>username</emphasis> with a valid username and "
1541
"<emphasis>pdc</emphasis> with the hostname or IP Address of your actual PDC."
1542
msgstr ""
1543
"แทนที่ <emphasis>username</emphasis> ด้วยชื่อผู้ใช้และ "
1544
"<emphasis>pdc</emphasis> ด้วยชื่อเครื่องหรือเลขที่ IP ของเครื่อง PDC ของคุณ"
1545
1546
#: serverguide/C/windows-networking.xml:1042(para)
1547
msgid "Finally, restart <application>samba</application>:"
1548
msgstr "จากนั้นให้เริ่มโปรแกรม <application>แซมบ้า</application> ใหม่"
1549
1550
#: serverguide/C/windows-networking.xml:1053(para)
1551
msgid ""
1552
"You can test that your Backup Domain controller is working by stopping the "
1553
"Samba daemon on the PDC, then trying to login to a Windows client joined to "
1554
"the domain."
1555
msgstr ""
1556
"คุณสามารถทดสอบได้ว่าเครื่องควบคุมโดเมนสำรองทำงานได้อย่างถูกต้องโดยการปิดโปรแก"
1557
"รมแซมบ้าบนเครื่องหลัก (PDC) "
1558
"จากนั้นก็ลองลงชื่อเข้าใช้จากเครื่องลูกข่ายวินโดว์ของคุณที่อยู่ในโดเมน"
1559
1560
#: serverguide/C/windows-networking.xml:1058(para)
1561
msgid ""
1562
"Another thing to keep in mind is if you have configured the <emphasis>logon "
1563
"home</emphasis> option as a directory on the PDC, and the PDC becomes "
1564
"unavailable, access to the user's <emphasis>Home</emphasis> drive will also "
1565
"be unavailable. For this reason it is best to configure the <emphasis>logon "
1566
"home</emphasis> to reside on a separate file server from the PDC and BDC."
1567
msgstr ""
1568
"อีกอย่างหนึ่งที่คุณต้องคำนึงก็คือถ้าคุณได้ตั้งค่า <emphasis>logon "
1569
"home</emphasis> ที่ชี้ไปที่แฟ้มข้อมูลบนเครื่อง PDC และเครื่อง PDC "
1570
"เกิดเสียหรือไม่สามารถให้บริการได้ขึ้นมา คุณจะไม่สามารถเข้าใช้งานไดรฟ์ "
1571
"<emphasis>Home</emphasis> ของผู้ใช้ได้เช่นกัน "
1572
"ด้วยเหตุนี้เราแนะนำให้คุณเก็บแฟ้มที่เป็น <emphasis>logon home</emphasis> "
1573
"ไว้บนเครื่องที่เป็นไฟล์เซิร์ฟเวอร์อื่นที่ไม่ใช่เครื่อง PDC และ BDC"
1574
1575
#: serverguide/C/windows-networking.xml:1088(para)
1576
msgid ""
1577
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-"
1578
"pdc.html\">Chapter 4</ulink> of the Samba HOWTO Collection explains setting "
1579
"up a Primary Domain Controller."
1580
msgstr ""
1581
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-"
1582
"pdc.html\">บทที่ 4</ulink> ของ Samba HOWTO Collection "
1583
"อธิบายวิธีการติดตั้งเครื่องควบคุมโดเมนหลัก (Primary Domain Controller)"
1584
1585
#: serverguide/C/windows-networking.xml:1094(para)
1586
msgid ""
1587
"<ulink url=\"http://us3.samba.org/samba/docs/man/Samba-HOWTO-"
1588
"Collection/samba-bdc.html\">Chapter 5</ulink> of the Samba HOWTO Collection "
1589
"explains setting up a Backup Domain Controller."
1590
msgstr ""
1591
"<ulink url=\"http://us3.samba.org/samba/docs/man/Samba-HOWTO-"
1592
"Collection/samba-bdc.html\">บทที่ 5</ulink> ของ Samba HOWTO Collection "
1593
"อธิบายวิธีการติดตั้งเครื่องควบคุมโดเมนสำรอง (Backup Domain Controller)"
1594
1595
#: serverguide/C/windows-networking.xml:1109(title)
1596
msgid "Samba Active Directory Integration"
1597
msgstr "การใช้งานแซมบ้าร่วมกับ Active Directory"
1598
1599
#: serverguide/C/windows-networking.xml:1112(title)
1600
msgid "Accessing a Samba Share"
1601
msgstr "การเข้าใช้งานแชร์ของแซมบ้า"
1602
1603
#: serverguide/C/windows-networking.xml:1114(para)
1604
msgid ""
1605
"Another, use for Samba is to integrate into an existing Windows network. "
1606
"Once part of an Active Directory domain, Samba can provide file and print "
1607
"services to AD users."
1608
msgstr ""
1609
"การใช้งานแซมบ้าอีกแบบนึงก็คือการเข้าไปทำงานเป็นส่วนหนึ่งของเครือข่ายวินโดว์ที"
1610
"่มีอยู่ เมื่อแซมบ้าได้เป็นส่วนหนึ่งของโดเมน Active Directory "
1611
"แล้วแซมบ้าสามารถให้บริการแชร์ไฟล์และเครื่องพิมพ์กับผู้ใช้ในโดเมนได้"
1612
1613
#: serverguide/C/windows-networking.xml:1119(para)
1614
msgid ""
1615
"The simplest way to join an AD domain is to use <application>Likewise-"
1616
"open</application>. For detailed instructions see <xref linkend=\"likewise-"
1617
"open\"/>."
1618
msgstr ""
1619
"วิธีที่ง่ายที่สุดในการเข้าร่วมกับโดเมน AD ก็คือใช้โปรแกรม "
1620
"<application>Likewise-open</application> "
1621
"สำหรับคำแนะนำอย่างละเอียดกรุณาดูที่ <xref linkend=\"likewise-open\"/>"
1622
1623
#: serverguide/C/windows-networking.xml:1124(para)
1624
msgid ""
1625
"Once part of the domain, enter the following command in the terminal prompt:"
1626
msgstr ""
1627
1628
#: serverguide/C/windows-networking.xml:1129(command)
1629
msgid "sudo apt-get install samba smbfs smbclient"
1630
msgstr "sudo apt-get install samba smbfs smbclient"
1631
1632
#: serverguide/C/windows-networking.xml:1132(para)
1633
msgid ""
1634
"Since the <application>likewise-open</application> and "
1635
"<application>samba</application> packages use separate "
1636
"<filename>secrets.tdb</filename> files, a symlink will need to be created in "
1637
"<filename role=\"directory\">/var/lib/samba</filename>:"
1638
msgstr ""
1639
"และเนื่องจากว่าโปรแกรม <application>likewise-open</application> และโปรแกรม "
1640
"<application>แซมบ้า</application> ใช้ไฟล์ <filename>secrets.tdb</filename> "
1641
"คนละไฟล์ คุณต้องสร้าง symlink ในแฟ้มข้อมูล <filename "
1642
"role=\"directory\">/var/lib/samba</filename> โดยพิมพ์คำสั่ง:"
1643
1644
#: serverguide/C/windows-networking.xml:1138(command)
1645
msgid "sudo mv /var/lib/samba/secrets.tdb /var/lib/samba/secrets.tdb.orig"
1646
msgstr "sudo mv /var/lib/samba/secrets.tdb /var/lib/samba/secrets.tdb.orig"
1647
1648
#: serverguide/C/windows-networking.xml:1139(command)
1649
msgid "sudo ln -s /etc/samba/secrets.tdb /var/lib/samba"
1650
msgstr "sudo ln -s /etc/samba/secrets.tdb /var/lib/samba"
1651
1652
#: serverguide/C/windows-networking.xml:1142(para)
1653
msgid "Next, edit <filename>/etc/samba/smb.conf</filename> changing:"
1654
msgstr ""
1655
"จากนั้นให้แก้ไขไฟล์ <filename>/etc/samba/smb.conf</filename> "
1656
"โดยเปลี่ยนดังนี้:"
1657
1658
#: serverguide/C/windows-networking.xml:1146(programlisting)
1659
#, no-wrap
1660
msgid ""
1661
"\n"
1662
" workgroup = EXAMPLE\n"
1663
" ...\n"
1664
" security = ads\n"
1665
" realm = EXAMPLE.COM\n"
1666
" ...\n"
1667
" idmap backend = lwopen\n"
1668
" idmap uid = 50-9999999999\n"
1669
" idmap gid = 50-9999999999\n"
1670
msgstr ""
1671
"\n"
1672
" workgroup = EXAMPLE\n"
1673
" ...\n"
1674
" security = ads\n"
1675
" realm = EXAMPLE.COM\n"
1676
" ...\n"
1677
" idmap backend = lwopen\n"
1678
" idmap uid = 50-9999999999\n"
1679
" idmap gid = 50-9999999999\n"
1680
1681
#: serverguide/C/windows-networking.xml:1157(para)
1682
msgid ""
1683
"Restart <application>samba</application> for the new settings to take effect:"
1684
msgstr ""
1685
"จากนั้นให้เริ่มโปรแกรม <application>แซมบ้า</application> "
1686
"ใหม่เพื่อให้การตั้งค่าใหม่มีผลบังคับใช้:"
1687
1688
#: serverguide/C/windows-networking.xml:1165(para)
1689
msgid ""
1690
"You should now be able to access any <application>Samba</application> shares "
1691
"from a Windows client. However, be sure to give the appropriate AD users or "
1692
"groups access to the share directory. See <xref linkend=\"samba-fileprint-"
1693
"security\"/> for more details."
1694
msgstr ""
1695
"หลังจากเริ่มโปรแกรมแซมบ้าใหม่ คุณควรที่จะใช้แชร์จาก "
1696
"<application>แซมบ้า</application> ได้จากเครื่องลูกข่ายวินโดว์ "
1697
"อย่างไรก็ตามอย่าลืมตรวจสอบว่าคุณได้ให้สิทธิ์ผู้ใช้หรือกลุ่มผู้ใช้ใน AD "
1698
"ในการเข้าใช้งานแชร์ในแซมบ้าด้วยล่ะ สำหรับรายละเอียดเพิ่มเติมกรุณาอ่าน <xref "
1699
"linkend=\"samba-fileprint-security\"/>"
1700
1701
#: serverguide/C/windows-networking.xml:1173(title)
1702
msgid "Accessing a Windows Share"
1703
msgstr "การเข้าใช้งานแชร์ในวินโดว์"
1704
1705
#: serverguide/C/windows-networking.xml:1175(para)
1706
msgid ""
1707
"Now that the Samba server is part of the Active Directory domain you can "
1708
"access any Windows server shares:"
1709
msgstr ""
1710
"เครื่องเซิร์ฟเวอร์แซมบ้าที่เป็นส่วนหนึ่งของโดเมน Active Directory "
1711
"สามารถใช้งานแชร์ของเครื่องเซิร์ฟเวอร์ที่ทำงานบนระบบวินโดว์ได้:"
1712
1713
#: serverguide/C/windows-networking.xml:1182(para)
1714
msgid ""
1715
"To mount a Windows file share enter the following in a terminal prompt:"
1716
msgstr "คุณสามารถ mount แชร์ในวินโดว์ได้โดยพิมพ์คำสั่ง:"
1717
1718
#: serverguide/C/windows-networking.xml:1186(command)
1719
msgid "mount.cifs //fs01.example.com/share mount_point"
1720
msgstr "mount.cifs //fs01.example.com/share mount_point"
1721
1722
#: serverguide/C/windows-networking.xml:1189(para)
1723
msgid ""
1724
"It is also possible to access shares on computers not part of an AD domain, "
1725
"but a username and password will need to be provided."
1726
msgstr ""
1727
"นอกจากนั้นคุณยังสามารถใช้งานแชร์บนเครื่องคอมพิวเตอร์ที่ไม่ได้อยู่ในโดเมน AD "
1728
"ด้วยเช่นกัน แต่คุณต้องระบุชื่อผู้ใช้และรหัสผ่านสำหรับใช้งานด้วย"
1729
1730
#: serverguide/C/windows-networking.xml:1197(para)
1731
msgid ""
1732
"To mount the share during boot place an entry in "
1733
"<filename>/etc/fstab</filename>, for example:"
1734
msgstr ""
1735
"ถ้าคุณต้องการ mount แชร์เมื่อเปิดเครื่อง ให้ใส่รายการในไฟล์ "
1736
"<filename>/etc/fstab</filename> เช่น:"
1737
1738
#: serverguide/C/windows-networking.xml:1201(programlisting)
1739
#, no-wrap
1740
msgid ""
1741
"\n"
1742
"//192.168.0.5/share /mnt/windows cifs auto,username=steve,password=secret,rw "
1743
"0 0\n"
1744
msgstr ""
1745
"\n"
1746
"//192.168.0.5/share /mnt/windows cifs auto,username=steve,password=secret,rw "
1747
"0 0\n"
1748
1749
#: serverguide/C/windows-networking.xml:1208(para)
1750
msgid ""
1751
"Another way to copy files from a Windows server is to use the "
1752
"<application>smbclient</application> utility. To list the files in a Windows "
1753
"share:"
1754
msgstr ""
1755
"อีกวิธีที่คุณสามารถคัดลอกไฟล์จากเครื่องเซิร์ฟเวอร์วินโดว์คือการใช้โปรแกรม "
1756
"<application>smbclient</application> "
1757
"คุณสามารถแสดงรายชื่อของไฟล์ที่อยู่ในแชร์ของวินโดว์ได้โดยพิมพ์คำสั่ง:"
1758
1759
#: serverguide/C/windows-networking.xml:1214(command)
1760
msgid "smbclient //fs01.example.com/share -k -c \"ls\""
1761
msgstr "smbclient //fs01.example.com/share -k -c \"ls\""
1762
1763
#: serverguide/C/windows-networking.xml:1220(para)
1764
msgid "To copy a file from the share, enter:"
1765
msgstr "ถ้าต้องการคัดลอกไฟล์จากแชร์ให้พิมพ์:"
1766
1767
#: serverguide/C/windows-networking.xml:1225(command)
1768
msgid "smbclient //fs01.example.com/share -k -c \"get file.txt\""
1769
msgstr "smbclient //fs01.example.com/share -k -c \"get file.txt\""
1770
1771
#: serverguide/C/windows-networking.xml:1228(para)
1772
msgid ""
1773
"This will copy the <filename>file.txt</filename> into the current directory."
1774
msgstr ""
1775
"คำสั่งนี้จะคัดลอกไฟล์ชื่อ <filename>file.txt</filename> "
1776
"ไปที่แฟ้มข้อมูลปัจจุบัน"
1777
1778
#: serverguide/C/windows-networking.xml:1235(para)
1779
msgid "And to copy a file to the share:"
1780
msgstr "และถ้าคุณต้องการคัดลอกไฟล์ไปไว้ที่แชร์ก็พิมพ์:"
1781
1782
#: serverguide/C/windows-networking.xml:1240(command)
1783
msgid "smbclient //fs01.example.com/share -k -c \"put /etc/hosts hosts\""
1784
msgstr "smbclient //fs01.example.com/share -k -c \"put /etc/hosts hosts\""
1785
1786
#: serverguide/C/windows-networking.xml:1243(para)
1787
msgid ""
1788
"This will copy the <filename>/etc/hosts</filename> to "
1789
"<filename>//fs01.example.com/share/hosts</filename>."
1790
msgstr ""
1791
1792
#: serverguide/C/windows-networking.xml:1250(para)
1793
msgid ""
1794
"The <emphasis>-c</emphasis> option used above allows you to execute the "
1795
"<application>smbclient</application> command all at once. This is useful for "
1796
"scripting and minor file operations. To enter the <emphasis>smb: \\"
1797
"></emphasis> prompt, a FTP like prompt where you can execute normal file "
1798
"and directory commands, simply execute:"
1799
msgstr ""
1800
"การใช้ตัวเลือก <emphasis>c</emphasis> ด้านบนทำให้คุณสามารถใช้คำสั่ง "
1801
"<application>smbclient</application> ได้ทีเดียวในหนึ่งคำสั่งเลย "
1802
"ซึ่งก็เป็นประโยชน์สำหรับการเขียนสคริปต์หรือทำงานทั่วๆไปกับไฟล์ได้ "
1803
"แต่ถ้าคุณต้องการใช้งานพร๊อมต์ (prompt) <emphasis>smb:\\></emphasis> "
1804
"ซึ่งเป็นพร๊อมต์คล้ายๆ FTP ที่คุณสามารถพิมพ์คำสั่งต่างๆกับไฟล์และแฟ้มข้อมูล "
1805
"คุณต้องพิมพ์:"
1806
1807
#: serverguide/C/windows-networking.xml:1257(command)
1808
msgid "smbclient //fs01.example.com/share -k"
1809
msgstr "smbclient //fs01.example.com/share -k"
1810
1811
#: serverguide/C/windows-networking.xml:1264(para)
1812
msgid ""
1813
"Replace all instances of <emphasis>fs01.example.com/share</emphasis>, "
1814
"<emphasis>//192.168.0.5/share</emphasis>, "
1815
"<emphasis>username=steve,password=secret</emphasis>, and "
1816
"<emphasis>file.txt</emphasis> with your server's IP, hostname, share name, "
1817
"file name, and an actual username and password with rights to the share."
1818
msgstr ""
1819
"เปลี่ยน <emphasis>fs01.example.com/share</emphasis>, "
1820
"<emphasis>//192.168.0.5/share</emphasis>, "
1821
"<emphasis>username=steve,password=secret</emphasis> และ "
1822
"<emphasis>file.txt</emphasis> เป็นเลขที่ IP ของเครื่องเซิร์ฟเวอร์คุณ, "
1823
"ชื่อของเครื่องเซิร์ฟเวอร์, ชื่อไฟล์, "
1824
"และชื่อของผู้ใช้และรหัสผ่านที่มีสิทธิ์ในการใช้งานแชร์นั้นๆได้"
1825
1826
#: serverguide/C/windows-networking.xml:1275(para)
1827
msgid ""
1828
"For more <application>smbclient</application> options see the man page: "
1829
"<command>man smbclient</command>, also available <ulink "
1830
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man1/smbclient.1.html\">on"
1831
"line</ulink>."
1832
msgstr ""
1833
1834
#: serverguide/C/windows-networking.xml:1280(para)
1835
msgid ""
1836
"The <application>mount.cifs</application><ulink "
1837
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man8/mount.cifs.8.html\">m"
1838
"an page</ulink> is also useful for more detailed information."
1839
msgstr ""
1840
1841
#: serverguide/C/windows-networking.xml:1293(title)
1842
msgid "Likewise Open"
1843
msgstr "Likewise Open"
1844
1845
#: serverguide/C/windows-networking.xml:1295(para)
1846
msgid ""
1847
"<application>Likewise Open</application> simplifies the necessary "
1848
"configuration needed to authenticate a Linux machine to an Active Directory "
1849
"domain. Based on <application>winbind</application>, the "
1850
"<application>likewise-open</application> package takes the pain out of "
1851
"integrating Ubuntu authentication into an existing Windows network."
1852
msgstr ""
1853
"<application>Likewise Open</application> "
1854
"ทำให้การตั้งค่าต่างๆเพื่อให้เครื่องลีนุกซ์เข้าร่วมกับโดเมน Active Directory "
1855
"ง่ายดายยิ่งขึ้น ด้วยการใช้โปรแกรม <application>winbind</application> "
1856
"ชุดโปรแกรม <application>likewise-open</application> "
1857
"จะช่วยลดความปวดหัวที่อาจเกิดจากการทำให้เครื่องอูบุนตูของคุณลงชื่อเข้าใช้ระบบใ"
1858
"นเครือข่ายวินโดว์ที่มีอยู่ได้แล้วอย่างมาก"
1859
1860
#: serverguide/C/windows-networking.xml:1304(para)
1861
msgid ""
1862
"There are two ways to use Likewise Open, <application>likewise-"
1863
"open</application> the command line utility and <application>likewise-open-"
1864
"gui</application>. This section focuses on the command line utility."
1865
msgstr ""
1866
"มีสองวิธีที่คุณสามารถใช้ <application>Likewise Open</application> "
1867
"ได้นั่นก็คือผ่านโปรแกรม command line อย่าง <application>likewise-"
1868
"open</application> หรือผ่านหน้าจอด้วย <application>likewise-open-"
1869
"gui</application> บทความส่วนนี้จะเน้นที่การใช้งานโปรแกรม command line"
1870
1871
#: serverguide/C/windows-networking.xml:1309(para)
1872
msgid ""
1873
"To install the <application>likewise-open</application> package, open a "
1874
"terminal prompt and enter:"
1875
msgstr ""
1876
"คุณสามารถติดตั้ง <application>likewise-open</application> ได้โดยการเปิด "
1877
"terminal และพิมพ์:"
1878
1879
#: serverguide/C/windows-networking.xml:1314(command)
1880
msgid "sudo apt-get install likewise-open"
1881
msgstr "sudo apt-get install likewise-open"
1882
1883
#: serverguide/C/windows-networking.xml:1319(title)
1884
msgid "Joining a Domain"
1885
msgstr "การเข้าร่วมกับโดเมน"
1886
1887
#: serverguide/C/windows-networking.xml:1321(para)
1888
msgid ""
1889
"The main executable file of the <application>likewise-open</application> "
1890
"package is <filename>/usr/bin/domainjoin-cli</filename>, which is used to "
1891
"join your computer to the domain. Before you join a domain you will need to "
1892
"make sure you have:"
1893
msgstr ""
1894
1895
#: serverguide/C/windows-networking.xml:1329(para)
1896
msgid ""
1897
"Access to an Active Directory user with appropriate rights to join the "
1898
"domain."
1899
msgstr ""
1900
"คุณมีชื่อผู้ใช้ใน Active Directory "
1901
"ที่มีสิทธ์ในการอนุญาติให้เครื่องคอมพิวเตอร์เข้าร่วมกับโดเมนได้"
1902
1903
#: serverguide/C/windows-networking.xml:1334(para)
1904
msgid ""
1905
"The <emphasis>Fully Qualified Domain Name</emphasis> (FQDN) of the domain "
1906
"you want to join. If your AD domain does not match a valid domain such as "
1907
"<emphasis role=\"italic\">example.com</emphasis>, it is likely that it has "
1908
"the form of <emphasis>domainname.local</emphasis>."
1909
msgstr ""
1910
"ชื่อเต็มของโดเมนหรือ <emphasis>Fully Qualified Domain Name</emphasis> (FQDN) "
1911
"ที่คุณต้องการเข้าร่วมด้วย ถ้าโดเมน AD ของคุณไม่ได้มีชื่อแบบทั่วไปเช่น "
1912
"<emphasis role=\"italic\">example.com</emphasis> "
1913
"อาจเป็นไปได้ว่าชื่อของโดเมนคุณอยู่ในรูปแบบของ "
1914
"<emphasis>domainname.local</emphasis> แทน"
1915
1916
#: serverguide/C/windows-networking.xml:1341(para)
1917
msgid ""
1918
"DNS for the domain setup properly. In a production AD environment this "
1919
"should be the case. Proper Microsoft DNS is needed so that client "
1920
"workstations can determine the Active Directory domain is available."
1921
msgstr ""
1922
"DNS ในโดเมนของคุณทำงานได้อย่างถูกต้อง "
1923
"ในเน็ตเวิร์กที่ใช้งานจริงกรณีนี้มักไม่เป็นปัญหาเพราะว่า DNS "
1924
"ใช้งานได้อยู่แล้ว DNS "
1925
"เป็นสิ่งที่จำเป็นเนื่องจากว่าเครื่องลูกข่ายจะต้องระบุได้ว่ามีโดเมน Active "
1926
"Directory อยู่หรือเปล่า"
1927
1928
#: serverguide/C/windows-networking.xml:1345(para)
1929
msgid ""
1930
"If you don't have a Windows DNS server on your network, see <xref "
1931
"linkend=\"likewise-open-ms-dns\"/> for details."
1932
msgstr ""
1933
"ถ้าคุณไม่มีเครื่อง DNS เซิร์ฟเวอร์ของวินโดว์ในเครือข่ายกรุณาอ่าน <xref "
1934
"linkend=\"likewise-open-ms-dns\"/> สำหรับรายละเอียดเพิ่มเติม"
1935
1936
#: serverguide/C/windows-networking.xml:1352(para)
1937
msgid "To join a domain, from a terminal prompt enter:"
1938
msgstr "สำหรับการเข้าร่วมกับโดเมน ให้พิมพ์คำสั่ง:"
1939
1940
#: serverguide/C/windows-networking.xml:1357(command)
1941
msgid "sudo domainjoin-cli join example.com Administrator"
1942
msgstr "sudo domainjoin-cli join example.com Administrator"
1943
1944
#: serverguide/C/windows-networking.xml:1361(para)
1945
msgid ""
1946
"Replace <emphasis>example.com</emphasis> with your domain name, and "
1947
"<emphasis>Administrator</emphasis> with the appropriate user name."
1948
msgstr ""
1949
"แทนที่ <emphasis>example.com</emphasis> ด้วยชื่อโดเมนของคุณ และ "
1950
"<emphasis>Administrator</emphasis> ด้วยชื่อผู้ใช้ที่เหมาะสม"
1951
1952
#: serverguide/C/windows-networking.xml:1367(para)
1953
msgid ""
1954
"You will then be prompted for the user's password. If all goes well a "
1955
"<emphasis>SUCCESS</emphasis> message should be printed to the console."
1956
msgstr ""
1957
"จากนั้นคุณจะต้องใส่รหัสผ่าน ซึ่งถ้าใส่ถูกต้องคุณจะเห็นข้อความ "
1958
"<emphasis>SUCCESS</emphasis>บนหน้าจอ"
1959
1960
#: serverguide/C/windows-networking.xml:1373(para)
1961
msgid ""
1962
"After joining the domain, it is necessary to reboot before attempting to "
1963
"authenticate against the domain."
1964
msgstr ""
1965
1966
#: serverguide/C/windows-networking.xml:1379(para)
1967
msgid ""
1968
"After successfully joining an Ubuntu machine to an Active Directory domain "
1969
"you can authenticate using any valid AD user. To login you will need to "
1970
"enter the user name as 'domain\\username'. For example to ssh to a server "
1971
"joined to the domain enter:"
1972
msgstr ""
1973
"หลังจากเครื่องอูบุนตูของคุณเข้าร่วมกับโดเมนได้สำเร็จ "
1974
"คุณจะสามารถลงชื่อเข้าใช้จากเครื่องคุณได้โดยใช้ชื่อผู้ใช้ได้ๆก็ได้ที่อยู่ใน "
1975
"AD โดยพิมพ์ชื่อผู้ใช้ในรูปแบบ 'โดเมน\\ชื่อผู้ใช้' "
1976
"ยกตัวอย่างเช่นถ้าคุณต้องการต่อ ssh ไปที่เซิร์ฟเวอร์ที่อยู่ในโดเมน ให้พิมพ์:"
1977
1978
#: serverguide/C/windows-networking.xml:1386(command)
1979
msgid "ssh 'example\\steve'@hostname"
1980
msgstr "ssh 'example\\steve'@hostname"
1981
1982
#: serverguide/C/windows-networking.xml:1390(para)
1983
msgid ""
1984
"If configuring a Desktop the user name will need to be prefixed with "
1985
"<emphasis role=\"italic\">domain\\</emphasis> in the graphical logon as well."
1986
msgstr ""
1987
"ถ้าคุณใช้งานบนเครื่องเดสก์ท๊อป (Desktop) ที่มีระบบลงชื่อเข้าใช้แบบกราฟฟิค "
1988
"(graphical) คุณต้องนำหน้าชื่อผู้ใช้ด้วยชื่อของโดเมนเช่น <emphasis "
1989
"role=\"italic\">โดเมน\\</emphasis> เช่นกัน"
1990
1991
#: serverguide/C/windows-networking.xml:1396(para)
1992
msgid ""
1993
"To make likewise-open use a default domain, you can add the following "
1994
"statement to <filename>/etc/samba/lwiauthd.conf</filename>:"
1995
msgstr ""
1996
"เพื่อที่จะทำให้ likewise-open ใช้โดเมนมาตรฐาน "
1997
"คุณสามารถเพิ่มบรรทัดต่อไปนี้ในไฟล์ "
1998
"<filename>/etc/samba/lwiauthd.conf</filename>:"
1999
2000
#: serverguide/C/windows-networking.xml:1400(programlisting)
2001
#, no-wrap
2002
msgid ""
2003
"\n"
2004
"winbind use default domain = yes\n"
2005
msgstr ""
2006
"\n"
2007
"winbind use default domain = yes\n"
2008
2009
#: serverguide/C/windows-networking.xml:1404(para)
2010
msgid "Then restart the <application>likewise-open</application> daemons:"
2011
msgstr ""
2012
"จากนั้นให้เริ่มโปรแกรม <application>likewise-open</application> ใหม่โดยพิมพ์:"
2013
2014
#: serverguide/C/windows-networking.xml:1409(command)
2015
msgid "sudo /etc/init.d/likewise-open restart"
2016
msgstr "sudo /etc/init.d/likewise-open restart"
2017
2018
#: serverguide/C/windows-networking.xml:1413(para)
2019
msgid ""
2020
"Once configured for a <emphasis>default domain</emphasis> the <emphasis "
2021
"role=\"italic\">'domain\\'</emphasis> is no longer required, users can login "
2022
"using only their username."
2023
msgstr ""
2024
"หลังจากที่คุณตั้งค่าให้ใช้งานกับ <emphasis>default domain</emphasis> "
2025
"แล้วคุณก็ไม่ต้องมี <emphasis role=\"italic\">'domain\\'</emphasis> "
2026
"นำหน้าของผู้ใช้อีก และผู้ใช้สามารถลงชื่อเข้าใช้ระบบได้โดยใช้ชื่อผู้ใช้ได้เลย"
2027
2028
#: serverguide/C/windows-networking.xml:1419(para)
2029
msgid ""
2030
"The <application>domainjoin-cli</application> utility can also be used to "
2031
"leave the domain. From a terminal:"
2032
msgstr ""
2033
"คุณสามารถใช้โปรแกรม <application>domainjoin-cli</application> "
2034
"กรณีที่ต้องการออกจากโดเมนได้เช่นกัน สำหรับกรณีนี้ให้พิมพ์:"
2035
2036
#: serverguide/C/windows-networking.xml:1424(command)
2037
msgid "sudo domainjoin-cli leave"
2038
msgstr "sudo domainjoin-cli leave"
2039
2040
#: serverguide/C/windows-networking.xml:1429(title) serverguide/C/security.xml:1777(title)
2041
msgid "Other Utilities"
2042
msgstr "เครื่องมืออื่นๆ"
2043
2044
#: serverguide/C/windows-networking.xml:1431(para)
2045
msgid ""
2046
"The <application>likewise-open</application> package comes with a few other "
2047
"utilities that may be useful for gathering information about the Active "
2048
"Directory environment. These utilities are used to join the machine to the "
2049
"domain, and are the same as those available in the <application>samba-"
2050
"common</application> and <application>winbind</application> packages:"
2051
msgstr ""
2052
"ชุดโปรแกรม <application>likewise-open</application> "
2053
"มาพร้อมกับเครื่องมืออื่นๆซึ่งมีประโยชน์สำหรับใช้ศึกษาข้อมูลเกี่ยวกับ Active "
2054
"Directory "
2055
"คุณสามารถใช้เครื่องมือเหล่านี้เพื่อให้เครื่องคอมพิวเตอร์เข้าร่วมกับโดเมนเหมือ"
2056
"นๆกับที่ชุดโปรแกรม <application>samba-common</application> และ "
2057
"<application>winbind</application> ทำได้:"
2058
2059
#: serverguide/C/windows-networking.xml:1440(para)
2060
msgid ""
2061
"<application>lwinet</application>: Returns information about the network and "
2062
"the domain."
2063
msgstr ""
2064
"โปรแกรม <application>lwinet</application>: "
2065
"คืนข้อมูลต่างๆเกี่ยวกับเครือข่ายและโดเมน"
2066
2067
#: serverguide/C/windows-networking.xml:1445(para)
2068
msgid ""
2069
"<application>lwimsg</application>: Allows interaction with the "
2070
"<application>likewise-winbindd</application> daemon."
2071
msgstr ""
2072
"โปรแกรม <application>lwimsg</application>: สำหรับใช้ร่วมกับโปรแกรม "
2073
"<application>likewise-winbindd</application> daemon."
2074
2075
#: serverguide/C/windows-networking.xml:1450(para)
2076
msgid ""
2077
"<application>lwiinfo</application>: Displays information about various parts "
2078
"of the Domain."
2079
msgstr ""
2080
"โปรแกรม <application>lwiinfo</application>: "
2081
"แสดงข้อมูลเกี่ยวกับส่วนต่างๆของโดเมน"
2082
2083
#: serverguide/C/windows-networking.xml:1456(para)
2084
msgid "Please refer to each utility's man page specific for details."
2085
msgstr "กรุณาอ่านคู่มือของโปรแกรมแต่ละตัวสำหรับรายละเอียด"
2086
2087
#: serverguide/C/windows-networking.xml:1462(title) serverguide/C/mail.xml:351(title) serverguide/C/mail.xml:1598(title) serverguide/C/dns.xml:338(title)
2088
msgid "Troubleshooting"
2089
msgstr "การแก้ปัญหา"
2090
2091
#: serverguide/C/windows-networking.xml:1466(para)
2092
msgid ""
2093
"If the client has trouble joining the domain, double check that the "
2094
"Microsoft DNS is listed first in <filename>/etc/resolv.conf</filename>. For "
2095
"example:"
2096
msgstr ""
2097
"ถ้าเครื่องลูกข่ายไม่สามารถเข้าร่วมกับโดเมนได้ "
2098
"ให้เช็คอีกทีว่าเครื่องเซิร์ฟเวอร์ DNS "
2099
"ของไมโครซอฟท์นั้นอยู่เป็นอันดับแรกของไฟล์ "
2100
"<filename>/etc/resolv.conf</filename> ยกตัวอย่างเช่น:"
2101
2102
#: serverguide/C/windows-networking.xml:1471(programlisting)
2103
#, no-wrap
2104
msgid ""
2105
"\n"
2106
"nameserver 192.168.0.1\n"
2107
msgstr ""
2108
"\n"
2109
"nameserver 192.168.0.1\n"
2110
2111
#: serverguide/C/windows-networking.xml:1476(para)
2112
msgid ""
2113
"For more information when joining a domain, use the <emphasis>--loglevel "
2114
"verbose</emphasis> or <emphasis>--advanced</emphasis> option of the "
2115
"<application>domainjoin-cli</application> utility:"
2116
msgstr ""
2117
"คุณสามารถดูข้อมูลแบบละเอียดเวลาเข้าร่วมกับโดเมนได้โดยใช้ตัวเลือก <emphasis>--"
2118
"loglevel verbose</emphasis> หรือ <emphasis>--advanced</emphasis> กับคำสั่ง "
2119
"<application>domainjoin-cli</application>:"
2120
2121
#: serverguide/C/windows-networking.xml:1482(command)
2122
msgid "sudo domainjoin-cli --loglevel verbose join example.com Administrator"
2123
msgstr ""
2124
"sudo domainjoin-cli --loglevel verbose join example.com Administrator"
2125
2126
#: serverguide/C/windows-networking.xml:1486(para)
2127
msgid ""
2128
"If an Active Directory user has trouble logging in, check the "
2129
"<filename>/var/log/auth.log</filename> for details."
2130
msgstr ""
2131
"ถ้าผู้ใช้ใน Active Directory ไม่สามารถลงชื่อเข้าใช้ระบบได้ "
2132
"ให้ลองดูสาเหตุและรายละเอียดจากไฟล์ <filename>/var/log/auth.log</filename>"
2133
2134
#: serverguide/C/windows-networking.xml:1491(para)
2135
msgid ""
2136
"When joining an Ubuntu Desktop workstation to a domain, you may need to edit "
2137
"<filename>/etc/nsswitch.conf</filename> if your AD domain uses the <emphasis "
2138
"role=\"italic\">.local</emphasis> syntax. In order to join the domain the "
2139
"<emphasis>\"mdns4\"</emphasis> entry should be removed from the "
2140
"<emphasis>hosts</emphasis> option. For example:"
2141
msgstr ""
2142
2143
#: serverguide/C/windows-networking.xml:1497(programlisting)
2144
#, no-wrap
2145
msgid ""
2146
"\n"
2147
"hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4\n"
2148
msgstr ""
2149
"\n"
2150
"hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4\n"
2151
2152
#: serverguide/C/windows-networking.xml:1501(para)
2153
msgid "Change the above to:"
2154
msgstr "แก้ไขบรรทัดด้านบนเป็น:"
2155
2156
#: serverguide/C/windows-networking.xml:1505(programlisting)
2157
#, no-wrap
2158
msgid ""
2159
"\n"
2160
"hosts: files dns [NOTFOUND=return]\n"
2161
msgstr ""
2162
"\n"
2163
"hosts: files dns [NOTFOUND=return]\n"
2164
2165
#: serverguide/C/windows-networking.xml:1509(para)
2166
msgid "Then restart networking by entering:"
2167
msgstr "จากนั้นก็ให้เริ่มการใช้เครือข่ายใหม่โดยพิมพ์คำสั่ง:"
2168
2169
#: serverguide/C/windows-networking.xml:1514(command) serverguide/C/network-config.xml:559(command)
2170
msgid "sudo /etc/init.d/networking restart"
2171
msgstr "sudo /etc/init.d/networking restart"
2172
2173
#: serverguide/C/windows-networking.xml:1517(para)
2174
msgid "You should now be able to join the Active Directory domain."
2175
msgstr "จากนั้นคุณน่าจะเข้าร่วมกับโดเมน Active Directory ได้แล้ว"
2176
2177
#: serverguide/C/windows-networking.xml:1525(title)
2178
msgid "Microsoft DNS"
2179
msgstr "ไมโครซอฟท์ DNS"
2180
2181
#: serverguide/C/windows-networking.xml:1527(para)
2182
msgid ""
2183
"The following are instructions for installing DNS on an Active Directory "
2184
"domain controller running Windows Server 2003, but the instructions should "
2185
"be similar for other versions:"
2186
msgstr ""
2187
"ในส่วนนี้จะให้คำแนะนำในการติดตั้ง DNS บนเครื่องควบคุมโดเมน Active Directory "
2188
"ที่ทำงานบนวินโดว์ เซิร์ฟเวอร์ 2003 "
2189
"แต่คำแนะนำนี้น่าจะนำไปใช้กับวินโดว์เซิร์ฟเวอร์เวอร์ชั่นอื่นๆได้เช่นกัน:"
2190
2191
#: serverguide/C/windows-networking.xml:1536(para)
2192
msgid ""
2193
"Click "
2194
"<menuchoice><guimenuitem>Start</guimenuitem><guimenuitem>Administrative Tools"
2195
"</guimenuitem><guimenuitem>Manage Your Server</guimenuitem></menuchoice>. "
2196
"This will open the <application>Server Role Mangement</application> utility."
2197
msgstr ""
2198
2199
#: serverguide/C/windows-networking.xml:1544(para)
2200
msgid "Click <guilabel>Add or remove a role</guilabel>"
2201
msgstr ""
2202
2203
#: serverguide/C/windows-networking.xml:1545(para) serverguide/C/windows-networking.xml:1547(para) serverguide/C/windows-networking.xml:1550(para)
2204
msgid "Click Next"
2205
msgstr "คลิ๊กปุ่ม Next"
2206
2207
#: serverguide/C/windows-networking.xml:1546(para)
2208
msgid "Select \"DNS Server\""
2209
msgstr "เลือก \"DNS Server\""
2210
2211
#: serverguide/C/windows-networking.xml:1548(para)
2212
msgid "Click Next again to proceed"
2213
msgstr ""
2214
2215
#: serverguide/C/windows-networking.xml:1549(para)
2216
msgid "Select \"Create a forward lookup zone\" if it is not selected."
2217
msgstr "เลือก \"Create a forward lookup zone\" ถ้าตัวเลือกนี้ยังไม่ถูกเลือก"
2218
2219
#: serverguide/C/windows-networking.xml:1551(para)
2220
msgid ""
2221
"Make sure \"This server maintains the zone\" is selected and click Next."
2222
msgstr ""
2223
"ตรวจสอบว่า \"This server maintains the zone\" ได้ถูกเลือก "
2224
"จากนั้นให้คลิ๊กปุ่ม Next"
2225
2226
#: serverguide/C/windows-networking.xml:1552(para)
2227
msgid "Enter your domain name and click Next"
2228
msgstr "ใส่ชื่อโดเมนของคุณและคลิ๊กปุ่ม Next"
2229
2230
#: serverguide/C/windows-networking.xml:1553(para)
2231
msgid "Click Next to \"Allow only secure dynamic updates\""
2232
msgstr ""
2233
"คลิ๊กปุ่ม Next เพื่ออนุญาติให้ทำการปรับปรุงข้อมูลแบบปลอดภัยเท่านั้น (\"Allow "
2234
"only secure dynamic updates\")"
2235
2236
#: serverguide/C/windows-networking.xml:1555(para)
2237
msgid ""
2238
"Enter the IP for DNS servers to forward queries to, or Select \"No, it "
2239
"should not forward queries\" and click Next."
2240
msgstr ""
2241
"ใส่เลขที่ IP สำหรับเซิร์ฟเวอร์ DNS ที่จะโอนคำร้องขอไปให้ หรือเลือก \"No, it "
2242
"should not forward queries\" จากนั้นจึงคลิ๊กปุ่ม Next"
2243
2244
#: serverguide/C/windows-networking.xml:1559(para) serverguide/C/windows-networking.xml:1560(para)
2245
msgid "Click Finish"
2246
msgstr "คลิ๊กปุ่ม Finish"
2247
2248
#: serverguide/C/windows-networking.xml:1562(para)
2249
msgid ""
2250
"DNS is now installed and can be further configured using the "
2251
"<application>Microsoft Management Console</application> DNS snap-in."
2252
msgstr ""
2253
"DNS ได้ถูกติดตั้งเรียบร้อยและคุณสามารถปรับค่าเพิ่มเติมได้โดยใช้โปรแกรม "
2254
"<application>Microsoft Management Console</application> ผ่าน DNS snap-in"
2255
2256
#: serverguide/C/windows-networking.xml:1570(para)
2257
msgid "Click Start"
2258
msgstr "คลิ๊กปุ่ม Start"
2259
2260
#: serverguide/C/windows-networking.xml:1571(para)
2261
msgid "Control Panel"
2262
msgstr "แ"
2263
2264
#: serverguide/C/windows-networking.xml:1572(para)
2265
msgid "Network Connections"
2266
msgstr "การเชื่อมต่อเครือข่าย (Network Connections)"
2267
2268
#: serverguide/C/windows-networking.xml:1573(para)
2269
msgid "Right Click \"Local Area Connection\""
2270
msgstr "คลิ๊กขวาบนไอคอน \"Local Area Connection\""
2271
2272
#: serverguide/C/windows-networking.xml:1574(para)
2273
msgid "Click Properties"
2274
msgstr "คลิ๊กที่ Properties"
2275
2276
#: serverguide/C/windows-networking.xml:1575(para)
2277
msgid "Double click \"Internet Protocol (TCP/IP)\""
2278
msgstr "ดับเบิ้ลคลิ๊กที่รายการ \"Internet Protocol (TCP/IP)\""
2279
2280
#: serverguide/C/windows-networking.xml:1576(para)
2281
msgid "Enter the Server's IP Address as the \"Preferred DNS server\""
2282
msgstr "ใส่เลขที่ IP ของเซิร์ฟเวอร์ในช่อง \"Preferred DNS server\""
2283
2284
#: serverguide/C/windows-networking.xml:1577(para)
2285
msgid "Click Ok"
2286
msgstr "คลิ๊กปุ่ม OK"
2287
2288
#: serverguide/C/windows-networking.xml:1578(para)
2289
msgid "Click Ok again to save the settings"
2290
msgstr "คลิ๊กปุ่ม OK อีกครั้งเพื่อบันทึกการตั้งค่า"
2291
2292
#: serverguide/C/windows-networking.xml:1567(para)
2293
msgid ""
2294
"Next, configure the Server to use itself for DNS queries: <placeholder-1/>"
2295
msgstr ""
2296
"จากนั้นให้ตั้งค่าเซิร์ฟเวอร์ให้ใช้ตัวเองเพื่อตอบคำร้องขอ DNS: <placeholder-"
2297
"1/>"
2298
2299
#: serverguide/C/windows-networking.xml:1585(title) serverguide/C/web-servers.xml:624(title) serverguide/C/web-servers.xml:772(title) serverguide/C/web-servers.xml:922(title) serverguide/C/web-servers.xml:1017(title) serverguide/C/web-servers.xml:1239(title) serverguide/C/vpn.xml:303(title) serverguide/C/virtualization.xml:1840(title) serverguide/C/virtualization.xml:2165(title) serverguide/C/vcs.xml:539(title) serverguide/C/security.xml:877(title) serverguide/C/security.xml:1211(title) serverguide/C/security.xml:1626(title) serverguide/C/security.xml:1817(title) serverguide/C/remote-administration.xml:203(title) serverguide/C/package-management.xml:454(title) serverguide/C/other-apps.xml:330(title) serverguide/C/network-config.xml:1006(title) serverguide/C/network-config.xml:1107(title) serverguide/C/monitoring.xml:391(title) serverguide/C/monitoring.xml:527(title) serverguide/C/mail.xml:459(title) serverguide/C/mail.xml:643(title) serverguide/C/mail.xml:795(title) serverguide/C/mail.xml:1217(title) serverguide/C/mail.xml:1646(title) serverguide/C/lamp-applications.xml:259(title) serverguide/C/lamp-applications.xml:388(title) serverguide/C/lamp-applications.xml:496(title) serverguide/C/file-server.xml:284(title) serverguide/C/file-server.xml:436(title) serverguide/C/file-server.xml:619(title) serverguide/C/dns.xml:572(title) serverguide/C/clustering.xml:234(title) serverguide/C/chat.xml:107(title) serverguide/C/chat.xml:221(title) serverguide/C/backups.xml:297(title)
2300
msgid "References"
2301
msgstr "แหล่งอ้างอิง"
2302
2303
#: serverguide/C/windows-networking.xml:1587(para)
2304
msgid ""
2305
"Please refer to the <ulink "
2306
"url=\"http://www.likewisesoftware.com/\">Likewise</ulink> home page for "
2307
"further information."
2308
msgstr ""
2309
"กรุณาไปที่หน้าโฮมเพจของ <ulink "
2310
"url=\"http://www.likewisesoftware.com/\">Likewise</ulink> "
2311
"สำหรับข้อมูลเพิ่มเติม"
2312
2313
#: serverguide/C/windows-networking.xml:1591(para)
2314
msgid ""
2315
"For more <application>domainjoin-cli</application> options see the man page: "
2316
"<command>man domainjoin-cli</command>."
2317
msgstr ""
2318
"ถ้าคุณต้องการดูตัวเลือกอื่นๆของคำสั่ง <application>domainjoin-"
2319
"cli</application> กรุณาดูคู่มือโดยพิมพ์คำสั่ง: <command>man domainjoin-"
2320
"cli</command>"
2321
2322
#: serverguide/C/windows-networking.xml:1595(para)
2323
msgid ""
2324
"Also, see the <ulink "
2325
"url=\"https://help.ubuntu.com/community/LikewiseOpen\">Ubuntu Wiki "
2326
"LikewiseOpen</ulink> page."
2327
msgstr ""
2328
2329
#: serverguide/C/web-servers.xml:13(title)
2330
msgid "Web Servers"
2331
msgstr "เว็บเซิร์ฟเวอร์"
2332
2333
#: serverguide/C/web-servers.xml:14(para)
2334
msgid ""
2335
"A Web server is a software responsible for accepting HTTP requests from "
2336
"clients, which are known as Web browsers, and serving them HTTP responses "
2337
"along with optional data contents, which usually are Web pages such as HTML "
2338
"documents and linked objects (images, etc.)."
2339
msgstr ""
2340
"เว็บเซิร์ฟเวอร์เป็นโปรแกรมที่ตอบสนองคำร้องขอแบบ HTTP จากโปรแกรมเว็บเบราเซอร์ "
2341
"และส่งข้อมูลต่างๆที่เว็บเบราเซอร์ได้ร้องขอซึ่งโดยปกติมักจะเป็นหน้าเว็บเพจเช่น"
2342
"เอกสาร HTML และข้อมูลอื่นๆเช่นรูปภาพ"
2343
2344
#: serverguide/C/web-servers.xml:19(title)
2345
msgid "HTTPD - Apache2 Web Server"
2346
msgstr "HTTPD - Apache2 เว็บเซิร์ฟเวอร์"
2347
2348
#: serverguide/C/web-servers.xml:20(para)
2349
msgid ""
2350
"Apache is the most commonly used Web Server on Linux systems. Web Servers "
2351
"are used to serve Web Pages requested by client computers. Clients typically "
2352
"request and view Web Pages using Web Browser applications such as "
2353
"<application>Firefox</application>, <application>Opera</application>, or "
2354
"<application>Mozilla</application>."
2355
msgstr ""
2356
"Apache เป็นโปรแกรมเว็บเซิร์ฟเวอร์ที่ใช้กันอย่างแพร่หลายที่สุดบนระบบลีนุกซ์ "
2357
"โปรแกรมเว็บเซิร์ฟเวอร์นั้นมีไว้เพื่อส่งหน้าเว็บหรือที่เรียกว่าเว็บเพจกลับไปให"
2358
"้เครื่องที่ร้องขอ "
2359
"โดยผู้ใช้มักขอและดูหน้าเว็บผ่านโปรแกรมที่เรียกว่าเว็บเบราเซอร์เช่นโปรแกรม "
2360
"<application>Firefox</application>, <application>Opera</application> หรือ "
2361
"<application>Mozilla</application>"
2362
2363
#: serverguide/C/web-servers.xml:24(para)
2364
msgid ""
2365
"Users enter a Uniform Resource Locator (URL) to point to a Web server by "
2366
"means of its Fully Qualified Domain Name (FQDN) and a path to the required "
2367
"resource. For example, to view the home page of the <ulink "
2368
"url=\"http://www.ubuntu.com\">Ubuntu Web site</ulink> a user will enter only "
2369
"the FQDN. To request specific information about <ulink "
2370
"url=\"http://www.ubuntu.com/support/paid\">paid support</ulink>, a user will "
2371
"enter the FQDN followed by a path."
2372
msgstr ""
2373
"ผู้ใช้ระบุหน้าเว็บที่ต้องการโดยดูใส่ที่อยู่หรือที่เรียกว่า Uniform Resource "
2374
"Locator (URL) ที่ชี้ไปที่หน้าเว็บที่อยู่บนเว็บเซิร์ฟเวอร์ โดย URL "
2375
"นี้จะอยู่ในรูปแบบของชื่อโดเมนแบบเต็ม (Fully Qualified Domain Name หรือ FQDN) "
2376
"และ path สำหรับหน้าเว็บนั้นๆ เช่น ถ้าผู้ใช้ต้องการดูโฮมเพจของ<ulink "
2377
"url=\"http://www.ubuntu.com\">เว็บไซต์อูบุนตู</ulink>เธอต้องใส่แค่ FQDN "
2378
"แต่ถ้าผู้ใช้ต้องการดูหน้าเว็บที่เกี่ยวกับ <ulink "
2379
"url=\"http://www.ubuntu.com/support/paid\">การจ่ายค่าช่วยดูแล</ulink> "
2380
"เธอต้องใส่ FQDN ตามด้วย path สำหรับหน้าการจ่ายค่าช่วยดูแล"
2381
2382
#: serverguide/C/web-servers.xml:29(para)
2383
msgid ""
2384
"The most common protocol used to transfer Web pages is the Hyper Text "
2385
"Transfer Protocol (HTTP). Protocols such as Hyper Text Transfer Protocol "
2386
"over Secure Sockets Layer (HTTPS), and File Transfer Protocol (FTP), a "
2387
"protocol for uploading and downloading files, are also supported."
2388
msgstr ""
2389
"โปรโตคอลหลักที่ใช้ถ่ายโอนหน้าเว็บต่างๆก็คือ Hyper Text Transfer Protocol "
2390
"(HTTP) แต่โปรโตคอลอื่นๆเช่น Hyper Text Transfer Protocol over Secure Sockets "
2391
"Layer (HTTPS) และ File Transfer Protocol (FTP) "
2392
"ซึ่งเป็นโปรโตคอลสำหรับอัพโหลดและดาวน์โหลดไฟล์ก็สนับสนุนเช่นกัน"
2393
2394
#: serverguide/C/web-servers.xml:33(para)
2395
msgid ""
2396
"Apache Web Servers are often used in combination with the "
2397
"<application>MySQL</application> database engine, the HyperText Preprocessor "
2398
"(<application>PHP</application>) scripting language, and other popular "
2399
"scripting languages such as <application>Python</application> and "
2400
"<application>Perl</application>. This configuration is termed LAMP (Linux, "
2401
"Apache, MySQL and Perl/Python/PHP) and forms a powerful and robust platform "
2402
"for the development and deployment of Web-based applications."
2403
msgstr ""
2404
"บ่อยครั้งที่เว็บเซิร์ฟเวอร์ Apache ถูกใช้ร่วมกับฐานข้อมูล "
2405
"<application>MySQL</application>, ภาษา HyperText Preprocessor "
2406
"(<application>PHP</application>) และภาษาสำหรับ scripting อื่นๆเช่น "
2407
"<application>Python</application> และ <application>Perl</application> "
2408
"เป็นต้น ชุดโปรแกรมทั้งหมดนี้รวมกันมีชื่อเรียกว่า LAMP (ซึ่งเป็นคำย่อจาก "
2409
"Linux, Apache, MySQL และ Perl/Python/PHP) "
2410
"และเป็นแพลทฟอร์มสำหรับพัฒนาแอพพลิเคชั่นบนเว็บที่มีประสิทธิภาพอย่างมาก"
2411
2412
#: serverguide/C/web-servers.xml:42(para)
2413
msgid ""
2414
"The <application>Apache2</application> web server is available in Ubuntu "
2415
"Linux. To install Apache2:"
2416
msgstr ""
2417
2418
#: serverguide/C/web-servers.xml:48(para)
2419
msgid "At a terminal prompt enter the following command:"
2420
msgstr "ในพร๊อมต์เทอร์มินัล ให้พิมพ์คำสั่งดังนี้:"
2421
2422
#: serverguide/C/web-servers.xml:53(command)
2423
msgid "sudo apt-get install apache2"
2424
msgstr "sudo apt-get install apache2"
2425
2426
#: serverguide/C/web-servers.xml:63(para)
2427
msgid ""
2428
"Apache2 is configured by placing <emphasis>directives</emphasis> in plain "
2429
"text configuration files. These <emphasis>directives</emphasis> are "
2430
"separated between the following files and directories:"
2431
msgstr ""
2432
2433
#: serverguide/C/web-servers.xml:71(para)
2434
msgid ""
2435
"<emphasis>apache2.conf:</emphasis> the main Apache2 configuration file. "
2436
"Contains settings that are <emphasis>global</emphasis> to Apache2."
2437
msgstr ""
2438
2439
#: serverguide/C/web-servers.xml:77(para)
2440
msgid ""
2441
"<emphasis>conf.d:</emphasis> contains configuration files which apply "
2442
"<emphasis>globally</emphasis> to Apache2. Other packages that use Apache2 to "
2443
"serve content may add files, or symlinks, to this directory."
2444
msgstr ""
2445
2446
#: serverguide/C/web-servers.xml:83(para)
2447
msgid ""
2448
"<emphasis>envvars:</emphasis> file where Apache2 "
2449
"<emphasis>environment</emphasis> variables are set."
2450
msgstr ""
2451
2452
#: serverguide/C/web-servers.xml:88(para)
2453
msgid ""
2454
"<emphasis>httpd.conf:</emphasis> historically the main Apache2 configuration "
2455
"file, named after the <application>httpd</application> daemon. The file can "
2456
"be used for <emphasis>user specific</emphasis> configuration options that "
2457
"globally effect Apache2."
2458
msgstr ""
2459
2460
#: serverguide/C/web-servers.xml:95(para)
2461
msgid ""
2462
"<emphasis>mods-available:</emphasis> this directory contains configuration "
2463
"files to both load <emphasis>modules</emphasis> and configure them. Not all "
2464
"modules will have specific configuration files, however."
2465
msgstr ""
2466
2467
#: serverguide/C/web-servers.xml:101(para)
2468
msgid ""
2469
"<emphasis>mods-enabled:</emphasis> holds <emphasis>symlinks</emphasis> to "
2470
"the files in <filename>/etc/apache2/mods-available</filename>. When a module "
2471
"configuration file is symlinked it will be enabled the next time "
2472
"<application>apache2</application> is restarted."
2473
msgstr ""
2474
2475
#: serverguide/C/web-servers.xml:108(para)
2476
msgid ""
2477
"<emphasis>ports.conf:</emphasis> houses the directives that determine which "
2478
"TCP ports Apache2 is listening on."
2479
msgstr ""
2480
2481
#: serverguide/C/web-servers.xml:113(para)
2482
msgid ""
2483
"<emphasis>sites-available:</emphasis> this directory has configuration files "
2484
"for Apache2 <emphasis>Virtual Hosts</emphasis>. Virtual Hosts allow Apache2 "
2485
"to be configured for multiple sites that have separate configurations."
2486
msgstr ""
2487
2488
#: serverguide/C/web-servers.xml:119(para)
2489
msgid ""
2490
"<emphasis>sites-enabled:</emphasis> like mods-enabled, <filename "
2491
"role=\"directory\">sites-enabled</filename> contains symlinks to the "
2492
"<filename>/etc/apache2/sites-available</filename> directory. Similarly when "
2493
"a configuration file in sites-available is symlinked, the site configured by "
2494
"it will be active once Apache2 is restarted."
2495
msgstr ""
2496
2497
#: serverguide/C/web-servers.xml:127(para)
2498
msgid ""
2499
"In addition, other configuration files may be added using the "
2500
"<emphasis>Include</emphasis> directive, and wildcards can be used to include "
2501
"many configuration files. Any directive may be placed in any of these "
2502
"configuration files. Changes to the main configuration files are only "
2503
"recognized by Apache2 when it is started or restarted."
2504
msgstr ""
2505
2506
#: serverguide/C/web-servers.xml:136(para)
2507
msgid ""
2508
"The server also reads a file containing mime document types; the filename is "
2509
"set by the <emphasis>TypesConfig</emphasis> directive, and is "
2510
"<filename>/etc/mime.types</filename> by default."
2511
msgstr ""
2512
2513
#: serverguide/C/web-servers.xml:141(title)
2514
msgid "Basic Settings"
2515
msgstr "การตั้งค่าพื้นฐาน"
2516
2517
#: serverguide/C/web-servers.xml:142(para)
2518
msgid ""
2519
"This section explains Apache2 server essential configuration parameters. "
2520
"Refer to the <ulink url=\"http://httpd.apache.org/docs/2.2/\">Apache2 "
2521
"Documentation</ulink> for more details."
2522
msgstr ""
2523
"ในส่วนนี้จะอธิบายถึงการตั้งค่าพื้นฐานต่างๆ กรุณาอ่าน <ulink "
2524
"url=\"http://httpd.apache.org/docs/2.2/\">คู่มือการใช้งาน Apache2</ulink> "
2525
"สำหรับรายละเอียดเพิ่มเติม"
2526
2527
#: serverguide/C/web-servers.xml:150(para)
2528
msgid ""
2529
"Apache2 ships with a virtual-host-friendly default configuration. That is, "
2530
"it is configured with a single default virtual host (using the "
2531
"<emphasis>VirtualHost</emphasis> directive) which can modified or used as-is "
2532
"if you have a single site, or used as a template for additional virtual "
2533
"hosts if you have multiple sites. If left alone, the default virtual host "
2534
"will serve as your default site, or the site users will see if the URL they "
2535
"enter does not match the <emphasis>ServerName</emphasis> directive of any of "
2536
"your custom sites. To modify the default virtual host, edit the file "
2537
"<filename>/etc/apache2/sites-available/default</filename>."
2538
msgstr ""
2539
2540
#: serverguide/C/web-servers.xml:163(para)
2541
msgid ""
2542
"The directives set for a virtual host only apply to that particular virtual "
2543
"host. If a directive is set server-wide and not defined within the virtual "
2544
"host settings, the default setting is used. For example, you can define a "
2545
"Webmaster email address and not define individual email addresses for each "
2546
"virtual host."
2547
msgstr ""
2548
"การตั้งค่าของโฮสต์เสมือนอันใดอันหนึ่งจะมีผลเฉพาะกับโฮสต์เสมือนนั้นเท่านั้น "
2549
"และจะไม่กระทบกับโฮสต์เสมือนอื่นๆ "
2550
"แต่ถ้าคุณตั้งค่าใดที่มีผลสำหรับทั้งเซิร์ฟเวอร์และไม่ได้ตั้งค่าอื่นๆสำหรับโฮสต"
2551
"์เสมือน ค่าที่คุณตั้งไว้ในระดับเซิร์ฟเวอร์จะมีผลบังคับใช้แทน "
2552
"เช่นคุณสามารถตั้งค่าอีเมล์ของผู้ดูแลเว็บในระดับเซิร์ฟเวอร์แทนที่จะต้องตั้งค่า"
2553
"นี้ในทุกๆโฮสต์เสมือนได้"
2554
2555
#: serverguide/C/web-servers.xml:171(para)
2556
msgid ""
2557
"If you wish to configure a new virtual host or site, copy that file into the "
2558
"same directory with a name you choose. For example:"
2559
msgstr ""
2560
2561
#: serverguide/C/web-servers.xml:177(command)
2562
msgid ""
2563
"sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-"
2564
"available/mynewsite"
2565
msgstr ""
2566
2567
#: serverguide/C/web-servers.xml:180(para)
2568
msgid ""
2569
"Edit the new file to configure the new site using some of the directives "
2570
"described below."
2571
msgstr ""
2572
2573
#: serverguide/C/web-servers.xml:187(para)
2574
msgid ""
2575
"The <emphasis>ServerAdmin</emphasis> directive specifies the email address "
2576
"to be advertised for the server's administrator. The default value is "
2577
"webmaster@localhost. This should be changed to an email address that is "
2578
"delivered to you (if you are the server's administrator). If your website "
2579
"has a problem, Apache2 will display an error message containing this email "
2580
"address to report the problem to. Find this directive in your site's "
2581
"configuration file in /etc/apache2/sites-available."
2582
msgstr ""
2583
"คำสั่ง <emphasis>ServerAdmin</emphasis> ใช้สำหรับระบุอีเมล์ของผู้ดูแลระบบ "
2584
"ค่าเริ่มต้นของคำสั่งนี้คือ webmaster@localhost "
2585
"ซึ่งเราแนะนำให้คุณเปลี่ยนเป็นอีเมล์ของคุณ (ถ้าคุณเป็นผู้ดูแลระบบ) "
2586
"ถ้าเว็บไซต์ของคุณมีปัญหา Apache2 "
2587
"จะแสดงข้อความเกี่ยวกับข้อผิดพลาดซึ่งมีอีเมล์ที่คุณระบุเพื่อให้ผู้ใช้สามารถส่ง"
2588
"อีเมล์รายงานปัญหาได้ คุณสามารถเปลี่ยนค่าของคำสั่งนี้ในไฟล์ "
2589
"/etc/apache2/sites-available"
2590
2591
#: serverguide/C/web-servers.xml:198(para)
2592
msgid ""
2593
"The <emphasis>Listen</emphasis> directive specifies the port, and optionally "
2594
"the IP address, Apache2 should listen on. If the IP address is not "
2595
"specified, Apache2 will listen on all IP addresses assigned to the machine "
2596
"it runs on. The default value for the Listen directive is 80. Change this to "
2597
"127.0.0.1:80 to cause Apache2 to listen only on your loopback interface so "
2598
"that it will not be available to the Internet, to (for example) 81 to change "
2599
"the port that it listens on, or leave it as is for normal operation. This "
2600
"directive can be found and changed in its own file, "
2601
"<filename>/etc/apache2/ports.conf</filename>"
2602
msgstr ""
2603
"คำสั่ง <emphasis>Listen</emphasis> ใช้เพื่อระบุเลขที่พอร์ต (และ IP address "
2604
"ถ้าต้องการ ) ที่ Apache2 ต้องรอรับคำร้องขอ ถ้าคุณไม่ได้ระบุ IP address "
2605
"เซิร์ฟเวอร์จะรับคำร้องขอผ่านทุก IP address ที่เครื่องเซิร์ฟเวอร์มี "
2606
"ค่าเริ่มต้นสำหรับคำสั่ง Listen นี้คือ 80 คุณสามารถเปลี่ยนค่าเป็น "
2607
"127.0.0.1:80 เพื่อให้ Apache2 "
2608
"รับคำร้องขอเฉพาะจากการ์ดเน็ตเวิร์คภายในของเครื่องเซิร์ฟเวอร์ (loopback "
2609
"interface) ทำให้เครื่องไม่รับคำร้องขอจากอินเตอร์เน็ต หรือเปลี่ยนค่าเป็น 81 "
2610
"เพื่อเปลี่ยนพอร์ตที่เซิร์ฟเวอร์จะรับคำร้องขอ "
2611
"หรือทิ้งค่าเริ่มต้นเอาไว้สำหรับการทำงานแบบปกติ "
2612
"คุณสามารถเปลี่ยนค่าของคำสั่งนี้ได้ในไฟล์ "
2613
"<filename>/etc/apache2/ports.conf</filename>"
2614
2615
#: serverguide/C/web-servers.xml:211(para)
2616
msgid ""
2617
"The <emphasis>ServerName</emphasis> directive is optional and specifies what "
2618
"FQDN your site should answer to. The default virtual host has no ServerName "
2619
"directive specified, so it will respond to all requests that do not match a "
2620
"ServerName directive in another virtual host. If you have just acquired the "
2621
"domain name ubunturocks.com and wish to host it on your Ubuntu server, the "
2622
"value of the ServerName directive in your virtual host configuration file "
2623
"should be ubunturocks.com. Add this directive to the new virtual host file "
2624
"you created earlier (<filename>/etc/apache2/sites-"
2625
"available/mynewsite</filename>)."
2626
msgstr ""
2627
2628
#: serverguide/C/web-servers.xml:223(para)
2629
msgid ""
2630
"You may also want your site to respond to www.ubunturocks.com, since many "
2631
"users will assume the www prefix is appropriate. Use the "
2632
"<emphasis>ServerAlias</emphasis> directive for this. You may also use "
2633
"wildcards in the ServerAlias directive."
2634
msgstr ""
2635
2636
#: serverguide/C/web-servers.xml:230(para)
2637
msgid ""
2638
"For example, the following configuration will cause your site to respond to "
2639
"any domain request ending in <emphasis>.ubunturocks.com</emphasis>."
2640
msgstr ""
2641
2642
#: serverguide/C/web-servers.xml:236(programlisting)
2643
#, no-wrap
2644
msgid ""
2645
"\n"
2646
"ServerAlias *.ubunturocks.com\n"
2647
msgstr ""
2648
2649
#: serverguide/C/web-servers.xml:242(para)
2650
msgid ""
2651
"The <emphasis>DocumentRoot</emphasis> directive specifies where Apache2 "
2652
"should look for the files that make up the site. The default value is "
2653
"/var/www. No site is configured there, but if you uncomment the "
2654
"<emphasis>RedirectMatch</emphasis> directive in "
2655
"<filename>/etc/apache2/apache2.conf</filename> requests will be redirected "
2656
"to /var/www/apache2-default where the default Apache2 site awaits. Change "
2657
"this value in your site's virtual host file, and remember to create that "
2658
"directory if necessary!"
2659
msgstr ""
2660
2661
#: serverguide/C/web-servers.xml:254(para)
2662
msgid ""
2663
"The /etc/apache2/sites-available directory is <emphasis role=\"bold\"> "
2664
"not</emphasis> parsed by Apache2. Symbolic links in /etc/apache2/sites-"
2665
"enabled point to \"available\" sites."
2666
msgstr ""
2667
2668
#: serverguide/C/web-servers.xml:260(para)
2669
msgid ""
2670
"Enable the new <emphasis>VirtualHost</emphasis> using the "
2671
"<application>a2ensite</application> utility and restart Apache2:"
2672
msgstr ""
2673
2674
#: serverguide/C/web-servers.xml:266(command)
2675
msgid "sudo a2ensite mynewsite"
2676
msgstr ""
2677
2678
#: serverguide/C/web-servers.xml:267(command) serverguide/C/web-servers.xml:285(command) serverguide/C/web-servers.xml:538(command) serverguide/C/web-servers.xml:547(command) serverguide/C/web-servers.xml:606(command) serverguide/C/mail.xml:932(command) serverguide/C/lamp-applications.xml:228(command)
2679
msgid "sudo /etc/init.d/apache2 restart"
2680
msgstr "sudo /etc/init.d/apache2 restart"
2681
2682
#: serverguide/C/web-servers.xml:271(para)
2683
msgid ""
2684
"Be sure to replace <emphasis>mynewsite</emphasis> with a more descriptive "
2685
"name for the VirtualHost. One method is to name the file after the "
2686
"<emphasis>ServerName</emphasis> directive of the VirtualHost."
2687
msgstr ""
2688
2689
#: serverguide/C/web-servers.xml:278(para)
2690
msgid ""
2691
"Similarly, use the <application>a2dissite</application> utility to disable "
2692
"sites. This is can be useful when troubleshooting configuration problems "
2693
"with multiple VirtualHosts:"
2694
msgstr ""
2695
2696
#: serverguide/C/web-servers.xml:284(command)
2697
msgid "sudo a2dissite mynewsite"
2698
msgstr ""
2699
2700
#: serverguide/C/web-servers.xml:290(title)
2701
msgid "Default Settings"
2702
msgstr "ค่าเริ่มต้น (ที่มาพร้อมกับการติดตั้ง)"
2703
2704
#: serverguide/C/web-servers.xml:292(para)
2705
msgid ""
2706
"This section explains configuration of the Apache2 server default settings. "
2707
"For example, if you add a virtual host, the settings you configure for the "
2708
"virtual host take precedence for that virtual host. For a directive not "
2709
"defined within the virtual host settings, the default value is used."
2710
msgstr ""
2711
"ในส่วนนี้จะอธิบายเกี่ยวกับค่าเริ่มต้นของเซิร์ฟเวอร์ Apache2 "
2712
"ที่มากับการติดตั้ง ยกตัวอย่างเช่นถ้าคุณเพิ่ม virtual host ใหม่ "
2713
"ค่าที่ตั้งไว้สำหรับ virtual host "
2714
"นั้นจะมีผลเหนือค่าเริ่มต้นที่มากับการติดตั้ง ถ้าไม่มีคำสั่งพิเศษสำหรับ "
2715
"virtual host เซิร์ฟเวอร์จะใช้ค่าเริ่มต้นที่มากับการติดตั้งแทน"
2716
2717
#: serverguide/C/web-servers.xml:304(para)
2718
msgid ""
2719
"The <emphasis>DirectoryIndex</emphasis> is the default page served by the "
2720
"server when a user requests an index of a directory by specifying a forward "
2721
"slash (/) at the end of the directory name."
2722
msgstr ""
2723
"ค่า <emphasis>DirectoryIndex</emphasis> "
2724
"เป็นค่าที่ใช้ระบุหน้าเว็บที่เว็บเซิร์ฟเวอร์จะคืนให้เบราเซอร์กรณีที่ผู้ใช้งานร"
2725
"้องขอหน้าดัชนีของเว็บไซต์โดยใส่เครื่องหมาย forward slash (/) "
2726
"ต่อท้ายชื่อไดเรคทอรี"
2727
2728
#: serverguide/C/web-servers.xml:311(para)
2729
msgid ""
2730
"For example, when a user requests the page "
2731
"http://www.example.com/this_directory/, he or she will get either the "
2732
"DirectoryIndex page if it exists, a server-generated directory list if it "
2733
"does not and the Indexes option is specified, or a Permission Denied page if "
2734
"neither is true. The server will try to find one of the files listed in the "
2735
"DirectoryIndex directive and will return the first one it finds. If it does "
2736
"not find any of these files and if <emphasis>Options Indexes</emphasis> is "
2737
"set for that directory, the server will generate and return a list, in HTML "
2738
"format, of the subdirectories and files in the directory. The default value, "
2739
"found in <filename>/etc/apache2/mods-available/dir.conf</filename> is "
2740
"\"index.html index.cgi index.pl index.php index.xhtml index.htm\". Thus, if "
2741
"Apache2 finds a file in a requested directory matching any of these names, "
2742
"the first will be displayed."
2743
msgstr ""
2744
2745
#: serverguide/C/web-servers.xml:332(para)
2746
msgid ""
2747
"The <emphasis>ErrorDocument</emphasis> directive allows you to specify a "
2748
"file for Apache2 to use for specific error events. For example, if a user "
2749
"requests a resource that does not exist, a 404 error will occur, and per "
2750
"Apache2's default configuration, the file "
2751
"<filename>/usr/share/apache2/error/HTTP_NOT_FOUND.html.var </filename> will "
2752
"be displayed. That file is not in the server's DocumentRoot, but there is an "
2753
"Alias directive in <filename>/etc/apache2/apache2.conf</filename> that "
2754
"redirects requests to the /error directory to "
2755
"<filename>/usr/share/apache2/error/</filename>."
2756
msgstr ""
2757
2758
#: serverguide/C/web-servers.xml:344(para)
2759
msgid ""
2760
"To see a list of the default ErrorDocument directives, use this command:"
2761
msgstr ""
2762
2763
#: serverguide/C/web-servers.xml:350(command)
2764
msgid "grep ErrorDocument /etc/apache2/apache2.conf"
2765
msgstr ""
2766
2767
#: serverguide/C/web-servers.xml:355(para)
2768
msgid ""
2769
"By default, the server writes the transfer log to the file "
2770
"<filename>/var/log/apache2/access.log</filename>. You can change this on a "
2771
"per-site basis in your virtual host configuration files with the "
2772
"<emphasis>CustomLog</emphasis> directive, or omit it to accept the default, "
2773
"specified in <filename> /etc/apache2/apache2.conf</filename>. You may also "
2774
"specify the file to which errors are logged, via the "
2775
"<emphasis>ErrorLog</emphasis> directive, whose default is "
2776
"<filename>/var/log/apache2/error.log</filename>. These are kept separate "
2777
"from the transfer logs to aid in troubleshooting problems with your Apache2 "
2778
"server. You may also specify the <emphasis>LogLevel</emphasis> (the default "
2779
"value is \"warn\") and the <emphasis>LogFormat</emphasis> (see <filename> "
2780
"/etc/apache2/apache2.conf</filename> for the default value)."
2781
msgstr ""
2782
2783
#: serverguide/C/web-servers.xml:370(para)
2784
msgid ""
2785
"Some options are specified on a per-directory basis rather than per-server. "
2786
"<emphasis>Options</emphasis> is one of these directives. A Directory stanza "
2787
"is enclosed in XML-like tags, like so:"
2788
msgstr ""
2789
2790
#: serverguide/C/web-servers.xml:376(programlisting)
2791
#, no-wrap
2792
msgid ""
2793
"\n"
2794
"<Directory /var/www/mynewsite>\n"
2795
"...\n"
2796
"</Directory>\n"
2797
msgstr ""
2798
2799
#: serverguide/C/web-servers.xml:382(para)
2800
msgid ""
2801
"The <emphasis>Options</emphasis> directive within a Directory stanza accepts "
2802
"one or more of the following values (among others), separated by spaces:"
2803
msgstr ""
2804
2805
#: serverguide/C/web-servers.xml:394(para)
2806
msgid ""
2807
"Most files should not be executed as CGI scripts. This would be very "
2808
"dangerous. CGI scripts should kept in a directory separate from and outside "
2809
"your DocumentRoot, and only this directory should have the ExecCGI option "
2810
"set. This is the default, and the default location for CGI scripts is "
2811
"<filename>/usr/lib/cgi-bin</filename>."
2812
msgstr ""
2813
2814
#: serverguide/C/web-servers.xml:389(para)
2815
msgid ""
2816
"<emphasis role=\"bold\">ExecCGI</emphasis> - Allow execution of CGI scripts. "
2817
"CGI scripts are not executed if this option is not chosen. <placeholder-1/>"
2818
msgstr ""
2819
"<emphasis role=\"bold\">ExecCGI</emphasis> - อนุญาติให้ใช้งาน CGI สคริปต์ได้ "
2820
"ถ้าไม่ได้เลือกตัวเลือกนี้จะไม่สามารถใช้ CGI สคริปต์ได้\r\n"
2821
"<placeholder-1/>"
2822
2823
#: serverguide/C/web-servers.xml:405(para)
2824
msgid ""
2825
"<emphasis role=\"bold\">Includes</emphasis> - Allow server-side includes. "
2826
"Server-side includes allow an HTML file to <emphasis> include</emphasis> "
2827
"other files. This is not a common option. See <ulink "
2828
"url=\"http://httpd.apache.org/docs/2.2/howto/ssi.html\">the Apache2 SSI "
2829
"HOWTO</ulink> for more information."
2830
msgstr ""
2831
"<emphasis role=\"bold\">Includes</emphasis> - อนุญาติให้ใช้งาน server-side "
2832
"includes ซึ่งจะทำให้ไฟล์ HTML สามารถใช้หรือนำเข้า (<emphasis> "
2833
"include</emphasis>) ไฟล์อื่นๆได้ "
2834
"ตัวเลือกนี้เป็นตัวเลือกที่ไม่ค่อยถูกใช้บ่อยนัก กรุณาอ่าน <ulink "
2835
"url=\"http://httpd.apache.org/docs/2.2/howto/ssi.html\">Apache2 SSI "
2836
"HOWTO</ulink> ถ้าต้องการรายละเอียดเพิ่มเติม"
2837
2838
#: serverguide/C/web-servers.xml:414(para)
2839
msgid ""
2840
"<emphasis role=\"bold\">IncludesNOEXEC</emphasis> - Allow server-side "
2841
"includes, but disable the <emphasis>#exec</emphasis> and "
2842
"<emphasis>#include</emphasis> commands in CGI scripts."
2843
msgstr ""
2844
2845
#: serverguide/C/web-servers.xml:426(para)
2846
msgid ""
2847
"For security reasons, this should usually not be set, and certainly should "
2848
"not be set on your DocumentRoot directory. Enable this option carefully on a "
2849
"per-directory basis only if you are certain you want users to see the entire "
2850
"contents of the directory."
2851
msgstr ""
2852
"เพื่อความปลอดภัย โดยทั่วไปแล้วคุณไม่ควรใช้งานตัวเลือกนี้ "
2853
"โดยเฉพาะอย่างยิ่งไม่ควรใช้กับไดเร็คทอรี่ DocumentRoot ของคุณ "
2854
"กรุณาใช้ตัวเลือกนี้อย่างระมัดระวังเป็นไดเร็คทอรี่ๆไป "
2855
"กรณีที่คุณต้องการให้ผู้ใช้เห็นเนื้อหาที่อยู่ในไดเร็คทอรี่ของคุณ"
2856
2857
#: serverguide/C/web-servers.xml:421(para)
2858
msgid ""
2859
"<emphasis role=\"bold\">Indexes</emphasis> - Display a formatted list of the "
2860
"directory's contents, if no <emphasis>DirectoryIndex</emphasis> (such as "
2861
"index.html) exists in the requested directory. <placeholder-1/>"
2862
msgstr ""
2863
"<emphasis role=\"bold\">Indexes</emphasis> - แสดงเนื้อหา "
2864
"(รายชื่อของไฟล์และไดเร็คทอรี่ย่อย) ถ้าไม่ได้ระบุคำสั่ง "
2865
"<emphasis>DirectoryIndex</emphasis> (เช่น index.html) สำหรับไดเร็คทอรี่นี้ "
2866
"<placeholder-1/>"
2867
2868
#: serverguide/C/web-servers.xml:436(para)
2869
msgid ""
2870
"<emphasis role=\"bold\">Multiview</emphasis> - Support content-negotiated "
2871
"multiviews; this option is disabled by default for security reasons. See the "
2872
"<ulink "
2873
"url=\"http://httpd.apache.org/docs/2.2/mod/mod_negotiation.html#multiviews\">"
2874
"Apache2 documentation on this option</ulink>."
2875
msgstr ""
2876
2877
#: serverguide/C/web-servers.xml:444(para)
2878
msgid ""
2879
"<emphasis role=\"bold\">SymLinksIfOwnerMatch</emphasis> - Only follow "
2880
"symbolic links if the target file or directory has the same owner as the "
2881
"link."
2882
msgstr ""
2883
"<emphasis role=\"bold\">SymLinksIfOwnerMatch</emphasis> - ให้ไล่ตาม symbolic "
2884
"links ถ้าไฟล์หรือไดเร็คทอรี่ที่ถูกลิงก์หามีเจ้าของเดียวกันกับลิงก์"
2885
2886
#: serverguide/C/web-servers.xml:456(title)
2887
msgid "httpd Settings"
2888
msgstr ""
2889
2890
#: serverguide/C/web-servers.xml:458(para)
2891
msgid ""
2892
"This section explains some basic <application>httpd</application> daemon "
2893
"configuration settings."
2894
msgstr ""
2895
2896
#: serverguide/C/web-servers.xml:462(para)
2897
msgid ""
2898
"<emphasis role=\"bold\">LockFile</emphasis> - The LockFile directive sets "
2899
"the path to the lockfile used when the server is compiled with either "
2900
"USE_FCNTL_SERIALIZED_ACCEPT or USE_FLOCK_SERIALIZED_ACCEPT. It must be "
2901
"stored on the local disk. It should be left to the default value unless the "
2902
"logs directory is located on an NFS share. If this is the case, the default "
2903
"value should be changed to a location on the local disk and to a directory "
2904
"that is readable only by root."
2905
msgstr ""
2906
"<emphasis role=\"bold\">LockFile</emphasis> - คำสั่ง LockFile "
2907
"ระบุไดเร็คทอรี่ที่เก็บไฟล์ล็อกที่ถูกใช้ตอนคอมไพล์เซิร์ฟเวอร์ด้วย "
2908
"USE_FCNTL_SERIALIZED_ACCEPT หรือ USE_FLOCK_SERIALIZED_ACCEPT "
2909
"ค่านี้ไม่ควรถูกเปลี่ยนแปลงนอกเสียจากว่าไดเรคทอรี่ที่ใช้เก็บบันทึก (logs) "
2910
"จะอยู่ในแชร์ของเครือข่าย (NFS) "
2911
"ถ้าเกิดเป็นเช่นนั้นคุณควรเปลี่ยนค่าเริ่มต้นให้ชี้ไปที่ไฟล์ในฮาร์ดดิสก์ของเครื"
2912
"่องซึ่งอยู่ในไดเร็คทอรี่ที่อ่านได้โดย root เท่านั้น"
2913
2914
#: serverguide/C/web-servers.xml:471(para)
2915
msgid ""
2916
"<emphasis role=\"bold\">PidFile</emphasis> - The PidFile directive sets the "
2917
"file in which the server records its process ID (pid). This file should only "
2918
"be readable by root. In most cases, it should be left to the default value."
2919
msgstr ""
2920
"<emphasis role=\"bold\">PidFile</emphasis> - คำสั่ง PidFile "
2921
"ระบุไฟล์ที่เซิร์ฟเวอร์ใช้เพื่อบันทึกเลขที่โปรเซส (process ID หรือ pid) "
2922
"ของตัวเอง ไฟล์นี้ควรถูกอ่านได้โดย root เท่านั้น "
2923
"และโดยทั่วไปแล้วคุณไม่ควรแก้ไขค่าเริ่มต้นที่มาพร้อมกับการติดตั้ง"
2924
2925
#: serverguide/C/web-servers.xml:477(para)
2926
msgid ""
2927
"<emphasis role=\"bold\">User</emphasis> - The User directive sets the userid "
2928
"used by the server to answer requests. This setting determines the server's "
2929
"access. Any files inaccessible to this user will also be inaccessible to "
2930
"your website's visitors. The default value for User is www-data."
2931
msgstr ""
2932
"<emphasis role=\"bold\">User</emphasis> - คำสั่ง User ระบุเลขที่ผู้ใช้ "
2933
"(userid) ที่เซิร์ฟเวอร์จะใช้เพื่อตอบสนองคำร้องขอ "
2934
"โดยค่านี้จะเป็นตัวกำหนดว่าเซิร์ฟเวอร์สามารถเข้าถึงไฟล์หรือไดเร็คทอรี่อะไรได้บ"
2935
"้าง "
2936
"ผู้เยี่ยมชมเว็บไซต์จะไม่สามารถอ่านไฟล์ใดๆก็ตามที่เซิร์ฟเวอร์ไม่สามารถอ่านได้ "
2937
" ค่าเริ่มต้นสำหรับคำสั่งนี้คือ www-data"
2938
2939
#: serverguide/C/web-servers.xml:484(para)
2940
msgid ""
2941
"Unless you know exactly what you are doing, do not set the User directive to "
2942
"root. Using root as the User will create large security holes for your Web "
2943
"server."
2944
msgstr ""
2945
"นอกจากว่าคุณจะรู้ตัวว่ากำลังทำอะไรอยู่ อย่าตั้งค่าคำสั่ง User เป็น root "
2946
"เพราะการใช้ root "
2947
"สำหรับคำสั่งนี้จะทำให้เกิดช่องโหว่ด้านความปลอดภัยกับเว็บเซิร์ฟเวอร์ของคุณเป็น"
2948
"อย่างมาก"
2949
2950
#: serverguide/C/web-servers.xml:490(para)
2951
msgid ""
2952
"The Group directive is similar to the User directive. Group sets the group "
2953
"under which the server will answer requests. The default group is also www-"
2954
"data."
2955
msgstr ""
2956
"คำสั่ง Group นั้นก็คล้ายๆกับคำสั่ง User โดย Group "
2957
"ระบุกลุ่มผู้ใช้ที่ใช้เพื่อตอบคำร้องขอต่างๆ โดยค่าเริ่มต้นก็คือ www-data "
2958
"เช่นกัน"
2959
2960
#: serverguide/C/web-servers.xml:496(title)
2961
msgid "Apache2 Modules"
2962
msgstr ""
2963
2964
#: serverguide/C/web-servers.xml:498(para)
2965
msgid ""
2966
"Apache2 is a modular server. This implies that only the most basic "
2967
"functionality is included in the core server. Extended features are "
2968
"available through modules which can be loaded into Apache2. By default, a "
2969
"base set of modules is included in the server at compile-time. If the server "
2970
"is compiled to use dynamically loaded modules, then modules can be compiled "
2971
"separately, and added at any time using the LoadModule directive. Otherwise, "
2972
"Apache2 must be recompiled to add or remove modules."
2973
msgstr ""
2974
2975
#: serverguide/C/web-servers.xml:510(para)
2976
msgid ""
2977
"Ubuntu compiles Apache2 to allow the dynamic loading of modules. "
2978
"Configuration directives may be conditionally included on the presence of a "
2979
"particular module by enclosing them in an "
2980
"<emphasis><IfModule></emphasis> block."
2981
msgstr ""
2982
2983
#: serverguide/C/web-servers.xml:517(para)
2984
msgid ""
2985
"You can install additional Apache2 modules and use them with your Web "
2986
"server. For example, run the following command from a terminal prompt to "
2987
"install the <emphasis>MySQL Authentication</emphasis> module:"
2988
msgstr ""
2989
2990
#: serverguide/C/web-servers.xml:524(command)
2991
msgid "sudo apt-get install libapache2-mod-auth-mysql"
2992
msgstr "sudo apt-get install libapache2-mod-auth-mysql"
2993
2994
#: serverguide/C/web-servers.xml:527(para)
2995
msgid ""
2996
"See the <filename>/etc/apache2/mods-available</filename> directory, for "
2997
"additional modules."
2998
msgstr ""
2999
3000
#: serverguide/C/web-servers.xml:531(para)
3001
msgid ""
3002
"Use the <application>a2enmod</application> utility to enable a module:"
3003
msgstr ""
3004
3005
#: serverguide/C/web-servers.xml:537(command)
3006
msgid "sudo a2enmod auth_mysql"
3007
msgstr ""
3008
3009
#: serverguide/C/web-servers.xml:541(para)
3010
msgid "Similarly, <application>a2dismod</application> will disable a module:"
3011
msgstr ""
3012
3013
#: serverguide/C/web-servers.xml:546(command)
3014
msgid "sudo a2dismod auth_mysql"
3015
msgstr ""
3016
3017
#: serverguide/C/web-servers.xml:553(title)
3018
msgid "HTTPS Configuration"
3019
msgstr "การตั้งค่า HTTPS"
3020
3021
#: serverguide/C/web-servers.xml:555(para)
3022
msgid ""
3023
"The <application>mod_ssl</application> module adds an important feature to "
3024
"the Apache2 server - the ability to encrypt communications. Thus, when your "
3025
"browser is communicating using SSL, the https:// prefix is used at the "
3026
"beginning of the Uniform Resource Locator (URL) in the browser navigation "
3027
"bar."
3028
msgstr ""
3029
"โมดูล <application>mod_ssl</application> "
3030
"นั้นเพิ่มความสามารถที่สำคัญยิ่งให้กับ Apache2 "
3031
"นั่นก็คือความสามารถในการเข้ารหัสข้อมูลที่ถูกส่งไปมา "
3032
"เพราะฉะนั้นเมื่อเบราเซอร์ของคุณสื่อสารผ่าน SSL ที่อยู่เว็บหรือที่เรียกกันว่า "
3033
"Uniform Resource Locator (URL) จะเริ่มต้นด้วย https://"
3034
3035
#: serverguide/C/web-servers.xml:564(para)
3036
msgid ""
3037
"The <application>mod_ssl</application> module is available in "
3038
"<application>apache2-common</application> package. Execute the following "
3039
"command from a terminal prompt to enable the "
3040
"<application>mod_ssl</application> module:"
3041
msgstr ""
3042
"โมดูล <application>mod_ssl</application> อยู่ในชุดโปรแกรม "
3043
"<application>apache2-common</application> ถ้าคุณต้องการเริ่มใช้งาน "
3044
"<application>mod_ssl</application> ให้พิมพ์คำสั่งดังนี้:"
3045
3046
#: serverguide/C/web-servers.xml:571(command)
3047
msgid "sudo a2enmod ssl"
3048
msgstr "sudo a2enmod ssl"
3049
3050
#: serverguide/C/web-servers.xml:574(para)
3051
msgid ""
3052
"There is a default HTTPS configuration file in <filename>/etc/apache2/sites-"
3053
"available/default-ssl</filename>. In order for "
3054
"<application>Apache2</application> to provide HTTPS, a "
3055
"<emphasis>certificate</emphasis> and <emphasis>key</emphasis> file are also "
3056
"needed. The default HTTPS configuration will use a certificate and key "
3057
"generated by the <application>ssl-cert</application> package. They are good "
3058
"for testing, but the auto-generated certificate and key should be replaced "
3059
"by a certificate specific to the site or server. For information on "
3060
"generating a key and obtaining a certificate see <xref "
3061
"linkend=\"certificates-and-security\"/>"
3062
msgstr ""
3063
3064
#: serverguide/C/web-servers.xml:584(para)
3065
msgid ""
3066
"To configure <application>Apache2</application> for HTTPS, enter the "
3067
"following:"
3068
msgstr ""
3069
3070
#: serverguide/C/web-servers.xml:589(command)
3071
msgid "sudo a2ensite default-ssl"
3072
msgstr "sudo a2ensite default-ssl"
3073
3074
#: serverguide/C/web-servers.xml:593(para)
3075
msgid ""
3076
"The directories <filename>/etc/ssl/certs</filename> and "
3077
"<filename>/etc/ssl/private</filename> are the default locations. If you "
3078
"install the certificate and key in another directory make sure to change "
3079
"<emphasis>SSLCertificateFile</emphasis> and "
3080
"<emphasis>SSLCertificateKeyFile</emphasis> appropriately."
3081
msgstr ""
3082
"โดยปกติแล้วหนังสือรับรอง (certificate) "
3083
"และกุญแจสำหรับเข้าและถอดรหัสจะถูกเก็บอยู่ที่ "
3084
"<filename>/etc/ssl/certs</filename> และ "
3085
"<filename>/etc/ssl/private</filename> ถ้าคุณเก็บไฟล์เหล่านี้ไว้ที่อื่น "
3086
"อย่าลืมเปลี่ยน <emphasis>SSLCertificateFile</emphasis> และ "
3087
"<emphasis>SSLCertificateKeyFile</emphasis> ให้ชี้ไปที่เก็บไฟล์ที่ถูกต้องด้วย"
3088
3089
#: serverguide/C/web-servers.xml:600(para)
3090
msgid ""
3091
"With Apache2 now configured for HTTPS, restart the service to enable the new "
3092
"settings:"
3093
msgstr ""
3094
3095
#: serverguide/C/web-servers.xml:611(para)
3096
msgid ""
3097
"Depending on how you obtained your certificate you may need to enter a "
3098
"passphrase when <application>Apache2</application> starts."
3099
msgstr ""
3100
3101
#: serverguide/C/web-servers.xml:617(para)
3102
msgid ""
3103
"You can access the secure server pages by typing https://your_hostname/url/ "
3104
"in your browser address bar."
3105
msgstr ""
3106
"คุณสามารถใช้งานหน้าเว็บที่ถูกเข้ารหัสได้โดยพิพม์ https://your_hostname/url/ "
3107
"ในแถบที่อยู่ของเบราเซอร์ของคุณ"
3108
3109
#: serverguide/C/web-servers.xml:628(para)
3110
msgid ""
3111
"<ulink url=\"http://httpd.apache.org/docs/2.2/\">Apache2 "
3112
"Documentation</ulink> contains in depth information on Apache2 configuration "
3113
"directives. Also, see the <application>apache2-doc</application> package for "
3114
"the official Apache2 docs."
3115
msgstr ""
3116
3117
#: serverguide/C/web-servers.xml:635(para)
3118
msgid ""
3119
"See the <ulink url=\"http://www.modssl.org/docs/\">Mod SSL "
3120
"Documentation</ulink> site for more SSL related information."
3121
msgstr ""
3122
3123
#: serverguide/C/web-servers.xml:641(para)
3124
msgid ""
3125
"O'Reilly's <ulink url=\"http://oreilly.com/catalog/9780596001919/\">Apache "
3126
"Cookbook</ulink> is a good resource for accomplishing specific Apache2 "
3127
"configurations."
3128
msgstr ""
3129
3130
#: serverguide/C/web-servers.xml:647(para)
3131
msgid ""
3132
"For Ubuntu specific Apache2 questions, ask in the <emphasis>#ubuntu-"
3133
"server</emphasis> IRC channel on <ulink "
3134
"url=\"http://freenode.net/\">freenode.net</ulink>."
3135
msgstr ""
3136
3137
#: serverguide/C/web-servers.xml:653(para)
3138
msgid ""
3139
"Usually integrated with PHP and MySQL the <ulink "
3140
"url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache MySQL PHP "
3141
"Ubuntu Wiki </ulink> page is a good resource."
3142
msgstr ""
3143
3144
#: serverguide/C/web-servers.xml:664(title)
3145
msgid "PHP5 - Scripting Language"
3146
msgstr "ภาษาสคริปต์ PHP5"
3147
3148
#: serverguide/C/web-servers.xml:665(para)
3149
msgid ""
3150
"PHP is a general-purpose scripting language suited for Web development. The "
3151
"PHP script can be embedded into HTML. This section explains how to install "
3152
"and configure PHP5 in Ubuntu System with Apache2 and MySQL."
3153
msgstr ""
3154
"PHP เป็นภาษาสำหรับเขียนสคริปต์ที่เหมาะกับการใช้พัฒนาเว็บไซต์ โดยสคริปต์ PHP "
3155
"นั้นสามารถอยู่ในไฟล์ HTML ได้ ในส่วนนี้จะอธิบายวิธีการติดตั้งและตั้งค่า "
3156
"PHP5 ในอูบุนตูที่มี Apache2 และ MySQL อยู่แล้ว"
3157
3158
#: serverguide/C/web-servers.xml:669(para)
3159
msgid ""
3160
"This section assumes you have installed and configured Apache2 Web Server "
3161
"and MySQL Database Server. You can refer to Apache2 section and MySQL "
3162
"sections in this document to install and configure Apache2 and MySQL "
3163
"respectively."
3164
msgstr ""
3165
3166
#: serverguide/C/web-servers.xml:676(para)
3167
msgid "The PHP5 is available in Ubuntu Linux."
3168
msgstr ""
3169
3170
#: serverguide/C/web-servers.xml:678(para)
3171
msgid ""
3172
"To install PHP5 you can enter the following command in the terminal prompt: "
3173
"<screen>\n"
3174
"<command>sudo apt-get install php5 libapache2-mod-php5</command>\n"
3175
"</screen>"
3176
msgstr ""
3177
"เพื่อติดตั้ง PHP5 ให้พิมพ์คำสั่งดังนี้: <screen>\n"
3178
"<command>sudo apt-get install php5 libapache2-mod-php5</command>\n"
3179
"</screen>"
3180
3181
#: serverguide/C/web-servers.xml:687(para)
3182
msgid ""
3183
"You can run PHP5 scripts from command line. To run PHP5 scripts from command "
3184
"line you should install <application>php5-cli</application> package. To "
3185
"install <application>php5-cli</application> you can enter the following "
3186
"command in the terminal prompt: <screen>\n"
3187
"<command>sudo apt-get install php5-cli</command>\n"
3188
"</screen>"
3189
msgstr ""
3190
"คุณสามารถใช้งานสคริปต์ PHP5 จาก command line แต่ก่อนอื่นคุณต้องลงชุดโปรแกรม "
3191
"<application>php5-cli</application> เสียก่อน โดยพิมพ์คำสั่งดังนี้:<screen>\n"
3192
"<command>sudo apt-get install php5-cli</command>\n"
3193
"</screen>"
3194
3195
#: serverguide/C/web-servers.xml:696(para)
3196
msgid ""
3197
"You can also execute PHP5 scripts without installing PHP5 Apache module. To "
3198
"accomplish this, you should install <application>php5-cgi</application> "
3199
"package. You can run the following command in a terminal prompt to install "
3200
"<application>php5-cgi</application> package: <screen>\n"
3201
"<command>sudo apt-get install php5-cgi</command>\n"
3202
"</screen>"
3203
msgstr ""
3204
"นอกจากนั้นคุณยังสามารถใช้งานสคริปต์ PHP5 ได้โดยไม่ต้องติดตั้งโมดูล PHP5 "
3205
"สำหรับ Apache อีกด้วย สำหรับกรณีนี้คุณจะต้องติดตั้งชุดโปรแกรม "
3206
"<application>php5-cgi</application> แทนโดยพิมพ์คำสั่ง:<screen>\n"
3207
"<command>sudo apt-get install php5-cgi</command>\n"
3208
"</screen>"
3209
3210
#: serverguide/C/web-servers.xml:706(para)
3211
msgid ""
3212
"To use <application>MySQL</application> with PHP5 you should install "
3213
"<application>php5-mysql</application> package. To install <application>php5-"
3214
"mysql</application> you can enter the following command in the terminal "
3215
"prompt: <screen>\n"
3216
"<command>sudo apt-get install php5-mysql</command>\n"
3217
"</screen>"
3218
msgstr ""
3219
"เพื่อที่จะใช้งาน <application>MySQL</application> จาก PHP5 "
3220
"ได้คุณต้องติดตั้งชุดโปรแกรม <application>php5-mysql</application> "
3221
"โดยพิมพ์คำสั่ง:<screen>\n"
3222
"<command>sudo apt-get install php5-mysql</command>\n"
3223
"</screen>"
3224
3225
#: serverguide/C/web-servers.xml:714(para)
3226
msgid ""
3227
"Similarly, to use <application>PostgreSQL</application> with PHP5 you should "
3228
"install <application>php5-pgsql</application> package. To install "
3229
"<application>php5-pgsql</application> you can enter the following command in "
3230
"the terminal prompt: <screen>\n"
3231
"<command>sudo apt-get install php5-pgsql</command>\n"
3232
"</screen>"
3233
msgstr ""
3234
"ในทำนองเดียวกัน ถ้าคุณต้องการใช้ <application>PostgreSQL</application> กับ "
3235
"PHP5 คุณจะต้องติดตั้งชุดโปรแกรม <application>php5-pgsql</application> "
3236
"โดยพิมพ์คำสั่ง:<screen>\n"
3237
"<command>sudo apt-get install php5-pgsql</command>\n"
3238
"</screen>"
3239
3240
#: serverguide/C/web-servers.xml:727(para)
3241
msgid ""
3242
"Once you install PHP5, you can run PHP5 scripts from your web browser. If "
3243
"you have installed <application>php5-cli</application> package, you can run "
3244
"PHP5 scripts from your command prompt."
3245
msgstr ""
3246
"หลังจากคุณได้ติดตั้ง PHP5 คุณสามารถใช้งานสคริปติ์ PHP5 จากเบราเซอร์ของคุณ "
3247
"แต่ถ้าคุณติดตั้งชุดโปรแกรม <application>php5-cli</application> "
3248
"คุณจะสามารถใช้งานสคริปต์ PHP5 จากพร๊อมต์คำสั่ง (command prompt) ได้อีกด้วย"
3249
3250
#: serverguide/C/web-servers.xml:734(para)
3251
msgid ""
3252
"By default, the Apache 2 Web server is configured to run PHP5 scripts. In "
3253
"other words, the PHP5 module is enabled in Apache2 Web server automatically "
3254
"when you install the module. Please verify if the files "
3255
"<filename>/etc/apache2/mods-enabled/php5.conf</filename> and "
3256
"<filename>/etc/apache2/mods-enabled/php5.load</filename> exist. If they do "
3257
"not exists, you can enable the module using <command>a2enmod</command> "
3258
"command."
3259
msgstr ""
3260
"โดยปกติแล้ว Apache2 จะถูกตั้งค่าให้ใช้งานสคริปต์ PHP5 ได้อยู่แล้ว "
3261
"หรือจะพูดอีกแบบก็คือ Apache2 นั้นจะใช้งานโมดูล PHP5 "
3262
"โดยอัตโนมัติเวลาคุณติดตั้งโมดูล ลองตรวจสอบดูว่ามีไฟล์ "
3263
"<filename>/etc/apache2/mods-enabled/php5.conf</filename> และ "
3264
"<filename>/etc/apache2/mods-enabled/php5.load</filename> อยู่ "
3265
"ถ้าไม่มีคุณสามารถเริ่มใช้โมดูล PHP5 ได้โดยใช้คำสั่ง "
3266
"<command>a2enmod</command>"
3267
3268
#: serverguide/C/web-servers.xml:745(para)
3269
msgid ""
3270
"Once you install PHP5 related packages and enabled PHP5 Apache 2 module, you "
3271
"should restart Apache2 Web server to run PHP5 scripts. You can run the "
3272
"following command at a terminal prompt to restart your web server: "
3273
"<screen><command>sudo /etc/init.d/apache2 restart</command> </screen>"
3274
msgstr ""
3275
"หลังจากที่คุณติดตั้งชุดโปรแกรมที่เกี่ยวข้องกับ PHP5 และได้เริ่มใช้งานโมดูล "
3276
"PHP2 ใน Apache2 แล้ว คุณจะต้องเริ่มโปรแกรม Apache2 "
3277
"ใหม่เพื่อทำให้ใช้งานสคริปต์ PHP5 ได้ คุณสามารถเริ่มโปรแกรม Apache2 "
3278
"ใหม่ได้โดยใช้คำสั่งนี้: <screen><command>sudo /etc/init.d/apache2 "
3279
"restart</command> </screen>"
3280
3281
#: serverguide/C/web-servers.xml:753(title) serverguide/C/mail.xml:320(title) serverguide/C/mail.xml:1569(title) serverguide/C/dns.xml:343(title) serverguide/C/clustering.xml:184(title)
3282
msgid "Testing"
3283
msgstr "ทดสอบ"
3284
3285
#: serverguide/C/web-servers.xml:754(para)
3286
msgid ""
3287
"To verify your installation, you can run following PHP5 phpinfo script:"
3288
msgstr ""
3289
"เพื่อทดสอบว่าการติดตั้งเรียบร้อยดี คุณสามารถลองใช้สคริปต์ phpinfo ดู:"
3290
3291
#: serverguide/C/web-servers.xml:757(programlisting)
3292
#, no-wrap
3293
msgid ""
3294
"\n"
3295
"<?php\n"
3296
" phpinfo();\n"
3297
"?>\n"
3298
msgstr ""
3299
3300
#: serverguide/C/web-servers.xml:762(para)
3301
msgid ""
3302
"You can save the content in a file <filename>phpinfo.php</filename> and "
3303
"place it under <command>DocumentRoot</command> directory of Apache2 Web "
3304
"server. When point your browser to "
3305
"<filename>http://hostname/phpinfo.php</filename>, it would display values of "
3306
"various PHP5 configuration parameters."
3307
msgstr ""
3308
"คุณสามารถบันทึกเนื้อหาในไฟล์ <filename>phpinfo.php</filename> "
3309
"และวางไฟล์ไว้ในไดเร็คทอรี่ <command>DocumentRoot</command> ของ Apache2 "
3310
"เมื่อคุณชี้เบราเซอร์ของคุณไปที่ "
3311
"<filename>http://hostname/phpinfo.php</filename> "
3312
"เบราเซอร์ของคุณจะแสดงการตั้งค่าต่างๆของ PHP5"
3313
3314
#: serverguide/C/web-servers.xml:776(para)
3315
msgid ""
3316
"For more in depth information see <ulink "
3317
"url=\"http://www.php.net/docs.php\">php.net</ulink> documentation."
3318
msgstr ""
3319
3320
#: serverguide/C/web-servers.xml:781(para)
3321
msgid ""
3322
"There are a plethora of books on PHP. Two good books from O'Reilly are "
3323
"<ulink url=\"http://oreilly.com/catalog/9780596005603/\">Learning PHP "
3324
"5</ulink> and the <ulink "
3325
"url=\"http://oreilly.com/catalog/9781565926813/\">PHP Cook Book</ulink>."
3326
msgstr ""
3327
3328
#: serverguide/C/web-servers.xml:788(para)
3329
msgid ""
3330
"Also, see the <ulink "
3331
"url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache MySQL PHP "
3332
"Ubuntu Wiki</ulink> page for more information."
3333
msgstr ""
3334
3335
#: serverguide/C/web-servers.xml:799(title)
3336
msgid "Squid - Proxy Server"
3337
msgstr "Squid - พร๊อกซี่เซิร์ฟเวอร์"
3338
3339
#: serverguide/C/web-servers.xml:800(para)
3340
msgid ""
3341
"Squid is a full-featured web proxy cache server application which provides "
3342
"proxy and cache services for Hyper Text Transport Protocol (HTTP), File "
3343
"Transfer Protocol (FTP), and other popular network protocols. Squid can "
3344
"implement caching and proxying of Secure Sockets Layer (SSL) requests and "
3345
"caching of Domain Name Server (DNS) lookups, and perform transparent "
3346
"caching. Squid also supports a wide variety of caching protocols, such as "
3347
"Internet Cache Protocol, (ICP) the Hyper Text Caching Protocol, (HTCP) the "
3348
"Cache Array Routing Protocol (CARP), and the Web Cache Coordination "
3349
"Protocol. (WCCP)"
3350
msgstr ""
3351
"Squid "
3352
"เป็นโปรแกรมพร๊อกซี่เซิร์ฟเวอร์เต็มรูปแบบที่ให้บริการพร๊อกซี่และแคชข้อมูลสำหรั"
3353
"บ Hyper Text Transport Protocol (HTTP), File Transfer Protocol (FTP), "
3354
"และโปรโตคอลเครือข่ายอื่นๆ นอกจากนั้น Squid ยังให้บริการแคชและพร๊อกซี่สำหรับ "
3355
"Secure Sockets Layer (SSL) และแคชสำหรับคำร้องขอ Domain Name Server (DNS) "
3356
"อีกด้วย โปรโตคอลแคชที่สนับสนุนโดย Squid ก็มีเช่น Internet Cache Protocol "
3357
"(ICP), Hyper Text Caching Protocol (HTCP), Cache Array Routing Protocol "
3358
"(CARP), และ Web Cache Coordination Protocol. (WCCP)"
3359
3360
#: serverguide/C/web-servers.xml:808(para)
3361
msgid ""
3362
"The Squid proxy cache server is an excellent solution to a variety of proxy "
3363
"and caching server needs, and scales from the branch office to enterprise "
3364
"level networks while providing extensive, granular access control mechanisms "
3365
"and monitoring of critical parameters via the Simple Network Management "
3366
"Protocol (SNMP). When selecting a computer system for use as a dedicated "
3367
"Squid proxy, or caching servers, ensure your system is configured with a "
3368
"large amount of physical memory, as Squid maintains an in-memory cache for "
3369
"increased performance."
3370
msgstr ""
3371
"เซิร์ฟเวอร์ Squid เป็นทางออกที่ดีเยี่ยมถ้าคุณต้องการใช้บริการพร๊อกซี่และแคช "
3372
"เพราะ Squid สามารถทำงานได้ในออฟฟิศสาขาเล็กๆไปจนถึงเครือข่ายในองค์กรระดับใหญ่ "
3373
" ให้คุณตั้งค่ารักษาความปลอดภัยได้อย่างละเอียด "
3374
"และมีเครื่องมือสำหรับเฝ้าสังเกตุปัจจัยสำคัญต่างๆในเครือข่ายผ่าน Simple "
3375
"Network Management Protocol (SNMP) "
3376
"เมื่อคุณเลือกเครื่องคอมพิวเตอร์เพื่อทำหน้าที่เป็นพร๊อกซี่เซิร์ฟเวอร์ที่ใช้งาน"
3377
" Squid เราแนะนำให้คุณเลือกเครื่องคอมพิวเตอร์ที่มีหน่วยความจำมากๆ "
3378
"เนื่องจากว่า Squid ใช้หน่วยความจำเป็นตัวเก็บข้อมูลแคชเพื่อประสิทธิภาพ"
3379
3380
#: serverguide/C/web-servers.xml:817(para)
3381
msgid ""
3382
"At a terminal prompt, enter the following command to install the Squid "
3383
"server:"
3384
msgstr "ในพร๊อมต์เทอร์มินัล พิมพ์คำสั่งดังนี้เพื่อติดตั้ง Squid:"
3385
3386
#: serverguide/C/web-servers.xml:822(command)
3387
msgid "sudo apt-get install squid"
3388
msgstr "sudo apt-get install squid"
3389
3390
#: serverguide/C/web-servers.xml:828(para)
3391
msgid ""
3392
"Squid is configured by editing the directives contained within the "
3393
"<filename>/etc/squid/squid.conf</filename> configuration file. The following "
3394
"examples illustrate some of the directives which may be modified to affect "
3395
"the behavior of the Squid server. For more in-depth configuration of Squid, "
3396
"see the References section."
3397
msgstr ""
3398
"คุณสามารถตั้งค่า Squid ได้โดยแก้ไขคำสั่งในไฟล์ "
3399
"<filename>/etc/squid/squid.conf</filename> "
3400
"ตัวอย่างต่อไปนี้จะแสดงคำสั่งบางอันที่คุณสามารถแก้ไขได้เพื่อเปลี่ยนพฤติกรรมของ"
3401
" Squid แต่ถ้าคุณต้องการข้อมูลการตั้งค่าแบบละเอียด กรุณาดูส่วนอ้างอิง"
3402
3403
#: serverguide/C/web-servers.xml:834(para)
3404
msgid ""
3405
"Prior to editing the configuration file, you should make a copy of the "
3406
"original file and protect it from writing so you will have the original "
3407
"settings as a reference, and to re-use as necessary."
3408
msgstr ""
3409
"ก่อนที่คุณจะแก้ไขไฟล์การตั้งค่า คุณควรจะทำสำเนาของไฟล์ไว้ก่อน "
3410
"และป้องกันไฟล์จากการถูกแก้ไขเพื่อที่คุณจะได้มีค่าเริ่มต้นไว้สำหรับอ้างอิงและน"
3411
"ำกลับมาใช้งานเมื่อจำเป็น"
3412
3413
#: serverguide/C/web-servers.xml:837(para)
3414
msgid ""
3415
"Copy the <filename>/etc/squid/squid.conf</filename> file and protect it from "
3416
"writing with the following commands entered at a terminal prompt:"
3417
msgstr ""
3418
"คัดลอกไฟล์ <filename>/etc/squid/squid.conf</filename> "
3419
"และป้องกันไม่ให้ถูกแก้ไขได้โดยพิมพ์คำสั่งดังนี้:"
3420
3421
#: serverguide/C/web-servers.xml:842(command)
3422
msgid "sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.original"
3423
msgstr "sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.original"
3424
3425
#: serverguide/C/web-servers.xml:843(command)
3426
msgid "sudo chmod a-w /etc/squid/squid.conf.original"
3427
msgstr "sudo chmod a-w /etc/squid/squid.conf.original"
3428
3429
#: serverguide/C/web-servers.xml:849(para)
3430
msgid ""
3431
"To set your Squid server to listen on TCP port 8888 instead of the default "
3432
"TCP port 3128, change the http_port directive as such:"
3433
msgstr ""
3434
"เพื่อให้เซิร์ฟเวอร์ Squid ของคุณฟังคำร้องขอที่พอร์ต TCP เลขที่ 8888 "
3435
"แทนที่จะใช้เลขที่ 3128 ที่เป็นค่าเริ่มต้น ให้เปลี่ยนคำสั่ง http_port ดังนี้:"
3436
3437
#: serverguide/C/web-servers.xml:853(programlisting)
3438
#, no-wrap
3439
msgid ""
3440
"\n"
3441
"http_port 8888\n"
3442
msgstr ""
3443
"\n"
3444
"http_port 8888\n"
3445
3446
#: serverguide/C/web-servers.xml:858(para)
3447
msgid ""
3448
"Change the visible_hostname directive in order to give the Squid server a "
3449
"specific hostname. This hostname does not necessarily need to be the "
3450
"computer's hostname. In this example it is set to <emphasis>weezie</emphasis>"
3451
msgstr ""
3452
"เปลี่ยนค่าของคำสั่ง visible_hostname เพื่อให้ชื่อกับเครื่องเซิร์ฟเวอร์ Squid "
3453
"ของคุณ ชื่อนี้ไม่จำเป็นจะต้องเป็นชื่อเดียวกับชื่อคอมพิวเตอร์ "
3454
"ในตัวอย่างนี้เราจะตั้งชื่อเครื่องเป็น <emphasis>weezie</emphasis>"
3455
3456
#: serverguide/C/web-servers.xml:862(programlisting)
3457
#, no-wrap
3458
msgid ""
3459
"\n"
3460
"visible_hostname weezie\n"
3461
msgstr ""
3462
"\n"
3463
"visible_hostname weezie\n"
3464
3465
#: serverguide/C/web-servers.xml:867(para)
3466
msgid ""
3467
"Using Squid's access control, you may configure use of Internet services "
3468
"proxied by Squid to be available only users with certain Internet Protocol "
3469
"(IP) addresses. For example, we will illustrate access by users of the "
3470
"192.168.42.0/24 subnetwork only:"
3471
msgstr ""
3472
3473
#: serverguide/C/web-servers.xml:872(para) serverguide/C/web-servers.xml:892(para)
3474
msgid ""
3475
"Add the following to the <emphasis role=\"bold\">bottom</emphasis> of the "
3476
"ACL section of your <filename>/etc/squid/squid.conf</filename> file:"
3477
msgstr ""
3478
"เพิ่มบรรทัดนี้<emphasis role=\"bold\">ต่อท้าย</emphasis> หมวด ACL ของไฟล์ "
3479
"<filename>/etc/squid/squid.conf</filename>:"
3480
3481
#: serverguide/C/web-servers.xml:875(programlisting)
3482
#, no-wrap
3483
msgid ""
3484
"\n"
3485
"acl fortytwo_network src 192.168.42.0/24\n"
3486
msgstr ""
3487
"\n"
3488
"acl fortytwo_network src 192.168.42.0/24\n"
3489
3490
#: serverguide/C/web-servers.xml:878(para) serverguide/C/web-servers.xml:899(para)
3491
msgid ""
3492
"Then, add the following to the <emphasis role=\"bold\">top</emphasis> of the "
3493
"http_access section of your <filename>/etc/squid/squid.conf</filename> file:"
3494
msgstr ""
3495
"จากนั้นให้เพิ่มบรรทัดนี้เป็น<emphasis role=\"bold\">บรรทัดแรก</emphasis> "
3496
"ของหมวด http_access ในไฟล์ <filename>/etc/squid/squid.conf</filename>:"
3497
3498
#: serverguide/C/web-servers.xml:882(programlisting)
3499
#, no-wrap
3500
msgid ""
3501
"\n"
3502
"http_access allow fortytwo_network\n"
3503
msgstr ""
3504
"\n"
3505
"http_access allow fortytwo_network\n"
3506
3507
#: serverguide/C/web-servers.xml:887(para)
3508
msgid ""
3509
"Using the excellent access control features of Squid, you may configure use "
3510
"of Internet services proxied by Squid to be available only during normal "
3511
"business hours. For example, we'll illustrate access by employees of a "
3512
"business which is operating between 9:00AM and 5:00PM, Monday through "
3513
"Friday, and which uses the 10.1.42.0/42 subnetwork:"
3514
msgstr ""
3515
"เมื่อคุณใช้ความสามารถในการกำหนดสิทธิ์สุดเจ๋งของ Squid "
3516
"คุณสามารถที่จะระบุได้ว่าพร๊อกซี่ Squid จะให้บริการอินเตอร์เน็ตในเวลาไหนบ้าง "
3517
"เช่นจะให้บริการเฉพาะช่วงเวลาทำงานเท่านั้น "
3518
"เพื่อเป็นตัวอยางเราจะแสดงให้ให้วิธีการตั้งค่าให้พนักงานใช้งาน Squid "
3519
"ได้ระหว่างเวลา 9 โมงเช้าถึง 5 โมงเย็น วันจันทร์ถึงศุกร์ และใช้เครือข่ายย่อย "
3520
"10.1.42.0/42:"
3521
3522
#: serverguide/C/web-servers.xml:895(programlisting)
3523
#, no-wrap
3524
msgid ""
3525
"\n"
3526
"acl biz_network src 10.1.42.0/24\n"
3527
"acl biz_hours time M T W T F 9:00-17:00\n"
3528
msgstr ""
3529
"\n"
3530
"acl biz_network src 10.1.42.0/24\n"
3531
"acl biz_hours time M T W T F 9:00-17:00\n"
3532
3533
#: serverguide/C/web-servers.xml:903(programlisting)
3534
#, no-wrap
3535
msgid ""
3536
"\n"
3537
"http_access allow biz_network biz_hours\n"
3538
msgstr ""
3539
"\n"
3540
"http_access allow biz_network biz_hours\n"
3541
3542
#: serverguide/C/web-servers.xml:910(para)
3543
msgid ""
3544
"After making changes to the <filename>/etc/squid/squid.conf</filename> file, "
3545
"save the file and restart the <application>squid</application> server "
3546
"application to effect the changes using the following command entered at a "
3547
"terminal prompt:"
3548
msgstr ""
3549
"หลังจากคุณแก้ไขไฟล์ <filename>/etc/squid/squid.conf</filename> แล้ว "
3550
"ให้บันทึกไฟล์และเริ่มโปรแกรม <application>squid</application> "
3551
"ใหม่เพื่อให้การตั้งค่าใหม่มีผลบังคับใช้โดยพิมพ์คำสั่ง:"
3552
3553
#: serverguide/C/web-servers.xml:917(command)
3554
msgid "sudo /etc/init.d/squid restart"
3555
msgstr "sudo /etc/init.d/squid restart"
3556
3557
#: serverguide/C/web-servers.xml:924(ulink)
3558
msgid "Squid Website"
3559
msgstr "เว็บไซต์ Squid"
3560
3561
#: serverguide/C/web-servers.xml:926(para)
3562
msgid ""
3563
"<ulink url=\"https://help.ubuntu.com/community/Squid\">Ubuntu Wiki "
3564
"Squid</ulink> page."
3565
msgstr ""
3566
3567
#: serverguide/C/web-servers.xml:933(title)
3568
msgid "Ruby on Rails"
3569
msgstr "Ruby on Rails"
3570
3571
#: serverguide/C/web-servers.xml:934(para)
3572
msgid ""
3573
"Ruby on Rails is an open source web framework for developing database backed "
3574
"web applications. It is optimized for sustainable productivity of the "
3575
"programmer since it lets the programmer to write code by favouring "
3576
"convention over configuration."
3577
msgstr ""
3578
"Ruby on Rails เป็นเฟรมเวิร์คโอเพนซอร์สสำหรับพัฒนาเว็บแอพพลิเคชั่น "
3579
"ซึ่งได้ถูกออกแบบมาเพื่อให้นักพัฒนาโปรแกรมเขียนโค๊ดได้อย่างมีประสิทธิภาพยิ่งขึ"
3580
"้นเนื่องจากว่า Ruby on Rails ไม่เน้นการตั้งค่ามากมาย "
3581
"แต่จะใช้รูปแบบการเขียนที่เป็นมาตรฐานของเฟรมเวิร์คเพื่อเขียนแอพพลิเคชั่นแทน"
3582
3583
#: serverguide/C/web-servers.xml:941(para)
3584
msgid ""
3585
"Before installing <application>Rails</application> you should install "
3586
"<application>Apache</application> and <application>MySQL</application>. To "
3587
"install the <application>Apache</application> package, please refer to <xref "
3588
"linkend=\"httpd\"/>. For instructions on installing "
3589
"<application>MySQL</application> refer to <xref linkend=\"mysql\"/>."
3590
msgstr ""
3591
"ก่อนที่จะติดตั้ง <application>Rails</application> คุณควรติดตั้งโปรแกรม "
3592
"<application>Apache</application> และ <application>MySQL</application> "
3593
"เสียก่อน สำหรับวิธีการติดตั้ง <application>Apache</application> "
3594
"กรุณาอ่านที่ <xref linkend=\"httpd\"/> และสำหรับวิธีการติดตั้ง "
3595
"<application>MySQL</application> กรุณาอ่านที่ <xref linkend=\"mysql\"/>"
3596
3597
#: serverguide/C/web-servers.xml:949(para)
3598
msgid ""
3599
"Once you have <application>Apache</application> and "
3600
"<application>MySQL</application> packages installed, you are ready to "
3601
"install <application>Ruby on Rails</application> package."
3602
msgstr ""
3603
"หลังจากที่คุณได้ติดตั้งโปรแกรม <application>Apache</application> และ "
3604
"<application>MySQL</application> แล้ว คุณก็พร้อมที่จะติดตั้ง "
3605
"<application>Ruby on Rails</application>"
3606
3607
#: serverguide/C/web-servers.xml:956(para)
3608
msgid ""
3609
"To install the <application>Ruby</application> base packages and "
3610
"<application>Ruby on Rails</application>, you can enter the following "
3611
"command in the terminal prompt:"
3612
msgstr ""
3613
"คุณสามารถพิมพ์คำสั่งดังนี้เพื่อติดตั้งแพคเกจ <application>Ruby</application> "
3614
"และ <application>Ruby on Rails</application>"
3615
3616
#: serverguide/C/web-servers.xml:962(command)
3617
msgid "sudo apt-get install rails"
3618
msgstr "sudo apt-get install rails"
3619
3620
#: serverguide/C/web-servers.xml:968(para)
3621
msgid ""
3622
"Modify the <filename>/etc/apache2/sites-available/default</filename> "
3623
"configuration file to setup your domains."
3624
msgstr ""
3625
"แก้ไขไฟล์ <filename>/etc/apache2/sites-available/default</filename> "
3626
"เพื่อตั้งค่าโดเมนของคุณ"
3627
3628
#: serverguide/C/web-servers.xml:972(para)
3629
msgid ""
3630
"The first thing to change is the <emphasis>DocumentRoot</emphasis> directive:"
3631
msgstr ""
3632
"สิ่งแรกที่ต้องทำคือเปลี่ยนค่าของคำสั่ง <emphasis>DocumentRoot</emphasis>:"
3633
3634
#: serverguide/C/web-servers.xml:976(programlisting)
3635
#, no-wrap
3636
msgid ""
3637
"\n"
3638
"DocumentRoot /path/to/rails/application/public\n"
3639
msgstr ""
3640
"\n"
3641
"DocumentRoot /path/to/rails/application/public\n"
3642
3643
#: serverguide/C/web-servers.xml:979(para)
3644
msgid ""
3645
"Next, change the <Directory \"/path/to/rails/application/public\"> "
3646
"directive:"
3647
msgstr ""
3648
"จากนั้นให้แก้ไขค่าของคำสั่ง <Directory "
3649
"\"/path/to/rails/application/public\">"
3650
3651
#: serverguide/C/web-servers.xml:983(programlisting)
3652
#, no-wrap
3653
msgid ""
3654
"\n"
3655
"<Directory \"/path/to/rails/application/public\">\n"
3656
" Options Indexes FollowSymLinks MultiViews ExecCGI\n"
3657
" AllowOverride All\n"
3658
" Order allow,deny\n"
3659
" allow from all\n"
3660
" AddHandler cgi-script .cgi\n"
3661
"</Directory>\n"
3662
msgstr ""
3663
"\n"
3664
"<Directory \"/path/to/rails/application/public\">\n"
3665
" Options Indexes FollowSymLinks MultiViews ExecCGI\n"
3666
" AllowOverride All\n"
3667
" Order allow,deny\n"
3668
" allow from all\n"
3669
" AddHandler cgi-script .cgi\n"
3670
"</Directory>\n"
3671
3672
#: serverguide/C/web-servers.xml:993(para)
3673
msgid ""
3674
"You should also enable the <application>mod_rewrite</application> module for "
3675
"Apache. To enable <application>mod_rewrite</application> module, please "
3676
"enter the following command in a terminal prompt:"
3677
msgstr ""
3678
"คุณควรจะเปิดใช้งานโมดูล <application>mod_rewrite</application> ใน Apache "
3679
"ด้วย โดยพิมพ์คำสั่งดังนี้:"
3680
3681
#: serverguide/C/web-servers.xml:999(command)
3682
msgid "sudo a2enmod rewrite"
3683
msgstr "sudo a2enmod rewrite"
3684
3685
#: serverguide/C/web-servers.xml:1002(para)
3686
msgid ""
3687
"Finally you will need to change the ownership of the "
3688
"<filename>/path/to/rails/application/public</filename> and "
3689
"<filename>/path/to/rails/application/tmp</filename> directories to the user "
3690
"used to run the <application>Apache</application> process:"
3691
msgstr ""
3692
"ท้ายที่สุดคุณจะต้องแก้ไขเจ้าของๆไดเร็คทอรี่ "
3693
"<filename>/path/to/rails/application/public</filename> และ "
3694
"<filename>/path/to/rails/application/tmp</filename> "
3695
"เป็นผู้ใช้ที่ถูกใช้เพื่อรันโปรเซส <application>Apache</application>"
3696
3697
#: serverguide/C/web-servers.xml:1008(command)
3698
msgid "sudo chown -R www-data:www-data /path/to/rails/application/public"
3699
msgstr "sudo chown -R www-data:www-data /path/to/rails/application/public"
3700
3701
#: serverguide/C/web-servers.xml:1009(command)
3702
msgid "sudo chown -R www-data:www-data /path/to/rails/application/tmp"
3703
msgstr "sudo chown -R www-data:www-data /path/to/rails/application/tmp"
3704
3705
#: serverguide/C/web-servers.xml:1012(para)
3706
msgid ""
3707
"That's it! Now you have your Server ready for your <application>Ruby on "
3708
"Rails</application> applications."
3709
msgstr ""
3710
"แค่นี้ก็เสร็จแล้ว! ตอนนี้คุณก็ตั้งค่าเซิร์ฟเวอร์ให้พร้อมใช้งานสำหรับ "
3711
"<application>Ruby on Rails</application> แล้ว"
3712
3713
#: serverguide/C/web-servers.xml:1021(para)
3714
msgid ""
3715
"See the <ulink url=\"http://rubyonrails.org/\">Ruby on Rails</ulink> website "
3716
"for more information."
3717
msgstr ""
3718
3719
#: serverguide/C/web-servers.xml:1026(para)
3720
msgid ""
3721
"Also <ulink url=\"http://pragprog.com/titles/rails3/agile-web-development-"
3722
"with-rails-third-edition\">Agile Development with Rails</ulink> is a great "
3723
"resource."
3724
msgstr ""
3725
3726
#: serverguide/C/web-servers.xml:1032(para)
3727
msgid ""
3728
"Another place for more information is the <ulink "
3729
"url=\"https://help.ubuntu.com/community/RubyOnRails\">Ruby on Rails Ubuntu "
3730
"Wiki</ulink> page."
3731
msgstr ""
3732
3733
#: serverguide/C/web-servers.xml:1043(title)
3734
msgid "Apache Tomcat"
3735
msgstr "Apache Tomcat"
3736
3737
#: serverguide/C/web-servers.xml:1044(para)
3738
msgid ""
3739
"Apache Tomcat is a web container that allows you to serve Java Servlets and "
3740
"JSP (Java Server Pages) web applications."
3741
msgstr ""
3742
"Apache Tomcat "
3743
"เป็นโปรแกรมที่จะทำให้คุณให้บริการเว็บแอพพลิเคชั่นที่สนับสนุนเทคโนโลยีจาวาเซิร"
3744
"์ฟเล็ต (Java Servlet) และ JSP (Java Server Pages) ได้"
3745
3746
#: serverguide/C/web-servers.xml:1046(para)
3747
msgid ""
3748
"The <application>Tomcat 6.0</application> packages in Ubuntu support two "
3749
"different ways of running Tomcat. You can install them as a classic unique "
3750
"system-wide instance, that will be started at boot time and will run as the "
3751
"tomcat6 unpriviledged user. But you can also deploy private instances that "
3752
"will run with your own user rights, and that you should start and stop by "
3753
"yourself. This second way is particularly useful in a development server "
3754
"context where multiple users need to test on their own private Tomcat "
3755
"instances."
3756
msgstr ""
3757
"แพคเกจ <application>Tomcat 6.0</application> "
3758
"ในอูบุนตูสนับสนุนวิธีการใช้งานได้สองแบบด้วยกัน "
3759
"คุณสามารถติดตั้งเป็นแบบคลาสสิกนั่นก็คือติดตั้งแบบ instance "
3760
"เดียวในเซิร์ฟเวอร์ซึ่งจะเริ่มทำงานเมื่อเครื่องบูตและจะทำงานเป็นชื่อผู้ใช้ปกติ"
3761
"ที่ชื่อ tomcat6 ส่วนอีกวิธีก็คือคุณสามารถติดตั้งเป็น instance "
3762
"ส่วนตัวที่จะทำงานในชื่อผู้ใช้ที่คุณกำหนดและคุณจะต้องเริ่มและหยุดเซิร์ฟเวอร์ด้"
3763
"วยตัวเอง "
3764
"วิธีที่สองนี้เหมาะสำหรับการใช้สำหรับติดตั้งเซิร์ฟเวอร์เพื่อพัฒนาโปรแกรมที่ผู้"
3765
"ใช้แต่ละคนจะต้องต่อเข้าใช้งาน instance ของ Tomcat ของตัวเอง"
3766
3767
#: serverguide/C/web-servers.xml:1056(title)
3768
msgid "System-wide installation"
3769
msgstr "การติดตั้งแบบ system-wide"
3770
3771
#: serverguide/C/web-servers.xml:1057(para)
3772
msgid ""
3773
"To install the <application>Tomcat</application> server, you can enter the "
3774
"following command in the terminal prompt:"
3775
msgstr ""
3776
"คุณสามารถพิมพ์คำสั่งดังนี้เพื่อติดตั้งเซิร์ฟเวอร์ "
3777
"<application>Tomcat</application>:"
3778
3779
#: serverguide/C/web-servers.xml:1060(command)
3780
msgid "sudo apt-get install tomcat6"
3781
msgstr "sudo apt-get install tomcat6"
3782
3783
#: serverguide/C/web-servers.xml:1062(para)
3784
msgid ""
3785
"This will install a Tomcat server with just a default ROOT webapp that "
3786
"displays a minimal \"It works\" page by default."
3787
msgstr ""
3788
"คำสั่งนี้จะติดตั้งเซิร์ฟเวอร์ Tomcat พร้อมกับเว็บแอพพลิเคชั่นชื่อ ROOT "
3789
"ที่จะแสดงหน้า \"It works\" เพื่อแสดงให้ดูว่าใช้งานได้แล้วเท่านั้น"
3790
3791
#: serverguide/C/web-servers.xml:1068(para)
3792
msgid ""
3793
"Tomcat configuration files can be found in "
3794
"<filename>/etc/tomcat6</filename>. Only a few common configuration tweaks "
3795
"will be described here, please see <ulink "
3796
"url=\"http://tomcat.apache.org/tomcat-6.0-doc/index.html\">Tomcat 6.0 "
3797
"documentation</ulink> for more."
3798
msgstr ""
3799
"ไฟล์การตั้งค่าของ Tomcat อยู่ที่ <filename>/etc/tomcat6</filename> "
3800
"ในส่วนนี้จะอธิบายถึงการปรับค่าที่ใช้ทั่วไปไม่กี่ค่า "
3801
"สำหรับรายละเอียดเพิ่มเติมกรุณาดูที่ <ulink "
3802
"url=\"http://tomcat.apache.org/tomcat-6.0-doc/index.html\">เอกสารอ้างอิงของ "
3803
"Tomcat 6.0</ulink>"
3804
3805
#: serverguide/C/web-servers.xml:1074(title)
3806
msgid "Changing default ports"
3807
msgstr "เปลี่ยนพอร์ตเริ่มต้นที่มาพร้อมกับการติดตั้ง"
3808
3809
#: serverguide/C/web-servers.xml:1075(para)
3810
msgid ""
3811
"By default Tomcat 6.0 runs a HTTP connector on port 8080 and an AJP "
3812
"connector on port 8009. You might want to change those default ports to "
3813
"avoid conflict with another server on the system. This is done by changing "
3814
"the following lines in <filename>/etc/tomcat6/server.xml</filename>:"
3815
msgstr ""
3816
"โดยปกติแล้ว Tomcat 6.0 จะใช้งาน HTTP connector บนพอร์ต 8080 และ AJP "
3817
"connector บนพอร์ต 8009 "
3818
"คุณสามารถเปลี่ยนค่าเริ่มต้นได้ถ้าพอร์ตเหล่านี้ถูกใช้งานอยู่แล้ว "
3819
"โดยคุณสามารถแก้ไขบรรทัดเหล่านี้ในไฟล์ "
3820
"<filename>/etc/tomcat6/server.xml</filename>:"
3821
3822
#: serverguide/C/web-servers.xml:1080(programlisting)
3823
#, no-wrap
3824
msgid ""
3825
"\n"
3826
"<Connector port=\"8080\" protocol=\"HTTP/1.1\" \n"
3827
" connectionTimeout=\"20000\" \n"
3828
" redirectPort=\"8443\" />\n"
3829
"...\n"
3830
"<Connector port=\"8009\" protocol=\"AJP/1.3\" redirectPort=\"8443\" "
3831
"/>\n"
3832
msgstr ""
3833
"\n"
3834
"<Connector port=\"8080\" protocol=\"HTTP/1.1\" \n"
3835
" connectionTimeout=\"20000\" \n"
3836
" redirectPort=\"8443\" />\n"
3837
"...\n"
3838
"<Connector port=\"8009\" protocol=\"AJP/1.3\" redirectPort=\"8443\" "
3839
"/>\n"
3840
3841
#: serverguide/C/web-servers.xml:1089(title)
3842
msgid "Changing JVM used"
3843
msgstr "เปลี่ยน JVM ที่ถูกใช้งาน"
3844
3845
#: serverguide/C/web-servers.xml:1090(para)
3846
msgid ""
3847
"By default Tomcat will run preferably with OpenJDK-6, then try Sun's JVM, "
3848
"then try some other JVMs. If you have various JVMs installed, you can set "
3849
"which should be used by setting JAVA_HOME in "
3850
"<filename>/etc/default/tomcat6</filename>:"
3851
msgstr ""
3852
"โดยปกติ Tomcat จะทำงานโดยใช้ OpenJDK-6 จากนั้นถึงจะใช้ JVM ของ Sun "
3853
"จากนั้นจึงจะลอง JVM อื่นๆ ถ้าคุณติดตั้ง JVM ไว้หลายตัว "
3854
"คุณสามารถเลือกได้ว่าจะใช้ JVM ตัวไหนโดยการระบุค่าของ JAVA_HOME ในไฟล์ "
3855
"<filename>/etc/default/tomcat6</filename>:"
3856
3857
#: serverguide/C/web-servers.xml:1094(programlisting)
3858
#, no-wrap
3859
msgid ""
3860
"\n"
3861
"JAVA_HOME=/usr/lib/jvm/java-6-sun\n"
3862
msgstr ""
3863
"\n"
3864
"JAVA_HOME=/usr/lib/jvm/java-6-sun\n"
3865
3866
#: serverguide/C/web-servers.xml:1099(title)
3867
msgid "Declaring users and roles"
3868
msgstr "การสร้างผู้ใช้และบทบาท"
3869
3870
#: serverguide/C/web-servers.xml:1100(para)
3871
msgid ""
3872
"Usernames, passwords and roles (groups) can be defined centrally in a "
3873
"Servlet container. In Tomcat 6.0 this is done in the "
3874
"<filename>/etc/tomcat6/tomcat-users.xml</filename> file:"
3875
msgstr ""
3876
"ชื่อผู้ใช้ รหัสผ่าน และบทบาท (กลุ่มผู้ใช้) สามารถถูกระบุได้ใน Servlet "
3877
"container ใน Tomcat 6.0 คุณสามารถตั้งค่าเหล่านี้ได้ในไฟล์ "
3878
"<filename>/etc/tomcat6/tomcat-users.xml</filename> file:"
3879
3880
#: serverguide/C/web-servers.xml:1103(programlisting)
3881
#, no-wrap
3882
msgid ""
3883
"\n"
3884
"<role rolename=\"admin\"/>\n"
3885
"<user username=\"tomcat\" password=\"s3cret\" roles=\"admin\"/>\n"
3886
msgstr ""
3887
"\n"
3888
"<role rolename=\"admin\"/>\n"
3889
"<user username=\"tomcat\" password=\"s3cret\" roles=\"admin\"/>\n"
3890
3891
#: serverguide/C/web-servers.xml:1111(title)
3892
msgid "Using Tomcat standard webapps"
3893
msgstr "การใช้งานเว็บแอพพลิเคชั่นมาตรฐานที่มากับ Tomcat"
3894
3895
#: serverguide/C/web-servers.xml:1112(para)
3896
msgid ""
3897
"Tomcat is shipped with webapps that you can install for documentation, "
3898
"administration or demo purposes."
3899
msgstr ""
3900
"Tomcat นั้นมาพร้อมกับเว็บแอพพลิเคชั่นที่คุณสามารถติดตั้งเพื่อดูคู่มือ "
3901
"ดูแลระบบ หรือเพื่อสาธิต"
3902
3903
#: serverguide/C/web-servers.xml:1115(title)
3904
msgid "Tomcat documentation"
3905
msgstr "เอกสารคู่มือ Tomcat"
3906
3907
#: serverguide/C/web-servers.xml:1116(para)
3908
msgid ""
3909
"The <application>tomcat6-docs</application> package contains Tomcat 6.0 "
3910
"documentation, packaged as a webapp that you can access by default at "
3911
"http://yourserver:8080/docs. You can install it by entering the following "
3912
"command in the terminal prompt:"
3913
msgstr ""
3914
"แพคเกจ <application>tomcat6-docs</application> มีเอกสารคู่มือของ Tomcat 6.0 "
3915
"ในรูปแบบของเว็บแอพพลิเคชั่นที่คุณสามารถใช้งานได้โดยไปที่ "
3916
"http://yourserver:8080/docs คุณสามารถติดตั้งแพคเกจนี้ได้โดยพิมพ์คำสั่ง:"
3917
3918
#: serverguide/C/web-servers.xml:1121(command)
3919
msgid "sudo apt-get install tomcat6-docs"
3920
msgstr "sudo apt-get install tomcat6-docs"
3921
3922
#: serverguide/C/web-servers.xml:1125(title)
3923
msgid "Tomcat administration webapps"
3924
msgstr "เว็บแอพพลิเคชั่นสำหรับจัดการ Tomcat"
3925
3926
#: serverguide/C/web-servers.xml:1126(para)
3927
msgid ""
3928
"The <application>tomcat6-admin</application> package contains two webapps "
3929
"that can be used to administer the Tomcat server using a web interface. You "
3930
"can install them by entering the following command in the terminal prompt:"
3931
msgstr ""
3932
"แพคเกจ <application>tomcat6-admin</application> "
3933
"มาพร้อมกับเว็บแอพพลิเคชั่นสองตัวที่คุณสามารถใช้เพื่อดูแลเซิร์ฟเวอร์ Tomcat "
3934
"ได้ผ่านหน้าเว็บ คุณสามารถติดตั้งแอพพลิเคชั่นเหล่านี้ได้โดยพิมพ์คำสั่ง:"
3935
3936
#: serverguide/C/web-servers.xml:1131(command)
3937
msgid "sudo apt-get install tomcat6-admin"
3938
msgstr "sudo apt-get install tomcat6-admin"
3939
3940
#: serverguide/C/web-servers.xml:1133(para)
3941
msgid ""
3942
"The first one is the <emphasis>manager</emphasis> webapp, which you can "
3943
"access by default at http://yourserver:8080/manager/html. It is primarily "
3944
"used to get server status and restart webapps."
3945
msgstr ""
3946
"แอพพลิเคชั่นแรกคือ <emphasis>manager</emphasis> และคุณสามารถใช้งานได้ที่ "
3947
"http://yourserver:8080/manager/html "
3948
"ประโยชน์หลักของแอพพลิเคชั่นนี้คือเพื่อดูสถานะของเซิร์ฟเวอร์และเพื่อเริ่มต้นเว"
3949
"็บแอพพลิเคชั่นใหม่"
3950
3951
#: serverguide/C/web-servers.xml:1136(para)
3952
msgid ""
3953
"Access to the <emphasis>manager</emphasis> application is protected by "
3954
"default: you need to define a user with the role \"manager\" in "
3955
"<filename>/etc/tomcat6/tomcat-users.xml</filename> before you can access it."
3956
msgstr ""
3957
"โดยปกติ Tomcat จะจำกัดการเข้าใช้งานแอพพลิเคชั่น <emphasis>manager</emphasis> "
3958
"เพื่อรักษาความปลอดภัย คุณจะต้องกำหนดผู้ใช้ที่มีบทบาทของ \"manager\" ในไฟล์ "
3959
"<filename>/etc/tomcat6/tomcat-users.xml</filename> "
3960
"ก่อนที่คุณจะใช้แอพพลิเคชั่นนี้ได้"
3961
3962
#: serverguide/C/web-servers.xml:1140(para)
3963
msgid ""
3964
"The second one is the <emphasis>host-manager</emphasis> webapp, which you "
3965
"can access by default at http://yourserver:8080/host-manager/html. It can be "
3966
"used to create virtual hosts dynamically."
3967
msgstr ""
3968
"แอพพลิเคชั่นตัวที่สองคือ <emphasis>host-manager</emphasis> "
3969
"ซึ่งมีไว้เพื่อสร้างโฮสต์เสมือน (virtual hosts) โดยคุณสามารถใช้งานได้ที่ "
3970
"http://yourserver:8080/host-manager/html"
3971
3972
#: serverguide/C/web-servers.xml:1144(para)
3973
msgid ""
3974
"Access to the <emphasis>host-manager</emphasis> application is also "
3975
"protected by default: you need to define a user with the role \"admin\" in "
3976
"<filename>/etc/tomcat6/tomcat-users.xml</filename> before you can access it."
3977
msgstr ""
3978
"การใช้งาน <emphasis>host-manager</emphasis> "
3979
"จะถูกจำกัดไว้ตั้งแต่ตอนติดตั้งเพื่อความปลอดภัย: "
3980
"คุณจะต้องสร้างผู้ใช้ที่มีบทบาทเป็น \"admin\" หรือผู้ดูแลระบบในไฟล์ "
3981
"<filename>/etc/tomcat6/tomcat-users.xml</filename> ก่อนที่คุณจะใช้งานได้"
3982
3983
#: serverguide/C/web-servers.xml:1149(para)
3984
msgid ""
3985
"For security reasons, the tomcat6 user cannot write to the "
3986
"<filename>/etc/tomcat6</filename> directory by default. Some features in "
3987
"these admin webapps (application deployment, virtual host creation) need "
3988
"write access to that directory. If you want to use these features execute "
3989
"the following, to give users in the tomcat6 group the necessary rights:"
3990
msgstr ""
3991
"เพื่อความปลอดภัย ผู้ใช้ชื่อ tomcat6 จะไม่สามารถแก้ไขไฟล์ใน "
3992
"<filename>/etc/tomcat6</filename> ได้ "
3993
"แต่บางฟีเจอร์ในแอพพลิเคชั่นสำหรับจัดการ Tomcat "
3994
"จะต้องสามารถแก้ไขไฟล์ในไดเร็คทอรี่นี้ได้ ถ้าคุณต้องการใช้ฟีเจอร์อย่าง "
3995
"application deployment หรือ virtual host creation "
3996
"คุณจะต้องให้สิทธิ์การแก้ไขไฟล์กับผู้ใช้ในกลุ่ม tomcat6 ด้วย "
3997
"โดยคุณสามารถพิมพ์คำสั่ง:"
3998
3999
#: serverguide/C/web-servers.xml:1156(command)
4000
msgid "sudo chgrp -R tomcat6 /etc/tomcat6"
4001
msgstr "sudo chgrp -R tomcat6 /etc/tomcat6"
4002
4003
#: serverguide/C/web-servers.xml:1157(command)
4004
msgid "sudo chmod -R g+w /etc/tomcat6"
4005
msgstr "sudo chmod -R g+w /etc/tomcat6"
4006
4007
#: serverguide/C/web-servers.xml:1162(title)
4008
msgid "Tomcat examples webapps"
4009
msgstr "เว็บแอพพลิเคชั่นตัวอย่างของ Tomcat"
4010
4011
#: serverguide/C/web-servers.xml:1163(para)
4012
msgid ""
4013
"The <application>tomcat6-examples</application> package contains two webapps "
4014
"that can be used to test or demonstrate Servlets and JSP features, which you "
4015
"can access them by default at http://yourserver:8080/examples. You can "
4016
"install them by entering the following command in the terminal prompt:"
4017
msgstr ""
4018
"แพคเกจ <application>tomcat6-examples</application> "
4019
"มีเว็บแอพพลิเคชั่นสองตัวสำหรับใช้เพื่อทดสอบหรือแสดงความสามารถของ Servlets "
4020
"และ JSP คุณสามารถใช้งานแอพพลิเคชั่นเหล่านี้ได้ที่ "
4021
"http://yourserver:8080/examples "
4022
"และคุณสามารถติดตั้งแพคเกจนี้ได้โดยพิมพ์คำสั่ง:"
4023
4024
#: serverguide/C/web-servers.xml:1169(command)
4025
msgid "sudo apt-get install tomcat6-examples"
4026
msgstr "sudo apt-get install tomcat6-examples"
4027
4028
#: serverguide/C/web-servers.xml:1175(title)
4029
msgid "Using private instances"
4030
msgstr "การใช้งาน instance ส่วนตัว"
4031
4032
#: serverguide/C/web-servers.xml:1176(para)
4033
msgid ""
4034
"Tomcat is heavily used in development and testing scenarios where using a "
4035
"single system-wide instance doesn't meet the requirements of multiple users "
4036
"on a single system. The Tomcat 6.0 packages in Ubuntu come with tools to "
4037
"help deploy your own user-oriented instances, allowing every user on a "
4038
"system to run (without root rights) separate private instances while still "
4039
"using the system-installed libraries."
4040
msgstr ""
4041
"Tomcat ได้ถูกนำไปใช้เพื่อการพัฒนาและทดสอบอย่างหลากหลาย ทำให้การใช้งาน "
4042
"instance เดียวต่อเครื่องไม่สามารถตอบสนองความต้องการของผู้ใช้ต่างๆได้ แพคเกจ "
4043
"Tomcat 6.0 ในอูบุนตูมาพร้อมกับเครื่องที่จะช่วยให้คุณ instance หลายๆตัวได้ "
4044
"เพื่อที่จะให้ผู้ใช้แต่ละคนในระบบสามารถใช้งาน instance ส่วนตัวของตัวเอง "
4045
"(โดยไม่ต้องใช้สิทธิ์ของ root)"
4046
4047
#: serverguide/C/web-servers.xml:1183(para)
4048
msgid ""
4049
"It is possible to run the system-wide instance and the private instances in "
4050
"parallel, as long as they do not use the same TCP ports."
4051
msgstr ""
4052
"นอกจากนั้นคุณยังสามารถใช้งาน instance ของระบบคู่ไปกับ instance "
4053
"ส่วนตัวได้อีกด้วย ตราบใดที่ instance ทั้งสองไม่ใช้พอร์ต TCP เลขเดียวกัน"
4054
4055
#: serverguide/C/web-servers.xml:1187(title)
4056
msgid "Installing private instance support"
4057
msgstr "การติดตั้ง instance ส่วนตัว"
4058
4059
#: serverguide/C/web-servers.xml:1188(para)
4060
msgid ""
4061
"You can install everything necessary to run private instances by entering "
4062
"the following command in the terminal prompt:"
4063
msgstr ""
4064
"คุณสามารถติดตั้งทุกอย่างที่จะต้องใช้เพื่อใช้งาน instance "
4065
"ส่วนตัวได้โดยพิมพ์คำสั่งดังนี้:"
4066
4067
#: serverguide/C/web-servers.xml:1191(command)
4068
msgid "sudo apt-get install tomcat6-user"
4069
msgstr "sudo apt-get install tomcat6-user"
4070
4071
#: serverguide/C/web-servers.xml:1195(title)
4072
msgid "Creating a private instance"
4073
msgstr "การสร้าง instance ส่วนตัว"
4074
4075
#: serverguide/C/web-servers.xml:1196(para)
4076
msgid ""
4077
"You can create a private instance directory by entering the following "
4078
"command in the terminal prompt:"
4079
msgstr ""
4080
"คุณสามารถสร้างไดเร็คทอรี่สำหรับ instance ส่วนตัวได้โดยพิมพ์คำสั่งดังนี้:"
4081
4082
#: serverguide/C/web-servers.xml:1199(command)
4083
msgid "tomcat6-instance-create my-instance"
4084
msgstr "tomcat6-instance-create my-instance"
4085
4086
#: serverguide/C/web-servers.xml:1201(para)
4087
msgid ""
4088
"This will create a new <filename>my-instance</filename> directory with all "
4089
"the necessary subdirectories and scripts. You can for example install your "
4090
"common libraries in the <filename>lib/</filename> subdirectory and deploy "
4091
"your webapps in the <filename>webapps/</filename> subdirectory. No webapps "
4092
"are deployed by default."
4093
msgstr ""
4094
"คำสั่งนี้จะสร้างไดเร็คทอรี่ใหม่ชื่อ <filename>my-instance</filename> "
4095
"ที่มีไฟล์สคริปต์และไดเร็คทอรี่ย่อยที่จำเป็นอยู่แล้ว "
4096
"คุณสามารถติดตั้งไลบรารี่ต่างๆที่คุณใช้ร่วมกันระหว่างแอพพลิเคชั่นต่างๆในไดเร็ค"
4097
"ทอรี่ย่อยชื่อ <filename>lib/</filename> และ deploy "
4098
"แอพพลิเคชั่นของคุณในไดเร็คทอรี่ย่อยชื่อ <filename>webapps/</filename>"
4099
4100
#: serverguide/C/web-servers.xml:1209(title)
4101
msgid "Configuring your private instance"
4102
msgstr "การตั้งค่า instance ส่วนตัวของคุณ"
4103
4104
#: serverguide/C/web-servers.xml:1210(para)
4105
msgid ""
4106
"You will find the classic Tomcat configuration files for your private "
4107
"instance in the <filename>conf/</filename> subdirectory. You should for "
4108
"example certainly edit the <filename>conf/server.xml</filename> file to "
4109
"change the default ports used by your private Tomcat instance to avoid "
4110
"conflict with other instances that might be running."
4111
msgstr ""
4112
"คุณจะพบไฟล์การตั้งค่าสำหรับ instance ส่วนตัวของ Tomcat "
4113
"ในไดเร็คทอรี่ย่อยที่ชื่อ <filename>conf/</filename> คุณควรจะแก้ไขไฟล์ "
4114
"<filename>conf/server.xml</filename> เพื่อเปลี่ยนตัวเลขพอร์ตที่ใช้ใน Tomcat "
4115
"instance ของคุณเพื่อป้องกันการขัดแย้งกับ instance "
4116
"อื่นๆที่ทำงานอยู่ในเวลาเดียวกัน"
4117
4118
#: serverguide/C/web-servers.xml:1218(title)
4119
msgid "Starting/stopping your private instance"
4120
msgstr "การเริ่ม/หยุด instance ส่วนตัวของคุณ"
4121
4122
#: serverguide/C/web-servers.xml:1219(para)
4123
msgid ""
4124
"You can start your private instance by entering the following command in the "
4125
"terminal prompt (supposing your instance is located in the <filename>my-"
4126
"instance</filename> directory):"
4127
msgstr ""
4128
"คุณสามารถเริ่ม instance ส่วนตัวของคุณได้โดยพิมพ์คำสั่งดังนี้ "
4129
"(ในตัวอย่างจะสมมุติว่า instance ของคุณอยู่ในไดเร็คทอรี่ <filename>my-"
4130
"instance</filename>):"
4131
4132
#: serverguide/C/web-servers.xml:1223(command)
4133
msgid "my-instance/bin/startup.sh"
4134
msgstr "my-instance/bin/startup.sh"
4135
4136
#: serverguide/C/web-servers.xml:1225(para)
4137
msgid ""
4138
"You should check the <filename>logs/</filename> subdirectory for any error. "
4139
"If you have a <emphasis>java.net.BindException: Address already in "
4140
"use<null>:8080</emphasis> error, it means that the port you're using "
4141
"is already taken and that you should change it."
4142
msgstr ""
4143
"คุณควรตรวจสอบไดเร็คทอรี่ย่อยชื่อ <filename>logs/</filename> "
4144
"เพื่อดูว่ามีข้อผิดพลาดใดๆหรือไม่ ถ้าคุณพบข้อผิดพลาด "
4145
"<emphasis>java.net.BindException: Address already in "
4146
"use<null>:8080</emphasis> "
4147
"นั่นหมายความว่าเลขที่พอร์ตที่คุณเลือกใช้นั้นได้ถูกใช้อยู่แล้ว "
4148
"และคุณจะต้องเปลี่ยนเลขที่พอร์ต"
4149
4150
#: serverguide/C/web-servers.xml:1230(para)
4151
msgid ""
4152
"You can stop your instance by entering the following command in the terminal "
4153
"prompt (supposing your instance is located in the <filename>my-"
4154
"instance</filename> directory):"
4155
msgstr ""
4156
"คุณสามารถหยุด instance ของคุณได้โดยพิมพ์คำสั่งดังนี้ (สมมุติว่า instance "
4157
"ของคุณอยู่ในไดเร็คทอรี่ <filename>my-instance</filename>):"
4158
4159
#: serverguide/C/web-servers.xml:1234(command)
4160
msgid "my-instance/bin/shutdown.sh"
4161
msgstr "my-instance/bin/shutdown.sh"
4162
4163
#: serverguide/C/web-servers.xml:1243(para)
4164
msgid ""
4165
"See the <ulink url=\"http://tomcat.apache.org/\">Apache Tomcat</ulink> "
4166
"website for more information."
4167
msgstr ""
4168
4169
#: serverguide/C/web-servers.xml:1248(para)
4170
msgid ""
4171
"<ulink url=\"http://oreilly.com/catalog/9780596003180/\">Tomcat: The "
4172
"Definitive Guide</ulink> is a good resource for building web applications "
4173
"with Tomcat."
4174
msgstr ""
4175
4176
#: serverguide/C/web-servers.xml:1254(para)
4177
msgid ""
4178
"For additional books see the <ulink "
4179
"url=\"http://wiki.apache.org/tomcat/Tomcat/Books\">Tomcat Books</ulink> list "
4180
"page."
4181
msgstr ""
4182
4183
#: serverguide/C/web-servers.xml:1259(para)
4184
msgid ""
4185
"Also, see the<ulink "
4186
"url=\"https://help.ubuntu.com/community/ApacheTomcat5\">Ubuntu Wiki Apache "
4187
"Tomcat</ulink> page."
4188
msgstr ""
4189
4190
#: serverguide/C/vpn.xml:13(title)
4191
msgid "VPN"
4192
msgstr ""
4193
4194
#: serverguide/C/vpn.xml:15(para)
4195
msgid ""
4196
"A Virtual Private Network, or <emphasis>VPN</emphasis>, is an encrypted "
4197
"network connection between two or more networks. There are several ways to "
4198
"create a VPN using software as well as dedicated hardware appliances. This "
4199
"chapter will cover installing and configuring "
4200
"<application>OpenVPN</application> to create a VPN between two servers."
4201
msgstr ""
4202
4203
#: serverguide/C/vpn.xml:23(title)
4204
msgid "OpenVPN"
4205
msgstr ""
4206
4207
#: serverguide/C/vpn.xml:25(para)
4208
msgid ""
4209
"OpenVPN uses Public Key Infrastructure (PKI) to encrypt VPN traffic between "
4210
"nodes. A simple way of setting up a VPN with OpenVPN is to connect the "
4211
"clients through a bridge interface on the VPN server. This guide will assume "
4212
"that one VPN node, the server in this case, has a bridge interface "
4213
"configured. For more information on setting up a bridge see <xref "
4214
"linkend=\"bridging\"/>."
4215
msgstr ""
4216
4217
#: serverguide/C/vpn.xml:35(para)
4218
msgid "To install <application>openvpn</application> in a terminal enter:"
4219
msgstr ""
4220
4221
#: serverguide/C/vpn.xml:41(command) serverguide/C/vpn.xml:257(command)
4222
msgid "sudo apt-get install openvpn"
4223
msgstr ""
4224
4225
#: serverguide/C/vpn.xml:45(title)
4226
msgid "Server Certificates"
4227
msgstr ""
4228
4229
#: serverguide/C/vpn.xml:47(para)
4230
msgid ""
4231
"Now that the <application>openvpn</application> package is installed, the "
4232
"certificates for the VPN server need to be created."
4233
msgstr ""
4234
4235
#: serverguide/C/vpn.xml:52(para)
4236
msgid ""
4237
"First, copy the <filename>easy-rsa</filename> directory to "
4238
"<filename>/etc/openvpn</filename>. This will ensure that any changes to the "
4239
"scripts will not be lost when the package is updated. You will also need to "
4240
"adjust permissions in the <filename>easy-rsa</filename> directory to allow "
4241
"the current user permission to create files. From a terminal enter:"
4242
msgstr ""
4243
4244
#: serverguide/C/vpn.xml:59(command)
4245
msgid "sudo mkdir /etc/openvpn/easy-rsa/"
4246
msgstr ""
4247
4248
#: serverguide/C/vpn.xml:60(command)
4249
msgid ""
4250
"sudo cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-"
4251
"rsa/"
4252
msgstr ""
4253
4254
#: serverguide/C/vpn.xml:61(command)
4255
msgid "sudo chown -R $USER /etc/openvpn/easy-rsa/"
4256
msgstr ""
4257
4258
#: serverguide/C/vpn.xml:64(para)
4259
msgid ""
4260
"Next, edit <filename>/etc/openvpn/easy-rsa/vars</filename> adjusting the "
4261
"following to your environment:"
4262
msgstr ""
4263
4264
#: serverguide/C/vpn.xml:68(programlisting)
4265
#, no-wrap
4266
msgid ""
4267
"\n"
4268
"export KEY_COUNTRY=\"US\"\n"
4269
"export KEY_PROVINCE=\"NC\"\n"
4270
"export KEY_CITY=\"Winston-Salem\"\n"
4271
"export KEY_ORG=\"Example Company\"\n"
4272
"export KEY_EMAIL=\"steve@example.com\"\n"
4273
msgstr ""
4274
4275
#: serverguide/C/vpn.xml:76(para)
4276
msgid "Enter the following to create the server certificates:"
4277
msgstr ""
4278
4279
#: serverguide/C/vpn.xml:81(command) serverguide/C/vpn.xml:102(command)
4280
msgid "cd /etc/openvpn/easy-rsa/"
4281
msgstr ""
4282
4283
#: serverguide/C/vpn.xml:82(command) serverguide/C/vpn.xml:103(command)
4284
msgid "source vars"
4285
msgstr ""
4286
4287
#: serverguide/C/vpn.xml:83(command)
4288
msgid "./clean-all"
4289
msgstr ""
4290
4291
#: serverguide/C/vpn.xml:84(command)
4292
msgid "./build-dh"
4293
msgstr ""
4294
4295
#: serverguide/C/vpn.xml:85(command)
4296
msgid "./pkitool --initca"
4297
msgstr ""
4298
4299
#: serverguide/C/vpn.xml:86(command)
4300
msgid "./pkitool --server server"
4301
msgstr ""
4302
4303
#: serverguide/C/vpn.xml:87(command)
4304
msgid "cd keys"
4305
msgstr ""
4306
4307
#: serverguide/C/vpn.xml:88(command)
4308
msgid "openvpn --genkey --secret ta.key"
4309
msgstr ""
4310
4311
#: serverguide/C/vpn.xml:89(command)
4312
msgid "sudo cp server.crt server.key ca.crt dh1024.pem ta.key /etc/openvpn/"
4313
msgstr ""
4314
4315
#: serverguide/C/vpn.xml:94(title)
4316
msgid "Client Certificates"
4317
msgstr ""
4318
4319
#: serverguide/C/vpn.xml:96(para)
4320
msgid ""
4321
"The VPN client will also need a certificate to authenticate itself to the "
4322
"server. To create the certificate, enter the following in a terminal:"
4323
msgstr ""
4324
4325
#: serverguide/C/vpn.xml:104(command)
4326
msgid "./pkitool hostname"
4327
msgstr ""
4328
4329
#: serverguide/C/vpn.xml:108(para)
4330
msgid ""
4331
"Replace <emphasis>hostname</emphasis> with the actual hostname of the "
4332
"machine connecting to the VPN."
4333
msgstr ""
4334
4335
#: serverguide/C/vpn.xml:113(para)
4336
msgid "Copy the following files to the client:"
4337
msgstr ""
4338
4339
#: serverguide/C/vpn.xml:118(para)
4340
msgid "/etc/openvpn/ca.crt"
4341
msgstr ""
4342
4343
#: serverguide/C/vpn.xml:119(para)
4344
msgid "/etc/openvpn/easy-rsa/keys/hostname.crt"
4345
msgstr ""
4346
4347
#: serverguide/C/vpn.xml:120(para)
4348
msgid "/etc/openvpn/easy-rsa/keys/hostname.key"
4349
msgstr ""
4350
4351
#: serverguide/C/vpn.xml:121(para)
4352
msgid "/etc/openvpn/ta.key"
4353
msgstr ""
4354
4355
#: serverguide/C/vpn.xml:125(para)
4356
msgid ""
4357
"Remember to adjust the above file names for your client machine's "
4358
"<emphasis>hostname</emphasis>."
4359
msgstr ""
4360
4361
#: serverguide/C/vpn.xml:130(para)
4362
msgid ""
4363
"It is best to use a secure method to copy the certificate and key files. The "
4364
"<application>scp</application> utility is a good choice, but copying the "
4365
"files to removable media then to the client, also works well."
4366
msgstr ""
4367
4368
#: serverguide/C/vpn.xml:141(title) serverguide/C/vcs.xml:107(title)
4369
msgid "Server Configuration"
4370
msgstr ""
4371
4372
#: serverguide/C/vpn.xml:143(para)
4373
msgid ""
4374
"Now configure the <application>openvpn</application> server by creating "
4375
"<filename>/etc/openvpn/server.conf</filename> from the example file. In a "
4376
"terminal enter:"
4377
msgstr ""
4378
4379
#: serverguide/C/vpn.xml:149(command)
4380
msgid ""
4381
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz "
4382
"/etc/openvpn/"
4383
msgstr ""
4384
4385
#: serverguide/C/vpn.xml:150(command)
4386
msgid "sudo gzip -d /etc/openvpn/server.conf.gz"
4387
msgstr ""
4388
4389
#: serverguide/C/vpn.xml:153(para)
4390
msgid ""
4391
"Edit <filename>/etc/openvpn/server.conf</filename> changing the following "
4392
"options to:"
4393
msgstr ""
4394
4395
#: serverguide/C/vpn.xml:157(programlisting)
4396
#, no-wrap
4397
msgid ""
4398
"\n"
4399
"local 172.18.100.101\n"
4400
"dev tap0\n"
4401
"up \"/etc/openvpn/up.sh br0\"\n"
4402
"down \"/etc/openvpn/down.sh br0\"\n"
4403
";server 10.8.0.0 255.255.255.0\n"
4404
"server-bridge 172.18.100.101 255.255.255.0 172.18.100.105 172.18.100.200\n"
4405
"push \"route 172.18.100.1 255.255.255.0\"\n"
4406
"push \"dhcp-option DNS 172.18.100.20\"\n"
4407
"push \"dhcp-option DOMAIN example.com\"\n"
4408
"tls-auth ta.key 0 # This file is secret\n"
4409
"user nobody\n"
4410
"group nogroup\n"
4411
msgstr ""
4412
4413
#: serverguide/C/vpn.xml:174(para)
4414
msgid ""
4415
"<emphasis>local</emphasis>: is the IP address of the bridge interface."
4416
msgstr ""
4417
4418
#: serverguide/C/vpn.xml:179(para)
4419
msgid ""
4420
"<emphasis>server-bridge</emphasis>: needed when the configuration uses "
4421
"bridging. The <emphasis>172.18.100.101 255.255.255.0</emphasis> portion is "
4422
"the bridge interface and mask. The IP range <emphasis>172.18.100.105 "
4423
"172.18.100.200</emphasis> is the range of IP addresses that will be assigned "
4424
"to clients."
4425
msgstr ""
4426
4427
#: serverguide/C/vpn.xml:186(para)
4428
msgid ""
4429
"<emphasis>push</emphasis>: are directives to add networking options for "
4430
"clients."
4431
msgstr ""
4432
4433
#: serverguide/C/vpn.xml:191(para)
4434
msgid ""
4435
"<emphasis>user and group</emphasis>: configure which user and group the "
4436
"<application>openvpn</application> daemon executes as."
4437
msgstr ""
4438
4439
#: serverguide/C/vpn.xml:198(para)
4440
msgid ""
4441
"Replace all IP addresses and domain names above with those of your network."
4442
msgstr ""
4443
4444
#: serverguide/C/vpn.xml:203(para)
4445
msgid ""
4446
"Next, create a couple of helper scripts to add the <emphasis>tap</emphasis> "
4447
"interface to the bridge. Create <filename>/etc/openvpn/up.sh</filename>:"
4448
msgstr ""
4449
4450
#: serverguide/C/vpn.xml:207(programlisting)
4451
#, no-wrap
4452
msgid ""
4453
"\n"
4454
"#!/bin/sh\n"
4455
"\n"
4456
"BR=$1\n"
4457
"DEV=$2\n"
4458
"MTU=$3\n"
4459
"/sbin/ifconfig $DEV mtu $MTU promisc up\n"
4460
"/usr/sbin/brctl addif $BR $DEV\n"
4461
msgstr ""
4462
4463
#: serverguide/C/vpn.xml:217(para)
4464
msgid "And <filename>/etc/openvpn/down.sh</filename>:"
4465
msgstr ""
4466
4467
#: serverguide/C/vpn.xml:221(programlisting)
4468
#, no-wrap
4469
msgid ""
4470
"\n"
4471
"#!/bin/sh\n"
4472
"\n"
4473
"BR=$1\n"
4474
"DEV=$2\n"
4475
"\n"
4476
"/usr/sbin/brctl delif $BR $DEV\n"
4477
"/sbin/ifconfig $DEV down\n"
4478
msgstr ""
4479
4480
#: serverguide/C/vpn.xml:231(para)
4481
msgid "Then make them executable:"
4482
msgstr ""
4483
4484
#: serverguide/C/vpn.xml:236(command)
4485
msgid "sudo chmod 755 /etc/openvpn/down.sh"
4486
msgstr ""
4487
4488
#: serverguide/C/vpn.xml:237(command)
4489
msgid "sudo chmod 755 /etc/openvpn/up.sh"
4490
msgstr ""
4491
4492
#: serverguide/C/vpn.xml:240(para)
4493
msgid ""
4494
"After configuring the server, restart <application>openvpn</application> by "
4495
"entering:"
4496
msgstr ""
4497
4498
#: serverguide/C/vpn.xml:245(command) serverguide/C/vpn.xml:293(command)
4499
msgid "sudo /etc/init.d/openvpn restart"
4500
msgstr ""
4501
4502
#: serverguide/C/vpn.xml:250(title)
4503
msgid "Client Configuration"
4504
msgstr ""
4505
4506
#: serverguide/C/vpn.xml:252(para)
4507
msgid "First, install <application>openvpn</application> on the client:"
4508
msgstr ""
4509
4510
#: serverguide/C/vpn.xml:260(para)
4511
msgid ""
4512
"Then with the server configured and the client certificates copied to the "
4513
"<filename>/etc/openvpn/</filename> directory, create a client configuration "
4514
"file by copying the example. In a terminal on the client machine enter:"
4515
msgstr ""
4516
4517
#: serverguide/C/vpn.xml:266(command)
4518
msgid ""
4519
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf "
4520
"/etc/openvpn"
4521
msgstr ""
4522
4523
#: serverguide/C/vpn.xml:269(para)
4524
msgid ""
4525
"Now edit <filename>/etc/openvpn/client.conf</filename> changing the "
4526
"following options:"
4527
msgstr ""
4528
4529
#: serverguide/C/vpn.xml:273(programlisting)
4530
#, no-wrap
4531
msgid ""
4532
"\n"
4533
"dev tap\n"
4534
"remote vpn.example.com 1194\n"
4535
"cert hostname.crt\n"
4536
"key hostname.key\n"
4537
"tls-auth ta.key 1\n"
4538
msgstr ""
4539
4540
#: serverguide/C/vpn.xml:282(para)
4541
msgid ""
4542
"Replace <emphasis>vpn.example.com</emphasis> with the hostname of your VPN "
4543
"server, and <emphasis>hostname.*</emphasis> with the actual certificate and "
4544
"key filenames."
4545
msgstr ""
4546
4547
#: serverguide/C/vpn.xml:288(para)
4548
msgid "Finally, restart <application>openvpn</application>:"
4549
msgstr ""
4550
4551
#: serverguide/C/vpn.xml:296(para)
4552
msgid "You should now be able to connect to the remote LAN through the VPN."
4553
msgstr ""
4554
4555
#: serverguide/C/vpn.xml:307(para)
4556
msgid ""
4557
"See the <ulink url=\"http://openvpn.net/\">OpenVPN</ulink> website for "
4558
"additional information."
4559
msgstr ""
4560
4561
#: serverguide/C/vpn.xml:312(para)
4562
msgid ""
4563
"Also, Pakt's <ulink url=\"http://www.packtpub.com/openvpn/book\">OpenVPN: "
4564
"Building and Integrating Virtual Private Networks</ulink> is a good resource."
4565
msgstr ""
4566
4567
#: serverguide/C/vpn.xml:318(para)
4568
msgid ""
4569
"Another source of further information is the <ulink "
4570
"url=\"https://help.ubuntu.com/community/OpenVPN\">Ubuntu Wiki "
4571
"OpenVPN</ulink> page."
4572
msgstr ""
4573
4574
#: serverguide/C/virtualization.xml:13(title)
4575
msgid "Virtualization"
4576
msgstr ""
4577
4578
#: serverguide/C/virtualization.xml:14(para)
4579
msgid ""
4580
"Virtualization is being adopted in many different environments and "
4581
"situations. If you are a developer, virtualization can provide you with a "
4582
"contained environment where you can safely do almost any sort of development "
4583
"safe from messing up your main working environment. If you are a systems "
4584
"administrator, you can use virtualization to more easily separate your "
4585
"services and move them around based on demand."
4586
msgstr ""
4587
4588
#: serverguide/C/virtualization.xml:20(para)
4589
msgid ""
4590
"The default virtualization technology supported in Ubuntu is "
4591
"<application>KVM</application>, a technology that takes advantage of "
4592
"virtualization extensions built into Intel and AMD hardware. For hardware "
4593
"without virtualization extensions <application>Xen</application> and "
4594
"<application>Qemu</application> are popular solutions."
4595
msgstr ""
4596
4597
#: serverguide/C/virtualization.xml:27(title)
4598
msgid "libvirt"
4599
msgstr ""
4600
4601
#: serverguide/C/virtualization.xml:28(para)
4602
msgid ""
4603
"The <application>libvirt</application> library is used to interface with "
4604
"different virtualization technologies. Before getting started with "
4605
"<application>libvirt</application> it is best to make sure your hardware "
4606
"supports the necessary virtualization extensions for "
4607
"<application>KVM</application>. Enter the following from a terminal prompt:"
4608
msgstr ""
4609
4610
#: serverguide/C/virtualization.xml:35(command)
4611
msgid "kvm-ok"
4612
msgstr ""
4613
4614
#: serverguide/C/virtualization.xml:37(para)
4615
msgid ""
4616
"A message will be printed informing you if your CPU "
4617
"<emphasis>does</emphasis> or <emphasis>does not</emphasis> support hardware "
4618
"virtualization."
4619
msgstr ""
4620
4621
#: serverguide/C/virtualization.xml:41(para)
4622
msgid ""
4623
"On most computer whose processor supports virtualization, it is necessary to "
4624
"activate an option in the BIOS to enable it."
4625
msgstr ""
4626
4627
#: serverguide/C/virtualization.xml:47(title)
4628
msgid "Virtual Networking"
4629
msgstr ""
4630
4631
#: serverguide/C/virtualization.xml:49(para)
4632
msgid ""
4633
"There are a few different ways to allow a virtual machine access to the "
4634
"external network. The default virtual network configuration is "
4635
"<emphasis>usermode</emphasis> networking, which uses the SLIRP protocol and "
4636
"traffic is NATed through the host interface to the outside network."
4637
msgstr ""
4638
4639
#: serverguide/C/virtualization.xml:54(para)
4640
msgid ""
4641
"To enable external hosts to directly access services on virtual machines a "
4642
"<emphasis>bridge</emphasis> needs to be configured. This allows the virtual "
4643
"interfaces to connect to the outside network through the physical interface, "
4644
"making them appear as normal hosts to the rest of the network. For "
4645
"information on setting up a bridge see <xref linkend=\"bridging\"/>."
4646
msgstr ""
4647
4648
#: serverguide/C/virtualization.xml:63(para)
4649
msgid "To install the necessary packages, from a terminal prompt enter:"
4650
msgstr ""
4651
4652
#: serverguide/C/virtualization.xml:67(command)
4653
msgid "sudo apt-get install kvm libvirt-bin"
4654
msgstr ""
4655
4656
#: serverguide/C/virtualization.xml:69(para)
4657
msgid ""
4658
"After installing <application>libvirt-bin</application>, the user used to "
4659
"manage virtual machines will need to be added to the "
4660
"<emphasis>libvirtd</emphasis> group. Doing so will grant the user access to "
4661
"the advanced networking options."
4662
msgstr ""
4663
4664
#: serverguide/C/virtualization.xml:73(para)
4665
msgid "In a terminal enter:"
4666
msgstr ""
4667
4668
#: serverguide/C/virtualization.xml:77(command)
4669
msgid "sudo adduser $USER libvirtd"
4670
msgstr ""
4671
4672
#: serverguide/C/virtualization.xml:80(para)
4673
msgid ""
4674
"If the user chosen is the current user, you will need to log out and back in "
4675
"for the new group membership to take effect."
4676
msgstr ""
4677
4678
#: serverguide/C/virtualization.xml:84(para)
4679
msgid ""
4680
"You are now ready to install a <emphasis>Guest</emphasis> operating system. "
4681
"Installing a virtual machine follows the same process as installing the "
4682
"operating system directly on the hardware. You either need a way to automate "
4683
"the installation, or a keyboard and monitor will need to be attached to the "
4684
"physical machine."
4685
msgstr ""
4686
4687
#: serverguide/C/virtualization.xml:89(para)
4688
msgid ""
4689
"In the case of virtual machines a Graphical User Interface (GUI) is "
4690
"analogous to using a physical keyboard and mouse. Instead of installing a "
4691
"GUI the <application>virt-viewer</application> application can be used to "
4692
"connect to a virtual machine's console using <application>VNC</application>. "
4693
"See <xref linkend=\"libvirt-virt-viewer\"/> for more information."
4694
msgstr ""
4695
4696
#: serverguide/C/virtualization.xml:94(para)
4697
msgid ""
4698
"There are several ways to automate the Ubuntu installation process, for "
4699
"example using preseeds, kickstart, etc. Refer to the <ulink "
4700
"url=\"https://help.ubuntu.com/10.04 LTS/installation-guide/\">Ubuntu "
4701
"Installation Guide</ulink> for details."
4702
msgstr ""
4703
4704
#: serverguide/C/virtualization.xml:98(para)
4705
msgid ""
4706
"Yet another way to install an Ubuntu virtual machine is to use "
4707
"<application>ubuntu-vm-builder</application>. <application>ubuntu-vm-"
4708
"builder</application> allows you to setup advanced partitions, execute "
4709
"custom post-install scripts, etc. For details see <xref linkend=\"jeos-and-"
4710
"vmbuilder\"/>"
4711
msgstr ""
4712
4713
#: serverguide/C/virtualization.xml:104(title)
4714
msgid "virt-install"
4715
msgstr ""
4716
4717
#: serverguide/C/virtualization.xml:105(para)
4718
msgid ""
4719
"<application>virt-install</application> is part of the <application>python-"
4720
"virtinst</application> package. To install it, from a terminal prompt enter:"
4721
msgstr ""
4722
4723
#: serverguide/C/virtualization.xml:109(command)
4724
msgid "sudo apt-get install python-virtinst"
4725
msgstr ""
4726
4727
#: serverguide/C/virtualization.xml:111(para)
4728
msgid ""
4729
"There are several options available when using <application>virt-"
4730
"install</application>. For example:"
4731
msgstr ""
4732
4733
#: serverguide/C/virtualization.xml:115(command)
4734
msgid ""
4735
"sudo virt-install -n web_devel -r 256 -f web_devel.img \\ -s 4 -c jeos.iso --"
4736
"accelerate \\ --connect=qemu:///system --vnc \\ --noautoconsole -v"
4737
msgstr ""
4738
4739
#: serverguide/C/virtualization.xml:122(para)
4740
msgid ""
4741
"<emphasis>-n web_devel:</emphasis> the name of the new virtual machine will "
4742
"be <emphasis>web_devel</emphasis> in this example."
4743
msgstr ""
4744
4745
#: serverguide/C/virtualization.xml:127(para)
4746
msgid ""
4747
"<emphasis>-r 256:</emphasis> specifies the amount of memory the virtual "
4748
"machine will use."
4749
msgstr ""
4750
4751
#: serverguide/C/virtualization.xml:132(para)
4752
msgid ""
4753
"<emphasis>-f web_devel.img:</emphasis> indicates the path to the virtual "
4754
"disk which can be a file, partition, or logical volume. In this example a "
4755
"file named <filename>web_devel.img</filename>."
4756
msgstr ""
4757
4758
#: serverguide/C/virtualization.xml:138(para)
4759
msgid "<emphasis>-s 4:</emphasis> the size of the virtual disk."
4760
msgstr ""
4761
4762
#: serverguide/C/virtualization.xml:143(para)
4763
msgid ""
4764
"<emphasis>-c jeos.iso:</emphasis> file to be used as a virtual CDROM. The "
4765
"file can be either an ISO file or the path to the host's CDROM device."
4766
msgstr ""
4767
4768
#: serverguide/C/virtualization.xml:149(para)
4769
msgid ""
4770
"<emphasis>--accelerate:</emphasis> enables the kernel's acceleration "
4771
"technologies."
4772
msgstr ""
4773
4774
#: serverguide/C/virtualization.xml:154(para)
4775
msgid ""
4776
"<emphasis>--vnc:</emphasis> exports the guest's virtual console using VNC."
4777
msgstr ""
4778
4779
#: serverguide/C/virtualization.xml:159(para)
4780
msgid ""
4781
"<emphasis>--noautoconsole:</emphasis> will not automatically connect to the "
4782
"virtual machine's console."
4783
msgstr ""
4784
4785
#: serverguide/C/virtualization.xml:164(para)
4786
msgid "<emphasis>-v:</emphasis> creates a fully virtualized guest."
4787
msgstr ""
4788
4789
#: serverguide/C/virtualization.xml:169(para)
4790
msgid ""
4791
"After launching <application>virt-install</application> you can connect to "
4792
"the virtual machine's console either locally using a GUI or with the "
4793
"<application>virt-viewer</application> utility."
4794
msgstr ""
4795
4796
#: serverguide/C/virtualization.xml:175(title)
4797
msgid "virt-clone"
4798
msgstr ""
4799
4800
#: serverguide/C/virtualization.xml:176(para)
4801
msgid ""
4802
"The <application>virt-clone</application> application can be used to copy "
4803
"one virtual machine to another. For example:"
4804
msgstr ""
4805
4806
#: serverguide/C/virtualization.xml:180(command)
4807
msgid ""
4808
"sudo virt-clone -o web_devel -n database_devel -f "
4809
"/path/to/database_devel.img --connect=qemu:///system"
4810
msgstr ""
4811
4812
#: serverguide/C/virtualization.xml:184(para)
4813
msgid "<emphasis>-o:</emphasis> original virtual machine."
4814
msgstr ""
4815
4816
#: serverguide/C/virtualization.xml:189(para)
4817
msgid "<emphasis>-n:</emphasis> name of the new virtual machine."
4818
msgstr ""
4819
4820
#: serverguide/C/virtualization.xml:194(para)
4821
msgid ""
4822
"<emphasis>-f:</emphasis> path to the file, logical volume, or partition to "
4823
"be used by the new virtual machine."
4824
msgstr ""
4825
4826
#: serverguide/C/virtualization.xml:199(para)
4827
msgid ""
4828
"<emphasis>--connect:</emphasis> specifies which hypervisor to connect to."
4829
msgstr ""
4830
4831
#: serverguide/C/virtualization.xml:204(para)
4832
msgid ""
4833
"Also, use <emphasis>-d</emphasis> or <emphasis>--debug</emphasis> option to "
4834
"help troubleshoot problems with <application>virt-clone</application>."
4835
msgstr ""
4836
4837
#: serverguide/C/virtualization.xml:209(para)
4838
msgid ""
4839
"Replace <emphasis>web_devel</emphasis> and "
4840
"<emphasis>database_devel</emphasis> with appropriate virtual machine names."
4841
msgstr ""
4842
4843
#: serverguide/C/virtualization.xml:215(title)
4844
msgid "Virtual Machine Management"
4845
msgstr ""
4846
4847
#: serverguide/C/virtualization.xml:217(title)
4848
msgid "virsh"
4849
msgstr ""
4850
4851
#: serverguide/C/virtualization.xml:218(para)
4852
msgid ""
4853
"There are several utilities available to manage virtual machines and "
4854
"<application>libvirt</application>. The <application>virsh</application> "
4855
"utility can be used from the command line. Some examples:"
4856
msgstr ""
4857
4858
#: serverguide/C/virtualization.xml:224(para)
4859
msgid "To list running virtual machines:"
4860
msgstr ""
4861
4862
#: serverguide/C/virtualization.xml:228(command)
4863
msgid "virsh -c qemu:///system list"
4864
msgstr ""
4865
4866
#: serverguide/C/virtualization.xml:232(para)
4867
msgid "To start a virtual machine:"
4868
msgstr ""
4869
4870
#: serverguide/C/virtualization.xml:236(command)
4871
msgid "virsh -c qemu:///system start web_devel"
4872
msgstr ""
4873
4874
#: serverguide/C/virtualization.xml:240(para)
4875
msgid "Similarly, to start a virtual machine at boot:"
4876
msgstr ""
4877
4878
#: serverguide/C/virtualization.xml:244(command)
4879
msgid "virsh -c qemu:///system autostart web_devel"
4880
msgstr ""
4881
4882
#: serverguide/C/virtualization.xml:248(para)
4883
msgid "Reboot a virtual machine with:"
4884
msgstr ""
4885
4886
#: serverguide/C/virtualization.xml:252(command)
4887
msgid "virsh -c qemu:///system reboot web_devel"
4888
msgstr ""
4889
4890
#: serverguide/C/virtualization.xml:256(para)
4891
msgid ""
4892
"The <emphasis>state</emphasis> of virtual machines can be saved to a file in "
4893
"order to be restored later. The following will save the virtual machine "
4894
"state into a file named according to the date:"
4895
msgstr ""
4896
4897
#: serverguide/C/virtualization.xml:261(command)
4898
msgid "virsh -c qemu:///system save web_devel web_devel-022708.state"
4899
msgstr ""
4900
4901
#: serverguide/C/virtualization.xml:263(para)
4902
msgid "Once saved the virtual machine will no longer be running."
4903
msgstr ""
4904
4905
#: serverguide/C/virtualization.xml:268(para)
4906
msgid "A saved virtual machine can be restored using:"
4907
msgstr ""
4908
4909
#: serverguide/C/virtualization.xml:272(command)
4910
msgid "virsh -c qemu:///system restore web_devel-022708.state"
4911
msgstr ""
4912
4913
#: serverguide/C/virtualization.xml:276(para)
4914
msgid "To shutdown a virtual machine do:"
4915
msgstr ""
4916
4917
#: serverguide/C/virtualization.xml:280(command)
4918
msgid "virsh -c qemu:///system shutdown web_devel"
4919
msgstr ""
4920
4921
#: serverguide/C/virtualization.xml:284(para)
4922
msgid "A CDROM device can be mounted in a virtual machine by entering:"
4923
msgstr ""
4924
4925
#: serverguide/C/virtualization.xml:288(command)
4926
msgid "virsh -c qemu:///system attach-disk web_devel /dev/cdrom /media/cdrom"
4927
msgstr ""
4928
4929
#: serverguide/C/virtualization.xml:293(para)
4930
msgid ""
4931
"In the above examples replace <emphasis>web_devel</emphasis> with the "
4932
"appropriate virtual machine name, and <filename>web_devel-"
4933
"022708.state</filename> with a descriptive file name."
4934
msgstr ""
4935
4936
#: serverguide/C/virtualization.xml:300(title)
4937
msgid "Virtual Machine Manager"
4938
msgstr ""
4939
4940
#: serverguide/C/virtualization.xml:301(para)
4941
msgid ""
4942
"The <application>virt-manager</application> package contains a graphical "
4943
"utility to manage local and remote virtual machines. To install virt-manager "
4944
"enter:"
4945
msgstr ""
4946
4947
#: serverguide/C/virtualization.xml:306(command)
4948
msgid "sudo apt-get install virt-manager"
4949
msgstr ""
4950
4951
#: serverguide/C/virtualization.xml:308(para)
4952
msgid ""
4953
"Since <application>virt-manager</application> requires a Graphical User "
4954
"Interface (GUI) environment it is recommended to be installed on a "
4955
"workstation or test machine instead of a production server. To connect to "
4956
"the local <application>libvirt</application> service enter:"
4957
msgstr ""
4958
4959
#: serverguide/C/virtualization.xml:314(command)
4960
msgid "virt-manager -c qemu:///system"
4961
msgstr ""
4962
4963
#: serverguide/C/virtualization.xml:316(para)
4964
msgid ""
4965
"You can connect to the <application>libvirt</application> service running on "
4966
"another host by entering the following in a terminal prompt:"
4967
msgstr ""
4968
4969
#: serverguide/C/virtualization.xml:320(command)
4970
msgid "virt-manager -c qemu+ssh://virtnode1.mydomain.com/system"
4971
msgstr ""
4972
4973
#: serverguide/C/virtualization.xml:323(para)
4974
msgid ""
4975
"The above example assumes that <application>SSH</application> connectivity "
4976
"between the management system and virtnode1.mydomain.com has already been "
4977
"configured, and uses SSH keys for authentication. SSH "
4978
"<emphasis>keys</emphasis> are needed because "
4979
"<application>libvirt</application> sends the password prompt to another "
4980
"process. For details on configuring <application>SSH</application> see <xref "
4981
"linkend=\"openssh-server\"/>"
4982
msgstr ""
4983
4984
#: serverguide/C/virtualization.xml:333(title)
4985
msgid "Virtual Machine Viewer"
4986
msgstr ""
4987
4988
#: serverguide/C/virtualization.xml:334(para)
4989
msgid ""
4990
"The <application>virt-viewer</application> application allows you to connect "
4991
"to a virtual machine's console. <application>virt-viewer</application> does "
4992
"require a Graphical User Interface (GUI) to interface with the virtual "
4993
"machine."
4994
msgstr ""
4995
4996
#: serverguide/C/virtualization.xml:338(para)
4997
msgid ""
4998
"To install <application>virt-viewer</application> from a terminal enter:"
4999
msgstr ""
5000
5001
#: serverguide/C/virtualization.xml:342(command)
5002
msgid "sudo apt-get install virt-viewer"
5003
msgstr ""
5004
5005
#: serverguide/C/virtualization.xml:344(para)
5006
msgid ""
5007
"Once a virtual machine is installed and running you can connect to the "
5008
"virtual machine's console by using:"
5009
msgstr ""
5010
5011
#: serverguide/C/virtualization.xml:348(command)
5012
msgid "virt-viewer -c qemu:///system web_devel"
5013
msgstr ""
5014
5015
#: serverguide/C/virtualization.xml:350(para)
5016
msgid ""
5017
"Similar to <application>virt-manager</application>, <application>virt-"
5018
"viewer</application> can connect to a remote host using "
5019
"<emphasis>SSH</emphasis> with key authentication, as well:"
5020
msgstr ""
5021
5022
#: serverguide/C/virtualization.xml:355(command)
5023
msgid "virt-viewer -c qemu+ssh://virtnode1.mydomain.com/system web_devel"
5024
msgstr ""
5025
5026
#: serverguide/C/virtualization.xml:357(para)
5027
msgid ""
5028
"Be sure to replace <emphasis role=\"italic\">web_devel</emphasis> with the "
5029
"appropriate virtual machine name."
5030
msgstr ""
5031
5032
#: serverguide/C/virtualization.xml:360(para)
5033
msgid ""
5034
"If configured to use a <emphasis>bridged</emphasis> network interface you "
5035
"can also setup <application>SSH</application> access to the virtual machine. "
5036
"See <xref linkend=\"openssh-server\"/> and <xref linkend=\"bridging\"/> for "
5037
"more details."
5038
msgstr ""
5039
5040
#: serverguide/C/virtualization.xml:369(para)
5041
msgid ""
5042
"See the <ulink url=\"http://kvm.qumranet.com/kvmwiki\">KVM</ulink> home page "
5043
"for more details."
5044
msgstr ""
5045
5046
#: serverguide/C/virtualization.xml:374(para)
5047
msgid ""
5048
"For more information on <application>libvirt</application> see the <ulink "
5049
"url=\"http://libvirt.org/\">libvirt home page</ulink>"
5050
msgstr ""
5051
5052
#: serverguide/C/virtualization.xml:379(para)
5053
msgid ""
5054
"The <ulink url=\"http://virt-manager.et.redhat.com/\">Virtual Machine "
5055
"Manager</ulink> site has more information on <application>virt-"
5056
"manager</application> development."
5057
msgstr ""
5058
5059
#: serverguide/C/virtualization.xml:385(para)
5060
msgid ""
5061
"Also, stop by the <emphasis>#ubuntu-virt</emphasis> IRC channel on <ulink "
5062
"url=\"http://freenode.net/\">freenode</ulink> to discuss virtualization "
5063
"technology in Ubuntu."
5064
msgstr ""
5065
5066
#: serverguide/C/virtualization.xml:391(para)
5067
msgid ""
5068
"Another good resource is the <ulink "
5069
"url=\"https://help.ubuntu.com/community/KVM\">Ubuntu Wiki KVM</ulink> page."
5070
msgstr ""
5071
5072
#: serverguide/C/virtualization.xml:399(title)
5073
msgid "JeOS and vmbuilder"
5074
msgstr ""
5075
5076
#: serverguide/C/virtualization.xml:405(title)
5077
msgid "What is JeOS"
5078
msgstr ""
5079
5080
#: serverguide/C/virtualization.xml:407(para)
5081
msgid ""
5082
"Ubuntu <emphasis>JeOS</emphasis> (pronounced \"Juice\") is an efficient "
5083
"variant of the Ubuntu Server operating system, configured specifically for "
5084
"virtual appliances. No longer available as a CD-ROM ISO for download, but "
5085
"only as an option either:"
5086
msgstr ""
5087
5088
#: serverguide/C/virtualization.xml:414(para)
5089
msgid ""
5090
"While installing from the Server Edition ISO (pressing "
5091
"<emphasis>F4</emphasis> on the first screen will allow you to pick \"Minimal "
5092
"installation\", which is the package selection equivalent to JeOS)."
5093
msgstr ""
5094
5095
#: serverguide/C/virtualization.xml:420(para)
5096
msgid "Or to be built using Ubuntu's vmbuilder, which is described here."
5097
msgstr ""
5098
5099
#: serverguide/C/virtualization.xml:426(para)
5100
msgid ""
5101
"JeOS is a specialized installation of Ubuntu Server Edition with a tuned "
5102
"kernel that only contains the base elements needed to run within a "
5103
"virtualized environment."
5104
msgstr ""
5105
5106
#: serverguide/C/virtualization.xml:431(para)
5107
msgid ""
5108
"Ubuntu JeOS has been tuned to take advantage of key performance technologies "
5109
"in the latest virtualization products from VMware. This combination of "
5110
"reduced size and optimized performance ensures that Ubuntu JeOS Edition "
5111
"delivers a highly efficient use of server resources in large virtual "
5112
"deployments."
5113
msgstr ""
5114
5115
#: serverguide/C/virtualization.xml:437(para)
5116
msgid ""
5117
"Without unnecessary drivers, and only the minimal required packages, ISVs "
5118
"can configure their supporting OS exactly as they require. They have the "
5119
"peace of mind that updates, whether for security or enhancement reasons, "
5120
"will be limited to the bare minimum of what is required in their specific "
5121
"environment. In turn, users deploying virtual appliances built on top of "
5122
"JeOS will have to go through fewer updates and therefore less maintenance "
5123
"than they would have had to with a standard full installation of a server."
5124
msgstr ""
5125
5126
#: serverguide/C/virtualization.xml:446(title)
5127
msgid "What is vmbuilder"
5128
msgstr ""
5129
5130
#: serverguide/C/virtualization.xml:448(para)
5131
msgid ""
5132
"With vmbuilder, there is no need to download a JeOS ISO anymore. vmbuilder "
5133
"will fetch the various package and build a virtual machine tailored for your "
5134
"needs in about a minute. vmbuilder is a script that automates the process of "
5135
"creating a ready to use Linux based VM. The currently supported hypervisors "
5136
"are KVM and Xen."
5137
msgstr ""
5138
5139
#: serverguide/C/virtualization.xml:454(para)
5140
msgid ""
5141
"You can pass command line options to add extra packages, remove packages, "
5142
"choose which version of Ubuntu, which mirror etc. On recent hardware with "
5143
"plenty of RAM, tmpdir in <filename>/dev/shm</filename> or using a tmpfs, and "
5144
"a local mirror, you can bootstrap a VM in less than a minute."
5145
msgstr ""
5146
5147
#: serverguide/C/virtualization.xml:460(para)
5148
msgid ""
5149
"First introduced as a shell script in Ubuntu 8.04 LTS, <application>ubuntu-"
5150
"vm-builder</application> started with little emphasis as a hack to help "
5151
"developers test their new code in a virtual machine without having to "
5152
"restart from scratch each time. As a few Ubuntu administrators started to "
5153
"notice this script, a few of them went on improving it and adapting it for "
5154
"so many use case that Soren Hansen (the author of the script and Ubuntu "
5155
"virtualization specialist, not the golf player) decided to rewrite it from "
5156
"scratch for Intrepid as a python script with a few new design goals:"
5157
msgstr ""
5158
5159
#: serverguide/C/virtualization.xml:470(para)
5160
msgid "Develop it so that it can be reused by other distributions."
5161
msgstr ""
5162
5163
#: serverguide/C/virtualization.xml:475(para)
5164
msgid ""
5165
"Use a plugin mechanisms for all virtualization interactions so that others "
5166
"can easily add logic for other virtualization environments."
5167
msgstr ""
5168
5169
#: serverguide/C/virtualization.xml:480(para)
5170
msgid ""
5171
"Provide an easy to maintain web interface as an option to the command line "
5172
"interface."
5173
msgstr ""
5174
5175
#: serverguide/C/virtualization.xml:486(para)
5176
msgid "But the general principles and commands remain the same."
5177
msgstr ""
5178
5179
#: serverguide/C/virtualization.xml:493(title)
5180
msgid "Initial Setup"
5181
msgstr ""
5182
5183
#: serverguide/C/virtualization.xml:495(para)
5184
msgid ""
5185
"It is assumed that you have installed and configured "
5186
"<application>libvirt</application> and <application>KVM</application> "
5187
"locally on the machine you are using. For details on how to perform this, "
5188
"please refer to:"
5189
msgstr ""
5190
5191
#: serverguide/C/virtualization.xml:507(para)
5192
msgid ""
5193
"The <ulink url=\"https://help.ubuntu.com/community/KVM\">KVM</ulink> Wiki "
5194
"page."
5195
msgstr ""
5196
5197
#: serverguide/C/virtualization.xml:513(para)
5198
msgid ""
5199
"We also assume that you know how to use a text based text editor such as "
5200
"nano or vi. If you have not used any of them before, you can get an overview "
5201
"of the various text editors available by reading the <ulink "
5202
"url=\"https://help.ubuntu.com/community/PowerUsersTextEditors\">PowerUsersTex"
5203
"tEditors</ulink> page. This tutorial has been done on KVM, but the general "
5204
"principle should remain on other virtualization technologies."
5205
msgstr ""
5206
5207
#: serverguide/C/virtualization.xml:521(title)
5208
msgid "Install vmbuilder"
5209
msgstr ""
5210
5211
#: serverguide/C/virtualization.xml:523(para)
5212
msgid ""
5213
"The name of the package that we need to install is <application>python-vm-"
5214
"builder</application>. In a terminal prompt enter:"
5215
msgstr ""
5216
5217
#: serverguide/C/virtualization.xml:528(command)
5218
msgid "sudo apt-get install python-vm-builder"
5219
msgstr ""
5220
5221
#: serverguide/C/virtualization.xml:532(para)
5222
msgid ""
5223
"If you are running Hardy, you can still perform most of this using the older "
5224
"version of the package named <application>ubuntu-vm-builder</application>, "
5225
"there are only a few changes to the syntax of the tool."
5226
msgstr ""
5227
5228
#: serverguide/C/virtualization.xml:541(title)
5229
msgid "Defining Your Virtual Machine"
5230
msgstr ""
5231
5232
#: serverguide/C/virtualization.xml:543(para)
5233
msgid ""
5234
"Defining a virtual machine with Ubuntu's vmbuilder is quite simple, but here "
5235
"are a few thing to consider:"
5236
msgstr ""
5237
5238
#: serverguide/C/virtualization.xml:549(para)
5239
msgid ""
5240
"If you plan on shipping a virtual appliance, do not assume that the end-user "
5241
"will know how to extend disk size to fit their need, so either plan for a "
5242
"large virtual disk to allow for your appliance to grow, or explain fairly "
5243
"well in your documentation how to allocate more space. It might actually be "
5244
"a good idea to store data on some separate external storage."
5245
msgstr ""
5246
5247
#: serverguide/C/virtualization.xml:556(para)
5248
msgid ""
5249
"Given that RAM is much easier to allocate in a VM, RAM size should be set to "
5250
"whatever you think is a safe minimum for your appliance."
5251
msgstr ""
5252
5253
#: serverguide/C/virtualization.xml:562(para)
5254
msgid ""
5255
"The <application>vmbuilder</application> command has 2 main parameters: the "
5256
"<emphasis>virtualization technology (hypervisor)</emphasis> and the targeted "
5257
"<emphasis>distribution</emphasis>. Optional parameters are quite numerous "
5258
"and can be found using the following command:"
5259
msgstr ""
5260
5261
#: serverguide/C/virtualization.xml:568(command)
5262
msgid "vmbuilder --help"
5263
msgstr ""
5264
5265
#: serverguide/C/virtualization.xml:572(title)
5266
msgid "Base Parameters"
5267
msgstr ""
5268
5269
#: serverguide/C/virtualization.xml:574(para)
5270
msgid ""
5271
"As this example is based on <application>KVM</application> and Ubuntu 10.04 "
5272
"LTS (Lucid Lynx), and we are likely to rebuild the same virtual machine "
5273
"multiple time, we'll invoke vmbuilder with the following first parameters:"
5274
msgstr ""
5275
5276
#: serverguide/C/virtualization.xml:580(command)
5277
msgid ""
5278
"sudo vmbuilder kvm ubuntu --suite lucid --flavour virtual --arch i386 -o --"
5279
"libvirt qemu:///system"
5280
msgstr ""
5281
5282
#: serverguide/C/virtualization.xml:583(para)
5283
msgid ""
5284
"The <emphasis>--suite</emphasis> defines the Ubuntu release, the <emphasis>--"
5285
"flavour</emphasis> specifies that we want to use the virtual kernel (that's "
5286
"the one used to build a JeOS image), the <emphasis>--arch</emphasis> tells "
5287
"that we want to use a 32 bit machine, the <emphasis>-o</emphasis> tells "
5288
"vmbuilder to overwrite the previous version of the VM and the <emphasis>--"
5289
"libvirt</emphasis> tells to inform the local virtualization environment to "
5290
"add the resulting VM to the list of available machines."
5291
msgstr ""
5292
5293
#: serverguide/C/virtualization.xml:591(para)
5294
msgid "Notes:"
5295
msgstr ""
5296
5297
#: serverguide/C/virtualization.xml:597(para)
5298
msgid ""
5299
"Because of the nature of operations performed by vmbuilder, it needs to have "
5300
"root privilege, hence the use of sudo."
5301
msgstr ""
5302
5303
#: serverguide/C/virtualization.xml:602(para)
5304
msgid ""
5305
"If your virtual machine needs to use more than 3Gb of ram, you should build "
5306
"a 64 bit machine (--arch amd64)."
5307
msgstr ""
5308
5309
#: serverguide/C/virtualization.xml:607(para)
5310
msgid ""
5311
"Until Ubuntu 8.10, the virtual kernel was only built for 32 bit "
5312
"architecture, so if you want to define an amd64 machine on Hardy, you should "
5313
"use <emphasis>--flavour</emphasis> server instead."
5314
msgstr ""
5315
5316
#: serverguide/C/virtualization.xml:615(title)
5317
msgid "JeOS Installation Parameters"
5318
msgstr ""
5319
5320
#: serverguide/C/virtualization.xml:618(title)
5321
msgid "JeOS Networking"
5322
msgstr ""
5323
5324
#: serverguide/C/virtualization.xml:621(title)
5325
msgid "Assigning a fixed IP address"
5326
msgstr ""
5327
5328
#: serverguide/C/virtualization.xml:623(para)
5329
msgid ""
5330
"As a virtual appliance that may be deployed on various very different "
5331
"networks, it is very difficult to know what the actual network will look "
5332
"like. In order to simplify configuration, it is a good idea to take an "
5333
"approach similar to what network hardware vendors usually do, namely "
5334
"assigning an initial fixed IP address to the appliance in a private class "
5335
"network that you will provide in your documentation. An address in the range "
5336
"192.168.0.0/255 is usually a good choice."
5337
msgstr ""
5338
5339
#: serverguide/C/virtualization.xml:630(para)
5340
msgid "To do this we'll use the following parameters:"
5341
msgstr ""
5342
5343
#: serverguide/C/virtualization.xml:636(para)
5344
msgid ""
5345
"<emphasis>--ip ADDRESS</emphasis>: IP address in dotted form (defaults to "
5346
"dhcp if not specified)"
5347
msgstr ""
5348
5349
#: serverguide/C/virtualization.xml:641(para)
5350
msgid ""
5351
"<emphasis>--mask VALUE</emphasis>: IP mask in dotted form (default: "
5352
"255.255.255.0)"
5353
msgstr ""
5354
5355
#: serverguide/C/virtualization.xml:646(para)
5356
msgid "<emphasis>--net VALUE</emphasis>: IP net address (default: X.X.X.0)"
5357
msgstr ""
5358
5359
#: serverguide/C/virtualization.xml:651(para)
5360
msgid "<emphasis>--bcast VALUE</emphasis>: IP broadcast (default: X.X.X.255)"
5361
msgstr ""
5362
5363
#: serverguide/C/virtualization.xml:656(para)
5364
msgid "<emphasis>--gw ADDRESS</emphasis>: Gateway address (default: X.X.X.1)"
5365
msgstr ""
5366
5367
#: serverguide/C/virtualization.xml:661(para)
5368
msgid ""
5369
"<emphasis>--dns ADDRESS</emphasis>: Name server address (default: X.X.X.1)"
5370
msgstr ""
5371
5372
#: serverguide/C/virtualization.xml:667(para)
5373
msgid ""
5374
"We assume for now that default values are good enough, so the resulting "
5375
"invocation becomes:"
5376
msgstr ""
5377
5378
#: serverguide/C/virtualization.xml:672(command)
5379
msgid ""
5380
"sudo vmbuilder kvm ubuntu --suite lucid --flavour virtual --arch i386 -o --"
5381
"libvirt qemu:///system --ip 192.168.0.100"
5382
msgstr ""
5383
5384
#: serverguide/C/virtualization.xml:677(title)
5385
msgid "Modifying the libvirt Template to use Bridging"
5386
msgstr ""
5387
5388
#: serverguide/C/virtualization.xml:679(para)
5389
msgid ""
5390
"Because our appliance will be likely to need to be accessed by remote hosts, "
5391
"we need to configure libvirt so that the appliance uses bridge networking. "
5392
"To do this we use vmbuilder template mechanism to modify the default one."
5393
msgstr ""
5394
5395
#: serverguide/C/virtualization.xml:684(para)
5396
msgid ""
5397
"In our working directory we create the template hierarchy and copy the "
5398
"default template:"
5399
msgstr ""
5400
5401
#: serverguide/C/virtualization.xml:689(command)
5402
msgid "mkdir -p VMBuilder/plugins/libvirt/templates"
5403
msgstr ""
5404
5405
#: serverguide/C/virtualization.xml:690(command)
5406
msgid "cp /etc/vmbuilder/libvirt/* VMBuilder/plugins/libvirt/templates/"
5407
msgstr ""
5408
5409
#: serverguide/C/virtualization.xml:693(para)
5410
msgid ""
5411
"We can then edit "
5412
"<filename>VMBuilder/plugins/libvirt/templates/libvirtxml.tmpl</filename> to "
5413
"change:"
5414
msgstr ""
5415
5416
#: serverguide/C/virtualization.xml:697(programlisting)
5417
#, no-wrap
5418
msgid ""
5419
"\n"
5420
" <interface type='network'>\n"
5421
" <source network='default'/>\n"
5422
" </interface>\n"
5423
msgstr ""
5424
5425
#: serverguide/C/virtualization.xml:703(para)
5426
msgid "To:"
5427
msgstr ""
5428
5429
#: serverguide/C/virtualization.xml:707(programlisting)
5430
#, no-wrap
5431
msgid ""
5432
"\n"
5433
" <interface type='bridge'>\n"
5434
" <source bridge='br0'/>\n"
5435
" </interface>\n"
5436
msgstr ""
5437
5438
#: serverguide/C/virtualization.xml:717(title) serverguide/C/installation.xml:459(title)
5439
msgid "Partitioning"
5440
msgstr ""
5441
5442
#: serverguide/C/virtualization.xml:719(para)
5443
msgid ""
5444
"Partitioning of the virtual appliance will have to take into consideration "
5445
"what you are planning to do with is. Because most appliances want to have a "
5446
"separate storage for data, having a separate <filename>/var</filename> would "
5447
"make sense."
5448
msgstr ""
5449
5450
#: serverguide/C/virtualization.xml:724(para)
5451
msgid ""
5452
"In order to do this vmbuilder provides us with <emphasis>--part</emphasis>:"
5453
msgstr ""
5454
5455
#: serverguide/C/virtualization.xml:728(programlisting)
5456
#, no-wrap
5457
msgid ""
5458
"\n"
5459
"--part PATH\n"
5460
" Allows you to specify a partition table in a partition file, located at "
5461
"PATH. Each line of the partition file should specify\n"
5462
" (root first):\n"
5463
" mountpoint size\n"
5464
" where size is in megabytes. You can have up to 4 virtual disks, a new "
5465
"disk starts on a\n"
5466
" line with ’---’. ie :\n"
5467
" root 1000\n"
5468
" /opt 1000\n"
5469
" swap 256\n"
5470
" ---\n"
5471
" /var 2000\n"
5472
" /log 1500\n"
5473
msgstr ""
5474
5475
#: serverguide/C/virtualization.xml:743(para)
5476
msgid ""
5477
"In our case we will define a text file name "
5478
"<filename>vmbuilder.partition</filename> which will contain the following:"
5479
msgstr ""
5480
5481
#: serverguide/C/virtualization.xml:747(programlisting)
5482
#, no-wrap
5483
msgid ""
5484
"\n"
5485
"root 8000\n"
5486
"swap 4000\n"
5487
"---\n"
5488
"/var 20000\n"
5489
msgstr ""
5490
5491
#: serverguide/C/virtualization.xml:755(para)
5492
msgid ""
5493
"Note that as we are using virtual disk images, the actual sizes that we put "
5494
"here are maximum sizes for these volumes."
5495
msgstr ""
5496
5497
#: serverguide/C/virtualization.xml:760(para)
5498
msgid "Our command line now looks like:"
5499
msgstr ""
5500
5501
#: serverguide/C/virtualization.xml:765(command)
5502
msgid ""
5503
"sudo vmbuilder kvm ubuntu --suite lucid --flavour virtual --arch i386 \\ -o -"
5504
"-libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition"
5505
msgstr ""
5506
5507
#: serverguide/C/virtualization.xml:770(para)
5508
msgid ""
5509
"Using a \"\\\" in a command will allow long command strings to wrap to the "
5510
"next line."
5511
msgstr ""
5512
5513
#: serverguide/C/virtualization.xml:777(title)
5514
msgid "User and Password"
5515
msgstr ""
5516
5517
#: serverguide/C/virtualization.xml:779(para)
5518
msgid ""
5519
"Again setting up a virtual appliance, you will need to provide a default "
5520
"user and password that is generic so that you can include it in your "
5521
"documentation. We will see later on in this tutorial how we will provide "
5522
"some security by defining a script that will be run the first time a user "
5523
"actually logs in the appliance, that will, among other things, ask him to "
5524
"change his password. In this example I will use <emphasis>'user'</emphasis> "
5525
"as my user name, and <emphasis>'default'</emphasis> as the password."
5526
msgstr ""
5527
5528
#: serverguide/C/virtualization.xml:787(para)
5529
msgid "To do this we use the following optional parameters:"
5530
msgstr ""
5531
5532
#: serverguide/C/virtualization.xml:793(para)
5533
msgid ""
5534
"<emphasis>--user USERNAME:</emphasis> Sets the name of the user to be added. "
5535
"Default: ubuntu."
5536
msgstr ""
5537
5538
#: serverguide/C/virtualization.xml:798(para)
5539
msgid ""
5540
"<emphasis>--name FULLNAME:</emphasis> Sets the full name of the user to be "
5541
"added. Default: Ubuntu."
5542
msgstr ""
5543
5544
#: serverguide/C/virtualization.xml:803(para)
5545
msgid ""
5546
"<emphasis>--pass PASSWORD:</emphasis> Sets the password for the user. "
5547
"Default: ubuntu."
5548
msgstr ""
5549
5550
#: serverguide/C/virtualization.xml:809(para)
5551
msgid "Our resulting command line becomes:"
5552
msgstr ""
5553
5554
#: serverguide/C/virtualization.xml:814(command)
5555
msgid ""
5556
"sudo vmbuilder kvm ubuntu --suite lucid --flavour virtual --arch i386 \\ -o -"
5557
"-libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition \\ --"
5558
"user user --name user --pass default"
5559
msgstr ""
5560
5561
#: serverguide/C/virtualization.xml:822(title)
5562
msgid "Installing Required Packages"
5563
msgstr ""
5564
5565
#: serverguide/C/virtualization.xml:824(para)
5566
msgid ""
5567
"In this example we will be installing a package "
5568
"<application>(Limesurvey)</application> that accesses a "
5569
"<application>MySQL</application> database and has a web interface. We will "
5570
"therefore require our OS to provide us with:"
5571
msgstr ""
5572
5573
#: serverguide/C/virtualization.xml:831(para)
5574
msgid "Apache"
5575
msgstr ""
5576
5577
#: serverguide/C/virtualization.xml:832(para)
5578
msgid "PHP"
5579
msgstr ""
5580
5581
#: serverguide/C/virtualization.xml:833(para) serverguide/C/databases.xml:19(trademark) serverguide/C/databases.xml:31(title)
5582
msgid "MySQL"
5583
msgstr ""
5584
5585
#: serverguide/C/virtualization.xml:834(para) serverguide/C/remote-administration.xml:20(title)
5586
msgid "OpenSSH Server"
5587
msgstr ""
5588
5589
#: serverguide/C/virtualization.xml:835(para)
5590
msgid "Limesurvey (as an example application that we have packaged)"
5591
msgstr ""
5592
5593
#: serverguide/C/virtualization.xml:838(para)
5594
msgid ""
5595
"This is done using vmbuilder by specifying the --addpkg option multiple "
5596
"times:"
5597
msgstr ""
5598
5599
#: serverguide/C/virtualization.xml:842(programlisting)
5600
#, no-wrap
5601
msgid ""
5602
"\n"
5603
"--addpkg PKG\n"
5604
" Install PKG into the guest (can be specfied multiple times)\n"
5605
msgstr ""
5606
5607
#: serverguide/C/virtualization.xml:847(para)
5608
msgid ""
5609
"However, due to the way vmbuilder operates, packages that have to ask "
5610
"questions to the user during the post install phase are not supported and "
5611
"should instead be installed while interactivity can occur. This is the case "
5612
"of Limesurvey, which we will have to install later, once the user logs in."
5613
msgstr ""
5614
5615
#: serverguide/C/virtualization.xml:853(para)
5616
msgid ""
5617
"Other packages that ask simple debconf question, such as <application>mysql-"
5618
"server</application> asking to set a password, the package can be installed "
5619
"immediately, but we will have to reconfigure it the first time the user logs "
5620
"in."
5621
msgstr ""
5622
5623
#: serverguide/C/virtualization.xml:859(para)
5624
msgid ""
5625
"If some packages that we need to install are not in main, we need to enable "
5626
"the additional repositories using --comp and --ppa:"
5627
msgstr ""
5628
5629
#: serverguide/C/virtualization.xml:863(programlisting)
5630
#, no-wrap
5631
msgid ""
5632
"\n"
5633
"--components COMP1,COMP2,...,COMPN\n"
5634
" A comma separated list of distro components to include (e.g. "
5635
"main,universe). This defaults\n"
5636
" to \"main\"\n"
5637
"--ppa=PPA Add ppa belonging to PPA to the vm's sources.list.\n"
5638
msgstr ""
5639
5640
#: serverguide/C/virtualization.xml:870(para)
5641
msgid ""
5642
"Limesurvey not being part of the archive at the moment, we'll specify it's "
5643
"PPA (personal package archive) address so that it is added to the VM "
5644
"<filename>/etc/apt/source.list</filename>, so we add the following options "
5645
"to the command line:"
5646
msgstr ""
5647
5648
#: serverguide/C/virtualization.xml:876(command)
5649
msgid ""
5650
"--addpkg apache2 --addpkg apache2-mpm-prefork --addpkg apache2-utils --"
5651
"addpkg apache2.2-common \\ --addpkg dbconfig-common --addpkg libapache2-mod-"
5652
"php5 --addpkg mysql-client --addpkg php5-cli \\ --addpkg php5-gd --addpkg "
5653
"php5-ldap --addpkg php5-mysql --addpkg wwwconfig-common \\ --addpkg mysql-"
5654
"server --ppa nijaba"
5655
msgstr ""
5656
5657
#: serverguide/C/virtualization.xml:883(title)
5658
msgid "OpenSSH"
5659
msgstr ""
5660
5661
#: serverguide/C/virtualization.xml:885(para)
5662
msgid ""
5663
"Another convenient tool that we want to have on our appliance is OpenSSH, as "
5664
"it will allow our admins to access the appliance remotely. However, pushing "
5665
"in the wild an appliance with a pre-installed OpenSSH server is a big "
5666
"security risk as all these server will share the same secret key, making it "
5667
"very easy for hackers to target our appliance with all the tools they need "
5668
"to crack it open in a breeze. As for the user password, we will instead rely "
5669
"on a script that will install OpenSSH the first time a user logs in so that "
5670
"the key generated will be different for each appliance. For this we'll use a "
5671
"<emphasis>--firstboot</emphasis> script, as it does not need any user "
5672
"interaction."
5673
msgstr ""
5674
5675
#: serverguide/C/virtualization.xml:897(title)
5676
msgid "Speed Considerations"
5677
msgstr ""
5678
5679
#: serverguide/C/virtualization.xml:900(title)
5680
msgid "Package Caching"
5681
msgstr ""
5682
5683
#: serverguide/C/virtualization.xml:902(para)
5684
msgid ""
5685
"When vmbuilder creates builds your system, it has to go fetch each one of "
5686
"the packages that composes it over the network to one of the official "
5687
"repositories, which, depending on your internet connection speed and the "
5688
"load of the mirror, can have a big impact on the actual build time. In order "
5689
"to reduce this, it is recommended to either have a local repository (which "
5690
"can be created using <application>apt-mirror</application>) or using a "
5691
"caching proxy such as <application>apt-proxy</application>. The later option "
5692
"being much simpler to implement and requiring less disk space, it is the one "
5693
"we will pick in this tutorial. To install it, simply type:"
5694
msgstr ""
5695
5696
#: serverguide/C/virtualization.xml:912(command)
5697
msgid "sudo apt-get install apt-proxy"
5698
msgstr ""
5699
5700
#: serverguide/C/virtualization.xml:915(para)
5701
msgid ""
5702
"Once this is complete, your (empty) proxy is ready for use on "
5703
"http://mirroraddress:9999 and will find ubuntu repository under /ubuntu. For "
5704
"vmbuilder to use it, we'll have to use the <emphasis>--mirror</emphasis> "
5705
"option:"
5706
msgstr ""
5707
5708
#: serverguide/C/virtualization.xml:920(programlisting)
5709
#, no-wrap
5710
msgid ""
5711
"\n"
5712
"--mirror=URL Use Ubuntu mirror at URL instead of the default, which\n"
5713
" is http://archive.ubuntu.com/ubuntu for official\n"
5714
" arches and http://ports.ubuntu.com/ubuntu-ports\n"
5715
" otherwise\n"
5716
msgstr ""
5717
5718
#: serverguide/C/virtualization.xml:927(para)
5719
msgid "So we add to the command line:"
5720
msgstr ""
5721
5722
#: serverguide/C/virtualization.xml:932(command)
5723
msgid "--mirror http://mirroraddress:9999/ubuntu"
5724
msgstr ""
5725
5726
#: serverguide/C/virtualization.xml:936(para)
5727
msgid ""
5728
"The mirror address specified here will also be used in the "
5729
"<filename>/etc/apt/sources.list</filename> of the newly created guest, so it "
5730
"is useful to specify here an address that can be resolved by the guest or to "
5731
"plan on reseting this address later on, such as in a <emphasis>--"
5732
"firstboot</emphasis> script."
5733
msgstr ""
5734
5735
#: serverguide/C/virtualization.xml:945(title)
5736
msgid "Install a Local Mirror"
5737
msgstr ""
5738
5739
#: serverguide/C/virtualization.xml:947(para)
5740
msgid ""
5741
"If we are in a larger environment, it may make sense to setup a local mirror "
5742
"of the Ubuntu repositories. The package apt-mirror provides you with a "
5743
"script that will handle the mirroring for you. You should plan on having "
5744
"about 20 gigabyte of free space per supported release and architecture."
5745
msgstr ""
5746
5747
#: serverguide/C/virtualization.xml:953(para)
5748
msgid ""
5749
"By default, <application>apt-mirror</application> uses the configuration "
5750
"file in <filename>/etc/apt/mirror.list</filename>. As it is set up, it will "
5751
"replicate only the architecture of the local machine. If you would like to "
5752
"support other architectures on your mirror, simply duplicate the lines "
5753
"starting with “deb”, replacing the deb keyword by /deb-{arch} where arch can "
5754
"be i386, amd64, etc... For example, on an amd64 machine, to have the i386 "
5755
"archives as well, you will have:"
5756
msgstr ""
5757
5758
#: serverguide/C/virtualization.xml:960(programlisting)
5759
#, no-wrap
5760
msgid ""
5761
"\n"
5762
"deb http://archive.ubuntu.com/ubuntu lucid main restricted universe "
5763
"multiverse \n"
5764
"/deb-i386 http://archive.ubuntu.com/ubuntu lucid main restricted universe "
5765
"multiverse\n"
5766
"\n"
5767
"deb http://archive.ubuntu.com/ubuntu lucid-updates main restricted universe "
5768
"multiverse \n"
5769
"/deb-i386 http://archive.ubuntu.com/ubuntu lucid-updates main restricted "
5770
"universe multiverse \n"
5771
"\n"
5772
"deb http://archive.ubuntu.com/ubuntu/ lucid-backports main restricted "
5773
"universe multiverse \n"
5774
"/deb-i386 http://archive.ubuntu.com/ubuntu lucid-backports main restricted "
5775
"universe multiverse \n"
5776
"\n"
5777
"deb http://security.ubuntu.com/ubuntu lucid-security main restricted "
5778
"universe multiverse \n"
5779
"/deb-i386 http://security.ubuntu.com/ubuntu lucid-security main restricted "
5780
"universe multiverse \n"
5781
"\n"
5782
"deb http://archive.ubuntu.com/ubuntu lucid main/debian-installer "
5783
"restricted/debian-installer universe/debian-installer multiverse/debian-"
5784
"installer \n"
5785
"/deb-i386 http://archive.ubuntu.com/ubuntu lucid main/debian-installer "
5786
"restricted/debian-installer universe/debian-installer multiverse/debian-"
5787
"installer \n"
5788
msgstr ""
5789
5790
#: serverguide/C/virtualization.xml:977(para)
5791
msgid ""
5792
"Notice that the source packages are not mirrored as they are seldom used "
5793
"compared to the binaries and they do take a lot more space, but they can be "
5794
"easily added to the list."
5795
msgstr ""
5796
5797
#: serverguide/C/virtualization.xml:982(para)
5798
msgid ""
5799
"Once the mirror has finished replicating (and this can be quite long), you "
5800
"need to configure Apache so that your mirror files (in "
5801
"<filename>/var/spool/apt-mirror</filename> if you did not change the "
5802
"default), are published by your Apache server. For more information on "
5803
"Apache see <xref linkend=\"httpd\"/>."
5804
msgstr ""
5805
5806
#: serverguide/C/virtualization.xml:991(title)
5807
msgid "Installing in a RAM Disk"
5808
msgstr ""
5809
5810
#: serverguide/C/virtualization.xml:993(para)
5811
msgid ""
5812
"As you can easily imagine, writing to RAM is a <emphasis>LOT</emphasis> "
5813
"faster than writing to disk. If you have some free memory, letting vmbuilder "
5814
"perform its operation in a RAMdisk will help a lot and the option <emphasis>-"
5815
"-tmpfs</emphasis> will help you do just that:"
5816
msgstr ""
5817
5818
#: serverguide/C/virtualization.xml:999(programlisting)
5819
#, no-wrap
5820
msgid ""
5821
"\n"
5822
"--tmpfs OPTS Use a tmpfs as the working directory, specifying its\n"
5823
" size or \"-\" to use tmpfs default (suid,dev,size=1G).\n"
5824
msgstr ""
5825
5826
#: serverguide/C/virtualization.xml:1004(para)
5827
msgid ""
5828
"So adding <command>--tmpfs -</command> sounds like a very good idea if you "
5829
"have 1G of free ram."
5830
msgstr ""
5831
5832
#: serverguide/C/virtualization.xml:1011(title)
5833
msgid "Package the Application"
5834
msgstr ""
5835
5836
#: serverguide/C/virtualization.xml:1013(para)
5837
msgid "Two option are available to us:"
5838
msgstr ""
5839
5840
#: serverguide/C/virtualization.xml:1019(para)
5841
msgid ""
5842
"The recommended method to do so is to make a <emphasis>Debian</emphasis> "
5843
"package. Since this is outside of the scope of this tutorial, we will not "
5844
"perform this here and invite the reader to read the documentation on how to "
5845
"do this in the <ulink url=\"https://wiki.ubuntu.com/PackagingGuide\">Ubuntu "
5846
"Packaging Guide</ulink>. In this case it is also a good idea to setup a "
5847
"repository for your package so that updates can be conveniently pulled from "
5848
"it. See the <ulink url=\"http://www.debian-"
5849
"administration.org/articles/286\">Debian Administration</ulink> article for "
5850
"a tutorial on this."
5851
msgstr ""
5852
5853
#: serverguide/C/virtualization.xml:1028(para)
5854
msgid ""
5855
"Manually install the application under <filename>/opt</filename> as "
5856
"recommended by the <ulink url=\"http://www.pathname.com/fhs/\">FHS "
5857
"guidelines</ulink>."
5858
msgstr ""
5859
5860
#: serverguide/C/virtualization.xml:1035(para)
5861
msgid ""
5862
"In our case we'll use <application>Limesurvey</application> as example web "
5863
"application for which we wish to provide a virtual appliance. As noted "
5864
"before, we've made a version of the package available in a PPA (Personal "
5865
"Package Archive)."
5866
msgstr ""
5867
5868
#: serverguide/C/virtualization.xml:1042(title)
5869
msgid "Finishing Install"
5870
msgstr ""
5871
5872
#: serverguide/C/virtualization.xml:1045(title)
5873
msgid "First Boot"
5874
msgstr ""
5875
5876
#: serverguide/C/virtualization.xml:1047(para)
5877
msgid ""
5878
"As we mentioned earlier, the first time the machine boots we'll need to "
5879
"install <application>openssh-server</application> so that the key generated "
5880
"for it is unique for each machine. To do this, we'll write a script called "
5881
"<filename>boot.sh</filename> as follows:"
5882
msgstr ""
5883
5884
#: serverguide/C/virtualization.xml:1053(programlisting)
5885
#, no-wrap
5886
msgid ""
5887
"\n"
5888
"# This script will run the first time the virtual machine boots\n"
5889
"# It is ran as root.\n"
5890
"\n"
5891
"apt-get update\n"
5892
"apt-get install -qqy --force-yes openssh-server\n"
5893
msgstr ""
5894
5895
#: serverguide/C/virtualization.xml:1061(para)
5896
msgid ""
5897
"And we add the <command>--firstboot boot.sh</command> option to our command "
5898
"line."
5899
msgstr ""
5900
5901
#: serverguide/C/virtualization.xml:1067(title)
5902
msgid "First Login"
5903
msgstr ""
5904
5905
#: serverguide/C/virtualization.xml:1069(para)
5906
msgid ""
5907
"Mysql and Limesurvey needing some user interaction during their setup, we'll "
5908
"set them up the first time a user logs in using a script named login.sh. "
5909
"We'll also use this script to let the user specify:"
5910
msgstr ""
5911
5912
#: serverguide/C/virtualization.xml:1075(para)
5913
msgid "His own password"
5914
msgstr ""
5915
5916
#: serverguide/C/virtualization.xml:1076(para)
5917
msgid "Define the keyboard and other locale info he wants to use"
5918
msgstr ""
5919
5920
#: serverguide/C/virtualization.xml:1079(para)
5921
msgid "So we'll define <filename>login.sh</filename> as follows:"
5922
msgstr ""
5923
5924
#: serverguide/C/virtualization.xml:1083(programlisting)
5925
#, no-wrap
5926
msgid ""
5927
"\n"
5928
"# This script is ran the first time a user logs in\n"
5929
"\n"
5930
"echo \"Your appliance is about to be finished to be set up.\"\n"
5931
"echo \"In order to do it, we'll need to ask you a few questions,\"\n"
5932
"echo \"starting by changing your user password.\"\n"
5933
"\n"
5934
"passwd\n"
5935
"\n"
5936
"#give the opportunity to change the keyboard\n"
5937
"sudo dpkg-reconfigure console-setup\n"
5938
"\n"
5939
"#configure the mysql server root password\n"
5940
"sudo dpkg-reconfigure mysql-server-5.0\n"
5941
"\n"
5942
"#install limesurvey\n"
5943
"sudo apt-get install -qqy --force-yes limesurvey\n"
5944
"\n"
5945
"echo \"Your appliance is now configured. To use it point your\"\n"
5946
"echo \"browser to http://serverip/limesurvey/admin\"\n"
5947
msgstr ""
5948
5949
#: serverguide/C/virtualization.xml:1105(para)
5950
msgid ""
5951
"And we add the <command>--firstlogin login.sh</command> option to our "
5952
"command line."
5953
msgstr ""
5954
5955
#: serverguide/C/virtualization.xml:1112(title)
5956
msgid "Useful Additions"
5957
msgstr ""
5958
5959
#: serverguide/C/virtualization.xml:1115(title)
5960
msgid "Configuring Automatic Updates"
5961
msgstr ""
5962
5963
#: serverguide/C/virtualization.xml:1117(para)
5964
msgid ""
5965
"To have your system be configured to update itself on a regular basis, we "
5966
"will just install <application>unattended-upgrades</application>, so we add "
5967
"the following option to our command line:"
5968
msgstr ""
5969
5970
#: serverguide/C/virtualization.xml:1123(command)
5971
msgid "--addpkg unattended-upgrades"
5972
msgstr ""
5973
5974
#: serverguide/C/virtualization.xml:1126(para)
5975
msgid ""
5976
"As we have put our application package in a PPA, the process will update not "
5977
"only the system, but also the application each time we update the version in "
5978
"the PPA."
5979
msgstr ""
5980
5981
#: serverguide/C/virtualization.xml:1133(title)
5982
msgid "ACPI Event Handling"
5983
msgstr ""
5984
5985
#: serverguide/C/virtualization.xml:1135(para)
5986
msgid ""
5987
"For your virtual machine to be able to handle restart and shutdown events it "
5988
"is being sent, it is a good idea to install the acpid package as well. To do "
5989
"this we just add the following option:"
5990
msgstr ""
5991
5992
#: serverguide/C/virtualization.xml:1141(command)
5993
msgid "--addpkg acpid"
5994
msgstr ""
5995
5996
#: serverguide/C/virtualization.xml:1147(title)
5997
msgid "Final Command"
5998
msgstr ""
5999
6000
#: serverguide/C/virtualization.xml:1149(para)
6001
msgid "Here is the command with all the options discussed above:"
6002
msgstr ""
6003
6004
#: serverguide/C/virtualization.xml:1154(command)
6005
msgid ""
6006
"sudo vmbuilder kvm ubuntu --suite lucid --flavour virtual --arch i386 -o \\ -"
6007
"-libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition --user "
6008
"user \\ --name user --pass default --addpkg apache2 --addpkg apache2-mpm-"
6009
"prefork \\ --addpkg apache2-utils --addpkg apache2.2-common --addpkg "
6010
"dbconfig-common \\ --addpkg libapache2-mod-php5 --addpkg mysql-client --"
6011
"addpkg php5-cli \\ --addpkg php5-gd --addpkg php5-ldap --addpkg php5-mysql --"
6012
"addpkg wwwconfig-common \\ --addpkg mysql-server --addpkg unattended-"
6013
"upgrades --addpkg acpid --ppa nijaba \\ --mirror "
6014
"http://mirroraddress:9999/ubuntu --tmpfs - --firstboot boot.sh \\ --"
6015
"firstlogin login.sh es"
6016
msgstr ""
6017
6018
#: serverguide/C/virtualization.xml:1169(para)
6019
msgid ""
6020
"If you are interested in learning more, have questions or suggestions, "
6021
"please contact the Ubuntu Server Team at:"
6022
msgstr ""
6023
6024
#: serverguide/C/virtualization.xml:1174(para)
6025
msgid "IRC: #ubuntu-server on freenode"
6026
msgstr ""
6027
6028
#: serverguide/C/virtualization.xml:1179(para)
6029
msgid ""
6030
"Mailing list: <ulink url=\"https://lists.ubuntu.com/mailman/listinfo/ubuntu-"
6031
"server\">ubuntu-server at lists.ubuntu.com</ulink>"
6032
msgstr ""
6033
6034
#: serverguide/C/virtualization.xml:1184(para)
6035
msgid ""
6036
"Also, see the <ulink "
6037
"url=\"https://help.ubuntu.com/community/JeOSVMBuilder\">JeOSVMBuilder Ubuntu "
6038
"Wiki</ulink> page."
6039
msgstr ""
6040
6041
#: serverguide/C/virtualization.xml:1192(title)
6042
msgid "UEC"
6043
msgstr ""
6044
6045
#: serverguide/C/virtualization.xml:1195(title) serverguide/C/network-auth.xml:2026(title) serverguide/C/monitoring.xml:15(title) serverguide/C/lamp-applications.xml:17(title) serverguide/C/installation.xml:928(title) serverguide/C/dns.xml:64(title) serverguide/C/chat.xml:17(title) serverguide/C/backups.xml:541(title)
6046
msgid "Overview"
6047
msgstr ""
6048
6049
#: serverguide/C/virtualization.xml:1197(para)
6050
msgid ""
6051
"This tutorial covers <application>UEC</application> installation from the "
6052
"Ubuntu 10.04 LTS Server Edition CD, and assumes a basic network topology, "
6053
"with a single system serving as the <emphasis>\"all-in-one "
6054
"controller\"</emphasis>, and one or more nodes attached."
6055
msgstr ""
6056
6057
#: serverguide/C/virtualization.xml:1202(para)
6058
msgid ""
6059
"From this Tutorial you will learn how to install, configure, register and "
6060
"perform several operations on a basic <application>UEC</application> setup "
6061
"that results in a cloud with a one controller <emphasis>\"front-"
6062
"end\"</emphasis> and one or several node(s) for running Virtual Machine (VM) "
6063
"instances. You will also use examples to help get you started using your own "
6064
"private compute cloud."
6065
msgstr ""
6066
6067
#: serverguide/C/virtualization.xml:1210(title)
6068
msgid "Prerequisites"
6069
msgstr ""
6070
6071
#: serverguide/C/virtualization.xml:1212(para)
6072
msgid ""
6073
"To deploy a minimal cloud infrastructure, you’ll need at least "
6074
"<emphasis>two</emphasis> dedicated systems:"
6075
msgstr ""
6076
6077
#: serverguide/C/virtualization.xml:1218(para)
6078
msgid "A front end."
6079
msgstr ""
6080
6081
#: serverguide/C/virtualization.xml:1223(para)
6082
msgid "One or more node(s)."
6083
msgstr ""
6084
6085
#: serverguide/C/virtualization.xml:1229(para)
6086
msgid ""
6087
"The following are recommendations, rather than fixed requirements. However, "
6088
"our experience in developing this documentation indicated the following "
6089
"suggestions."
6090
msgstr ""
6091
6092
#: serverguide/C/virtualization.xml:1234(title)
6093
msgid "Front End Requirements"
6094
msgstr ""
6095
6096
#: serverguide/C/virtualization.xml:1236(para)
6097
msgid "Use the following table for a system that will run one or more of:"
6098
msgstr ""
6099
6100
#: serverguide/C/virtualization.xml:1241(para)
6101
msgid "Cloud Controller (CLC)"
6102
msgstr ""
6103
6104
#: serverguide/C/virtualization.xml:1242(para)
6105
msgid "Cluster Controller (CC)"
6106
msgstr ""
6107
6108
#: serverguide/C/virtualization.xml:1243(para)
6109
msgid "Walrus (the S3-like storage service)"
6110
msgstr ""
6111
6112
#: serverguide/C/virtualization.xml:1244(para)
6113
msgid "Storage Controller (SC)"
6114
msgstr ""
6115
6116
#: serverguide/C/virtualization.xml:1248(title)
6117
msgid "UEC Front End Requirements"
6118
msgstr ""
6119
6120
#: serverguide/C/virtualization.xml:1256(para) serverguide/C/virtualization.xml:1318(para)
6121
msgid "Hardware"
6122
msgstr ""
6123
6124
#: serverguide/C/virtualization.xml:1257(para) serverguide/C/virtualization.xml:1319(para)
6125
msgid "Minimum"
6126
msgstr ""
6127
6128
#: serverguide/C/virtualization.xml:1258(para) serverguide/C/virtualization.xml:1320(para)
6129
msgid "Suggested"
6130
msgstr ""
6131
6132
#: serverguide/C/virtualization.xml:1259(para) serverguide/C/virtualization.xml:1321(para)
6133
msgid "Notes"
6134
msgstr ""
6135
6136
#: serverguide/C/virtualization.xml:1264(para) serverguide/C/virtualization.xml:1326(para)
6137
msgid "CPU"
6138
msgstr ""
6139
6140
#: serverguide/C/virtualization.xml:1265(para)
6141
msgid "1 GHz"
6142
msgstr ""
6143
6144
#: serverguide/C/virtualization.xml:1266(para)
6145
msgid "2 x 2 GHz"
6146
msgstr ""
6147
6148
#: serverguide/C/virtualization.xml:1267(para)
6149
msgid ""
6150
"For an <emphasis>all-in-one</emphasis> front end, it helps to have at least "
6151
"a dual core processor."
6152
msgstr ""
6153
6154
#: serverguide/C/virtualization.xml:1270(para) serverguide/C/virtualization.xml:1332(para)
6155
msgid "Memory"
6156
msgstr ""
6157
6158
#: serverguide/C/virtualization.xml:1271(para)
6159
msgid "512 MB"
6160
msgstr ""
6161
6162
#: serverguide/C/virtualization.xml:1272(para)
6163
msgid "2 GB"
6164
msgstr ""
6165
6166
#: serverguide/C/virtualization.xml:1273(para)
6167
msgid "The Java web front end benefits from lots of available memory."
6168
msgstr ""
6169
6170
#: serverguide/C/virtualization.xml:1276(para) serverguide/C/virtualization.xml:1338(para)
6171
msgid "Disk"
6172
msgstr ""
6173
6174
#: serverguide/C/virtualization.xml:1277(para) serverguide/C/virtualization.xml:1339(para)
6175
msgid "5400 RPM IDE"
6176
msgstr ""
6177
6178
#: serverguide/C/virtualization.xml:1278(para)
6179
msgid "7200 RPM SATA"
6180
msgstr ""
6181
6182
#: serverguide/C/virtualization.xml:1279(para)
6183
msgid ""
6184
"Slower disks will work, but will yield much longer instance startup times."
6185
msgstr ""
6186
6187
#: serverguide/C/virtualization.xml:1282(para) serverguide/C/virtualization.xml:1344(para)
6188
msgid "Disk Space"
6189
msgstr ""
6190
6191
#: serverguide/C/virtualization.xml:1283(para) serverguide/C/virtualization.xml:1345(para)
6192
msgid "40 GB"
6193
msgstr ""
6194
6195
#: serverguide/C/virtualization.xml:1284(para)
6196
msgid "200 GB"
6197
msgstr ""
6198
6199
#: serverguide/C/virtualization.xml:1285(para)
6200
msgid ""
6201
"40GB is only enough space for only a single image, cache, etc., Eucalyptus "
6202
"does not like to run out of disk space."
6203
msgstr ""
6204
6205
#: serverguide/C/virtualization.xml:1288(para) serverguide/C/virtualization.xml:1350(para) serverguide/C/network-config.xml:13(title)
6206
msgid "Networking"
6207
msgstr ""
6208
6209
#: serverguide/C/virtualization.xml:1289(para) serverguide/C/virtualization.xml:1351(para)
6210
msgid "100 Mbps"
6211
msgstr ""
6212
6213
#: serverguide/C/virtualization.xml:1290(para) serverguide/C/virtualization.xml:1352(para)
6214
msgid "1000 Mbps"
6215
msgstr ""
6216
6217
#: serverguide/C/virtualization.xml:1291(para) serverguide/C/virtualization.xml:1353(para)
6218
msgid ""
6219
"Machine images are hundreds of MB, and need to be copied over the network to "
6220
"nodes."
6221
msgstr ""
6222
6223
#: serverguide/C/virtualization.xml:1299(title)
6224
msgid "Node Requirements"
6225
msgstr ""
6226
6227
#: serverguide/C/virtualization.xml:1301(para)
6228
msgid "The other system(s) are <emphasis>nodes</emphasis>, which will run::"
6229
msgstr ""
6230
6231
#: serverguide/C/virtualization.xml:1306(para)
6232
msgid "the Node Controller (NC)"
6233
msgstr ""
6234
6235
#: serverguide/C/virtualization.xml:1310(title)
6236
msgid "UEC Node Requirements"
6237
msgstr ""
6238
6239
#: serverguide/C/virtualization.xml:1327(para)
6240
msgid "VT Extensions"
6241
msgstr ""
6242
6243
#: serverguide/C/virtualization.xml:1328(para)
6244
msgid "VT, 64-bit, Multicore"
6245
msgstr ""
6246
6247
#: serverguide/C/virtualization.xml:1329(para)
6248
msgid ""
6249
"64-bit can run both i386, and amd64 instances; by default, Eucalyptus will "
6250
"only run 1 VM per CPU core on a Node."
6251
msgstr ""
6252
6253
#: serverguide/C/virtualization.xml:1333(para)
6254
msgid "1 GB"
6255
msgstr ""
6256
6257
#: serverguide/C/virtualization.xml:1334(para)
6258
msgid "4 GB"
6259
msgstr ""
6260
6261
#: serverguide/C/virtualization.xml:1335(para)
6262
msgid "Additional memory means more, and larger guests."
6263
msgstr ""
6264
6265
#: serverguide/C/virtualization.xml:1340(para)
6266
msgid "7200 RPM SATA or SCSI"
6267
msgstr ""
6268
6269
#: serverguide/C/virtualization.xml:1341(para)
6270
msgid ""
6271
"Eucalyptus nodes are disk-intensive; I/O wait will likely be the performance "
6272
"bottleneck."
6273
msgstr ""
6274
6275
#: serverguide/C/virtualization.xml:1346(para)
6276
msgid "100 GB"
6277
msgstr ""
6278
6279
#: serverguide/C/virtualization.xml:1347(para)
6280
msgid ""
6281
"Images will be cached locally, Eucalyptus does not like to run out of disk "
6282
"space."
6283
msgstr ""
6284
6285
#: serverguide/C/virtualization.xml:1363(title)
6286
msgid "Installing the Cloud/Cluster/Storage/Walrus Front End Server"
6287
msgstr ""
6288
6289
#: serverguide/C/virtualization.xml:1367(para)
6290
msgid "Download the Ubuntu 10.04 LTS Server ISO file, and burn it to a CD."
6291
msgstr ""
6292
6293
#: serverguide/C/virtualization.xml:1372(para) serverguide/C/virtualization.xml:1418(para)
6294
msgid ""
6295
"When you boot, select <emphasis>“Install Ubuntu Enterprise Cloud”</emphasis>."
6296
msgstr ""
6297
6298
#: serverguide/C/virtualization.xml:1377(para)
6299
msgid ""
6300
"When asked whether you want a <emphasis>“Cluster”</emphasis> or a "
6301
"<emphasis>“Node”</emphasis> install, select <emphasis>“Cluster”</emphasis>."
6302
msgstr ""
6303
6304
#: serverguide/C/virtualization.xml:1383(para)
6305
msgid ""
6306
"It will ask two other cloud-specific questions during the course of the "
6307
"install:"
6308
msgstr ""
6309
6310
#: serverguide/C/virtualization.xml:1388(para)
6311
msgid "Name of your cluster."
6312
msgstr ""
6313
6314
#: serverguide/C/virtualization.xml:1391(para)
6315
msgid "e.g. <emphasis>cluster1</emphasis>."
6316
msgstr ""
6317
6318
#: serverguide/C/virtualization.xml:1394(para)
6319
msgid ""
6320
"A range of public IP addresses on the LAN that the cloud can allocate to "
6321
"instances."
6322
msgstr ""
6323
6324
#: serverguide/C/virtualization.xml:1397(para)
6325
msgid "e.g. <emphasis>192.168.1.200-192.168.1.249</emphasis>."
6326
msgstr ""
6327
6328
#: serverguide/C/virtualization.xml:1405(title)
6329
msgid "Installing the Node Controller(s)"
6330
msgstr ""
6331
6332
#: serverguide/C/virtualization.xml:1407(para)
6333
msgid ""
6334
"The node controller install is even simpler. Just make sure that you are "
6335
"connected to the network on which the cloud/cluster controller is already "
6336
"running."
6337
msgstr ""
6338
6339
#: serverguide/C/virtualization.xml:1413(para)
6340
msgid "Boot from the same ISO on the node(s)."
6341
msgstr ""
6342
6343
#: serverguide/C/virtualization.xml:1423(para)
6344
msgid "Select <emphasis>“Install Ubuntu Enterprise Cloud”</emphasis>."
6345
msgstr ""
6346
6347
#: serverguide/C/virtualization.xml:1428(para)
6348
msgid ""
6349
"It should detect the Cluster and preselect <emphasis>“Node”</emphasis> "
6350
"install for you."
6351
msgstr ""
6352
6353
#: serverguide/C/virtualization.xml:1433(para)
6354
msgid "Confirm the partitioning scheme."
6355
msgstr ""
6356
6357
#: serverguide/C/virtualization.xml:1438(para)
6358
msgid ""
6359
"The rest of the installation should proceed uninterrupted; complete the "
6360
"installation and reboot the node."
6361
msgstr ""
6362
6363
#: serverguide/C/virtualization.xml:1446(title)
6364
msgid "Register the Node(s)"
6365
msgstr ""
6366
6367
#: serverguide/C/virtualization.xml:1448(para)
6368
msgid ""
6369
"Nodes are the physical systems within <application>UEC</application> that "
6370
"actually run the virtual machine instances of the cloud."
6371
msgstr ""
6372
6373
#: serverguide/C/virtualization.xml:1452(para)
6374
msgid ""
6375
"Once one or more Ubuntu Server node(s) are installed and running the "
6376
"<application>eucalyptus-nc</application> service, log onto the "
6377
"<emphasis>Cloud Controller (CLC)</emphasis> and run:"
6378
msgstr ""
6379
6380
#: serverguide/C/virtualization.xml:1458(command)
6381
msgid "sudo euca_conf --no-rsync --discover-nodes"
6382
msgstr ""
6383
6384
#: serverguide/C/virtualization.xml:1461(para)
6385
msgid ""
6386
"This will discover the systems on the network running the "
6387
"<application>eucalyptus-nc</application> service, and the administrator can "
6388
"confirm the registration of each node by its IP address."
6389
msgstr ""
6390
6391
#: serverguide/C/virtualization.xml:1467(para)
6392
msgid ""
6393
"If you get prompted for passwords, or receive errors from scp, you may need "
6394
"to revisit the key synchronization instructions at <ulink "
6395
"url=\"https://help.ubuntu.com/community/UEC/NodeInstallation\">UEC/NodeInstal"
6396
"lation</ulink>."
6397
msgstr ""
6398
6399
#: serverguide/C/virtualization.xml:1475(title)
6400
msgid "Obtain Credentials"
6401
msgstr ""
6402
6403
#: serverguide/C/virtualization.xml:1477(para)
6404
msgid ""
6405
"After installing and booting the <emphasis>Cloud Controller</emphasis>, "
6406
"users of the cloud will need to retrieve their credentials. This can be done "
6407
"either through a web browser, or at the command line."
6408
msgstr ""
6409
6410
#: serverguide/C/virtualization.xml:1483(title)
6411
msgid "From a Web Browser"
6412
msgstr ""
6413
6414
#: serverguide/C/virtualization.xml:1487(para)
6415
msgid ""
6416
"From your web browser (either remotely or on your Ubuntu server) access the "
6417
"following URL:"
6418
msgstr ""
6419
6420
#: serverguide/C/virtualization.xml:1490(programlisting) serverguide/C/virtualization.xml:1743(programlisting)
6421
#, no-wrap
6422
msgid ""
6423
"\n"
6424
"https://<cloud-controller-ip-address>:8443/\n"
6425
msgstr ""
6426
6427
#: serverguide/C/virtualization.xml:1495(para)
6428
msgid ""
6429
"You must use a secure connection, so make sure you use \"https\" not "
6430
"\"http\" in your URL. You will get a security certificate warning. You will "
6431
"have to add an exception to view the page. If you do not accept it you will "
6432
"not be able to view the Eucalyptus configuration page."
6433
msgstr ""
6434
6435
#: serverguide/C/virtualization.xml:1503(para)
6436
msgid ""
6437
"Use username <emphasis>'admin'</emphasis> and password "
6438
"<emphasis>'admin'</emphasis> for the first time login (you will be prompted "
6439
"to change your password)."
6440
msgstr ""
6441
6442
#: serverguide/C/virtualization.xml:1509(para)
6443
msgid ""
6444
"Then follow the on-screen instructions to update the admin password and "
6445
"email address."
6446
msgstr ""
6447
6448
#: serverguide/C/virtualization.xml:1514(para)
6449
msgid ""
6450
"Once the first time configuration process is completed, click the "
6451
"<emphasis>'credentials'</emphasis> tab located in the top-left portion of "
6452
"the screen."
6453
msgstr ""
6454
6455
#: serverguide/C/virtualization.xml:1520(para)
6456
msgid ""
6457
"Click the <emphasis>'Download Credentials'</emphasis> button to get your "
6458
"certificates."
6459
msgstr ""
6460
6461
#: serverguide/C/virtualization.xml:1525(para)
6462
msgid "Save them to <filename>~/.euca</filename>."
6463
msgstr ""
6464
6465
#: serverguide/C/virtualization.xml:1530(para)
6466
msgid ""
6467
"Unzip the downloaded zip file into a safe location "
6468
"(<filename>~/.euca</filename>)."
6469
msgstr ""
6470
6471
#: serverguide/C/virtualization.xml:1534(command)
6472
msgid "unzip -d ~/.euca mycreds.zip"
6473
msgstr ""
6474
6475
#: serverguide/C/virtualization.xml:1541(title)
6476
msgid "From a Command Line"
6477
msgstr ""
6478
6479
#: serverguide/C/virtualization.xml:1545(para)
6480
msgid ""
6481
"Alternatively, if you are on the command line of the <emphasis>Cloud "
6482
"Controller</emphasis>, you can run:"
6483
msgstr ""
6484
6485
#: serverguide/C/virtualization.xml:1549(command)
6486
msgid "mkdir -p ~/.euca"
6487
msgstr ""
6488
6489
#: serverguide/C/virtualization.xml:1550(command)
6490
msgid "chmod 700 ~/.euca"
6491
msgstr ""
6492
6493
#: serverguide/C/virtualization.xml:1551(command)
6494
msgid "cd ~/.euca"
6495
msgstr ""
6496
6497
#: serverguide/C/virtualization.xml:1552(command)
6498
msgid "sudo euca_conf --get-credentials mycreds.zip"
6499
msgstr ""
6500
6501
#: serverguide/C/virtualization.xml:1553(command)
6502
msgid "unzip mycreds.zip"
6503
msgstr ""
6504
6505
#: serverguide/C/virtualization.xml:1554(command)
6506
msgid "cd -"
6507
msgstr ""
6508
6509
#: serverguide/C/virtualization.xml:1561(title)
6510
msgid "Extracting and Using Your Credentials"
6511
msgstr ""
6512
6513
#: serverguide/C/virtualization.xml:1563(para)
6514
msgid ""
6515
"Now you will need to setup EC2 API and AMI tools on your server using X.509 "
6516
"certificates."
6517
msgstr ""
6518
6519
#: serverguide/C/virtualization.xml:1569(para)
6520
msgid ""
6521
"Source the included <emphasis>\"eucarc\"</emphasis> file to set up your "
6522
"Eucalyptus environment:"
6523
msgstr ""
6524
6525
#: serverguide/C/virtualization.xml:1573(command) serverguide/C/virtualization.xml:1600(command)
6526
msgid ". ~/.euca/eucarc"
6527
msgstr ""
6528
6529
#: serverguide/C/virtualization.xml:1577(para)
6530
msgid ""
6531
"You may additionally wish to add this command to your "
6532
"<filename>~/.bashrc</filename> file so that your Eucalyptus environment is "
6533
"set up automatically when you log in. Eucalyptus treats this set of "
6534
"credentials as <emphasis>'administrator'</emphasis> credentials that allow "
6535
"the holder global privileges across the cloud. As such, they should be "
6536
"protected in the same way that other elevated-priority access is protected "
6537
"(e.g. should not be made visible to the general user population)."
6538
msgstr ""
6539
6540
#: serverguide/C/virtualization.xml:1584(command)
6541
msgid ""
6542
"echo \"[ -r ~/.euca/eucarc ] && . ~/.euca/eucarc\" >> ~/.bashrc"
6543
msgstr ""
6544
6545
#: serverguide/C/virtualization.xml:1588(para)
6546
msgid "Install the required cloud user tools:"
6547
msgstr ""
6548
6549
#: serverguide/C/virtualization.xml:1592(command)
6550
msgid "sudo apt-get install euca2ools"
6551
msgstr ""
6552
6553
#: serverguide/C/virtualization.xml:1596(para)
6554
msgid ""
6555
"To validate that everything is working correctly, get the local cluster "
6556
"availability details:"
6557
msgstr ""
6558
6559
#: serverguide/C/virtualization.xml:1601(command)
6560
msgid "euca-describe-availability-zones verbose"
6561
msgstr ""
6562
6563
#: serverguide/C/virtualization.xml:1602(computeroutput)
6564
#, no-wrap
6565
msgid ""
6566
"AVAILABILITYZONE myowncloud 192.168.1.1\n"
6567
"AVAILABILITYZONE |- vm types free / max cpu ram disk\n"
6568
"AVAILABILITYZONE |- m1.small 0004 / 0004 1 128 2\n"
6569
"AVAILABILITYZONE |- c1.medium 0004 / 0004 1 256 5\n"
6570
"AVAILABILITYZONE |- m1.large 0002 / 0002 2 512 10\n"
6571
"AVAILABILITYZONE |- m1.xlarge 0002 / 0002 2 1024 20\n"
6572
"AVAILABILITYZONE |- c1.xlarge 0001 / 0001 4 2048 20"
6573
msgstr ""
6574
6575
#: serverguide/C/virtualization.xml:1612(para)
6576
msgid "Your output from the above command will vary."
6577
msgstr ""
6578
6579
#: serverguide/C/virtualization.xml:1622(title)
6580
msgid "Running an Image"
6581
msgstr ""
6582
6583
#: serverguide/C/virtualization.xml:1624(para)
6584
msgid "There are multiple ways to instantiate an image in UEC:"
6585
msgstr ""
6586
6587
#: serverguide/C/virtualization.xml:1629(para)
6588
msgid "Use the command line."
6589
msgstr ""
6590
6591
#: serverguide/C/virtualization.xml:1630(para)
6592
msgid ""
6593
"Use one of the UEC compatible management tools such as "
6594
"<emphasis>Landscape</emphasis>."
6595
msgstr ""
6596
6597
#: serverguide/C/virtualization.xml:1632(para)
6598
msgid ""
6599
"Use the <ulink "
6600
"url=\"https://help.ubuntu.com/community/UEC/ElasticFox\">ElasticFox</ulink> "
6601
"extension to Firefox."
6602
msgstr ""
6603
6604
#: serverguide/C/virtualization.xml:1638(para)
6605
msgid "Here we will describe the process from the command line:"
6606
msgstr ""
6607
6608
#: serverguide/C/virtualization.xml:1644(para)
6609
msgid ""
6610
"Before running an instance of your image, you should first create a "
6611
"<emphasis>keypair</emphasis> (ssh key) that you can use to log into your "
6612
"instance as root, once it boots. The key is stored, so you will only have to "
6613
"do this once."
6614
msgstr ""
6615
6616
#: serverguide/C/virtualization.xml:1648(para)
6617
msgid "Run the following command:"
6618
msgstr ""
6619
6620
#: serverguide/C/virtualization.xml:1651(programlisting)
6621
#, no-wrap
6622
msgid ""
6623
"\n"
6624
"if [ ! -e ~/.euca/mykey.priv ]; then\n"
6625
" touch ~/.euca/mykey.priv\n"
6626
" chmod 0600 ~/.euca/mykey.priv\n"
6627
" euca-add-keypair mykey > ~/.euca/mykey.priv\n"
6628
"fi\n"
6629
msgstr ""
6630
6631
#: serverguide/C/virtualization.xml:1659(para)
6632
msgid ""
6633
"You can call your key whatever you like (in this example, the key is called "
6634
"<emphasis>'mykey'</emphasis>), but remember what it is called. If you "
6635
"forget, you can always run <command>euca-describe-keypairs</command> to get "
6636
"a list of created keys stored in the system."
6637
msgstr ""
6638
6639
#: serverguide/C/virtualization.xml:1666(para)
6640
msgid "You must also allow access to port 22 in your instances:"
6641
msgstr ""
6642
6643
#: serverguide/C/virtualization.xml:1670(command)
6644
msgid "euca-describe-groups"
6645
msgstr ""
6646
6647
#: serverguide/C/virtualization.xml:1671(command)
6648
msgid "euca-authorize default -P tcp -p 22 -s 0.0.0.0/0"
6649
msgstr ""
6650
6651
#: serverguide/C/virtualization.xml:1675(para)
6652
msgid "Next, you can create instances of your registered image:"
6653
msgstr ""
6654
6655
#: serverguide/C/virtualization.xml:1679(command)
6656
msgid "euca-run-instances $EMI -k mykey -t c1.medium"
6657
msgstr ""
6658
6659
#: serverguide/C/virtualization.xml:1682(para)
6660
msgid ""
6661
"If you receive an error regarding <emphasis>image_id</emphasis>, you may "
6662
"find it by viewing Images page or click <emphasis>\"How to Run\"</emphasis> "
6663
"on the <emphasis>Store</emphasis> page to see the sample command."
6664
msgstr ""
6665
6666
#: serverguide/C/virtualization.xml:1689(para)
6667
msgid ""
6668
"The first time you run an instance, the system will be setting up caches for "
6669
"the image from which it will be created. This can often take some time the "
6670
"first time an instance is run given that VM images are usually quite large."
6671
msgstr ""
6672
6673
#: serverguide/C/virtualization.xml:1693(para)
6674
msgid "To monitor the state of your instance, run:"
6675
msgstr ""
6676
6677
#: serverguide/C/virtualization.xml:1697(command)
6678
msgid "watch -n5 euca-describe-instances"
6679
msgstr ""
6680
6681
#: serverguide/C/virtualization.xml:1699(para)
6682
msgid ""
6683
"In the output, you should see information about the instance, including its "
6684
"state. While first-time caching is being performed, the instance's state "
6685
"will be <emphasis>'pending'</emphasis>."
6686
msgstr ""
6687
6688
#: serverguide/C/virtualization.xml:1705(para)
6689
msgid ""
6690
"When the instance is fully started, the above state will become "
6691
"<emphasis>'running'</emphasis>. Look at the IP address assigned to your "
6692
"instance in the output, then connect to it:"
6693
msgstr ""
6694
6695
#: serverguide/C/virtualization.xml:1710(command)
6696
msgid ""
6697
"IPADDR=$(euca-describe-instances | grep $EMI | grep running | tail -n1 | awk "
6698
"'{print $4}')"
6699
msgstr ""
6700
6701
#: serverguide/C/virtualization.xml:1711(command)
6702
msgid "ssh -i ~/.euca/mykey.priv ubuntu@$IPADDR"
6703
msgstr ""
6704
6705
#: serverguide/C/virtualization.xml:1715(para)
6706
msgid ""
6707
"And when you are done with this instance, exit your SSH connection, then "
6708
"terminate your instance:"
6709
msgstr ""
6710
6711
#: serverguide/C/virtualization.xml:1719(command)
6712
msgid ""
6713
"INSTANCEID=$(euca-describe-instances | grep $EMI | grep running | tail -n1 | "
6714
"awk '{print $2}')"
6715
msgstr ""
6716
6717
#: serverguide/C/virtualization.xml:1720(command)
6718
msgid "euca-terminate-instances $INSTANCEID"
6719
msgstr ""
6720
6721
#: serverguide/C/virtualization.xml:1727(title)
6722
msgid "Install an Image from the Store"
6723
msgstr ""
6724
6725
#: serverguide/C/virtualization.xml:1729(para)
6726
msgid ""
6727
"The following is by far the simplest way to install an image. However, "
6728
"advanced users may be interested in learning how to <ulink "
6729
"url=\"https://help.ubuntu.com/community/UEC/BundlingImages\">Bundle their "
6730
"own image</ulink>."
6731
msgstr ""
6732
6733
#: serverguide/C/virtualization.xml:1734(para)
6734
msgid ""
6735
"The simplest way to add an image to <application>UEC</application> is to "
6736
"install it from the Image Store on the UEC web interface."
6737
msgstr ""
6738
6739
#: serverguide/C/virtualization.xml:1740(para)
6740
msgid ""
6741
"Access the web interface at the following URL (Make sure you specify https):"
6742
msgstr ""
6743
6744
#: serverguide/C/virtualization.xml:1748(para)
6745
msgid ""
6746
"Enter your login and password (if requested, as you may still be logged in "
6747
"from earlier)."
6748
msgstr ""
6749
6750
#: serverguide/C/virtualization.xml:1753(para)
6751
msgid "Click on the <emphasis>Store</emphasis> tab."
6752
msgstr ""
6753
6754
#: serverguide/C/virtualization.xml:1758(para)
6755
msgid "Browse available images."
6756
msgstr ""
6757
6758
#: serverguide/C/virtualization.xml:1763(para)
6759
msgid "Click on <emphasis>install</emphasis> for the image you want."
6760
msgstr ""
6761
6762
#: serverguide/C/virtualization.xml:1769(para)
6763
msgid ""
6764
"Once the image has been downloaded and installed, you can click on "
6765
"<emphasis>\"How to run?\"</emphasis> that will be displayed below the image "
6766
"button to view the command to execute to instantiate (start) this image. The "
6767
"image will also appear on the list given on the <emphasis>Image</emphasis> "
6768
"tab."
6769
msgstr ""
6770
6771
#: serverguide/C/virtualization.xml:1777(title) serverguide/C/dns.xml:619(title)
6772
msgid "More Information"
6773
msgstr ""
6774
6775
#: serverguide/C/virtualization.xml:1779(para)
6776
msgid ""
6777
"How to use the <ulink "
6778
"url=\"https://help.ubuntu.com/community/UEC/StorageController\">Storage "
6779
"Controller</ulink>"
6780
msgstr ""
6781
6782
#: serverguide/C/virtualization.xml:1783(para)
6783
msgid "Controlling eucalyptus services:"
6784
msgstr ""
6785
6786
#: serverguide/C/virtualization.xml:1788(para)
6787
msgid ""
6788
"sudo service eucalyptus [start|stop|restart] (on the CLC/CC/SC/Walrus side)"
6789
msgstr ""
6790
6791
#: serverguide/C/virtualization.xml:1789(para)
6792
msgid "sudo service eucalyptus-nc [start|stop|restart] (on the Node side)"
6793
msgstr ""
6794
6795
#: serverguide/C/virtualization.xml:1792(para)
6796
msgid "Locations of some important files:"
6797
msgstr ""
6798
6799
#: serverguide/C/virtualization.xml:1799(emphasis)
6800
msgid "Log files:"
6801
msgstr ""
6802
6803
#: serverguide/C/virtualization.xml:1802(para)
6804
msgid "/var/log/eucalyptus"
6805
msgstr ""
6806
6807
#: serverguide/C/virtualization.xml:1807(emphasis)
6808
msgid "Configuration files:"
6809
msgstr ""
6810
6811
#: serverguide/C/virtualization.xml:1810(para)
6812
msgid "/etc/eucalyptus"
6813
msgstr ""
6814
6815
#: serverguide/C/virtualization.xml:1815(emphasis)
6816
msgid "Database:"
6817
msgstr ""
6818
6819
#: serverguide/C/virtualization.xml:1818(para)
6820
msgid "/var/lib/eucalyptus/db"
6821
msgstr ""
6822
6823
#: serverguide/C/virtualization.xml:1823(emphasis)
6824
msgid "Keys:"
6825
msgstr ""
6826
6827
#: serverguide/C/virtualization.xml:1826(para)
6828
msgid "/var/lib/eucalyptus"
6829
msgstr ""
6830
6831
#: serverguide/C/virtualization.xml:1827(para)
6832
msgid "/var/lib/eucalyptus/.ssh"
6833
msgstr ""
6834
6835
#: serverguide/C/virtualization.xml:1833(para)
6836
msgid ""
6837
"Don't forget to source your <filename>~/.euca/eucarc</filename> before "
6838
"running the client tools."
6839
msgstr ""
6840
6841
#: serverguide/C/virtualization.xml:1844(para)
6842
msgid ""
6843
"For information on loading instances see the <ulink "
6844
"url=\"https://help.ubuntu.com/community/Eucalyptus\">Eucalyptus Wiki</ulink> "
6845
"page."
6846
msgstr ""
6847
6848
#: serverguide/C/virtualization.xml:1849(para)
6849
msgid ""
6850
"<ulink url=\"http://open.eucalyptus.com/\">Eucalyptus Project Site (forums, "
6851
"documentation, downloads)</ulink>."
6852
msgstr ""
6853
6854
#: serverguide/C/virtualization.xml:1854(para)
6855
msgid ""
6856
"<ulink url=\"https://launchpad.net/eucalyptus/\">Eucalyptus on Launchpad "
6857
"(bugs, code)</ulink>."
6858
msgstr ""
6859
6860
#: serverguide/C/virtualization.xml:1859(para)
6861
msgid ""
6862
"<ulink "
6863
"url=\"http://open.eucalyptus.com/wiki/EucalyptusTroubleshooting_v1.5\">Eucaly"
6864
"ptus Troubleshooting (1.5)</ulink>."
6865
msgstr ""
6866
6867
#: serverguide/C/virtualization.xml:1864(para)
6868
msgid ""
6869
"<ulink url=\"http://support.rightscale.com/2._References/02-"
6870
"Cloud_Infrastructures/Eucalyptus/03-"
6871
"Administration_Guide/Register_with_RightScale\"> Register your cloud with "
6872
"RightScale</ulink>."
6873
msgstr ""
6874
6875
#: serverguide/C/virtualization.xml:1870(para)
6876
msgid ""
6877
"You can also find help in the <emphasis>#ubuntu-virt</emphasis>, "
6878
"<emphasis>#eucalyptus</emphasis>, and <emphasis>#ubuntu-server</emphasis> "
6879
"IRC channels on <ulink url=\"http://freenode.net\">Freenode</ulink>."
6880
msgstr ""
6881
6882
#: serverguide/C/virtualization.xml:1879(title)
6883
msgid "Glossary"
6884
msgstr ""
6885
6886
#: serverguide/C/virtualization.xml:1881(para)
6887
msgid ""
6888
"The Ubuntu Enterprise Cloud documentation uses terminology that might be "
6889
"unfamiliar to some readers. This page is intended to provide a glossary of "
6890
"such terms and acronyms."
6891
msgstr ""
6892
6893
#: serverguide/C/virtualization.xml:1888(para)
6894
msgid ""
6895
"<emphasis>Cloud</emphasis> - A federated set of physical machines that offer "
6896
"computing resources through virtual machines, provisioned and recollected "
6897
"dynamically."
6898
msgstr ""
6899
6900
#: serverguide/C/virtualization.xml:1894(para)
6901
msgid ""
6902
"<emphasis>Cloud Controller (CLC)</emphasis> - Eucalyptus component that "
6903
"provides the web UI (an https server on port 8443), and implements the "
6904
"Amazon EC2 API. There should be only one Cloud Controller in an installation "
6905
"of UEC. This service is provided by the Ubuntu <application>eucalyptus-"
6906
"cloud</application> package."
6907
msgstr ""
6908
6909
#: serverguide/C/virtualization.xml:1901(para)
6910
msgid ""
6911
"<emphasis>Cluster</emphasis> - A collection of nodes, associated with a "
6912
"Cluster Controller. There can be more than one Cluster in an installation of "
6913
"UEC. Clusters are sometimes physically separate sets of nodes. (e.g. floor1, "
6914
"floor2, floor2)."
6915
msgstr ""
6916
6917
#: serverguide/C/virtualization.xml:1907(para)
6918
msgid ""
6919
"<emphasis>Cluster Controller (CC)</emphasis> - Eucalyptus component that "
6920
"manages collections of node resources. This service is provided by the "
6921
"Ubuntu <application>eucalyptus-cc</application> package."
6922
msgstr ""
6923
6924
#: serverguide/C/virtualization.xml:1913(para)
6925
msgid "<emphasis>EBS</emphasis> - Elastic Block Storage."
6926
msgstr ""
6927
6928
#: serverguide/C/virtualization.xml:1918(para)
6929
msgid ""
6930
"<emphasis>EC2</emphasis> - Elastic Compute Cloud. Amazon's pay-by-the-hour, "
6931
"pay-by-the-gigabyte public cloud computing offering."
6932
msgstr ""
6933
6934
#: serverguide/C/virtualization.xml:1923(para)
6935
msgid "<emphasis>EKI</emphasis> - Eucalyptus Kernel Image."
6936
msgstr ""
6937
6938
#: serverguide/C/virtualization.xml:1928(para)
6939
msgid "<emphasis>EMI</emphasis> - Eucalyptus Machine Image."
6940
msgstr ""
6941
6942
#: serverguide/C/virtualization.xml:1933(para)
6943
msgid "<emphasis>ERI</emphasis> - Eucalyptus Ramdisk Image."
6944
msgstr ""
6945
6946
#: serverguide/C/virtualization.xml:1938(para)
6947
msgid ""
6948
"<emphasis>Eucalyptus</emphasis> - Elastic Utility Computing Architecture for "
6949
"Linking Your Programs To Useful Systems. An open source project originally "
6950
"from the University of California at Santa Barbara, now supported by "
6951
"Eucalyptus Systems, a Canonical Partner."
6952
msgstr ""
6953
6954
#: serverguide/C/virtualization.xml:1945(para)
6955
msgid ""
6956
"<emphasis>Front-end</emphasis> - Physical machine hosting one (or more) of "
6957
"the high level Eucalyptus components (cloud, walrus, storage controller, "
6958
"cluster controller)."
6959
msgstr ""
6960
6961
#: serverguide/C/virtualization.xml:1951(para)
6962
msgid ""
6963
"<emphasis>Node</emphasis> - A node is a physical machine that's capable of "
6964
"running virtual machines, running a node controller. Within Ubuntu, this "
6965
"generally means that the CPU has VT extensions, and can run the KVM "
6966
"hypervisor."
6967
msgstr ""
6968
6969
#: serverguide/C/virtualization.xml:1957(para)
6970
msgid ""
6971
"<emphasis>Node Controller (NC)</emphasis> - Eucalyptus component that runs "
6972
"on nodes which host the virtual machines that comprise the cloud. This "
6973
"service is provided by the Ubuntu package <application>eucalyptus-"
6974
"nc</application>."
6975
msgstr ""
6976
6977
#: serverguide/C/virtualization.xml:1963(para)
6978
msgid ""
6979
"<emphasis>S3</emphasis> - Simple Storage Service. Amazon's pay-by-the-"
6980
"gigabyte persistent storage solution for EC2."
6981
msgstr ""
6982
6983
#: serverguide/C/virtualization.xml:1968(para)
6984
msgid ""
6985
"<emphasis>Storage Controller (SC)</emphasis> - Eucalyptus component that "
6986
"manages dynamic block storage services (EBS). Each 'cluster' in a Eucalyptus "
6987
"installation can have its own Storage Controller. This component is provided "
6988
"by the <application>eucalyptus-sc</application> package."
6989
msgstr ""
6990
6991
#: serverguide/C/virtualization.xml:1975(para)
6992
msgid ""
6993
"<emphasis>UEC</emphasis> - Ubuntu Enterprise Cloud. Ubuntu's cloud computing "
6994
"solution, based on Eucalyptus."
6995
msgstr ""
6996
6997
#: serverguide/C/virtualization.xml:1980(para)
6998
msgid "<emphasis>VM</emphasis> - Virtual Machine."
6999
msgstr ""
7000
7001
#: serverguide/C/virtualization.xml:1985(para)
7002
msgid ""
7003
"<emphasis>VT</emphasis> - Virtualization Technology. An optional feature of "
7004
"some modern CPUs, allowing for accelerated virtual machine hosting."
7005
msgstr ""
7006
7007
#: serverguide/C/virtualization.xml:1990(para)
7008
msgid ""
7009
"<emphasis>Walrus</emphasis> - Eucalyptus component that implements the "
7010
"Amazon S3 API, used for storing VM images and user storage using S3 bucket "
7011
"put/get abstractions."
7012
msgstr ""
7013
7014
#: serverguide/C/virtualization.xml:2000(title)
7015
msgid "OpenNebula"
7016
msgstr ""
7017
7018
#: serverguide/C/virtualization.xml:2002(para)
7019
msgid ""
7020
"<application>OpenNebula</application> allows virtual machines to be placed "
7021
"and re-placed dynamically on a pool of physical resources. This allows a "
7022
"virtual machine to be hosted from any location available."
7023
msgstr ""
7024
7025
#: serverguide/C/virtualization.xml:2007(para)
7026
msgid ""
7027
"This section will detail configuring an OpenNebula cluster using three "
7028
"machines: one <emphasis>Front-End</emphasis> host, and two <emphasis>Compute "
7029
"Nodes</emphasis> used to run the virtual machines. The Compute Nodes will "
7030
"also need a bridge configured to allow the virtual machines access to the "
7031
"local network. For details see <xref linkend=\"bridging\"/>."
7032
msgstr ""
7033
7034
#: serverguide/C/virtualization.xml:2016(para)
7035
msgid "First, from a terminal on the Front-End enter:"
7036
msgstr ""
7037
7038
#: serverguide/C/virtualization.xml:2021(command)
7039
msgid "sudo apt-get install opennebula"
7040
msgstr ""
7041
7042
#: serverguide/C/virtualization.xml:2024(para)
7043
msgid "On each Compute Node install:"
7044
msgstr ""
7045
7046
#: serverguide/C/virtualization.xml:2029(command)
7047
msgid "sudo apt-get install opennebula-node"
7048
msgstr ""
7049
7050
#: serverguide/C/virtualization.xml:2032(para)
7051
msgid ""
7052
"In order to copy SSH keys, the <emphasis>oneadmin</emphasis> user will need "
7053
"to have a password. On each machine execute:"
7054
msgstr ""
7055
7056
#: serverguide/C/virtualization.xml:2037(command)
7057
msgid "sudo passwd oneadmin"
7058
msgstr ""
7059
7060
#: serverguide/C/virtualization.xml:2040(para)
7061
msgid ""
7062
"Next, copy the <emphasis>oneadmin</emphasis> user's SSH key to the Compute "
7063
"Nodes, and to the Front-End's <filename>authorized_keys</filename> file:"
7064
msgstr ""
7065
7066
#: serverguide/C/virtualization.xml:2045(command)
7067
msgid ""
7068
"sudo scp /var/lib/one/.ssh/id_rsa.pub "
7069
"oneadmin@node01:/var/lib/one/.ssh/authorized_keys"
7070
msgstr ""
7071
7072
#: serverguide/C/virtualization.xml:2046(command)
7073
msgid ""
7074
"sudo scp /var/lib/one/.ssh/id_rsa.pub "
7075
"oneadmin@node02:/var/lib/one/.ssh/authorized_keys"
7076
msgstr ""
7077
7078
#: serverguide/C/virtualization.xml:2047(command)
7079
msgid ""
7080
"sudo sh -c \"cat /var/lib/one/.ssh/id_rsa.pub >> "
7081
"/var/lib/one/.ssh/authorized_keys\""
7082
msgstr ""
7083
7084
#: serverguide/C/virtualization.xml:2050(para)
7085
msgid ""
7086
"The SSH key for the Compute Nodes needs to be added to the "
7087
"<filename>/etc/ssh/ssh_known_hosts</filename> file on the Front-End host. To "
7088
"accomplish this <application>ssh</application> to each Compute Node as a "
7089
"user other than <emphasis>oneadmin</emphasis>. Then exit from the SSH "
7090
"session, and execute the following to copy the SSH key from "
7091
"<filename>~/.ssh/known_hosts</filename> to "
7092
"<filename>/etc/ssh/ssh_known_hosts</filename>:"
7093
msgstr ""
7094
7095
#: serverguide/C/virtualization.xml:2057(command)
7096
msgid ""
7097
"sudo sh -c \"ssh-keygen -f .ssh/known_hosts -F node01 1>> "
7098
"/etc/ssh/ssh_known_hosts\""
7099
msgstr ""
7100
7101
#: serverguide/C/virtualization.xml:2058(command)
7102
msgid ""
7103
"sudo sh -c \"ssh-keygen -f .ssh/known_hosts -F node02 1>> "
7104
"/etc/ssh/ssh_known_hosts\""
7105
msgstr ""
7106
7107
#: serverguide/C/virtualization.xml:2062(para)
7108
msgid ""
7109
"Replace <emphasis>node01</emphasis> and <emphasis>node02</emphasis> with the "
7110
"appropriate host names."
7111
msgstr ""
7112
7113
#: serverguide/C/virtualization.xml:2067(para)
7114
msgid ""
7115
"This allows the <emphasis>oneadmin</emphasis> to use "
7116
"<application>scp</application>, without a password or manual intervention, "
7117
"to deploy an image to the Compute Nodes."
7118
msgstr ""
7119
7120
#: serverguide/C/virtualization.xml:2072(para)
7121
msgid ""
7122
"On the Front-End create a directory to store the VM images, giving the "
7123
"<emphasis>oneadmin</emphasis> user access to the directory:"
7124
msgstr ""
7125
7126
#: serverguide/C/virtualization.xml:2077(command)
7127
msgid "sudo mkdir /var/lib/one/images"
7128
msgstr ""
7129
7130
#: serverguide/C/virtualization.xml:2078(command)
7131
msgid "sudo chown oneadmin /var/lib/one/images/"
7132
msgstr ""
7133
7134
#: serverguide/C/virtualization.xml:2081(para)
7135
msgid ""
7136
"Finally, copy a virtual machine disk file into "
7137
"<filename>/var/lib/one/images</filename>. You can create an Ubuntu virtual "
7138
"machine using <application>vmbuilder</application>, see <xref linkend=\"jeos-"
7139
"and-vmbuilder\"/> for details."
7140
msgstr ""
7141
7142
#: serverguide/C/virtualization.xml:2090(para)
7143
msgid ""
7144
"The <emphasis>OpenNebula Cluster</emphasis> is now ready to be configured, "
7145
"and virtual machines added to the cluster."
7146
msgstr ""
7147
7148
#: serverguide/C/virtualization.xml:2094(para)
7149
msgid "From a terminal prompt enter:"
7150
msgstr ""
7151
7152
#: serverguide/C/virtualization.xml:2099(command)
7153
msgid "onehost create node01 im_kvm vmm_kvm tm_ssh"
7154
msgstr ""
7155
7156
#: serverguide/C/virtualization.xml:2100(command)
7157
msgid "onehost create node02 im_kvm vmm_kvm tm_ssh"
7158
msgstr ""
7159
7160
#: serverguide/C/virtualization.xml:2103(para)
7161
msgid ""
7162
"Next, create a <emphasis>Virtual Network</emphasis> template file named "
7163
"<filename>vnet01.template</filename>:"
7164
msgstr ""
7165
7166
#: serverguide/C/virtualization.xml:2107(programlisting)
7167
#, no-wrap
7168
msgid ""
7169
"\n"
7170
"NAME = \"LAN\"\n"
7171
"TYPE = RANGED\n"
7172
"BRIDGE = br0\n"
7173
"NETWORK_SIZE = C\n"
7174
"NETWORK_ADDRESS = 192.168.0.0\n"
7175
msgstr ""
7176
7177
#: serverguide/C/virtualization.xml:2116(para)
7178
msgid ""
7179
"Be sure to change <emphasis>192.168.0.0</emphasis> to your local network."
7180
msgstr ""
7181
7182
#: serverguide/C/virtualization.xml:2121(para)
7183
msgid ""
7184
"Using the <application>onevnet</application> utility, add the virtual "
7185
"network to OpenNebula:"
7186
msgstr ""
7187
7188
#: serverguide/C/virtualization.xml:2126(command)
7189
msgid "onevnet create vnet01.template"
7190
msgstr ""
7191
7192
#: serverguide/C/virtualization.xml:2129(para)
7193
msgid ""
7194
"Now create a <emphasis>VM Template</emphasis> file named "
7195
"<filename>vm01.template</filename>:"
7196
msgstr ""
7197
7198
#: serverguide/C/virtualization.xml:2133(programlisting)
7199
#, no-wrap
7200
msgid ""
7201
"\n"
7202
"NAME = vm01\n"
7203
"CPU = 0.5\n"
7204
"MEMORY = 512\n"
7205
"\n"
7206
"OS = [ BOOT = hd ]\n"
7207
"\n"
7208
"DISK = [\n"
7209
" source = \"/var/lib/one/images/vm01.qcow2\",\n"
7210
" target = \"hda\",\n"
7211
" readonly = \"no\" ]\n"
7212
"\n"
7213
"NIC = [ NETWORK=\"LAN\" ]\n"
7214
"\n"
7215
"GRAPHICS = [type=\"vnc\",listen=\"127.0.0.1\",port=\"-1\"]\n"
7216
msgstr ""
7217
7218
#: serverguide/C/virtualization.xml:2150(para)
7219
msgid "Start the virtual machine using <application>onevm</application>:"
7220
msgstr ""
7221
7222
#: serverguide/C/virtualization.xml:2155(command)
7223
msgid "onevm submit vm01.template"
7224
msgstr ""
7225
7226
#: serverguide/C/virtualization.xml:2158(para)
7227
msgid ""
7228
"Use the <application>onevm list</application> option to view information "
7229
"about virtual machines. Also, the <application>onevm show vm01</application> "
7230
"option will display more details about a specific virtual machine."
7231
msgstr ""
7232
7233
#: serverguide/C/virtualization.xml:2169(para)
7234
msgid ""
7235
"See the <ulink "
7236
"url=\"http://www.opennebula.org/doku.php?id=start\">OpenNebula website</ulink"
7237
"> for more information."
7238
msgstr ""
7239
7240
#: serverguide/C/virtualization.xml:2174(para)
7241
msgid ""
7242
"You can also find help in the <emphasis>#ubuntu-virt</emphasis> and "
7243
"<emphasis>#ubuntu-server</emphasis> IRC channels on <ulink "
7244
"url=\"http://freenode.net\">Freenode</ulink>."
7245
msgstr ""
7246
7247
#: serverguide/C/virtualization.xml:2180(para)
7248
msgid ""
7249
"Also, the <ulink "
7250
"url=\"https://help.ubuntu.com/community/OpenNebula\">OpenNebula Ubuntu "
7251
"Wiki</ulink> page has more details."
7252
msgstr ""
7253
7254
#: serverguide/C/vcs.xml:13(title)
7255
msgid "Version Control System"
7256
msgstr ""
7257
7258
#: serverguide/C/vcs.xml:14(para)
7259
msgid ""
7260
"Version control is the art of managing changes to information. It has long "
7261
"been a critical tool for programmers, who typically spend their time making "
7262
"small changes to software and then undoing those changes the next day. But "
7263
"the usefulness of version control software extends far beyond the bounds of "
7264
"the software development world. Anywhere you can find people using computers "
7265
"to manage information that changes often, there is room for version control."
7266
msgstr ""
7267
7268
#: serverguide/C/vcs.xml:17(title)
7269
msgid "Bazaar"
7270
msgstr ""
7271
7272
#: serverguide/C/vcs.xml:18(para)
7273
msgid ""
7274
"Bazaar is a new version control system sponsored by Canonical, the "
7275
"commercial company behind Ubuntu. Unlike Subversion and CVS that only "
7276
"support a central repository model, Bazaar also supports "
7277
"<emphasis>distributed version control</emphasis>, giving people the ability "
7278
"to collaborate more efficiently. In particular, Bazaar is designed to "
7279
"maximize the level of community participation in open source projects."
7280
msgstr ""
7281
7282
#: serverguide/C/vcs.xml:29(para)
7283
msgid ""
7284
"At a terminal prompt, enter the following command to install "
7285
"<application>bzr</application>: <screen>\n"
7286
"<command>sudo apt-get install bzr</command>\n"
7287
"</screen>"
7288
msgstr ""
7289
7290
#: serverguide/C/vcs.xml:40(para)
7291
msgid ""
7292
"To introduce yourself to <application>bzr</application>, use the "
7293
"<emphasis>whoami</emphasis> command like this: <screen>\n"
7294
"<command>$ bzr whoami 'Joe Doe <joe.doe@gmail.com>'</command>\n"
7295
"</screen>"
7296
msgstr ""
7297
7298
#: serverguide/C/vcs.xml:49(title)
7299
msgid "Learning Bazaar"
7300
msgstr ""
7301
7302
#: serverguide/C/vcs.xml:50(para)
7303
msgid ""
7304
"Bazaar comes with bundled documentation installed into "
7305
"<application>/usr/share/doc/bzr/html</application> by default. The tutorial "
7306
"is a good place to start. The <application>bzr</application> command also "
7307
"comes with built-in help: <screen>\n"
7308
"<command>$ bzr help</command>\n"
7309
"</screen>"
7310
msgstr ""
7311
7312
#: serverguide/C/vcs.xml:60(para)
7313
msgid ""
7314
"To learn more about the <emphasis>foo</emphasis> command: <screen>\n"
7315
"<command>$ bzr help foo</command>\n"
7316
"</screen>"
7317
msgstr ""
7318
7319
#: serverguide/C/vcs.xml:68(title)
7320
msgid "Launchpad Integration"
7321
msgstr ""
7322
7323
#: serverguide/C/vcs.xml:69(para)
7324
msgid ""
7325
"While highly useful as a stand-alone system, Bazaar has good, optional "
7326
"integration with <ulink url=\"https://launchpad.net/\">Launchpad</ulink>, "
7327
"the collaborative development system used by Canonical and the broader open "
7328
"source community to manage and extend Ubuntu itself. For information on how "
7329
"Bazaar can be used with Launchpad to collaborate on open source projects, "
7330
"see <ulink url=\"http://bazaar-vcs.org/LaunchpadIntegration/\"> "
7331
"http://bazaar-vcs.org/LaunchpadIntegration</ulink>."
7332
msgstr ""
7333
7334
#: serverguide/C/vcs.xml:81(title)
7335
msgid "Subversion"
7336
msgstr ""
7337
7338
#: serverguide/C/vcs.xml:82(para)
7339
msgid ""
7340
"Subversion is an open source version control system. Using Subversion, you "
7341
"can record the history of source files and documents. It manages files and "
7342
"directories over time. A tree of files is placed into a central repository. "
7343
"The repository is much like an ordinary file server, except that it "
7344
"remembers every change ever made to files and directories."
7345
msgstr ""
7346
7347
#: serverguide/C/vcs.xml:87(para)
7348
msgid ""
7349
"To access Subversion repository using the HTTP protocol, you must install "
7350
"and configure a web server. Apache2 is proven to work with Subversion. "
7351
"Please refer to the HTTP subsection in the Apache2 section to install and "
7352
"configure Apache2. To access the Subversion repository using the HTTPS "
7353
"protocol, you must install and configure a digital certificate in your "
7354
"Apache 2 web server. Please refer to the HTTPS subsection in the Apache2 "
7355
"section to install and configure the digital certificate."
7356
msgstr ""
7357
7358
#: serverguide/C/vcs.xml:96(para)
7359
msgid ""
7360
"To install Subversion, run the following command from a terminal prompt:"
7361
msgstr ""
7362
7363
#: serverguide/C/vcs.xml:101(command)
7364
msgid "sudo apt-get install subversion libapache2-svn"
7365
msgstr ""
7366
7367
#: serverguide/C/vcs.xml:108(para)
7368
msgid ""
7369
"This step assumes you have installed above mentioned packages on your "
7370
"system. This section explains how to create a Subversion repository and "
7371
"access the project."
7372
msgstr ""
7373
7374
#: serverguide/C/vcs.xml:111(title)
7375
msgid "Create Subversion Repository"
7376
msgstr ""
7377
7378
#: serverguide/C/vcs.xml:112(para)
7379
msgid ""
7380
"The Subversion repository can be created using the following command from a "
7381
"terminal prompt:"
7382
msgstr ""
7383
7384
#: serverguide/C/vcs.xml:116(command)
7385
msgid "svnadmin create /path/to/repos/project"
7386
msgstr ""
7387
7388
#: serverguide/C/vcs.xml:121(title)
7389
msgid "Importing Files"
7390
msgstr ""
7391
7392
#: serverguide/C/vcs.xml:122(para)
7393
msgid ""
7394
"Once you create the repository you can <emphasis>import</emphasis> files "
7395
"into the repository. To import a directory, enter the following from a "
7396
"terminal prompt: <screen>\n"
7397
"<command>svn import /path/to/import/directory "
7398
"file:///path/to/repos/project</command>\n"
7399
"</screen>"
7400
msgstr ""
7401
7402
#: serverguide/C/vcs.xml:134(title) serverguide/C/vcs.xml:139(title)
7403
msgid "Access Methods"
7404
msgstr ""
7405
7406
#: serverguide/C/vcs.xml:135(para)
7407
msgid ""
7408
"Subversion repositories can be accessed (checked out) through many different "
7409
"methods --on local disk, or through various network protocols. A repository "
7410
"location, however, is always a URL. The table describes how different URL "
7411
"schemes map to the available access methods."
7412
msgstr ""
7413
7414
#: serverguide/C/vcs.xml:146(para)
7415
msgid "Schema"
7416
msgstr ""
7417
7418
#: serverguide/C/vcs.xml:147(para)
7419
msgid "Access Method"
7420
msgstr ""
7421
7422
#: serverguide/C/vcs.xml:152(para)
7423
msgid "file://"
7424
msgstr ""
7425
7426
#: serverguide/C/vcs.xml:153(para)
7427
msgid "direct repository access (on local disk)"
7428
msgstr ""
7429
7430
#: serverguide/C/vcs.xml:156(para)
7431
msgid "http://"
7432
msgstr ""
7433
7434
#: serverguide/C/vcs.xml:157(para)
7435
msgid "Access via WebDAV protocol to Subversion-aware Apache2 web server"
7436
msgstr ""
7437
7438
#: serverguide/C/vcs.xml:160(para)
7439
msgid "https://"
7440
msgstr ""
7441
7442
#: serverguide/C/vcs.xml:161(para)
7443
msgid "Same as http://, but with SSL encryption"
7444
msgstr ""
7445
7446
#: serverguide/C/vcs.xml:164(para)
7447
msgid "svn://"
7448
msgstr ""
7449
7450
#: serverguide/C/vcs.xml:165(para)
7451
msgid "Access via custom protocol to an svnserve server"
7452
msgstr ""
7453
7454
#: serverguide/C/vcs.xml:168(para)
7455
msgid "svn+ssh://"
7456
msgstr ""
7457
7458
#: serverguide/C/vcs.xml:169(para)
7459
msgid "Same as svn://, but through an SSH tunnel"
7460
msgstr ""
7461
7462
#: serverguide/C/vcs.xml:175(para)
7463
msgid ""
7464
"In this section, we will see how to configure Subversion for all these "
7465
"access methods. Here, we cover the basics. For more advanced usage details, "
7466
"refer to the <ulink url=\"http://svnbook.red-bean.com/\">svn book</ulink>."
7467
msgstr ""
7468
7469
#: serverguide/C/vcs.xml:182(title)
7470
msgid "Direct repository access (file://)"
7471
msgstr ""
7472
7473
#: serverguide/C/vcs.xml:183(para)
7474
msgid ""
7475
"This is the simplest of all access methods. It does not require any "
7476
"Subversion server process to be running. This access method is used to "
7477
"access Subversion from the same machine. The syntax of the command, entered "
7478
"at a terminal prompt, is as follows:"
7479
msgstr ""
7480
7481
#: serverguide/C/vcs.xml:190(command)
7482
msgid "svn co file:///path/to/repos/project"
7483
msgstr ""
7484
7485
#: serverguide/C/vcs.xml:193(para)
7486
msgid "or"
7487
msgstr ""
7488
7489
#: serverguide/C/vcs.xml:196(command)
7490
msgid "svn co file://localhost/path/to/repos/project"
7491
msgstr ""
7492
7493
#: serverguide/C/vcs.xml:200(para)
7494
msgid ""
7495
"If you do not specify the hostname, there are three forward slashes (///) -- "
7496
"two for the protocol (file, in this case) plus the leading slash in the "
7497
"path. If you specify the hostname, you must use two forward slashes (//)."
7498
msgstr ""
7499
7500
#: serverguide/C/vcs.xml:202(para)
7501
msgid ""
7502
"The repository permissions depend on filesystem permissions. If the user has "
7503
"read/write permission, he can checkout from and commit to the repository."
7504
msgstr ""
7505
7506
#: serverguide/C/vcs.xml:205(title)
7507
msgid "Access via WebDAV protocol (http://)"
7508
msgstr ""
7509
7510
#: serverguide/C/vcs.xml:206(para)
7511
msgid ""
7512
"To access the Subversion repository via WebDAV protocol, you must configure "
7513
"your Apache 2 web server. Add the following snippet between the "
7514
"<emphasis><VirtualHost></emphasis> and "
7515
"<emphasis></VirtualHost></emphasis> elements in "
7516
"<filename>/etc/apache2/sites-available/default</filename>, or another "
7517
"VirtualHost file:"
7518
msgstr ""
7519
7520
#: serverguide/C/vcs.xml:212(programlisting)
7521
#, no-wrap
7522
msgid ""
7523
"\n"
7524
" <Location /svn>\n"
7525
" DAV svn\n"
7526
" SVNPath /home/svn\n"
7527
" AuthType Basic\n"
7528
" AuthName \"Your repository name\"\n"
7529
" AuthUserFile /etc/subversion/passwd\n"
7530
" Require valid-user\n"
7531
" </Location> \n"
7532
msgstr ""
7533
7534
#: serverguide/C/vcs.xml:223(para)
7535
msgid ""
7536
"The above configuration snippet assumes that Subversion repositories are "
7537
"created under <filename>/home/svn/</filename> directory using "
7538
"<command>svnadmin</command> command. They can be accessible using "
7539
"<command>http://hostname/svn/repos_name</command> url."
7540
msgstr ""
7541
7542
#: serverguide/C/vcs.xml:229(para)
7543
msgid ""
7544
"To import or commit files to your Subversion repository over HTTP, the "
7545
"repository should be owned by the HTTP user. In Ubuntu systems, normally the "
7546
"HTTP user is <command>www-data</command>. To change the ownership of the "
7547
"repository files enter the following command from terminal prompt:"
7548
msgstr ""
7549
7550
#: serverguide/C/vcs.xml:238(command)
7551
msgid "sudo chown -R www-data:www-data /path/to/repos"
7552
msgstr ""
7553
7554
#: serverguide/C/vcs.xml:241(para)
7555
msgid ""
7556
"By changing the ownership of repository as <command>www-data</command> you "
7557
"will not be able to import or commit files into the repository by running "
7558
"<command>svn import file:///</command> command as any user other than "
7559
"<command>www-data</command>."
7560
msgstr ""
7561
7562
#: serverguide/C/vcs.xml:250(para)
7563
msgid ""
7564
"Next, you must create the <filename>/etc/subversion/passwd</filename> file "
7565
"that will contain user authentication details. To create a file issue the "
7566
"following command at a command prompt (which will create the file and add "
7567
"the first user):"
7568
msgstr ""
7569
7570
#: serverguide/C/vcs.xml:256(command)
7571
msgid "sudo htpasswd -c /etc/subversion/passwd user_name"
7572
msgstr ""
7573
7574
#: serverguide/C/vcs.xml:259(para)
7575
msgid ""
7576
"To add additional users omit the <emphasis>\"-c\"</emphasis> option as this "
7577
"option replaces the old file. Instead use this form:"
7578
msgstr ""
7579
7580
#: serverguide/C/vcs.xml:264(command)
7581
msgid "sudo htpasswd /etc/subversion/password user_name"
7582
msgstr ""
7583
7584
#: serverguide/C/vcs.xml:268(para)
7585
msgid ""
7586
"This command will prompt you to enter the password. Once you enter the "
7587
"password, the user is added. Now, to access the repository you can run the "
7588
"following command:"
7589
msgstr ""
7590
7591
#: serverguide/C/vcs.xml:269(command)
7592
msgid "svn co http://servername/svn"
7593
msgstr ""
7594
7595
#: serverguide/C/vcs.xml:271(para)
7596
msgid ""
7597
"The password is transmitted as plain text. If you are worried about password "
7598
"snooping, you are advised to use SSL encryption. For details, please refer "
7599
"next section."
7600
msgstr ""
7601
7602
#: serverguide/C/vcs.xml:277(title)
7603
msgid "Access via WebDAV protocol with SSL encryption (https://)"
7604
msgstr ""
7605
7606
#: serverguide/C/vcs.xml:278(para)
7607
msgid ""
7608
"Accessing Subversion repository via WebDAV protocol with SSL encryption "
7609
"(https://) is similar to http:// except that you must install and configure "
7610
"the digital certificate in your Apache2 web server. To use SSL with "
7611
"Subversion add the above Apache2 configuration to "
7612
"<filename>/etc/apache2/sites-available/default-ssl</filename>. For more "
7613
"information on setting up Apache2 with SSL see <xref linkend=\"https-"
7614
"configuration\"/>."
7615
msgstr ""
7616
7617
#: serverguide/C/vcs.xml:287(para)
7618
msgid ""
7619
"You can install a digital certificate issued by a signing authority. "
7620
"Alternatively, you can install your own self-signed certificate."
7621
msgstr ""
7622
7623
#: serverguide/C/vcs.xml:292(para)
7624
msgid ""
7625
"This step assumes you have installed and configured a digital certificate in "
7626
"your Apache 2 web server. Now, to access the Subversion repository, please "
7627
"refer to the above section! The access methods are exactly the same, except "
7628
"the protocol. You must use https:// to access the Subversion repository."
7629
msgstr ""
7630
7631
#: serverguide/C/vcs.xml:302(title)
7632
msgid "Access via custom protocol (svn://)"
7633
msgstr ""
7634
7635
#: serverguide/C/vcs.xml:303(para)
7636
msgid ""
7637
"Once the Subversion repository is created, you can configure the access "
7638
"control. You can edit the <filename> "
7639
"/path/to/repos/project/conf/svnserve.conf</filename> file to configure the "
7640
"access control. For example, to set up authentication, you can uncomment the "
7641
"following lines in the configuration file:"
7642
msgstr ""
7643
7644
#: serverguide/C/vcs.xml:310(programlisting)
7645
#, no-wrap
7646
msgid ""
7647
"# [general]\n"
7648
"# password-db = passwd"
7649
msgstr ""
7650
7651
#: serverguide/C/vcs.xml:313(para)
7652
msgid ""
7653
"After uncommenting the above lines, you can maintain the user list in the "
7654
"passwd file. So, edit the file <filename>passwd </filename> in the same "
7655
"directory and add the new user. The syntax is as follows:"
7656
msgstr ""
7657
7658
#: serverguide/C/vcs.xml:319(programlisting)
7659
#, no-wrap
7660
msgid "username = password"
7661
msgstr ""
7662
7663
#: serverguide/C/vcs.xml:320(para)
7664
msgid "For more details, please refer to the file."
7665
msgstr ""
7666
7667
#: serverguide/C/vcs.xml:324(para)
7668
msgid ""
7669
"Now, to access Subversion via the svn:// custom protocol, either from the "
7670
"same machine or a different machine, you can run svnserver using svnserve "
7671
"command. The syntax is as follows:"
7672
msgstr ""
7673
7674
#: serverguide/C/vcs.xml:329(programlisting)
7675
#, no-wrap
7676
msgid ""
7677
"$ svnserve -d --foreground -r /path/to/repos\n"
7678
"# -d -- daemon mode\n"
7679
"# --foreground -- run in foreground (useful for debugging)\n"
7680
"# -r -- root of directory to serve\n"
7681
"\n"
7682
"For more usage details, please refer to:\n"
7683
"$ svnserve --help"
7684
msgstr ""
7685
7686
#: serverguide/C/vcs.xml:337(para)
7687
msgid ""
7688
"Once you run this command, Subversion starts listening on default port "
7689
"(3690). To access the project repository, you must run the following command "
7690
"from a terminal prompt:"
7691
msgstr ""
7692
7693
#: serverguide/C/vcs.xml:340(command)
7694
msgid "svn co svn://hostname/project project --username user_name"
7695
msgstr ""
7696
7697
#: serverguide/C/vcs.xml:343(para)
7698
msgid ""
7699
"Based on server configuration, it prompts for password. Once you are "
7700
"authenticated, it checks out the code from Subversion repository. To "
7701
"synchronize the project repository with the local copy, you can run the "
7702
"<command>update</command> sub-command. The syntax of the command, entered at "
7703
"a terminal prompt, is as follows:"
7704
msgstr ""
7705
7706
#: serverguide/C/vcs.xml:351(command)
7707
msgid "cd project_dir ; svn update"
7708
msgstr ""
7709
7710
#: serverguide/C/vcs.xml:354(para)
7711
msgid ""
7712
"For more details about using each Subversion sub-command, you can refer to "
7713
"the manual. For example, to learn more about the co (checkout) command, "
7714
"please run the following command from a terminal prompt:"
7715
msgstr ""
7716
7717
#: serverguide/C/vcs.xml:358(command)
7718
msgid "svn co help"
7719
msgstr ""
7720
7721
#: serverguide/C/vcs.xml:362(title)
7722
msgid "Access via custom protocol with SSL encryption (svn+ssh://)"
7723
msgstr ""
7724
7725
#: serverguide/C/vcs.xml:363(para)
7726
msgid ""
7727
"The configuration and server process is same as in the svn:// method. For "
7728
"details, please refer to the above section. This step assumes you have "
7729
"followed the above step and started the Subversion server using "
7730
"<application>svnserve</application> command."
7731
msgstr ""
7732
7733
#: serverguide/C/vcs.xml:369(para)
7734
msgid ""
7735
"It is also assumed that the ssh server is running on that machine and that "
7736
"it is allowing incoming connections. To confirm, please try to login to that "
7737
"machine using ssh. If you can login, everything is perfect. If you cannot "
7738
"login, please address it before continuing further."
7739
msgstr ""
7740
7741
#: serverguide/C/vcs.xml:375(para)
7742
msgid ""
7743
"The svn+ssh:// protocol is used to access the Subversion repository using "
7744
"SSL encryption. The data transfer is encrypted using this method. To access "
7745
"the project repository (for example with a checkout), you must use the "
7746
"following command syntax:"
7747
msgstr ""
7748
7749
#: serverguide/C/vcs.xml:382(command)
7750
msgid "svn co svn+ssh://hostname/var/svn/repos/project"
7751
msgstr ""
7752
7753
#: serverguide/C/vcs.xml:386(para)
7754
msgid ""
7755
"You must use the full path (/path/to/repos/project) to access the Subversion "
7756
"repository using this access method."
7757
msgstr ""
7758
7759
#: serverguide/C/vcs.xml:389(para)
7760
msgid ""
7761
"Based on server configuration, it prompts for password. You must enter the "
7762
"password you use to login via ssh. Once you are authenticated, it checks out "
7763
"the code from the Subversion repository."
7764
msgstr ""
7765
7766
#: serverguide/C/vcs.xml:399(title)
7767
msgid "CVS Server"
7768
msgstr ""
7769
7770
#: serverguide/C/vcs.xml:400(para)
7771
msgid ""
7772
"CVS is a version control system. You can use it to record the history of "
7773
"source files."
7774
msgstr ""
7775
7776
#: serverguide/C/vcs.xml:406(para)
7777
msgid ""
7778
"To install <application>CVS</application>, run the following command from a "
7779
"terminal prompt: <screen>\n"
7780
"<command>sudo apt-get install cvs</command>\n"
7781
"</screen> After you install <application>cvs</application>, you should "
7782
"install <application>xinetd</application> to start/stop the cvs server. At "
7783
"the prompt, enter the following command to install "
7784
"<application>xinetd</application>: <screen>\n"
7785
"<command>sudo apt-get install xinetd</command>\n"
7786
"</screen>"
7787
msgstr ""
7788
7789
#: serverguide/C/vcs.xml:439(programlisting)
7790
#, no-wrap
7791
msgid ""
7792
"\n"
7793
"service cvspserver\n"
7794
"{\n"
7795
" port = 2401\n"
7796
" socket_type = stream\n"
7797
" protocol = tcp\n"
7798
" user = root\n"
7799
" wait = no\n"
7800
" type = UNLISTED\n"
7801
" server = /usr/bin/cvs\n"
7802
" server_args = -f --allow-root /var/lib/cvs pserver\n"
7803
" disable = no\n"
7804
"}\n"
7805
msgstr ""
7806
7807
#: serverguide/C/vcs.xml:455(para)
7808
msgid ""
7809
"Be sure to edit the repository if you have changed the default repository "
7810
"(<application>/var/lib/cvs</application>) directory."
7811
msgstr ""
7812
7813
#: serverguide/C/vcs.xml:424(para)
7814
msgid ""
7815
"Once you install cvs, the repository will be automatically initialized. By "
7816
"default, the repository resides under the "
7817
"<application>/var/lib/cvs</application> directory. You can change this path "
7818
"by running following command: <screen>\n"
7819
"<command>cvs -d /your/new/cvs/repo init</command>\n"
7820
"</screen> Once the initial repository is set up, you can configure "
7821
"<application>xinetd</application> to start the CVS server. You can copy the "
7822
"following lines to the <filename> /etc/xinetd.d/cvspserver</filename> file. "
7823
"<placeholder-1/><placeholder-2/> Once you have configured "
7824
"<application>xinetd</application> you can start the cvs server by running "
7825
"following command: <screen>\n"
7826
"<command>sudo /etc/init.d/xinetd restart</command>\n"
7827
"</screen>"
7828
msgstr ""
7829
7830
#: serverguide/C/vcs.xml:468(para)
7831
msgid ""
7832
"You can confirm that the CVS server is running by issuing the following "
7833
"command:"
7834
msgstr ""
7835
7836
#: serverguide/C/vcs.xml:475(command)
7837
msgid "sudo netstat -tap | grep cvs"
7838
msgstr ""
7839
7840
#: serverguide/C/vcs.xml:479(para) serverguide/C/databases.xml:65(para)
7841
msgid ""
7842
"When you run this command, you should see the following line or something "
7843
"similar:"
7844
msgstr ""
7845
7846
#: serverguide/C/vcs.xml:484(programlisting)
7847
#, no-wrap
7848
msgid ""
7849
"\n"
7850
"tcp 0 0 *:cvspserver *:* LISTEN \n"
7851
msgstr ""
7852
7853
#: serverguide/C/vcs.xml:488(para)
7854
msgid ""
7855
"From here you can continue to add users, add new projects, and manage the "
7856
"CVS server."
7857
msgstr ""
7858
7859
#: serverguide/C/vcs.xml:493(para)
7860
msgid ""
7861
"CVS allows the user to add users independently of the underlying OS "
7862
"installation. Probably the easiest way is to use the Linux Users for CVS, "
7863
"although it has potential security issues. Please refer to the CVS manual "
7864
"for details."
7865
msgstr ""
7866
7867
#: serverguide/C/vcs.xml:503(title)
7868
msgid "Add Projects"
7869
msgstr ""
7870
7871
#: serverguide/C/vcs.xml:515(para)
7872
msgid ""
7873
"You can use the CVSROOT environment variable to store the CVS root "
7874
"directory. Once you export the CVSROOT environment variable, you can avoid "
7875
"using -d option in the above cvs command."
7876
msgstr ""
7877
7878
#: serverguide/C/vcs.xml:527(para)
7879
msgid ""
7880
"When you add a new project, the CVS user you use must have write access to "
7881
"the CVS repository (<application>/var/lib/cvs</application>). By default, "
7882
"the <application>src</application> group has write access to the CVS "
7883
"repository. So, you can add the user to this group, and he can then add and "
7884
"manage projects in the CVS repository."
7885
msgstr ""
7886
7887
#: serverguide/C/vcs.xml:504(para)
7888
msgid ""
7889
"This section explains how to add new project to the CVS repository. Create "
7890
"the directory and add necessary document and source files to the directory. "
7891
"Now, run the following command to add this project to CVS repository: "
7892
"<screen>\n"
7893
"<command>cd your/project</command>\n"
7894
"<command>cvs -d :pserver:username@hostname.com:/var/lib/cvs import -m "
7895
"\"Importing my project to CVS repository\" . new_project start</command>\n"
7896
"</screen><placeholder-1/> The string <emphasis>new_project</emphasis> is a "
7897
"vendor tag, and <emphasis>start</emphasis> is a release tag. They serve no "
7898
"purpose in this context, but since CVS requires them, they must be present. "
7899
"<placeholder-2/>"
7900
msgstr ""
7901
7902
#: serverguide/C/vcs.xml:540(ulink)
7903
msgid "Bazaar Home Page"
7904
msgstr ""
7905
7906
#: serverguide/C/vcs.xml:541(ulink)
7907
msgid "Launchpad"
7908
msgstr ""
7909
7910
#: serverguide/C/vcs.xml:542(ulink)
7911
msgid "Subversion Home Page"
7912
msgstr ""
7913
7914
#: serverguide/C/vcs.xml:543(ulink)
7915
msgid "Subversion Book"
7916
msgstr ""
7917
7918
#: serverguide/C/vcs.xml:545(ulink)
7919
msgid "CVS Manual"
7920
msgstr ""
7921
7922
#: serverguide/C/vcs.xml:546(ulink)
7923
msgid "Easy Bazaar Ubuntu Wiki page"
7924
msgstr ""
7925
7926
#: serverguide/C/vcs.xml:547(ulink)
7927
msgid "Ubuntu Wiki Subversion page"
7928
msgstr ""
7929
7930
#: serverguide/C/serverguide.xml:3(title) serverguide/C/bookinfo.xml:3(title)
7931
msgid "Credits and License"
7932
msgstr ""
7933
7934
#: serverguide/C/serverguide.xml:4(para) serverguide/C/bookinfo.xml:4(para)
7935
msgid ""
7936
"This document is maintained by the Ubuntu documentation team "
7937
"(https://wiki.ubuntu.com/DocumentationTeam). For a list of contributors, see "
7938
"the <ulink url=\"../../libs/C/contributors.xml\">contributors page</ulink>"
7939
msgstr ""
7940
7941
#: serverguide/C/serverguide.xml:5(para) serverguide/C/bookinfo.xml:5(para)
7942
msgid ""
7943
"This document is made available under the Creative Commons ShareAlike 2.5 "
7944
"License (CC-BY-SA)."
7945
msgstr ""
7946
7947
#: serverguide/C/serverguide.xml:6(para) serverguide/C/bookinfo.xml:6(para)
7948
msgid ""
7949
"You are free to modify, extend, and improve the Ubuntu documentation source "
7950
"code under the terms of this license. All derivative works must be released "
7951
"under this license."
7952
msgstr ""
7953
7954
#: serverguide/C/serverguide.xml:8(para) serverguide/C/bookinfo.xml:8(para)
7955
msgid ""
7956
"This documentation is distributed in the hope that it will be useful, but "
7957
"WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY "
7958
"or FITNESS FOR A PARTICULAR PURPOSE AS DESCRIBED IN THE DISCLAIMER."
7959
msgstr ""
7960
7961
#: serverguide/C/serverguide.xml:11(para) serverguide/C/bookinfo.xml:11(para)
7962
msgid ""
7963
"A copy of the license is available here: <ulink url=\"/usr/share/ubuntu-"
7964
"docs/libs/C/ccbysa.xml\">Creative Commons ShareAlike License</ulink>."
7965
msgstr ""
7966
7967
#: serverguide/C/serverguide.xml:14(year) serverguide/C/bookinfo.xml:14(year)
7968
msgid "2008"
7969
msgstr ""
7970
7971
#: serverguide/C/serverguide.xml:15(ulink) serverguide/C/bookinfo.xml:15(ulink)
7972
msgid "Ubuntu Documentation Project"
7973
msgstr ""
7974
7975
#: serverguide/C/serverguide.xml:15(holder) serverguide/C/bookinfo.xml:15(holder)
7976
msgid "Canonical Ltd. and members of the <placeholder-1/>"
7977
msgstr ""
7978
7979
#: serverguide/C/serverguide.xml:18(publishername) serverguide/C/bookinfo.xml:18(publishername)
7980
msgid "The Ubuntu Documentation Project"
7981
msgstr ""
7982
7983
#: serverguide/C/serverguide.xml:17(para)
7984
msgid ""
7985
"Welcome to the <emphasis>Ubuntu Server Guide</emphasis>! It contains "
7986
"information on how to install and configure various server applications on "
7987
"your Ubuntu system to fit your needs. It is a step-by-step, task-oriented "
7988
"guide for configuring and customizing your system."
7989
msgstr ""
7990
7991
#: serverguide/C/security.xml:13(title)
7992
msgid "Security"
7993
msgstr ""
7994
7995
#: serverguide/C/security.xml:14(para)
7996
msgid ""
7997
"Security should always be considered when installing, deploying, and using "
7998
"any type of computer system. Although a fresh installation of Ubuntu is "
7999
"relatively safe for immediate use on the Internet, it is important to have a "
8000
"balanced understanding of your systems security posture based on how it will "
8001
"be used after deployment."
8002
msgstr ""
8003
8004
#: serverguide/C/security.xml:17(para)
8005
msgid ""
8006
"This chapter provides an overview of security related topics as they pertain "
8007
"to Ubuntu 10.04 LTS Server Edition, and outlines simple measures you may use "
8008
"to protect your server and network from any number of potential security "
8009
"threats."
8010
msgstr ""
8011
8012
#: serverguide/C/security.xml:21(title)
8013
msgid "User Management"
8014
msgstr ""
8015
8016
#: serverguide/C/security.xml:22(para)
8017
msgid ""
8018
"User management is a critical part of maintaining a secure system. "
8019
"Ineffective user and privilege management often lead many systems into being "
8020
"compromised. Therefore, it is important that you understand how you can "
8021
"protect your server through simple and effective user account management "
8022
"techniques."
8023
msgstr ""
8024
8025
#: serverguide/C/security.xml:26(title)
8026
msgid "Where is root?"
8027
msgstr ""
8028
8029
#: serverguide/C/security.xml:27(para)
8030
msgid ""
8031
"Ubuntu developers made a conscientious decision to disable the "
8032
"administrative root account by default in all Ubuntu installations. This "
8033
"does not mean that the root account has been deleted or that it may not be "
8034
"accessed. It merely has been given a password which matches no possible "
8035
"encrypted value, therefore may not log in directly by itself."
8036
msgstr ""
8037
8038
#: serverguide/C/security.xml:30(para)
8039
msgid ""
8040
"Instead, users are encouraged to make use of a tool by the name of "
8041
"<application>sudo</application> to carry out system administrative duties. "
8042
"<application>Sudo</application> allows an authorized user to temporarily "
8043
"elevate their privileges using their own password instead of having to know "
8044
"the password belonging to the root account. This simple yet effective "
8045
"methodology provides accountability for all user actions, and gives the "
8046
"administrator granular control over which actions a user can perform with "
8047
"said privileges."
8048
msgstr ""
8049
8050
#: serverguide/C/security.xml:35(para)
8051
msgid ""
8052
"If for some reason you wish to enable the root account, simply give it a "
8053
"password:"
8054
msgstr ""
8055
8056
#: serverguide/C/security.xml:39(command)
8057
msgid "sudo passwd"
8058
msgstr ""
8059
8060
#: serverguide/C/security.xml:41(para)
8061
msgid ""
8062
"Sudo will prompt you for your password, and then ask you to supply a new "
8063
"password for root as shown below:"
8064
msgstr ""
8065
8066
#: serverguide/C/security.xml:44(userinput)
8067
#, no-wrap
8068
msgid "(enter your own password)"
8069
msgstr ""
8070
8071
#: serverguide/C/security.xml:45(userinput)
8072
#, no-wrap
8073
msgid "(enter a new password for root)"
8074
msgstr ""
8075
8076
#: serverguide/C/security.xml:46(userinput)
8077
#, no-wrap
8078
msgid "(repeat new password for root)"
8079
msgstr ""
8080
8081
#: serverguide/C/security.xml:44(computeroutput)
8082
#, no-wrap
8083
msgid ""
8084
"[sudo] password for username: <placeholder-1/>\n"
8085
"Enter new UNIX password: <placeholder-2/>\n"
8086
"Retype new UNIX password: <placeholder-3/>\n"
8087
"passwd: password updated successfully"
8088
msgstr ""
8089
8090
#: serverguide/C/security.xml:51(para)
8091
msgid "To disable the root account, use the following passwd syntax:"
8092
msgstr ""
8093
8094
#: serverguide/C/security.xml:55(command)
8095
msgid "sudo passwd -l root"
8096
msgstr ""
8097
8098
#: serverguide/C/security.xml:59(para)
8099
msgid ""
8100
"You should read more on <application>Sudo</application> by checking out it's "
8101
"man page:"
8102
msgstr ""
8103
8104
#: serverguide/C/security.xml:63(command)
8105
msgid "man sudo"
8106
msgstr ""
8107
8108
#: serverguide/C/security.xml:67(para)
8109
msgid ""
8110
"By default, the initial user created by the Ubuntu installer is a member of "
8111
"the group \"admin\" which is added to the file "
8112
"<filename>/etc/sudoers</filename> as an authorized sudo user. If you wish to "
8113
"give any other account full root access through "
8114
"<application>sudo</application>, simply add them to the admin group."
8115
msgstr ""
8116
8117
#: serverguide/C/security.xml:73(title)
8118
msgid "Adding and Deleting Users"
8119
msgstr ""
8120
8121
#: serverguide/C/security.xml:74(para)
8122
msgid ""
8123
"The process for managing local users and groups is straight forward and "
8124
"differs very little from most other GNU/Linux operating systems. Ubuntu and "
8125
"other Debian based distributions, encourage the use of the \"adduser\" "
8126
"package for account management."
8127
msgstr ""
8128
8129
#: serverguide/C/security.xml:79(para)
8130
msgid ""
8131
"To add a user account, use the following syntax, and follow the prompts to "
8132
"give the account a password and identifiable characteristics such as a full "
8133
"name, phone number, etc."
8134
msgstr ""
8135
8136
#: serverguide/C/security.xml:83(command)
8137
msgid "sudo adduser username"
8138
msgstr ""
8139
8140
#: serverguide/C/security.xml:87(para)
8141
msgid ""
8142
"To delete a user account and its primary group, use the following syntax:"
8143
msgstr ""
8144
8145
#: serverguide/C/security.xml:91(command)
8146
msgid "sudo deluser username"
8147
msgstr ""
8148
8149
#: serverguide/C/security.xml:93(para)
8150
msgid ""
8151
"Deleting an account does not remove their respective home folder. It is up "
8152
"to you whether or not you wish to delete the folder manually or keep it "
8153
"according to your desired retention policies."
8154
msgstr ""
8155
8156
#: serverguide/C/security.xml:96(para)
8157
msgid ""
8158
"Remember, any user added later on with the same UID/GID as the previous "
8159
"owner will now have access to this folder if you have not taken the "
8160
"necessary precautions."
8161
msgstr ""
8162
8163
#: serverguide/C/security.xml:99(para)
8164
msgid ""
8165
"You may want to change these UID/GID values to something more appropriate, "
8166
"such as the root account, and perhaps even relocate the folder to avoid "
8167
"future conflicts:"
8168
msgstr ""
8169
8170
#: serverguide/C/security.xml:103(command)
8171
msgid "sudo chown -R root:root /home/username/"
8172
msgstr ""
8173
8174
#: serverguide/C/security.xml:104(command)
8175
msgid "sudo mkdir /home/archived_users/"
8176
msgstr ""
8177
8178
#: serverguide/C/security.xml:105(command)
8179
msgid "sudo mv /home/username /home/archived_users/"
8180
msgstr ""
8181
8182
#: serverguide/C/security.xml:109(para)
8183
msgid ""
8184
"To temporarily lock or unlock a user account, use the following syntax, "
8185
"respectively:"
8186
msgstr ""
8187
8188
#: serverguide/C/security.xml:113(command)
8189
msgid "sudo passwd -l username"
8190
msgstr ""
8191
8192
#: serverguide/C/security.xml:114(command)
8193
msgid "sudo passwd -u username"
8194
msgstr ""
8195
8196
#: serverguide/C/security.xml:118(para)
8197
msgid ""
8198
"To add or delete a personalized group, use the following syntax, "
8199
"respectively:"
8200
msgstr ""
8201
8202
#: serverguide/C/security.xml:122(command)
8203
msgid "sudo addgroup groupname"
8204
msgstr ""
8205
8206
#: serverguide/C/security.xml:123(command)
8207
msgid "sudo delgroup groupname"
8208
msgstr ""
8209
8210
#: serverguide/C/security.xml:127(para)
8211
msgid "To add a user to a group, use the following syntax:"
8212
msgstr ""
8213
8214
#: serverguide/C/security.xml:131(command)
8215
msgid "sudo adduser username groupname"
8216
msgstr ""
8217
8218
#: serverguide/C/security.xml:138(title)
8219
msgid "User Profile Security"
8220
msgstr ""
8221
8222
#: serverguide/C/security.xml:139(para)
8223
msgid ""
8224
"When a new user is created, the adduser utility creates a brand new home "
8225
"directory named <filename class=\"directory\">/home/username</filename>, "
8226
"respectively. The default profile is modeled after the contents found in the "
8227
"directory of <filename class=\"directory\">/etc/skel</filename>, which "
8228
"includes all profile basics."
8229
msgstr ""
8230
8231
#: serverguide/C/security.xml:142(para)
8232
msgid ""
8233
"If your server will be home to multiple users, you should pay close "
8234
"attention to the user home directory permissions to ensure confidentiality. "
8235
"By default, user home directories in Ubuntu are created with world "
8236
"read/execute permissions. This means that all users can browse and access "
8237
"the contents of other users home directories. This may not be suitable for "
8238
"your environment."
8239
msgstr ""
8240
8241
#: serverguide/C/security.xml:147(para)
8242
msgid ""
8243
"To verify your current users home directory permissions, use the following "
8244
"syntax:"
8245
msgstr ""
8246
8247
#: serverguide/C/security.xml:151(command) serverguide/C/security.xml:183(command)
8248
msgid "ls -ld /home/username"
8249
msgstr ""
8250
8251
#: serverguide/C/security.xml:153(para)
8252
msgid ""
8253
"The following output shows that the directory <filename "
8254
"class=\"directory\">/home/username</filename> has world readable permissions:"
8255
msgstr ""
8256
8257
#: serverguide/C/security.xml:156(computeroutput)
8258
#, no-wrap
8259
msgid "drwxr-xr-x 2 username username 4096 2007-10-02 20:03 username"
8260
msgstr ""
8261
8262
#: serverguide/C/security.xml:160(para)
8263
msgid ""
8264
"You can remove the world readable permissions using the following syntax:"
8265
msgstr ""
8266
8267
#: serverguide/C/security.xml:164(command)
8268
msgid "sudo chmod 0750 /home/username"
8269
msgstr ""
8270
8271
#: serverguide/C/security.xml:167(para)
8272
msgid ""
8273
"Some people tend to use the recursive option (-R) indiscriminately which "
8274
"modifies all child folders and files, but this is not necessary, and may "
8275
"yield other undesirable results. The parent directory alone is sufficient "
8276
"for preventing unauthorized access to anything below the parent."
8277
msgstr ""
8278
8279
#: serverguide/C/security.xml:171(para)
8280
msgid ""
8281
"A much more efficient approach to the matter would be to modify the "
8282
"<application>adduser</application> global default permissions when creating "
8283
"user home folders. Simply edit the file "
8284
"<filename>/etc/adduser.conf</filename> and modify the "
8285
"<varname>DIR_MODE</varname> variable to something appropriate, so that all "
8286
"new home directories will receive the correct permissions."
8287
msgstr ""
8288
8289
#: serverguide/C/security.xml:174(programlisting)
8290
#, no-wrap
8291
msgid ""
8292
"\n"
8293
"DIR_MODE=0750\n"
8294
msgstr ""
8295
8296
#: serverguide/C/security.xml:179(para)
8297
msgid ""
8298
"After correcting the directory permissions using any of the previously "
8299
"mentioned techniques, verify the results using the following syntax:"
8300
msgstr ""
8301
8302
#: serverguide/C/security.xml:185(para)
8303
msgid ""
8304
"The results below show that world readable permissions have been removed:"
8305
msgstr ""
8306
8307
#: serverguide/C/security.xml:188(computeroutput)
8308
#, no-wrap
8309
msgid "drwxr-x--- 2 username username 4096 2007-10-02 20:03 username"
8310
msgstr ""
8311
8312
#: serverguide/C/security.xml:195(title)
8313
msgid "Password Policy"
8314
msgstr ""
8315
8316
#: serverguide/C/security.xml:196(para)
8317
msgid ""
8318
"A strong password policy is one of the most important aspects of your "
8319
"security posture. Many successful security breaches involve simple brute "
8320
"force and dictionary attacks against weak passwords. If you intend to offer "
8321
"any form of remote access involving your local password system, make sure "
8322
"you adequately address minimum password complexity requirements, maximum "
8323
"password lifetimes, and frequent audits of your authentication systems."
8324
msgstr ""
8325
8326
#: serverguide/C/security.xml:200(title)
8327
msgid "Minimum Password Length"
8328
msgstr ""
8329
8330
#: serverguide/C/security.xml:201(para)
8331
msgid ""
8332
"By default, Ubuntu requires a minimum password length of 4 characters, as "
8333
"well as some basic entropy checks. These values are controlled in the file "
8334
"<filename>/etc/pam.d/common-password</filename>, which is outlined below."
8335
msgstr ""
8336
8337
#: serverguide/C/security.xml:204(programlisting)
8338
#, no-wrap
8339
msgid ""
8340
"\n"
8341
"password required pam_unix.so nullok obscure min=4 max=8 md5\n"
8342
msgstr ""
8343
8344
#: serverguide/C/security.xml:207(para)
8345
msgid ""
8346
"If you would like to adjust the minimum length to 6 characters, change the "
8347
"appropriate variable to min=6. The modification is outlined below."
8348
msgstr ""
8349
8350
#: serverguide/C/security.xml:210(programlisting)
8351
#, no-wrap
8352
msgid ""
8353
"\n"
8354
"password required pam_unix.so nullok obscure min=6 max=8 md5\n"
8355
msgstr ""
8356
8357
#: serverguide/C/security.xml:214(para)
8358
msgid ""
8359
"The <varname>max=8</varname> variable does not represent the maximum length "
8360
"of a password. It only means that complexity requirements will not be "
8361
"checked on passwords over 8 characters. You may want to look at the "
8362
"<application>libpam-cracklib</application> package for additional password "
8363
"entropy assistance."
8364
msgstr ""
8365
8366
#: serverguide/C/security.xml:220(title)
8367
msgid "Password Expiration"
8368
msgstr ""
8369
8370
#: serverguide/C/security.xml:221(para)
8371
msgid ""
8372
"When creating user accounts, you should make it a policy to have a minimum "
8373
"and maximum password age forcing users to change their passwords when they "
8374
"expire."
8375
msgstr ""
8376
8377
#: serverguide/C/security.xml:226(para)
8378
msgid ""
8379
"To easily view the current status of a user account, use the following "
8380
"syntax:"
8381
msgstr ""
8382
8383
#: serverguide/C/security.xml:230(command) serverguide/C/security.xml:263(command)
8384
msgid "sudo chage -l username"
8385
msgstr ""
8386
8387
#: serverguide/C/security.xml:232(para)
8388
msgid ""
8389
"The output below shows interesting facts about the user account, namely that "
8390
"there are no policies applied:"
8391
msgstr ""
8392
8393
#: serverguide/C/security.xml:235(computeroutput)
8394
#, no-wrap
8395
msgid ""
8396
"Last password change : Jan 20, 2008\n"
8397
"Password expires : never\n"
8398
"Password inactive : never\n"
8399
"Account expires : never\n"
8400
"Minimum number of days between password change : 0\n"
8401
"Maximum number of days between password change : 99999\n"
8402
"Number of days of warning before password expires : 7"
8403
msgstr ""
8404
8405
#: serverguide/C/security.xml:245(para)
8406
msgid ""
8407
"To set any of these values, simply use the following syntax, and follow the "
8408
"interactive prompts:"
8409
msgstr ""
8410
8411
#: serverguide/C/security.xml:249(command)
8412
msgid "sudo chage username"
8413
msgstr ""
8414
8415
#: serverguide/C/security.xml:251(para)
8416
msgid ""
8417
"The following is also an example of how you can manually change the explicit "
8418
"expiration date (-E) to 01/31/2008, minimum password age (-m) of 5 days, "
8419
"maximum password age (-M) of 90 days, inactivity period (-I) of 5 days after "
8420
"password expiration, and a warning time period (-W) of 14 days before "
8421
"password expiration."
8422
msgstr ""
8423
8424
#: serverguide/C/security.xml:255(command)
8425
msgid "sudo chage -E 01/31/2008 -m 5 -M 90 -I 30 -W 14 username"
8426
msgstr ""
8427
8428
#: serverguide/C/security.xml:259(para)
8429
msgid "To verify changes, use the same syntax as mentioned previously:"
8430
msgstr ""
8431
8432
#: serverguide/C/security.xml:265(para)
8433
msgid ""
8434
"The output below shows the new policies that have been established for the "
8435
"account:"
8436
msgstr ""
8437
8438
#: serverguide/C/security.xml:268(computeroutput)
8439
#, no-wrap
8440
msgid ""
8441
"Last password change : Jan 20, 2008\n"
8442
"Password expires : Apr 19, 2008\n"
8443
"Password inactive : May 19, 2008\n"
8444
"Account expires : Jan 31, 2008\n"
8445
"Minimum number of days between password change : 5\n"
8446
"Maximum number of days between password change : 90\n"
8447
"Number of days of warning before password expires : 14"
8448
msgstr ""
8449
8450
#: serverguide/C/security.xml:284(title)
8451
msgid "Other Security Considerations"
8452
msgstr ""
8453
8454
#: serverguide/C/security.xml:285(para)
8455
msgid ""
8456
"Many applications use alternate authentication mechanisms that can be easily "
8457
"overlooked by even experienced system administrators. Therefore, it is "
8458
"important to understand and control how users authenticate and gain access "
8459
"to services and applications on your server."
8460
msgstr ""
8461
8462
#: serverguide/C/security.xml:290(title)
8463
msgid "SSH Access by Disabled Users"
8464
msgstr ""
8465
8466
#: serverguide/C/security.xml:291(para)
8467
msgid ""
8468
"Simply disabling/locking a user account will not prevent a user from logging "
8469
"into your server remotely if they have previously set up RSA public key "
8470
"authentication. They will still be able to gain shell access to the server, "
8471
"without the need for any password. Remember to check the users home "
8472
"directory for files that will allow for this type of authenticated SSH "
8473
"access. e.g. <filename>/home/username/.ssh/authorized_keys</filename>."
8474
msgstr ""
8475
8476
#: serverguide/C/security.xml:294(para)
8477
msgid ""
8478
"Remove or rename the directory <filename "
8479
"class=\"directory\">.ssh/</filename> in the user's home folder to prevent "
8480
"further SSH authentication capabilities."
8481
msgstr ""
8482
8483
#: serverguide/C/security.xml:297(para)
8484
msgid ""
8485
"Be sure to check for any established SSH connections by the disabled user, "
8486
"as it is possible they may have existing inbound or outbound connections. "
8487
"Kill any that are found."
8488
msgstr ""
8489
8490
#: serverguide/C/security.xml:300(para)
8491
msgid ""
8492
"Restrict SSH access to only user accounts that should have it. For example, "
8493
"you may create a group called \"sshlogin\" and add the group name as the "
8494
"value associated with the <varname>AllowGroups</varname> variable located in "
8495
"the file <filename>/etc/ssh/sshd_config</filename>."
8496
msgstr ""
8497
8498
#: serverguide/C/security.xml:303(programlisting)
8499
#, no-wrap
8500
msgid ""
8501
"\n"
8502
"AllowGroups sshlogin\n"
8503
msgstr ""
8504
8505
#: serverguide/C/security.xml:306(para)
8506
msgid ""
8507
"Then add your permitted SSH users to the group \"sshlogin\", and restart the "
8508
"SSH service."
8509
msgstr ""
8510
8511
#: serverguide/C/security.xml:310(command)
8512
msgid "sudo adduser username sshlogin"
8513
msgstr ""
8514
8515
#: serverguide/C/security.xml:311(command) serverguide/C/remote-administration.xml:150(command)
8516
msgid "sudo /etc/init.d/ssh restart"
8517
msgstr ""
8518
8519
#: serverguide/C/security.xml:315(title)
8520
msgid "External User Database Authentication"
8521
msgstr ""
8522
8523
#: serverguide/C/security.xml:316(para)
8524
msgid ""
8525
"Most enterprise networks require centralized authentication and access "
8526
"controls for all system resources. If you have configured your server to "
8527
"authenticate users against external databases, be sure to disable the user "
8528
"accounts both externally and locally, this way you ensure that local "
8529
"fallback authentication is not possible."
8530
msgstr ""
8531
8532
#: serverguide/C/security.xml:325(title)
8533
msgid "Console Security"
8534
msgstr ""
8535
8536
#: serverguide/C/security.xml:326(para)
8537
msgid ""
8538
"As with any other security barrier you put in place to protect your server, "
8539
"it is pretty tough to defend against untold damage caused by someone with "
8540
"physical access to your environment, for example, theft of hard drives, "
8541
"power or service disruption and so on. Therefore, console security should be "
8542
"addressed merely as one component of your overall physical security "
8543
"strategy. A locked \"screen door\" may deter a casual criminal, or at the "
8544
"very least slow down a determined one, so it is still advisable to perform "
8545
"basic precautions with regard to console security."
8546
msgstr ""
8547
8548
#: serverguide/C/security.xml:329(para)
8549
msgid ""
8550
"The following instructions will help defend your server against issues that "
8551
"could otherwise yield very serious consequences."
8552
msgstr ""
8553
8554
#: serverguide/C/security.xml:334(title)
8555
msgid "Disable Ctrl+Alt+Delete"
8556
msgstr ""
8557
8558
#: serverguide/C/security.xml:335(para)
8559
msgid ""
8560
"First and foremost, anyone that has physical access to the keyboard can "
8561
"simply use the "
8562
"<keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>Delete</keycap></k"
8563
"eycombo> key combination to reboot the server without having to log on. "
8564
"Sure, someone could simply unplug the power source, but you should still "
8565
"prevent the use of this key combination on a production server. This forces "
8566
"an attacker to take more drastic measures to reboot the server, and will "
8567
"prevent accidental reboots at the same time."
8568
msgstr ""
8569
8570
#: serverguide/C/security.xml:340(para)
8571
msgid ""
8572
"To disable the reboot action taken by pressing the "
8573
"<keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>Delete</keycap></k"
8574
"eycombo> key combination, comment out the following line in the file "
8575
"<filename>/etc/init/control-alt-delete.conf</filename>."
8576
msgstr ""
8577
8578
#: serverguide/C/security.xml:343(programlisting)
8579
#, no-wrap
8580
msgid ""
8581
"\n"
8582
"#exec shutdown -r now \"Control-Alt-Delete pressed\"\n"
8583
msgstr ""
8584
8585
#: serverguide/C/security.xml:352(title)
8586
msgid "Firewall"
8587
msgstr ""
8588
8589
#: serverguide/C/security.xml:355(para)
8590
msgid ""
8591
"The Linux kernel includes the <emphasis>Netfilter</emphasis> subsystem, "
8592
"which is used to manipulate or decide the fate of network traffic headed "
8593
"into or through your server. All modern Linux firewall solutions use this "
8594
"system for packet filtering."
8595
msgstr ""
8596
8597
#: serverguide/C/security.xml:360(para)
8598
msgid ""
8599
"The kernel's packet filtering system would be of little use to "
8600
"administrators without a userspace interface to manage it. This is the "
8601
"purpose of iptables. When a packet reaches your server, it will be handed "
8602
"off to the Netfilter subsystem for acceptance, manipulation, or rejection "
8603
"based on the rules supplied to it from userspace via iptables. Thus, "
8604
"iptables is all you need to manage your firewall if you're familiar with it, "
8605
"but many frontends are available to simplify the task."
8606
msgstr ""
8607
8608
#: serverguide/C/security.xml:370(title)
8609
msgid "ufw - Uncomplicated Firewall"
8610
msgstr ""
8611
8612
#: serverguide/C/security.xml:371(para)
8613
msgid ""
8614
"The default firewall configuration tool for Ubuntu is "
8615
"<application>ufw</application>. Developed to ease iptables firewall "
8616
"configuration, <application>ufw</application> provides a user friendly way "
8617
"to create an IPv4 or IPv6 host-based firewall."
8618
msgstr ""
8619
8620
#: serverguide/C/security.xml:375(para)
8621
msgid ""
8622
"<application>ufw</application> by default is initially disabled. From the "
8623
"<application>ufw</application> man page:"
8624
msgstr ""
8625
8626
#: serverguide/C/security.xml:379(quote)
8627
msgid ""
8628
"ufw is not intended to provide complete firewall functionality via its "
8629
"command interface, but instead provides an easy way to add or remove simple "
8630
"rules. It is currently mainly used for host-based firewalls."
8631
msgstr ""
8632
8633
#: serverguide/C/security.xml:383(para)
8634
msgid ""
8635
"The following are some examples of how to use <application>ufw</application>:"
8636
msgstr ""
8637
8638
#: serverguide/C/security.xml:388(para)
8639
msgid ""
8640
"First, <application>ufw</application> needs to be enabled. From a terminal "
8641
"prompt enter:"
8642
msgstr ""
8643
8644
#: serverguide/C/security.xml:392(command)
8645
msgid "sudo ufw enable"
8646
msgstr ""
8647
8648
#: serverguide/C/security.xml:396(para)
8649
msgid "To open a port (ssh in this example):"
8650
msgstr ""
8651
8652
#: serverguide/C/security.xml:400(command)
8653
msgid "sudo ufw allow 22"
8654
msgstr ""
8655
8656
#: serverguide/C/security.xml:404(para)
8657
msgid "Rules can also be added using a <emphasis>numbered</emphasis> format:"
8658
msgstr ""
8659
8660
#: serverguide/C/security.xml:408(command)
8661
msgid "sudo ufw insert 1 allow 80"
8662
msgstr ""
8663
8664
#: serverguide/C/security.xml:412(para)
8665
msgid "Similarly, to close an opened port:"
8666
msgstr ""
8667
8668
#: serverguide/C/security.xml:416(command)
8669
msgid "sudo ufw deny 22"
8670
msgstr ""
8671
8672
#: serverguide/C/security.xml:420(para)
8673
msgid "To remove a rule, use delete followed by the rule:"
8674
msgstr ""
8675
8676
#: serverguide/C/security.xml:424(command)
8677
msgid "sudo ufw delete deny 22"
8678
msgstr ""
8679
8680
#: serverguide/C/security.xml:428(para)
8681
msgid ""
8682
"It is also possible to allow access from specific hosts or networks to a "
8683
"port. The following example allows ssh access from host 192.168.0.2 to any "
8684
"ip address on this host:"
8685
msgstr ""
8686
8687
#: serverguide/C/security.xml:433(command)
8688
msgid "sudo ufw allow proto tcp from 192.168.0.2 to any port 22"
8689
msgstr ""
8690
8691
#: serverguide/C/security.xml:435(para)
8692
msgid ""
8693
"Replace 192.168.0.2 with 192.168.0.0/24 to allow ssh access from the entire "
8694
"subnet."
8695
msgstr ""
8696
8697
#: serverguide/C/security.xml:441(para)
8698
msgid ""
8699
"Adding the <emphasis>--dry-run</emphasis> option to a "
8700
"<emphasis>ufw</emphasis> command will output the resulting rules, but not "
8701
"apply them. For example, the following is what would be applied if opening "
8702
"the HTTP port:"
8703
msgstr ""
8704
8705
#: serverguide/C/security.xml:447(command)
8706
msgid "sudo ufw --dry-run allow http"
8707
msgstr ""
8708
8709
#: serverguide/C/security.xml:451(computeroutput)
8710
#, no-wrap
8711
msgid ""
8712
"*filter\n"
8713
":ufw-user-input - [0:0]\n"
8714
":ufw-user-output - [0:0]\n"
8715
":ufw-user-forward - [0:0]\n"
8716
":ufw-user-limit - [0:0]\n"
8717
":ufw-user-limit-accept - [0:0]\n"
8718
"### RULES ###\n"
8719
"\n"
8720
"### tuple ### allow tcp 80 0.0.0.0/0 any 0.0.0.0/0\n"
8721
"-A ufw-user-input -p tcp --dport 80 -j ACCEPT\n"
8722
"\n"
8723
"### END RULES ###\n"
8724
"-A ufw-user-input -j RETURN\n"
8725
"-A ufw-user-output -j RETURN\n"
8726
"-A ufw-user-forward -j RETURN\n"
8727
"-A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix \"[UFW "
8728
"LIMIT]: \"\n"
8729
"-A ufw-user-limit -j REJECT\n"
8730
"-A ufw-user-limit-accept -j ACCEPT\n"
8731
"COMMIT\n"
8732
"Rules updated"
8733
msgstr ""
8734
8735
#: serverguide/C/security.xml:475(para)
8736
msgid "<application>ufw</application> can be disabled by:"
8737
msgstr ""
8738
8739
#: serverguide/C/security.xml:479(command)
8740
msgid "sudo ufw disable"
8741
msgstr ""
8742
8743
#: serverguide/C/security.xml:483(para)
8744
msgid "To see the firewall status, enter:"
8745
msgstr ""
8746
8747
#: serverguide/C/security.xml:487(command)
8748
msgid "sudo ufw status"
8749
msgstr ""
8750
8751
#: serverguide/C/security.xml:491(para)
8752
msgid "And for more verbose status information use:"
8753
msgstr ""
8754
8755
#: serverguide/C/security.xml:495(command)
8756
msgid "sudo ufw status verbose"
8757
msgstr ""
8758
8759
#: serverguide/C/security.xml:499(para)
8760
msgid "To view the <emphasis>numbered</emphasis> format:"
8761
msgstr ""
8762
8763
#: serverguide/C/security.xml:503(command)
8764
msgid "sudo ufw status numbered"
8765
msgstr ""
8766
8767
#: serverguide/C/security.xml:508(para)
8768
msgid ""
8769
"If the port you want to open or close is defined in "
8770
"<filename>/etc/services</filename>, you can use the port name instead of the "
8771
"number. In the above examples, replace <emphasis>22</emphasis> with "
8772
"<emphasis>ssh</emphasis>."
8773
msgstr ""
8774
8775
#: serverguide/C/security.xml:514(para)
8776
msgid ""
8777
"This is a quick introduction to using <application>ufw</application>. Please "
8778
"refer to the <application>ufw</application> man page for more information."
8779
msgstr ""
8780
8781
#: serverguide/C/security.xml:520(title)
8782
msgid "ufw Application Integration"
8783
msgstr ""
8784
8785
#: serverguide/C/security.xml:522(para)
8786
msgid ""
8787
"Applications that open ports can include an <application>ufw</application> "
8788
"profile, which details the ports needed for the application to function "
8789
"properly. The profiles are kept in <filename "
8790
"role=\"directory\">/etc/ufw/applications.d</filename>, and can be edited if "
8791
"the default ports have been changed."
8792
msgstr ""
8793
8794
#: serverguide/C/security.xml:531(para)
8795
msgid ""
8796
"To view which applications have installed a profile, enter the following in "
8797
"a terminal:"
8798
msgstr ""
8799
8800
#: serverguide/C/security.xml:536(command)
8801
msgid "sudo ufw app list"
8802
msgstr ""
8803
8804
#: serverguide/C/security.xml:542(para)
8805
msgid ""
8806
"Similar to allowing traffic to a port, using an application profile is "
8807
"accomplished by entering:"
8808
msgstr ""
8809
8810
#: serverguide/C/security.xml:547(command)
8811
msgid "sudo ufw allow Samba"
8812
msgstr ""
8813
8814
#: serverguide/C/security.xml:553(para)
8815
msgid "An extended syntax is available as well:"
8816
msgstr ""
8817
8818
#: serverguide/C/security.xml:558(command)
8819
msgid "ufw allow from 192.168.0.0/24 to any app Samba"
8820
msgstr ""
8821
8822
#: serverguide/C/security.xml:561(para)
8823
msgid ""
8824
"Replace <emphasis>Samba</emphasis> and <emphasis>192.168.0.0/24</emphasis> "
8825
"with the application profile you are using and the IP range for your network."
8826
msgstr ""
8827
8828
#: serverguide/C/security.xml:567(para)
8829
msgid ""
8830
"There is no need to specify the <emphasis>protocol</emphasis> for the "
8831
"application, because that information is detailed in the profile. Also, note "
8832
"that the <emphasis>app</emphasis> name replaces the "
8833
"<emphasis>port</emphasis> number."
8834
msgstr ""
8835
8836
#: serverguide/C/security.xml:576(para)
8837
msgid ""
8838
"To view details about which ports, protocols, etc are defined for an "
8839
"application, enter:"
8840
msgstr ""
8841
8842
#: serverguide/C/security.xml:581(command)
8843
msgid "sudo ufw app info Samba"
8844
msgstr ""
8845
8846
#: serverguide/C/security.xml:587(para)
8847
msgid ""
8848
"Not all applications that require opening a network port come with "
8849
"<application>ufw</application> profiles, but if you have profiled an "
8850
"application and want the file to be included with the package, please file a "
8851
"bug against the package in <ulink "
8852
"url=\"https://launchpad.net/\">Launchpad</ulink>."
8853
msgstr ""
8854
8855
#: serverguide/C/security.xml:596(title)
8856
msgid "IP Masquerading"
8857
msgstr ""
8858
8859
#: serverguide/C/security.xml:597(para)
8860
msgid ""
8861
"The purpose of IP Masquerading is to allow machines with private, non-"
8862
"routable IP addresses on your network to access the Internet through the "
8863
"machine doing the masquerading. Traffic from your private network destined "
8864
"for the Internet must be manipulated for replies to be routable back to the "
8865
"machine that made the request. To do this, the kernel must modify the "
8866
"<emphasis>source</emphasis> IP address of each packet so that replies will "
8867
"be routed back to it, rather than to the private IP address that made the "
8868
"request, which is impossible over the Internet. Linux uses "
8869
"<emphasis>Connection Tracking</emphasis> (conntrack) to keep track of which "
8870
"connections belong to which machines and reroute each return packet "
8871
"accordingly. Traffic leaving your private network is thus \"masqueraded\" as "
8872
"having originated from your Ubuntu gateway machine. This process is referred "
8873
"to in Microsoft documentation as Internet Connection Sharing."
8874
msgstr ""
8875
8876
#: serverguide/C/security.xml:613(title)
8877
msgid "ufw Masquerading"
8878
msgstr ""
8879
8880
#: serverguide/C/security.xml:614(para)
8881
msgid ""
8882
"IP Masquerading can be achieved using custom <application>ufw</application> "
8883
"rules. This is possible because the current back-end for "
8884
"<application>ufw</application> is <application>iptables-"
8885
"restore</application> with the rules files located in "
8886
"<filename>/etc/ufw/*.rules</filename>. These files are a great place to add "
8887
"legacy iptables rules used without <application>ufw</application>, and rules "
8888
"that are more network gateway or bridge related."
8889
msgstr ""
8890
8891
#: serverguide/C/security.xml:620(para)
8892
msgid ""
8893
"The rules are split into two different files, rules that should be executed "
8894
"before <application>ufw</application> command line rules, and rules that are "
8895
"executed after <application>ufw</application> command line rules."
8896
msgstr ""
8897
8898
#: serverguide/C/security.xml:626(para)
8899
msgid ""
8900
"First, packet forwarding needs to be enabled in "
8901
"<application>ufw</application>. Two configuration files will need to be "
8902
"adjusted, in <filename>/etc/default/ufw</filename> change the "
8903
"<emphasis>DEFAULT_FORWARD_POLICY</emphasis> to <quote>ACCEPT</quote>:"
8904
msgstr ""
8905
8906
#: serverguide/C/security.xml:630(programlisting)
8907
#, no-wrap
8908
msgid ""
8909
"\n"
8910
"DEFAULT_FORWARD_POLICY=\"ACCEPT\"\n"
8911
msgstr ""
8912
8913
#: serverguide/C/security.xml:633(para)
8914
msgid "Then edit <filename>/etc/ufw/sysctl.conf</filename> and uncomment:"
8915
msgstr ""
8916
8917
#: serverguide/C/security.xml:636(programlisting)
8918
#, no-wrap
8919
msgid ""
8920
"\n"
8921
"net/ipv4/ip_forward=1\n"
8922
msgstr ""
8923
8924
#: serverguide/C/security.xml:639(para)
8925
msgid "Similarly, for IPv6 forwarding uncomment:"
8926
msgstr ""
8927
8928
#: serverguide/C/security.xml:642(programlisting)
8929
#, no-wrap
8930
msgid ""
8931
"\n"
8932
"net/ipv6/conf/default/forwarding=1\n"
8933
msgstr ""
8934
8935
#: serverguide/C/security.xml:647(para)
8936
msgid ""
8937
"Now we will add rules to the <filename>/etc/ufw/before.rules</filename> "
8938
"file. The default rules only configure the <emphasis>filter</emphasis> "
8939
"table, and to enable masquerading the <emphasis>nat</emphasis> table will "
8940
"need to be configured. Add the following to the top of the file just after "
8941
"the header comments:"
8942
msgstr ""
8943
8944
#: serverguide/C/security.xml:652(programlisting)
8945
#, no-wrap
8946
msgid ""
8947
"\n"
8948
"# nat Table rules\n"
8949
"*nat\n"
8950
":POSTROUTING ACCEPT [0:0]\n"
8951
"\n"
8952
"# Forward traffic from eth1 through eth0.\n"
8953
"-A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE\n"
8954
"\n"
8955
"# don't delete the 'COMMIT' line or these nat table rules won't be "
8956
"processed\n"
8957
"COMMIT\n"
8958
msgstr ""
8959
8960
#: serverguide/C/security.xml:663(para)
8961
msgid ""
8962
"The comments are not strictly necessary, but it is considered good practice "
8963
"to document your configuration. Also, when modifying any of the "
8964
"<emphasis>rules</emphasis> files in <filename "
8965
"class=\"directory\">/etc/ufw</filename>, make sure these lines are the last "
8966
"line for each table modified:"
8967
msgstr ""
8968
8969
#: serverguide/C/security.xml:669(programlisting)
8970
#, no-wrap
8971
msgid ""
8972
"\n"
8973
"# don't delete the 'COMMIT' line or these rules won't be processed\n"
8974
"COMMIT\n"
8975
msgstr ""
8976
8977
#: serverguide/C/security.xml:674(para)
8978
msgid ""
8979
"For each <emphasis>Table</emphasis> a corresponding "
8980
"<emphasis>COMMIT</emphasis> statement is required. In these examples only "
8981
"the <emphasis>nat</emphasis> and <emphasis>filter</emphasis> tables are "
8982
"shown, but you can also add rules for the <emphasis>raw</emphasis> and "
8983
"<emphasis>mangle</emphasis> tables."
8984
msgstr ""
8985
8986
#: serverguide/C/security.xml:681(para)
8987
msgid ""
8988
"In the above example replace <emphasis>eth0</emphasis>, "
8989
"<emphasis>eth1</emphasis>, and <emphasis>192.168.0.0/24</emphasis> with the "
8990
"appropriate interfaces and IP range for your network."
8991
msgstr ""
8992
8993
#: serverguide/C/security.xml:689(para)
8994
msgid ""
8995
"Finally, disable and re-enable <application>ufw</application> to apply the "
8996
"changes:"
8997
msgstr ""
8998
8999
#: serverguide/C/security.xml:693(command)
9000
msgid "sudo ufw disable && sudo ufw enable"
9001
msgstr ""
9002
9003
#: serverguide/C/security.xml:697(para)
9004
msgid ""
9005
"IP Masquerading should now be enabled. You can also add any additional "
9006
"FORWARD rules to the <filename>/etc/ufw/before.rules</filename>. It is "
9007
"recommended that these additional rules be added to the <emphasis>ufw-before-"
9008
"forward</emphasis> chain."
9009
msgstr ""
9010
9011
#: serverguide/C/security.xml:704(title)
9012
msgid "iptables Masquerading"
9013
msgstr ""
9014
9015
#: serverguide/C/security.xml:705(para)
9016
msgid ""
9017
"<application>iptables</application> can also be used to enable masquerading."
9018
msgstr ""
9019
9020
#: serverguide/C/security.xml:710(para)
9021
msgid ""
9022
"Similar to <application>ufw</application>, the first step is to enable IPv4 "
9023
"packet forwarding by editing <filename>/etc/sysctl.conf</filename> and "
9024
"uncomment the following line"
9025
msgstr ""
9026
9027
#: serverguide/C/security.xml:714(programlisting)
9028
#, no-wrap
9029
msgid ""
9030
"\n"
9031
"net.ipv4.ip_forward=1\n"
9032
msgstr ""
9033
9034
#: serverguide/C/security.xml:717(para)
9035
msgid "If you wish to enable IPv6 forwarding also uncomment:"
9036
msgstr ""
9037
9038
#: serverguide/C/security.xml:720(programlisting)
9039
#, no-wrap
9040
msgid ""
9041
"\n"
9042
"net.ipv6.conf.default.forwarding=1\n"
9043
msgstr ""
9044
9045
#: serverguide/C/security.xml:725(para)
9046
msgid ""
9047
"Next, execute the <application>sysctl</application> command to enable the "
9048
"new settings in the configuration file:"
9049
msgstr ""
9050
9051
#: serverguide/C/security.xml:729(command)
9052
msgid "sudo sysctl -p"
9053
msgstr ""
9054
9055
#: serverguide/C/security.xml:733(para)
9056
msgid ""
9057
"IP Masquerading can now be accomplished with a single iptables rule, which "
9058
"may differ slightly based on your network configuration:"
9059
msgstr ""
9060
9061
#: serverguide/C/security.xml:736(screen)
9062
#, no-wrap
9063
msgid ""
9064
"\n"
9065
"sudo iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
9066
msgstr ""
9067
9068
#: serverguide/C/security.xml:739(para)
9069
msgid ""
9070
"The above command assumes that your private address space is 192.168.0.0/16 "
9071
"and that your Internet-facing device is ppp0. The syntax is broken down as "
9072
"follows:"
9073
msgstr ""
9074
9075
#: serverguide/C/security.xml:744(para)
9076
msgid "-t nat -- the rule is to go into the nat table"
9077
msgstr ""
9078
9079
#: serverguide/C/security.xml:745(para)
9080
msgid ""
9081
"-A POSTROUTING -- the rule is to be appended (-A) to the POSTROUTING chain"
9082
msgstr ""
9083
9084
#: serverguide/C/security.xml:746(para)
9085
msgid ""
9086
"-s 192.168.0.0/16 -- the rule applies to traffic originating from the "
9087
"specified address space"
9088
msgstr ""
9089
9090
#: serverguide/C/security.xml:747(para)
9091
msgid ""
9092
"-o ppp0 -- the rule applies to traffic scheduled to be routed through the "
9093
"specified network device"
9094
msgstr ""
9095
9096
#: serverguide/C/security.xml:749(para)
9097
msgid ""
9098
"-j MASQUERADE -- traffic matching this rule is to \"jump\" (-j) to the "
9099
"MASQUERADE target to be manipulated as described above"
9100
msgstr ""
9101
9102
#: serverguide/C/security.xml:757(para)
9103
msgid ""
9104
"Also, each chain in the filter table (the default table, and where most or "
9105
"all packet filtering occurs) has a default <emphasis>policy</emphasis> of "
9106
"ACCEPT, but if you are creating a firewall in addition to a gateway device, "
9107
"you may have set the policies to DROP or REJECT, in which case your "
9108
"masqueraded traffic needs to be allowed through the FORWARD chain for the "
9109
"above rule to work:"
9110
msgstr ""
9111
9112
#: serverguide/C/security.xml:764(screen)
9113
#, no-wrap
9114
msgid ""
9115
"\n"
9116
"sudo iptables -A FORWARD -s 192.168.0.0/16 -o ppp0 -j ACCEPT\n"
9117
"sudo iptables -A FORWARD -d 192.168.0.0/16 -m state --state "
9118
"ESTABLISHED,RELATED -i ppp0 -j ACCEPT\n"
9119
msgstr ""
9120
9121
#: serverguide/C/security.xml:768(para)
9122
msgid ""
9123
"The above commands will allow all connections from your local network to the "
9124
"Internet and all traffic related to those connections to return to the "
9125
"machine that initiated them."
9126
msgstr ""
9127
9128
#: serverguide/C/security.xml:775(para)
9129
msgid ""
9130
"If you want masquerading to be enabled on reboot, which you probably do, "
9131
"edit <filename>/etc/rc.local</filename> and add any commands used above. For "
9132
"example add the first command with no filtering:"
9133
msgstr ""
9134
9135
#: serverguide/C/security.xml:779(screen)
9136
#, no-wrap
9137
msgid ""
9138
"\n"
9139
"iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
9140
msgstr ""
9141
9142
#: serverguide/C/security.xml:787(title)
9143
msgid "Logs"
9144
msgstr ""
9145
9146
#: serverguide/C/security.xml:788(para)
9147
msgid ""
9148
"Firewall logs are essential for recognizing attacks, troubleshooting your "
9149
"firewall rules, and noticing unusual activity on your network. You must "
9150
"include logging rules in your firewall for them to be generated, though, and "
9151
"logging rules must come before any applicable terminating rule (a rule with "
9152
"a target that decides the fate of the packet, such as ACCEPT, DROP, or "
9153
"REJECT)."
9154
msgstr ""
9155
9156
#: serverguide/C/security.xml:795(para)
9157
msgid ""
9158
"If you are using <application>ufw</application>, you can turn on logging by "
9159
"entering the following in a terminal:"
9160
msgstr ""
9161
9162
#: serverguide/C/security.xml:799(command)
9163
msgid "sudo ufw logging on"
9164
msgstr ""
9165
9166
#: serverguide/C/security.xml:801(para)
9167
msgid ""
9168
"To turn logging off in <application>ufw</application>, simply replace "
9169
"<emphasis role=\"italic\">on</emphasis> with <emphasis "
9170
"role=\"italic\">off</emphasis> in the above command."
9171
msgstr ""
9172
9173
#: serverguide/C/security.xml:804(para)
9174
msgid ""
9175
"If using <application>iptables</application> instead of "
9176
"<application>ufw</application>, enter:"
9177
msgstr ""
9178
9179
#: serverguide/C/security.xml:807(screen)
9180
#, no-wrap
9181
msgid ""
9182
"\n"
9183
"sudo iptables -A INPUT -m state --state NEW -p tcp --dport 80 -j LOG --log-"
9184
"prefix \"NEW_HTTP_CONN: \"\n"
9185
msgstr ""
9186
9187
#: serverguide/C/security.xml:810(para)
9188
msgid ""
9189
"A request on port 80 from the local machine, then, would generate a log in "
9190
"dmesg that looks like this:"
9191
msgstr ""
9192
9193
#: serverguide/C/security.xml:815(programlisting)
9194
#, no-wrap
9195
msgid ""
9196
"[4304885.870000] NEW_HTTP_CONN: IN=lo OUT= "
9197
"MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 "
9198
"LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=58288 DF PROTO=TCP SPT=53981 DPT=80 "
9199
"WINDOW=32767 RES=0x00 SYN URGP=0"
9200
msgstr ""
9201
9202
#: serverguide/C/security.xml:817(para)
9203
msgid ""
9204
"The above log will also appear in <filename>/var/log/messages</filename>, "
9205
"<filename>/var/log/syslog</filename>, and "
9206
"<filename>/var/log/kern.log</filename>. This behavior can be modified by "
9207
"editing <filename>/etc/syslog.conf</filename> appropriately or by installing "
9208
"and configuring <application>ulogd</application> and using the ULOG target "
9209
"instead of LOG. The <application>ulogd</application> daemon is a userspace "
9210
"server that listens for logging instructions from the kernel specifically "
9211
"for firewalls, and can log to any file you like, or even to a "
9212
"<application>PostgreSQL</application> or <application>MySQL</application> "
9213
"database. Making sense of your firewall logs can be simplified by using a "
9214
"log analyzing tool such as <application>fwanalog</application>, "
9215
"<application> fwlogwatch</application>, or <application>lire</application>."
9216
msgstr ""
9217
9218
#: serverguide/C/security.xml:832(title)
9219
msgid "Other Tools"
9220
msgstr ""
9221
9222
#: serverguide/C/security.xml:833(para)
9223
msgid ""
9224
"There are many tools available to help you construct a complete firewall "
9225
"without intimate knowledge of iptables. For the GUI-inclined:"
9226
msgstr ""
9227
9228
#: serverguide/C/security.xml:839(para)
9229
msgid ""
9230
"<ulink url=\"http://www.fs-security.com/\">Firestarter</ulink> is quite "
9231
"popular and easy to use."
9232
msgstr ""
9233
9234
#: serverguide/C/security.xml:844(para)
9235
msgid ""
9236
"<ulink url=\"http://www.fwbuilder.org/\">fwbuilder</ulink> is very powerful "
9237
"and will look familiar to an administrator who has used a commercial "
9238
"firewall utility such as <application>Checkpoint FireWall-1</application>."
9239
msgstr ""
9240
9241
#: serverguide/C/security.xml:850(para)
9242
msgid ""
9243
"If you prefer a command-line tool with plain-text configuration files:"
9244
msgstr ""
9245
9246
#: serverguide/C/security.xml:855(para)
9247
msgid ""
9248
"<ulink url=\"http://www.shorewall.net/\">Shorewall</ulink> is a very "
9249
"powerful solution to help you configure an advanced firewall for any network."
9250
msgstr ""
9251
9252
#: serverguide/C/security.xml:861(para)
9253
msgid ""
9254
"<ulink url=\"http://www.linuxkungfu.org/\">ipkungfu</ulink> should give you "
9255
"a working firewall \"out of the box\" with zero configuration, and will "
9256
"allow you to easily set up a more advanced firewall by editing simple, well-"
9257
"documented configuration files."
9258
msgstr ""
9259
9260
#: serverguide/C/security.xml:868(para)
9261
msgid ""
9262
"<ulink url=\"http://fireflier.sourceforge.net/\">fireflier</ulink> is "
9263
"designed to be a desktop firewall application. It is made up of a server "
9264
"(fireflier-server) and your choice of GUI clients (GTK or QT), and behaves "
9265
"like many popular interactive firewall applications for Windows."
9266
msgstr ""
9267
9268
#: serverguide/C/security.xml:880(para)
9269
msgid ""
9270
"The <ulink url=\"https://wiki.ubuntu.com/UbuntuFirewall\">Ubuntu "
9271
"Firewall</ulink> wiki page contains information on the development of "
9272
"<application>ufw</application>."
9273
msgstr ""
9274
9275
#: serverguide/C/security.xml:886(para)
9276
msgid ""
9277
"Also, the <application>ufw</application> manual page contains some very "
9278
"useful information: <command>man ufw</command>."
9279
msgstr ""
9280
9281
#: serverguide/C/security.xml:891(para)
9282
msgid ""
9283
"See the <ulink url=\"http://www.netfilter.org/documentation/HOWTO/packet-"
9284
"filtering-HOWTO.html\">packet-filtering-HOWTO</ulink> for more information "
9285
"on using <application>iptables</application>."
9286
msgstr ""
9287
9288
#: serverguide/C/security.xml:897(para)
9289
msgid ""
9290
"The <ulink url=\"http://www.netfilter.org/documentation/HOWTO/NAT-"
9291
"HOWTO.html\">nat-HOWTO</ulink> contains further details on masquerading."
9292
msgstr ""
9293
9294
#: serverguide/C/security.xml:903(para)
9295
msgid ""
9296
"The <ulink url=\"https://help.ubuntu.com/community/IptablesHowTo\">IPTables "
9297
"HowTo</ulink> in the Ubuntu wiki is a great resource."
9298
msgstr ""
9299
9300
#: serverguide/C/security.xml:911(title)
9301
msgid "AppArmor"
9302
msgstr ""
9303
9304
#: serverguide/C/security.xml:912(para)
9305
msgid ""
9306
"<application>AppArmor</application> is a Linux Security Module "
9307
"implementation of name-based mandatory access controls. AppArmor confines "
9308
"individual programs to a set of listed files and posix 1003.1e draft "
9309
"capabilities."
9310
msgstr ""
9311
9312
#: serverguide/C/security.xml:916(para)
9313
msgid ""
9314
"<application>AppArmor</application> is installed and loaded by default. It "
9315
"uses <emphasis>profiles</emphasis> of an application to determine what files "
9316
"and permissions the application requires. Some packages will install their "
9317
"own profiles, and additional profiles can be found in the "
9318
"<application>apparmor-profiles</application> package."
9319
msgstr ""
9320
9321
#: serverguide/C/security.xml:921(para)
9322
msgid ""
9323
"To install the <application>apparmor-profiles</application> package from a "
9324
"terminal prompt:"
9325
msgstr ""
9326
9327
#: serverguide/C/security.xml:927(para)
9328
msgid "AppArmor profiles have two modes of execution:"
9329
msgstr ""
9330
9331
#: serverguide/C/security.xml:932(para)
9332
msgid ""
9333
"Complaining/Learning: profile violations are permitted and logged. Useful "
9334
"for testing and developing new profiles."
9335
msgstr ""
9336
9337
#: serverguide/C/security.xml:937(para)
9338
msgid ""
9339
"Enforced/Confined: enforces profile policy as well as logging the violation."
9340
msgstr ""
9341
9342
#: serverguide/C/security.xml:943(title)
9343
msgid "Using AppArmor"
9344
msgstr ""
9345
9346
#: serverguide/C/security.xml:944(para)
9347
msgid ""
9348
"The <application>apparmor-utils</application> package contains command line "
9349
"utilities that you can use to change the <application>AppArmor</application> "
9350
"execution mode, find the status of a profile, create new profiles, etc."
9351
msgstr ""
9352
9353
#: serverguide/C/security.xml:950(para)
9354
msgid ""
9355
"<application>apparmor_status</application> is used to view the current "
9356
"status of AppArmor profiles."
9357
msgstr ""
9358
9359
#: serverguide/C/security.xml:954(command)
9360
msgid "sudo apparmor_status"
9361
msgstr ""
9362
9363
#: serverguide/C/security.xml:958(para)
9364
msgid ""
9365
"<application>aa-complain</application> places a profile into "
9366
"<emphasis>complain</emphasis> mode."
9367
msgstr ""
9368
9369
#: serverguide/C/security.xml:962(command)
9370
msgid "sudo aa-complain /path/to/bin"
9371
msgstr ""
9372
9373
#: serverguide/C/security.xml:966(para)
9374
msgid ""
9375
"<application>aa-enforce</application> places a profile into "
9376
"<emphasis>enforce</emphasis> mode."
9377
msgstr ""
9378
9379
#: serverguide/C/security.xml:970(command)
9380
msgid "sudo aa-enforce /path/to/bin"
9381
msgstr ""
9382
9383
#: serverguide/C/security.xml:974(para)
9384
msgid ""
9385
"The <filename>/etc/apparmor.d</filename> directory is where the AppArmor "
9386
"profiles are located. It can be used to manipulate the "
9387
"<emphasis>mode</emphasis> of all profiles."
9388
msgstr ""
9389
9390
#: serverguide/C/security.xml:978(para)
9391
msgid "Enter the following to place all profiles into complain mode:"
9392
msgstr ""
9393
9394
#: serverguide/C/security.xml:982(command)
9395
msgid "sudo aa-complain /etc/apparmor.d/*"
9396
msgstr ""
9397
9398
#: serverguide/C/security.xml:984(para)
9399
msgid "To place all profiles in enforce mode:"
9400
msgstr ""
9401
9402
#: serverguide/C/security.xml:988(command)
9403
msgid "sudo aa-enforce /etc/apparmor.d/*"
9404
msgstr ""
9405
9406
#: serverguide/C/security.xml:992(para)
9407
msgid ""
9408
"<application>apparmor_parser</application> is used to load a profile into "
9409
"the kernel. It can also be used to reload a currently loaded profile using "
9410
"the <emphasis>-r</emphasis> option. To load a profile:"
9411
msgstr ""
9412
9413
#: serverguide/C/security.xml:997(command) serverguide/C/security.xml:1029(command)
9414
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -a"
9415
msgstr ""
9416
9417
#: serverguide/C/security.xml:999(para)
9418
msgid "To reload a profile:"
9419
msgstr ""
9420
9421
#: serverguide/C/security.xml:1003(command)
9422
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -r"
9423
msgstr ""
9424
9425
#: serverguide/C/security.xml:1007(para)
9426
msgid ""
9427
"<filename>/etc/init.d/apparmor</filename> can be used to "
9428
"<emphasis>reload</emphasis> all profiles:"
9429
msgstr ""
9430
9431
#: serverguide/C/security.xml:1011(command) serverguide/C/network-auth.xml:632(command)
9432
msgid "sudo /etc/init.d/apparmor reload"
9433
msgstr ""
9434
9435
#: serverguide/C/security.xml:1015(para)
9436
msgid ""
9437
"The <filename>/etc/apparmor.d/disable</filename> directory can be used along "
9438
"with the <application>apparmor_parser -R</application> option to "
9439
"<emphasis>disable</emphasis> a profile."
9440
msgstr ""
9441
9442
#: serverguide/C/security.xml:1020(command)
9443
msgid "sudo ln -s /etc/apparmor.d/profile.name /etc/apparmor.d/disable/"
9444
msgstr ""
9445
9446
#: serverguide/C/security.xml:1021(command)
9447
msgid "sudo apparmor_parser -R /etc/apparmor.d/profile.name"
9448
msgstr ""
9449
9450
#: serverguide/C/security.xml:1023(para)
9451
msgid ""
9452
"To <emphasis>re-enable</emphasis> a disabled profile remove the symbolic "
9453
"link to the profile in <filename>/etc/apparmor.d/disable/</filename>. Then "
9454
"load the profile using the <emphasis>-a</emphasis> option."
9455
msgstr ""
9456
9457
#: serverguide/C/security.xml:1028(command)
9458
msgid "sudo rm /etc/apparmor.d/disable/profile.name"
9459
msgstr ""
9460
9461
#: serverguide/C/security.xml:1033(para)
9462
msgid ""
9463
"<application>AppArmor</application> can be disabled, and the kernel module "
9464
"unloaded by entering the following:"
9465
msgstr ""
9466
9467
#: serverguide/C/security.xml:1037(command)
9468
msgid "sudo /etc/init.d/apparmor stop"
9469
msgstr ""
9470
9471
#: serverguide/C/security.xml:1038(command)
9472
msgid "sudo update-rc.d -f apparmor remove"
9473
msgstr ""
9474
9475
#: serverguide/C/security.xml:1042(para)
9476
msgid "To re-enable <application>AppArmor</application> enter:"
9477
msgstr ""
9478
9479
#: serverguide/C/security.xml:1046(command)
9480
msgid "sudo /etc/init.d/apparmor start"
9481
msgstr ""
9482
9483
#: serverguide/C/security.xml:1047(command)
9484
msgid "sudo update-rc.d apparmor defaults"
9485
msgstr ""
9486
9487
#: serverguide/C/security.xml:1052(para)
9488
msgid ""
9489
"Replace <emphasis>profile.name</emphasis> with the name of the profile you "
9490
"want to manipulate. Also, replace <filename>/path/to/bin/</filename> with "
9491
"the actual executable file path. For example for the "
9492
"<application>ping</application> command use <filename>/bin/ping</filename>"
9493
msgstr ""
9494
9495
#: serverguide/C/security.xml:1060(title)
9496
msgid "Profiles"
9497
msgstr ""
9498
9499
#: serverguide/C/security.xml:1061(para)
9500
msgid ""
9501
"<application>AppArmor</application> profiles are simple text files located "
9502
"in <filename>/etc/apparmor.d/</filename>. The files are named after the full "
9503
"path to the executable they profile replacing the \"/\" with \".\". For "
9504
"example <filename>/etc/apparmor.d/bin.ping</filename> is the AppArmor "
9505
"profile for the <filename>/bin/ping</filename> command."
9506
msgstr ""
9507
9508
#: serverguide/C/security.xml:1067(para)
9509
msgid "There are two main type of rules used in profiles:"
9510
msgstr ""
9511
9512
#: serverguide/C/security.xml:1072(para)
9513
msgid ""
9514
"<emphasis>Path entries:</emphasis> which detail which files an application "
9515
"can access in the file system."
9516
msgstr ""
9517
9518
#: serverguide/C/security.xml:1077(para)
9519
msgid ""
9520
"<emphasis>Capability entries:</emphasis> determine what privileges a "
9521
"confined process is allowed to use."
9522
msgstr ""
9523
9524
#: serverguide/C/security.xml:1082(para)
9525
msgid ""
9526
"As an example take a look at <filename>/etc/apparmor.d/bin.ping</filename>:"
9527
msgstr ""
9528
9529
#: serverguide/C/security.xml:1085(programlisting)
9530
#, no-wrap
9531
msgid ""
9532
"\n"
9533
"#include <tunables/global>\n"
9534
"/bin/ping flags=(complain) {\n"
9535
" #include <abstractions/base>\n"
9536
" #include <abstractions/consoles>\n"
9537
" #include <abstractions/nameservice>\n"
9538
"\n"
9539
" capability net_raw,\n"
9540
" capability setuid,\n"
9541
" network inet raw,\n"
9542
" \n"
9543
" /bin/ping mixr,\n"
9544
" /etc/modules.conf r,\n"
9545
"}\n"
9546
msgstr ""
9547
9548
#: serverguide/C/security.xml:1102(para)
9549
msgid ""
9550
"<emphasis>#include <tunables/global>:</emphasis> include statements "
9551
"from other files. This allows statements pertaining to multiple applications "
9552
"to be placed in a common file."
9553
msgstr ""
9554
9555
#: serverguide/C/security.xml:1108(para)
9556
msgid ""
9557
"<emphasis>/bin/ping flags=(complain):</emphasis> path to the profiled "
9558
"program, also setting the mode to <emphasis>complain</emphasis>."
9559
msgstr ""
9560
9561
#: serverguide/C/security.xml:1114(para)
9562
msgid ""
9563
"<emphasis>capability net_raw,:</emphasis> allows the application access to "
9564
"the CAP_NET_RAW Posix.1e capability."
9565
msgstr ""
9566
9567
#: serverguide/C/security.xml:1119(para)
9568
msgid ""
9569
"<emphasis>/bin/ping mixr,:</emphasis> allows the application read and "
9570
"execute access to the file."
9571
msgstr ""
9572
9573
#: serverguide/C/security.xml:1125(para)
9574
msgid ""
9575
"After editing a profile file the profile must be reloaded. See <xref "
9576
"linkend=\"apparmor-usage\"/> for details."
9577
msgstr ""
9578
9579
#: serverguide/C/security.xml:1130(title)
9580
msgid "Creating a Profile"
9581
msgstr ""
9582
9583
#: serverguide/C/security.xml:1133(para)
9584
msgid ""
9585
"<emphasis>Design a test plan:</emphasis> Try to think about how the "
9586
"application should be exercised. The test plan should be divided into small "
9587
"test cases. Each test case should have a small description and list the "
9588
"steps to follow."
9589
msgstr ""
9590
9591
#: serverguide/C/security.xml:1137(para)
9592
msgid "Some standard test cases are:"
9593
msgstr ""
9594
9595
#: serverguide/C/security.xml:1142(para)
9596
msgid "Starting the program."
9597
msgstr ""
9598
9599
#: serverguide/C/security.xml:1147(para)
9600
msgid "Stopping the program."
9601
msgstr ""
9602
9603
#: serverguide/C/security.xml:1152(para)
9604
msgid "Reloading the program."
9605
msgstr ""
9606
9607
#: serverguide/C/security.xml:1157(para)
9608
msgid "Testing all the commands supported by the init script."
9609
msgstr ""
9610
9611
#: serverguide/C/security.xml:1164(para)
9612
msgid ""
9613
"<emphasis>Generate the new profile:</emphasis> Use <application>aa-"
9614
"genprof</application> to generate a new profile. From a terminal:"
9615
msgstr ""
9616
9617
#: serverguide/C/security.xml:1169(command)
9618
msgid "sudo aa-genprof executable"
9619
msgstr ""
9620
9621
#: serverguide/C/security.xml:1171(para)
9622
msgid "For example:"
9623
msgstr ""
9624
9625
#: serverguide/C/security.xml:1175(command)
9626
msgid "sudo aa-genprof slapd"
9627
msgstr ""
9628
9629
#: serverguide/C/security.xml:1179(para)
9630
msgid ""
9631
"To get your new profile included in the <application>apparmor-"
9632
"profiles</application> package, file a bug in <emphasis>Launchpad</emphasis> "
9633
"against the <ulink "
9634
"url=\"https://bugs.launchpad.net/ubuntu/+source/apparmor/+filebug\">AppArmor<"
9635
"/ulink> package:"
9636
msgstr ""
9637
9638
#: serverguide/C/security.xml:1186(para)
9639
msgid "Include your test plan and test cases."
9640
msgstr ""
9641
9642
#: serverguide/C/security.xml:1191(para)
9643
msgid "Attach your new profile to the bug."
9644
msgstr ""
9645
9646
#: serverguide/C/security.xml:1200(title)
9647
msgid "Updating Profiles"
9648
msgstr ""
9649
9650
#: serverguide/C/security.xml:1201(para)
9651
msgid ""
9652
"When the program is misbehaving, audit messages are sent to the log files. "
9653
"The program <application>aa-logprof</application> can be used to scan log "
9654
"files for <application>AppArmor</application> audit messages, review them "
9655
"and update the profiles. From a terminal:"
9656
msgstr ""
9657
9658
#: serverguide/C/security.xml:1206(command)
9659
msgid "sudo aa-logprof"
9660
msgstr ""
9661
9662
#: serverguide/C/security.xml:1214(para)
9663
msgid ""
9664
"See the <ulink "
9665
"url=\"http://www.novell.com/documentation/apparmor/apparmor201_sp10_admin/ind"
9666
"ex.html?page=/documentation/apparmor/apparmor201_sp10_admin/data/book_apparmo"
9667
"r_admin.html\">AppArmor Administration Guide</ulink> for advanced "
9668
"configuration options."
9669
msgstr ""
9670
9671
#: serverguide/C/security.xml:1221(para)
9672
msgid ""
9673
"For details using AppArmor with other Ubuntu releases see the <ulink "
9674
"url=\"https://help.ubuntu.com/community/AppArmor\"> AppArmor Community "
9675
"Wiki</ulink> page."
9676
msgstr ""
9677
9678
#: serverguide/C/security.xml:1229(para)
9679
msgid ""
9680
"The <ulink url=\"http://en.opensuse.org/AppArmor\">OpenSUSE AppArmor</ulink> "
9681
"page is another introduction to AppArmor."
9682
msgstr ""
9683
9684
#: serverguide/C/security.xml:1236(para)
9685
msgid ""
9686
"A great place to ask for <application>AppArmor</application> assistance, and "
9687
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
9688
"server</emphasis> IRC channel on <ulink "
9689
"url=\"http://freenode.net\">freenode</ulink>."
9690
msgstr ""
9691
9692
#: serverguide/C/security.xml:1246(title)
9693
msgid "Certificates"
9694
msgstr ""
9695
9696
#: serverguide/C/security.xml:1247(para)
9697
msgid ""
9698
"One of the most common forms of cryptography today is <emphasis>public-"
9699
"key</emphasis> cryptography. Public-key cryptography utilizes a "
9700
"<emphasis>public key</emphasis> and a <emphasis>private key</emphasis>. The "
9701
"system works by <emphasis>encrypting</emphasis> information using the public "
9702
"key. The information can then only be <emphasis>decrypted</emphasis> using "
9703
"the private key."
9704
msgstr ""
9705
9706
#: serverguide/C/security.xml:1253(para)
9707
msgid ""
9708
"A common use for public-key cryptography is encrypting application traffic "
9709
"using a Secure Socket Layer (SSL) or Transport Layer Security (TLS) "
9710
"connection. For example, configuring Apache to provide "
9711
"<emphasis>HTTPS</emphasis>, the HTTP protocol over SSL. This allows a way to "
9712
"encrypt traffic using a protocol that does not itself provide encryption."
9713
msgstr ""
9714
9715
#: serverguide/C/security.xml:1258(para)
9716
msgid ""
9717
"A <emphasis>Certificate</emphasis> is a method used to distribute a "
9718
"<emphasis>public key</emphasis> and other information about a server and the "
9719
"organization who is responsible for it. Certificates can be digitally signed "
9720
"by a <emphasis>Certification Authority</emphasis> or CA. A CA is a trusted "
9721
"third party that has confirmed that the information contained in the "
9722
"certificate is accurate."
9723
msgstr ""
9724
9725
#: serverguide/C/security.xml:1265(title)
9726
msgid "Types of Certificates"
9727
msgstr ""
9728
9729
#: serverguide/C/security.xml:1266(para)
9730
msgid ""
9731
"To set up a secure server using public-key cryptography, in most cases, you "
9732
"send your certificate request (including your public key), proof of your "
9733
"company's identity, and payment to a CA. The CA verifies the certificate "
9734
"request and your identity, and then sends back a certificate for your secure "
9735
"server. Alternatively, you can create your own <emphasis>self-"
9736
"signed</emphasis> certificate."
9737
msgstr ""
9738
9739
#: serverguide/C/security.xml:1276(para)
9740
msgid ""
9741
"Note, that self-signed certificates should not be used in most production "
9742
"environments."
9743
msgstr ""
9744
9745
#: serverguide/C/security.xml:1280(para)
9746
msgid ""
9747
"Continuing the HTTPS example, a CA-signed certificate provides two important "
9748
"capabilities that a self-signed certificate does not:"
9749
msgstr ""
9750
9751
#: serverguide/C/security.xml:1287(para)
9752
msgid ""
9753
"Browsers (usually) automatically recognize the certificate and allow a "
9754
"secure connection to be made without prompting the user."
9755
msgstr ""
9756
9757
#: serverguide/C/security.xml:1294(para)
9758
msgid ""
9759
"When a CA issues a signed certificate, it is guaranteeing the identity of "
9760
"the organization that is providing the web pages to the browser."
9761
msgstr ""
9762
9763
#: serverguide/C/security.xml:1302(para)
9764
msgid ""
9765
"Most Web browsers, and computers, that support SSL have a list of CAs whose "
9766
"certificates they automatically accept. If a browser encounters a "
9767
"certificate whose authorizing CA is not in the list, the browser asks the "
9768
"user to either accept or decline the connection. Also, other applications "
9769
"may generate an error message when using a self-singed certificate."
9770
msgstr ""
9771
9772
#: serverguide/C/security.xml:1310(para)
9773
msgid ""
9774
"The process of getting a certificate from a CA is fairly easy. A quick "
9775
"overview is as follows:"
9776
msgstr ""
9777
9778
#: serverguide/C/security.xml:1317(para)
9779
msgid "Create a private and public encryption key pair."
9780
msgstr ""
9781
9782
#: serverguide/C/security.xml:1320(para)
9783
msgid ""
9784
"Create a certificate request based on the public key. The certificate "
9785
"request contains information about your server and the company hosting it."
9786
msgstr ""
9787
9788
#: serverguide/C/security.xml:1325(para)
9789
msgid ""
9790
"Send the certificate request, along with documents proving your identity, to "
9791
"a CA. We cannot tell you which certificate authority to choose. Your "
9792
"decision may be based on your past experiences, or on the experiences of "
9793
"your friends or colleagues, or purely on monetary factors."
9794
msgstr ""
9795
9796
#: serverguide/C/security.xml:1331(para)
9797
msgid ""
9798
"Once you have decided upon a CA, you need to follow the instructions they "
9799
"provide on how to obtain a certificate from them."
9800
msgstr ""
9801
9802
#: serverguide/C/security.xml:1336(para)
9803
msgid ""
9804
"When the CA is satisfied that you are indeed who you claim to be, they send "
9805
"you a digital certificate."
9806
msgstr ""
9807
9808
#: serverguide/C/security.xml:1340(para)
9809
msgid ""
9810
"Install this certificate on your secure server, and configure the "
9811
"appropriate applications to use the certificate."
9812
msgstr ""
9813
9814
#: serverguide/C/security.xml:1349(title)
9815
msgid "Generating a Certificate Signing Request (CSR)"
9816
msgstr ""
9817
9818
#: serverguide/C/security.xml:1351(para)
9819
msgid ""
9820
"Whether you are getting a certificate from a CA or generating your own self-"
9821
"signed certificate, the first step is to generate a key."
9822
msgstr ""
9823
9824
#: serverguide/C/security.xml:1356(para)
9825
msgid ""
9826
"If the certificate will be used by service daemons, such as Apache, Postfix, "
9827
"Dovecot, etc, a key without a passphrase is often appropriate. Not having a "
9828
"passphrase allows the services to start without manual intervention, usually "
9829
"the preferred way to start a daemon."
9830
msgstr ""
9831
9832
#: serverguide/C/security.xml:1362(para)
9833
msgid ""
9834
"This section will cover generating a key with a passphrase, and one without. "
9835
"The non-passphrase key will then be used to generate a certificate that can "
9836
"be used with various service daemons."
9837
msgstr ""
9838
9839
#: serverguide/C/security.xml:1368(para)
9840
msgid ""
9841
"Running your secure service without a passphrase is convenient because you "
9842
"will not need to enter the passphrase every time you start your secure "
9843
"service. But it is insecure and a compromise of the key means a compromise "
9844
"of the server as well."
9845
msgstr ""
9846
9847
#: serverguide/C/security.xml:1375(para)
9848
msgid ""
9849
"To generate the <emphasis>keys</emphasis> for the Certificate Signing "
9850
"Request (CSR) run the following command from a terminal prompt:"
9851
msgstr ""
9852
9853
#: serverguide/C/security.xml:1381(command)
9854
msgid "openssl genrsa -des3 -out server.key 1024"
9855
msgstr ""
9856
9857
#: serverguide/C/security.xml:1384(programlisting)
9858
#, no-wrap
9859
msgid ""
9860
"\n"
9861
"Generating RSA private key, 1024 bit long modulus\n"
9862
".....................++++++\n"
9863
".................++++++\n"
9864
"unable to write 'random state'\n"
9865
"e is 65537 (0x10001)\n"
9866
"Enter pass phrase for server.key:\n"
9867
msgstr ""
9868
9869
#: serverguide/C/security.xml:1393(para)
9870
msgid ""
9871
"You can now enter your passphrase. For best security, it should at least "
9872
"contain eight characters. The minimum length when specifying -des3 is four "
9873
"characters. It should include numbers and/or punctuation and not be a word "
9874
"in a dictionary. Also remember that your passphrase is case-sensitive."
9875
msgstr ""
9876
9877
#: serverguide/C/security.xml:1401(para)
9878
msgid ""
9879
"Re-type the passphrase to verify. Once you have re-typed it correctly, the "
9880
"server key is generated and stored in the <filename>server.key</filename> "
9881
"file."
9882
msgstr ""
9883
9884
#: serverguide/C/security.xml:1407(para)
9885
msgid ""
9886
"Now create the insecure key, the one without a passphrase, and shuffle the "
9887
"key names:"
9888
msgstr ""
9889
9890
#: serverguide/C/security.xml:1413(command)
9891
msgid "openssl rsa -in server.key -out server.key.insecure"
9892
msgstr ""
9893
9894
#: serverguide/C/security.xml:1414(command)
9895
msgid "mv server.key server.key.secure"
9896
msgstr ""
9897
9898
#: serverguide/C/security.xml:1415(command)
9899
msgid "mv server.key.insecure server.key"
9900
msgstr ""
9901
9902
#: serverguide/C/security.xml:1418(para)
9903
msgid ""
9904
"The insecure key is now named <filename>server.key</filename>, and you can "
9905
"use this file to generate the CSR without passphrase."
9906
msgstr ""
9907
9908
#: serverguide/C/security.xml:1423(para)
9909
msgid "To create the CSR, run the following command at a terminal prompt:"
9910
msgstr ""
9911
9912
#: serverguide/C/security.xml:1428(command)
9913
msgid "openssl req -new -key server.key -out server.csr"
9914
msgstr ""
9915
9916
#: serverguide/C/security.xml:1431(para)
9917
msgid ""
9918
"It will prompt you enter the passphrase. If you enter the correct "
9919
"passphrase, it will prompt you to enter Company Name, Site Name, Email Id, "
9920
"etc. Once you enter all these details, your CSR will be created and it will "
9921
"be stored in the <filename>server.csr</filename> file."
9922
msgstr ""
9923
9924
#: serverguide/C/security.xml:1439(para)
9925
msgid ""
9926
"You can now submit this CSR file to a CA for processing. The CA will use "
9927
"this CSR file and issue the certificate. On the other hand, you can create "
9928
"self-signed certificate using this CSR."
9929
msgstr ""
9930
9931
#: serverguide/C/security.xml:1447(title)
9932
msgid "Creating a Self-Signed Certificate"
9933
msgstr ""
9934
9935
#: serverguide/C/security.xml:1448(para)
9936
msgid ""
9937
"To create the self-signed certificate, run the following command at a "
9938
"terminal prompt:"
9939
msgstr ""
9940
9941
#: serverguide/C/security.xml:1453(command)
9942
msgid ""
9943
"openssl x509 -req -days 365 -in server.csr -signkey server.key -out "
9944
"server.crt"
9945
msgstr ""
9946
9947
#: serverguide/C/security.xml:1456(para)
9948
msgid ""
9949
"The above command will prompt you to enter the passphrase. Once you enter "
9950
"the correct passphrase, your certificate will be created and it will be "
9951
"stored in the <filename>server.crt</filename> file."
9952
msgstr ""
9953
9954
#: serverguide/C/security.xml:1461(para)
9955
msgid ""
9956
"If your secure server is to be used in a production environment, you "
9957
"probably need a CA-signed certificate. It is not recommended to use self-"
9958
"signed certificate."
9959
msgstr ""
9960
9961
#: serverguide/C/security.xml:1469(title)
9962
msgid "Installing the Certificate"
9963
msgstr ""
9964
9965
#: serverguide/C/security.xml:1471(para)
9966
msgid ""
9967
"You can install the key file <filename>server.key</filename> and certificate "
9968
"file <filename>server.crt</filename>, or the certificate file issued by your "
9969
"CA, by running following commands at a terminal prompt:"
9970
msgstr ""
9971
9972
#: serverguide/C/security.xml:1477(command)
9973
msgid "sudo cp server.crt /etc/ssl/certs"
9974
msgstr ""
9975
9976
#: serverguide/C/security.xml:1478(command)
9977
msgid "sudo cp server.key /etc/ssl/private"
9978
msgstr ""
9979
9980
#: serverguide/C/security.xml:1480(para)
9981
msgid ""
9982
"Now simply configure any applications, with the ability to use public-key "
9983
"cryptography, to use the <emphasis>certificate</emphasis> and "
9984
"<emphasis>key</emphasis> files. For example, "
9985
"<application>Apache</application> can provide HTTPS, "
9986
"<application>Dovecot</application> can provide IMAPS and POP3S, etc."
9987
msgstr ""
9988
9989
#: serverguide/C/security.xml:1487(title)
9990
msgid "Certification Authority"
9991
msgstr ""
9992
9993
#: serverguide/C/security.xml:1489(para)
9994
msgid ""
9995
"If the services on your network require more than a few self-signed "
9996
"certificates it may be worth the additional effort to setup your own "
9997
"internal <emphasis>Certification Authority (CA)</emphasis>. Using "
9998
"certificates signed by your own CA, allows the various services using the "
9999
"certificates to easily trust other services using certificates issued from "
10000
"the same CA."
10001
msgstr ""
10002
10003
#: serverguide/C/security.xml:1499(para)
10004
msgid ""
10005
"First, create the directories to hold the CA certificate and related files:"
10006
msgstr ""
10007
10008
#: serverguide/C/security.xml:1504(command)
10009
msgid "sudo mkdir /etc/ssl/CA"
10010
msgstr ""
10011
10012
#: serverguide/C/security.xml:1505(command)
10013
msgid "sudo mkdir /etc/ssl/newcerts"
10014
msgstr ""
10015
10016
#: serverguide/C/security.xml:1511(para)
10017
msgid ""
10018
"The CA needs a few additional files to operate, one to keep track of the "
10019
"last serial number used by the CA, each certificate must have a unique "
10020
"serial number, and another file to record which certificates have been "
10021
"issued:"
10022
msgstr ""
10023
10024
#: serverguide/C/security.xml:1518(command)
10025
msgid "sudo sh -c \"echo '01' > /etc/ssl/CA/serial\""
10026
msgstr ""
10027
10028
#: serverguide/C/security.xml:1519(command)
10029
msgid "sudo touch /etc/ssl/CA/index.txt"
10030
msgstr ""
10031
10032
#: serverguide/C/security.xml:1525(para)
10033
msgid ""
10034
"The third file is a CA configuration file. Though not strictly necessary, it "
10035
"is very convenient when issuing multiple certificates. Edit "
10036
"<filename>/etc/ssl/openssl.cnf</filename>, and in the <emphasis>[ CA_default "
10037
"]</emphasis> change:"
10038
msgstr ""
10039
10040
#: serverguide/C/security.xml:1531(programlisting)
10041
#, no-wrap
10042
msgid ""
10043
"\n"
10044
"dir = /etc/ssl/ # Where everything is kept\n"
10045
"database = $dir/CA/index.txt # database index file.\n"
10046
"certificate = $dir/certs/cacert.pem # The CA certificate\n"
10047
"serial = $dir/CA/serial # The current serial number\n"
10048
"private_key = $dir/private/cakey.pem# The private key\n"
10049
msgstr ""
10050
10051
#: serverguide/C/security.xml:1542(para)
10052
msgid "Next, create the self-singed root certificate:"
10053
msgstr ""
10054
10055
#: serverguide/C/security.xml:1547(command)
10056
msgid ""
10057
"openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -"
10058
"days 3650"
10059
msgstr ""
10060
10061
#: serverguide/C/security.xml:1550(para)
10062
msgid "You will then be asked to enter the details about the certificate."
10063
msgstr ""
10064
10065
#: serverguide/C/security.xml:1557(para)
10066
msgid "Now install the root certificate and key:"
10067
msgstr ""
10068
10069
#: serverguide/C/security.xml:1562(command)
10070
msgid "sudo mv cakey.pem /etc/ssl/private/"
10071
msgstr ""
10072
10073
#: serverguide/C/security.xml:1563(command)
10074
msgid "sudo mv cacert.pem /etc/ssl/certs/"
10075
msgstr ""
10076
10077
#: serverguide/C/security.xml:1569(para)
10078
msgid ""
10079
"You are now ready to start signing certificates. The first item needed is a "
10080
"Certificate Signing Request (CSR), see <xref linkend=\"generating-a-csr\"/> "
10081
"for details. Once you have a CSR, enter the following to generate a "
10082
"certificate signed by the CA:"
10083
msgstr ""
10084
10085
#: serverguide/C/security.xml:1576(command)
10086
msgid "sudo openssl ca -in server.csr -config /etc/ssl/openssl.cnf"
10087
msgstr ""
10088
10089
#: serverguide/C/security.xml:1579(para)
10090
msgid ""
10091
"After entering the password for the CA key, you will be prompted to sign the "
10092
"certificate, and again to commit the new certificate. You should then see a "
10093
"somewhat large amount of output related to the certificate creation."
10094
msgstr ""
10095
10096
#: serverguide/C/security.xml:1588(para)
10097
msgid ""
10098
"There should now be a new file, "
10099
"<filename>/etc/ssl/newcerts/01.pem</filename>, containing the same output. "
10100
"Copy and paste everything between the <emphasis>-----BEGIN CERTIFICATE-----"
10101
"</emphasis> and <emphasis>----END CERTIFICATE-----</emphasis> lines to a "
10102
"file named after the hostname of the server where the certificate will be "
10103
"installed. For example <filename>mail.example.com.crt</filename>, is a nice "
10104
"descriptive name."
10105
msgstr ""
10106
10107
#: serverguide/C/security.xml:1596(para)
10108
msgid ""
10109
"Subsequent certificates will be named <filename>02.pem</filename>, "
10110
"<filename>03.pem</filename>, etc."
10111
msgstr ""
10112
10113
#: serverguide/C/security.xml:1601(para)
10114
msgid ""
10115
"Replace <emphasis>mail.example.com.crt</emphasis> with your own descriptive "
10116
"name."
10117
msgstr ""
10118
10119
#: serverguide/C/security.xml:1609(para)
10120
msgid ""
10121
"Finally, copy the new certificate to the host that needs it, and configure "
10122
"the appropriate applications to use it. The default location to install "
10123
"certificates is <filename role=\"directory\">/etc/ssl/certs</filename>. This "
10124
"enables multiple services to use the same certificate without overly "
10125
"complicated file permissions."
10126
msgstr ""
10127
10128
#: serverguide/C/security.xml:1615(para)
10129
msgid ""
10130
"For applications that can be configured to use a CA certificate, you should "
10131
"also copy the <filename>/etc/ssl/certs/cacert.pem</filename> file to the "
10132
"<filename role=\"directory\">/etc/ssl/certs/</filename> directory on each "
10133
"server."
10134
msgstr ""
10135
10136
#: serverguide/C/security.xml:1629(para)
10137
msgid ""
10138
"For more detailed instructions on using cryptography see the <ulink "
10139
"url=\"http://tldp.org/HOWTO/SSL-Certificates-HOWTO/index.html\">SSL "
10140
"Certificates HOWTO</ulink> by tlpd.org"
10141
msgstr ""
10142
10143
#: serverguide/C/security.xml:1635(para)
10144
msgid ""
10145
"<ulink url=\"http://www.pki-page.org/\">The PKI Page</ulink> contains a list "
10146
"of Certificate Authorities."
10147
msgstr ""
10148
10149
#: serverguide/C/security.xml:1640(para)
10150
msgid ""
10151
"The Wikipedia <ulink "
10152
"url=\"http://en.wikipedia.org/wiki/Https\">HTTPS</ulink> page has more "
10153
"information regarding HTTPS."
10154
msgstr ""
10155
10156
#: serverguide/C/security.xml:1645(para)
10157
msgid ""
10158
"For more information on <emphasis>OpenSSL</emphasis> see the <ulink "
10159
"url=\"http://www.openssl.org/\">OpenSSL Home Page</ulink>."
10160
msgstr ""
10161
10162
#: serverguide/C/security.xml:1650(para)
10163
msgid ""
10164
"Also, O'Reilly's <ulink "
10165
"url=\"http://oreilly.com/catalog/9780596002701/\">Network Security with "
10166
"OpenSSL</ulink> is a good in depth reference."
10167
msgstr ""
10168
10169
#: serverguide/C/security.xml:1659(title)
10170
msgid "eCryptfs"
10171
msgstr ""
10172
10173
#: serverguide/C/security.xml:1661(para)
10174
msgid ""
10175
"<emphasis>eCryptfs</emphasis> is a POSIX-compliant enterprise-class stacked "
10176
"cryptographic filesystem for Linux. Layering on top of the filesystem layer "
10177
"<emphasis>eCryptfs</emphasis> protects files no matter the underlying "
10178
"filesystem, partition type, etc."
10179
msgstr ""
10180
10181
#: serverguide/C/security.xml:1667(para)
10182
msgid ""
10183
"During installation there is an option to encrypt the <filename "
10184
"role=\"directory\">/home</filename> partition. This will automatically "
10185
"configure everything needed to encrypt and mount the partition."
10186
msgstr ""
10187
10188
#: serverguide/C/security.xml:1672(para)
10189
msgid ""
10190
"As an example, this section will cover configuring <filename "
10191
"role=\"directory\">/srv</filename> to be encrypted using eCryptfs."
10192
msgstr ""
10193
10194
#: serverguide/C/security.xml:1677(title)
10195
msgid "Using eCryptfs"
10196
msgstr ""
10197
10198
#: serverguide/C/security.xml:1679(para)
10199
msgid "First, install the necessary packages. From a terminal prompt enter:"
10200
msgstr ""
10201
10202
#: serverguide/C/security.xml:1684(command)
10203
msgid "sudo apt-get install ecryptfs-utils"
10204
msgstr ""
10205
10206
#: serverguide/C/security.xml:1687(para)
10207
msgid "Now mount the partition to be encrypted:"
10208
msgstr ""
10209
10210
#: serverguide/C/security.xml:1692(command)
10211
msgid "sudo mount -t ecryptfs /srv /srv"
10212
msgstr ""
10213
10214
#: serverguide/C/security.xml:1695(para)
10215
msgid ""
10216
"You will then be prompted for some details on how "
10217
"<application>ecryptfs</application> should encrypt the data."
10218
msgstr ""
10219
10220
#: serverguide/C/security.xml:1699(para)
10221
msgid ""
10222
"To test that files placed in <filename>/srv</filename> are indeed encrypted "
10223
"copy the <filename>/etc/default</filename> folder to "
10224
"<filename>/srv</filename>:"
10225
msgstr ""
10226
10227
#: serverguide/C/security.xml:1705(command) serverguide/C/clustering.xml:192(command)
10228
msgid "sudo cp -r /etc/default /srv"
10229
msgstr ""
10230
10231
#: serverguide/C/security.xml:1708(para)
10232
msgid "Now unmount <filename>/srv</filename>, and try to view a file:"
10233
msgstr ""
10234
10235
#: serverguide/C/security.xml:1713(command) serverguide/C/installation.xml:1138(command) serverguide/C/clustering.xml:200(command)
10236
msgid "sudo umount /srv"
10237
msgstr ""
10238
10239
#: serverguide/C/security.xml:1714(command)
10240
msgid "cat /srv/default/cron"
10241
msgstr ""
10242
10243
#: serverguide/C/security.xml:1717(para)
10244
msgid ""
10245
"Remounting <filename>/srv</filename> using "
10246
"<application>ecryptfs</application> will make the data viewable once again."
10247
msgstr ""
10248
10249
#: serverguide/C/security.xml:1723(title)
10250
msgid "Automatically Mounting Encrypted Partitions"
10251
msgstr ""
10252
10253
#: serverguide/C/security.xml:1725(para)
10254
msgid ""
10255
"There are a couple of ways to automatically mount an "
10256
"<application>ecryptfs</application> encrypted filesystem at boot. This "
10257
"example will use a <filename>/root/.ecryptfsrc</filename> file containing "
10258
"mount options, along with a passphrase file residing on a USB key."
10259
msgstr ""
10260
10261
#: serverguide/C/security.xml:1731(para)
10262
msgid "First, create <filename>/root/.ecryptfsrc</filename> containing:"
10263
msgstr ""
10264
10265
#: serverguide/C/security.xml:1735(programlisting)
10266
#, no-wrap
10267
msgid ""
10268
"\n"
10269
"key=passphrase:passphrase_passwd_file=/mnt/usb/passwd_file.txt\n"
10270
"ecryptfs_sig=5826dd62cf81c615\n"
10271
"ecryptfs_cipher=aes\n"
10272
"ecryptfs_key_bytes=16\n"
10273
"ecryptfs_passthrough=n\n"
10274
"ecryptfs_enable_filename_crypto=n\n"
10275
msgstr ""
10276
10277
#: serverguide/C/security.xml:1745(para)
10278
msgid ""
10279
"Adjust the <emphasis>ecryptfs_sig</emphasis> to the signature in "
10280
"<filename>/root/.ecryptfs/sig-cache.txt</filename>."
10281
msgstr ""
10282
10283
#: serverguide/C/security.xml:1750(para)
10284
msgid ""
10285
"Next, create the <filename>/mnt/usb/passwd_file.txt</filename> passphrase "
10286
"file:"
10287
msgstr ""
10288
10289
#: serverguide/C/security.xml:1754(programlisting)
10290
#, no-wrap
10291
msgid ""
10292
"\n"
10293
"passphrase_passwd=[secrets]\n"
10294
msgstr ""
10295
10296
#: serverguide/C/security.xml:1758(para)
10297
msgid "Now add the necessary lines to <filename>/etc/fstab</filename>:"
10298
msgstr ""
10299
10300
#: serverguide/C/security.xml:1762(programlisting)
10301
#, no-wrap
10302
msgid ""
10303
"\n"
10304
"/dev/sdb1 /mnt/usb ext3 ro 0 0\n"
10305
"/srv /srv ecryptfs defaults 0 0\n"
10306
msgstr ""
10307
10308
#: serverguide/C/security.xml:1767(para)
10309
msgid "Make sure the USB drive is mounted before the encrypted partition."
10310
msgstr ""
10311
10312
#: serverguide/C/security.xml:1771(para)
10313
msgid ""
10314
"Finally, reboot and the <filename>/srv</filename> should be mounted using "
10315
"ecryptfs."
10316
msgstr ""
10317
10318
#: serverguide/C/security.xml:1779(para)
10319
msgid ""
10320
"The <application>ecryptfs-utils</application> package includes several other "
10321
"useful utilities:"
10322
msgstr ""
10323
10324
#: serverguide/C/security.xml:1785(para)
10325
msgid ""
10326
"<emphasis>ecryptfs-setup-private:</emphasis> creates a "
10327
"<filename>~/Private</filename> directory to contain encrypted information. "
10328
"This utility can be run by unprivileged users to keep data private from "
10329
"other users on the system."
10330
msgstr ""
10331
10332
#: serverguide/C/security.xml:1792(para)
10333
msgid ""
10334
"<emphasis>ecryptfs-mount-private and ecryptfs-umount-private:</emphasis> "
10335
"will mount and unmount respectively, a users <filename>~/Private</filename> "
10336
"directory."
10337
msgstr ""
10338
10339
#: serverguide/C/security.xml:1798(para)
10340
msgid ""
10341
"<emphasis>ecryptfs-add-passphrase:</emphasis> adds a new passphrase to the "
10342
"kernel keyring."
10343
msgstr ""
10344
10345
#: serverguide/C/security.xml:1803(para)
10346
msgid ""
10347
"<emphasis>ecryptfs-manager:</emphasis> manages "
10348
"<application>eCryptfs</application> objects such as keys."
10349
msgstr ""
10350
10351
#: serverguide/C/security.xml:1808(para)
10352
msgid ""
10353
"<emphasis>ecryptfs-stat:</emphasis> allows you to view the "
10354
"<application>ecryptfs</application> meta information for a file."
10355
msgstr ""
10356
10357
#: serverguide/C/security.xml:1821(para)
10358
msgid ""
10359
"For more information on eCryptfs see the <ulink "
10360
"url=\"https://launchpad.net/ecryptfs\">Launchpad project page</ulink>."
10361
msgstr ""
10362
10363
#: serverguide/C/security.xml:1826(para)
10364
msgid ""
10365
"There is also a <ulink "
10366
"url=\"http://www.linuxjournal.com/article/9400\">Linux Journal</ulink> "
10367
"article covering eCryptfs."
10368
msgstr ""
10369
10370
#: serverguide/C/security.xml:1831(para)
10371
msgid ""
10372
"Also, for more <application>ecryptfs</application> options see the <ulink "
10373
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man7/ecryptfs.7.html\">ecr"
10374
"yptfs man page</ulink>."
10375
msgstr ""
10376
10377
#: serverguide/C/security.xml:1837(para)
10378
msgid ""
10379
"The <ulink url=\"https://help.ubuntu.com/community/eCryptfs\">eCryptfs "
10380
"Ubuntu Wiki</ulink> page also has more details."
10381
msgstr ""
10382
10383
#: serverguide/C/reporting-bugs.xml:13(title)
10384
msgid "Appendix"
10385
msgstr ""
10386
10387
#: serverguide/C/reporting-bugs.xml:16(title)
10388
msgid "Reporting Bugs in Ubuntu Server Edition"
10389
msgstr ""
10390
10391
#: serverguide/C/reporting-bugs.xml:18(para)
10392
msgid ""
10393
"While the Ubuntu Project attempts to release software with as few bugs as "
10394
"possible, they do occur. You can help fix these bugs by reporting ones that "
10395
"you find to the project. The Ubuntu Project uses <ulink "
10396
"url=\"https://launchpad.net/\">Launchpad</ulink> to track its bug reports. "
10397
"In order to file a bug about Ubuntu Server on Launchpad, you will need to "
10398
"<ulink url=\"https://help.launchpad.net/YourAccount/NewAccount\">create an "
10399
"account</ulink>."
10400
msgstr ""
10401
10402
#: serverguide/C/reporting-bugs.xml:30(title)
10403
msgid "Reporting Bugs With ubuntu-bug"
10404
msgstr ""
10405
10406
#: serverguide/C/reporting-bugs.xml:32(para)
10407
msgid ""
10408
"The preferred way to report a bug is with the <application>ubuntu-"
10409
"bug</application> command. The ubuntu-bug tool gathers information about the "
10410
"system useful to developers in diagnosing the reported problem that will "
10411
"then be included in the bug report filed on Launchpad. Bug reports in Ubuntu "
10412
"need to be filed against a specific software package, thus the name of the "
10413
"package that the bug occurs in needs to be given to ubuntu-bug:"
10414
msgstr ""
10415
10416
#: serverguide/C/reporting-bugs.xml:43(command)
10417
msgid "ubuntu-bug PACKAGENAME"
10418
msgstr ""
10419
10420
#: serverguide/C/reporting-bugs.xml:46(para)
10421
msgid ""
10422
"For example, to file a bug against the openssh-server package, you would do:"
10423
msgstr ""
10424
10425
#: serverguide/C/reporting-bugs.xml:51(command)
10426
msgid "ubuntu-bug openssh-server"
10427
msgstr ""
10428
10429
#: serverguide/C/reporting-bugs.xml:54(para)
10430
msgid ""
10431
"You can specify either a binary package or the source package for ubuntu-"
10432
"bug. Again using openssh-server as an example, you could also generate the "
10433
"report against the source package for openssh-server, openssh:"
10434
msgstr ""
10435
10436
#: serverguide/C/reporting-bugs.xml:62(command)
10437
msgid "ubuntu-bug openssh"
10438
msgstr ""
10439
10440
#: serverguide/C/reporting-bugs.xml:66(para)
10441
msgid ""
10442
"See <xref linkend=\"package-management\"/> for more information about "
10443
"packages in Ubuntu."
10444
msgstr ""
10445
10446
#: serverguide/C/reporting-bugs.xml:72(para)
10447
msgid ""
10448
"The ubuntu-bug command will gather information about the system in question, "
10449
"possibly including information specific to the specified package, and then "
10450
"ask you what you would like to do with collected information:"
10451
msgstr ""
10452
10453
#: serverguide/C/reporting-bugs.xml:80(command)
10454
msgid "ubuntu-bug postgresql"
10455
msgstr ""
10456
10457
#: serverguide/C/reporting-bugs.xml:79(screen)
10458
#, no-wrap
10459
msgid ""
10460
"\n"
10461
"<placeholder-1/>\n"
10462
"\n"
10463
"*** Collecting problem information\n"
10464
"\n"
10465
"The collected information can be sent to the developers to improve the\n"
10466
"application. This might take a few minutes.\n"
10467
"..........\n"
10468
"\n"
10469
"*** Send problem report to the developers?\n"
10470
"\n"
10471
"After the problem report has been sent, please fill out the form in the\n"
10472
"automatically opened web browser.\n"
10473
"\n"
10474
"What would you like to do? Your options are:\n"
10475
" S: Send report (1.7 KiB)\n"
10476
" V: View report\n"
10477
" K: Keep report file for sending later or copying to somewhere else\n"
10478
" C: Cancel\n"
10479
"Please choose (S/V/K/C):\n"
10480
msgstr ""
10481
10482
#: serverguide/C/reporting-bugs.xml:101(para)
10483
msgid "The options available are:"
10484
msgstr ""
10485
10486
#: serverguide/C/reporting-bugs.xml:108(para)
10487
msgid ""
10488
"<emphasis role=\"bold\">Send Report</emphasis> Selecting Send Report submits "
10489
"the collected information to Launchpad as part of the the process of filing "
10490
"a bug report. You will be given the opportunity to describe the situation "
10491
"that led up to the occurrance of the bug."
10492
msgstr ""
10493
10494
#: serverguide/C/reporting-bugs.xml:115(screen)
10495
#, no-wrap
10496
msgid ""
10497
"\n"
10498
"*** Uploading problem information\n"
10499
"\n"
10500
"The collected information is being sent to the bug tracking system.\n"
10501
"This might take a few minutes.\n"
10502
"91%\n"
10503
"\n"
10504
"*** To continue, you must visit the following URL:\n"
10505
"\n"
10506
" https://bugs.launchpad.net/ubuntu/+source/postgresql-"
10507
"8.4/+filebug/kc6eSnTLnLxF8u0t3e56EukFeqJ?\n"
10508
"\n"
10509
"You can launch a browser now, or copy this URL into a browser on another\n"
10510
"computer.\n"
10511
"\n"
10512
"Choices:\n"
10513
" 1: Launch a browser now\n"
10514
" C: Cancel\n"
10515
"Please choose (1/C):\n"
10516
msgstr ""
10517
10518
#: serverguide/C/reporting-bugs.xml:135(para)
10519
msgid ""
10520
"If you choose to start a browser, by default the text based web browser "
10521
"<application>w3m</application> will be used to finish filing the bug report. "
10522
"Alternately, you can copy the given URL to a currently running web browser."
10523
msgstr ""
10524
10525
#: serverguide/C/reporting-bugs.xml:144(para)
10526
msgid ""
10527
"<emphasis role=\"bold\">View Report</emphasis> Selecting View Report causes "
10528
"the collected information to be displayed to the terminal for review."
10529
msgstr ""
10530
10531
#: serverguide/C/reporting-bugs.xml:150(screen)
10532
#, no-wrap
10533
msgid ""
10534
"\n"
10535
"Package: postgresql 8.4.2-2\n"
10536
"PackageArchitecture: all\n"
10537
"Tags: lucid\n"
10538
"ProblemType: Bug\n"
10539
"ProcEnviron:\n"
10540
" LANG=en_US.UTF-8\n"
10541
" SHELL=/bin/bash\n"
10542
"Uname: Linux 2.6.32-16-server x86_64\n"
10543
"Dependencies:\n"
10544
" adduser 3.112ubuntu1\n"
10545
" base-files 5.0.0ubuntu10\n"
10546
" base-passwd 3.5.22\n"
10547
" coreutils 7.4-2ubuntu2\n"
10548
"...\n"
10549
msgstr ""
10550
10551
#: serverguide/C/reporting-bugs.xml:167(para)
10552
msgid ""
10553
"After viewing the report, you will be brought back to the same menu asking "
10554
"what you would like to do with the report."
10555
msgstr ""
10556
10557
#: serverguide/C/reporting-bugs.xml:174(para)
10558
msgid ""
10559
"<emphasis role=\"bold\">Keep Report File</emphasis> Selecting Keep Report "
10560
"File causes the gathered information to be written to a file. This file can "
10561
"then be used to later file a bug report or transferred to a different Ubuntu "
10562
"system for reporting. To submit the report file, simply give it as an "
10563
"argument to the ubuntu-bug command:"
10564
msgstr ""
10565
10566
#: serverguide/C/reporting-bugs.xml:189(userinput)
10567
#, no-wrap
10568
msgid "k"
10569
msgstr ""
10570
10571
#: serverguide/C/reporting-bugs.xml:192(command)
10572
msgid "ubuntu-bug /tmp/apport.postgresql.v4MQas.apport"
10573
msgstr ""
10574
10575
#: serverguide/C/reporting-bugs.xml:183(screen)
10576
#, no-wrap
10577
msgid ""
10578
"\n"
10579
"What would you like to do? Your options are:\n"
10580
" S: Send report (1.7 KiB)\n"
10581
" V: View report\n"
10582
" K: Keep report file for sending later or copying to somewhere else\n"
10583
" C: Cancel\n"
10584
"Please choose (S/V/K/C): <placeholder-1/>\n"
10585
"Problem report file: /tmp/apport.postgresql.v4MQas.apport\n"
10586
"\n"
10587
"<placeholder-2/>\n"
10588
"\n"
10589
"*** Send problem report to the developers?\n"
10590
"...\n"
10591
msgstr ""
10592
10593
#: serverguide/C/reporting-bugs.xml:200(para)
10594
msgid ""
10595
"<emphasis role=\"bold\">Cancel</emphasis> Selecting Cancel causes the "
10596
"collected information to be discarded."
10597
msgstr ""
10598
10599
#: serverguide/C/reporting-bugs.xml:210(title)
10600
msgid "Reporting Application Crashes"
10601
msgstr ""
10602
10603
#: serverguide/C/reporting-bugs.xml:212(para)
10604
msgid ""
10605
"The software package that provides the ubuntu-bug utility, "
10606
"<application>apport</application>, can be configured to trigger when "
10607
"applications crash. This is disabled by default, as capturing a crash can be "
10608
"resource intensive depending on how much memory the application that crashed "
10609
"was using as apport captures and processes the core dump."
10610
msgstr ""
10611
10612
#: serverguide/C/reporting-bugs.xml:221(para)
10613
msgid ""
10614
"Configuring apport to capture information about crashing applications "
10615
"requires a couple of steps. First, <application>gdb</application> needs to "
10616
"be installed; it is not installed by default in Ubuntu Server Edition."
10617
msgstr ""
10618
10619
#: serverguide/C/reporting-bugs.xml:229(command)
10620
msgid "sudo apt-get install gdb"
10621
msgstr ""
10622
10623
#: serverguide/C/reporting-bugs.xml:232(para)
10624
msgid ""
10625
"See <xref linkend=\"package-management\"/> for more information about "
10626
"managing packages in Ubuntu."
10627
msgstr ""
10628
10629
#: serverguide/C/reporting-bugs.xml:237(para)
10630
msgid ""
10631
"Once you have ensured that gdb is installed, open the file "
10632
"<filename>/etc/default/apport</filename> in your text editor, and change the "
10633
"<emphasis>enabled</emphasis> setting to be <emphasis "
10634
"role=\"bold\">1</emphasis> like so:"
10635
msgstr ""
10636
10637
#: serverguide/C/reporting-bugs.xml:244(programlisting)
10638
#, no-wrap
10639
msgid ""
10640
"\n"
10641
"# set this to 0 to disable apport, or to 1 to enable it\n"
10642
"# you can temporarily override this with\n"
10643
"# sudo service apport start force_start=1\n"
10644
"enabled=<userinput>1</userinput>\n"
10645
"\n"
10646
"# set maximum core dump file size (default: 209715200 bytes == 200 MB)\n"
10647
"maxsize=209715200\n"
10648
msgstr ""
10649
10650
#: serverguide/C/reporting-bugs.xml:254(para)
10651
msgid ""
10652
"Once you have completed editing <filename>/etc/default/apport</filename>, "
10653
"start the apport service:"
10654
msgstr ""
10655
10656
#: serverguide/C/reporting-bugs.xml:261(command)
10657
msgid "sudo start apport"
10658
msgstr ""
10659
10660
#: serverguide/C/reporting-bugs.xml:264(para)
10661
msgid ""
10662
"After an application crashes, use the <application>apport-cli</application> "
10663
"command to search for the existing saved crash report information:"
10664
msgstr ""
10665
10666
#: serverguide/C/reporting-bugs.xml:271(command)
10667
msgid "apport-cli"
10668
msgstr ""
10669
10670
#: serverguide/C/reporting-bugs.xml:270(screen)
10671
#, no-wrap
10672
msgid ""
10673
"\n"
10674
"<placeholder-1/>\n"
10675
"\n"
10676
"*** dash closed unexpectedly on 2010-03-11 at 21:40:59.\n"
10677
"\n"
10678
"If you were not doing anything confidential (entering passwords or other\n"
10679
"private information), you can help to improve the application by\n"
10680
"reporting\n"
10681
"the problem.\n"
10682
"\n"
10683
"What would you like to do? Your options are:\n"
10684
" R: Report Problem...\n"
10685
" I: Cancel and ignore future crashes of this program version\n"
10686
" C: Cancel\n"
10687
"Please choose (R/I/C):\n"
10688
msgstr ""
10689
10690
#: serverguide/C/reporting-bugs.xml:287(para)
10691
msgid ""
10692
"Selecting <emphasis>Report Problem</emphasis> will walk you through similar "
10693
"steps as when using ubuntu-bug. One important difference is that a crash "
10694
"report will be marked as private when filed on Launchpad, meaning that it "
10695
"will be visible to only a limited set of bug triagers. These triagers will "
10696
"review the gathered data for private information before making the bug "
10697
"report publicly visible."
10698
msgstr ""
10699
10700
#: serverguide/C/reporting-bugs.xml:307(para)
10701
msgid ""
10702
"See the <ulink "
10703
"url=\"https://help.ubuntu.com/community/ReportingBugs\">Reporting "
10704
"Bugs</ulink> Ubuntu wiki page."
10705
msgstr ""
10706
10707
#: serverguide/C/reporting-bugs.xml:313(para)
10708
msgid ""
10709
"Also, the <ulink url=\"https://wiki.ubuntu.com/Apport\">Apport</ulink> page "
10710
"has some useful information. Though some of it pertains to using a GUI."
10711
msgstr ""
10712
10713
#: serverguide/C/remote-administration.xml:13(title)
10714
msgid "Remote Administration"
10715
msgstr ""
10716
10717
#: serverguide/C/remote-administration.xml:14(para)
10718
msgid ""
10719
"There are many ways to remotely administer a Linux server. This chapter will "
10720
"cover one of the most popular <application>SSH</application> as well as "
10721
"<application>eBox</application>, a web based administration framework."
10722
msgstr ""
10723
10724
#: serverguide/C/remote-administration.xml:23(para)
10725
msgid ""
10726
"This section of the Ubuntu Server Guide introduces a powerful collection of "
10727
"tools for the remote control of networked computers and transfer of data "
10728
"between networked computers, called <emphasis>OpenSSH</emphasis>. You will "
10729
"also learn about some of the configuration settings possible with the "
10730
"OpenSSH server application and how to change them on your Ubuntu system."
10731
msgstr ""
10732
10733
#: serverguide/C/remote-administration.xml:30(para)
10734
msgid ""
10735
"OpenSSH is a freely available version of the Secure Shell (SSH) protocol "
10736
"family of tools for remotely controlling a computer or transferring files "
10737
"between computers. Traditional tools used to accomplish these functions, "
10738
"such as <application>telnet</application> or <application>rcp</application>, "
10739
"are insecure and transmit the user's password in cleartext when used. "
10740
"OpenSSH provides a server daemon and client tools to facilitate secure, "
10741
"encrypted remote control and file transfer operations, effectively replacing "
10742
"the legacy tools."
10743
msgstr ""
10744
10745
#: serverguide/C/remote-administration.xml:39(para)
10746
msgid ""
10747
"The OpenSSH server component, <application>sshd</application>, listens "
10748
"continuously for client connections from any of the client tools. When a "
10749
"connection request occurs, <application>sshd</application> sets up the "
10750
"correct connection depending on the type of client tool connecting. For "
10751
"example, if the remote computer is connecting with the "
10752
"<application>ssh</application> client application, the OpenSSH server sets "
10753
"up a remote control session after authentication. If a remote user connects "
10754
"to an OpenSSH server with <application>scp</application>, the OpenSSH server "
10755
"daemon initiates a secure copy of files between the server and client after "
10756
"authentication. OpenSSH can use many authentication methods, including plain "
10757
"password, public key, and <application>Kerberos</application> tickets."
10758
msgstr ""
10759
10760
#: serverguide/C/remote-administration.xml:53(para)
10761
msgid ""
10762
"Installation of the OpenSSH client and server applications is simple. To "
10763
"install the OpenSSH client applications on your Ubuntu system, use this "
10764
"command at a terminal prompt:"
10765
msgstr ""
10766
10767
#: serverguide/C/remote-administration.xml:59(command)
10768
msgid "sudo apt-get install openssh-client"
10769
msgstr ""
10770
10771
#: serverguide/C/remote-administration.xml:61(para)
10772
msgid ""
10773
"To install the OpenSSH server application, and related support files, use "
10774
"this command at a terminal prompt:"
10775
msgstr ""
10776
10777
#: serverguide/C/remote-administration.xml:66(command)
10778
msgid "sudo apt-get install openssh-server"
10779
msgstr ""
10780
10781
#: serverguide/C/remote-administration.xml:68(para)
10782
msgid ""
10783
"The <application>openssh-server</application> package can also be selected "
10784
"to install during the Server Edition installation process."
10785
msgstr ""
10786
10787
#: serverguide/C/remote-administration.xml:75(para)
10788
msgid ""
10789
"You may configure the default behavior of the OpenSSH server application, "
10790
"<application>sshd</application>, by editing the file "
10791
"<filename>/etc/ssh/sshd_config</filename>. For information about the "
10792
"configuration directives used in this file, you may view the appropriate "
10793
"manual page with the following command, issued at a terminal prompt:"
10794
msgstr ""
10795
10796
#: serverguide/C/remote-administration.xml:83(command)
10797
msgid "man sshd_config"
10798
msgstr ""
10799
10800
#: serverguide/C/remote-administration.xml:85(para)
10801
msgid ""
10802
"There are many directives in the <application>sshd</application> "
10803
"configuration file controlling such things as communication settings and "
10804
"authentication modes. The following are examples of configuration directives "
10805
"that can be changed by editing the <filename>/etc/ssh/sshd_config</filename> "
10806
"file."
10807
msgstr ""
10808
10809
#: serverguide/C/remote-administration.xml:92(para)
10810
msgid ""
10811
"Prior to editing the configuration file, you should make a copy of the "
10812
"original file and protect it from writing so you will have the original "
10813
"settings as a reference and to reuse as necessary."
10814
msgstr ""
10815
10816
#: serverguide/C/remote-administration.xml:96(para)
10817
msgid ""
10818
"Copy the <filename>/etc/ssh/sshd_config</filename> file and protect it from "
10819
"writing with the following commands, issued at a terminal prompt:"
10820
msgstr ""
10821
10822
#: serverguide/C/remote-administration.xml:101(command)
10823
msgid "sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original"
10824
msgstr ""
10825
10826
#: serverguide/C/remote-administration.xml:102(command)
10827
msgid "sudo chmod a-w /etc/ssh/sshd_config.original"
10828
msgstr ""
10829
10830
#: serverguide/C/remote-administration.xml:104(para)
10831
msgid ""
10832
"The following are examples of configuration directives you may change:"
10833
msgstr ""
10834
10835
#: serverguide/C/remote-administration.xml:109(para)
10836
msgid ""
10837
"To set your OpenSSH to listen on TCP port 2222 instead of the default TCP "
10838
"port 22, change the Port directive as such:"
10839
msgstr ""
10840
10841
#: serverguide/C/remote-administration.xml:113(para)
10842
msgid "Port 2222"
10843
msgstr ""
10844
10845
#: serverguide/C/remote-administration.xml:118(para)
10846
msgid ""
10847
"To have <application>sshd</application> allow public key-based login "
10848
"credentials, simply add or modify the line:"
10849
msgstr ""
10850
10851
#: serverguide/C/remote-administration.xml:122(para)
10852
msgid "PubkeyAuthentication yes"
10853
msgstr ""
10854
10855
#: serverguide/C/remote-administration.xml:125(para)
10856
msgid ""
10857
"In the <filename>/etc/ssh/sshd_config</filename> file, or if already "
10858
"present, ensure the line is not commented out."
10859
msgstr ""
10860
10861
#: serverguide/C/remote-administration.xml:131(para)
10862
msgid ""
10863
"To make your OpenSSH server display the contents of the "
10864
"<filename>/etc/issue.net</filename> file as a pre-login banner, simply add "
10865
"or modify the line:"
10866
msgstr ""
10867
10868
#: serverguide/C/remote-administration.xml:136(para)
10869
msgid "Banner /etc/issue.net"
10870
msgstr ""
10871
10872
#: serverguide/C/remote-administration.xml:139(para)
10873
msgid "In the <filename>/etc/ssh/sshd_config</filename> file."
10874
msgstr ""
10875
10876
#: serverguide/C/remote-administration.xml:144(para)
10877
msgid ""
10878
"After making changes to the <filename>/etc/ssh/sshd_config</filename> file, "
10879
"save the file, and restart the <application>sshd</application> server "
10880
"application to effect the changes using the following command at a terminal "
10881
"prompt:"
10882
msgstr ""
10883
10884
#: serverguide/C/remote-administration.xml:153(para)
10885
msgid ""
10886
"Many other configuration directives for <application>sshd</application> are "
10887
"available for changing the server application's behavior to fit your needs. "
10888
"Be advised, however, if your only method of access to a server is "
10889
"<application>ssh</application>, and you make a mistake in configuring "
10890
"<application>sshd</application> via the "
10891
"<filename>/etc/ssh/sshd_config</filename> file, you may find you are locked "
10892
"out of the server upon restarting it, or that the "
10893
"<application>sshd</application> server refuses to start due to an incorrect "
10894
"configuration directive, so be extra careful when editing this file on a "
10895
"remote server."
10896
msgstr ""
10897
10898
#: serverguide/C/remote-administration.xml:168(title)
10899
msgid "SSH Keys"
10900
msgstr ""
10901
10902
#: serverguide/C/remote-administration.xml:169(para)
10903
msgid ""
10904
"SSH <emphasis>keys</emphasis> allow authentication between two hosts without "
10905
"the need of a password. SSH key authentication uses two keys a "
10906
"<emphasis>private</emphasis> key and a <emphasis>public</emphasis> key."
10907
msgstr ""
10908
10909
#: serverguide/C/remote-administration.xml:173(para)
10910
msgid "To generate the keys, from a terminal prompt enter:"
10911
msgstr ""
10912
10913
#: serverguide/C/remote-administration.xml:177(command)
10914
msgid "ssh-keygen -t dsa"
10915
msgstr ""
10916
10917
#: serverguide/C/remote-administration.xml:179(para)
10918
msgid ""
10919
"This will generate the keys using a <emphasis>DSA</emphasis> authentication "
10920
"identity of the user. During the process you will be prompted for a "
10921
"password. Simply hit <emphasis>Enter</emphasis> when prompted to create the "
10922
"key."
10923
msgstr ""
10924
10925
#: serverguide/C/remote-administration.xml:183(para)
10926
msgid ""
10927
"By default the <emphasis>public</emphasis> key is saved in the file "
10928
"<filename>~/.ssh/id_dsa.pub</filename>, while "
10929
"<filename>~/.ssh/id_dsa</filename> is the <emphasis>private</emphasis> key. "
10930
"Now copy the <filename>id_dsa.pub</filename> file to the remote host and "
10931
"append it to <filename>~/.ssh/authorized_keys</filename> by entering:"
10932
msgstr ""
10933
10934
#: serverguide/C/remote-administration.xml:189(command)
10935
msgid "ssh-copy-id username@remotehost"
10936
msgstr ""
10937
10938
#: serverguide/C/remote-administration.xml:191(para)
10939
msgid ""
10940
"Finally, double check the permissions on the "
10941
"<filename>authorized_keys</filename> file, only the authenticated user "
10942
"should have read and write permissions. If the permissions are not correct "
10943
"change them by:"
10944
msgstr ""
10945
10946
#: serverguide/C/remote-administration.xml:196(command)
10947
msgid "chmod 600 .ssh/authorized_keys"
10948
msgstr ""
10949
10950
#: serverguide/C/remote-administration.xml:198(para)
10951
msgid ""
10952
"You should now be able to SSH to the host without being prompted for a "
10953
"password."
10954
msgstr ""
10955
10956
#: serverguide/C/remote-administration.xml:207(para)
10957
msgid ""
10958
"<ulink url=\"https://help.ubuntu.com/community/SSH\">Ubuntu Wiki SSH</ulink> "
10959
"page."
10960
msgstr ""
10961
10962
#: serverguide/C/remote-administration.xml:213(ulink)
10963
msgid "OpenSSH Website"
10964
msgstr ""
10965
10966
#: serverguide/C/remote-administration.xml:218(ulink)
10967
msgid "Advanced OpenSSH Wiki Page"
10968
msgstr ""
10969
10970
#: serverguide/C/remote-administration.xml:226(title)
10971
msgid "eBox"
10972
msgstr ""
10973
10974
#: serverguide/C/remote-administration.xml:227(para)
10975
msgid ""
10976
"<application>eBox</application> is a web framework used to manage server "
10977
"application configuration. The modular design of eBox allows you to pick and "
10978
"choose which services you want to configure using eBox."
10979
msgstr ""
10980
10981
#: serverguide/C/remote-administration.xml:234(para)
10982
msgid ""
10983
"The different <application>eBox</application> modules are split into "
10984
"different packages, allowing you to only install those necessary. One way to "
10985
"view the available packages is to enter the following from a terminal:"
10986
msgstr ""
10987
10988
#: serverguide/C/remote-administration.xml:240(command)
10989
msgid "apt-cache rdepends ebox | uniq"
10990
msgstr ""
10991
10992
#: serverguide/C/remote-administration.xml:242(para)
10993
msgid ""
10994
"To install the <application>ebox</application> package, which contains the "
10995
"default modules, enter the following:"
10996
msgstr ""
10997
10998
#: serverguide/C/remote-administration.xml:247(command)
10999
msgid "sudo apt-get install ebox"
11000
msgstr ""
11001
11002
#: serverguide/C/remote-administration.xml:250(para)
11003
msgid ""
11004
"During the installation you will be asked to supply a password for the ebox "
11005
"user. After installing eBox the web interface can be accessed from: "
11006
"<emphasis>https://yourserver/ebox</emphasis>."
11007
msgstr ""
11008
11009
#: serverguide/C/remote-administration.xml:259(para)
11010
msgid ""
11011
"An important thing to remember when using <application>eBox</application> is "
11012
"that when configuring most modules there is a <emphasis>Change</emphasis> "
11013
"button that implements the new configuration. After clicking the Change "
11014
"button most, but not all, modules will then need to be "
11015
"<emphasis>Saved</emphasis>. To save the new configuration click on the "
11016
"<quote>Save changes</quote> link in the top right hand corner."
11017
msgstr ""
11018
11019
#: serverguide/C/remote-administration.xml:267(para)
11020
msgid ""
11021
"Once you make a change that requires a Save, the link will change from green "
11022
"to red."
11023
msgstr ""
11024
11025
#: serverguide/C/remote-administration.xml:273(title)
11026
msgid "eBox Modules"
11027
msgstr ""
11028
11029
#: serverguide/C/remote-administration.xml:274(para)
11030
msgid ""
11031
"By default all eBox <emphasis>Modules</emphasis> are not enabled, and when a "
11032
"new module is installed it will not be automatically enabled."
11033
msgstr ""
11034
11035
#: serverguide/C/remote-administration.xml:278(para)
11036
msgid ""
11037
"To enable a disabled module click on the <emphasis>Module status</emphasis> "
11038
"link in the left hand menu. Then <emphasis role=\"italic\">check</emphasis> "
11039
"which modules you would like to enable and click the <quote>Save</quote> "
11040
"link."
11041
msgstr ""
11042
11043
#: serverguide/C/remote-administration.xml:284(title)
11044
msgid "Default Modules"
11045
msgstr ""
11046
11047
#: serverguide/C/remote-administration.xml:285(para)
11048
msgid ""
11049
"This section provides a quick summary of the default "
11050
"<application>eBox</application> modules."
11051
msgstr ""
11052
11053
#: serverguide/C/remote-administration.xml:291(para)
11054
msgid ""
11055
"<emphasis>System:</emphasis> contains options allowing configuration of "
11056
"general eBox items."
11057
msgstr ""
11058
11059
#: serverguide/C/remote-administration.xml:297(para)
11060
msgid ""
11061
"<emphasis>General:</emphasis> allows you to set the language, port number, "
11062
"and contains a change password form."
11063
msgstr ""
11064
11065
#: serverguide/C/remote-administration.xml:303(para)
11066
msgid ""
11067
"<emphasis>Disk Usage:</emphasis> displays a graph detailing information "
11068
"about disk usage."
11069
msgstr ""
11070
11071
#: serverguide/C/remote-administration.xml:309(para)
11072
msgid ""
11073
"<emphasis>Backup:</emphasis> is used to backup "
11074
"<application>eBox</application> configuration information, and the "
11075
"<emphasis>Full Backup</emphasis> option allows you to save all eBox "
11076
"information not included in the <emphasis>Configuration</emphasis> option "
11077
"such as log files."
11078
msgstr ""
11079
11080
#: serverguide/C/remote-administration.xml:317(para)
11081
msgid ""
11082
"<emphasis>Halt/Reboot:</emphasis> will shutdown the system or reboot it."
11083
msgstr ""
11084
11085
#: serverguide/C/remote-administration.xml:322(para)
11086
msgid ""
11087
"<emphasis>Bug Report:</emphasis> creates a file containing details helpful "
11088
"when reporting bugs to the eBox developers."
11089
msgstr ""
11090
11091
#: serverguide/C/remote-administration.xml:330(para)
11092
msgid ""
11093
"<emphasis>Logs:</emphasis> allows <application>eBox</application> logs to be "
11094
"queried depending on the purge time configured."
11095
msgstr ""
11096
11097
#: serverguide/C/remote-administration.xml:336(para)
11098
msgid ""
11099
"<emphasis>Events:</emphasis> this module has the ability to send alerts "
11100
"through rss, jabber, and log file."
11101
msgstr ""
11102
11103
#: serverguide/C/remote-administration.xml:343(emphasis)
11104
msgid "Available Events:"
11105
msgstr ""
11106
11107
#: serverguide/C/remote-administration.xml:347(para)
11108
msgid ""
11109
"<emphasis>Free Storage Space:</emphasis> will send alert if free disk space "
11110
"drops below a configured percentage, 10% by default."
11111
msgstr ""
11112
11113
#: serverguide/C/remote-administration.xml:353(para)
11114
msgid ""
11115
"<emphasis>Log Observer:</emphasis> sends an alert when a configured logger "
11116
"has logged something."
11117
msgstr ""
11118
11119
#: serverguide/C/remote-administration.xml:359(para)
11120
msgid ""
11121
"<emphasis>RAID:</emphasis> will monitor the RAID system and send alerts if "
11122
"any issues arise."
11123
msgstr ""
11124
11125
#: serverguide/C/remote-administration.xml:365(para)
11126
msgid ""
11127
"<emphasis>Service:</emphasis> sends alerts if a service restarts multiple "
11128
"times in a short time period."
11129
msgstr ""
11130
11131
#: serverguide/C/remote-administration.xml:371(para)
11132
msgid ""
11133
"<emphasis>State:</emphasis> alerts on the state of "
11134
"<application>eBox</application>, either up or down."
11135
msgstr ""
11136
11137
#: serverguide/C/remote-administration.xml:380(emphasis)
11138
msgid "Dispatchers:"
11139
msgstr ""
11140
11141
#: serverguide/C/remote-administration.xml:384(para)
11142
msgid ""
11143
"<emphasis>Log:</emphasis> this dispatcher will send event messages to the "
11144
"<application>eBox</application> log file "
11145
"<filename>/var/log/ebox/ebox.log</filename>."
11146
msgstr ""
11147
11148
#: serverguide/C/remote-administration.xml:391(para)
11149
msgid ""
11150
"<emphasis>Jabber:</emphasis> before enabling this dispatcher you must first "
11151
"configure it by clicking on the <quote>Configure</quote> icon."
11152
msgstr ""
11153
11154
#: serverguide/C/remote-administration.xml:397(para)
11155
msgid ""
11156
"<emphasis>RSS:</emphasis> once this dispatcher is configured you can "
11157
"subscribe to the link in order to view event alerts."
11158
msgstr ""
11159
11160
#: serverguide/C/remote-administration.xml:410(title)
11161
msgid "Additional Modules"
11162
msgstr ""
11163
11164
#: serverguide/C/remote-administration.xml:411(para)
11165
msgid ""
11166
"Here is a quick description of other available "
11167
"<application>eBox</application> modules:"
11168
msgstr ""
11169
11170
#: serverguide/C/remote-administration.xml:416(para)
11171
msgid ""
11172
"<emphasis>Network:</emphasis> allows configuration of the server's network "
11173
"options through eBox."
11174
msgstr ""
11175
11176
#: serverguide/C/remote-administration.xml:422(para)
11177
msgid ""
11178
"<emphasis>Firewall:</emphasis> configures firewall options for the eBox host."
11179
msgstr ""
11180
11181
#: serverguide/C/remote-administration.xml:427(para)
11182
msgid ""
11183
"<emphasis>UsersandGroups:</emphasis> this module will manage users and "
11184
"groups contained in an <application>OpenLDAP</application> LDAP directory."
11185
msgstr ""
11186
11187
#: serverguide/C/remote-administration.xml:433(para)
11188
msgid ""
11189
"<emphasis>DHCP:</emphasis> provides an interface for configuring a DHCP "
11190
"server."
11191
msgstr ""
11192
11193
#: serverguide/C/remote-administration.xml:438(para)
11194
msgid ""
11195
"<emphasis>DNS:</emphasis> provides <application>BIND9</application> DNS "
11196
"server configuration options."
11197
msgstr ""
11198
11199
#: serverguide/C/remote-administration.xml:444(para)
11200
msgid ""
11201
"<emphasis>Objects:</emphasis> allow configuration of eBox <emphasis>Network "
11202
"Objects</emphasis>, which allow you to assign a name to an IP address or "
11203
"group of IPs."
11204
msgstr ""
11205
11206
#: serverguide/C/remote-administration.xml:451(para)
11207
msgid ""
11208
"<emphasis>Services:</emphasis> displays configuration information for "
11209
"services that are available to the network."
11210
msgstr ""
11211
11212
#: serverguide/C/remote-administration.xml:457(para)
11213
msgid ""
11214
"<emphasis>Squid:</emphasis> configuration options for the "
11215
"<application>Squid</application> proxy server."
11216
msgstr ""
11217
11218
#: serverguide/C/remote-administration.xml:463(para)
11219
msgid ""
11220
"<emphasis>CA:</emphasis> configures a Certificate Authority for the server."
11221
msgstr ""
11222
11223
#: serverguide/C/remote-administration.xml:468(para)
11224
msgid "<emphasis>NTP:</emphasis> set Network Time Protocol options."
11225
msgstr ""
11226
11227
#: serverguide/C/remote-administration.xml:473(para)
11228
msgid "<emphasis>Printers:</emphasis> allows the configuration of printers."
11229
msgstr ""
11230
11231
#: serverguide/C/remote-administration.xml:478(para)
11232
msgid "<emphasis>Samba:</emphasis> configuration options for Samba."
11233
msgstr ""
11234
11235
#: serverguide/C/remote-administration.xml:483(para)
11236
msgid ""
11237
"<emphasis>OpenVPN:</emphasis> setup options for OpenVPN Virtual Private "
11238
"Network application."
11239
msgstr ""
11240
11241
#: serverguide/C/remote-administration.xml:494(para)
11242
msgid ""
11243
"The <ulink url=\"https://help.ubuntu.com/community/eBox\">eBox Ubuntu "
11244
"Wiki</ulink> page has more details."
11245
msgstr ""
11246
11247
#: serverguide/C/remote-administration.xml:499(para)
11248
msgid ""
11249
"For more information also see the <ulink url=\"http://ebox-"
11250
"platform.com/\">eBox Home Page</ulink>."
11251
msgstr ""
11252
11253
#: serverguide/C/package-management.xml:13(title)
11254
msgid "Package Management"
11255
msgstr ""
11256
11257
#: serverguide/C/package-management.xml:14(para)
11258
msgid ""
11259
"Ubuntu features a comprehensive package management system for the "
11260
"installation, upgrade, configuration, and removal of software. In addition "
11261
"to providing access to an organized base of over 24,000 software packages "
11262
"for your Ubuntu computer, the package management facilities also feature "
11263
"dependency resolution capabilities and software update checking."
11264
msgstr ""
11265
11266
#: serverguide/C/package-management.xml:16(para)
11267
msgid ""
11268
"Several tools are available for interacting with Ubuntu's package management "
11269
"system, from simple command-line utilities which may be easily automated by "
11270
"system administrators, to a simple graphical interface which is easy to use "
11271
"by those new to Ubuntu."
11272
msgstr ""
11273
11274
#: serverguide/C/package-management.xml:21(para)
11275
msgid ""
11276
"Ubuntu's package management system is derived from the same system used by "
11277
"the Debian GNU/Linux distribution. The package files contain all of the "
11278
"necessary files, meta-data, and instructions to implement a particular "
11279
"functionality or software application on your Ubuntu computer."
11280
msgstr ""
11281
11282
#: serverguide/C/package-management.xml:24(para)
11283
msgid ""
11284
"Debian package files typically have the extension '.deb', and typically "
11285
"exist in <emphasis role=\"italics\">repositories</emphasis> which are "
11286
"collections of packages found on various media, such as CD-ROM discs, or "
11287
"online. Packages are normally of the pre-compiled binary format; thus "
11288
"installation is quick and requires no compiling of software."
11289
msgstr ""
11290
11291
#: serverguide/C/package-management.xml:27(para)
11292
msgid ""
11293
"Many complex packages use the concept of <emphasis "
11294
"role=\"italics\">dependencies</emphasis>. Dependencies are additional "
11295
"packages required by the principal package in order to function properly. "
11296
"For example, the speech synthesis package "
11297
"<application>Festival</application> depends upon the package "
11298
"<application>libasound2</application>, which is a package supplying the "
11299
"<application>ALSA</application> sound library needed for audio playback. In "
11300
"order for <application>Festival</application> to function, it and all of its "
11301
"dependencies must be installed. The software management tools in Ubuntu will "
11302
"do this automatically."
11303
msgstr ""
11304
11305
#: serverguide/C/package-management.xml:32(title)
11306
msgid "dpkg"
11307
msgstr ""
11308
11309
#: serverguide/C/package-management.xml:34(para)
11310
msgid ""
11311
"<application>dpkg</application> is a package manager for "
11312
"<emphasis>Debian</emphasis> based systems. It can install, remove, and build "
11313
"packages, but unlike other package management system's it can not "
11314
"automatically download and install packages and their dependencies. This "
11315
"section covers using <application>dpkg</application> to manage locally "
11316
"installed packages:"
11317
msgstr ""
11318
11319
#: serverguide/C/package-management.xml:43(para)
11320
msgid ""
11321
"To list all packages installed on the system, from a terminal prompt enter:"
11322
msgstr ""
11323
11324
#: serverguide/C/package-management.xml:48(command)
11325
msgid "dpkg -l"
11326
msgstr ""
11327
11328
#: serverguide/C/package-management.xml:54(para)
11329
msgid ""
11330
"Depending on the amount of packages on your system, this can generate a "
11331
"large amount of output. Pipe the output through "
11332
"<application>grep</application> to see if a specific package is installed:"
11333
msgstr ""
11334
11335
#: serverguide/C/package-management.xml:60(command)
11336
msgid "dpkg -l | grep apache2"
11337
msgstr ""
11338
11339
#: serverguide/C/package-management.xml:63(para)
11340
msgid ""
11341
"Replace <emphasis>apache2</emphasis> with any package name, part of a "
11342
"package name, or other regular expression."
11343
msgstr ""
11344
11345
#: serverguide/C/package-management.xml:70(para)
11346
msgid ""
11347
"To list the files installed by a package, in this case the "
11348
"<application>ufw</application> package, enter:"
11349
msgstr ""
11350
11351
#: serverguide/C/package-management.xml:75(command)
11352
msgid "dpkg -L ufw"
11353
msgstr ""
11354
11355
#: serverguide/C/package-management.xml:81(para)
11356
msgid ""
11357
"If you are not sure which package installed a file, <application>dpkg -"
11358
"S</application> may be able to tell you. For example:"
11359
msgstr ""
11360
11361
#: serverguide/C/package-management.xml:87(command)
11362
msgid "dpkg -S /etc/host.conf"
11363
msgstr ""
11364
11365
#: serverguide/C/package-management.xml:88(computeroutput)
11366
#, no-wrap
11367
msgid "base-files: /etc/host.conf"
11368
msgstr ""
11369
11370
#: serverguide/C/package-management.xml:91(para)
11371
msgid ""
11372
"The output shows that the <filename>/etc/host.conf</filename> belongs to the "
11373
"<application>base-files</application> package."
11374
msgstr ""
11375
11376
#: serverguide/C/package-management.xml:96(para)
11377
msgid ""
11378
"Many files are automatically generated during the package install process, "
11379
"and even though they are on the filesystem <command>dpkg -S</command> may "
11380
"not know which package they belong to."
11381
msgstr ""
11382
11383
#: serverguide/C/package-management.xml:105(para)
11384
msgid "You can install a local <emphasis>.deb</emphasis> file by entering:"
11385
msgstr ""
11386
11387
#: serverguide/C/package-management.xml:110(command)
11388
msgid "sudo dpkg -i zip_2.32-1_i386.deb"
11389
msgstr ""
11390
11391
#: serverguide/C/package-management.xml:113(para)
11392
msgid ""
11393
"Change <filename>zip_2.32-1_i386.deb</filename> to the actual file name of "
11394
"the local .deb file."
11395
msgstr ""
11396
11397
#: serverguide/C/package-management.xml:120(para)
11398
msgid "Uninstalling a package can be accomplished by:"
11399
msgstr ""
11400
11401
#: serverguide/C/package-management.xml:125(command)
11402
msgid "sudo dpkg -r zip"
11403
msgstr ""
11404
11405
#: serverguide/C/package-management.xml:129(para)
11406
msgid ""
11407
"Uninstalling packages using <application>dpkg</application>, in most cases, "
11408
"is <emphasis>NOT</emphasis> recommended. It is better to use a package "
11409
"manager that handles dependencies, to ensure that the system is in a "
11410
"consistent state. For example using <command>dpkg -r</command> you can "
11411
"remove the <application>zip</application> package, but any packages that "
11412
"depend on it will still be installed and may no longer function correctly."
11413
msgstr ""
11414
11415
#: serverguide/C/package-management.xml:140(para)
11416
msgid ""
11417
"For more <application>dpkg</application> options see the man page: "
11418
"<command>man dpkg</command>."
11419
msgstr ""
11420
11421
#: serverguide/C/package-management.xml:146(title)
11422
msgid "Apt-Get"
11423
msgstr ""
11424
11425
#: serverguide/C/package-management.xml:147(para)
11426
msgid ""
11427
"The <application>apt-get</application> command is a powerful command-line "
11428
"tool used to work with Ubuntu's <emphasis>Advanced Packaging Tool</emphasis> "
11429
"(APT) performing such functions as installation of new software packages, "
11430
"upgrade of existing software packages, updating of the package list index, "
11431
"and even upgrading the entire Ubuntu system."
11432
msgstr ""
11433
11434
#: serverguide/C/package-management.xml:150(para)
11435
msgid ""
11436
"Being a simple command-line tool, <application>apt-get</application> has "
11437
"numerous advantages over other package management tools available in Ubuntu "
11438
"for server administrators. Some of these advantages include ease of use over "
11439
"simple terminal connections (SSH) and the ability to be used in system "
11440
"administration scripts, which can in turn be automated by the "
11441
"<application>cron</application> scheduling utility."
11442
msgstr ""
11443
11444
#: serverguide/C/package-management.xml:157(para)
11445
msgid ""
11446
"<emphasis role=\"bold\">Install a Package</emphasis>: Installation of "
11447
"packages using the <application>apt-get</application> tool is quite simple. "
11448
"For example, to install the network scanner <emphasis "
11449
"role=\"italics\">nmap</emphasis>, type the following: <screen>\n"
11450
"<command>sudo apt-get install nmap</command>\n"
11451
"</screen>"
11452
msgstr ""
11453
11454
#: serverguide/C/package-management.xml:165(para)
11455
msgid ""
11456
"<emphasis role=\"bold\">Remove a Package</emphasis>: Removal of a package or "
11457
"packages is also a straightforward and simple process. To remove the nmap "
11458
"package installed in the previous example, type the following: <screen>\n"
11459
"<command>sudo apt-get remove nmap</command>\n"
11460
"</screen>"
11461
msgstr ""
11462
11463
#: serverguide/C/package-management.xml:172(para)
11464
msgid ""
11465
"<emphasis role=\"bold\">Multiple Packages</emphasis>: You may specify "
11466
"multiple packages to be installed or removed, separated by spaces."
11467
msgstr ""
11468
11469
#: serverguide/C/package-management.xml:175(para)
11470
msgid ""
11471
"Also, adding the <emphasis>--purge</emphasis> options to <command>apt-get "
11472
"remove</command> will remove the package configuration files as well. This "
11473
"may or may not be the desired effect so use with caution."
11474
msgstr ""
11475
11476
#: serverguide/C/package-management.xml:181(para)
11477
msgid ""
11478
"<emphasis role=\"bold\">Update the Package Index</emphasis>: The APT package "
11479
"index is essentially a database of available packages from the repositories "
11480
"defined in the <filename>/etc/apt/sources.list</filename> file. To update "
11481
"the local package index with the latest changes made in repositories, type "
11482
"the following: <screen>\n"
11483
"<command>sudo apt-get update</command>\n"
11484
"</screen>"
11485
msgstr ""
11486
11487
#: serverguide/C/package-management.xml:189(para)
11488
msgid ""
11489
"<emphasis role=\"bold\">Upgrade Packages</emphasis>: Over time, updated "
11490
"versions of packages currently installed on your computer may become "
11491
"available from the package repositories (for example security updates). To "
11492
"upgrade your system, first update your package index as outlined above, and "
11493
"then type: <screen>\n"
11494
"<command>sudo apt-get upgrade</command>\n"
11495
"</screen>"
11496
msgstr ""
11497
11498
#: serverguide/C/package-management.xml:195(para)
11499
msgid ""
11500
"For information on upgrading to a new Ubuntu release see <xref "
11501
"linkend=\"installing-upgrading\"/>."
11502
msgstr ""
11503
11504
#: serverguide/C/package-management.xml:153(para)
11505
msgid ""
11506
"Some examples of popular uses for the <application>apt-get</application> "
11507
"utility: <placeholder-1/>"
11508
msgstr ""
11509
11510
#: serverguide/C/package-management.xml:201(para)
11511
msgid ""
11512
"Actions of the <application>apt-get</application> command, such as "
11513
"installation and removal of packages, are logged in the /var/log/dpkg.log "
11514
"log file."
11515
msgstr ""
11516
11517
#: serverguide/C/package-management.xml:204(para)
11518
msgid ""
11519
"For further information about the use of <application>APT</application>, "
11520
"read the comprehensive <ulink url=\"http://www.debian.org/doc/user-"
11521
"manuals#apt-howto\">Debian APT User Manual</ulink> or type: <screen>apt-get "
11522
"help</screen>"
11523
msgstr ""
11524
11525
#: serverguide/C/package-management.xml:208(title)
11526
msgid "Aptitude"
11527
msgstr ""
11528
11529
#: serverguide/C/package-management.xml:209(para)
11530
msgid ""
11531
"<application>Aptitude</application> is a menu-driven, text-based front-end "
11532
"to the <emphasis>Advanced Packaging Tool</emphasis> (APT) system. Many of "
11533
"the common package management functions, such as installation, removal, and "
11534
"upgrade, are performed in <application>Aptitude</application> with single-"
11535
"key commands, which are typically lowercase letters."
11536
msgstr ""
11537
11538
#: serverguide/C/package-management.xml:212(para)
11539
msgid ""
11540
"<application>Aptitude</application> is best suited for use in a non-"
11541
"graphical terminal environment to ensure proper functioning of the command "
11542
"keys. You may start <application>Aptitude</application> as a normal user "
11543
"with the following command at a terminal prompt: <screen>\n"
11544
"<command>sudo aptitude</command>\n"
11545
"</screen>"
11546
msgstr ""
11547
11548
#: serverguide/C/package-management.xml:219(para)
11549
msgid ""
11550
"When <application>Aptitude</application> starts, you will see a menu bar at "
11551
"the top of the screen and two panes below the menu bar. The top pane "
11552
"contains package categories, such as <emphasis role=\"italics\">New "
11553
"Packages</emphasis> and <emphasis role=\"italics\">Not Installed "
11554
"Packages</emphasis>. The bottom pane contains information related to the "
11555
"packages and package categories."
11556
msgstr ""
11557
11558
#: serverguide/C/package-management.xml:222(para)
11559
msgid ""
11560
"Using <application>Aptitude</application> for package management is "
11561
"relatively straightforward, and the user interface makes common tasks simple "
11562
"to perform. The following are examples of common package management "
11563
"functions as performed in <application>Aptitude</application>:"
11564
msgstr ""
11565
11566
#: serverguide/C/package-management.xml:226(para)
11567
msgid ""
11568
"<emphasis role=\"bold\">Install Packages</emphasis>: To install a package, "
11569
"locate the package via the Not Installed Packages package category, for "
11570
"example, by using the keyboard arrow keys and the <keycap>ENTER</keycap> "
11571
"key, and highlight the package you wish to install. After highlighting the "
11572
"package you wish to install, press the <keycap>+</keycap> key, and the "
11573
"package entry should turn <emphasis role=\"italics\">green</emphasis>, "
11574
"indicating it has been marked for installation. Now press <keycap>g</keycap> "
11575
"to be presented with a summary of package actions. Press <keycap>g</keycap> "
11576
"again, and you will be prompted to become root to complete the installation. "
11577
"Press <keycap>ENTER</keycap> which will result in a Password: prompt. Enter "
11578
"your user password to become root. Finally, press <keycap>g</keycap> once "
11579
"more and you'll be prompted to download the package. Press "
11580
"<keycap>ENTER</keycap> on the <emphasis role=\"italics\">Continue</emphasis> "
11581
"prompt, and downloading and installation of the package will commence."
11582
msgstr ""
11583
11584
#: serverguide/C/package-management.xml:230(para)
11585
msgid ""
11586
"<emphasis role=\"bold\">Remove Packages</emphasis>: To remove a package, "
11587
"locate the package via the Installed Packages package category, for example, "
11588
"by using the keyboard arrow keys and the <keycap>ENTER</keycap> key, and "
11589
"highlight the package you wish to remove. After highlighting the package you "
11590
"wish to install, press the <keycap>-</keycap> key, and the package entry "
11591
"should turn <emphasis role=\"italics\">pink</emphasis>, indicating it has "
11592
"been marked for removal. Now press <keycap>g</keycap> to be presented with a "
11593
"summary of package actions. Press <keycap>g</keycap> again, and you will be "
11594
"prompted to become root to complete the installation. Press "
11595
"<keycap>ENTER</keycap> which will result in a Password: prompt. Enter your "
11596
"user password to become root. Finally, press <keycap>g</keycap> once more, "
11597
"and you'll be prompted to download the package. Press <keycap>ENTER</keycap> "
11598
"on the <emphasis role=\"italics\">Continue</emphasis> prompt, and removal of "
11599
"the package will commence."
11600
msgstr ""
11601
11602
#: serverguide/C/package-management.xml:234(para)
11603
msgid ""
11604
"<emphasis role=\"bold\">Update Package Index</emphasis>: To update the "
11605
"package index, simply press the <keycap>u</keycap> key and you will be "
11606
"prompted to become root to complete the update. Press <keycap>ENTER</keycap> "
11607
"which will result in a Password: prompt. Enter your user password to become "
11608
"root. Updating of the package index will commence. Press "
11609
"<keycap>ENTER</keycap> on the OK prompt when the download dialog is "
11610
"presented to complete the process."
11611
msgstr ""
11612
11613
#: serverguide/C/package-management.xml:238(para)
11614
msgid ""
11615
"<emphasis role=\"bold\">Upgrade Packages</emphasis>: To upgrade packages, "
11616
"perform the update of the package index as detailed above, and then press "
11617
"the <keycap>U</keycap> key to mark all packages with updates. Now press "
11618
"<keycap>g</keycap> whereby you'll be presented with a summary of package "
11619
"actions. Press <keycap>g</keycap> again, and you will be prompted to become "
11620
"root to complete the installation. Press <keycap>ENTER</keycap> which will "
11621
"result in a Password: prompt. Enter your user password to become root. "
11622
"Finally, press <keycap>g</keycap> once more, and you'll be prompted to "
11623
"download the packages. Press <keycap>ENTER</keycap> on the <emphasis "
11624
"role=\"italics\">Continue</emphasis> prompt, and upgrade of the packages "
11625
"will commence."
11626
msgstr ""
11627
11628
#: serverguide/C/package-management.xml:245(para)
11629
msgid "<emphasis role=\"bold\">i</emphasis>: Installed package"
11630
msgstr ""
11631
11632
#: serverguide/C/package-management.xml:250(para)
11633
msgid ""
11634
"<emphasis role=\"bold\">c</emphasis>: Package not installed, but package "
11635
"configuration remains on system"
11636
msgstr ""
11637
11638
#: serverguide/C/package-management.xml:254(para)
11639
msgid "<emphasis role=\"bold\">p</emphasis>: Purged from system"
11640
msgstr ""
11641
11642
#: serverguide/C/package-management.xml:258(para)
11643
msgid "<emphasis role=\"bold\">v</emphasis>: Virtual package"
11644
msgstr ""
11645
11646
#: serverguide/C/package-management.xml:262(para)
11647
msgid "<emphasis role=\"bold\">B</emphasis>: Broken package"
11648
msgstr ""
11649
11650
#: serverguide/C/package-management.xml:266(para)
11651
msgid ""
11652
"<emphasis role=\"bold\">u</emphasis>: Unpacked files, but package not yet "
11653
"configured"
11654
msgstr ""
11655
11656
#: serverguide/C/package-management.xml:270(para)
11657
msgid ""
11658
"<emphasis role=\"bold\">C</emphasis>: Half-configured - Configuration failed "
11659
"and requires fix"
11660
msgstr ""
11661
11662
#: serverguide/C/package-management.xml:274(para)
11663
msgid ""
11664
"<emphasis role=\"bold\">H</emphasis>: Half-installed - Removal failed and "
11665
"requires fix"
11666
msgstr ""
11667
11668
#: serverguide/C/package-management.xml:242(para)
11669
msgid ""
11670
"The first column of information displayed in the package list in the top "
11671
"pane, when actually viewing packages lists the current state of the package, "
11672
"and uses the following key to describe the state of the package: "
11673
"<placeholder-1/>"
11674
msgstr ""
11675
11676
#: serverguide/C/package-management.xml:280(para)
11677
msgid ""
11678
"To exit Aptitude, simply press the <keycap>q</keycap> key and confirm you "
11679
"wish to exit. Many other functions are available from the Aptitude menu by "
11680
"pressing the <keycap>F10</keycap> key."
11681
msgstr ""
11682
11683
#: serverguide/C/package-management.xml:285(title)
11684
msgid "Automatic Updates"
11685
msgstr ""
11686
11687
#: serverguide/C/package-management.xml:287(para)
11688
msgid ""
11689
"The <application>unattended-upgrades</application> package can be used to "
11690
"automatically install updated packages, and can be configured to update all "
11691
"packages or just install security updates. First, install the package by "
11692
"entering the following in a terminal:"
11693
msgstr ""
11694
11695
#: serverguide/C/package-management.xml:293(command)
11696
msgid "sudo apt-get install unattended-upgrades"
11697
msgstr ""
11698
11699
#: serverguide/C/package-management.xml:296(para)
11700
msgid ""
11701
"To configure <application>unattended-upgrades</application>, edit "
11702
"<filename>/etc/apt/apt.conf.d/50unattended-upgrades</filename> and adjust "
11703
"the following to fit your needs:"
11704
msgstr ""
11705
11706
#: serverguide/C/package-management.xml:301(programlisting)
11707
#, no-wrap
11708
msgid ""
11709
"\n"
11710
"Unattended-Upgrade::Allowed-Origins {\n"
11711
" \"Ubuntu lucid-security\";\n"
11712
"// \"Ubuntu lucid-updates\";\n"
11713
"};\n"
11714
msgstr ""
11715
11716
#: serverguide/C/package-management.xml:308(para)
11717
msgid ""
11718
"Certain packages can also be <emphasis>blacklisted</emphasis> and therefore "
11719
"will not be automatically updated. To blacklist a package, add it to the "
11720
"list:"
11721
msgstr ""
11722
11723
#: serverguide/C/package-management.xml:313(programlisting)
11724
#, no-wrap
11725
msgid ""
11726
"\n"
11727
"Unattended-Upgrade::Package-Blacklist {\n"
11728
"// \"vim\";\n"
11729
"// \"libc6\";\n"
11730
"// \"libc6-dev\";\n"
11731
"// \"libc6-i686\";\n"
11732
"};\n"
11733
msgstr ""
11734
11735
#: serverguide/C/package-management.xml:323(para)
11736
msgid ""
11737
"The double <emphasis><quote>//</quote></emphasis> serve as comments, so "
11738
"whatever follows \"//\" will not be evaluated."
11739
msgstr ""
11740
11741
#: serverguide/C/package-management.xml:328(para)
11742
msgid ""
11743
"To enable automatic updates, edit "
11744
"<filename>/etc/apt/apt.conf.d/10periodic</filename> and set the appropriate "
11745
"<application>apt</application> configuration options:"
11746
msgstr ""
11747
11748
#: serverguide/C/package-management.xml:332(programlisting)
11749
#, no-wrap
11750
msgid ""
11751
"\n"
11752
"APT::Periodic::Update-Package-Lists \"1\";\n"
11753
"APT::Periodic::Download-Upgradeable-Packages \"1\";\n"
11754
"APT::Periodic::AutocleanInterval \"7\";\n"
11755
"APT::Periodic::Unattended-Upgrade \"1\";\n"
11756
msgstr ""
11757
11758
#: serverguide/C/package-management.xml:339(para)
11759
msgid ""
11760
"The above configuration updates the package list, downloads, and installs "
11761
"available upgrades every day. The local download archive is cleaned every "
11762
"week."
11763
msgstr ""
11764
11765
#: serverguide/C/package-management.xml:345(para)
11766
msgid ""
11767
"You can read more about <application>apt</application> Periodic "
11768
"configuration options in the <filename>/etc/cron.daily/apt</filename> script "
11769
"header."
11770
msgstr ""
11771
11772
#: serverguide/C/package-management.xml:350(para)
11773
msgid ""
11774
"The results of <application>unattended-upgrades</application> will be logged "
11775
"to <filename>/var/log/unattended-upgrades</filename>."
11776
msgstr ""
11777
11778
#: serverguide/C/package-management.xml:355(title)
11779
msgid "Notifications"
11780
msgstr ""
11781
11782
#: serverguide/C/package-management.xml:357(para)
11783
msgid ""
11784
"Configuring <emphasis>Unattended-Upgrade::Mail</emphasis> in "
11785
"<filename>/etc/apt/apt.conf.d/50unattended-upgrades</filename> will enable "
11786
"<application>unattended-upgrades</application> to email an administrator "
11787
"detailing any packages that need upgrading or have problems."
11788
msgstr ""
11789
11790
#: serverguide/C/package-management.xml:362(para)
11791
msgid ""
11792
"Another useful package is <application>apticron</application>. "
11793
"<application>apticron</application> will configure a "
11794
"<application>cron</application> job to email an administrator information "
11795
"about any packages on the system that have updates available, as well as a "
11796
"summary of changes in each package."
11797
msgstr ""
11798
11799
#: serverguide/C/package-management.xml:368(para)
11800
msgid ""
11801
"To install the <application>apticron</application> package, in a terminal "
11802
"enter:"
11803
msgstr ""
11804
11805
#: serverguide/C/package-management.xml:373(command)
11806
msgid "sudo apt-get install apticron"
11807
msgstr ""
11808
11809
#: serverguide/C/package-management.xml:376(para)
11810
msgid ""
11811
"Once the package is installed edit "
11812
"<filename>/etc/apticron/apticron.conf</filename>, to set the email address "
11813
"and other options:"
11814
msgstr ""
11815
11816
#: serverguide/C/package-management.xml:380(programlisting)
11817
#, no-wrap
11818
msgid ""
11819
"\n"
11820
"EMAIL=\"root@example.com\"\n"
11821
msgstr ""
11822
11823
#: serverguide/C/package-management.xml:389(para)
11824
msgid ""
11825
"Configuration of the <emphasis>Advanced Packaging Tool</emphasis> (APT) "
11826
"system repositories is stored in the /etc/apt/sources.list configuration "
11827
"file. An example of this file is referenced here, along with information on "
11828
"adding or removing repository references from the file."
11829
msgstr ""
11830
11831
#: serverguide/C/package-management.xml:395(para)
11832
msgid ""
11833
"<ulink url=\"../sample/sources.list\">Here</ulink> is a simple example of a "
11834
"typical <filename>/etc/apt/sources.list</filename> file."
11835
msgstr ""
11836
11837
#: serverguide/C/package-management.xml:399(para)
11838
msgid ""
11839
"You may edit the file to enable repositories or disable them. For example, "
11840
"to disable the requirement of inserting the Ubuntu CD-ROM whenever package "
11841
"operations occur, simply comment out the appropriate line for the CD-ROM, "
11842
"which appears at the top of the file:"
11843
msgstr ""
11844
11845
#: serverguide/C/package-management.xml:404(screen)
11846
#, no-wrap
11847
msgid ""
11848
"\n"
11849
"# no more prompting for CD-ROM please\n"
11850
"# deb cdrom:[Ubuntu 10.04_Lucid_Lynx - Release i386 (20070419.1)]/ lucid "
11851
"main restricted\n"
11852
msgstr ""
11853
11854
#: serverguide/C/package-management.xml:410(title)
11855
msgid "Extra Repositories"
11856
msgstr ""
11857
11858
#: serverguide/C/package-management.xml:411(para)
11859
msgid ""
11860
"In addition to the officially supported package repositories available for "
11861
"Ubuntu, there exist additional community-maintained repositories which add "
11862
"thousands more potential packages for installation. Two of the most popular "
11863
"are the <emphasis>Universe</emphasis> and <emphasis>Multiverse</emphasis> "
11864
"repositories. These repositories are not officially supported by Ubuntu, but "
11865
"because they are maintained by the community they generally provide packages "
11866
"which are safe for use with your Ubuntu computer."
11867
msgstr ""
11868
11869
#: serverguide/C/package-management.xml:414(para)
11870
msgid ""
11871
"Packages in the <emphasis>Multiverse</emphasis> repository often have "
11872
"licensing issues that prevent them from being distributed with a free "
11873
"operating system, and they may be illegal in your locality."
11874
msgstr ""
11875
11876
#: serverguide/C/package-management.xml:416(para)
11877
msgid ""
11878
"Be advised that neither the <emphasis>Universe</emphasis> or "
11879
"<emphasis>Multiverse</emphasis> repositories contain officially supported "
11880
"packages. In particular, there may not be security updates for these "
11881
"packages."
11882
msgstr ""
11883
11884
#: serverguide/C/package-management.xml:420(para)
11885
msgid ""
11886
"Many other package sources are available, sometimes even offering only one "
11887
"package, as in the case of package sources provided by the developer of a "
11888
"single application. You should always be very careful and cautious when "
11889
"using non-standard package sources, however. Research the source and "
11890
"packages carefully before performing any installation, as some package "
11891
"sources and their packages could render your system unstable or non-"
11892
"functional in some respects."
11893
msgstr ""
11894
11895
#: serverguide/C/package-management.xml:423(para)
11896
msgid ""
11897
"By default, the <emphasis>Universe</emphasis> and "
11898
"<emphasis>Multiverse</emphasis> repositories are enabled but if you would "
11899
"like to disable them edit <filename>/etc/apt/sources.list</filename> and "
11900
"comment the following lines:"
11901
msgstr ""
11902
11903
#: serverguide/C/package-management.xml:430(programlisting)
11904
#, no-wrap
11905
msgid ""
11906
"\n"
11907
"deb http://archive.ubuntu.com/ubuntu lucid universe multiverse\n"
11908
"deb-src http://archive.ubuntu.com/ubuntu lucid universe multiverse\n"
11909
"\n"
11910
"deb http://us.archive.ubuntu.com/ubuntu/ lucid universe\n"
11911
"deb-src http://us.archive.ubuntu.com/ubuntu/ lucid universe\n"
11912
"deb http://us.archive.ubuntu.com/ubuntu/ lucid-updates universe\n"
11913
"deb-src http://us.archive.ubuntu.com/ubuntu/ lucid-updates universe\n"
11914
"\n"
11915
"deb http://us.archive.ubuntu.com/ubuntu/ lucid multiverse\n"
11916
"deb-src http://us.archive.ubuntu.com/ubuntu/ lucid multiverse\n"
11917
"deb http://us.archive.ubuntu.com/ubuntu/ lucid-updates multiverse\n"
11918
"deb-src http://us.archive.ubuntu.com/ubuntu/ lucid-updates multiverse\n"
11919
"\n"
11920
"deb http://security.ubuntu.com/ubuntu lucid-security universe\n"
11921
"deb-src http://security.ubuntu.com/ubuntu lucid-security universe\n"
11922
"deb http://security.ubuntu.com/ubuntu lucid-security multiverse\n"
11923
"deb-src http://security.ubuntu.com/ubuntu lucid-security multiverse\n"
11924
msgstr ""
11925
11926
#: serverguide/C/package-management.xml:456(para)
11927
msgid ""
11928
"Most of the material covered in this chapter is available in "
11929
"<application>man</application> pages, many of which are available online."
11930
msgstr ""
11931
11932
#: serverguide/C/package-management.xml:463(para)
11933
msgid ""
11934
"The <ulink "
11935
"url=\"https://help.ubuntu.com/community/InstallingSoftware\">InstallingSoftwa"
11936
"re</ulink> Ubuntu wiki page has more information."
11937
msgstr ""
11938
11939
#: serverguide/C/package-management.xml:468(para)
11940
msgid ""
11941
"For more <application>dpkg</application> details see the <ulink "
11942
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man1/dpkg.1.html\">dpkg "
11943
"man page</ulink>."
11944
msgstr ""
11945
11946
#: serverguide/C/package-management.xml:474(para)
11947
msgid ""
11948
"The <ulink url=\"http://www.debian.org/doc/manuals/apt-howto/\">APT "
11949
"HOWTO</ulink> and <ulink "
11950
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man8/apt-get.8.html\">apt-"
11951
"get man page</ulink> contain useful information regarding <application>apt-"
11952
"get</application> usage."
11953
msgstr ""
11954
11955
#: serverguide/C/package-management.xml:481(para)
11956
msgid ""
11957
"See the <ulink "
11958
"url=\"http://manpages.ubuntu.com/manpages/lucid/man8/aptitude.8.html\">aptitu"
11959
"de man page</ulink> for more <application>aptitude</application> options."
11960
msgstr ""
11961
11962
#: serverguide/C/package-management.xml:487(para)
11963
msgid ""
11964
"The <ulink "
11965
"url=\"https://help.ubuntu.com/community/Repositories/Ubuntu\">Adding "
11966
"Repositories HOWTO (Ubuntu Wiki)</ulink> page contains more details on "
11967
"adding repositories."
11968
msgstr ""
11969
11970
#: serverguide/C/other-apps.xml:13(title)
11971
msgid "Other Useful Applications"
11972
msgstr ""
11973
11974
#: serverguide/C/other-apps.xml:15(para)
11975
msgid ""
11976
"There are many very useful applications developed by the Ubuntu Server Team, "
11977
"and others that are well integrated with Ubuntu Server Edition, that might "
11978
"not be well known. This chapter will showcase some useful applications that "
11979
"can make administering an Ubuntu server, or many Ubuntu servers, that much "
11980
"easier."
11981
msgstr ""
11982
11983
#: serverguide/C/other-apps.xml:23(title)
11984
msgid "pam_motd"
11985
msgstr ""
11986
11987
#: serverguide/C/other-apps.xml:25(para)
11988
msgid ""
11989
"When logging into an Ubuntu server you may have noticed the informative "
11990
"Message Of The Day (MOTD). This information is obtained and displayed using "
11991
"a couple of packages:"
11992
msgstr ""
11993
11994
#: serverguide/C/other-apps.xml:32(para)
11995
msgid ""
11996
"<emphasis>landscape-common:</emphasis> provides the core libraries of "
11997
"<application>landscape-client</application>, which can be used to manage "
11998
"systems using the web based <emphasis>Landscape</emphasis> application. The "
11999
"package includes the <application>/usr/bin/landscape-sysinfo</application> "
12000
"utility which is used to gather the information displayed in the MOTD."
12001
msgstr ""
12002
12003
#: serverguide/C/other-apps.xml:40(para)
12004
msgid ""
12005
"<emphasis>update-notifier-common:</emphasis> is used to automatically update "
12006
"the MOTD via <application>pam_motd</application> module."
12007
msgstr ""
12008
12009
#: serverguide/C/other-apps.xml:46(para)
12010
msgid ""
12011
"<application>pam_motd</application> executes the scripts in "
12012
"<filename>/etc/update-motd.d</filename> in order based on the number "
12013
"prepended to the script. The output of the scripts is written to "
12014
"<filename>/var/run/motd</filename>, keeping the numerical order, then "
12015
"concatenated with <filename>/etc/motd.tail</filename>."
12016
msgstr ""
12017
12018
#: serverguide/C/other-apps.xml:52(para)
12019
msgid ""
12020
"You can add your own dynamic information to the MOTD. For example, to add "
12021
"local weather information:"
12022
msgstr ""
12023
12024
#: serverguide/C/other-apps.xml:58(para)
12025
msgid "First, install the <application>weather-util</application> package:"
12026
msgstr ""
12027
12028
#: serverguide/C/other-apps.xml:63(command)
12029
msgid "sudo apt-get install weather-util"
12030
msgstr ""
12031
12032
#: serverguide/C/other-apps.xml:68(para)
12033
msgid ""
12034
"The <application>weather</application> utility uses METAR data from the "
12035
"National Oceanic and Atmospheric Administration and forecasts from the "
12036
"National Weather Service. In order to find local information you will need "
12037
"the 4-character ICAO location indicator. This can be determined by browsing "
12038
"to the <ulink url=\"http://www.weather.gov/tg/siteloc.shtml\">National "
12039
"Weather Service</ulink> site."
12040
msgstr ""
12041
12042
#: serverguide/C/other-apps.xml:75(para)
12043
msgid ""
12044
"Although the National Weather Service is a United States government agency "
12045
"there are weather stations available world wide. However, local weather "
12046
"information for all locations outside the U.S. may not be available."
12047
msgstr ""
12048
12049
#: serverguide/C/other-apps.xml:81(para)
12050
msgid ""
12051
"Create <filename>/usr/local/bin/local-weather</filename>, a simple shell "
12052
"script to use <application>weather</application> with your local ICAO "
12053
"indicator:"
12054
msgstr ""
12055
12056
#: serverguide/C/other-apps.xml:86(programlisting)
12057
#, no-wrap
12058
msgid ""
12059
"\n"
12060
"#!/bin/sh\n"
12061
"#\n"
12062
"#\n"
12063
"# Prints the local weather information for the MOTD.\n"
12064
"#\n"
12065
"#\n"
12066
"\n"
12067
"# Replace KINT with your local weather station.\n"
12068
"# Local stations can be found here: http://www.weather.gov/tg/siteloc.shtml\n"
12069
"\n"
12070
"echo\n"
12071
"weather -i KINT\n"
12072
"echo\n"
12073
"\n"
12074
msgstr ""
12075
12076
#: serverguide/C/other-apps.xml:104(para)
12077
msgid "Make the script executable:"
12078
msgstr ""
12079
12080
#: serverguide/C/other-apps.xml:109(command)
12081
msgid "sudo chmod 755 /usr/local/bin/local-weather"
12082
msgstr ""
12083
12084
#: serverguide/C/other-apps.xml:113(para)
12085
msgid ""
12086
"Next, create a symlink to <filename>/etc/update-motd.d/98-local-"
12087
"weather</filename>:"
12088
msgstr ""
12089
12090
#: serverguide/C/other-apps.xml:118(command)
12091
msgid ""
12092
"sudo ln -s /usr/local/bin/local-weather /etc/update-motd.d/98-local-weather"
12093
msgstr ""
12094
12095
#: serverguide/C/other-apps.xml:122(para)
12096
msgid "Finally, exit the server and re-login to view the new MOTD."
12097
msgstr ""
12098
12099
#: serverguide/C/other-apps.xml:128(para)
12100
msgid ""
12101
"You should now be greeted with some useful information, and some information "
12102
"about the local weather that may not be quite so useful. Hopefully the "
12103
"<application>local-weather</application> example demonstrates the "
12104
"flexibility of <application>pam_motd</application>."
12105
msgstr ""
12106
12107
#: serverguide/C/other-apps.xml:136(title)
12108
msgid "etckeeper"
12109
msgstr ""
12110
12111
#: serverguide/C/other-apps.xml:138(para)
12112
msgid ""
12113
"<application>etckeeper</application> allows the contents of <filename "
12114
"role=\"directory\">/etc</filename> be easily stored in Version Control "
12115
"System (VCS) repository. It hooks into <application>apt</application> to "
12116
"automatically commit changes to <filename>/etc</filename> when packages are "
12117
"installed or upgraded. Placing <filename>/etc</filename> under version "
12118
"control is considered an industry best practice, and the goal of "
12119
"<application>etckeeper</application> is to make this process as painless as "
12120
"possible."
12121
msgstr ""
12122
12123
#: serverguide/C/other-apps.xml:146(para)
12124
msgid ""
12125
"Install <application>etckeeper</application> by entering the following in a "
12126
"terminal:"
12127
msgstr ""
12128
12129
#: serverguide/C/other-apps.xml:151(command)
12130
msgid "sudo apt-get install etckeeper"
12131
msgstr ""
12132
12133
#: serverguide/C/other-apps.xml:154(para)
12134
msgid ""
12135
"The main configuration file, "
12136
"<filename>/etc/etckeeper/etckeeper.conf</filename>, is fairly simple. The "
12137
"main option is which VCS to use. By default "
12138
"<application>etckeeper</application> is configured to use "
12139
"<application>bzr</application> for version control. The repository is "
12140
"automatically initialized (and committed for the first time) during package "
12141
"installation. It is possible to undo this by entering the following command:"
12142
msgstr ""
12143
12144
#: serverguide/C/other-apps.xml:164(command)
12145
msgid "sudo etckeeper uninit"
12146
msgstr ""
12147
12148
#: serverguide/C/other-apps.xml:167(para)
12149
msgid ""
12150
"By default, etckeeper will commit uncommitted changes made to /etc daily. "
12151
"This can be disabled using the AVOID_DAILY_AUTOCOMMITS configuration option. "
12152
"It will also automatically commit changes before and after package "
12153
"installation. For a more precise tracking of changes, it is recommended to "
12154
"commit your changes manually, together with a commit message, using:"
12155
msgstr ""
12156
12157
#: serverguide/C/other-apps.xml:176(command)
12158
msgid "sudo etckeeper commit \"..Reason for configuration change..\""
12159
msgstr ""
12160
12161
#: serverguide/C/other-apps.xml:179(para)
12162
msgid ""
12163
"Using the VCS commands you can view log information about files in "
12164
"<filename>/etc</filename>:"
12165
msgstr ""
12166
12167
#: serverguide/C/other-apps.xml:184(command)
12168
msgid "sudo bzr log /etc/passwd"
12169
msgstr ""
12170
12171
#: serverguide/C/other-apps.xml:187(para)
12172
msgid ""
12173
"To demonstrate the integration with the package management system, install "
12174
"<application>postfix</application>:"
12175
msgstr ""
12176
12177
#: serverguide/C/other-apps.xml:192(command) serverguide/C/mail.xml:45(command)
12178
msgid "sudo apt-get install postfix"
12179
msgstr ""
12180
12181
#: serverguide/C/other-apps.xml:195(para)
12182
msgid ""
12183
"When the installation is finished, all the "
12184
"<application>postfix</application> configuration files should be committed "
12185
"to the repository:"
12186
msgstr ""
12187
12188
#: serverguide/C/other-apps.xml:201(computeroutput)
12189
#, no-wrap
12190
msgid ""
12191
"Committing to: /etc/\n"
12192
"added aliases.db\n"
12193
"modified group\n"
12194
"modified group-\n"
12195
"modified gshadow\n"
12196
"modified gshadow-\n"
12197
"modified passwd\n"
12198
"modified passwd-\n"
12199
"added postfix\n"
12200
"added resolvconf\n"
12201
"added rsyslog.d\n"
12202
"modified shadow\n"
12203
"modified shadow-\n"
12204
"added init.d/postfix\n"
12205
"added network/if-down.d/postfix\n"
12206
"added network/if-up.d/postfix\n"
12207
"added postfix/dynamicmaps.cf\n"
12208
"added postfix/main.cf\n"
12209
"added postfix/master.cf\n"
12210
"added postfix/post-install\n"
12211
"added postfix/postfix-files\n"
12212
"added postfix/postfix-script\n"
12213
"added postfix/sasl\n"
12214
"added ppp/ip-down.d\n"
12215
"added ppp/ip-down.d/postfix\n"
12216
"added ppp/ip-up.d/postfix\n"
12217
"added rc0.d/K20postfix\n"
12218
"added rc1.d/K20postfix\n"
12219
"added rc2.d/S20postfix\n"
12220
"added rc3.d/S20postfix\n"
12221
"added rc4.d/S20postfix\n"
12222
"added rc5.d/S20postfix\n"
12223
"added rc6.d/K20postfix\n"
12224
"added resolvconf/update-libc.d\n"
12225
"added resolvconf/update-libc.d/postfix\n"
12226
"added rsyslog.d/postfix.conf\n"
12227
"added ufw/applications.d/postfix\n"
12228
"Committed revision 2."
12229
msgstr ""
12230
12231
#: serverguide/C/other-apps.xml:241(para)
12232
msgid ""
12233
"For an example of how <application>etckeeper</application> tracks manual "
12234
"changes, add new a host to <filename>/etc/hosts</filename>. Using "
12235
"<application>bzr</application> you can see which files have been modified:"
12236
msgstr ""
12237
12238
#: serverguide/C/other-apps.xml:247(command)
12239
msgid "sudo bzr status /etc/"
12240
msgstr ""
12241
12242
#: serverguide/C/other-apps.xml:248(computeroutput)
12243
#, no-wrap
12244
msgid ""
12245
"modified:\n"
12246
" hosts"
12247
msgstr ""
12248
12249
#: serverguide/C/other-apps.xml:252(para)
12250
msgid "Now commit the changes:"
12251
msgstr ""
12252
12253
#: serverguide/C/other-apps.xml:257(command)
12254
msgid "sudo etckeeper commit \"new host\""
12255
msgstr ""
12256
12257
#: serverguide/C/other-apps.xml:260(para)
12258
msgid ""
12259
"For more information on <application>bzr</application> see <xref "
12260
"linkend=\"bazaar\"/>."
12261
msgstr ""
12262
12263
#: serverguide/C/other-apps.xml:266(title)
12264
msgid "Byobu"
12265
msgstr ""
12266
12267
#: serverguide/C/other-apps.xml:268(para)
12268
msgid ""
12269
"One of the most useful applications for any system administrator is "
12270
"<application>screen</application>. It allows the execution of multiple "
12271
"shells in one terminal. To make some of the advanced "
12272
"<application>screen</application> features more user friendly, and provide "
12273
"some useful information about the system, the "
12274
"<application>byobu</application> package was created."
12275
msgstr ""
12276
12277
#: serverguide/C/other-apps.xml:275(para)
12278
msgid ""
12279
"When executing <application>byobu</application> pressing the "
12280
"<emphasis>F9</emphasis> key will bring up the "
12281
"<application>Configuration</application> menu. This menu will allow you to:"
12282
msgstr ""
12283
12284
#: serverguide/C/other-apps.xml:281(para)
12285
msgid "View the Help menu"
12286
msgstr ""
12287
12288
#: serverguide/C/other-apps.xml:282(para)
12289
msgid "Change Byobu's background color"
12290
msgstr ""
12291
12292
#: serverguide/C/other-apps.xml:283(para)
12293
msgid "Change Byobu's foreground color"
12294
msgstr ""
12295
12296
#: serverguide/C/other-apps.xml:284(para)
12297
msgid "Toggle status notifications"
12298
msgstr ""
12299
12300
#: serverguide/C/other-apps.xml:285(para)
12301
msgid "Change the key binding set"
12302
msgstr ""
12303
12304
#: serverguide/C/other-apps.xml:286(para)
12305
msgid "Change the escape sequence"
12306
msgstr ""
12307
12308
#: serverguide/C/other-apps.xml:287(para)
12309
msgid "Create new windows"
12310
msgstr ""
12311
12312
#: serverguide/C/other-apps.xml:288(para)
12313
msgid "Manage the default windows"
12314
msgstr ""
12315
12316
#: serverguide/C/other-apps.xml:289(para)
12317
msgid "Byobu currently does not launch at login (toggle on)"
12318
msgstr ""
12319
12320
#: serverguide/C/other-apps.xml:292(para)
12321
msgid ""
12322
"The <emphasis>key bindings</emphasis> determine such things as the escape "
12323
"sequence, new window, change window, etc. There are two key binding sets to "
12324
"choose from <emphasis>f-keys</emphasis> and <emphasis>screen-escape-"
12325
"keys</emphasis>. If you wish to use the original key bindings choose the "
12326
"<emphasis>none</emphasis> set."
12327
msgstr ""
12328
12329
#: serverguide/C/other-apps.xml:298(para)
12330
msgid ""
12331
"<application>byobu</application> provides a menu which displays the Ubuntu "
12332
"release, processor information, memory information, and the time and date. "
12333
"The effect is similar to a desktop menu."
12334
msgstr ""
12335
12336
#: serverguide/C/other-apps.xml:303(para)
12337
msgid ""
12338
"Using the <emphasis>\"Byobu currently does not launch at login (toggle "
12339
"on)\"</emphasis> option will cause <application>byobu</application> to be "
12340
"executed any time a terminal is opened. Changes made to "
12341
"<application>byobu</application> are on a per user basis, and will not "
12342
"affect other users on the system."
12343
msgstr ""
12344
12345
#: serverguide/C/other-apps.xml:309(para)
12346
msgid ""
12347
"One difference when using byobu is the <emphasis>scrollback</emphasis> mode. "
12348
"Press the <emphasis>F7</emphasis> key to enter scrollback mode. Scrollback "
12349
"mode allows you to navigate past output using <emphasis>vi</emphasis> like "
12350
"commands. Here is a quick list of movement commands:"
12351
msgstr ""
12352
12353
#: serverguide/C/other-apps.xml:316(para)
12354
msgid "<emphasis>h</emphasis> - Move the cursor left by one character"
12355
msgstr ""
12356
12357
#: serverguide/C/other-apps.xml:317(para)
12358
msgid "<emphasis>j</emphasis> - Move the cursor down by one line"
12359
msgstr ""
12360
12361
#: serverguide/C/other-apps.xml:318(para)
12362
msgid "<emphasis>k</emphasis> - Move the cursor up by one line"
12363
msgstr ""
12364
12365
#: serverguide/C/other-apps.xml:319(para)
12366
msgid "<emphasis>l</emphasis> - Move the cursor right by one character"
12367
msgstr ""
12368
12369
#: serverguide/C/other-apps.xml:320(para)
12370
msgid "<emphasis>0</emphasis> - Move to the beginning of the current line"
12371
msgstr ""
12372
12373
#: serverguide/C/other-apps.xml:321(para)
12374
msgid "<emphasis>$</emphasis> - Move to the end of the current line"
12375
msgstr ""
12376
12377
#: serverguide/C/other-apps.xml:322(para)
12378
msgid ""
12379
"<emphasis>G</emphasis> - Moves to the specified line (defaults to the end of "
12380
"the buffer)"
12381
msgstr ""
12382
12383
#: serverguide/C/other-apps.xml:323(para)
12384
msgid "<emphasis>/</emphasis> - Search forward"
12385
msgstr ""
12386
12387
#: serverguide/C/other-apps.xml:324(para)
12388
msgid "<emphasis>?</emphasis> - Search backward"
12389
msgstr ""
12390
12391
#: serverguide/C/other-apps.xml:325(para)
12392
msgid ""
12393
"<emphasis>n</emphasis> - Moves to the next match, either forward or backword"
12394
msgstr ""
12395
12396
#: serverguide/C/other-apps.xml:334(para)
12397
msgid ""
12398
"See the <ulink "
12399
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man1/update-motd.1.html\">"
12400
"update-motd man page</ulink> for more options available to "
12401
"<application>update-motd</application>."
12402
msgstr ""
12403
12404
#: serverguide/C/other-apps.xml:340(para)
12405
msgid ""
12406
"The Debian Package of the Day <ulink "
12407
"url=\"http://debaday.debian.net/2007/10/04/weather-check-weather-conditions-"
12408
"and-forecasts-on-the-command-line/\">weather</ulink> article has more "
12409
"details about using the <application>weather</application>utility."
12410
msgstr ""
12411
12412
#: serverguide/C/other-apps.xml:347(para)
12413
msgid ""
12414
"See the <ulink "
12415
"url=\"http://kitenet.net/~joey/code/etckeeper/\">etckeeper</ulink> site for "
12416
"more details on using <application>etckeeper</application>."
12417
msgstr ""
12418
12419
#: serverguide/C/other-apps.xml:353(para)
12420
msgid ""
12421
"The <ulink url=\"https://help.ubuntu.com/community/etckeeper\">etckeeper "
12422
"Ubuntu Wiki</ulink> page."
12423
msgstr ""
12424
12425
#: serverguide/C/other-apps.xml:358(para)
12426
msgid ""
12427
"For the latest news and information about <application>bzr</application> see "
12428
"the <ulink url=\"http://bazaar-vcs.org/\">bzr</ulink> web site."
12429
msgstr ""
12430
12431
#: serverguide/C/other-apps.xml:363(para)
12432
msgid ""
12433
"For more information on <application>screen</application> see the <ulink "
12434
"url=\"http://www.gnu.org/software/screen/\">screen web site</ulink>."
12435
msgstr ""
12436
12437
#: serverguide/C/other-apps.xml:368(para)
12438
msgid ""
12439
"And the <ulink url=\"https://help.ubuntu.com/community/Screen\">Ubuntu Wiki "
12440
"screen</ulink> page."
12441
msgstr ""
12442
12443
#: serverguide/C/other-apps.xml:373(para)
12444
msgid ""
12445
"Also, see the <application>byobu</application><ulink "
12446
"url=\"https://launchpad.net/byobu\">project page</ulink> for more "
12447
"information."
12448
msgstr ""
12449
12450
#: serverguide/C/network-config.xml:14(para)
12451
msgid ""
12452
"Networks consist of two or more devices, such as computer systems, printers, "
12453
"and related equipment which are connected by either physical cabling or "
12454
"wireless links for the purpose of sharing and distributing information among "
12455
"the connected devices."
12456
msgstr ""
12457
12458
#: serverguide/C/network-config.xml:20(para)
12459
msgid ""
12460
"This section provides general and specific information pertaining to "
12461
"networking, including an overview of network concepts and detailed "
12462
"discussion of popular network protocols."
12463
msgstr ""
12464
12465
#: serverguide/C/network-config.xml:27(title)
12466
msgid "Network Configuration"
12467
msgstr ""
12468
12469
#: serverguide/C/network-config.xml:28(para)
12470
msgid ""
12471
"Ubuntu ships with a number of graphical utilities to configure your network "
12472
"devices. This document is geared toward server administrators and will focus "
12473
"on managing your network on the command line."
12474
msgstr ""
12475
12476
#: serverguide/C/network-config.xml:35(title)
12477
msgid "Ethernet Interfaces"
12478
msgstr ""
12479
12480
#: serverguide/C/network-config.xml:36(para)
12481
msgid ""
12482
"Ethernet interfaces are identified by the system using the naming convention "
12483
"of <emphasis role=\"italix\">ethX</emphasis>, where <emphasis "
12484
"role=\"italic\">X</emphasis> represents a numeric value. The first Ethernet "
12485
"interface is typically identified as <emphasis "
12486
"role=\"italic\">eth0</emphasis>, the second as <emphasis "
12487
"role=\"italic\">eth1</emphasis>, and all others should move up in numerical "
12488
"order."
12489
msgstr ""
12490
12491
#: serverguide/C/network-config.xml:46(title)
12492
msgid "Identify Ethernet Interfaces"
12493
msgstr ""
12494
12495
#: serverguide/C/network-config.xml:47(para)
12496
msgid ""
12497
"To quickly identify all available Ethernet interfaces, you can use the "
12498
"<application>ifconfig</application> command as shown below."
12499
msgstr ""
12500
12501
#: serverguide/C/network-config.xml:52(userinput)
12502
#, no-wrap
12503
msgid "ifconfig -a | grep eth"
12504
msgstr ""
12505
12506
#: serverguide/C/network-config.xml:51(screen)
12507
#, no-wrap
12508
msgid ""
12509
"\n"
12510
"<placeholder-1/>\n"
12511
"eth0 Link encap:Ethernet HWaddr 00:15:c5:4a:16:5a\n"
12512
msgstr ""
12513
12514
#: serverguide/C/network-config.xml:55(para)
12515
msgid ""
12516
"Another application that can help identify all network interfaces available "
12517
"to your system is the <application>lshw</application> command. In the "
12518
"example below, <application>lshw</application> shows a single Ethernet "
12519
"interface with the logical name of <emphasis role=\"italic\">eth0</emphasis> "
12520
"along with bus information, driver details and all supported capabilities."
12521
msgstr ""
12522
12523
#: serverguide/C/network-config.xml:62(userinput)
12524
#, no-wrap
12525
msgid "sudo lshw -class network"
12526
msgstr ""
12527
12528
#: serverguide/C/network-config.xml:61(screen)
12529
#, no-wrap
12530
msgid ""
12531
"\n"
12532
"<placeholder-1/>\n"
12533
" *-network\n"
12534
" description: Ethernet interface\n"
12535
" product: BCM4401-B0 100Base-TX\n"
12536
" vendor: Broadcom Corporation\n"
12537
" physical id: 0\n"
12538
" bus info: pci@0000:03:00.0\n"
12539
" logical name: eth0\n"
12540
" version: 02\n"
12541
" serial: 00:15:c5:4a:16:5a\n"
12542
" size: 10MB/s\n"
12543
" capacity: 100MB/s\n"
12544
" width: 32 bits\n"
12545
" clock: 33MHz\n"
12546
" capabilities: (snipped for brevity)\n"
12547
" configuration: (snipped for brevity)\n"
12548
" resources: irq:17 memory:ef9fe000-ef9fffff\n"
12549
msgstr ""
12550
12551
#: serverguide/C/network-config.xml:83(title)
12552
msgid "Ethernet Interface Logical Names"
12553
msgstr ""
12554
12555
#: serverguide/C/network-config.xml:84(para)
12556
msgid ""
12557
"Interface logical names are configured in the file "
12558
"<filename>/etc/udev/rules.d/70-persistent-net.rules.</filename> If you would "
12559
"like control which interface receives a particular logical name, find the "
12560
"line matching the interfaces physical MAC address and modify the value of "
12561
"<emphasis role=\"italic\">NAME=ethX</emphasis> to the desired logical name. "
12562
"Reboot the system to commit your changes."
12563
msgstr ""
12564
12565
#: serverguide/C/network-config.xml:92(programlisting)
12566
#, no-wrap
12567
msgid ""
12568
"\n"
12569
"SUBSYSTEM==\"net\", ACTION==\"add\", DRIVERS==\"?*\", "
12570
"ATTR{address}==\"00:15:c5:4a:16:5a\", ATTR{dev_id}==\"0x0\", "
12571
"ATTR{type}==\"1\", KERNEL==\"eth*\", NAME=\"eth0\"\n"
12572
"SUBSYSTEM==\"net\", ACTION==\"add\", DRIVERS==\"?*\", "
12573
"ATTR{address}==\"00:15:c5:4a:16:5b\", ATTR{dev_id}==\"0x0\", "
12574
"ATTR{type}==\"1\", KERNEL==\"eth*\", NAME=\"eth1\"\n"
12575
msgstr ""
12576
12577
#: serverguide/C/network-config.xml:99(title)
12578
msgid "Ethernet Interface Settings"
12579
msgstr ""
12580
12581
#: serverguide/C/network-config.xml:100(para)
12582
msgid ""
12583
"<application>ethtool</application> is a program that displays and changes "
12584
"Ethernet card settings such as auto-negotiation, port speed, duplex mode, "
12585
"and Wake-on-LAN. It is not installed by default, but is available for "
12586
"installation in the repositories."
12587
msgstr ""
12588
12589
#: serverguide/C/network-config.xml:106(userinput)
12590
#, no-wrap
12591
msgid "sudo apt-get install ethtool"
12592
msgstr ""
12593
12594
#: serverguide/C/network-config.xml:108(para)
12595
msgid ""
12596
"The following is an example of how to view supported features and configured "
12597
"settings of an Ethernet interface."
12598
msgstr ""
12599
12600
#: serverguide/C/network-config.xml:113(userinput)
12601
#, no-wrap
12602
msgid "sudo ethtool eth0"
12603
msgstr ""
12604
12605
#: serverguide/C/network-config.xml:112(screen)
12606
#, no-wrap
12607
msgid ""
12608
"\n"
12609
"<placeholder-1/>\n"
12610
"Settings for eth0:\n"
12611
" Supported ports: [ TP ]\n"
12612
" Supported link modes: 10baseT/Half 10baseT/Full \n"
12613
" 100baseT/Half 100baseT/Full \n"
12614
" 1000baseT/Half 1000baseT/Full \n"
12615
" Supports auto-negotiation: Yes\n"
12616
" Advertised link modes: 10baseT/Half 10baseT/Full \n"
12617
" 100baseT/Half 100baseT/Full \n"
12618
" 1000baseT/Half 1000baseT/Full \n"
12619
" Advertised auto-negotiation: Yes\n"
12620
" Speed: 1000Mb/s\n"
12621
" Duplex: Full\n"
12622
" Port: Twisted Pair\n"
12623
" PHYAD: 1\n"
12624
" Transceiver: internal\n"
12625
" Auto-negotiation: on\n"
12626
" Supports Wake-on: g\n"
12627
" Wake-on: d\n"
12628
" Current message level: 0x000000ff (255)\n"
12629
" Link detected: yes\n"
12630
msgstr ""
12631
12632
#: serverguide/C/network-config.xml:135(para)
12633
msgid ""
12634
"Changes made with the <application>ethtool</application> command are "
12635
"temporary and will be lost after a reboot. If you would like to retain "
12636
"settings, simply add the desired <application>ethtool</application> command "
12637
"to a <emphasis role=\"italic\">pre-up</emphasis> statement in the interface "
12638
"configuration file <filename>/etc/network/interfaces</filename>."
12639
msgstr ""
12640
12641
#: serverguide/C/network-config.xml:141(para)
12642
msgid ""
12643
"The following is an example of how the interface identified as <emphasis "
12644
"role=\"italic\">eth0</emphasis> could be permanently configured with a port "
12645
"speed of 1000Mb/s running in full duplex mode."
12646
msgstr ""
12647
12648
#: serverguide/C/network-config.xml:145(programlisting)
12649
#, no-wrap
12650
msgid ""
12651
"\n"
12652
"auto eth0\n"
12653
"iface eth0 inet static\n"
12654
"pre-up /usr/sbin/ethtool -s eth0 speed 1000 duplex full\n"
12655
msgstr ""
12656
12657
#: serverguide/C/network-config.xml:151(para)
12658
msgid ""
12659
"Although the example above shows the interface configured to use the "
12660
"<emphasis role=\"italic\">static</emphasis> method, it actually works with "
12661
"other methods as well, such as DHCP. The example is meant to demonstrate "
12662
"only proper placement of the <emphasis role=\"italic\">pre-up</emphasis> "
12663
"statement in relation to the rest of the interface configuration."
12664
msgstr ""
12665
12666
#: serverguide/C/network-config.xml:163(title)
12667
msgid "IP Addressing"
12668
msgstr ""
12669
12670
#: serverguide/C/network-config.xml:164(para)
12671
msgid ""
12672
"The following section describes the process of configuring your systems IP "
12673
"address and default gateway needed for communicating on a local area network "
12674
"and the Internet."
12675
msgstr ""
12676
12677
#: serverguide/C/network-config.xml:171(title)
12678
msgid "Temporary IP Address Assignment"
12679
msgstr ""
12680
12681
#: serverguide/C/network-config.xml:172(para)
12682
msgid ""
12683
"For temporary network configurations, you can use standard commands such as "
12684
"<application>ip</application>, <application>ifconfig</application> and "
12685
"<application>route</application>, which are also found on most other "
12686
"GNU/Linux operating systems. These commands allow you to configure settings "
12687
"which take effect immediately, however they are not persistent and will be "
12688
"lost after a reboot."
12689
msgstr ""
12690
12691
#: serverguide/C/network-config.xml:180(para)
12692
msgid ""
12693
"To temporarily configure an IP address, you can use the "
12694
"<application>ifconfig</application> command in the following manner. Just "
12695
"modify the IP address and subnet mask to match your network requirements."
12696
msgstr ""
12697
12698
#: serverguide/C/network-config.xml:186(userinput)
12699
#, no-wrap
12700
msgid "sudo ifconfig eth0 10.0.0.100 netmask 255.255.255.0"
12701
msgstr ""
12702
12703
#: serverguide/C/network-config.xml:188(para)
12704
msgid ""
12705
"To verify the IP address configuration of <application>eth0</application>, "
12706
"you can use the <application>ifconfig</application> command in the following "
12707
"manner."
12708
msgstr ""
12709
12710
#: serverguide/C/network-config.xml:193(userinput)
12711
#, no-wrap
12712
msgid "ifconfig eth0"
12713
msgstr ""
12714
12715
#: serverguide/C/network-config.xml:192(screen)
12716
#, no-wrap
12717
msgid ""
12718
"\n"
12719
"<placeholder-1/>\n"
12720
"eth0 Link encap:Ethernet HWaddr 00:15:c5:4a:16:5a \n"
12721
" inet addr:10.0.0.100 Bcast:10.0.0.255 Mask:255.255.255.0\n"
12722
" inet6 addr: fe80::215:c5ff:fe4a:165a/64 Scope:Link\n"
12723
" UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1\n"
12724
" RX packets:466475604 errors:0 dropped:0 overruns:0 frame:0\n"
12725
" TX packets:403172654 errors:0 dropped:0 overruns:0 carrier:0\n"
12726
" collisions:0 txqueuelen:1000 \n"
12727
" RX bytes:2574778386 (2.5 GB) TX bytes:1618367329 (1.6 GB)\n"
12728
" Interrupt:16 \n"
12729
msgstr ""
12730
12731
#: serverguide/C/network-config.xml:204(para)
12732
msgid ""
12733
"To configure a default gateway, you can use the "
12734
"<application>route</application> command in the following manner. Modify the "
12735
"default gateway address to match your network requirements."
12736
msgstr ""
12737
12738
#: serverguide/C/network-config.xml:210(userinput)
12739
#, no-wrap
12740
msgid "sudo route add default gw 10.0.0.1 eth0"
12741
msgstr ""
12742
12743
#: serverguide/C/network-config.xml:212(para)
12744
msgid ""
12745
"To verify your default gateway configuration, you can use the "
12746
"<application>route</application> command in the following manner."
12747
msgstr ""
12748
12749
#: serverguide/C/network-config.xml:217(userinput)
12750
#, no-wrap
12751
msgid "route -n"
12752
msgstr ""
12753
12754
#: serverguide/C/network-config.xml:216(screen)
12755
#, no-wrap
12756
msgid ""
12757
"\n"
12758
"<placeholder-1/>\n"
12759
"Kernel IP routing table\n"
12760
"Destination Gateway Genmask Flags Metric Ref Use "
12761
"Iface\n"
12762
"10.0.0.0 0.0.0.0 255.255.255.0 U 1 0 0 "
12763
"eth0\n"
12764
"0.0.0.0 10.0.0.1 0.0.0.0 UG 0 0 0 "
12765
"eth0\n"
12766
msgstr ""
12767
12768
#: serverguide/C/network-config.xml:223(para)
12769
msgid ""
12770
"If you require DNS for your temporary network configuration, you can add DNS "
12771
"server IP addresses in the file <filename>/etc/resolv.conf</filename>. The "
12772
"example below shows how to enter two DNS servers to "
12773
"<filename>/etc/resolv.conf</filename>, which should be changed to servers "
12774
"appropriate for your network. A more lengthy description of DNS client "
12775
"configuration is in a following section."
12776
msgstr ""
12777
12778
#: serverguide/C/network-config.xml:230(programlisting)
12779
#, no-wrap
12780
msgid ""
12781
"\n"
12782
"nameserver 8.8.8.8\n"
12783
"nameserver 8.8.4.4\n"
12784
msgstr ""
12785
12786
#: serverguide/C/network-config.xml:234(para)
12787
msgid ""
12788
"If you no longer need this configuration and wish to purge all IP "
12789
"configuration from an interface, you can use the "
12790
"<application>ip</application> command with the flush option as shown below."
12791
msgstr ""
12792
12793
#: serverguide/C/network-config.xml:240(userinput)
12794
#, no-wrap
12795
msgid "ip addr flush eth0"
12796
msgstr ""
12797
12798
#: serverguide/C/network-config.xml:243(para)
12799
msgid ""
12800
"Flushing the IP configuration using the <application>ip</application> "
12801
"command does not clear the contents of "
12802
"<filename>/etc/resolv.conf</filename>. You must remove or modify those "
12803
"entries manually."
12804
msgstr ""
12805
12806
#: serverguide/C/network-config.xml:251(title)
12807
msgid "Dynamic IP Address Assignment (DHCP Client)"
12808
msgstr ""
12809
12810
#: serverguide/C/network-config.xml:252(para)
12811
msgid ""
12812
"To configure your server to use DHCP for dynamic address assignment, add the "
12813
"<emphasis role=\"italic\">dhcp</emphasis> method to the inet address family "
12814
"statement for the appropriate interface in the file "
12815
"<filename>/etc/network/interfaces</filename>. The example below assumes you "
12816
"are configuring your first Ethernet interface identified as <emphasis "
12817
"role=\"italic\">eth0</emphasis>."
12818
msgstr ""
12819
12820
#: serverguide/C/network-config.xml:259(programlisting)
12821
#, no-wrap
12822
msgid ""
12823
"\n"
12824
"auto eth0\n"
12825
"iface eth0 inet dhcp\n"
12826
msgstr ""
12827
12828
#: serverguide/C/network-config.xml:263(para)
12829
msgid ""
12830
"By adding an interface configuration as shown above, you can manually enable "
12831
"the interface through the <application>ifup</application> command which "
12832
"initiates the DHCP process via <application>dhclient</application>."
12833
msgstr ""
12834
12835
#: serverguide/C/network-config.xml:269(userinput) serverguide/C/network-config.xml:304(userinput)
12836
#, no-wrap
12837
msgid "sudo ifup eth0"
12838
msgstr ""
12839
12840
#: serverguide/C/network-config.xml:271(para)
12841
msgid ""
12842
"To manually disable the interface, you can use the "
12843
"<application>ifdown</application> command, which in turn will initiate the "
12844
"DHCP release process and shut down the interface."
12845
msgstr ""
12846
12847
#: serverguide/C/network-config.xml:277(userinput) serverguide/C/network-config.xml:311(userinput)
12848
#, no-wrap
12849
msgid "sudo ifdown eth0"
12850
msgstr ""
12851
12852
#: serverguide/C/network-config.xml:282(title)
12853
msgid "Static IP Address Assignment"
12854
msgstr ""
12855
12856
#: serverguide/C/network-config.xml:283(para)
12857
msgid ""
12858
"To configure your system to use a static IP address assignment, add the "
12859
"<emphasis role=\"italic\">static</emphasis> method to the inet address "
12860
"family statement for the appropriate interface in the file "
12861
"<filename>/etc/network/interfaces</filename>. The example below assumes you "
12862
"are configuring your first Ethernet interface identified as <emphasis "
12863
"role=\"italic\">eth0</emphasis>. Change the <emphasis "
12864
"role=\"italic\">address</emphasis>, <emphasis "
12865
"role=\"italic\">netmask</emphasis>, and <emphasis "
12866
"role=\"italic\">gateway</emphasis> values to meet the requirements of your "
12867
"network."
12868
msgstr ""
12869
12870
#: serverguide/C/network-config.xml:292(programlisting)
12871
#, no-wrap
12872
msgid ""
12873
"\n"
12874
"auto eth0\n"
12875
"iface eth0 inet static\n"
12876
"address 10.0.0.100\n"
12877
"netmask 255.255.255.0\n"
12878
"gateway 10.0.0.1\n"
12879
msgstr ""
12880
12881
#: serverguide/C/network-config.xml:299(para)
12882
msgid ""
12883
"By adding an interface configuration as shown above, you can manually enable "
12884
"the interface through the <application>ifup</application> command."
12885
msgstr ""
12886
12887
#: serverguide/C/network-config.xml:306(para)
12888
msgid ""
12889
"To manually disable the interface, you can use the "
12890
"<application>ifdown</application> command."
12891
msgstr ""
12892
12893
#: serverguide/C/network-config.xml:316(title)
12894
msgid "Loopback Interface"
12895
msgstr ""
12896
12897
#: serverguide/C/network-config.xml:317(para)
12898
msgid ""
12899
"The loopback interface is identified by the system as <emphasis "
12900
"role=\"italic\">lo</emphasis> and has a default IP address of 127.0.0.1. It "
12901
"can be viewed using the ifconfig command."
12902
msgstr ""
12903
12904
#: serverguide/C/network-config.xml:322(userinput)
12905
#, no-wrap
12906
msgid "ifconfig lo"
12907
msgstr ""
12908
12909
#: serverguide/C/network-config.xml:321(screen)
12910
#, no-wrap
12911
msgid ""
12912
"\n"
12913
"<placeholder-1/>\n"
12914
"lo Link encap:Local Loopback \n"
12915
" inet addr:127.0.0.1 Mask:255.0.0.0\n"
12916
" inet6 addr: ::1/128 Scope:Host\n"
12917
" UP LOOPBACK RUNNING MTU:16436 Metric:1\n"
12918
" RX packets:2718 errors:0 dropped:0 overruns:0 frame:0\n"
12919
" TX packets:2718 errors:0 dropped:0 overruns:0 carrier:0\n"
12920
" collisions:0 txqueuelen:0 \n"
12921
" RX bytes:183308 (183.3 KB) TX bytes:183308 (183.3 KB)\n"
12922
msgstr ""
12923
12924
#: serverguide/C/network-config.xml:332(para)
12925
msgid ""
12926
"By default, there should be two lines in "
12927
"<filename>/etc/network/interfaces</filename> responsible for automatically "
12928
"configuring your loopback interface. It is recommended that you keep the "
12929
"default settings unless you have a specific purpose for changing them. An "
12930
"example of the two default lines are shown below."
12931
msgstr ""
12932
12933
#: serverguide/C/network-config.xml:338(programlisting)
12934
#, no-wrap
12935
msgid ""
12936
"\n"
12937
"auto lo\n"
12938
"iface lo inet loopback\n"
12939
msgstr ""
12940
12941
#: serverguide/C/network-config.xml:347(title)
12942
msgid "Name Resolution"
12943
msgstr ""
12944
12945
#: serverguide/C/network-config.xml:348(para)
12946
msgid ""
12947
"Name resolution as it relates to IP networking is the process of mapping IP "
12948
"addresses to hostnames, making it easier to identify resources on a network. "
12949
"The following section will explain how to properly configure your system for "
12950
"name resolution using DNS and static hostname records."
12951
msgstr ""
12952
12953
#: serverguide/C/network-config.xml:356(title)
12954
msgid "DNS Client Configuration"
12955
msgstr ""
12956
12957
#: serverguide/C/network-config.xml:357(para)
12958
msgid ""
12959
"To configure your system to use DNS for name resolution, add the IP "
12960
"addresses of the DNS servers that are appropriate for your network in the "
12961
"file <filename>/etc/resolv.conf</filename>. You can also add an optional DNS "
12962
"suffix search-lists to match your network domain names."
12963
msgstr ""
12964
12965
#: serverguide/C/network-config.xml:362(para)
12966
msgid ""
12967
"Below is an example of a typical configuration of "
12968
"<filename>/etc/resolv.conf</filename> for a server on the domain \"<emphasis "
12969
"role=\"italic\">example.com</emphasis>\" and using two public DNS servers."
12970
msgstr ""
12971
12972
#: serverguide/C/network-config.xml:367(programlisting)
12973
#, no-wrap
12974
msgid ""
12975
"\n"
12976
"search example.com\n"
12977
"nameserver 8.8.8.8\n"
12978
"nameserver 8.8.4.4\n"
12979
msgstr ""
12980
12981
#: serverguide/C/network-config.xml:372(para)
12982
msgid ""
12983
"The <emphasis role=\"italic\">search</emphasis> option can also be used with "
12984
"multiple domain names so that DNS queries will be appended in the order in "
12985
"which they are entered. For example, your network may have multiple sub-"
12986
"domains to search; a parent domain of <emphasis "
12987
"role=\"italic\">example.com</emphasis>, and two sub-domains, <emphasis "
12988
"role=\"italic\">sales.example.com</emphasis> and <emphasis "
12989
"role=\"italic\">dev.example.com</emphasis>."
12990
msgstr ""
12991
12992
#: serverguide/C/network-config.xml:380(para)
12993
msgid ""
12994
"If you have multiple domains you wish to search, your configuration might "
12995
"look like the following."
12996
msgstr ""
12997
12998
#: serverguide/C/network-config.xml:383(programlisting)
12999
#, no-wrap
13000
msgid ""
13001
"\n"
13002
"search example.com sales.example.com dev.example.com\n"
13003
"nameserver 8.8.8.8\n"
13004
"nameserver 8.8.4.4\n"
13005
msgstr ""
13006
13007
#: serverguide/C/network-config.xml:388(para)
13008
msgid ""
13009
"If you try to ping a host with the name of <emphasis "
13010
"role=\"italic\">server1</emphasis>, your system will automatically query DNS "
13011
"for its Fully Qualified Domain Name (FQDN) in the following order:"
13012
msgstr ""
13013
13014
#: serverguide/C/network-config.xml:394(para)
13015
msgid "server1<emphasis role=\"bold\">.example.com</emphasis>"
13016
msgstr ""
13017
13018
#: serverguide/C/network-config.xml:399(para)
13019
msgid "server1<emphasis role=\"bold\">.sales.example.com</emphasis>"
13020
msgstr ""
13021
13022
#: serverguide/C/network-config.xml:404(para)
13023
msgid "server1<emphasis role=\"bold\">.dev.example.com</emphasis>"
13024
msgstr ""
13025
13026
#: serverguide/C/network-config.xml:409(para)
13027
msgid ""
13028
"If no matches are found, the DNS server will provide a result of <emphasis "
13029
"role=\"italic\">notfound</emphasis> and the DNS query will fail."
13030
msgstr ""
13031
13032
#: serverguide/C/network-config.xml:416(title)
13033
msgid "Static Hostnames"
13034
msgstr ""
13035
13036
#: serverguide/C/network-config.xml:417(para)
13037
msgid ""
13038
"Static hostnames are locally defined hostname-to-IP mappings located in the "
13039
"file <filename>/etc/hosts</filename>. Entries in the "
13040
"<filename>hosts</filename> file will have precedence over DNS by default. "
13041
"This means that if your system tries to resolve a hostname and it matches an "
13042
"entry in /etc/hosts, it will not attempt to look up the record in DNS. In "
13043
"some configurations, especially when Internet access is not required, "
13044
"servers that communicate with a limited number of resources can be "
13045
"conveniently set to use static hostnames instead of DNS."
13046
msgstr ""
13047
13048
#: serverguide/C/network-config.xml:424(para)
13049
msgid ""
13050
"The following is an example of a <filename>hosts</filename> file where a "
13051
"number of local servers have been identified by simple hostnames, aliases "
13052
"and their equivalent Fully Qualified Domain Names (FQDN's)."
13053
msgstr ""
13054
13055
#: serverguide/C/network-config.xml:428(programlisting)
13056
#, no-wrap
13057
msgid ""
13058
"\n"
13059
"127.0.0.1\tlocalhost\n"
13060
"127.0.1.1\tubuntu-server\n"
13061
"10.0.0.11\tserver1 vpn server1.example.com\n"
13062
"10.0.0.12\tserver2 mail server2.example.com\n"
13063
"10.0.0.13\tserver3 www server3.example.com\n"
13064
"10.0.0.14\tserver4 file server4.example.com\n"
13065
msgstr ""
13066
13067
#: serverguide/C/network-config.xml:437(para)
13068
msgid ""
13069
"In the above example, notice that each of the servers have been given "
13070
"aliases in addition to their proper names and FQDN's. <emphasis "
13071
"role=\"italic\">Server1</emphasis> has been mapped to the name <emphasis "
13072
"role=\"italic\">vpn</emphasis>, <emphasis role=\"italic\">server2</emphasis> "
13073
"is referred to as <emphasis role=\"italic\">mail</emphasis>, <emphasis "
13074
"role=\"italic\">server3</emphasis> as <emphasis "
13075
"role=\"italic\">www</emphasis>, and <emphasis "
13076
"role=\"italic\">server4</emphasis> as <emphasis "
13077
"role=\"italic\">file</emphasis>."
13078
msgstr ""
13079
13080
#: serverguide/C/network-config.xml:449(title)
13081
msgid "Name Service Switch Configuration"
13082
msgstr ""
13083
13084
#: serverguide/C/network-config.xml:450(para)
13085
msgid ""
13086
"The order in which your system selects a method of resolving hostnames to IP "
13087
"addresses is controlled by the Name Service Switch (NSS) configuration file "
13088
"<filename>/etc/nsswitch.conf</filename>. As mentioned in the previous "
13089
"section, typically static hostnames defined in the systems "
13090
"<filename>/etc/hosts</filename> file have precedence over names resolved "
13091
"from DNS. The following is an example of the line responsible for this order "
13092
"of hostname lookups in the file <filename>/etc/nsswitch.conf</filename>."
13093
msgstr ""
13094
13095
#: serverguide/C/network-config.xml:458(programlisting)
13096
#, no-wrap
13097
msgid ""
13098
"\n"
13099
"hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4\n"
13100
msgstr ""
13101
13102
#: serverguide/C/network-config.xml:464(para)
13103
msgid ""
13104
"<emphasis role=\"bold\">files</emphasis> first tries to resolve static "
13105
"hostnames located in <filename>/etc/hosts</filename>."
13106
msgstr ""
13107
13108
#: serverguide/C/network-config.xml:470(para)
13109
msgid ""
13110
"<emphasis role=\"bold\">mdns4_minimal</emphasis> attempts to resolve the "
13111
"name using Multicast DNS."
13112
msgstr ""
13113
13114
#: serverguide/C/network-config.xml:475(para)
13115
msgid ""
13116
"<emphasis role=\"bold\">[NOTFOUND=return]</emphasis> means that any response "
13117
"of <emphasis role=\"italic\">notfound</emphasis> by the preceeding <emphasis "
13118
"role=\"italic\">mdns4_minimal</emphasis> process should be treated as "
13119
"authoritative and that the system should not try to continue hunting for an "
13120
"answer."
13121
msgstr ""
13122
13123
#: serverguide/C/network-config.xml:483(para)
13124
msgid ""
13125
"<emphasis role=\"bold\">dns</emphasis> represents a legacy unicast DNS query."
13126
msgstr ""
13127
13128
#: serverguide/C/network-config.xml:488(para)
13129
msgid ""
13130
"<emphasis role=\"bold\">mdns4</emphasis> represents a Multicast DNS query."
13131
msgstr ""
13132
13133
#: serverguide/C/network-config.xml:494(para)
13134
msgid ""
13135
"To modify the order of the above mentioned name resolution methods, you can "
13136
"simply change the <emphasis role=\"italic\">hosts:</emphasis> string to the "
13137
"value of your choosing. For example, if you prefer to use legacy Unicast DNS "
13138
"versus Multicast DNS, you can change the string in "
13139
"<filename>/etc/nsswitch.conf</filename> as shown below."
13140
msgstr ""
13141
13142
#: serverguide/C/network-config.xml:501(programlisting)
13143
#, no-wrap
13144
msgid ""
13145
"\n"
13146
"hosts: files dns [NOTFOUND=return] mdns4_minimal mdns4\n"
13147
msgstr ""
13148
13149
#: serverguide/C/network-config.xml:508(title)
13150
msgid "Bridging"
13151
msgstr ""
13152
13153
#: serverguide/C/network-config.xml:510(para)
13154
msgid ""
13155
"Bridging multiple interfaces is a more advanced configuration, but is very "
13156
"useful in multiple scenarios. One scenario is setting up a bridge with "
13157
"multiple network interfaces, then using a firewall to filter traffic between "
13158
"two network segments. Another scenario is using bridge on a system with one "
13159
"interface to allow virtual machines direct access to the outside network. "
13160
"The following example covers the latter scenario."
13161
msgstr ""
13162
13163
#: serverguide/C/network-config.xml:517(para)
13164
msgid ""
13165
"Before configuring a bridge you will need to install the <application>bridge-"
13166
"utils</application> package. To install the package, in a terminal enter:"
13167
msgstr ""
13168
13169
#: serverguide/C/network-config.xml:523(command)
13170
msgid "sudo apt-get install bridge-utils"
13171
msgstr ""
13172
13173
#: serverguide/C/network-config.xml:526(para)
13174
msgid ""
13175
"Next, configure the bridge by editing "
13176
"<filename>/etc/network/interfaces</filename>:"
13177
msgstr ""
13178
13179
#: serverguide/C/network-config.xml:530(programlisting)
13180
#, no-wrap
13181
msgid ""
13182
"\n"
13183
"auto lo\n"
13184
"iface lo inet loopback\n"
13185
"\n"
13186
"auto br0\n"
13187
"iface br0 inet static\n"
13188
" address 192.168.0.10\n"
13189
" network 192.168.0.0\n"
13190
" netmask 255.255.255.0\n"
13191
" broadcast 192.168.0.255\n"
13192
" gateway 192.168.0.1\n"
13193
" bridge_ports eth0\n"
13194
" bridge_fd 9\n"
13195
" bridge_hello 2\n"
13196
" bridge_maxage 12\n"
13197
" bridge_stp off\n"
13198
msgstr ""
13199
13200
#: serverguide/C/network-config.xml:549(para)
13201
msgid "Enter the appropriate values for your physical interface and network."
13202
msgstr ""
13203
13204
#: serverguide/C/network-config.xml:554(para)
13205
msgid "Now restart networking to enable the bridge interface:"
13206
msgstr ""
13207
13208
#: serverguide/C/network-config.xml:561(para)
13209
msgid ""
13210
"The new bridge interface should now be up and running. The "
13211
"<application>brctl</application> provides useful information about the state "
13212
"of the bridge, controls which interfaces are part of the bridge, etc. See "
13213
"<command>man brctl</command> for more information."
13214
msgstr ""
13215
13216
#: serverguide/C/network-config.xml:577(para)
13217
msgid ""
13218
"The <ulink url=\"https://help.ubuntu.com/community/Network\">Ubuntu Wiki "
13219
"Network page</ulink> has links to articles covering more advanced network "
13220
"configuration."
13221
msgstr ""
13222
13223
#: serverguide/C/network-config.xml:583(para)
13224
msgid ""
13225
"The <ulink "
13226
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man5/interfaces.5.html\">i"
13227
"nterfaces man page</ulink> has details on more options for "
13228
"<filename>/etc/network/interfaces</filename>."
13229
msgstr ""
13230
13231
#: serverguide/C/network-config.xml:589(para)
13232
msgid ""
13233
"The <ulink "
13234
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man8/dhclient.8.html\">dhc"
13235
"lient man page</ulink> has details on more options for configuring DHCP "
13236
"client settings."
13237
msgstr ""
13238
13239
#: serverguide/C/network-config.xml:595(para)
13240
msgid ""
13241
"For more information on DNS client configuration see the <ulink "
13242
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man5/resolver.5.html\">res"
13243
"olver man page</ulink>. Also, Chapter 6 of O'Reilly's <ulink "
13244
"url=\"http://oreilly.com/catalog/linag2/book/ch06.html\">Linux Network "
13245
"Administrator's Guide</ulink> is a good source of resolver and name service "
13246
"configuration information."
13247
msgstr ""
13248
13249
#: serverguide/C/network-config.xml:603(para)
13250
msgid ""
13251
"For more information on <emphasis>bridging</emphasis> see the <ulink "
13252
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man8/brctl.8.html\">brctl "
13253
"man page</ulink> and the Linux Foundation's <ulink "
13254
"url=\"http://www.linuxfoundation.org/en/Net:Bridge\">Net:Bridge</ulink> page."
13255
msgstr ""
13256
13257
#: serverguide/C/network-config.xml:614(title)
13258
msgid "TCP/IP"
13259
msgstr ""
13260
13261
#: serverguide/C/network-config.xml:615(para)
13262
msgid ""
13263
"The Transmission Control Protocol and Internet Protocol (TCP/IP) is a "
13264
"standard set of protocols developed in the late 1970s by the Defense "
13265
"Advanced Research Projects Agency (DARPA) as a means of communication "
13266
"between different types of computers and computer networks. TCP/IP is the "
13267
"driving force of the Internet, and thus it is the most popular set of "
13268
"network protocols on Earth."
13269
msgstr ""
13270
13271
#: serverguide/C/network-config.xml:623(title)
13272
msgid "TCP/IP Introduction"
13273
msgstr ""
13274
13275
#: serverguide/C/network-config.xml:624(para)
13276
msgid ""
13277
"The two protocol components of TCP/IP deal with different aspects of "
13278
"computer networking. <emphasis>Internet Protocol</emphasis>, the \"IP\" of "
13279
"TCP/IP is a connectionless protocol which deals only with network packet "
13280
"routing using the <emphasis role=\"italics\">IP Datagram</emphasis> as the "
13281
"basic unit of networking information. The IP Datagram consists of a header "
13282
"followed by a message. The <emphasis> Transmission Control "
13283
"Protocol</emphasis> is the \"TCP\" of TCP/IP and enables network hosts to "
13284
"establish connections which may be used to exchange data streams. TCP also "
13285
"guarantees that the data between connections is delivered and that it "
13286
"arrives at one network host in the same order as sent from another network "
13287
"host."
13288
msgstr ""
13289
13290
#: serverguide/C/network-config.xml:637(title)
13291
msgid "TCP/IP Configuration"
13292
msgstr ""
13293
13294
#: serverguide/C/network-config.xml:638(para)
13295
msgid ""
13296
"The TCP/IP protocol configuration consists of several elements which must be "
13297
"set by editing the appropriate configuration files, or deploying solutions "
13298
"such as the Dynamic Host Configuration Protocol (DHCP) server which in turn, "
13299
"can be configured to provide the proper TCP/IP configuration settings to "
13300
"network clients automatically. These configuration values must be set "
13301
"correctly in order to facilitate the proper network operation of your Ubuntu "
13302
"system."
13303
msgstr ""
13304
13305
#: serverguide/C/network-config.xml:650(para)
13306
msgid ""
13307
"<emphasis role=\"bold\">IP address</emphasis> The IP address is a unique "
13308
"identifying string expressed as four decimal numbers ranging from zero (0) "
13309
"to two-hundred and fifty-five (255), separated by periods, with each of the "
13310
"four numbers representing eight (8) bits of the address for a total length "
13311
"of thirty-two (32) bits for the whole address. This format is called "
13312
"<emphasis>dotted quad notation</emphasis>."
13313
msgstr ""
13314
13315
#: serverguide/C/network-config.xml:660(para)
13316
msgid ""
13317
"<emphasis role=\"bold\">Netmask</emphasis> The Subnet Mask (or simply, "
13318
"<emphasis>netmask</emphasis>) is a local bit mask, or set of flags which "
13319
"separate the portions of an IP address significant to the network from the "
13320
"bits significant to the <emphasis>subnetwork</emphasis>. For example, in a "
13321
"Class C network, the standard netmask is 255.255.255.0 which masks the first "
13322
"three bytes of the IP address and allows the last byte of the IP address to "
13323
"remain available for specifying hosts on the subnetwork."
13324
msgstr ""
13325
13326
#: serverguide/C/network-config.xml:671(para)
13327
msgid ""
13328
"<emphasis role=\"bold\">Network Address</emphasis> The Network Address "
13329
"represents the bytes comprising the network portion of an IP address. For "
13330
"example, the host 12.128.1.2 in a Class A network would use 12.0.0.0 as the "
13331
"network address, where twelve (12) represents the first byte of the IP "
13332
"address, (the network part) and zeroes (0) in all of the remaining three "
13333
"bytes to represent the potential host values. A network host using the "
13334
"private IP address 192.168.1.100 would in turn use a Network Address of "
13335
"192.168.1.0, which specifies the first three bytes of the Class C 192.168.1 "
13336
"network and a zero (0) for all the possible hosts on the network."
13337
msgstr ""
13338
13339
#: serverguide/C/network-config.xml:684(para)
13340
msgid ""
13341
"<emphasis role=\"bold\">Broadcast Address</emphasis> The Broadcast Address "
13342
"is an IP address which allows network data to be sent simultaneously to all "
13343
"hosts on a given subnetwork rather than specifying a particular host. The "
13344
"standard general broadcast address for IP networks is 255.255.255.255, but "
13345
"this broadcast address cannot be used to send a broadcast message to every "
13346
"host on the Internet because routers block it. A more appropriate broadcast "
13347
"address is set to match a specific subnetwork. For example, on the private "
13348
"Class C IP network, 192.168.1.0, the broadcast address is 192.168.1.255. "
13349
"Broadcast messages are typically produced by network protocols such as the "
13350
"Address Resolution Protocol (ARP) and the Routing Information Protocol (RIP)."
13351
msgstr ""
13352
13353
#: serverguide/C/network-config.xml:697(para)
13354
msgid ""
13355
"<emphasis role=\"bold\">Gateway Address</emphasis> A Gateway Address is the "
13356
"IP address through which a particular network, or host on a network, may be "
13357
"reached. If one network host wishes to communicate with another network "
13358
"host, and that host is not located on the same network, then a "
13359
"<emphasis>gateway</emphasis> must be used. In many cases, the Gateway "
13360
"Address will be that of a router on the same network, which will in turn "
13361
"pass traffic on to other networks or hosts, such as Internet hosts. The "
13362
"value of the Gateway Address setting must be correct, or your system will "
13363
"not be able to reach any hosts beyond those on the same network."
13364
msgstr ""
13365
13366
#: serverguide/C/network-config.xml:708(para)
13367
msgid ""
13368
"<emphasis role=\"bold\">Nameserver Address</emphasis> Nameserver Addresses "
13369
"represent the IP addresses of Domain Name Service (DNS) systems, which "
13370
"resolve network hostnames into IP addresses. There are three levels of "
13371
"Nameserver Addresses, which may be specified in order of precedence: The "
13372
"<emphasis>Primary</emphasis> Nameserver, the <emphasis>Secondary</emphasis> "
13373
"Nameserver, and the <emphasis>Tertiary</emphasis> Nameserver. In order for "
13374
"your system to be able to resolve network hostnames into their corresponding "
13375
"IP addresses, you must specify valid Nameserver Addresses which you are "
13376
"authorized to use in your system's TCP/IP configuration. In many cases these "
13377
"addresses can and will be provided by your network service provider, but "
13378
"many free and publicly accessible nameservers are available for use, such as "
13379
"the Level3 (Verizon) servers with IP addresses from 4.2.2.1 to 4.2.2.6."
13380
msgstr ""
13381
13382
#: serverguide/C/network-config.xml:722(para)
13383
msgid ""
13384
"The IP address, Netmask, Network Address, Broadcast Address, and Gateway "
13385
"Address are typically specified via the appropriate directives in the file "
13386
"<filename>/etc/network/interfaces</filename>. The Nameserver Addresses are "
13387
"typically specified via <emphasis>nameserver</emphasis> directives in the "
13388
"file <filename>/etc/resolv.conf</filename>. For more information, view the "
13389
"system manual page for <filename>interfaces</filename> or "
13390
"<filename>resolv.conf</filename> respectively, with the following commands "
13391
"typed at a terminal prompt:"
13392
msgstr ""
13393
13394
#: serverguide/C/network-config.xml:729(para)
13395
msgid ""
13396
"Access the system manual page for <filename>interfaces</filename> with the "
13397
"following command:"
13398
msgstr ""
13399
13400
#: serverguide/C/network-config.xml:734(command)
13401
msgid "man interfaces"
13402
msgstr ""
13403
13404
#: serverguide/C/network-config.xml:737(para)
13405
msgid ""
13406
"Access the system manual page for <filename>resolv.conf</filename> with the "
13407
"following command:"
13408
msgstr ""
13409
13410
#: serverguide/C/network-config.xml:741(command)
13411
msgid "man resolv.conf"
13412
msgstr ""
13413
13414
#: serverguide/C/network-config.xml:646(para)
13415
msgid ""
13416
"The common configuration elements of TCP/IP and their purposes are as "
13417
"follows: <placeholder-1/>"
13418
msgstr ""
13419
13420
#: serverguide/C/network-config.xml:748(title)
13421
msgid "IP Routing"
13422
msgstr ""
13423
13424
#: serverguide/C/network-config.xml:749(para)
13425
msgid ""
13426
"IP routing is a means of specifying and discovering paths in a TCP/IP "
13427
"network along which network data may be sent. Routing uses a set of "
13428
"<emphasis>routing tables</emphasis> to direct the forwarding of network data "
13429
"packets from their source to the destination, often via many intermediary "
13430
"network nodes known as <emphasis>routers</emphasis>. There are two primary "
13431
"forms of IP routing: <emphasis>Static Routing</emphasis> and "
13432
"<emphasis>Dynamic Routing.</emphasis>"
13433
msgstr ""
13434
13435
#: serverguide/C/network-config.xml:758(para)
13436
msgid ""
13437
"Static routing involves manually adding IP routes to the system's routing "
13438
"table, and this is usually done by manipulating the routing table with the "
13439
"<application>route</application> command. Static routing enjoys many "
13440
"advantages over dynamic routing, such as simplicity of implementation on "
13441
"smaller networks, predictability (the routing table is always computed in "
13442
"advance, and thus the route is precisely the same each time it is used), and "
13443
"low overhead on other routers and network links due to the lack of a dynamic "
13444
"routing protocol. However, static routing does present some disadvantages as "
13445
"well. For example, static routing is limited to small networks and does not "
13446
"scale well. Static routing also fails completely to adapt to network outages "
13447
"and failures along the route due to the fixed nature of the route."
13448
msgstr ""
13449
13450
#: serverguide/C/network-config.xml:768(para)
13451
msgid ""
13452
"Dynamic routing depends on large networks with multiple possible IP routes "
13453
"from a source to a destination and makes use of special routing protocols, "
13454
"such as the Router Information Protocol (RIP), which handle the automatic "
13455
"adjustments in routing tables that make dynamic routing possible. Dynamic "
13456
"routing has several advantages over static routing, such as superior "
13457
"scalability and the ability to adapt to failures and outages along network "
13458
"routes. Additionally, there is less manual configuration of the routing "
13459
"tables, since routers learn from one another about their existence and "
13460
"available routes. This trait also eliminates the possibility of introducing "
13461
"mistakes in the routing tables via human error. Dynamic routing is not "
13462
"perfect, however, and presents disadvantages such as heightened complexity "
13463
"and additional network overhead from router communications, which does not "
13464
"immediately benefit the end users, but still consumes network bandwidth."
13465
msgstr ""
13466
13467
#: serverguide/C/network-config.xml:782(title)
13468
msgid "TCP and UDP"
13469
msgstr ""
13470
13471
#: serverguide/C/network-config.xml:783(para)
13472
msgid ""
13473
"TCP is a connection-based protocol, offering error correction and guaranteed "
13474
"delivery of data via what is known as <emphasis>flow control</emphasis>. "
13475
"Flow control determines when the flow of a data stream needs to be stopped, "
13476
"and previously sent data packets should to be re-sent due to problems such "
13477
"as <emphasis>collisions</emphasis>, for example, thus ensuring complete and "
13478
"accurate delivery of the data. TCP is typically used in the exchange of "
13479
"important information such as database transactions."
13480
msgstr ""
13481
13482
#: serverguide/C/network-config.xml:791(para)
13483
msgid ""
13484
"The User Datagram Protocol (UDP), on the other hand, is a "
13485
"<emphasis>connectionless</emphasis> protocol which seldom deals with the "
13486
"transmission of important data because it lacks flow control or any other "
13487
"method to ensure reliable delivery of the data. UDP is commonly used in such "
13488
"applications as audio and video streaming, where it is considerably faster "
13489
"than TCP due to the lack of error correction and flow control, and where the "
13490
"loss of a few packets is not generally catastrophic."
13491
msgstr ""
13492
13493
#: serverguide/C/network-config.xml:801(title)
13494
msgid "ICMP"
13495
msgstr ""
13496
13497
#: serverguide/C/network-config.xml:802(para)
13498
msgid ""
13499
"The Internet Control Messaging Protocol (ICMP) is an extension to the "
13500
"Internet Protocol (IP) as defined in the Request For Comments (RFC) #792 and "
13501
"supports network packets containing control, error, and informational "
13502
"messages. ICMP is used by such network applications as the "
13503
"<application>ping</application> utility, which can determine the "
13504
"availability of a network host or device. Examples of some error messages "
13505
"returned by ICMP which are useful to both network hosts and devices such as "
13506
"routers, include <emphasis>Destination Unreachable</emphasis> and "
13507
"<emphasis>Time Exceeded</emphasis>."
13508
msgstr ""
13509
13510
#: serverguide/C/network-config.xml:812(title)
13511
msgid "Daemons"
13512
msgstr ""
13513
13514
#: serverguide/C/network-config.xml:813(para)
13515
msgid ""
13516
"Daemons are special system applications which typically execute continuously "
13517
"in the background and await requests for the functions they provide from "
13518
"other applications. Many daemons are network-centric; that is, a large "
13519
"number of daemons executing in the background on an Ubuntu system may "
13520
"provide network-related functionality. Some examples of such network daemons "
13521
"include the <emphasis>Hyper Text Transport Protocol Daemon</emphasis> "
13522
"(httpd), which provides web server functionality; the <emphasis>Secure SHell "
13523
"Daemon</emphasis> (sshd), which provides secure remote login shell and file "
13524
"transfer capabilities; and the <emphasis>Internet Message Access Protocol "
13525
"Daemon</emphasis> (imapd), which provides E-Mail services."
13526
msgstr ""
13527
13528
#: serverguide/C/network-config.xml:828(para)
13529
msgid ""
13530
"There are man pages for <ulink "
13531
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man7/tcp.7.html\">TCP</uli"
13532
"nk> and <ulink "
13533
"url=\"http://manpages.ubuntu.com/manpages/lucid/man7/ip.7.html\">IP</ulink> "
13534
"that contain more useful information."
13535
msgstr ""
13536
13537
#: serverguide/C/network-config.xml:834(para)
13538
msgid ""
13539
"Also, see the <ulink "
13540
"url=\"http://www.redbooks.ibm.com/abstracts/gg243376.html\">TCP/IP Tutorial "
13541
"and Technical Overview</ulink> IBM Redbook."
13542
msgstr ""
13543
13544
#: serverguide/C/network-config.xml:840(para)
13545
msgid ""
13546
"Another resource is O'Reilly's <ulink "
13547
"url=\"http://oreilly.com/catalog/9780596002978/\">TCP/IP Network "
13548
"Administration</ulink>."
13549
msgstr ""
13550
13551
#: serverguide/C/network-config.xml:849(title)
13552
msgid "Dynamic Host Configuration Protocol (DHCP)"
13553
msgstr ""
13554
13555
#: serverguide/C/network-config.xml:850(para)
13556
msgid ""
13557
"The Dynamic Host Configuration Protocol (DHCP) is a network service that "
13558
"enables host computers to be automatically assigned settings from a server "
13559
"as opposed to manually configuring each network host. Computers configured "
13560
"to be DHCP clients have no control over the settings they receive from the "
13561
"DHCP server, and the configuration is transparent to the computer's user."
13562
msgstr ""
13563
13564
#: serverguide/C/network-config.xml:857(para)
13565
msgid ""
13566
"The most common settings provided by a DHCP server to DHCP clients include:"
13567
msgstr ""
13568
13569
#: serverguide/C/network-config.xml:862(para)
13570
msgid "IP-Address and Netmask"
13571
msgstr ""
13572
13573
#: serverguide/C/network-config.xml:865(para)
13574
msgid "DNS"
13575
msgstr ""
13576
13577
#: serverguide/C/network-config.xml:868(para)
13578
msgid "WINS"
13579
msgstr ""
13580
13581
#: serverguide/C/network-config.xml:871(para)
13582
msgid ""
13583
"However, a DHCP server can also supply configuration properties such as:"
13584
msgstr ""
13585
13586
#: serverguide/C/network-config.xml:876(para)
13587
msgid "Host Name"
13588
msgstr ""
13589
13590
#: serverguide/C/network-config.xml:879(para)
13591
msgid "Domain Name"
13592
msgstr ""
13593
13594
#: serverguide/C/network-config.xml:882(para)
13595
msgid "Default Gateway"
13596
msgstr ""
13597
13598
#: serverguide/C/network-config.xml:885(para)
13599
msgid "Time Server"
13600
msgstr ""
13601
13602
#: serverguide/C/network-config.xml:888(para)
13603
msgid "Print Server"
13604
msgstr ""
13605
13606
#: serverguide/C/network-config.xml:891(para)
13607
msgid ""
13608
"The advantage of using DHCP is that changes to the network, for example a "
13609
"change in the address of the DNS server, need only be changed at the DHCP "
13610
"server, and all network hosts will be reconfigured the next time their DHCP "
13611
"clients poll the DHCP server. As an added advantage, it is also easier to "
13612
"integrate new computers into the network, as there is no need to check for "
13613
"the availability of an IP address. Conflicts in IP address allocation are "
13614
"also reduced."
13615
msgstr ""
13616
13617
#: serverguide/C/network-config.xml:899(para)
13618
msgid "A DHCP server can provide configuration settings using two methods:"
13619
msgstr ""
13620
13621
#: serverguide/C/network-config.xml:904(term)
13622
msgid "MAC Address"
13623
msgstr ""
13624
13625
#: serverguide/C/network-config.xml:906(para)
13626
msgid ""
13627
"This method entails using DHCP to identify the unique hardware address of "
13628
"each network card connected to the network and then continually supplying a "
13629
"constant configuration each time the DHCP client makes a request to the DHCP "
13630
"server using that network device."
13631
msgstr ""
13632
13633
#: serverguide/C/network-config.xml:915(term)
13634
msgid "Address Pool"
13635
msgstr ""
13636
13637
#: serverguide/C/network-config.xml:917(para)
13638
msgid ""
13639
"This method entails defining a pool (sometimes also called a range or scope) "
13640
"of IP addresses from which DHCP clients are supplied their configuration "
13641
"properties dynamically and on a \"first come, first served\" basis. When a "
13642
"DHCP client is no longer on the network for a specified period, the "
13643
"configuration is expired and released back to the address pool for use by "
13644
"other DHCP Clients."
13645
msgstr ""
13646
13647
#: serverguide/C/network-config.xml:928(para)
13648
msgid ""
13649
"Ubuntu is shipped with both DHCP server and client. The server is "
13650
"<application>dhcpd</application> (dynamic host configuration protocol "
13651
"daemon). The client provided with Ubuntu is "
13652
"<application>dhclient</application> and should be installed on all computers "
13653
"required to be automatically configured. Both programs are easy to install "
13654
"and configure and will be automatically started at system boot."
13655
msgstr ""
13656
13657
#: serverguide/C/network-config.xml:938(para)
13658
msgid ""
13659
"At a terminal prompt, enter the following command to install "
13660
"<application>dhcpd</application>:"
13661
msgstr ""
13662
13663
#: serverguide/C/network-config.xml:943(command)
13664
msgid "sudo apt-get install dhcp3-server"
13665
msgstr ""
13666
13667
#: serverguide/C/network-config.xml:945(para)
13668
msgid ""
13669
"You will probably need to change the default configuration by editing "
13670
"/etc/dhcp3/dhcpd.conf to suit your needs and particular configuration."
13671
msgstr ""
13672
13673
#: serverguide/C/network-config.xml:949(para)
13674
msgid ""
13675
"You also need to edit /etc/default/dhcp3-server to specify the interfaces "
13676
"dhcpd should listen to. By default it listens to eth0."
13677
msgstr ""
13678
13679
#: serverguide/C/network-config.xml:953(para)
13680
msgid ""
13681
"NOTE: dhcpd's messages are being sent to syslog. Look there for diagnostics "
13682
"messages."
13683
msgstr ""
13684
13685
#: serverguide/C/network-config.xml:960(para)
13686
msgid ""
13687
"The error message the installation ends with might be a little confusing, "
13688
"but the following steps will help you configure the service:"
13689
msgstr ""
13690
13691
#: serverguide/C/network-config.xml:964(para)
13692
msgid ""
13693
"Most commonly, what you want to do is assign an IP address randomly. This "
13694
"can be done with settings as follows:"
13695
msgstr ""
13696
13697
#: serverguide/C/network-config.xml:968(programlisting)
13698
#, no-wrap
13699
msgid ""
13700
"\n"
13701
"# Sample /etc/dhcpd.conf\n"
13702
"# (add your comments here) \n"
13703
"default-lease-time 600;\n"
13704
"max-lease-time 7200;\n"
13705
"option subnet-mask 255.255.255.0;\n"
13706
"option broadcast-address 192.168.1.255;\n"
13707
"option routers 192.168.1.254;\n"
13708
"option domain-name-servers 192.168.1.1, 192.168.1.2;\n"
13709
"option domain-name \"mydomain.example\";\n"
13710
"\n"
13711
"subnet 192.168.1.0 netmask 255.255.255.0 {\n"
13712
"range 192.168.1.10 192.168.1.100;\n"
13713
"range 192.168.1.150 192.168.1.200;\n"
13714
"} \n"
13715
msgstr ""
13716
13717
#: serverguide/C/network-config.xml:984(para)
13718
msgid ""
13719
"This will result in the DHCP server giving a client an IP address from the "
13720
"range 192.168.1.10-192.168.1.100 or 192.168.1.150-192.168.1.200. It will "
13721
"lease an IP address for 600 seconds if the client doesn't ask for a specific "
13722
"time frame. Otherwise the maximum (allowed) lease will be 7200 seconds. The "
13723
"server will also \"advise\" the client that it should use 255.255.255.0 as "
13724
"its subnet mask, 192.168.1.255 as its broadcast address, 192.168.1.254 as "
13725
"the router/gateway and 192.168.1.1 and 192.168.1.2 as its DNS servers."
13726
msgstr ""
13727
13728
#: serverguide/C/network-config.xml:993(para)
13729
msgid ""
13730
"If you need to specify a WINS server for your Windows clients, you will need "
13731
"to include the netbios-name-servers option, e.g."
13732
msgstr ""
13733
13734
#: serverguide/C/network-config.xml:997(programlisting)
13735
#, no-wrap
13736
msgid ""
13737
"\n"
13738
"option netbios-name-servers 192.168.1.1; \n"
13739
msgstr ""
13740
13741
#: serverguide/C/network-config.xml:1000(para)
13742
msgid ""
13743
"Dhcpd configuration settings are taken from the DHCP mini-HOWTO, which can "
13744
"be found <ulink "
13745
"url=\"http://www.tldp.org/HOWTO/DHCP/index.html\">here</ulink>."
13746
msgstr ""
13747
13748
#: serverguide/C/network-config.xml:1010(para)
13749
msgid ""
13750
"The <ulink url=\"https://help.ubuntu.com/community/dhcp3-server\">dhcp3-"
13751
"server Ubuntu Wiki</ulink> page has more information."
13752
msgstr ""
13753
13754
#: serverguide/C/network-config.xml:1015(para)
13755
msgid ""
13756
"For more <filename>/etc/dhcp3/dchpd.conf</filename> options see the <ulink "
13757
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man5/dhcpd.conf.5.html\">d"
13758
"hcpd.conf man page</ulink>."
13759
msgstr ""
13760
13761
#: serverguide/C/network-config.xml:1021(para)
13762
msgid ""
13763
"Also see the <ulink url=\"http://www.dhcp-handbook.com/dhcp_faq.html\">DHCP "
13764
"FAQ</ulink>"
13765
msgstr ""
13766
13767
#: serverguide/C/network-config.xml:1031(title)
13768
msgid "Time Synchronisation with NTP"
13769
msgstr ""
13770
13771
#: serverguide/C/network-config.xml:1032(para)
13772
msgid ""
13773
"This page describes methods for keeping your computer's time accurate. This "
13774
"is useful for servers, but is not necessary (or desirable) for desktop "
13775
"machines."
13776
msgstr ""
13777
13778
#: serverguide/C/network-config.xml:1035(para)
13779
msgid ""
13780
"NTP is a TCP/IP protocol for synchronising time over a network. Basically a "
13781
"client requests the current time from a server, and uses it to set its own "
13782
"clock."
13783
msgstr ""
13784
13785
#: serverguide/C/network-config.xml:1038(para)
13786
msgid ""
13787
"Behind this simple description, there is a lot of complexity - there are "
13788
"tiers of NTP servers, with the tier one NTP servers connected to atomic "
13789
"clocks (often via GPS), and tier two and three servers spreading the load of "
13790
"actually handling requests across the Internet. Also the client software is "
13791
"a lot more complex than you might think - it has to factor out communication "
13792
"delays, and adjust the time in a way that does not upset all the other "
13793
"processes that run on the server. But luckily all that complexity is hidden "
13794
"from you!"
13795
msgstr ""
13796
13797
#: serverguide/C/network-config.xml:1041(para)
13798
msgid ""
13799
"Ubuntu has two ways of automatically setting your time: ntpdate and ntpd."
13800
msgstr ""
13801
13802
#: serverguide/C/network-config.xml:1046(title)
13803
msgid "ntpdate"
13804
msgstr ""
13805
13806
#: serverguide/C/network-config.xml:1047(para)
13807
msgid ""
13808
"Ubuntu comes with ntpdate as standard, and will run it once at boot time to "
13809
"set up your time according to Ubuntu's NTP server. However, a server's clock "
13810
"is likely to drift considerably between reboots, so it makes sense to "
13811
"correct the time occasionally. The easiest way to do this is to get cron to "
13812
"run ntpdate every day. With your favorite editor, as root, create a file "
13813
"<code>/etc/cron.daily/ntpdate</code> containing:"
13814
msgstr ""
13815
13816
#: serverguide/C/network-config.xml:1052(screen)
13817
#, no-wrap
13818
msgid "ntpdate ntp.ubuntu.com\n"
13819
msgstr ""
13820
13821
#: serverguide/C/network-config.xml:1054(para)
13822
msgid ""
13823
"The file <code>/etc/cron.daily/ntpdate</code> must also be executable."
13824
msgstr ""
13825
13826
#: serverguide/C/network-config.xml:1057(screen)
13827
#, no-wrap
13828
msgid "sudo chmod 755 /etc/cron.daily/ntpdate\n"
13829
msgstr ""
13830
13831
#: serverguide/C/network-config.xml:1061(title)
13832
msgid "ntpd"
13833
msgstr ""
13834
13835
#: serverguide/C/network-config.xml:1062(para)
13836
msgid ""
13837
"ntpdate is a bit of a blunt instrument - it can only adjust the time once a "
13838
"day, in one big correction. The ntp daemon ntpd is far more subtle. It "
13839
"calculates the drift of your system clock and continuously adjusts it, so "
13840
"there are no large corrections that could lead to inconsistent logs for "
13841
"instance. The cost is a little processing power and memory, but for a modern "
13842
"server this is negligible."
13843
msgstr ""
13844
13845
#: serverguide/C/network-config.xml:1065(para)
13846
msgid "To set up ntpd:"
13847
msgstr ""
13848
13849
#: serverguide/C/network-config.xml:1066(screen)
13850
#, no-wrap
13851
msgid "sudo apt-get install ntp\n"
13852
msgstr ""
13853
13854
#: serverguide/C/network-config.xml:1071(title)
13855
msgid "Changing Time Servers"
13856
msgstr ""
13857
13858
#: serverguide/C/network-config.xml:1072(para)
13859
msgid ""
13860
"In both cases above, your system will use Ubuntu's NTP server at "
13861
"<code>ntp.ubuntu.com</code> by default. This is OK, but you might want to "
13862
"use several servers to increase accuracy and resilience, and you may want to "
13863
"use time servers that are geographically closer to you. to do this for "
13864
"ntpdate, change the contents of <code>/etc/cron.daily/ntpdate</code> to:"
13865
msgstr ""
13866
13867
#: serverguide/C/network-config.xml:1079(screen)
13868
#, no-wrap
13869
msgid "ntpdate ntp.ubuntu.com pool.ntp.org \n"
13870
msgstr ""
13871
13872
#: serverguide/C/network-config.xml:1081(para)
13873
msgid ""
13874
"And for ntpd edit <code>/etc/ntp.conf</code> to include additional server "
13875
"lines:"
13876
msgstr ""
13877
13878
#: serverguide/C/network-config.xml:1086(screen)
13879
#, no-wrap
13880
msgid ""
13881
"server ntp.ubuntu.com\n"
13882
"server pool.ntp.org\n"
13883
msgstr ""
13884
13885
#: serverguide/C/network-config.xml:1089(para)
13886
msgid ""
13887
"You may notice <code>pool.ntp.org</code> in the examples above. This is a "
13888
"really good idea which uses round-robin DNS to return an NTP server from a "
13889
"pool, spreading the load between several different servers. Even better, "
13890
"they have pools for different regions - for instance, if you are in New "
13891
"Zealand, so you could use <code>nz.pool.ntp.org</code> instead of "
13892
"<code>pool.ntp.org</code> . Look at <ulink "
13893
"url=\"http://www.pool.ntp.org/\">http://www.pool.ntp.org/</ulink> for more "
13894
"details."
13895
msgstr ""
13896
13897
#: serverguide/C/network-config.xml:1100(para)
13898
msgid ""
13899
"You can also Google for NTP servers in your region, and add these to your "
13900
"configuration. To test that a server works, just type <code>sudo ntpdate "
13901
"ntp.server.name</code> and see what happens."
13902
msgstr ""
13903
13904
#: serverguide/C/network-config.xml:1111(para)
13905
msgid ""
13906
"See the <ulink url=\"https://help.ubuntu.com/community/UbuntuTime\">Ubuntu "
13907
"Time</ulink> wiki page for more information."
13908
msgstr ""
13909
13910
#: serverguide/C/network-config.xml:1117(ulink)
13911
msgid "NTP Support"
13912
msgstr ""
13913
13914
#: serverguide/C/network-config.xml:1122(ulink)
13915
msgid "The NTP FAQ and HOWTO"
13916
msgstr ""
13917
13918
#: serverguide/C/network-auth.xml:13(title)
13919
msgid "Network Authentication"
13920
msgstr ""
13921
13922
#: serverguide/C/network-auth.xml:15(para)
13923
msgid "This section explains various Network Authentication protocols."
13924
msgstr ""
13925
13926
#: serverguide/C/network-auth.xml:19(title)
13927
msgid "OpenLDAP Server"
13928
msgstr ""
13929
13930
#: serverguide/C/network-auth.xml:20(para)
13931
msgid ""
13932
"LDAP is an acronym for Lightweight Directory Access Protocol, it is a "
13933
"simplified version of the X.500 protocol. The directory setup in this "
13934
"section will be used for authentication. Nevertheless, LDAP can be used in "
13935
"numerous ways: authentication, shared directory (for mail clients), address "
13936
"book, etc."
13937
msgstr ""
13938
13939
#: serverguide/C/network-auth.xml:28(para)
13940
msgid ""
13941
"To describe LDAP quickly, all information is stored in a tree structure. "
13942
"With <application>OpenLDAP</application> you have freedom to determine the "
13943
"directory arborescence (the Directory Information Tree: the DIT) yourself. "
13944
"We will begin with a basic tree containing two nodes below the root:"
13945
msgstr ""
13946
13947
#: serverguide/C/network-auth.xml:37(para)
13948
msgid "\"People\" node where your users will be stored"
13949
msgstr ""
13950
13951
#: serverguide/C/network-auth.xml:40(para)
13952
msgid "\"Groups\" node where your groups will be stored"
13953
msgstr ""
13954
13955
#: serverguide/C/network-auth.xml:44(para)
13956
msgid ""
13957
"Before beginning, you should determine what the root of your LDAP directory "
13958
"will be. By default, your tree will be determined by your Fully Qualified "
13959
"Domain Name (FQDN). If your domain is example.com (which we will use in this "
13960
"example), your root node will be dc=example,dc=com."
13961
msgstr ""
13962
13963
#: serverguide/C/network-auth.xml:54(para)
13964
msgid ""
13965
"First, install the <application>OpenLDAP</application> server daemon "
13966
"<application>slapd</application> and <application>ldap-utils</application>, "
13967
"a package containing LDAP management utilities:"
13968
msgstr ""
13969
13970
#: serverguide/C/network-auth.xml:60(command)
13971
msgid "sudo apt-get install slapd ldap-utils"
13972
msgstr ""
13973
13974
#: serverguide/C/network-auth.xml:63(para)
13975
msgid ""
13976
"By default <application>slapd</application> is configured with minimal "
13977
"options needed to run the <application>slapd</application> daemon."
13978
msgstr ""
13979
13980
#: serverguide/C/network-auth.xml:68(para)
13981
msgid ""
13982
"The configuration example in the following sections will match the domain "
13983
"name of the server. For example, if the machine's Fully Qualified Domain "
13984
"Name (FQDN) is ldap.example.com, the default suffix will be "
13985
"<emphasis>dc=example,dc=com</emphasis>."
13986
msgstr ""
13987
13988
#: serverguide/C/network-auth.xml:76(title)
13989
msgid "Populating LDAP"
13990
msgstr ""
13991
13992
#: serverguide/C/network-auth.xml:78(para)
13993
msgid ""
13994
"<application>OpenLDAP</application> uses a separate directory which contains "
13995
"the <emphasis>cn=config</emphasis> Directory Information Tree (DIT). The "
13996
"<emphasis>cn=config</emphasis> DIT is used to dynamically configure the "
13997
"<application>slapd</application> daemon, allowing the modification of schema "
13998
"definitions, indexes, ACLs, etc without stopping the service."
13999
msgstr ""
14000
14001
#: serverguide/C/network-auth.xml:86(para)
14002
msgid ""
14003
"The backend <emphasis>cn=config</emphasis> directory has only a minimal "
14004
"configuration and will need additional configuration options in order to "
14005
"populate the frontend directory. The frontend will be populated with a "
14006
"\"classical\" scheme that will be compatible with address book applications "
14007
"and with Unix Posix accounts. Posix accounts will allow authentication to "
14008
"various applications, such as web applications, email Mail Transfer Agent "
14009
"(MTA) applications, etc."
14010
msgstr ""
14011
14012
#: serverguide/C/network-auth.xml:95(para)
14013
msgid ""
14014
"For external applications to authenticate using LDAP they will each need to "
14015
"be specifically configured to do so. Refer to the individual application "
14016
"documentation for details."
14017
msgstr ""
14018
14019
#: serverguide/C/network-auth.xml:103(para)
14020
msgid ""
14021
"Remember to change <emphasis>dc=example,dc=com</emphasis> in the following "
14022
"examples to match your LDAP configuration."
14023
msgstr ""
14024
14025
#: serverguide/C/network-auth.xml:108(para)
14026
msgid ""
14027
"First, some additional schema files need to be loaded. In a terminal enter:"
14028
msgstr ""
14029
14030
#: serverguide/C/network-auth.xml:113(command) serverguide/C/network-auth.xml:702(command)
14031
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif"
14032
msgstr ""
14033
14034
#: serverguide/C/network-auth.xml:114(command) serverguide/C/network-auth.xml:703(command)
14035
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif"
14036
msgstr ""
14037
14038
#: serverguide/C/network-auth.xml:115(command) serverguide/C/network-auth.xml:704(command)
14039
msgid ""
14040
"sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif"
14041
msgstr ""
14042
14043
#: serverguide/C/network-auth.xml:118(para)
14044
msgid ""
14045
"Next, copy the following example LDIF file, naming it "
14046
"<filename>backend.example.com.ldif</filename>, somewhere on your system:"
14047
msgstr ""
14048
14049
#: serverguide/C/network-auth.xml:123(programlisting)
14050
#, no-wrap
14051
msgid ""
14052
"\n"
14053
"# Load dynamic backend modules\n"
14054
"dn: cn=module,cn=config\n"
14055
"objectClass: olcModuleList\n"
14056
"cn: module\n"
14057
"olcModulepath: /usr/lib/ldap\n"
14058
"olcModuleload: back_hdb\n"
14059
"\n"
14060
"# Database settings\n"
14061
"dn: olcDatabase=hdb,cn=config\n"
14062
"objectClass: olcDatabaseConfig\n"
14063
"objectClass: olcHdbConfig\n"
14064
"olcDatabase: {1}hdb\n"
14065
"olcSuffix: dc=example,dc=com\n"
14066
"olcDbDirectory: /var/lib/ldap\n"
14067
"olcRootDN: cn=admin,dc=example,dc=com\n"
14068
"olcRootPW: secret\n"
14069
"olcDbConfig: set_cachesize 0 2097152 0\n"
14070
"olcDbConfig: set_lk_max_objects 1500\n"
14071
"olcDbConfig: set_lk_max_locks 1500\n"
14072
"olcDbConfig: set_lk_max_lockers 1500\n"
14073
"olcDbIndex: objectClass eq\n"
14074
"olcLastMod: TRUE\n"
14075
"olcDbCheckpoint: 512 30\n"
14076
"olcAccess: to attrs=userPassword by dn=\"cn=admin,dc=example,dc=com\" write "
14077
"by anonymous auth by self write by * none\n"
14078
"olcAccess: to attrs=shadowLastChange by self write by * read\n"
14079
"olcAccess: to dn.base=\"\" by * read\n"
14080
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read\n"
14081
"\n"
14082
msgstr ""
14083
14084
#: serverguide/C/network-auth.xml:155(para)
14085
msgid ""
14086
"Change <emphasis>olcRootPW: secret</emphasis> to a password of your choosing."
14087
msgstr ""
14088
14089
#: serverguide/C/network-auth.xml:160(para)
14090
msgid "Now add the LDIF to the directory:"
14091
msgstr ""
14092
14093
#: serverguide/C/network-auth.xml:165(command) serverguide/C/network-auth.xml:746(command)
14094
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f backend.example.com.ldif"
14095
msgstr ""
14096
14097
#: serverguide/C/network-auth.xml:168(para)
14098
msgid ""
14099
"The frontend directory is now ready to be populated. Create a "
14100
"<filename>frontend.example.com.ldif</filename> with the following contents:"
14101
msgstr ""
14102
14103
#: serverguide/C/network-auth.xml:173(programlisting)
14104
#, no-wrap
14105
msgid ""
14106
"\n"
14107
"# Create top-level object in domain\n"
14108
"dn: dc=example,dc=com\n"
14109
"objectClass: top\n"
14110
"objectClass: dcObject\n"
14111
"objectclass: organization\n"
14112
"o: Example Organization\n"
14113
"dc: Example\n"
14114
"description: LDAP Example \n"
14115
"\n"
14116
"# Admin user.\n"
14117
"dn: cn=admin,dc=example,dc=com\n"
14118
"objectClass: simpleSecurityObject\n"
14119
"objectClass: organizationalRole\n"
14120
"cn: admin\n"
14121
"description: LDAP administrator\n"
14122
"userPassword: secret\n"
14123
"\n"
14124
"dn: ou=people,dc=example,dc=com\n"
14125
"objectClass: organizationalUnit\n"
14126
"ou: people\n"
14127
"\n"
14128
"dn: ou=groups,dc=example,dc=com\n"
14129
"objectClass: organizationalUnit\n"
14130
"ou: groups\n"
14131
"\n"
14132
"dn: uid=john,ou=people,dc=example,dc=com\n"
14133
"objectClass: inetOrgPerson\n"
14134
"objectClass: posixAccount\n"
14135
"objectClass: shadowAccount\n"
14136
"uid: john\n"
14137
"sn: Doe\n"
14138
"givenName: John\n"
14139
"cn: John Doe\n"
14140
"displayName: John Doe\n"
14141
"uidNumber: 1000\n"
14142
"gidNumber: 10000\n"
14143
"userPassword: password\n"
14144
"gecos: John Doe\n"
14145
"loginShell: /bin/bash\n"
14146
"homeDirectory: /home/john\n"
14147
"shadowExpire: -1\n"
14148
"shadowFlag: 0\n"
14149
"shadowWarning: 7\n"
14150
"shadowMin: 8\n"
14151
"shadowMax: 999999\n"
14152
"shadowLastChange: 10877\n"
14153
"mail: john.doe@example.com\n"
14154
"postalCode: 31000\n"
14155
"l: Toulouse\n"
14156
"o: Example\n"
14157
"mobile: +33 (0)6 xx xx xx xx\n"
14158
"homePhone: +33 (0)5 xx xx xx xx\n"
14159
"title: System Administrator\n"
14160
"postalAddress: \n"
14161
"initials: JD\n"
14162
"\n"
14163
"dn: cn=example,ou=groups,dc=example,dc=com\n"
14164
"objectClass: posixGroup\n"
14165
"cn: example\n"
14166
"gidNumber: 10000\n"
14167
msgstr ""
14168
14169
#: serverguide/C/network-auth.xml:236(para)
14170
msgid ""
14171
"In this example the directory structure, a user, and a group have been "
14172
"setup. In other examples you might see the <emphasis>objectClass: "
14173
"top</emphasis> added in every entry, but that is the default behaviour so "
14174
"you do not have to add it explicitly."
14175
msgstr ""
14176
14177
#: serverguide/C/network-auth.xml:243(para)
14178
msgid "Add the entries to the LDAP directory:"
14179
msgstr ""
14180
14181
#: serverguide/C/network-auth.xml:249(command) serverguide/C/network-auth.xml:757(command)
14182
msgid ""
14183
"sudo ldapadd -x -D cn=admin,dc=example,dc=com -W -f frontend.example.com.ldif"
14184
msgstr ""
14185
14186
#: serverguide/C/network-auth.xml:252(para)
14187
msgid ""
14188
"We can check that the content has been correctly added with the "
14189
"<application>ldapsearch</application> utility. Execute a search of the LDAP "
14190
"directory:"
14191
msgstr ""
14192
14193
#: serverguide/C/network-auth.xml:258(command)
14194
msgid "ldapsearch -xLLL -b \"dc=example,dc=com\" uid=john sn givenName cn"
14195
msgstr ""
14196
14197
#: serverguide/C/network-auth.xml:259(computeroutput)
14198
#, no-wrap
14199
msgid ""
14200
"\n"
14201
"dn: uid=john,ou=people,dc=example,dc=com\n"
14202
"cn: John Doe\n"
14203
"sn: Doe\n"
14204
"givenName: John\n"
14205
msgstr ""
14206
14207
#: serverguide/C/network-auth.xml:267(para)
14208
msgid "Just a quick explanation:"
14209
msgstr ""
14210
14211
#: serverguide/C/network-auth.xml:273(para)
14212
msgid ""
14213
"<emphasis>-x:</emphasis> will not use SASL authentication method, which is "
14214
"the default."
14215
msgstr ""
14216
14217
#: serverguide/C/network-auth.xml:279(para)
14218
msgid "<emphasis>-LLL:</emphasis> disable printing LDIF schema information."
14219
msgstr ""
14220
14221
#: serverguide/C/network-auth.xml:287(title)
14222
msgid "Further Configuration"
14223
msgstr ""
14224
14225
#: serverguide/C/network-auth.xml:290(para)
14226
msgid ""
14227
"The <emphasis>cn=config</emphasis> tree can be manipulated using the "
14228
"utilities in the <application>ldap-utils</application> package. For example:"
14229
msgstr ""
14230
14231
#: serverguide/C/network-auth.xml:298(para)
14232
msgid ""
14233
"Use <application>ldapsearch</application> to view the tree, entering the "
14234
"admin password set during installation or reconfiguration:"
14235
msgstr ""
14236
14237
#: serverguide/C/network-auth.xml:304(command)
14238
msgid "sudo ldapsearch -LLL -Y EXTERNAL -H ldapi:/// -b cn=config dn"
14239
msgstr ""
14240
14241
#: serverguide/C/network-auth.xml:308(computeroutput)
14242
#, no-wrap
14243
msgid ""
14244
"\n"
14245
"SASL/EXTERNAL authentication started\n"
14246
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
14247
"SASL SSF: 0\n"
14248
"dn: cn=config\n"
14249
"\n"
14250
"dn: cn=module{0},cn=config\n"
14251
"\n"
14252
"dn: cn=schema,cn=config\n"
14253
"\n"
14254
"dn: cn={0}core,cn=schema,cn=config\n"
14255
"\n"
14256
"dn: cn={1}cosine,cn=schema,cn=config\n"
14257
"\n"
14258
"dn: cn={2}nis,cn=schema,cn=config\n"
14259
"\n"
14260
"dn: cn={3}inetorgperson,cn=schema,cn=config\n"
14261
"\n"
14262
"dn: olcDatabase={-1}frontend,cn=config\n"
14263
"\n"
14264
"dn: olcDatabase={0}config,cn=config\n"
14265
"\n"
14266
"dn: olcDatabase={1}hdb,cn=config\n"
14267
msgstr ""
14268
14269
#: serverguide/C/network-auth.xml:334(para)
14270
msgid ""
14271
"The output above is the current configuration options for the "
14272
"<emphasis>cn=config</emphasis> backend database. Your output may be vary."
14273
msgstr ""
14274
14275
#: serverguide/C/network-auth.xml:342(para)
14276
msgid ""
14277
"As an example of modifying the <emphasis>cn=config</emphasis> tree, add "
14278
"another attribute to the index list using "
14279
"<application>ldapmodify</application>:"
14280
msgstr ""
14281
14282
#: serverguide/C/network-auth.xml:348(command) serverguide/C/network-auth.xml:984(command) serverguide/C/network-auth.xml:1155(command) serverguide/C/network-auth.xml:1191(command)
14283
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:///"
14284
msgstr ""
14285
14286
#: serverguide/C/network-auth.xml:356(userinput)
14287
#, no-wrap
14288
msgid ""
14289
"dn: olcDatabase={1}hdb,cn=config\n"
14290
"add: olcDbIndex\n"
14291
"olcDbIndex: uidNumber eq"
14292
msgstr ""
14293
14294
#: serverguide/C/network-auth.xml:352(computeroutput)
14295
#, no-wrap
14296
msgid ""
14297
"\n"
14298
"SASL/EXTERNAL authentication started\n"
14299
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
14300
"SASL SSF: 0\n"
14301
"<placeholder-1/>\n"
14302
"\n"
14303
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
14304
msgstr ""
14305
14306
#: serverguide/C/network-auth.xml:364(para)
14307
msgid ""
14308
"Once the modification has completed, press <emphasis>Ctrl+D</emphasis> to "
14309
"exit the utility."
14310
msgstr ""
14311
14312
#: serverguide/C/network-auth.xml:371(para)
14313
msgid ""
14314
"<application>ldapmodify</application> can also read the changes from a file. "
14315
"Copy and paste the following into a file named "
14316
"<filename>uid_index.ldif</filename>:"
14317
msgstr ""
14318
14319
#: serverguide/C/network-auth.xml:376(programlisting)
14320
#, no-wrap
14321
msgid ""
14322
"\n"
14323
"dn: olcDatabase={1}hdb,cn=config\n"
14324
"add: olcDbIndex\n"
14325
"olcDbIndex: uid eq,pres,sub\n"
14326
msgstr ""
14327
14328
#: serverguide/C/network-auth.xml:382(para)
14329
msgid "Then execute <application>ldapmodify</application>:"
14330
msgstr ""
14331
14332
#: serverguide/C/network-auth.xml:387(command)
14333
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f uid_index.ldif"
14334
msgstr ""
14335
14336
#: serverguide/C/network-auth.xml:391(computeroutput)
14337
#, no-wrap
14338
msgid ""
14339
"\n"
14340
"SASL/EXTERNAL authentication started\n"
14341
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
14342
"SASL SSF: 0\n"
14343
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
14344
msgstr ""
14345
14346
#: serverguide/C/network-auth.xml:399(para)
14347
msgid "The file method is very useful for large changes."
14348
msgstr ""
14349
14350
#: serverguide/C/network-auth.xml:406(para)
14351
msgid ""
14352
"Adding additional <emphasis>schemas</emphasis> to "
14353
"<application>slapd</application> requires the schema to be converted to LDIF "
14354
"format. The <filename role=\"directory\">/etc/ldap/schema</filename> "
14355
"directory contains some schema files already converted to LDIF format as "
14356
"demonstrated in the previous section. Fortunately, the "
14357
"<application>slapd</application> program can be used to automate the "
14358
"conversion. The following example will add the "
14359
"<emphasis>dyngoup.schema</emphasis>:"
14360
msgstr ""
14361
14362
#: serverguide/C/network-auth.xml:416(para)
14363
msgid ""
14364
"First, create a conversion <filename>schema_convert.conf</filename> file "
14365
"containing the following lines:"
14366
msgstr ""
14367
14368
#: serverguide/C/network-auth.xml:421(programlisting)
14369
#, no-wrap
14370
msgid ""
14371
"\n"
14372
"include /etc/ldap/schema/core.schema\n"
14373
"include /etc/ldap/schema/collective.schema\n"
14374
"include /etc/ldap/schema/corba.schema\n"
14375
"include /etc/ldap/schema/cosine.schema\n"
14376
"include /etc/ldap/schema/duaconf.schema\n"
14377
"include /etc/ldap/schema/dyngroup.schema\n"
14378
"include /etc/ldap/schema/inetorgperson.schema\n"
14379
"include /etc/ldap/schema/java.schema\n"
14380
"include /etc/ldap/schema/misc.schema\n"
14381
"include /etc/ldap/schema/nis.schema\n"
14382
"include /etc/ldap/schema/openldap.schema\n"
14383
"include /etc/ldap/schema/ppolicy.schema\n"
14384
msgstr ""
14385
14386
#: serverguide/C/network-auth.xml:439(para) serverguide/C/network-auth.xml:1655(para)
14387
msgid "Next, create a temporary directory to hold the output:"
14388
msgstr ""
14389
14390
#: serverguide/C/network-auth.xml:444(command) serverguide/C/network-auth.xml:1660(command) serverguide/C/network-auth.xml:2695(command)
14391
msgid "mkdir /tmp/ldif_output"
14392
msgstr ""
14393
14394
#: serverguide/C/network-auth.xml:450(para)
14395
msgid ""
14396
"Now using <application>slapcat</application> convert the schema files to "
14397
"LDIF:"
14398
msgstr ""
14399
14400
#: serverguide/C/network-auth.xml:455(command)
14401
msgid ""
14402
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
14403
"\"cn={5}dyngroup,cn=schema,cn=config\" > /tmp/cn=dyngroup.ldif"
14404
msgstr ""
14405
14406
#: serverguide/C/network-auth.xml:458(para)
14407
msgid ""
14408
"Adjust the configuration file name and temporary directory names if yours "
14409
"are different. Also, it may be worthwhile to keep the "
14410
"<filename>ldif_output</filename> directory around in case you want to add "
14411
"additional schemas in the future."
14412
msgstr ""
14413
14414
#: serverguide/C/network-auth.xml:467(para)
14415
msgid ""
14416
"Edit the <filename>/tmp/cn\\=dyngroup.ldif</filename> file, changing the "
14417
"following attributes:"
14418
msgstr ""
14419
14420
#: serverguide/C/network-auth.xml:471(programlisting)
14421
#, no-wrap
14422
msgid ""
14423
"\n"
14424
"dn: cn=dyngroup,cn=schema,cn=config\n"
14425
"...\n"
14426
"cn: dyngroup\n"
14427
msgstr ""
14428
14429
#: serverguide/C/network-auth.xml:477(para) serverguide/C/network-auth.xml:1691(para)
14430
msgid "And remove the following lines from the bottom of the file:"
14431
msgstr ""
14432
14433
#: serverguide/C/network-auth.xml:481(programlisting)
14434
#, no-wrap
14435
msgid ""
14436
"\n"
14437
"structuralObjectClass: olcSchemaConfig\n"
14438
"entryUUID: 10dae0ea-0760-102d-80d3-f9366b7f7757\n"
14439
"creatorsName: cn=config\n"
14440
"createTimestamp: 20080826021140Z\n"
14441
"entryCSN: 20080826021140.791425Z#000000#000#000000\n"
14442
"modifiersName: cn=config\n"
14443
"modifyTimestamp: 20080826021140Z\n"
14444
msgstr ""
14445
14446
#: serverguide/C/network-auth.xml:492(para) serverguide/C/network-auth.xml:1706(para) serverguide/C/network-auth.xml:2741(para)
14447
msgid ""
14448
"The attribute values will vary, just be sure the attributes are removed."
14449
msgstr ""
14450
14451
#: serverguide/C/network-auth.xml:500(para) serverguide/C/network-auth.xml:1714(para)
14452
msgid ""
14453
"Finally, using the <application>ldapadd</application> utility, add the new "
14454
"schema to the directory:"
14455
msgstr ""
14456
14457
#: serverguide/C/network-auth.xml:506(command)
14458
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/cn\\=dyngroup.ldif"
14459
msgstr ""
14460
14461
#: serverguide/C/network-auth.xml:512(para)
14462
msgid ""
14463
"There should now be a <emphasis>dn: "
14464
"cn={4}dyngroup,cn=schema,cn=config</emphasis> entry in the cn=config tree."
14465
msgstr ""
14466
14467
#: serverguide/C/network-auth.xml:522(title)
14468
msgid "LDAP Replication"
14469
msgstr ""
14470
14471
#: serverguide/C/network-auth.xml:524(para)
14472
msgid ""
14473
"LDAP often quickly becomes a highly critical service to the network. "
14474
"Multiple systems will come to depend on LDAP for authentication, "
14475
"authorization, configuration, etc. It is a good idea to setup a redundant "
14476
"system through replication."
14477
msgstr ""
14478
14479
#: serverguide/C/network-auth.xml:530(para)
14480
msgid ""
14481
"Replication is achieved using the <emphasis>Syncrepl</emphasis> engine. "
14482
"Syncrepl allows the changes to be synced using a "
14483
"<emphasis>consumer</emphasis>, <emphasis>provider</emphasis> model. A "
14484
"provider sends directory changes to consumers."
14485
msgstr ""
14486
14487
#: serverguide/C/network-auth.xml:537(title)
14488
msgid "Provider Configuration"
14489
msgstr ""
14490
14491
#: serverguide/C/network-auth.xml:539(para)
14492
msgid ""
14493
"The following is an example of a <emphasis>Single-Master</emphasis> "
14494
"configuration. In this configuration one OpenLDAP server is configured as a "
14495
"<emphasis>provider</emphasis> and another as a <emphasis>consumer</emphasis>."
14496
msgstr ""
14497
14498
#: serverguide/C/network-auth.xml:547(para)
14499
msgid ""
14500
"First, configure the provider server. Copy the following to a file named "
14501
"<filename>provider_sync.ldif</filename>:"
14502
msgstr ""
14503
14504
#: serverguide/C/network-auth.xml:552(programlisting)
14505
#, no-wrap
14506
msgid ""
14507
"\n"
14508
"# Add indexes to the frontend db.\n"
14509
"dn: olcDatabase={1}hdb,cn=config\n"
14510
"changetype: modify\n"
14511
"add: olcDbIndex\n"
14512
"olcDbIndex: entryCSN eq\n"
14513
"-\n"
14514
"add: olcDbIndex\n"
14515
"olcDbIndex: entryUUID eq\n"
14516
"\n"
14517
"#Load the syncprov and accesslog modules.\n"
14518
"dn: cn=module{0},cn=config\n"
14519
"changetype: modify\n"
14520
"add: olcModuleLoad\n"
14521
"olcModuleLoad: syncprov\n"
14522
"-\n"
14523
"add: olcModuleLoad\n"
14524
"olcModuleLoad: accesslog\n"
14525
"\n"
14526
"# Accesslog database definitions\n"
14527
"dn: olcDatabase={2}hdb,cn=config\n"
14528
"objectClass: olcDatabaseConfig\n"
14529
"objectClass: olcHdbConfig\n"
14530
"olcDatabase: {2}hdb\n"
14531
"olcDbDirectory: /var/lib/ldap/accesslog\n"
14532
"olcSuffix: cn=accesslog\n"
14533
"olcRootDN: cn=admin,dc=example,dc=com\n"
14534
"olcDbIndex: default eq\n"
14535
"olcDbIndex: entryCSN,objectClass,reqEnd,reqResult,reqStart\n"
14536
"\n"
14537
"# Accesslog db syncprov.\n"
14538
"dn: olcOverlay=syncprov,olcDatabase={2}hdb,cn=config\n"
14539
"changetype: add\n"
14540
"objectClass: olcOverlayConfig\n"
14541
"objectClass: olcSyncProvConfig\n"
14542
"olcOverlay: syncprov\n"
14543
"olcSpNoPresent: TRUE\n"
14544
"olcSpReloadHint: TRUE\n"
14545
"\n"
14546
"# syncrepl Provider for primary db\n"
14547
"dn: olcOverlay=syncprov,olcDatabase={1}hdb,cn=config\n"
14548
"changetype: add\n"
14549
"objectClass: olcOverlayConfig\n"
14550
"objectClass: olcSyncProvConfig\n"
14551
"olcOverlay: syncprov\n"
14552
"olcSpNoPresent: TRUE\n"
14553
"\n"
14554
"# accesslog overlay definitions for primary db\n"
14555
"dn: olcOverlay=accesslog,olcDatabase={1}hdb,cn=config\n"
14556
"objectClass: olcOverlayConfig\n"
14557
"objectClass: olcAccessLogConfig\n"
14558
"olcOverlay: accesslog\n"
14559
"olcAccessLogDB: cn=accesslog\n"
14560
"olcAccessLogOps: writes\n"
14561
"olcAccessLogSuccess: TRUE\n"
14562
"# scan the accesslog DB every day, and purge entries older than 7 days\n"
14563
"olcAccessLogPurge: 07+00:00 01+00:00\n"
14564
msgstr ""
14565
14566
#: serverguide/C/network-auth.xml:614(para)
14567
msgid ""
14568
"The <application>AppArmor</application> profile for "
14569
"<application>slapd</application> will need to be adjusted for the accesslog "
14570
"database location. Edit <filename>/etc/apparmor.d/usr.sbin.slapd</filename> "
14571
"adding:"
14572
msgstr ""
14573
14574
#: serverguide/C/network-auth.xml:619(programlisting)
14575
#, no-wrap
14576
msgid ""
14577
"\n"
14578
" /var/lib/ldap/accesslog/ r,\n"
14579
" /var/lib/ldap/accesslog/** rwk,\n"
14580
msgstr ""
14581
14582
#: serverguide/C/network-auth.xml:624(para)
14583
msgid ""
14584
"Then create the directory, reload the <application>apparmor</application> "
14585
"profile, and copy the <filename>DB_CONFIG</filename> file:"
14586
msgstr ""
14587
14588
#: serverguide/C/network-auth.xml:630(command)
14589
msgid "sudo -u openldap mkdir /var/lib/ldap/accesslog"
14590
msgstr ""
14591
14592
#: serverguide/C/network-auth.xml:631(command)
14593
msgid "sudo -u openldap cp /var/lib/ldap/DB_CONFIG /var/lib/ldap/accesslog/"
14594
msgstr ""
14595
14596
#: serverguide/C/network-auth.xml:636(para)
14597
msgid ""
14598
"Using the <emphasis>-u openldap</emphasis> option with the "
14599
"<application>sudo</application> commands above removes the need to adjust "
14600
"permissions for the new directory later."
14601
msgstr ""
14602
14603
#: serverguide/C/network-auth.xml:645(para)
14604
msgid ""
14605
"Edit the file and change the <emphasis>olcRootDN</emphasis> to match your "
14606
"directory:"
14607
msgstr ""
14608
14609
#: serverguide/C/network-auth.xml:649(programlisting)
14610
#, no-wrap
14611
msgid ""
14612
"\n"
14613
"olcRootDN: cn=admin,dc=example,dc=com\n"
14614
msgstr ""
14615
14616
#: serverguide/C/network-auth.xml:657(para)
14617
msgid ""
14618
"Next, add the LDIF file using the <application>ldapadd</application> utility:"
14619
msgstr ""
14620
14621
#: serverguide/C/network-auth.xml:662(command)
14622
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f provider_sync.ldif"
14623
msgstr ""
14624
14625
#: serverguide/C/network-auth.xml:669(para)
14626
msgid "Restart <application>slapd</application>:"
14627
msgstr ""
14628
14629
#: serverguide/C/network-auth.xml:674(command) serverguide/C/network-auth.xml:1040(command) serverguide/C/network-auth.xml:1227(command)
14630
msgid "sudo /etc/init.d/slapd restart"
14631
msgstr ""
14632
14633
#: serverguide/C/network-auth.xml:680(para)
14634
msgid ""
14635
"The <emphasis>Provider</emphasis> server is now configured, and it is time "
14636
"to configure a <emphasis>Consumer</emphasis> server."
14637
msgstr ""
14638
14639
#: serverguide/C/network-auth.xml:687(title)
14640
msgid "Consumer Configuration"
14641
msgstr ""
14642
14643
#: serverguide/C/network-auth.xml:692(para)
14644
msgid ""
14645
"On the <emphasis>Consumer</emphasis> server configure it the same as the "
14646
"<emphasis>Provider</emphasis> except for the <emphasis>Syncrepl</emphasis> "
14647
"configuration steps."
14648
msgstr ""
14649
14650
#: serverguide/C/network-auth.xml:697(para)
14651
msgid "Add the additional schema files:"
14652
msgstr ""
14653
14654
#: serverguide/C/network-auth.xml:707(para)
14655
msgid ""
14656
"Also, create, or copy from the provider server, the "
14657
"<filename>backend.example.com.ldif</filename>"
14658
msgstr ""
14659
14660
#: serverguide/C/network-auth.xml:711(programlisting)
14661
#, no-wrap
14662
msgid ""
14663
"\n"
14664
"# Load dynamic backend modules\n"
14665
"dn: cn=module,cn=config\n"
14666
"objectClass: olcModuleList\n"
14667
"cn: module\n"
14668
"olcModulepath: /usr/lib/ldap\n"
14669
"olcModuleload: back_hdb\n"
14670
"\n"
14671
"# Database settings\n"
14672
"dn: olcDatabase=hdb,cn=config\n"
14673
"objectClass: olcDatabaseConfig\n"
14674
"objectClass: olcHdbConfig\n"
14675
"olcDatabase: {1}hdb\n"
14676
"olcSuffix: dc=example,dc=com\n"
14677
"olcDbDirectory: /var/lib/ldap\n"
14678
"olcRootDN: cn=admin,dc=example,dc=com\n"
14679
"olcRootPW: secret\n"
14680
"olcDbConfig: set_cachesize 0 2097152 0\n"
14681
"olcDbConfig: set_lk_max_objects 1500\n"
14682
"olcDbConfig: set_lk_max_locks 1500\n"
14683
"olcDbConfig: set_lk_max_lockers 1500\n"
14684
"olcDbIndex: objectClass eq\n"
14685
"olcLastMod: TRUE\n"
14686
"olcDbCheckpoint: 512 30\n"
14687
"olcAccess: to attrs=userPassword by dn=\"cn=admin,dc=example,dc=com\" write "
14688
"by anonymous auth by self write by * none\n"
14689
"olcAccess: to attrs=shadowLastChange by self write by * read\n"
14690
"olcAccess: to dn.base=\"\" by * read\n"
14691
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read\n"
14692
msgstr ""
14693
14694
#: serverguide/C/network-auth.xml:741(para)
14695
msgid "And add the LDIF by entering:"
14696
msgstr ""
14697
14698
#: serverguide/C/network-auth.xml:752(para)
14699
msgid ""
14700
"Do the same with the <filename>frontend.example.com.ldif</filename> file "
14701
"listed above, and add it:"
14702
msgstr ""
14703
14704
#: serverguide/C/network-auth.xml:760(para)
14705
msgid ""
14706
"The two severs should now have the same configuration except for the "
14707
"<emphasis>Syncrepl</emphasis> options."
14708
msgstr ""
14709
14710
#: serverguide/C/network-auth.xml:768(para)
14711
msgid ""
14712
"Now create a file named <filename>consumer_sync.ldif</filename> containing:"
14713
msgstr ""
14714
14715
#: serverguide/C/network-auth.xml:772(programlisting)
14716
#, no-wrap
14717
msgid ""
14718
"\n"
14719
"#Load the syncprov module.\n"
14720
"dn: cn=module{0},cn=config\n"
14721
"changetype: modify\n"
14722
"add: olcModuleLoad\n"
14723
"olcModuleLoad: syncprov\n"
14724
"\n"
14725
"# syncrepl specific indices\n"
14726
"dn: olcDatabase={1}hdb,cn=config\n"
14727
"changetype: modify\n"
14728
"add: olcDbIndex\n"
14729
"olcDbIndex: entryUUID eq\n"
14730
"-\n"
14731
"add: olcSyncRepl\n"
14732
"olcSyncRepl: rid=0 provider=ldap://ldap01.example.com bindmethod=simple "
14733
"binddn=\"cn=admin,dc=example,dc=com\" \n"
14734
" credentials=secret searchbase=\"dc=example,dc=com\" "
14735
"logbase=\"cn=accesslog\" \n"
14736
" logfilter=\"(&(objectClass=auditWriteObject)(reqResult=0))\" "
14737
"schemachecking=on \n"
14738
" type=refreshAndPersist retry=\"60 +\" syncdata=accesslog\n"
14739
"-\n"
14740
"add: olcUpdateRef\n"
14741
"olcUpdateRef: ldap://ldap01.example.com\n"
14742
msgstr ""
14743
14744
#: serverguide/C/network-auth.xml:795(para)
14745
msgid "You will probably want to change the following attributes:"
14746
msgstr ""
14747
14748
#: serverguide/C/network-auth.xml:800(para)
14749
msgid "<emphasis>ldap01.example.com</emphasis> to your server's hostname."
14750
msgstr ""
14751
14752
#: serverguide/C/network-auth.xml:801(emphasis)
14753
msgid "binddn"
14754
msgstr ""
14755
14756
#: serverguide/C/network-auth.xml:802(emphasis)
14757
msgid "credentials"
14758
msgstr ""
14759
14760
#: serverguide/C/network-auth.xml:803(emphasis)
14761
msgid "searchbase"
14762
msgstr ""
14763
14764
#: serverguide/C/network-auth.xml:804(emphasis)
14765
msgid "olcUpdateRef:"
14766
msgstr ""
14767
14768
#: serverguide/C/network-auth.xml:810(para)
14769
msgid "Add the LDIF file to the configuration tree:"
14770
msgstr ""
14771
14772
#: serverguide/C/network-auth.xml:815(command)
14773
msgid "sudo ldapadd -c -Y EXTERNAL -H ldapi:/// -f consumer_sync.ldif"
14774
msgstr ""
14775
14776
#: serverguide/C/network-auth.xml:821(para)
14777
msgid ""
14778
"The frontend database should now sync between servers. You can add "
14779
"additional servers using the steps above as the need arises."
14780
msgstr ""
14781
14782
#: serverguide/C/network-auth.xml:831(programlisting)
14783
#, no-wrap
14784
msgid "127.0.0.1\tldap01.example.com ldap01"
14785
msgstr ""
14786
14787
#: serverguide/C/network-auth.xml:827(para)
14788
msgid ""
14789
"The <application>slapd</application> daemon will send log information to "
14790
"<filename>/var/log/syslog</filename> by default. So if all does "
14791
"<emphasis>not</emphasis> go well check there for errors and other "
14792
"troubleshooting information. Also, be sure that each server knows it's Fully "
14793
"Qualified Domain Name (FQDN). This is configured in "
14794
"<filename>/etc/hosts</filename> with a line similar to: <placeholder-1/>."
14795
msgstr ""
14796
14797
#: serverguide/C/network-auth.xml:839(title)
14798
msgid "Setting up ACL"
14799
msgstr ""
14800
14801
#: serverguide/C/network-auth.xml:841(para)
14802
msgid ""
14803
"Authentication requires access to the password field, that should be not "
14804
"accessible by default. Also, in order for users to change their own "
14805
"password, using <command>passwd</command> or other utilities, "
14806
"<emphasis>shadowLastChange</emphasis> needs to be accessible once a user has "
14807
"authenticated."
14808
msgstr ""
14809
14810
#: serverguide/C/network-auth.xml:848(para)
14811
msgid ""
14812
"To view the Access Control List (ACL), use the "
14813
"<application>ldapsearch</application> utility:"
14814
msgstr ""
14815
14816
#: serverguide/C/network-auth.xml:853(command)
14817
msgid ""
14818
"ldapsearch -xLLL -b cn=config -D cn=admin,cn=config -W olcDatabase=hdb "
14819
"olcAccess"
14820
msgstr ""
14821
14822
#: serverguide/C/network-auth.xml:857(computeroutput)
14823
#, no-wrap
14824
msgid ""
14825
"Enter LDAP Password: \n"
14826
"dn: olcDatabase={1}hdb,cn=config\n"
14827
"olcAccess: {0}to attrs=userPassword,shadowLastChange by "
14828
"dn=\"cn=admin,dc=exampl\n"
14829
" e,dc=com\" write by anonymous auth by self write by * none\n"
14830
"olcAccess: {1}to dn.base=\"\" by * read\n"
14831
"olcAccess: {2}to * by dn=\"cn=admin,dc=example,dc=com\" write by * read\n"
14832
msgstr ""
14833
14834
#: serverguide/C/network-auth.xml:869(title)
14835
msgid "TLS and SSL"
14836
msgstr ""
14837
14838
#: serverguide/C/network-auth.xml:871(para)
14839
msgid ""
14840
"When authenticating to an OpenLDAP server it is best to do so using an "
14841
"encrypted session. This can be accomplished using Transport Layer Security "
14842
"(TLS) and/or Secure Sockets Layer (SSL)."
14843
msgstr ""
14844
14845
#: serverguide/C/network-auth.xml:876(para)
14846
msgid ""
14847
"The first step in the process is to obtain or create a "
14848
"<emphasis>certificate</emphasis>. Because <application>slapd</application> "
14849
"is compiled using the <application>gnutls</application> library, the "
14850
"<application>certtool</application> utility will be used to create "
14851
"certificates."
14852
msgstr ""
14853
14854
#: serverguide/C/network-auth.xml:885(para)
14855
msgid ""
14856
"First, install <application>gnutls-bin</application> by entering the "
14857
"following in a terminal:"
14858
msgstr ""
14859
14860
#: serverguide/C/network-auth.xml:890(command)
14861
msgid "sudo apt-get install gnutls-bin"
14862
msgstr ""
14863
14864
#: serverguide/C/network-auth.xml:896(para)
14865
msgid ""
14866
"Next, create a private key for the <emphasis>Certificate "
14867
"Authority</emphasis> (CA):"
14868
msgstr ""
14869
14870
#: serverguide/C/network-auth.xml:901(command)
14871
msgid ""
14872
"sudo sh -c \"certtool --generate-privkey > /etc/ssl/private/cakey.pem\""
14873
msgstr ""
14874
14875
#: serverguide/C/network-auth.xml:907(para)
14876
msgid ""
14877
"Create a <filename>/etc/ssl/ca.info</filename> details file to self-sign the "
14878
"CA certificate containing:"
14879
msgstr ""
14880
14881
#: serverguide/C/network-auth.xml:911(programlisting)
14882
#, no-wrap
14883
msgid ""
14884
"\n"
14885
"cn = Example Company\n"
14886
"ca\n"
14887
"cert_signing_key\n"
14888
msgstr ""
14889
14890
#: serverguide/C/network-auth.xml:920(para)
14891
msgid "Now create the self-signed CA certificate:"
14892
msgstr ""
14893
14894
#: serverguide/C/network-auth.xml:925(command)
14895
msgid ""
14896
"sudo certtool --generate-self-signed --load-privkey "
14897
"/etc/ssl/private/cakey.pem \\ --template /etc/ssl/ca.info --outfile "
14898
"/etc/ssl/certs/cacert.pem"
14899
msgstr ""
14900
14901
#: serverguide/C/network-auth.xml:932(para)
14902
msgid "Make a private key for the server:"
14903
msgstr ""
14904
14905
#: serverguide/C/network-auth.xml:937(command)
14906
msgid ""
14907
"sudo sh -c \"certtool --generate-privkey > "
14908
"/etc/ssl/private/ldap01_slapd_key.pem\""
14909
msgstr ""
14910
14911
#: serverguide/C/network-auth.xml:941(para)
14912
msgid ""
14913
"Replace <emphasis>ldap01</emphasis> in the filename with your server's "
14914
"hostname. Naming the certificate and key for the host and service that will "
14915
"be using them will help keep filenames and paths straight."
14916
msgstr ""
14917
14918
#: serverguide/C/network-auth.xml:950(para)
14919
msgid ""
14920
"To sign the server's certificate with the CA, create the "
14921
"<filename>/etc/ssl/ldap01.info</filename> info file containing:"
14922
msgstr ""
14923
14924
#: serverguide/C/network-auth.xml:954(programlisting)
14925
#, no-wrap
14926
msgid ""
14927
"\n"
14928
"organization = Example Company\n"
14929
"cn = ldap01.example.com\n"
14930
"tls_www_server\n"
14931
"encryption_key\n"
14932
"signing_key\n"
14933
msgstr ""
14934
14935
#: serverguide/C/network-auth.xml:965(para)
14936
msgid "Create the server's certificate:"
14937
msgstr ""
14938
14939
#: serverguide/C/network-auth.xml:970(command)
14940
msgid ""
14941
"sudo certtool --generate-certificate --load-privkey /etc/ssl/private/x01-"
14942
"test_slapd_key.pem \\ --load-ca-certificate /etc/ssl/certs/cacert.pem --load-"
14943
"ca-privkey /etc/ssl/private/cakey.pem \\ --template /etc/ssl/x01-test.info --"
14944
"outfile /etc/ssl/certs/x01-test_slapd_cert.pem"
14945
msgstr ""
14946
14947
#: serverguide/C/network-auth.xml:978(para)
14948
msgid ""
14949
"Once you have a certificate, key, and CA cert installed, use "
14950
"<application>ldapmodify</application> to add the new configuration options:"
14951
msgstr ""
14952
14953
#: serverguide/C/network-auth.xml:989(userinput)
14954
#, no-wrap
14955
msgid ""
14956
"dn: cn=config\n"
14957
"add: olcTLSCACertificateFile\n"
14958
"olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem\n"
14959
"-\n"
14960
"add: olcTLSCertificateFile\n"
14961
"olcTLSCertificateFile: /etc/ssl/certs/ldap01_slapd_cert.pem\n"
14962
"-\n"
14963
"add: olcTLSCertificateKeyFile\n"
14964
"olcTLSCertificateKeyFile: /etc/ssl/private/ldap01_slapd_key.pem"
14965
msgstr ""
14966
14967
#: serverguide/C/network-auth.xml:988(computeroutput) serverguide/C/network-auth.xml:1159(computeroutput)
14968
#, no-wrap
14969
msgid ""
14970
"Enter LDAP Password:\n"
14971
"<placeholder-1/>\n"
14972
"\n"
14973
"modifying entry \"cn=config\"\n"
14974
msgstr ""
14975
14976
#: serverguide/C/network-auth.xml:1004(para)
14977
msgid ""
14978
"Adjust the <filename>ldap01_slapd_cert.pem</filename>, "
14979
"<filename>ldap01_slapd_key.pem</filename>, and "
14980
"<filename>cacert.pem</filename> names if yours are different."
14981
msgstr ""
14982
14983
#: serverguide/C/network-auth.xml:1010(para)
14984
msgid ""
14985
"Next, edit <filename>/etc/default/slapd</filename> uncomment the "
14986
"<emphasis>SLAPD_SERVICES</emphasis> option:"
14987
msgstr ""
14988
14989
#: serverguide/C/network-auth.xml:1014(programlisting)
14990
#, no-wrap
14991
msgid ""
14992
"\n"
14993
"SLAPD_SERVICES=\"ldap:/// ldapi:/// ldaps:///\"\n"
14994
msgstr ""
14995
14996
#: serverguide/C/network-auth.xml:1018(para)
14997
msgid ""
14998
"Now the <emphasis>openldap</emphasis> user needs access to the certificate:"
14999
msgstr ""
15000
15001
#: serverguide/C/network-auth.xml:1023(command)
15002
msgid "sudo adduser openldap ssl-cert"
15003
msgstr ""
15004
15005
#: serverguide/C/network-auth.xml:1024(command)
15006
msgid "sudo chgrp ssl-cert /etc/ssl/private/ldap01_slapd_key.pem"
15007
msgstr ""
15008
15009
#: serverguide/C/network-auth.xml:1025(command)
15010
msgid "sudo chmod g+r /etc/ssl/private/ldap01_slapd_key.pem"
15011
msgstr ""
15012
15013
#: serverguide/C/network-auth.xml:1029(para)
15014
msgid ""
15015
"If the <filename role=\"directory\">/etc/ssl/private</filename> and "
15016
"<filename>/etc/ssl/private/server.key</filename> have different permissions, "
15017
"adjust the commands appropriately."
15018
msgstr ""
15019
15020
#: serverguide/C/network-auth.xml:1035(para)
15021
msgid "Finally, restart <application>slapd</application>:"
15022
msgstr ""
15023
15024
#: serverguide/C/network-auth.xml:1043(para)
15025
msgid ""
15026
"The <application>slapd</application> daemon should now be listening for "
15027
"LDAPS connections and be able to use STARTTLS during authentication."
15028
msgstr ""
15029
15030
#: serverguide/C/network-auth.xml:1049(para)
15031
msgid ""
15032
"If you run into troubles with the server not starting, check the "
15033
"/var/log/syslog. If you see errors like main: TLS init def ctx failed: -1, "
15034
"it is likely there is a configuration problem. Check that the certificate is "
15035
"signed by the authority from in the files configured, and that the ssl-cert "
15036
"group has read permissions on the private key."
15037
msgstr ""
15038
15039
#: serverguide/C/network-auth.xml:1061(title)
15040
msgid "TLS Replication"
15041
msgstr ""
15042
15043
#: serverguide/C/network-auth.xml:1063(para)
15044
msgid ""
15045
"If you have setup <application>Syncrepl</application> between servers, it is "
15046
"prudent to encrypt the replication traffic using <emphasis>Transport Layer "
15047
"Security (TLS)</emphasis>. For details on setting up replication see <xref "
15048
"linkend=\"openldap-server-replication\"/>."
15049
msgstr ""
15050
15051
#: serverguide/C/network-auth.xml:1069(para)
15052
msgid ""
15053
"Assuming you have followed the above instructions and created a CA "
15054
"certificate and server certificate on the <emphasis>Provider</emphasis> "
15055
"server. Follow the following instructions to create a certificate and key "
15056
"for the <emphasis>Consumer</emphasis> server."
15057
msgstr ""
15058
15059
#: serverguide/C/network-auth.xml:1078(para)
15060
msgid "Create a new key for the Consumer server:"
15061
msgstr ""
15062
15063
#: serverguide/C/network-auth.xml:1083(command)
15064
msgid "mkdir ldap02-ssl"
15065
msgstr ""
15066
15067
#: serverguide/C/network-auth.xml:1084(command)
15068
msgid "cd ldap02-ssl"
15069
msgstr ""
15070
15071
#: serverguide/C/network-auth.xml:1085(command)
15072
msgid "certtool --generate-privkey > ldap02_slapd_key.pem"
15073
msgstr ""
15074
15075
#: serverguide/C/network-auth.xml:1089(para)
15076
msgid ""
15077
"Creating a new directory is not strictly necessary, but it will help keep "
15078
"things organized and make it easier to copy the files to the Consumer server."
15079
msgstr ""
15080
15081
#: serverguide/C/network-auth.xml:1098(para)
15082
msgid ""
15083
"Next, create an info file, <filename>ldap02.info</filename> for the Consumer "
15084
"server, changing the attributes to match your locality and server:"
15085
msgstr ""
15086
15087
#: serverguide/C/network-auth.xml:1103(programlisting)
15088
#, no-wrap
15089
msgid ""
15090
"\n"
15091
"country = US\n"
15092
"state = North Carolina\n"
15093
"locality = Winston-Salem\n"
15094
"organization = Example Company\n"
15095
"cn = ldap02.salem.edu\n"
15096
"tls_www_client\n"
15097
"encryption_key\n"
15098
"signing_key\n"
15099
msgstr ""
15100
15101
#: serverguide/C/network-auth.xml:1117(para)
15102
msgid "Create the certificate:"
15103
msgstr ""
15104
15105
#: serverguide/C/network-auth.xml:1122(command)
15106
msgid ""
15107
"sudo certtool --generate-certificate --load-privkey ldap02_slapd_key.pem \\ -"
15108
"-load-ca-certificate /etc/ssl/certs/cacert.pem --load-ca-privkey "
15109
"/etc/ssl/private/cakey.pem \\ --template ldap02.info --outfile "
15110
"ldap02_slapd_cert.pem"
15111
msgstr ""
15112
15113
#: serverguide/C/network-auth.xml:1130(para)
15114
msgid "Copy the <filename>cacert.pem</filename> to the dicretory:"
15115
msgstr ""
15116
15117
#: serverguide/C/network-auth.xml:1135(command)
15118
msgid "cp /etc/ssl/certs/cacert.pem ."
15119
msgstr ""
15120
15121
#: serverguide/C/network-auth.xml:1141(para)
15122
msgid ""
15123
"The only thing left is to copy the <filename>ldap02-ssl</filename> directory "
15124
"to the Consumer server, then copy <filename>ldap02_slapd_cert.pem</filename> "
15125
"and <filename>cacert.pem</filename> to <filename>/etc/ssl/certs</filename>, "
15126
"and copy <filename>ldap02_slapd_key.pem</filename> to "
15127
"<filename>/etc/ssl/private</filename>."
15128
msgstr ""
15129
15130
#: serverguide/C/network-auth.xml:1150(para)
15131
msgid ""
15132
"Once the files are in place adjust the <emphasis>cn=config</emphasis> tree "
15133
"by entering:"
15134
msgstr ""
15135
15136
#: serverguide/C/network-auth.xml:1160(userinput)
15137
#, no-wrap
15138
msgid ""
15139
"dn: cn=config\n"
15140
"add: olcTLSCACertificateFile\n"
15141
"olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem\n"
15142
"-\n"
15143
"add: olcTLSCertificateFile\n"
15144
"olcTLSCertificateFile: /etc/ssl/certs/ldap02_slapd_cert.pem\n"
15145
"-\n"
15146
"add: olcTLSCertificateKeyFile\n"
15147
"olcTLSCertificateKeyFile: /etc/ssl/private/ldap02_slapd_key.pem"
15148
msgstr ""
15149
15150
#: serverguide/C/network-auth.xml:1177(para)
15151
msgid ""
15152
"As with the Provider you can now edit "
15153
"<filename>/etc/default/slapd</filename> and add the "
15154
"<emphasis>ldaps:///</emphasis> parameter to the "
15155
"<emphasis>SLAPD_SERVICES</emphasis> option."
15156
msgstr ""
15157
15158
#: serverguide/C/network-auth.xml:1185(para)
15159
msgid ""
15160
"Now that <emphasis>TLS</emphasis> has been setup on each server, once again "
15161
"modify the <emphasis>Consumer</emphasis> server's "
15162
"<emphasis>cn=config</emphasis> tree by entering the following in a terminal:"
15163
msgstr ""
15164
15165
#: serverguide/C/network-auth.xml:1198(userinput)
15166
#, no-wrap
15167
msgid ""
15168
"\n"
15169
"dn: olcDatabase={1}hdb,cn=config\n"
15170
"replace: olcSyncrepl\n"
15171
"olcSyncrepl: {0}rid=0 provider=ldap://ldap01.example.com bindmethod=simple "
15172
"binddn=\"cn=ad\n"
15173
" min,dc=example,dc=com\" credentials=secret searchbase=\"dc=example,dc=com\" "
15174
"logbas\n"
15175
" e=\"cn=accesslog\" "
15176
"logfilter=\"(&(objectClass=auditWriteObject)(reqResult=0))\" s\n"
15177
" chemachecking=on type=refreshAndPersist retry=\"60 +\" syncdata=accesslog "
15178
"starttls=yes"
15179
msgstr ""
15180
15181
#: serverguide/C/network-auth.xml:1195(computeroutput)
15182
#, no-wrap
15183
msgid ""
15184
"SASL/EXTERNAL authentication started\n"
15185
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
15186
"SASL SSF: 0\n"
15187
"<placeholder-1/>\n"
15188
"\n"
15189
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
15190
msgstr ""
15191
15192
#: serverguide/C/network-auth.xml:1210(para)
15193
msgid ""
15194
"If the LDAP server hostname does not match the Fully Qualified Domain Name "
15195
"(FQDN) in the certificate, you may have to edit "
15196
"<filename>/etc/ldap/ldap.conf</filename> and add the following TLS options:"
15197
msgstr ""
15198
15199
#: serverguide/C/network-auth.xml:1215(programlisting)
15200
#, no-wrap
15201
msgid ""
15202
"\n"
15203
"TLS_CERT /etc/ssl/certs/ldap02_slapd_cert.pem\n"
15204
"TLS_KEY /etc/ssl/private/ldap02_slapd_key.pem\n"
15205
"TLS_CACERT /etc/ssl/certs/cacert.pem\n"
15206
msgstr ""
15207
15208
#: serverguide/C/network-auth.xml:1222(para)
15209
msgid ""
15210
"Finally, restart <application>slapd</application> on each of the servers:"
15211
msgstr ""
15212
15213
#: serverguide/C/network-auth.xml:1235(title)
15214
msgid "LDAP Authentication"
15215
msgstr ""
15216
15217
#: serverguide/C/network-auth.xml:1237(para)
15218
msgid ""
15219
"Once you have a working LDAP server, the <application>auth-client-"
15220
"config</application> and <application>libnss-ldap</application> packages "
15221
"take the pain out of configuring an Ubuntu client to authenticate using "
15222
"LDAP. To install the packages from, a terminal prompt enter:"
15223
msgstr ""
15224
15225
#: serverguide/C/network-auth.xml:1244(command)
15226
msgid "sudo apt-get install libnss-ldap"
15227
msgstr ""
15228
15229
#: serverguide/C/network-auth.xml:1247(para)
15230
msgid ""
15231
"During the install a menu dialog will ask you connection details about your "
15232
"LDAP server."
15233
msgstr ""
15234
15235
#: serverguide/C/network-auth.xml:1251(para)
15236
msgid ""
15237
"If you make a mistake when entering your information you can execute the "
15238
"dialog again using:"
15239
msgstr ""
15240
15241
#: serverguide/C/network-auth.xml:1256(command)
15242
msgid "sudo dpkg-reconfigure ldap-auth-config"
15243
msgstr ""
15244
15245
#: serverguide/C/network-auth.xml:1259(para)
15246
msgid ""
15247
"The results of the dialog can be seen in "
15248
"<filename>/etc/ldap.conf</filename>. If your server requires options not "
15249
"covered in the menu edit this file accordingly."
15250
msgstr ""
15251
15252
#: serverguide/C/network-auth.xml:1264(para)
15253
msgid ""
15254
"Now that <application>libnss-ldap</application> is configured enable the "
15255
"<application>auth-client-config</application> LDAP profile by entering:"
15256
msgstr ""
15257
15258
#: serverguide/C/network-auth.xml:1270(command)
15259
msgid "sudo auth-client-config -t nss -p lac_ldap"
15260
msgstr ""
15261
15262
#: serverguide/C/network-auth.xml:1275(para)
15263
msgid ""
15264
"<emphasis>-t:</emphasis> only modifies "
15265
"<filename>/etc/nsswitch.conf</filename>."
15266
msgstr ""
15267
15268
#: serverguide/C/network-auth.xml:1280(para)
15269
msgid "<emphasis>-p:</emphasis> name of the profile to enable, disable, etc."
15270
msgstr ""
15271
15272
#: serverguide/C/network-auth.xml:1285(para)
15273
msgid ""
15274
"<emphasis>lac_ldap:</emphasis> the <application>auth-client-"
15275
"config</application> profile that is part of the <application>ldap-auth-"
15276
"config</application> package."
15277
msgstr ""
15278
15279
#: serverguide/C/network-auth.xml:1292(para)
15280
msgid ""
15281
"Using the <application>pam-auth-update</application> utility, configure the "
15282
"system to use LDAP for authentication:"
15283
msgstr ""
15284
15285
#: serverguide/C/network-auth.xml:1297(command)
15286
msgid "sudo pam-auth-update"
15287
msgstr ""
15288
15289
#: serverguide/C/network-auth.xml:1300(para)
15290
msgid ""
15291
"From the <application>pam-auth-update</application> menu, choose LDAP and "
15292
"any other authentication mechanisms you need."
15293
msgstr ""
15294
15295
#: serverguide/C/network-auth.xml:1304(para)
15296
msgid ""
15297
"You should now be able to login using user credentials stored in the LDAP "
15298
"directory."
15299
msgstr ""
15300
15301
#: serverguide/C/network-auth.xml:1309(para)
15302
msgid ""
15303
"If you are going to use LDAP to store Samba users you will need to configure "
15304
"the server to authenticate using LDAP. See <xref linkend=\"samba-ldap\"/> "
15305
"for details."
15306
msgstr ""
15307
15308
#: serverguide/C/network-auth.xml:1317(title)
15309
msgid "User and Group Management"
15310
msgstr ""
15311
15312
#: serverguide/C/network-auth.xml:1319(para)
15313
msgid ""
15314
"The <application>ldap-utils</application> package comes with multiple "
15315
"utilities to manage the directory, but the long string of options needed, "
15316
"can make them a burden to use. The <application>ldapscripts</application> "
15317
"package contains configurable scripts to easily manage LDAP users and groups."
15318
msgstr ""
15319
15320
#: serverguide/C/network-auth.xml:1325(para)
15321
msgid "To install the package, from a terminal enter:"
15322
msgstr ""
15323
15324
#: serverguide/C/network-auth.xml:1330(command)
15325
msgid "sudo apt-get install ldapscripts"
15326
msgstr ""
15327
15328
#: serverguide/C/network-auth.xml:1333(para)
15329
msgid ""
15330
"Next, edit the config file "
15331
"<filename>/etc/ldapscripts/ldapscripts.conf</filename> uncommenting and "
15332
"changing the following to match your environment:"
15333
msgstr ""
15334
15335
#: serverguide/C/network-auth.xml:1338(programlisting)
15336
#, no-wrap
15337
msgid ""
15338
"\n"
15339
"SERVER=localhost\n"
15340
"BINDDN='cn=admin,dc=example,dc=com'\n"
15341
"BINDPWDFILE=\"/etc/ldapscripts/ldapscripts.passwd\"\n"
15342
"SUFFIX='dc=example,dc=com'\n"
15343
"GSUFFIX='ou=Groups'\n"
15344
"USUFFIX='ou=People'\n"
15345
"MSUFFIX='ou=Computers'\n"
15346
"GIDSTART=10000\n"
15347
"UIDSTART=10000\n"
15348
"MIDSTART=10000\n"
15349
msgstr ""
15350
15351
#: serverguide/C/network-auth.xml:1351(para)
15352
msgid ""
15353
"Now, create the <filename>ldapscripts.passwd</filename> file to allow "
15354
"authenticated access to the directory:"
15355
msgstr ""
15356
15357
#: serverguide/C/network-auth.xml:1356(command)
15358
msgid ""
15359
"sudo sh -c \"echo -n 'secret' > /etc/ldapscripts/ldapscripts.passwd\""
15360
msgstr ""
15361
15362
#: serverguide/C/network-auth.xml:1357(command)
15363
msgid "sudo chmod 400 /etc/ldapscripts/ldapscripts.passwd"
15364
msgstr ""
15365
15366
#: serverguide/C/network-auth.xml:1361(para)
15367
msgid ""
15368
"Replace <quote>secret</quote> with the actual password for your LDAP admin "
15369
"user."
15370
msgstr ""
15371
15372
#: serverguide/C/network-auth.xml:1366(para)
15373
msgid ""
15374
"The <application>ldapscripts</application> are now ready to help manage your "
15375
"directory. The following are some examples of how to use the scripts:"
15376
msgstr ""
15377
15378
#: serverguide/C/network-auth.xml:1373(para)
15379
msgid "Create a new user:"
15380
msgstr ""
15381
15382
#: serverguide/C/network-auth.xml:1377(command)
15383
msgid "sudo ldapadduser george example"
15384
msgstr ""
15385
15386
#: serverguide/C/network-auth.xml:1379(para)
15387
msgid ""
15388
"This will create a user with uid <emphasis role=\"italic\">george</emphasis> "
15389
"and set the user's primary group (gid) to <emphasis "
15390
"role=\"italic\">example</emphasis>"
15391
msgstr ""
15392
15393
#: serverguide/C/network-auth.xml:1385(para)
15394
msgid "Change a user's password:"
15395
msgstr ""
15396
15397
#: serverguide/C/network-auth.xml:1389(command)
15398
msgid "sudo ldapsetpasswd george"
15399
msgstr ""
15400
15401
#: serverguide/C/network-auth.xml:1390(computeroutput)
15402
#, no-wrap
15403
msgid "Changing password for user uid=george,ou=People,dc=example,dc=com"
15404
msgstr ""
15405
15406
#: serverguide/C/network-auth.xml:1391(userinput)
15407
#, no-wrap
15408
msgid "New Password: "
15409
msgstr ""
15410
15411
#: serverguide/C/network-auth.xml:1392(userinput)
15412
#, no-wrap
15413
msgid "New Password (verify): "
15414
msgstr ""
15415
15416
#: serverguide/C/network-auth.xml:1396(para)
15417
msgid "Delete a user:"
15418
msgstr ""
15419
15420
#: serverguide/C/network-auth.xml:1400(command)
15421
msgid "sudo ldapdeleteuser george"
15422
msgstr ""
15423
15424
#: serverguide/C/network-auth.xml:1405(para)
15425
msgid "Add a group:"
15426
msgstr ""
15427
15428
#: serverguide/C/network-auth.xml:1409(command)
15429
msgid "sudo ldapaddgroup qa"
15430
msgstr ""
15431
15432
#: serverguide/C/network-auth.xml:1413(para)
15433
msgid "Delete a group:"
15434
msgstr ""
15435
15436
#: serverguide/C/network-auth.xml:1417(command)
15437
msgid "sudo ldapdeletegroup qa"
15438
msgstr ""
15439
15440
#: serverguide/C/network-auth.xml:1421(para)
15441
msgid "Add a user to a group:"
15442
msgstr ""
15443
15444
#: serverguide/C/network-auth.xml:1425(command)
15445
msgid "sudo ldapaddusertogroup george qa"
15446
msgstr ""
15447
15448
#: serverguide/C/network-auth.xml:1427(para)
15449
msgid ""
15450
"You should now see a <emphasis>memberUid</emphasis> attribute for the "
15451
"<emphasis role=\"italic\">qa</emphasis> group with a value of <emphasis "
15452
"role=\"italic\">george</emphasis>."
15453
msgstr ""
15454
15455
#: serverguide/C/network-auth.xml:1433(para)
15456
msgid "Remove a user from a group:"
15457
msgstr ""
15458
15459
#: serverguide/C/network-auth.xml:1437(command)
15460
msgid "sudo ldapdeleteuserfromgroup george qa"
15461
msgstr ""
15462
15463
#: serverguide/C/network-auth.xml:1439(para)
15464
msgid ""
15465
"The <emphasis>memberUid</emphasis> attribute should now be removed from the "
15466
"<emphasis role=\"italic\">qa</emphasis> group."
15467
msgstr ""
15468
15469
#: serverguide/C/network-auth.xml:1445(para)
15470
msgid ""
15471
"The <application>ldapmodifyuser</application> script allows you to add, "
15472
"remove, or replace a user's attributes. The script uses the same syntax as "
15473
"the <application>ldapmodify</application> utility. For example:"
15474
msgstr ""
15475
15476
#: serverguide/C/network-auth.xml:1450(command)
15477
msgid "sudo ldapmodifyuser george"
15478
msgstr ""
15479
15480
#: serverguide/C/network-auth.xml:1451(computeroutput)
15481
#, no-wrap
15482
msgid ""
15483
"# About to modify the following entry :\n"
15484
"dn: uid=george,ou=People,dc=example,dc=com\n"
15485
"objectClass: account\n"
15486
"objectClass: posixAccount\n"
15487
"cn: george\n"
15488
"uid: george\n"
15489
"uidNumber: 1001\n"
15490
"gidNumber: 1001\n"
15491
"homeDirectory: /home/george\n"
15492
"loginShell: /bin/bash\n"
15493
"gecos: george\n"
15494
"description: User account\n"
15495
"userPassword:: e1NTSEF9eXFsTFcyWlhwWkF1eGUybVdFWHZKRzJVMjFTSG9vcHk=\n"
15496
"\n"
15497
"# Enter your modifications here, end with CTRL-D.\n"
15498
"dn: uid=george,ou=People,dc=example,dc=com"
15499
msgstr ""
15500
15501
#: serverguide/C/network-auth.xml:1467(userinput)
15502
#, no-wrap
15503
msgid ""
15504
"replace: gecos\n"
15505
"gecos: George Carlin"
15506
msgstr ""
15507
15508
#: serverguide/C/network-auth.xml:1470(para)
15509
msgid ""
15510
"The user's <emphasis>gecos</emphasis> should now be <quote>George "
15511
"Carlin</quote>."
15512
msgstr ""
15513
15514
#: serverguide/C/network-auth.xml:1475(para)
15515
msgid ""
15516
"Another great feature of <application>ldapscripts</application>, is the "
15517
"template system. Templates allow you to customize the attributes of user, "
15518
"group, and machine objectes. For example, to enable the "
15519
"<emphasis>user</emphasis> template edit "
15520
"<filename>/etc/ldapscripts/ldapscripts.conf</filename> changing:"
15521
msgstr ""
15522
15523
#: serverguide/C/network-auth.xml:1482(programlisting)
15524
#, no-wrap
15525
msgid ""
15526
"\n"
15527
"UTEMPLATE=\"/etc/ldapscripts/ldapadduser.template\"\n"
15528
msgstr ""
15529
15530
#: serverguide/C/network-auth.xml:1486(para)
15531
msgid ""
15532
"There are <emphasis role=\"italic\">sample</emphasis> templates in the "
15533
"<filename>/etc/ldapscripts</filename> directory. Copy or rename the "
15534
"<filename>ldapadduser.template.sample</filename> file to "
15535
"<filename>/etc/ldapscripts/ldapadduser.template</filename>:"
15536
msgstr ""
15537
15538
#: serverguide/C/network-auth.xml:1493(command)
15539
msgid ""
15540
"sudo cp /etc/ldapscripts/ldapadduser.template.sample "
15541
"/etc/ldapscripts/ldapadduser.template"
15542
msgstr ""
15543
15544
#: serverguide/C/network-auth.xml:1496(para)
15545
msgid ""
15546
"Edit the new template to add the desired attributes. The following will "
15547
"create new user's as with an <emphasis>objectClass</emphasis> of "
15548
"<emphasis>inetOrgPerson</emphasis>:"
15549
msgstr ""
15550
15551
#: serverguide/C/network-auth.xml:1501(programlisting)
15552
#, no-wrap
15553
msgid ""
15554
"\n"
15555
"dn: uid=<user>,<usuffix>,<suffix>\n"
15556
"objectClass: inetOrgPerson\n"
15557
"objectClass: posixAccount\n"
15558
"cn: <user>\n"
15559
"sn: <ask>\n"
15560
"uid: <user>\n"
15561
"uidNumber: <uid>\n"
15562
"gidNumber: <gid>\n"
15563
"homeDirectory: <home>\n"
15564
"loginShell: <shell>\n"
15565
"gecos: <user>\n"
15566
"description: User account\n"
15567
"title: Employee\n"
15568
msgstr ""
15569
15570
#: serverguide/C/network-auth.xml:1517(para)
15571
msgid ""
15572
"Notice the <emphasis><ask></emphasis> option used for the "
15573
"<emphasis>cn</emphasis> value. Using <ask> will configure "
15574
"<application>ldapadduser</application> to prompt you for the attribute value "
15575
"during user creation."
15576
msgstr ""
15577
15578
#: serverguide/C/network-auth.xml:1525(para)
15579
msgid ""
15580
"There are more useful scripts in the package, to see a full list enter: "
15581
"<command>dpkg -L ldapscripts | grep bin</command>"
15582
msgstr ""
15583
15584
#: serverguide/C/network-auth.xml:1534(para)
15585
msgid ""
15586
"The <ulink url=\"https://help.ubuntu.com/community/OpenLDAPServer\">OpenLDAP "
15587
"Ubuntu Wiki</ulink> page has more details."
15588
msgstr ""
15589
15590
#: serverguide/C/network-auth.xml:1539(para)
15591
msgid ""
15592
"For more information see <ulink url=\"http://www.openldap.org/\">OpenLDAP "
15593
"Home Page</ulink>"
15594
msgstr ""
15595
15596
#: serverguide/C/network-auth.xml:1544(para)
15597
msgid ""
15598
"Though starting to show it's age, a great source for in depth LDAP "
15599
"information is O'Reilly's <ulink "
15600
"url=\"http://www.oreilly.com/catalog/ldapsa/\">LDAP System "
15601
"Administration</ulink>"
15602
msgstr ""
15603
15604
#: serverguide/C/network-auth.xml:1550(para)
15605
msgid ""
15606
"Packt's <ulink url=\"http://www.packtpub.com/OpenLDAP-Developers-Server-Open-"
15607
"Source-Linux/book\">Mastering OpenLDAP</ulink> is a great reference covering "
15608
"newer versions of OpenLDAP."
15609
msgstr ""
15610
15611
#: serverguide/C/network-auth.xml:1556(para)
15612
msgid ""
15613
"For more information on <application>auth-client-config</application> see "
15614
"the man page: <command>man auth-client-config</command>."
15615
msgstr ""
15616
15617
#: serverguide/C/network-auth.xml:1561(para)
15618
msgid ""
15619
"For more details regarding the <application>ldapscripts</application> "
15620
"package see the man pages: <command>man ldapscripts</command>, <command>man "
15621
"ldapadduser</command>, <command>man ldapaddgroup</command>, etc."
15622
msgstr ""
15623
15624
#: serverguide/C/network-auth.xml:1571(title)
15625
msgid "Samba and LDAP"
15626
msgstr ""
15627
15628
#: serverguide/C/network-auth.xml:1573(para)
15629
msgid ""
15630
"This section covers configuring Samba to use LDAP for user, group, and "
15631
"machine account information and authentication. The assumption is, you "
15632
"already have a working OpenLDAP directory installed and the server is "
15633
"configured to use it for authentication. See <xref linkend=\"openldap-"
15634
"server\"/> and <xref linkend=\"openldap-auth-config\"/> for details on "
15635
"setting up OpenLDAP. For more information on installing and configuring "
15636
"Samba see <xref linkend=\"windows-networking\"/>."
15637
msgstr ""
15638
15639
#: serverguide/C/network-auth.xml:1583(para)
15640
msgid ""
15641
"There are three packages needed when integrating Samba with LDAP. "
15642
"<application>samba</application>, <application>samba-doc</application>, and "
15643
"<application>smbldap-tools</application> packages . To install the packages, "
15644
"from a terminal enter:"
15645
msgstr ""
15646
15647
#: serverguide/C/network-auth.xml:1589(command)
15648
msgid "sudo apt-get install samba samba-doc smbldap-tools"
15649
msgstr ""
15650
15651
#: serverguide/C/network-auth.xml:1592(para)
15652
msgid ""
15653
"Strictly speaking the <application>smbldap-tools</application> package isn't "
15654
"needed, but unless you have another package or custom scripts, a method of "
15655
"managing users, groups, and computer accounts is needed."
15656
msgstr ""
15657
15658
#: serverguide/C/network-auth.xml:1599(title)
15659
msgid "OpenLDAP Configuration"
15660
msgstr ""
15661
15662
#: serverguide/C/network-auth.xml:1601(para)
15663
msgid ""
15664
"In order for Samba to use OpenLDAP as a <emphasis>passdb backend</emphasis>, "
15665
"the user objects in the directory will need additional attributes. This "
15666
"section assumes you want Samba to be configured as a Windows NT domain "
15667
"controller, and will add the necessary LDAP objects and attributes."
15668
msgstr ""
15669
15670
#: serverguide/C/network-auth.xml:1609(para)
15671
msgid ""
15672
"The Samba attributes are defined in the <filename>samba.schema</filename> "
15673
"file which is part of the <application>samba-doc</application> package. The "
15674
"schema file needs to be unzipped and copied to "
15675
"<filename>/etc/ldap/schema</filename>. From a terminal prompt enter:"
15676
msgstr ""
15677
15678
#: serverguide/C/network-auth.xml:1616(command)
15679
msgid ""
15680
"sudo cp /usr/share/doc/samba-doc/examples/LDAP/samba.schema.gz "
15681
"/etc/ldap/schema/"
15682
msgstr ""
15683
15684
#: serverguide/C/network-auth.xml:1617(command)
15685
msgid "sudo gzip -d /etc/ldap/schema/samba.schema.gz"
15686
msgstr ""
15687
15688
#: serverguide/C/network-auth.xml:1623(para)
15689
msgid ""
15690
"The <emphasis>samba</emphasis> schema needs to be added to the "
15691
"<emphasis>cn=config</emphasis> tree. The procedure to add a new schema to "
15692
"<application>slapd</application> is also detailed in <xref "
15693
"linkend=\"openldap-configuration\"/>."
15694
msgstr ""
15695
15696
#: serverguide/C/network-auth.xml:1631(para) serverguide/C/network-auth.xml:2666(para)
15697
msgid ""
15698
"First, create a configuration file named "
15699
"<filename>schema_convert.conf</filename>, or a similar descriptive name, "
15700
"containing the following lines:"
15701
msgstr ""
15702
15703
#: serverguide/C/network-auth.xml:1636(programlisting)
15704
#, no-wrap
15705
msgid ""
15706
"\n"
15707
"include /etc/ldap/schema/core.schema\n"
15708
"include /etc/ldap/schema/collective.schema\n"
15709
"include /etc/ldap/schema/corba.schema\n"
15710
"include /etc/ldap/schema/cosine.schema\n"
15711
"include /etc/ldap/schema/duaconf.schema\n"
15712
"include /etc/ldap/schema/dyngroup.schema\n"
15713
"include /etc/ldap/schema/inetorgperson.schema\n"
15714
"include /etc/ldap/schema/java.schema\n"
15715
"include /etc/ldap/schema/misc.schema\n"
15716
"include /etc/ldap/schema/nis.schema\n"
15717
"include /etc/ldap/schema/openldap.schema\n"
15718
"include /etc/ldap/schema/ppolicy.schema\n"
15719
"include /etc/ldap/schema/samba.schema\n"
15720
msgstr ""
15721
15722
#: serverguide/C/network-auth.xml:1666(para) serverguide/C/network-auth.xml:2701(para)
15723
msgid ""
15724
"Now use <application>slapcat</application> to convert the schema files:"
15725
msgstr ""
15726
15727
#: serverguide/C/network-auth.xml:1671(command)
15728
msgid ""
15729
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
15730
"\"cn={12}samba,cn=schema,cn=config\" > /tmp/cn=samba.ldif"
15731
msgstr ""
15732
15733
#: serverguide/C/network-auth.xml:1674(para) serverguide/C/network-auth.xml:2709(para)
15734
msgid ""
15735
"Change the above file and path names to match your own if they are different."
15736
msgstr ""
15737
15738
#: serverguide/C/network-auth.xml:1681(para)
15739
msgid ""
15740
"Edit the generated <filename>/tmp/cn\\=samba.ldif</filename> file, changing "
15741
"the following attributes:"
15742
msgstr ""
15743
15744
#: serverguide/C/network-auth.xml:1685(programlisting)
15745
#, no-wrap
15746
msgid ""
15747
"\n"
15748
"dn: cn=samba,cn=schema,cn=config\n"
15749
"...\n"
15750
"cn: samba\n"
15751
msgstr ""
15752
15753
#: serverguide/C/network-auth.xml:1695(programlisting)
15754
#, no-wrap
15755
msgid ""
15756
"\n"
15757
"structuralObjectClass: olcSchemaConfig\n"
15758
"entryUUID: b53b75ca-083f-102d-9fff-2f64fd123c95\n"
15759
"creatorsName: cn=config\n"
15760
"createTimestamp: 20080827045234Z\n"
15761
"entryCSN: 20080827045234.341425Z#000000#000#000000\n"
15762
"modifiersName: cn=config\n"
15763
"modifyTimestamp: 20080827045234Z\n"
15764
msgstr ""
15765
15766
#: serverguide/C/network-auth.xml:1720(command)
15767
msgid "ldapadd -x -D cn=admin,cn=config -W -f /tmp/cn\\=samba.ldif"
15768
msgstr ""
15769
15770
#: serverguide/C/network-auth.xml:1726(para)
15771
msgid ""
15772
"There should now be a <emphasis>dn: "
15773
"cn={X}misc,cn=schema,cn=config</emphasis>, where \"X\" is the next "
15774
"sequential schema, entry in the cn=config tree."
15775
msgstr ""
15776
15777
#: serverguide/C/network-auth.xml:1734(para)
15778
msgid ""
15779
"Copy and paste the following into a file named "
15780
"<filename>samba_indexes.ldif</filename>:"
15781
msgstr ""
15782
15783
#: serverguide/C/network-auth.xml:1738(programlisting)
15784
#, no-wrap
15785
msgid ""
15786
"\n"
15787
"dn: olcDatabase={1}hdb,cn=config\n"
15788
"changetype: modify\n"
15789
"add: olcDbIndex\n"
15790
"olcDbIndex: uidNumber eq\n"
15791
"olcDbIndex: gidNumber eq\n"
15792
"olcDbIndex: loginShell eq\n"
15793
"olcDbIndex: uid eq,pres,sub\n"
15794
"olcDbIndex: memberUid eq,pres,sub\n"
15795
"olcDbIndex: uniqueMember eq,pres\n"
15796
"olcDbIndex: sambaSID eq\n"
15797
"olcDbIndex: sambaPrimaryGroupSID eq\n"
15798
"olcDbIndex: sambaGroupType eq\n"
15799
"olcDbIndex: sambaSIDList eq\n"
15800
"olcDbIndex: sambaDomainName eq\n"
15801
"olcDbIndex: default sub\n"
15802
msgstr ""
15803
15804
#: serverguide/C/network-auth.xml:1756(para)
15805
msgid ""
15806
"Using the <application>ldapmodify</application> utility load the new indexes:"
15807
msgstr ""
15808
15809
#: serverguide/C/network-auth.xml:1761(command)
15810
msgid "ldapmodify -x -D cn=admin,cn=config -W -f samba_indexes.ldif"
15811
msgstr ""
15812
15813
#: serverguide/C/network-auth.xml:1763(para)
15814
msgid ""
15815
"If all went well you should see the new indexes using "
15816
"<application>ldapsearch</application>:"
15817
msgstr ""
15818
15819
#: serverguide/C/network-auth.xml:1768(command)
15820
msgid ""
15821
"ldapsearch -xLLL -D cn=admin,cn=config -x -b cn=config -W olcDatabase={1}hdb"
15822
msgstr ""
15823
15824
#: serverguide/C/network-auth.xml:1774(para)
15825
msgid ""
15826
"Next, configure the <application>smbldap-tools</application> package to "
15827
"match your environment. The package comes with a configuration script that "
15828
"will ask questions about the needed options. To run the script enter:"
15829
msgstr ""
15830
15831
#: serverguide/C/network-auth.xml:1780(command)
15832
msgid "sudo gzip -d /usr/share/doc/smbldap-tools/configure.pl.gz"
15833
msgstr ""
15834
15835
#: serverguide/C/network-auth.xml:1781(command)
15836
msgid "sudo perl /usr/share/doc/smbldap-tools/configure.pl"
15837
msgstr ""
15838
15839
#: serverguide/C/network-auth.xml:1784(para)
15840
msgid ""
15841
"Once you have answered the questions, there should be <filename>/etc/smbldap-"
15842
"tools/smbldap.conf</filename> and <filename>/etc/smbldap-"
15843
"tools/smbldap_bind.conf</filename> files. These files are generated by the "
15844
"configure script, so if you made any mistakes while executing the script it "
15845
"may be simpler to edit the file appropriately."
15846
msgstr ""
15847
15848
#: serverguide/C/network-auth.xml:1794(para)
15849
msgid ""
15850
"The <application>smbldap-populate</application> script will add the "
15851
"necessary users, groups, and LDAP objects required for Samba. It is a good "
15852
"idea to make a backup LDAP Data Interchange Format (LDIF) file with "
15853
"<application>slapcat</application> before executing the command:"
15854
msgstr ""
15855
15856
#: serverguide/C/network-auth.xml:1801(command)
15857
msgid "sudo slapcat -l backup.ldif"
15858
msgstr ""
15859
15860
#: serverguide/C/network-auth.xml:1807(para)
15861
msgid ""
15862
"Once you have a current backup execute <application>smbldap-"
15863
"populate</application> by entering:"
15864
msgstr ""
15865
15866
#: serverguide/C/network-auth.xml:1812(command)
15867
msgid "sudo smbldap-populate"
15868
msgstr ""
15869
15870
#: serverguide/C/network-auth.xml:1816(para)
15871
msgid ""
15872
"You can create an LDIF file containing the new Samba objects by executing "
15873
"<command>sudo smbldap-populate -e samba.ldif</command>. This allows you to "
15874
"look over the changes making sure everything is correct."
15875
msgstr ""
15876
15877
#: serverguide/C/network-auth.xml:1824(para)
15878
msgid ""
15879
"Your LDAP directory now has the necessary domain information to authenticate "
15880
"Samba users."
15881
msgstr ""
15882
15883
#: serverguide/C/network-auth.xml:1830(title)
15884
msgid "Samba Configuration"
15885
msgstr ""
15886
15887
#: serverguide/C/network-auth.xml:1832(para)
15888
msgid ""
15889
"There a multiple ways to configure Samba for details on some common "
15890
"configurations see <xref linkend=\"windows-networking\"/>. To configure "
15891
"Samba to use LDAP, edit the main Samba configuration file "
15892
"<filename>/etc/samba/smb.conf</filename> commenting the <emphasis>passdb "
15893
"backend</emphasis> option and adding the following:"
15894
msgstr ""
15895
15896
#: serverguide/C/network-auth.xml:1838(programlisting)
15897
#, no-wrap
15898
msgid ""
15899
"\n"
15900
"# passdb backend = tdbsam\n"
15901
"\n"
15902
"# LDAP Settings\n"
15903
" passdb backend = ldapsam:ldap://hostname\n"
15904
" ldap suffix = dc=example,dc=com\n"
15905
" ldap user suffix = ou=People\n"
15906
" ldap group suffix = ou=Groups\n"
15907
" ldap machine suffix = ou=Computers\n"
15908
" ldap idmap suffix = ou=Idmap\n"
15909
" ldap admin dn = cn=admin,dc=example,dc=com\n"
15910
" ldap ssl = start tls\n"
15911
" ldap passwd sync = yes\n"
15912
"...\n"
15913
" add machine script = sudo /usr/sbin/smbldap-useradd -t 0 -w \"%u\"\n"
15914
msgstr ""
15915
15916
#: serverguide/C/network-auth.xml:1855(para)
15917
msgid "Restart <application>samba</application> to enable the new settings:"
15918
msgstr ""
15919
15920
#: serverguide/C/network-auth.xml:1863(para)
15921
msgid ""
15922
"Now Samba needs to know the LDAP admin password. From a terminal prompt "
15923
"enter:"
15924
msgstr ""
15925
15926
#: serverguide/C/network-auth.xml:1868(command)
15927
msgid "sudo smbpasswd -w secret"
15928
msgstr ""
15929
15930
#: serverguide/C/network-auth.xml:1872(para)
15931
msgid ""
15932
"Replacing <emphasis role=\"italic\">secret</emphasis> with your LDAP admin "
15933
"password."
15934
msgstr ""
15935
15936
#: serverguide/C/network-auth.xml:1877(para)
15937
msgid ""
15938
"If you currently have users in LDAP, and you want them to authenticate using "
15939
"Samba, they will need some Samba attributes defined in the "
15940
"<filename>samba.schema</filename> file. Add the Samba attributes to existing "
15941
"users using the <application>smbpasswd</application> utility, replacing "
15942
"<emphasis role=\"italic\">username</emphasis> with an actual user:"
15943
msgstr ""
15944
15945
#: serverguide/C/network-auth.xml:1885(command)
15946
msgid "sudo smbpasswd -a username"
15947
msgstr ""
15948
15949
#: serverguide/C/network-auth.xml:1888(para)
15950
msgid "You will then be asked to enter the user's password."
15951
msgstr ""
15952
15953
#: serverguide/C/network-auth.xml:1892(para)
15954
msgid ""
15955
"To add new user, group, and machine accounts use the utilities from the "
15956
"<application>smbldap-tools</application> package. Here are some examples:"
15957
msgstr ""
15958
15959
#: serverguide/C/network-auth.xml:1899(para)
15960
msgid ""
15961
"To add a new user to LDAP with Samba attributes enter the following, "
15962
"replacing username with an actual username:"
15963
msgstr ""
15964
15965
#: serverguide/C/network-auth.xml:1903(command)
15966
msgid "sudo smbldap-useradd -a -P username"
15967
msgstr ""
15968
15969
#: serverguide/C/network-auth.xml:1905(para)
15970
msgid ""
15971
"The <emphasis>-a</emphasis> option adds the Samba attributes, and the "
15972
"<emphasis>-P</emphasis> options calls the <application>smbldap-"
15973
"passwd</application> utility after the user is created allowing you to enter "
15974
"a password for the user."
15975
msgstr ""
15976
15977
#: serverguide/C/network-auth.xml:1911(para)
15978
msgid "To remove a user from the directory enter:"
15979
msgstr ""
15980
15981
#: serverguide/C/network-auth.xml:1915(command)
15982
msgid "sudo smbldap-userdel username"
15983
msgstr ""
15984
15985
#: serverguide/C/network-auth.xml:1917(para)
15986
msgid ""
15987
"The <application>smbldap-userdel</application> utility also has a <emphasis>-"
15988
"r</emphasis> option to remove the user's home directory."
15989
msgstr ""
15990
15991
#: serverguide/C/network-auth.xml:1922(para)
15992
msgid ""
15993
"Use <application>smbldap-groupadd</application> to add a group, replacing "
15994
"groupname with an appropriate group:"
15995
msgstr ""
15996
15997
#: serverguide/C/network-auth.xml:1926(command)
15998
msgid "sudo smbldap-groupadd -a groupname"
15999
msgstr ""
16000
16001
#: serverguide/C/network-auth.xml:1928(para)
16002
msgid ""
16003
"Similar to <application>smbldap-useradd</application>, the <emphasis>-"
16004
"a</emphasis> adds the Samba attributes."
16005
msgstr ""
16006
16007
#: serverguide/C/network-auth.xml:1933(para)
16008
msgid ""
16009
"To add a user to a group use <application>smbldap-groupmod</application>:"
16010
msgstr ""
16011
16012
#: serverguide/C/network-auth.xml:1937(command)
16013
msgid "sudo smbldap-groupmod -m username groupname"
16014
msgstr ""
16015
16016
#: serverguide/C/network-auth.xml:1939(para)
16017
msgid ""
16018
"Be sure to replace <emphasis>username</emphasis> with a real user. Also, the "
16019
"<emphasis>-m</emphasis> option can add more than one user at a time by "
16020
"listing them in <emphasis>comma separated</emphasis> format."
16021
msgstr ""
16022
16023
#: serverguide/C/network-auth.xml:1945(para)
16024
msgid ""
16025
"<application>smbldap-groupmod</application> can also be used to remove a "
16026
"user from a group:"
16027
msgstr ""
16028
16029
#: serverguide/C/network-auth.xml:1949(command)
16030
msgid "sudo smbldap-groupmod -x username groupname"
16031
msgstr ""
16032
16033
#: serverguide/C/network-auth.xml:1953(para)
16034
msgid ""
16035
"Additionally, the <application>smbldap-useradd</application> utility can add "
16036
"Samba machine accounts:"
16037
msgstr ""
16038
16039
#: serverguide/C/network-auth.xml:1957(command)
16040
msgid "sudo smbldap-useradd -t 0 -w username"
16041
msgstr ""
16042
16043
#: serverguide/C/network-auth.xml:1959(para)
16044
msgid ""
16045
"Replace <emphasis>username</emphasis> with the name of the workstation. The "
16046
"<emphasis>-t 0</emphasis> option creates the machine account without a "
16047
"delay, while the <emphasis>-w</emphasis> option specifies the user as a "
16048
"machine account. Also, note the <emphasis>add machine script</emphasis> "
16049
"option in <filename>/etc/samba/smb.conf</filename> was changed to use "
16050
"<application>smbldap-useradd</application>."
16051
msgstr ""
16052
16053
#: serverguide/C/network-auth.xml:1968(para)
16054
msgid ""
16055
"There are more useful utilities and options in the <application>smbldap-"
16056
"tools</application> package. The man page for each utility provides more "
16057
"details."
16058
msgstr ""
16059
16060
#: serverguide/C/network-auth.xml:1979(para)
16061
msgid ""
16062
"There are multiple places where LDAP and Samba is documented in the <ulink "
16063
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba HOWTO "
16064
"Collection</ulink>."
16065
msgstr ""
16066
16067
#: serverguide/C/network-auth.xml:1985(para)
16068
msgid ""
16069
"Specifically see the <ulink url=\"http://samba.org/samba/docs/man/Samba-"
16070
"HOWTO-Collection/passdb.html\">passdb section</ulink>."
16071
msgstr ""
16072
16073
#: serverguide/C/network-auth.xml:1991(para)
16074
msgid ""
16075
"Another good site is <ulink url=\"http://www.iallanis.info/smbldap-"
16076
"tools/docs/samba-ldap-howto/\">Samba OpenLDAP HOWTO</ulink>."
16077
msgstr ""
16078
16079
#: serverguide/C/network-auth.xml:1997(para)
16080
msgid ""
16081
"Again, for more information on <application>smbldap-tools</application> see "
16082
"the man pages: <command>man smbldap-useradd</command>, <command>man smbldap-"
16083
"groupadd</command>, <command>man smbldap-populate</command>, etc."
16084
msgstr ""
16085
16086
#: serverguide/C/network-auth.xml:2004(para)
16087
msgid ""
16088
"Also, there is a list of <ulink "
16089
"url=\"https://help.ubuntu.com/community/Samba#samba-ldap\">Ubuntu "
16090
"wiki</ulink> articles with more information."
16091
msgstr ""
16092
16093
#: serverguide/C/network-auth.xml:2013(title)
16094
msgid "Kerberos"
16095
msgstr "Kerberos"
16096
16097
#: serverguide/C/network-auth.xml:2015(para)
16098
msgid ""
16099
"<application>Kerberos</application> is a network authentication system based "
16100
"on the principal of a trusted third party. The other two parties being the "
16101
"user and the service the user wishes to authenticate to. Not all services "
16102
"and applications can use Kerberos, but for those that can, it brings the "
16103
"network environment one step closer to being Single Sign On (SSO)."
16104
msgstr ""
16105
16106
#: serverguide/C/network-auth.xml:2021(para)
16107
msgid ""
16108
"This section covers installation and configuration of a Kerberos server, and "
16109
"some example client configurations."
16110
msgstr ""
16111
16112
#: serverguide/C/network-auth.xml:2028(para)
16113
msgid ""
16114
"If you are new to Kerberos there are a few terms that are good to understand "
16115
"before setting up a Kerberos server. Most of the terms will relate to things "
16116
"you may be familiar with in other environments:"
16117
msgstr ""
16118
16119
#: serverguide/C/network-auth.xml:2035(para)
16120
msgid ""
16121
"<emphasis>Principal:</emphasis> any users, computers, and services provided "
16122
"by servers need to be defined as Kerberos Principals."
16123
msgstr ""
16124
16125
#: serverguide/C/network-auth.xml:2040(para)
16126
msgid ""
16127
"<emphasis>Instances:</emphasis> are used for service principals and special "
16128
"administrative principals."
16129
msgstr ""
16130
16131
#: serverguide/C/network-auth.xml:2045(para)
16132
msgid ""
16133
"<emphasis>Realms:</emphasis> the unique realm of control provided by the "
16134
"Kerberos installation. Usually the DNS domain converted to uppercase "
16135
"(EXAMPLE.COM)."
16136
msgstr ""
16137
16138
#: serverguide/C/network-auth.xml:2051(para)
16139
msgid ""
16140
"<emphasis>Key Distribution Center:</emphasis> (KDC) consist of three parts, "
16141
"a database of all principals, the authentication server, and the ticket "
16142
"granting server. For each realm there must be at least one KDC."
16143
msgstr ""
16144
16145
#: serverguide/C/network-auth.xml:2057(para)
16146
msgid ""
16147
"<emphasis>Ticket Granting Ticket:</emphasis> issued by the Authentication "
16148
"Server (AS), the Ticket Granting Ticket (TGT) is encrypted in the user's "
16149
"password which is known only to the user and the KDC."
16150
msgstr ""
16151
16152
#: serverguide/C/network-auth.xml:2063(para)
16153
msgid ""
16154
"<emphasis>Ticket Granting Server:</emphasis> (TGS) issues service tickets to "
16155
"clients upon request."
16156
msgstr ""
16157
16158
#: serverguide/C/network-auth.xml:2068(para)
16159
msgid ""
16160
"<emphasis>Tickets:</emphasis> confirm the identity of the two principals. "
16161
"One principal being a user and the other a service requested by the user. "
16162
"Tickets establish an encryption key used for secure communication during the "
16163
"authenticated session."
16164
msgstr ""
16165
16166
#: serverguide/C/network-auth.xml:2074(para)
16167
msgid ""
16168
"<emphasis>Keytab Files:</emphasis> are files extracted from the KDC "
16169
"principal database and contain the encryption key for a service or host."
16170
msgstr ""
16171
16172
#: serverguide/C/network-auth.xml:2081(para)
16173
msgid ""
16174
"To put the pieces together, a Realm has at least one KDC, preferably two for "
16175
"redundancy, which contains a database of Principals. When a user principal "
16176
"logs into a workstation, configured for Kerberos authentication, the KDC "
16177
"issues a Ticket Granting Ticket (TGT). If the user supplied credentials "
16178
"match, the user is authenticated and can then request tickets for Kerberized "
16179
"services from the Ticket Granting Server (TGS). The service tickets allow "
16180
"the user to authenticate to the service without entering another username "
16181
"and password."
16182
msgstr ""
16183
16184
#: serverguide/C/network-auth.xml:2090(title)
16185
msgid "Kerberos Server"
16186
msgstr ""
16187
16188
#: serverguide/C/network-auth.xml:2094(para)
16189
msgid ""
16190
"Before installing the Kerberos server a properly configured DNS server is "
16191
"needed for your domain. Since the Kerberos Realm by convention matches the "
16192
"domain name, this section uses the <emphasis>example.com</emphasis> domain "
16193
"configured in <xref linkend=\"dns-primarymaster-configuration\"/>."
16194
msgstr ""
16195
16196
#: serverguide/C/network-auth.xml:2100(para)
16197
msgid ""
16198
"Also, Kerberos is a time sensitive protocol. So if the local system time "
16199
"between a client machine and the server differs by more than five minutes "
16200
"(by default), the workstation will not be able to authenticate. To correct "
16201
"the problem all hosts should have their time synchronized using the "
16202
"<emphasis>Network Time Protocol (NTP)</emphasis>. For details on setting up "
16203
"NTP see <xref linkend=\"NTP\"/>."
16204
msgstr ""
16205
16206
#: serverguide/C/network-auth.xml:2107(para)
16207
msgid ""
16208
"The first step in installing a Kerberos Realm is to install the "
16209
"<application>krb5-kdc</application> and <application>krb5-admin-"
16210
"server</application> packages. From a terminal enter:"
16211
msgstr ""
16212
16213
#: serverguide/C/network-auth.xml:2113(command) serverguide/C/network-auth.xml:2288(command)
16214
msgid "sudo apt-get install krb5-kdc krb5-admin-server"
16215
msgstr ""
16216
16217
#: serverguide/C/network-auth.xml:2116(para)
16218
msgid ""
16219
"You will be asked at the end of the install to supply a name for the "
16220
"Kerberos and Admin servers, which may or may not be the same server, for the "
16221
"realm."
16222
msgstr ""
16223
16224
#: serverguide/C/network-auth.xml:2121(para)
16225
msgid ""
16226
"Next, create the new realm with the <application>kdb5_newrealm</application> "
16227
"utility:"
16228
msgstr ""
16229
16230
#: serverguide/C/network-auth.xml:2126(command)
16231
msgid "sudo krb5_newrealm"
16232
msgstr ""
16233
16234
#: serverguide/C/network-auth.xml:2133(para)
16235
msgid ""
16236
"The questions asked during installation are used to configure the "
16237
"<filename>/etc/krb5.conf</filename> file. If you need to adjust the Key "
16238
"Distribution Center (KDC) settings simply edit the file and restart the "
16239
"<application>krb5-kdc</application> daemon."
16240
msgstr ""
16241
16242
#: serverguide/C/network-auth.xml:2141(para)
16243
msgid ""
16244
"Now that the KDC running an admin user is needed. It is recommended to use a "
16245
"different username from your everyday username. Using the "
16246
"<application>kadmin.local</application> utility in a terminal prompt enter:"
16247
msgstr ""
16248
16249
#: serverguide/C/network-auth.xml:2147(command) serverguide/C/network-auth.xml:2943(command)
16250
msgid "sudo kadmin.local"
16251
msgstr ""
16252
16253
#: serverguide/C/network-auth.xml:2148(computeroutput)
16254
#, no-wrap
16255
msgid ""
16256
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
16257
"kadmin.local:"
16258
msgstr ""
16259
16260
#: serverguide/C/network-auth.xml:2149(userinput)
16261
#, no-wrap
16262
msgid " addprinc steve/admin"
16263
msgstr ""
16264
16265
#: serverguide/C/network-auth.xml:2150(computeroutput)
16266
#, no-wrap
16267
msgid ""
16268
"WARNING: no policy specified for steve/admin@EXAMPLE.COM; defaulting to no "
16269
"policy\n"
16270
"Enter password for principal \"steve/admin@EXAMPLE.COM\": \n"
16271
"Re-enter password for principal \"steve/admin@EXAMPLE.COM\": \n"
16272
"Principal \"steve/admin@EXAMPLE.COM\" created.\n"
16273
"kadmin.local:"
16274
msgstr ""
16275
16276
#: serverguide/C/network-auth.xml:2154(userinput)
16277
#, no-wrap
16278
msgid " quit"
16279
msgstr ""
16280
16281
#: serverguide/C/network-auth.xml:2157(para)
16282
msgid ""
16283
"In the above example <emphasis role=\"italic\">steve</emphasis> is the "
16284
"<emphasis>Principal</emphasis>, <emphasis role=\"italic\">/admin</emphasis> "
16285
"is an <emphasis>Instance</emphasis>, and <emphasis "
16286
"role=\"italic\">@EXAMPLE.COM</emphasis> signifies the realm. The <emphasis "
16287
"role=\"italic\">\"every day\"</emphasis> Principal would be "
16288
"<emphasis>steve@EXAMPLE.COM</emphasis>, and should have only normal user "
16289
"rights."
16290
msgstr ""
16291
16292
#: serverguide/C/network-auth.xml:2165(para)
16293
msgid ""
16294
"Replace <emphasis>EXAMPLE.COM</emphasis> and <emphasis>steve</emphasis> with "
16295
"your Realm and admin username."
16296
msgstr ""
16297
16298
#: serverguide/C/network-auth.xml:2173(para)
16299
msgid ""
16300
"Next, the new admin user needs to have the appropriate Access Control List "
16301
"(ACL) permissions. The permissions are configured in the "
16302
"<filename>/etc/krb5kdc/kadm5.acl</filename> file:"
16303
msgstr ""
16304
16305
#: serverguide/C/network-auth.xml:2178(programlisting)
16306
#, no-wrap
16307
msgid ""
16308
"\n"
16309
"steve/admin@EXAMPLE.COM *\n"
16310
msgstr ""
16311
16312
#: serverguide/C/network-auth.xml:2182(para)
16313
msgid ""
16314
"This entry grants <emphasis>steve/admin</emphasis> the ability to perform "
16315
"any operation on all principals in the realm."
16316
msgstr ""
16317
16318
#: serverguide/C/network-auth.xml:2189(para)
16319
msgid ""
16320
"Now restart the <application>krb5-admin-server</application> for the new ACL "
16321
"to take affect:"
16322
msgstr ""
16323
16324
#: serverguide/C/network-auth.xml:2194(command)
16325
msgid "sudo /etc/init.d/krb5-admin-server restart"
16326
msgstr ""
16327
16328
#: serverguide/C/network-auth.xml:2200(para)
16329
msgid ""
16330
"The new user principal can be tested using the <application>kinit "
16331
"utility</application>:"
16332
msgstr ""
16333
16334
#: serverguide/C/network-auth.xml:2205(command)
16335
msgid "kinit steve/admin"
16336
msgstr ""
16337
16338
#: serverguide/C/network-auth.xml:2206(computeroutput)
16339
#, no-wrap
16340
msgid "steve/admin@EXAMPLE.COM's Password:"
16341
msgstr ""
16342
16343
#: serverguide/C/network-auth.xml:2209(para)
16344
msgid ""
16345
"After entering the password, use the <application>klist</application> "
16346
"utility to view information about the Ticket Granting Ticket (TGT):"
16347
msgstr ""
16348
16349
#: serverguide/C/network-auth.xml:2215(command) serverguide/C/network-auth.xml:2550(command)
16350
msgid "klist"
16351
msgstr ""
16352
16353
#: serverguide/C/network-auth.xml:2216(computeroutput)
16354
#, no-wrap
16355
msgid ""
16356
"Credentials cache: FILE:/tmp/krb5cc_1000\n"
16357
" Principal: steve/admin@EXAMPLE.COM\n"
16358
"\n"
16359
" Issued Expires Principal\n"
16360
"Jul 13 17:53:34 Jul 14 03:53:34 krbtgt/EXAMPLE.COM@EXAMPLE.COM"
16361
msgstr ""
16362
16363
#: serverguide/C/network-auth.xml:2223(para)
16364
msgid ""
16365
"You may need to add an entry into the <filename>/etc/hosts</filename> for "
16366
"the KDC. For example:"
16367
msgstr ""
16368
16369
#: serverguide/C/network-auth.xml:2227(programlisting)
16370
#, no-wrap
16371
msgid ""
16372
"\n"
16373
"192.168.0.1 kdc01.example.com kdc01\n"
16374
msgstr ""
16375
16376
#: serverguide/C/network-auth.xml:2231(para)
16377
msgid ""
16378
"Replacing <emphasis>192.168.0.1</emphasis> with the IP address of your KDC."
16379
msgstr ""
16380
16381
#: serverguide/C/network-auth.xml:2238(para)
16382
msgid ""
16383
"In order for clients to determine the KDC for the Realm some DNS SRV records "
16384
"are needed. Add the following to "
16385
"<filename>/etc/named/db.example.com</filename>:"
16386
msgstr ""
16387
16388
#: serverguide/C/network-auth.xml:2243(programlisting)
16389
#, no-wrap
16390
msgid ""
16391
"\n"
16392
"_kerberos._udp.EXAMPLE.COM. IN SRV 1 0 88 kdc01.example.com.\n"
16393
"_kerberos._tcp.EXAMPLE.COM. IN SRV 1 0 88 kdc01.example.com.\n"
16394
"_kerberos._udp.EXAMPLE.COM. IN SRV 10 0 88 kdc02.example.com. \n"
16395
"_kerberos._tcp.EXAMPLE.COM. IN SRV 10 0 88 kdc02.example.com. \n"
16396
"_kerberos-adm._tcp.EXAMPLE.COM. IN SRV 1 0 749 kdc01.example.com.\n"
16397
"_kpasswd._udp.EXAMPLE.COM. IN SRV 1 0 464 kdc01.example.com.\n"
16398
msgstr ""
16399
16400
#: serverguide/C/network-auth.xml:2253(para)
16401
msgid ""
16402
"Replace <emphasis>EXAMPLE.COM</emphasis>, <emphasis>kdc01</emphasis>, and "
16403
"<emphasis>kdc02</emphasis> with your domain name, primary KDC, and secondary "
16404
"KDC."
16405
msgstr ""
16406
16407
#: serverguide/C/network-auth.xml:2259(para)
16408
msgid ""
16409
"See <xref linkend=\"dns\"/> for detailed instructions on setting up DNS."
16410
msgstr ""
16411
16412
#: serverguide/C/network-auth.xml:2266(para)
16413
msgid "Your new Kerberos Realm is now ready to authenticate clients."
16414
msgstr ""
16415
16416
#: serverguide/C/network-auth.xml:2273(title)
16417
msgid "Secondary KDC"
16418
msgstr ""
16419
16420
#: serverguide/C/network-auth.xml:2275(para)
16421
msgid ""
16422
"Once you have one Key Distribution Center (KDC) on your network, it is good "
16423
"practice to have a Secondary KDC in case the primary becomes unavailable."
16424
msgstr ""
16425
16426
#: serverguide/C/network-auth.xml:2283(para)
16427
msgid ""
16428
"First, install the packages, and when asked for the Kerberos and Admin "
16429
"server names enter the name of the Primary KDC:"
16430
msgstr ""
16431
16432
#: serverguide/C/network-auth.xml:2294(para)
16433
msgid ""
16434
"Once you have the packages installed, create the Secondary KDC's host "
16435
"principal. From a terminal prompt, enter:"
16436
msgstr ""
16437
16438
#: serverguide/C/network-auth.xml:2299(command)
16439
msgid "kadmin -q \"addprinc -randkey host/kdc02.example.com\""
16440
msgstr ""
16441
16442
#: serverguide/C/network-auth.xml:2303(para)
16443
msgid ""
16444
"After, issuing any <application>kadmin</application> commands you will be "
16445
"prompted for your <emphasis>username/admin@EXAMPLE.COM</emphasis> principal "
16446
"password."
16447
msgstr ""
16448
16449
#: serverguide/C/network-auth.xml:2312(para)
16450
msgid "Extract the <emphasis>keytab</emphasis> file:"
16451
msgstr ""
16452
16453
#: serverguide/C/network-auth.xml:2317(command)
16454
msgid "kadmin -q \"ktadd -k keytab.kdc02 host/kdc02.example.com\""
16455
msgstr ""
16456
16457
#: serverguide/C/network-auth.xml:2323(para)
16458
msgid ""
16459
"There should now be a <filename>keytab.kdc02</filename> in the current "
16460
"directory, move the file to <filename>/etc/krb5.keytab</filename>:"
16461
msgstr ""
16462
16463
#: serverguide/C/network-auth.xml:2329(command)
16464
msgid "sudo mv keytab.kdc02 /etc/krb5.keytab"
16465
msgstr ""
16466
16467
#: serverguide/C/network-auth.xml:2333(para)
16468
msgid ""
16469
"If the path to the <filename>keytab.kdc02</filename> file is different "
16470
"adjust accordingly."
16471
msgstr ""
16472
16473
#: serverguide/C/network-auth.xml:2338(para)
16474
msgid ""
16475
"Also, you can list the principals in a Keytab file, which can be useful when "
16476
"troubleshooting, using the <application>klist</application> utility:"
16477
msgstr ""
16478
16479
#: serverguide/C/network-auth.xml:2344(command)
16480
msgid "sudo klist -k /etc/krb5.keytab"
16481
msgstr ""
16482
16483
#: serverguide/C/network-auth.xml:2350(para)
16484
msgid ""
16485
"Next, there needs to be a <filename>kpropd.acl</filename> file on each KDC "
16486
"that lists all KDCs for the Realm. For example, on both primary and "
16487
"secondary KDC, create <filename>/etc/krb5kdc/kpropd.acl</filename>:"
16488
msgstr ""
16489
16490
#: serverguide/C/network-auth.xml:2355(programlisting)
16491
#, no-wrap
16492
msgid ""
16493
"\n"
16494
"host/kdc01.example.com@EXAMPLE.COM\n"
16495
"host/kdc02.example.com@EXAMPLE.COM\n"
16496
msgstr ""
16497
16498
#: serverguide/C/network-auth.xml:2363(para)
16499
msgid "Create an empty database on the <emphasis>Secondary KDC</emphasis>:"
16500
msgstr ""
16501
16502
#: serverguide/C/network-auth.xml:2368(command)
16503
msgid "sudo kdb5_util -s create"
16504
msgstr ""
16505
16506
#: serverguide/C/network-auth.xml:2374(para)
16507
msgid ""
16508
"Now start the <application>kpropd</application> daemon, which listens for "
16509
"connections from the <application>kprop</application> utility. "
16510
"<application>kprop</application> is used to transfer dump files:"
16511
msgstr ""
16512
16513
#: serverguide/C/network-auth.xml:2381(command)
16514
msgid "sudo kpropd -S"
16515
msgstr ""
16516
16517
#: serverguide/C/network-auth.xml:2387(para)
16518
msgid ""
16519
"From a terminal on the <emphasis>Primary KDC</emphasis>, create a dump file "
16520
"of the principal database:"
16521
msgstr ""
16522
16523
#: serverguide/C/network-auth.xml:2392(command)
16524
msgid "sudo kdb5_util dump /var/lib/krb5kdc/dump"
16525
msgstr ""
16526
16527
#: serverguide/C/network-auth.xml:2398(para)
16528
msgid ""
16529
"Extract the Primary KDC's <emphasis>keytab</emphasis> file and copy it to "
16530
"<filename>/etc/krb5.keytab</filename>:"
16531
msgstr ""
16532
16533
#: serverguide/C/network-auth.xml:2403(command)
16534
msgid "kadmin -q \"ktadd -k keytab.kdc01 host/kdc01.example.com\""
16535
msgstr ""
16536
16537
#: serverguide/C/network-auth.xml:2404(command)
16538
msgid "sudo mv keytab.kdc01 /etc/kr5b.keytab"
16539
msgstr ""
16540
16541
#: serverguide/C/network-auth.xml:2408(para)
16542
msgid ""
16543
"Make sure there is a <emphasis>host</emphasis> for "
16544
"<emphasis>kdc01.example.com</emphasis> before extracting the Keytab."
16545
msgstr ""
16546
16547
#: serverguide/C/network-auth.xml:2416(para)
16548
msgid ""
16549
"Using the <application>kprop</application> utility push the database to the "
16550
"Secondary KDC:"
16551
msgstr ""
16552
16553
#: serverguide/C/network-auth.xml:2421(command)
16554
msgid "sudo kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com"
16555
msgstr ""
16556
16557
#: serverguide/C/network-auth.xml:2425(para)
16558
msgid ""
16559
"There should be a <emphasis>SUCCEEDED</emphasis> message if the propagation "
16560
"worked. If there is an error message check "
16561
"<filename>/var/log/syslog</filename> on the secondary KDC for more "
16562
"information."
16563
msgstr ""
16564
16565
#: serverguide/C/network-auth.xml:2431(para)
16566
msgid ""
16567
"You may also want to create a <application>cron</application> job to "
16568
"periodically update the database on the Secondary KDC. For example, the "
16569
"following will push the database every hour:"
16570
msgstr ""
16571
16572
#: serverguide/C/network-auth.xml:2436(programlisting)
16573
#, no-wrap
16574
msgid ""
16575
"\n"
16576
"# m h dom mon dow command\n"
16577
"0 * * * * /usr/sbin/kdb5_util dump /var/lib/krb5kdc/dump && "
16578
"/usr/sbin/kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com\n"
16579
msgstr ""
16580
16581
#: serverguide/C/network-auth.xml:2444(para)
16582
msgid ""
16583
"Back on the <emphasis>Secondary KDC</emphasis>, create a "
16584
"<emphasis>stash</emphasis> file to hold the Kerberos master key:"
16585
msgstr ""
16586
16587
#: serverguide/C/network-auth.xml:2450(command)
16588
msgid "sudo kdb5_util stash"
16589
msgstr ""
16590
16591
#: serverguide/C/network-auth.xml:2456(para)
16592
msgid ""
16593
"Finally, start the <application>krb5-kdc</application> daemon on the "
16594
"Secondary KDC:"
16595
msgstr ""
16596
16597
#: serverguide/C/network-auth.xml:2461(command) serverguide/C/network-auth.xml:3073(command)
16598
msgid "sudo /etc/init.d/krb5-kdc start"
16599
msgstr ""
16600
16601
#: serverguide/C/network-auth.xml:2467(para)
16602
msgid ""
16603
"The <emphasis>Secondary KDC</emphasis> should now be able to issue tickets "
16604
"for the Realm. You can test this by stopping the <application>krb5-"
16605
"kdc</application> daemon on the Primary KDC, then use "
16606
"<application>kinit</application> to request a ticket. If all goes well you "
16607
"should receive a ticket from the Secondary KDC."
16608
msgstr ""
16609
16610
#: serverguide/C/network-auth.xml:2475(title)
16611
msgid "Kerberos Linux Client"
16612
msgstr ""
16613
16614
#: serverguide/C/network-auth.xml:2477(para)
16615
msgid ""
16616
"This section covers configuring a Linux system as a "
16617
"<application>Kerberos</application> client. This will allow access to any "
16618
"kerberized services once a user has successfully logged into the system."
16619
msgstr ""
16620
16621
#: serverguide/C/network-auth.xml:2485(para)
16622
msgid ""
16623
"In order to authenticate to a Kerberos Realm, the <application>krb5-"
16624
"user</application> and <application>libpam-krb5</application> packages are "
16625
"needed, along with a few others that are not strictly necessary but make "
16626
"life easier. To install the packages enter the following in a terminal "
16627
"prompt:"
16628
msgstr ""
16629
16630
#: serverguide/C/network-auth.xml:2492(command)
16631
msgid ""
16632
"sudo apt-get install krb5-user libpam-krb5 libpam-ccreds auth-client-config"
16633
msgstr ""
16634
16635
#: serverguide/C/network-auth.xml:2495(para)
16636
msgid ""
16637
"The <application>auth-client-config</application> package allows simple "
16638
"configuration of PAM for authentication from multiple sources, and the "
16639
"<application>libpam-ccreds</application> will cache authentication "
16640
"credentials allowing you to login in case the Key Distribution Center (KDC) "
16641
"is unavailable. This package is also useful for laptops that may "
16642
"authenticate using Kerberos while on the corporate network, but will need to "
16643
"be accessed off the network as well."
16644
msgstr ""
16645
16646
#: serverguide/C/network-auth.xml:2506(para)
16647
msgid "To configure the client in a terminal enter:"
16648
msgstr ""
16649
16650
#: serverguide/C/network-auth.xml:2511(command)
16651
msgid "sudo dpkg-reconfigure krb5-config"
16652
msgstr ""
16653
16654
#: serverguide/C/network-auth.xml:2514(para)
16655
msgid ""
16656
"You will then be prompted to enter the name of the Kerberos Realm. Also, if "
16657
"you don't have DNS configured with Kerberos <emphasis>SRV</emphasis> "
16658
"records, the menu will prompt you for the hostname of the Key Distribution "
16659
"Center (KDC) and Realm Administration server."
16660
msgstr ""
16661
16662
#: serverguide/C/network-auth.xml:2520(para)
16663
msgid ""
16664
"The <application>dpkg-reconfigure</application> adds entries to the "
16665
"<filename>/etc/krb5.conf</filename> file for your Realm. You should have "
16666
"entries similar to the following:"
16667
msgstr ""
16668
16669
#: serverguide/C/network-auth.xml:2525(programlisting)
16670
#, no-wrap
16671
msgid ""
16672
"\n"
16673
"[libdefaults]\n"
16674
" default_realm = EXAMPLE.COM\n"
16675
"...\n"
16676
"[realms]\n"
16677
" EXAMPLE.COM = } \n"
16678
" kdc = 192.168.0.1 \n"
16679
" admin_server = 192.168.0.1\n"
16680
" }\n"
16681
msgstr ""
16682
16683
#: serverguide/C/network-auth.xml:2536(para)
16684
msgid ""
16685
"You can test the configuration by requesting a ticket using the "
16686
"<application>kinit</application> utility. For example:"
16687
msgstr ""
16688
16689
#: serverguide/C/network-auth.xml:2541(command)
16690
msgid "kinit steve@EXAMPLE.COM"
16691
msgstr ""
16692
16693
#: serverguide/C/network-auth.xml:2542(computeroutput)
16694
#, no-wrap
16695
msgid "Password for steve@EXAMPLE.COM:"
16696
msgstr ""
16697
16698
#: serverguide/C/network-auth.xml:2545(para)
16699
msgid ""
16700
"When a ticket has been granted, the details can be viewed using "
16701
"<application>klist</application>:"
16702
msgstr ""
16703
16704
#: serverguide/C/network-auth.xml:2551(computeroutput)
16705
#, no-wrap
16706
msgid ""
16707
"Ticket cache: FILE:/tmp/krb5cc_1000\n"
16708
"Default principal: steve@EXAMPLE.COM\n"
16709
"\n"
16710
"Valid starting Expires Service principal\n"
16711
"07/24/08 05:18:56 07/24/08 15:18:56 krbtgt/EXAMPLE.COM@EXAMPLE.COM\n"
16712
" renew until 07/25/08 05:18:57\n"
16713
"\n"
16714
"\n"
16715
"Kerberos 4 ticket cache: /tmp/tkt1000\n"
16716
"klist: You have no tickets cached"
16717
msgstr ""
16718
16719
#: serverguide/C/network-auth.xml:2563(para)
16720
msgid ""
16721
"Next, use the <application>auth-client-config</application> to configure the "
16722
"<application>libpam-krb5</application> module to request a ticket during "
16723
"login:"
16724
msgstr ""
16725
16726
#: serverguide/C/network-auth.xml:2569(command)
16727
msgid "sudo auth-client-config -a -p kerberos_example"
16728
msgstr ""
16729
16730
#: serverguide/C/network-auth.xml:2572(para)
16731
msgid ""
16732
"You will should now receive a ticket upon successful login authentication."
16733
msgstr ""
16734
16735
#: serverguide/C/network-auth.xml:2583(para)
16736
msgid ""
16737
"For more information on Kerberos see the <ulink "
16738
"url=\"http://web.mit.edu/Kerberos/\">MIT Kerberos</ulink> site."
16739
msgstr ""
16740
16741
#: serverguide/C/network-auth.xml:2588(para)
16742
msgid ""
16743
"The <ulink url=\"https://help.ubuntu.com/community/Kerberos\">Ubuntu Wiki "
16744
"Kerberos</ulink> page has more details."
16745
msgstr ""
16746
16747
#: serverguide/C/network-auth.xml:2593(para)
16748
msgid ""
16749
"O'Reilly's <ulink "
16750
"url=\"http://oreilly.com/catalog/9780596004033/\">Kerberos: The Definitive "
16751
"Guide</ulink> is a great reference when setting up Kerberos."
16752
msgstr ""
16753
16754
#: serverguide/C/network-auth.xml:2599(para)
16755
msgid ""
16756
"Also, feel free to stop by the <emphasis>#ubuntu-server</emphasis> IRC "
16757
"channel on <ulink url=\"http://freenode.net/\">Freenode</ulink> if you have "
16758
"Kerberos questions."
16759
msgstr ""
16760
16761
#: serverguide/C/network-auth.xml:2609(title)
16762
msgid "Kerberos and LDAP"
16763
msgstr ""
16764
16765
#: serverguide/C/network-auth.xml:2611(para)
16766
msgid ""
16767
"Replicating a Kerberos principal database between two servers can be "
16768
"complicated, and adds an additional user database to your network. "
16769
"Fortunately, MIT Kerberos can be configured to use an "
16770
"<application>LDAP</application> directory as a principal database. This "
16771
"section covers configuring a primary and secondary kerberos server to use "
16772
"<application>OpenLDAP</application> for the principal database."
16773
msgstr ""
16774
16775
#: serverguide/C/network-auth.xml:2619(title)
16776
msgid "Configuring OpenLDAP"
16777
msgstr ""
16778
16779
#: serverguide/C/network-auth.xml:2621(para)
16780
msgid ""
16781
"First, the necessary <emphasis>schema</emphasis> needs to be loaded on an "
16782
"<application>OpenLDAP</application> server that has network connectivity to "
16783
"the Primary and Secondary KDCs. The rest of this section assumes that you "
16784
"also have LDAP replication configured between at least two servers. For "
16785
"information on setting up OpenLDAP see <xref linkend=\"openldap-server\"/>."
16786
msgstr ""
16787
16788
#: serverguide/C/network-auth.xml:2628(para)
16789
msgid ""
16790
"It is also required to configure OpenLDAP for TLS and SSL connections, so "
16791
"that traffic between the KDC and LDAP server is encrypted. See <xref "
16792
"linkend=\"openldap-tls\"/> for details."
16793
msgstr ""
16794
16795
#: serverguide/C/network-auth.xml:2635(para)
16796
msgid ""
16797
"To load the schema into LDAP, on the LDAP server install the "
16798
"<application>krb5-kdc-ldap</application> package. From a terminal enter:"
16799
msgstr ""
16800
16801
#: serverguide/C/network-auth.xml:2641(command)
16802
msgid "sudo apt-get install krb5-kdc-ldap"
16803
msgstr ""
16804
16805
#: serverguide/C/network-auth.xml:2646(para)
16806
msgid "Next, extract the <filename>kerberos.schema.gz</filename> file:"
16807
msgstr ""
16808
16809
#: serverguide/C/network-auth.xml:2651(command)
16810
msgid "sudo gzip -d /usr/share/doc/krb5-kdc-ldap/kerberos.schema.gz"
16811
msgstr ""
16812
16813
#: serverguide/C/network-auth.xml:2652(command)
16814
msgid ""
16815
"sudo cp /usr/share/doc/krb5-kdc-ldap/kerberos.schema /etc/ldap/schema/"
16816
msgstr ""
16817
16818
#: serverguide/C/network-auth.xml:2658(para)
16819
msgid ""
16820
"The <emphasis>kerberos</emphasis> schema needs to be added to the "
16821
"<emphasis>cn=config</emphasis> tree. The procedure to add a new schema to "
16822
"<application>slapd</application> is also detailed in <xref "
16823
"linkend=\"openldap-configuration\"/>."
16824
msgstr ""
16825
16826
#: serverguide/C/network-auth.xml:2671(programlisting)
16827
#, no-wrap
16828
msgid ""
16829
"\n"
16830
"include /etc/ldap/schema/core.schema\n"
16831
"include /etc/ldap/schema/collective.schema\n"
16832
"include /etc/ldap/schema/corba.schema\n"
16833
"include /etc/ldap/schema/cosine.schema\n"
16834
"include /etc/ldap/schema/duaconf.schema\n"
16835
"include /etc/ldap/schema/dyngroup.schema\n"
16836
"include /etc/ldap/schema/inetorgperson.schema\n"
16837
"include /etc/ldap/schema/java.schema\n"
16838
"include /etc/ldap/schema/misc.schema\n"
16839
"include /etc/ldap/schema/nis.schema\n"
16840
"include /etc/ldap/schema/openldap.schema\n"
16841
"include /etc/ldap/schema/ppolicy.schema\n"
16842
"include /etc/ldap/schema/kerberos.schema\n"
16843
msgstr ""
16844
16845
#: serverguide/C/network-auth.xml:2691(para)
16846
msgid "Create a temporary directory to hold the LDIF files:"
16847
msgstr ""
16848
16849
#: serverguide/C/network-auth.xml:2706(command)
16850
msgid ""
16851
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
16852
"\"cn={12}kerberos,cn=schema,cn=config\" > /tmp/cn=kerberos.ldif"
16853
msgstr ""
16854
16855
#: serverguide/C/network-auth.xml:2716(para)
16856
msgid ""
16857
"Edit the generated <filename>/tmp/cn\\=kerberos.ldif</filename> file, "
16858
"changing the following attributes:"
16859
msgstr ""
16860
16861
#: serverguide/C/network-auth.xml:2720(programlisting)
16862
#, no-wrap
16863
msgid ""
16864
"\n"
16865
"dn: cn=kerberos,cn=schema,cn=config\n"
16866
"...\n"
16867
"cn: kerberos\n"
16868
msgstr ""
16869
16870
#: serverguide/C/network-auth.xml:2726(para)
16871
msgid "And remove the following lines from the end of the file:"
16872
msgstr ""
16873
16874
#: serverguide/C/network-auth.xml:2730(programlisting)
16875
#, no-wrap
16876
msgid ""
16877
"\n"
16878
"structuralObjectClass: olcSchemaConfig\n"
16879
"entryUUID: 18ccd010-746b-102d-9fbe-3760cca765dc\n"
16880
"creatorsName: cn=config\n"
16881
"createTimestamp: 20090111203515Z\n"
16882
"entryCSN: 20090111203515.326445Z#000000#000#000000\n"
16883
"modifiersName: cn=config\n"
16884
"modifyTimestamp: 20090111203515Z\n"
16885
msgstr ""
16886
16887
#: serverguide/C/network-auth.xml:2749(para)
16888
msgid "Load the new schema with <application>ldapadd</application>:"
16889
msgstr ""
16890
16891
#: serverguide/C/network-auth.xml:2754(command)
16892
msgid "ldapadd -x -D cn=admin,cn=config -W -f /tmp/cn\\=kerberos.ldif"
16893
msgstr ""
16894
16895
#: serverguide/C/network-auth.xml:2760(para)
16896
msgid ""
16897
"Add an index for the <emphasis>krb5principalname</emphasis> attribute:"
16898
msgstr ""
16899
16900
#: serverguide/C/network-auth.xml:2765(command) serverguide/C/network-auth.xml:2782(command)
16901
msgid "ldapmodify -x -D cn=admin,cn=config -W"
16902
msgstr ""
16903
16904
#: serverguide/C/network-auth.xml:2767(userinput)
16905
#, no-wrap
16906
msgid ""
16907
"dn: olcDatabase={1}hdb,cn=config\n"
16908
"add: olcDbIndex\n"
16909
"olcDbIndex: krbPrincipalName eq,pres,sub"
16910
msgstr ""
16911
16912
#: serverguide/C/network-auth.xml:2766(computeroutput)
16913
#, no-wrap
16914
msgid ""
16915
"Enter LDAP Password:\n"
16916
"<placeholder-1/>\n"
16917
"\n"
16918
"modifying entry \"olcDatabase={1}hdb,cn=config\""
16919
msgstr ""
16920
16921
#: serverguide/C/network-auth.xml:2777(para)
16922
msgid "Finally, update the Access Control Lists (ACL):"
16923
msgstr ""
16924
16925
#: serverguide/C/network-auth.xml:2784(userinput)
16926
#, no-wrap
16927
msgid ""
16928
"dn: olcDatabase={1}hdb,cn=config\n"
16929
"replace: olcAccess\n"
16930
"olcAccess: to attrs=userPassword,shadowLastChange,krbPrincipalKey by "
16931
"dn=\"cn=admin,dc=exampl\n"
16932
" e,dc=com\" write by anonymous auth by self write by * none\n"
16933
"-\n"
16934
"add: olcAccess\n"
16935
"olcAccess: to dn.base=\"\" by * read\n"
16936
"-\n"
16937
"add: olcAccess\n"
16938
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read"
16939
msgstr ""
16940
16941
#: serverguide/C/network-auth.xml:2783(computeroutput)
16942
#, no-wrap
16943
msgid ""
16944
"Enter LDAP Password: \n"
16945
"<placeholder-1/>\n"
16946
"\n"
16947
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
16948
msgstr ""
16949
16950
#: serverguide/C/network-auth.xml:2804(para)
16951
msgid ""
16952
"That's it, your LDAP directory is now ready to serve as a Kerberos principal "
16953
"database."
16954
msgstr ""
16955
16956
#: serverguide/C/network-auth.xml:2810(title)
16957
msgid "Primary KDC Configuration"
16958
msgstr ""
16959
16960
#: serverguide/C/network-auth.xml:2812(para)
16961
msgid ""
16962
"With <application>OpenLDAP</application> configured it is time to configure "
16963
"the KDC."
16964
msgstr ""
16965
16966
#: serverguide/C/network-auth.xml:2818(para)
16967
msgid "First, install the necessary packages, from a terminal enter:"
16968
msgstr ""
16969
16970
#: serverguide/C/network-auth.xml:2823(command) serverguide/C/network-auth.xml:2980(command)
16971
msgid "sudo apt-get install krb5-kdc krb5-admin-server krb5-kdc-ldap"
16972
msgstr ""
16973
16974
#: serverguide/C/network-auth.xml:2829(para)
16975
msgid ""
16976
"Now edit <filename>/etc/krb5.conf</filename> adding the following options to "
16977
"under the appropriate sections:"
16978
msgstr ""
16979
16980
#: serverguide/C/network-auth.xml:2833(programlisting)
16981
#, no-wrap
16982
msgid ""
16983
"\n"
16984
"[libdefaults]\n"
16985
" default_realm = EXAMPLE.COM\n"
16986
"\n"
16987
"...\n"
16988
"\n"
16989
"[realms]\n"
16990
" EXAMPLE.COM = {\n"
16991
" kdc = kdc01.example.com\n"
16992
" kdc = kdc02.example.com\n"
16993
" admin_server = kdc01.example.com\n"
16994
" admin_server = kdc02.example.com\n"
16995
" default_domain = example.com\n"
16996
" database_module = openldap_ldapconf\n"
16997
" }\n"
16998
"\n"
16999
"...\n"
17000
"\n"
17001
"[domain_realm]\n"
17002
" .example.com = EXAMPLE.COM\n"
17003
"\n"
17004
"\n"
17005
"...\n"
17006
"\n"
17007
"[dbdefaults]\n"
17008
" ldap_kerberos_container_dn = dc=example,dc=com\n"
17009
"\n"
17010
"[dbmodules]\n"
17011
" openldap_ldapconf = {\n"
17012
" db_library = kldap\n"
17013
" ldap_kdc_dn = \"cn=admin,dc=example,dc=com\"\n"
17014
"\n"
17015
" # this object needs to have read rights on\n"
17016
" # the realm container, principal container and realm sub-"
17017
"trees\n"
17018
" ldap_kadmind_dn = \"cn=admin,dc=example,dc=com\"\n"
17019
"\n"
17020
" # this object needs to have read and write rights on\n"
17021
" # the realm container, principal container and realm sub-"
17022
"trees\n"
17023
" ldap_service_password_file = /etc/krb5kdc/service.keyfile\n"
17024
" ldap_servers = ldaps://ldap01.example.com "
17025
"ldaps://ldap02.example.com\n"
17026
" ldap_conns_per_server = 5\n"
17027
" }\n"
17028
msgstr ""
17029
17030
#: serverguide/C/network-auth.xml:2878(para)
17031
msgid ""
17032
"Change <emphasis>example.com</emphasis>, "
17033
"<emphasis>dc=example,dc=com</emphasis>, "
17034
"<emphasis>cn=admin,dc=example,dc=com</emphasis>, and "
17035
"<emphasis>ldap01.example.com</emphasis> to the appropriate domain, LDAP "
17036
"object, and LDAP server for your network."
17037
msgstr ""
17038
17039
#: serverguide/C/network-auth.xml:2887(para)
17040
msgid ""
17041
"Next, use the <application>kdb5_ldap_util</application> utility to create "
17042
"the realm:"
17043
msgstr ""
17044
17045
#: serverguide/C/network-auth.xml:2892(command)
17046
msgid ""
17047
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com create -subtrees "
17048
"dc=example,dc=com -r EXAMPLE.COM -s -H ldap://ldap01.example.com"
17049
msgstr ""
17050
17051
#: serverguide/C/network-auth.xml:2898(para)
17052
msgid ""
17053
"Create a stash of the password used to bind to the LDAP server. This "
17054
"password is used by the <emphasis>ldap_kdc_dn</emphasis> and "
17055
"<emphasis>ldap_kadmin_dn</emphasis> options in "
17056
"<filename>/etc/krb5.conf</filename>:"
17057
msgstr ""
17058
17059
#: serverguide/C/network-auth.xml:2904(command) serverguide/C/network-auth.xml:3042(command)
17060
msgid ""
17061
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com stashsrvpw -f "
17062
"/etc/krb5kdc/service.keyfile cn=admin,dc=example,dc=com"
17063
msgstr ""
17064
17065
#: serverguide/C/network-auth.xml:2910(para)
17066
msgid "Copy the CA certificate from the LDAP server:"
17067
msgstr ""
17068
17069
#: serverguide/C/network-auth.xml:2915(command)
17070
msgid "scp ldap01:/etc/ssl/certs/cacert.pem ."
17071
msgstr ""
17072
17073
#: serverguide/C/network-auth.xml:2916(command)
17074
msgid "sudo cp cacert.pem /etc/ssl/certs"
17075
msgstr ""
17076
17077
#: serverguide/C/network-auth.xml:2919(para)
17078
msgid ""
17079
"And edit <filename>/etc/ldap/ldap.conf</filename> to use the certificate:"
17080
msgstr ""
17081
17082
#: serverguide/C/network-auth.xml:2923(programlisting)
17083
#, no-wrap
17084
msgid ""
17085
"\n"
17086
"TLS_CACERT /etc/ssl/certs/cacert.pem\n"
17087
msgstr ""
17088
17089
#: serverguide/C/network-auth.xml:2928(para)
17090
msgid ""
17091
"The certificate will also need to be copied to the Secondary KDC, to allow "
17092
"the connection to the LDAP servers using LDAPS."
17093
msgstr ""
17094
17095
#: serverguide/C/network-auth.xml:2937(para)
17096
msgid ""
17097
"You can now add Kerberos principals to the LDAP database, and they will be "
17098
"copied to any other LDAP servers configured for replication. To add a "
17099
"principal using the <application>kadmin.local</application> utility enter:"
17100
msgstr ""
17101
17102
#: serverguide/C/network-auth.xml:2945(userinput)
17103
#, no-wrap
17104
msgid "addprinc -x dn=\"uid=steve,ou=people,dc=example,dc=com\" steve"
17105
msgstr ""
17106
17107
#: serverguide/C/network-auth.xml:2944(computeroutput)
17108
#, no-wrap
17109
msgid ""
17110
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
17111
"kadmin.local: <placeholder-1/>\n"
17112
"WARNING: no policy specified for steve@EXAMPLE.COM; defaulting to no policy\n"
17113
"Enter password for principal \"steve@EXAMPLE.COM\": \n"
17114
"Re-enter password for principal \"steve@EXAMPLE.COM\": \n"
17115
"Principal \"steve@EXAMPLE.COM\" created."
17116
msgstr ""
17117
17118
#: serverguide/C/network-auth.xml:2952(para)
17119
msgid ""
17120
"There should now be krbPrincipalName, krbPrincipalKey, krbLastPwdChange, and "
17121
"krbExtraData attributes added to the "
17122
"<emphasis>uid=steve,ou=people,dc=example,dc=com</emphasis> user object. Use "
17123
"the <application>kinit</application> and <application>klist</application> "
17124
"utilities to test that the user is indeed issued a ticket."
17125
msgstr ""
17126
17127
#: serverguide/C/network-auth.xml:2959(para)
17128
msgid ""
17129
"If the user object is already created the <emphasis>-x dn=\"...\"</emphasis> "
17130
"option is needed to add the Kerberos attributes. Otherwise a new "
17131
"<emphasis>principal</emphasis> object will be created in the realm subtree."
17132
msgstr ""
17133
17134
#: serverguide/C/network-auth.xml:2967(title)
17135
msgid "Secondary KDC Configuration"
17136
msgstr ""
17137
17138
#: serverguide/C/network-auth.xml:2969(para)
17139
msgid ""
17140
"Configuring a Secondary KDC using the LDAP backend is similar to configuring "
17141
"one using the normal Kerberos database."
17142
msgstr ""
17143
17144
#: serverguide/C/network-auth.xml:2975(para)
17145
msgid "First, install the necessary packages. In a terminal enter:"
17146
msgstr ""
17147
17148
#: serverguide/C/network-auth.xml:2986(para)
17149
msgid ""
17150
"Next, edit <filename>/etc/krb5.conf</filename> to use the LDAP backend:"
17151
msgstr ""
17152
17153
#: serverguide/C/network-auth.xml:2990(programlisting)
17154
#, no-wrap
17155
msgid ""
17156
"\n"
17157
"[libdefaults]\n"
17158
" default_realm = EXAMPLE.COM\n"
17159
"\n"
17160
"...\n"
17161
"\n"
17162
"[realms]\n"
17163
" EXAMPLE.COM = {\n"
17164
" kdc = kdc01.example.com\n"
17165
" kdc = kdc02.example.com\n"
17166
" admin_server = kdc01.example.com\n"
17167
" admin_server = kdc02.example.com\n"
17168
" default_domain = example.com\n"
17169
" database_module = openldap_ldapconf\n"
17170
" }\n"
17171
"\n"
17172
"...\n"
17173
"\n"
17174
"[domain_realm]\n"
17175
" .example.com = EXAMPLE.COM\n"
17176
"\n"
17177
"...\n"
17178
"\n"
17179
"[dbdefaults]\n"
17180
" ldap_kerberos_container_dn = dc=example,dc=com\n"
17181
"\n"
17182
"[dbmodules]\n"
17183
" openldap_ldapconf = {\n"
17184
" db_library = kldap\n"
17185
" ldap_kdc_dn = \"cn=admin,dc=example,dc=com\"\n"
17186
"\n"
17187
" # this object needs to have read rights on\n"
17188
" # the realm container, principal container and realm sub-"
17189
"trees\n"
17190
" ldap_kadmind_dn = \"cn=admin,dc=example,dc=com\"\n"
17191
"\n"
17192
" # this object needs to have read and write rights on\n"
17193
" # the realm container, principal container and realm sub-"
17194
"trees\n"
17195
" ldap_service_password_file = /etc/krb5kdc/service.keyfile\n"
17196
" ldap_servers = ldaps://ldap01.example.com "
17197
"ldaps://ldap02.example.com\n"
17198
" ldap_conns_per_server = 5\n"
17199
" }\n"
17200
msgstr ""
17201
17202
#: serverguide/C/network-auth.xml:3037(para)
17203
msgid "Create the stash for the LDAP bind password:"
17204
msgstr ""
17205
17206
#: serverguide/C/network-auth.xml:3048(para)
17207
msgid ""
17208
"Now, on the <emphasis>Primary KDC</emphasis> copy the "
17209
"<filename>/etc/krb5kdc/.k5.EXAMPLE.COM</filename><emphasis>Master "
17210
"Key</emphasis> stash to the Secondary KDC. Be sure to copy the file over an "
17211
"encrypted connection such as <application>scp</application>, or on physical "
17212
"media."
17213
msgstr ""
17214
17215
#: serverguide/C/network-auth.xml:3055(command)
17216
msgid "sudo scp /etc/krb5kdc/.k5.EXAMPLE.COM steve@kdc02.example.com:~"
17217
msgstr ""
17218
17219
#: serverguide/C/network-auth.xml:3056(command)
17220
msgid "sudo mv .k5.EXAMPLE.COM /etc/krb5kdc/"
17221
msgstr ""
17222
17223
#: serverguide/C/network-auth.xml:3060(para)
17224
msgid ""
17225
"Again, replace <emphasis>EXAMPLE.COM</emphasis> with your actual realm."
17226
msgstr ""
17227
17228
#: serverguide/C/network-auth.xml:3068(para)
17229
msgid "Finally, start the <application>krb5-kdc</application> daemon:"
17230
msgstr ""
17231
17232
#: serverguide/C/network-auth.xml:3079(para)
17233
msgid ""
17234
"You now have redundant KDCs on your network, and with redundant LDAP servers "
17235
"you should be able to continue to authenticate users if one LDAP server, one "
17236
"Kerberos server, or one LDAP and one Kerberos server become unavailable."
17237
msgstr ""
17238
17239
#: serverguide/C/network-auth.xml:3091(para)
17240
msgid ""
17241
"The <ulink url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
17242
"admin.html#Configuring-Kerberos-with-OpenLDAP-back_002dend\"> Kerberos Admin "
17243
"Guide</ulink> has some additional details."
17244
msgstr ""
17245
17246
#: serverguide/C/network-auth.xml:3097(para)
17247
msgid ""
17248
"For more information on <application>kdb5_ldap_util</application> see <ulink "
17249
"url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
17250
"admin.html#Global-Operations-on-the-Kerberos-LDAP-Database\"> Section "
17251
"5.6</ulink> and the <ulink "
17252
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man8/kdb5_ldap_util.8.html"
17253
"\">kdb5_ldap_util man page</ulink>."
17254
msgstr ""
17255
17256
#: serverguide/C/network-auth.xml:3105(para)
17257
msgid ""
17258
"Another useful link is the <ulink "
17259
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man5/krb5.conf.5.html\">kr"
17260
"b5.conf man page</ulink>."
17261
msgstr ""
17262
17263
#: serverguide/C/network-auth.xml:3110(para)
17264
msgid ""
17265
"Also, see the <ulink "
17266
"url=\"https://help.ubuntu.com/community/Kerberos#kerberos-ldap\">Kerberos "
17267
"and LDAP</ulink> Ubuntu wiki page."
17268
msgstr ""
17269
17270
#: serverguide/C/monitoring.xml:13(title)
17271
msgid "Monitoring"
17272
msgstr ""
17273
17274
#: serverguide/C/monitoring.xml:17(para)
17275
msgid ""
17276
"The monitoring of essential servers and services is an important part of "
17277
"system administration. Most network services are monitored for performance, "
17278
"availability, or both. This section will cover installation and "
17279
"configuration of <application>Nagios</application> for availability "
17280
"monitoring, and <application>Munin</application> for performance monitoring."
17281
msgstr ""
17282
17283
#: serverguide/C/monitoring.xml:24(para)
17284
msgid ""
17285
"The examples in this section will use two servers with hostnames "
17286
"<emphasis>server01</emphasis> and <emphasis>server02</emphasis>. "
17287
"<emphasis>Server01</emphasis> will be configured with "
17288
"<application>Nagios</application> to monitor services on itself and "
17289
"<emphasis>server02</emphasis>. Server01 will also be setup with the "
17290
"<application>munin</application> package to gather information from the "
17291
"network. Using the <application>munin-node</application> package, "
17292
"<emphasis>server02</emphasis> will be configured to send information to "
17293
"<emphasis>server01</emphasis>."
17294
msgstr ""
17295
17296
#: serverguide/C/monitoring.xml:33(para)
17297
msgid ""
17298
"Hopefully these simple examples will allow you to monitor additional servers "
17299
"and services on your network."
17300
msgstr ""
17301
17302
#: serverguide/C/monitoring.xml:39(title)
17303
msgid "Nagios"
17304
msgstr ""
17305
17306
#: serverguide/C/monitoring.xml:44(para)
17307
msgid ""
17308
"First, on <emphasis>server01</emphasis> install the "
17309
"<application>nagios</application> package. In a terminal enter:"
17310
msgstr ""
17311
17312
#: serverguide/C/monitoring.xml:50(command)
17313
msgid "sudo apt-get install nagios3 nagios-nrpe-plugin"
17314
msgstr ""
17315
17316
#: serverguide/C/monitoring.xml:53(para)
17317
msgid ""
17318
"You will be asked to enter a password for the "
17319
"<emphasis>nagiosadmin</emphasis> user. The user's credentials are stored in "
17320
"<filename>/etc/nagios3/htpasswd.users</filename>. To change the "
17321
"<emphasis>nagiosadmin</emphasis> password, or add additional users to the "
17322
"Nagios CGI scripts, use the <application>htpasswd</application> that is part "
17323
"of the <application>apache2-utils</application> package."
17324
msgstr ""
17325
17326
#: serverguide/C/monitoring.xml:60(para)
17327
msgid ""
17328
"For example, to change the password for the <emphasis>nagiosadmin</emphasis> "
17329
"user enter:"
17330
msgstr ""
17331
17332
#: serverguide/C/monitoring.xml:65(command)
17333
msgid "sudo htpasswd /etc/nagios3/htpasswd.users nagiosadmin"
17334
msgstr ""
17335
17336
#: serverguide/C/monitoring.xml:68(para)
17337
msgid "To add a user:"
17338
msgstr ""
17339
17340
#: serverguide/C/monitoring.xml:73(command)
17341
msgid "sudo htpasswd /etc/nagios3/htpasswd.users steve"
17342
msgstr ""
17343
17344
#: serverguide/C/monitoring.xml:76(para)
17345
msgid ""
17346
"Next, on <emphasis>server02</emphasis> install the <application>nagios-nrpe-"
17347
"server</application> package. From a terminal on server02 enter:"
17348
msgstr ""
17349
17350
#: serverguide/C/monitoring.xml:82(command)
17351
msgid "sudo apt-get install nagios-nrpe-server"
17352
msgstr ""
17353
17354
#: serverguide/C/monitoring.xml:86(para)
17355
msgid ""
17356
"<application>NRPE</application> allows you to execute local checks on remote "
17357
"hosts. There are other ways of accomplishing this through other Nagios "
17358
"plugins as well as other checks."
17359
msgstr ""
17360
17361
#: serverguide/C/monitoring.xml:94(title)
17362
msgid "Configuration Overview"
17363
msgstr ""
17364
17365
#: serverguide/C/monitoring.xml:96(para)
17366
msgid ""
17367
"There are a couple of directories containing "
17368
"<application>Nagios</application> configuration and check files."
17369
msgstr ""
17370
17371
#: serverguide/C/monitoring.xml:102(para)
17372
msgid ""
17373
"<filename>/etc/nagios3</filename>: contains configuration files for the "
17374
"operation of the <application>nagios</application> daemon, CGI files, hosts, "
17375
"etc."
17376
msgstr ""
17377
17378
#: serverguide/C/monitoring.xml:108(para)
17379
msgid ""
17380
"<filename>/etc/nagios-plugins</filename>: houses configuration files for the "
17381
"service checks."
17382
msgstr ""
17383
17384
#: serverguide/C/monitoring.xml:113(para)
17385
msgid ""
17386
"<filename>/etc/nagios</filename>: on the remote host contains the "
17387
"<application>nagios-nrpe-server</application> configuration files."
17388
msgstr ""
17389
17390
#: serverguide/C/monitoring.xml:118(para)
17391
msgid ""
17392
"<filename>/usr/lib/nagios/plugins/</filename>: where the check binaries are "
17393
"stored. To see the options of a check use the <emphasis>-h</emphasis> option."
17394
msgstr ""
17395
17396
#: serverguide/C/monitoring.xml:123(para)
17397
msgid "For example: <command>/usr/lib/nagios/plugins/check_dhcp -h</command>"
17398
msgstr ""
17399
17400
#: serverguide/C/monitoring.xml:129(para)
17401
msgid ""
17402
"There are a plethora of checks <application>Nagios</application> can be "
17403
"configured to execute for any given host. For this example Nagios will be "
17404
"configured to check disk space, DNS, and a MySQL hostgroup. The DNS check "
17405
"will be on <emphasis>server02</emphasis>, and the MySQL hostgroup will "
17406
"include both <emphasis>server01</emphasis> and <emphasis>server02</emphasis>."
17407
msgstr ""
17408
17409
#: serverguide/C/monitoring.xml:136(para)
17410
msgid ""
17411
"See <xref linkend=\"httpd\"/> for details on setting up Apache, <xref "
17412
"linkend=\"dns\"/> for DNS, and <xref linkend=\"mysql\"/> for MySQL."
17413
msgstr ""
17414
17415
#: serverguide/C/monitoring.xml:141(para)
17416
msgid ""
17417
"Additionally, there are some terms that once explained will hopefully make "
17418
"understanding Nagios configuration easier:"
17419
msgstr ""
17420
17421
#: serverguide/C/monitoring.xml:147(para)
17422
msgid ""
17423
"<emphasis>Host</emphasis>: a server, workstation, network device, etc that "
17424
"is being monitored."
17425
msgstr ""
17426
17427
#: serverguide/C/monitoring.xml:152(para)
17428
msgid ""
17429
"<emphasis>Host Group</emphasis>: a group of similar hosts. For example, you "
17430
"could group all web servers, file server, etc."
17431
msgstr ""
17432
17433
#: serverguide/C/monitoring.xml:157(para)
17434
msgid ""
17435
"<emphasis>Service</emphasis>: the service being monitored on the host. Such "
17436
"as HTTP, DNS, NFS, etc."
17437
msgstr ""
17438
17439
#: serverguide/C/monitoring.xml:162(para)
17440
msgid ""
17441
"<emphasis>Service Group</emphasis>: allows you to group multiple services "
17442
"together. This is useful for grouping multiple HTTP for example."
17443
msgstr ""
17444
17445
#: serverguide/C/monitoring.xml:168(para)
17446
msgid ""
17447
"<emphasis>Contact</emphasis>: person to be notified when an event takes "
17448
"place. Nagios can be configured to send emails, SMS messages, etc."
17449
msgstr ""
17450
17451
#: serverguide/C/monitoring.xml:174(para)
17452
msgid ""
17453
"By default Nagios is configured to check HTTP, disk space, SSH, current "
17454
"users, processes, and load on the <emphasis>localhost</emphasis>. Nagios "
17455
"will also <application>ping</application> check the "
17456
"<emphasis>gateway</emphasis>."
17457
msgstr ""
17458
17459
#: serverguide/C/monitoring.xml:179(para)
17460
msgid ""
17461
"Large Nagios installations can be quite complex to configure. It is usually "
17462
"best to start small, one or two hosts, get things configured the way you "
17463
"like then expand."
17464
msgstr ""
17465
17466
#: serverguide/C/monitoring.xml:194(para)
17467
msgid ""
17468
"First, create a <emphasis>host</emphasis> configuration file for "
17469
"<emphasis>server02</emphasis>. In a terminal enter:"
17470
msgstr ""
17471
17472
#: serverguide/C/monitoring.xml:199(command)
17473
msgid ""
17474
"sudo cp /etc/nagios3/conf.d/localhost_nagios2.cfg "
17475
"/etc/nagios3/conf.d/server02.cfg"
17476
msgstr ""
17477
17478
#: serverguide/C/monitoring.xml:203(para)
17479
msgid ""
17480
"In the above and following command examples, replace "
17481
"<emphasis>\"server01\"</emphasis>, "
17482
"<emphasis>\"server02\"</emphasis><emphasis>172.18.100.100</emphasis>, and "
17483
"<emphasis>172.18.100.101</emphasis> with the host names and IP addresses of "
17484
"your servers."
17485
msgstr ""
17486
17487
#: serverguide/C/monitoring.xml:212(para)
17488
msgid "Next, edit <filename>/etc/nagios3/conf.d/server02.cfg</filename>:"
17489
msgstr ""
17490
17491
#: serverguide/C/monitoring.xml:216(programlisting)
17492
#, no-wrap
17493
msgid ""
17494
"\n"
17495
"define host{\n"
17496
" use generic-host ; Name of host "
17497
"template to use\n"
17498
" host_name server02\n"
17499
" alias Server 02\n"
17500
" address 172.18.100.101\n"
17501
"}\n"
17502
"\n"
17503
"# check DNS service.\n"
17504
"define service {\n"
17505
" use generic-service\n"
17506
" host_name server02\n"
17507
" service_description DNS\n"
17508
" check_command check_dns!172.18.100.101\n"
17509
"}\n"
17510
msgstr ""
17511
17512
#: serverguide/C/monitoring.xml:236(para)
17513
msgid ""
17514
"Restart the <application>nagios</application> daemon to enable the new "
17515
"configuration:"
17516
msgstr ""
17517
17518
#: serverguide/C/monitoring.xml:241(command) serverguide/C/monitoring.xml:308(command) serverguide/C/monitoring.xml:375(command)
17519
msgid "sudo /etc/init.d/nagios3 restart"
17520
msgstr ""
17521
17522
#: serverguide/C/monitoring.xml:251(para)
17523
msgid ""
17524
"Now add a service definition for the MySQL check by adding the following to "
17525
"<filename>/etc/nagios3/conf.d/services_nagios2.cfg</filename>:"
17526
msgstr ""
17527
17528
#: serverguide/C/monitoring.xml:255(programlisting)
17529
#, no-wrap
17530
msgid ""
17531
"\n"
17532
"# check MySQL servers.\n"
17533
"define service {\n"
17534
" hostgroup_name mysql-servers\n"
17535
" service_description MySQL\n"
17536
" check_command "
17537
"check_mysql_cmdlinecred!nagios!secret!$HOSTADDRESS\n"
17538
" use generic-service\n"
17539
" notification_interval 0 ; set > 0 if you want to be "
17540
"renotified\n"
17541
"}\n"
17542
msgstr ""
17543
17544
#: serverguide/C/monitoring.xml:269(para)
17545
msgid ""
17546
"A <emphasis>mysqsl-servers</emphasis> hostgroup now needs to be defined. "
17547
"Edit <filename>/etc/nagios3/conf.d/hostgroups_nagios2.cfg</filename> adding:"
17548
msgstr ""
17549
17550
#: serverguide/C/monitoring.xml:274(programlisting)
17551
#, no-wrap
17552
msgid ""
17553
"\n"
17554
"# MySQL hostgroup.\n"
17555
"define hostgroup {\n"
17556
" hostgroup_name mysql-servers\n"
17557
" alias MySQL servers\n"
17558
" members localhost, server02\n"
17559
" }\n"
17560
msgstr ""
17561
17562
#: serverguide/C/monitoring.xml:286(para)
17563
msgid ""
17564
"The Nagios check needs to authenticate to MySQL. To add a "
17565
"<emphasis>nagios</emphasis> user to MySQL enter:"
17566
msgstr ""
17567
17568
#: serverguide/C/monitoring.xml:291(command)
17569
msgid "mysql -u root -p -e \"create user nagios identified by 'secret';\""
17570
msgstr ""
17571
17572
#: serverguide/C/monitoring.xml:295(para)
17573
msgid ""
17574
"The <emphasis>nagios</emphasis> user will need to be added all hosts in the "
17575
"<emphasis>mysql-servers</emphasis> hostgroup."
17576
msgstr ""
17577
17578
#: serverguide/C/monitoring.xml:303(para)
17579
msgid ""
17580
"Restart <application>nagios</application> to start checking the MySQL "
17581
"servers."
17582
msgstr ""
17583
17584
#: serverguide/C/monitoring.xml:318(para)
17585
msgid ""
17586
"Lastly configure NRPE to check the disk space on "
17587
"<emphasis>server02</emphasis>."
17588
msgstr ""
17589
17590
#: serverguide/C/monitoring.xml:322(para)
17591
msgid ""
17592
"On <emphasis>server01</emphasis> add the service check to "
17593
"<filename>/etc/nagios3/conf.d/server02.cfg</filename>:"
17594
msgstr ""
17595
17596
#: serverguide/C/monitoring.xml:327(programlisting)
17597
#, no-wrap
17598
msgid ""
17599
"\n"
17600
"# NRPE disk check.\n"
17601
"define service {\n"
17602
" use generic-service\n"
17603
" host_name server02\n"
17604
" service_description nrpe-disk\n"
17605
" check_command "
17606
"check_nrpe_1arg!check_all_disks!172.18.100.101\n"
17607
"}\n"
17608
msgstr ""
17609
17610
#: serverguide/C/monitoring.xml:340(para)
17611
msgid ""
17612
"Now on <emphasis>server02</emphasis> edit "
17613
"<filename>/etc/nagios/nrpe.cfg</filename> changing:"
17614
msgstr ""
17615
17616
#: serverguide/C/monitoring.xml:344(programlisting)
17617
#, no-wrap
17618
msgid ""
17619
"\n"
17620
"allowed_hosts=172.18.100.100\n"
17621
msgstr ""
17622
17623
#: serverguide/C/monitoring.xml:348(para)
17624
msgid "And below in the command definition area add:"
17625
msgstr ""
17626
17627
#: serverguide/C/monitoring.xml:352(programlisting)
17628
#, no-wrap
17629
msgid ""
17630
"\n"
17631
"command[check_all_disks]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -"
17632
"e\n"
17633
msgstr ""
17634
17635
#: serverguide/C/monitoring.xml:359(para)
17636
msgid "Finally, restart <application>nagios-nrpe-server</application>:"
17637
msgstr ""
17638
17639
#: serverguide/C/monitoring.xml:364(command)
17640
msgid "sudo /etc/init.d/nagios-nrpe-server restart"
17641
msgstr ""
17642
17643
#: serverguide/C/monitoring.xml:370(para)
17644
msgid ""
17645
"Also, on <emphasis>server01</emphasis> restart "
17646
"<application>nagios</application>:"
17647
msgstr ""
17648
17649
#: serverguide/C/monitoring.xml:383(para)
17650
msgid ""
17651
"You should now be able to see the host and service checks in the Nagios CGI "
17652
"files. To access them point a browser to http://server01/nagios3. You will "
17653
"then be prompted for the <emphasis>nagiosadmin</emphasis> username and "
17654
"password."
17655
msgstr ""
17656
17657
#: serverguide/C/monitoring.xml:393(para)
17658
msgid ""
17659
"This section has just scratched the surface of Nagios' features. The "
17660
"<application>nagios-plugins-extra</application> and <application>nagios-snmp-"
17661
"plugins</application> contain many more service checks."
17662
msgstr ""
17663
17664
#: serverguide/C/monitoring.xml:400(para)
17665
msgid ""
17666
"For more information see <ulink "
17667
"url=\"http://www.nagios.org/\">Nagios</ulink> website."
17668
msgstr ""
17669
17670
#: serverguide/C/monitoring.xml:405(para)
17671
msgid ""
17672
"Specifically the <ulink "
17673
"url=\"http://nagios.sourceforge.net/docs/3_0/\">Online Documentation</ulink> "
17674
"site."
17675
msgstr ""
17676
17677
#: serverguide/C/monitoring.xml:410(para)
17678
msgid ""
17679
"There is also a list of <ulink "
17680
"url=\"http://www.nagios.org/propaganda/books/\">books</ulink> related to "
17681
"Nagios and network monitoring:"
17682
msgstr ""
17683
17684
#: serverguide/C/monitoring.xml:416(para)
17685
msgid ""
17686
"The <ulink url=\"https://help.ubuntu.com/community/Nagios\">Nagios Ubuntu "
17687
"Wiki</ulink> page also has more details."
17688
msgstr ""
17689
17690
#: serverguide/C/monitoring.xml:425(title)
17691
msgid "Munin"
17692
msgstr ""
17693
17694
#: serverguide/C/monitoring.xml:430(para)
17695
msgid ""
17696
"Before installing <application>Munin</application> on "
17697
"<emphasis>server01</emphasis><application>apache2</application> will need to "
17698
"be installed. The default configuration is fine for running a "
17699
"<application>munin</application> server. For more information see <xref "
17700
"linkend=\"httpd\"/>."
17701
msgstr ""
17702
17703
#: serverguide/C/monitoring.xml:436(para)
17704
msgid ""
17705
"First, on <emphasis>server01</emphasis> install "
17706
"<application>munin</application>. In a terminal enter:"
17707
msgstr ""
17708
17709
#: serverguide/C/monitoring.xml:441(command)
17710
msgid "sudo apt-get install munin"
17711
msgstr ""
17712
17713
#: serverguide/C/monitoring.xml:444(para)
17714
msgid ""
17715
"Now on <emphasis>server02</emphasis> install the <application>munin-"
17716
"node</application> package:"
17717
msgstr ""
17718
17719
#: serverguide/C/monitoring.xml:449(command)
17720
msgid "sudo apt-get install munin-node"
17721
msgstr ""
17722
17723
#: serverguide/C/monitoring.xml:456(para)
17724
msgid ""
17725
"On <emphasis>server01</emphasis> edit the "
17726
"<filename>/etc/munin/munin.conf</filename> adding the IP address for "
17727
"<emphasis>server02</emphasis>:"
17728
msgstr ""
17729
17730
#: serverguide/C/monitoring.xml:461(programlisting)
17731
#, no-wrap
17732
msgid ""
17733
"\n"
17734
"## First our \"normal\" host.\n"
17735
"[server02]\n"
17736
" address 172.18.100.101\n"
17737
msgstr ""
17738
17739
#: serverguide/C/monitoring.xml:468(para)
17740
msgid ""
17741
"Replace <emphasis>server02</emphasis> and "
17742
"<emphasis>172.18.100.101</emphasis> with the actual hostname and IP address "
17743
"for your server."
17744
msgstr ""
17745
17746
#: serverguide/C/monitoring.xml:474(para)
17747
msgid ""
17748
"Next, configure <application>munin-node</application> on "
17749
"<emphasis>server02</emphasis>. Edit <filename>/etc/munin/munin-"
17750
"node.conf</filename> to allow access by <emphasis>server01</emphasis>:"
17751
msgstr ""
17752
17753
#: serverguide/C/monitoring.xml:479(programlisting)
17754
#, no-wrap
17755
msgid ""
17756
"\n"
17757
"allow ^172\\.18\\.100\\.100$\n"
17758
msgstr ""
17759
17760
#: serverguide/C/monitoring.xml:484(para)
17761
msgid ""
17762
"Replace <emphasis>^172\\.18\\.100\\.100$</emphasis> with IP address for your "
17763
"<application>munin</application> server."
17764
msgstr ""
17765
17766
#: serverguide/C/monitoring.xml:489(para)
17767
msgid ""
17768
"Now restart <application>munin-node</application> on "
17769
"<emphasis>server02</emphasis> for the changes to take effect:"
17770
msgstr ""
17771
17772
#: serverguide/C/monitoring.xml:494(command)
17773
msgid "sudo /etc/init.d/munin-node restart"
17774
msgstr ""
17775
17776
#: serverguide/C/monitoring.xml:497(para)
17777
msgid ""
17778
"Finally, in a browser go to <emphasis>http://server01/munin</emphasis>, and "
17779
"you should see links to nice graphs displaying information from the standard "
17780
"<emphasis>munin-plugins</emphasis> for disk, network, processes, and system."
17781
msgstr ""
17782
17783
#: serverguide/C/monitoring.xml:503(para)
17784
msgid ""
17785
"Since this is a new install it may take some time for the graphs to display "
17786
"anything useful."
17787
msgstr ""
17788
17789
#: serverguide/C/monitoring.xml:510(title)
17790
msgid "Additional Plugins"
17791
msgstr ""
17792
17793
#: serverguide/C/monitoring.xml:512(para)
17794
msgid ""
17795
"The <application>munin-plugins-extra</application> package contains "
17796
"performance checks additional services such as DNS, DHCP, Samba, etc. To "
17797
"install the package, from a terminal enter:"
17798
msgstr ""
17799
17800
#: serverguide/C/monitoring.xml:518(command)
17801
msgid "sudo apt-get install munin-plugins-extra"
17802
msgstr ""
17803
17804
#: serverguide/C/monitoring.xml:521(para)
17805
msgid "Be sure to install the package on both the server and node machines."
17806
msgstr ""
17807
17808
#: serverguide/C/monitoring.xml:531(para)
17809
msgid ""
17810
"See the <ulink url=\"http://munin.projects.linpro.no/\">Munin</ulink> "
17811
"website for more details."
17812
msgstr ""
17813
17814
#: serverguide/C/monitoring.xml:536(para)
17815
msgid ""
17816
"Specifically the <ulink "
17817
"url=\"http://munin.projects.linpro.no/wiki/Documentation\">Munin "
17818
"Documentation</ulink> page includes information on additional plugins, "
17819
"writing plugins, etc."
17820
msgstr ""
17821
17822
#: serverguide/C/monitoring.xml:542(para)
17823
msgid ""
17824
"Also, there is a book in German by Open Source Press: <ulink "
17825
"url=\"https://www.opensourcepress.de/index.php?26&backPID=178&tt_prod"
17826
"ucts=152\">Munin Graphisches Netzwerk- und System-Monitoring</ulink>."
17827
msgstr ""
17828
17829
#: serverguide/C/monitoring.xml:548(para)
17830
msgid ""
17831
"Another resource is the <ulink "
17832
"url=\"https://help.ubuntu.com/community/Munin\">Munin Ubuntu Wiki</ulink> "
17833
"page."
17834
msgstr ""
17835
17836
#: serverguide/C/mail.xml:13(title)
17837
msgid "Email Services"
17838
msgstr ""
17839
17840
#: serverguide/C/mail.xml:14(para)
17841
msgid ""
17842
"The process of getting an email from one person to another over a network or "
17843
"the Internet involves many systems working together. Each of these systems "
17844
"must be correctly configured for the process to work. The sender uses a "
17845
"<emphasis>Mail User Agent</emphasis> (MUA), or email client, to send the "
17846
"message through one or more <emphasis>Mail Transfer Agents</emphasis> (MTA), "
17847
"the last of which will hand it off to a <emphasis>Mail Delivery "
17848
"Agent</emphasis> (MDA) for delivery to the recipient's mailbox, from which "
17849
"it will be retrieved by the recipient's email client, usually via a POP3 or "
17850
"IMAP server."
17851
msgstr ""
17852
17853
#: serverguide/C/mail.xml:24(title) serverguide/C/mail.xml:832(application) serverguide/C/mail.xml:866(title) serverguide/C/mail.xml:944(title) serverguide/C/mail.xml:1510(title)
17854
msgid "Postfix"
17855
msgstr ""
17856
17857
#: serverguide/C/mail.xml:25(para)
17858
msgid ""
17859
"<application>Postfix</application> is the default Mail Transfer Agent (MTA) "
17860
"in Ubuntu. It attempts to be fast and easy to administer and secure. It is "
17861
"compatible with the MTA <application>sendmail</application>. This section "
17862
"explains how to install and configure <application>postfix</application>. It "
17863
"also explains how to set it up as an SMTP server using a secure connection "
17864
"(for sending emails securely)."
17865
msgstr ""
17866
17867
#: serverguide/C/mail.xml:34(para)
17868
msgid ""
17869
"This guide does not cover setting up Postfix <emphasis>Virtual "
17870
"Domains</emphasis>, for information on Virtual Domains and other advanced "
17871
"configurations see <xref linkend=\"postfix-references\"/>."
17872
msgstr ""
17873
17874
#: serverguide/C/mail.xml:41(para)
17875
msgid ""
17876
"To install <application>postfix</application> run the following command:"
17877
msgstr ""
17878
17879
#: serverguide/C/mail.xml:47(para)
17880
msgid ""
17881
"Simply press return when the installation process asks questions, the "
17882
"configuration will be done in greater detail in the next stage."
17883
msgstr ""
17884
17885
#: serverguide/C/mail.xml:52(title)
17886
msgid "Basic Configuration"
17887
msgstr ""
17888
17889
#: serverguide/C/mail.xml:53(para)
17890
msgid ""
17891
"To configure <application>postfix</application>, run the following command:"
17892
msgstr ""
17893
17894
#: serverguide/C/mail.xml:57(command)
17895
msgid "sudo dpkg-reconfigure postfix"
17896
msgstr ""
17897
17898
#: serverguide/C/mail.xml:63(para)
17899
msgid "Internet Site"
17900
msgstr ""
17901
17902
#: serverguide/C/mail.xml:64(para)
17903
msgid "mail.example.com"
17904
msgstr ""
17905
17906
#: serverguide/C/mail.xml:65(para)
17907
msgid "steve"
17908
msgstr ""
17909
17910
#: serverguide/C/mail.xml:66(para)
17911
msgid "mail.example.com, localhost.localdomain, localhost"
17912
msgstr ""
17913
17914
#: serverguide/C/mail.xml:67(para)
17915
msgid "No"
17916
msgstr ""
17917
17918
#: serverguide/C/mail.xml:68(para)
17919
msgid "127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.0.0/24"
17920
msgstr ""
17921
17922
#: serverguide/C/mail.xml:69(para)
17923
msgid "0"
17924
msgstr ""
17925
17926
#: serverguide/C/mail.xml:70(para)
17927
msgid "+"
17928
msgstr ""
17929
17930
#: serverguide/C/mail.xml:71(para)
17931
msgid "all"
17932
msgstr ""
17933
17934
#: serverguide/C/mail.xml:59(para)
17935
msgid ""
17936
"The user interface will be displayed. On each screen, select the following "
17937
"values: <placeholder-1/>"
17938
msgstr ""
17939
17940
#: serverguide/C/mail.xml:75(para)
17941
msgid ""
17942
"Replace mail.example.com with the domain for which you'll accept email, "
17943
"192.168.0.0/24 with the actual network and class range of your mail server, "
17944
"and steve with the appropriate username."
17945
msgstr ""
17946
17947
#: serverguide/C/mail.xml:81(para)
17948
msgid ""
17949
"Now is a good time to decide which mailbox format you want to use. By "
17950
"default Postfix will use <emphasis role=\"strong\">mbox</emphasis> for the "
17951
"mailbox format. Rather than editing the configuration file directly, you can "
17952
"use the <command>postconf</command> command to configure all "
17953
"<application>postfix</application> parameters. The configuration parameters "
17954
"will be stored in <filename>/etc/postfix/main.cf</filename> file. Later if "
17955
"you wish to re-configure a particular parameter, you can either run the "
17956
"command or change it manually in the file."
17957
msgstr ""
17958
17959
#: serverguide/C/mail.xml:92(para)
17960
msgid ""
17961
"To configure the mailbox format for <emphasis "
17962
"role=\"strong\">Maildir:</emphasis>"
17963
msgstr ""
17964
17965
#: serverguide/C/mail.xml:97(command)
17966
msgid "sudo postconf -e 'home_mailbox = Maildir/'"
17967
msgstr ""
17968
17969
#: serverguide/C/mail.xml:100(para)
17970
msgid ""
17971
"This will place new mail in /home/<emphasis "
17972
"role=\"italic\">username</emphasis>/Maildir so you will need to configure "
17973
"your Mail Delivery Agent (MDA) to use the same path."
17974
msgstr ""
17975
17976
#: serverguide/C/mail.xml:108(title) serverguide/C/mail.xml:556(title)
17977
msgid "SMTP Authentication"
17978
msgstr ""
17979
17980
#: serverguide/C/mail.xml:110(para)
17981
msgid ""
17982
"SMTP-AUTH allows a client to identify itself through an authentication "
17983
"mechanism (SASL). Transport Layer Security (TLS) should be used to encrypt "
17984
"the authentication process. Once authenticated the SMTP server will allow "
17985
"the client to relay mail."
17986
msgstr ""
17987
17988
#: serverguide/C/mail.xml:117(para)
17989
msgid "Configure Postfix for SMTP-AUTH using SASL (Dovecot SASL):"
17990
msgstr ""
17991
17992
#: serverguide/C/mail.xml:120(screen)
17993
#, no-wrap
17994
msgid ""
17995
"\n"
17996
"sudo postconf -e 'smtpd_sasl_type = dovecot'\n"
17997
"sudo postconf -e 'smtpd_sasl_path = private/auth-client'\n"
17998
"sudo postconf -e 'smtpd_sasl_local_domain ='\n"
17999
"sudo postconf -e 'smtpd_sasl_security_options = noanonymous'\n"
18000
"sudo postconf -e 'broken_sasl_auth_clients = yes'\n"
18001
"sudo postconf -e 'smtpd_sasl_auth_enable = yes'\n"
18002
"sudo postconf -e 'smtpd_recipient_restrictions = "
18003
"permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'\n"
18004
"sudo postconf -e 'inet_interfaces = all'\n"
18005
msgstr ""
18006
18007
#: serverguide/C/mail.xml:131(para)
18008
msgid ""
18009
"The <emphasis>smtpd_sasl_path</emphasis> configuration is a path relative to "
18010
"the Postfix queue directory."
18011
msgstr ""
18012
18013
#: serverguide/C/mail.xml:137(para)
18014
msgid ""
18015
"Next, obtain a digital certificate for TLS. See <xref linkend=\"certificates-"
18016
"and-security\"/> for details. This example also uses a Certificate Authority "
18017
"(CA). For information on generating a CA certificate see <xref "
18018
"linkend=\"certificate-authority\"/>."
18019
msgstr ""
18020
18021
#: serverguide/C/mail.xml:143(para)
18022
msgid ""
18023
"You can get the digital certificate from a certificate authority. But unlike "
18024
"web clients, SMTP clients rarely complain about \"self-signed "
18025
"certificates\", so alternatively, you can create the certificate yourself. "
18026
"Refer to <xref linkend=\"creating-a-self-signed-certificate\"/> for more "
18027
"details."
18028
msgstr ""
18029
18030
#: serverguide/C/mail.xml:155(para)
18031
msgid ""
18032
"Once you have a certificate, configure Postfix to provide TLS encryption for "
18033
"both incoming and outgoing mail:"
18034
msgstr ""
18035
18036
#: serverguide/C/mail.xml:158(screen)
18037
#, no-wrap
18038
msgid ""
18039
"\n"
18040
"sudo postconf -e 'smtpd_tls_auth_only = no'\n"
18041
"sudo postconf -e 'smtp_use_tls = yes'\n"
18042
"sudo postconf -e 'smtpd_use_tls = yes'\n"
18043
"sudo postconf -e 'smtp_tls_note_starttls_offer = yes'\n"
18044
"sudo postconf -e 'smtpd_tls_key_file = /etc/ssl/private/server.key'\n"
18045
"sudo postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/server.crt'\n"
18046
"sudo postconf -e 'smtpd_tls_loglevel = 1'\n"
18047
"sudo postconf -e 'smtpd_tls_received_header = yes'\n"
18048
"sudo postconf -e 'smtpd_tls_session_cache_timeout = 3600s'\n"
18049
"sudo postconf -e 'tls_random_source = dev:/dev/urandom'\n"
18050
"sudo postconf -e 'myhostname = mail.example.com'\n"
18051
msgstr ""
18052
18053
#: serverguide/C/mail.xml:173(para)
18054
msgid ""
18055
"If you are using your own <emphasis>Certificate Authority</emphasis> to sign "
18056
"the certificate enter:"
18057
msgstr ""
18058
18059
#: serverguide/C/mail.xml:177(command)
18060
msgid "sudo postconf -e 'smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem'"
18061
msgstr ""
18062
18063
#: serverguide/C/mail.xml:180(para)
18064
msgid ""
18065
"Again, for more details about certificates see <xref linkend=\"certificates-"
18066
"and-security\"/>."
18067
msgstr ""
18068
18069
#: serverguide/C/mail.xml:186(para)
18070
msgid ""
18071
"After running all the commands, <application>Postfix</application> is "
18072
"configured for SMTP-AUTH and a self-signed certificate has been created for "
18073
"TLS encryption."
18074
msgstr ""
18075
18076
#: serverguide/C/mail.xml:191(para)
18077
msgid ""
18078
"Now, the file <filename>/etc/postfix/main.cf</filename> should look like "
18079
"<ulink url=\"../sample/postfix_configuration\">this</ulink>."
18080
msgstr ""
18081
18082
#: serverguide/C/mail.xml:195(para)
18083
msgid ""
18084
"The postfix initial configuration is complete. Run the following command to "
18085
"restart the postfix daemon:"
18086
msgstr ""
18087
18088
#: serverguide/C/mail.xml:201(command) serverguide/C/mail.xml:315(command) serverguide/C/mail.xml:378(command) serverguide/C/mail.xml:984(command) serverguide/C/mail.xml:1561(command)
18089
msgid "sudo /etc/init.d/postfix restart"
18090
msgstr ""
18091
18092
#: serverguide/C/mail.xml:204(para)
18093
msgid ""
18094
"<application>Postfix</application> supports SMTP-AUTH as defined in <ulink "
18095
"url=\"ftp://ftp.isi.edu/in-notes/rfc2554.txt\">RFC2554</ulink>. It is based "
18096
"on <ulink url=\"ftp://ftp.isi.edu/in-notes/rfc2222.txt\">SASL</ulink>. "
18097
"However it is still necessary to set up SASL authentication before you can "
18098
"use SMTP-AUTH."
18099
msgstr ""
18100
18101
#: serverguide/C/mail.xml:214(title) serverguide/C/mail.xml:609(title)
18102
msgid "Configuring SASL"
18103
msgstr ""
18104
18105
#: serverguide/C/mail.xml:215(para)
18106
msgid ""
18107
"Postfix supports two SASL implementations Cyrus SASL and Dovecot SASL. To "
18108
"enable Dovecot SASL the <application>dovecot-common</application> package "
18109
"will need to be installed. From a terminal prompt enter the following:"
18110
msgstr ""
18111
18112
#: serverguide/C/mail.xml:221(command)
18113
msgid "sudo apt-get install dovecot-common"
18114
msgstr ""
18115
18116
#: serverguide/C/mail.xml:223(para)
18117
msgid ""
18118
"Next you will need to edit <filename>/etc/dovecot/dovecot.conf</filename>. "
18119
"In the <emphasis>auth default</emphasis> section uncomment the "
18120
"<emphasis>socket listen</emphasis> option and change the following:"
18121
msgstr ""
18122
18123
#: serverguide/C/mail.xml:227(programlisting)
18124
#, no-wrap
18125
msgid ""
18126
"\n"
18127
" socket listen {\n"
18128
" #master {\n"
18129
" # Master socket provides access to userdb information. It's typically\n"
18130
" # used to give Dovecot's local delivery agent access to userdb so it\n"
18131
" # can find mailbox locations.\n"
18132
" #path = /var/run/dovecot/auth-master\n"
18133
" #mode = 0600\n"
18134
" # Default user/group is the one who started dovecot-auth (root)\n"
18135
" #user = \n"
18136
" #group = \n"
18137
" #}\n"
18138
" client {\n"
18139
" # The client socket is generally safe to export to everyone. Typical "
18140
"use\n"
18141
" # is to export it to your SMTP server so it can do SMTP AUTH lookups\n"
18142
" # using it.\n"
18143
" path = /var/spool/postfix/private/auth-client\n"
18144
" mode = 0660\n"
18145
" user = postfix\n"
18146
" group = postfix\n"
18147
" }\n"
18148
" }\n"
18149
msgstr ""
18150
18151
#: serverguide/C/mail.xml:251(para)
18152
msgid ""
18153
"In order to let <application>Outlook</application> clients use SMTPAUTH, in "
18154
"the <emphasis>auth default</emphasis> section of /etc/dovecot/dovecot.conf "
18155
"add <emphasis>\"login\"</emphasis>:"
18156
msgstr ""
18157
18158
#: serverguide/C/mail.xml:256(programlisting)
18159
#, no-wrap
18160
msgid ""
18161
"\n"
18162
" mechanisms = plain login\n"
18163
msgstr ""
18164
18165
#: serverguide/C/mail.xml:260(para)
18166
msgid ""
18167
"Once you have <application>Dovecot</application> configured restart it with:"
18168
msgstr ""
18169
18170
#: serverguide/C/mail.xml:264(command) serverguide/C/mail.xml:735(command)
18171
msgid "sudo /etc/init.d/dovecot restart"
18172
msgstr ""
18173
18174
#: serverguide/C/mail.xml:269(title)
18175
msgid "Postfix-Dovecot"
18176
msgstr ""
18177
18178
#: serverguide/C/mail.xml:271(para)
18179
msgid ""
18180
"Another option for configuring <application>Postfix</application> for SMTP-"
18181
"AUTH is using the <application>dovecot-postfix</application> package. This "
18182
"package will install <application>Dovecot</application> and configure "
18183
"<application>Postfix</application> to use it for both SASL authentication "
18184
"and as a Mail Delivery Agent (MDA). The package also configures "
18185
"<application>Dovecot</application> for IMAP, IMAPS, POP3, and POP3S."
18186
msgstr ""
18187
18188
#: serverguide/C/mail.xml:280(para)
18189
msgid ""
18190
"You may or may not want to run IMAP, IMAPS, POP3, or POP3S on your mail "
18191
"server. For example, if you are configuring your server to be a mail "
18192
"gateway, spam/virus filter, etc. If this is the case it may be easier to use "
18193
"the above commands to configure Postfix for SMTPAUTH."
18194
msgstr ""
18195
18196
#: serverguide/C/mail.xml:287(para)
18197
msgid "To install the package, from a terminal prompt enter:"
18198
msgstr ""
18199
18200
#: serverguide/C/mail.xml:292(command)
18201
msgid "sudo apt-get install dovecot-postfix"
18202
msgstr ""
18203
18204
#: serverguide/C/mail.xml:295(para)
18205
msgid ""
18206
"You should now have a working mail server, but there are a few options that "
18207
"you may wish to further customize. For example, the package uses the "
18208
"certificate and key from the <application>ssl-cert</application> package, "
18209
"and in a production environment you should use a certificate and key "
18210
"generated for the host. See <xref linkend=\"certificates-and-security\"/> "
18211
"for more details."
18212
msgstr ""
18213
18214
#: serverguide/C/mail.xml:301(para)
18215
msgid ""
18216
"Once you have a customized certificate and key for the host, change the "
18217
"following options in <filename>/etc/postfix/main.cf</filename>:"
18218
msgstr ""
18219
18220
#: serverguide/C/mail.xml:305(programlisting)
18221
#, no-wrap
18222
msgid ""
18223
"\n"
18224
"smtpd_tls_cert_file = /etc/ssl/certs/ssl-mail.pem\n"
18225
"smtpd_tls_key_file = /etc/ssl/private/ssl-mail.key\n"
18226
msgstr ""
18227
18228
#: serverguide/C/mail.xml:310(para)
18229
msgid "Then restart Postfix:"
18230
msgstr ""
18231
18232
#: serverguide/C/mail.xml:321(para)
18233
msgid ""
18234
"SMTP-AUTH configuration is complete. Now it is time to test the setup."
18235
msgstr ""
18236
18237
#: serverguide/C/mail.xml:324(para)
18238
msgid "To see if SMTP-AUTH and TLS work properly, run the following command:"
18239
msgstr ""
18240
18241
#: serverguide/C/mail.xml:329(command)
18242
msgid "telnet mail.example.com 25"
18243
msgstr ""
18244
18245
#: serverguide/C/mail.xml:331(para)
18246
msgid ""
18247
"After you have established the connection to the postfix mail server, type:"
18248
msgstr ""
18249
18250
#: serverguide/C/mail.xml:335(screen)
18251
#, no-wrap
18252
msgid ""
18253
"\n"
18254
"ehlo mail.example.com\n"
18255
msgstr ""
18256
18257
#: serverguide/C/mail.xml:338(para)
18258
msgid ""
18259
"If you see the following lines among others, then everything is working "
18260
"perfectly. Type <command>quit</command> to exit."
18261
msgstr ""
18262
18263
#: serverguide/C/mail.xml:342(programlisting)
18264
#, no-wrap
18265
msgid ""
18266
"\n"
18267
"250-STARTTLS\n"
18268
"250-AUTH LOGIN PLAIN\n"
18269
"250-AUTH=LOGIN PLAIN\n"
18270
"250 8BITMIME\n"
18271
msgstr ""
18272
18273
#: serverguide/C/mail.xml:352(para)
18274
msgid ""
18275
"This section introduces some common ways to determine the cause if problems "
18276
"arise."
18277
msgstr ""
18278
18279
#: serverguide/C/mail.xml:356(title)
18280
msgid "Escaping chroot"
18281
msgstr ""
18282
18283
#: serverguide/C/mail.xml:357(para)
18284
msgid ""
18285
"The Ubuntu <application>postfix</application> package will by default "
18286
"install into a <emphasis>chroot</emphasis> environment for security reasons. "
18287
"This can add greater complexity when troubleshooting problems."
18288
msgstr ""
18289
18290
#: serverguide/C/mail.xml:361(para)
18291
msgid ""
18292
"To turn off the chroot operation locate for the following line in the "
18293
"<filename>/etc/postfix/master.cf</filename> configuration file:"
18294
msgstr ""
18295
18296
#: serverguide/C/mail.xml:365(screen)
18297
#, no-wrap
18298
msgid ""
18299
"\n"
18300
"smtp inet n - - - - smtpd\n"
18301
msgstr ""
18302
18303
#: serverguide/C/mail.xml:368(para)
18304
msgid "and modify it as follows:"
18305
msgstr ""
18306
18307
#: serverguide/C/mail.xml:371(screen)
18308
#, no-wrap
18309
msgid ""
18310
"\n"
18311
"smtp inet n - n - - smtpd\n"
18312
msgstr ""
18313
18314
#: serverguide/C/mail.xml:374(para)
18315
msgid ""
18316
"You will then need to restart Postfix to use the new configuration. From a "
18317
"terminal prompt enter:"
18318
msgstr ""
18319
18320
#: serverguide/C/mail.xml:382(title)
18321
msgid "Log Files"
18322
msgstr ""
18323
18324
#: serverguide/C/mail.xml:383(para)
18325
msgid ""
18326
"<application>Postfix</application> sends all log messages to "
18327
"<filename>/var/log/mail.log</filename>. However error and warning messages "
18328
"can sometimes get lost in the normal log output so they are also logged to "
18329
"<filename>/var/log/mail.err</filename> and "
18330
"<filename>/var/log/mail.warn</filename> respectively."
18331
msgstr ""
18332
18333
#: serverguide/C/mail.xml:388(para)
18334
msgid ""
18335
"To see messages entered into the logs in real time you can use the "
18336
"<application>tail -f</application> command:"
18337
msgstr ""
18338
18339
#: serverguide/C/mail.xml:393(command)
18340
msgid "tail -f /var/log/mail.err"
18341
msgstr ""
18342
18343
#: serverguide/C/mail.xml:395(para)
18344
msgid ""
18345
"The amount of detail that is recorded in the logs can be increased. Below "
18346
"are some configuration options for increasing the log level for some of the "
18347
"areas covered above."
18348
msgstr ""
18349
18350
#: serverguide/C/mail.xml:401(para)
18351
msgid ""
18352
"To increase <emphasis>TLS</emphasis> activity logging set the "
18353
"<emphasis>smtpd_tls_loglevel</emphasis> option to a value from 1 to 4."
18354
msgstr ""
18355
18356
#: serverguide/C/mail.xml:405(command)
18357
msgid "sudo postconf -e 'smtpd_tls_loglevel = 4'"
18358
msgstr ""
18359
18360
#: serverguide/C/mail.xml:409(para)
18361
msgid ""
18362
"If you are having trouble sending or receiving mail from a specific domain "
18363
"you can add the domain to the <emphasis>debug_peer_list</emphasis> parameter."
18364
msgstr ""
18365
18366
#: serverguide/C/mail.xml:414(command)
18367
msgid "sudo postconf -e 'debug_peer_list = problem.domain'"
18368
msgstr ""
18369
18370
#: serverguide/C/mail.xml:418(para)
18371
msgid ""
18372
"You can increase the verbosity of any <application>Postfix</application> "
18373
"daemon process by editing the <filename>/etc/postfix/master.cf</filename> "
18374
"and adding a <emphasis>-v</emphasis> after the entry. For example edit the "
18375
"<emphasis>smtp</emphasis> entry:"
18376
msgstr ""
18377
18378
#: serverguide/C/mail.xml:422(programlisting)
18379
#, no-wrap
18380
msgid ""
18381
"\n"
18382
"smtp unix - - - - - smtp -v\n"
18383
msgstr ""
18384
18385
#: serverguide/C/mail.xml:428(para)
18386
msgid ""
18387
"It is important to note that after making one of the logging changes above "
18388
"the <application>Postfix</application> process will need to be reloaded in "
18389
"order to recognize the new configuration: <command>sudo /etc/init.d/postfix "
18390
"reload</command>"
18391
msgstr ""
18392
18393
#: serverguide/C/mail.xml:435(para)
18394
msgid ""
18395
"To increase the amount of information logged when troubleshooting "
18396
"<emphasis>SASL</emphasis> issues you can set the following options in "
18397
"<filename>/etc/dovecot/dovecot.conf</filename>"
18398
msgstr ""
18399
18400
#: serverguide/C/mail.xml:439(programlisting)
18401
#, no-wrap
18402
msgid ""
18403
"\n"
18404
"auth_debug=yes\n"
18405
"auth_debug_passwords=yes\n"
18406
msgstr ""
18407
18408
#: serverguide/C/mail.xml:446(para)
18409
msgid ""
18410
"Just like <application>Postfix</application> if you change a "
18411
"<application>Dovecot</application> configuration the process will need to be "
18412
"reloaded: <command>sudo /etc/init.d/dovecot reload</command>."
18413
msgstr ""
18414
18415
#: serverguide/C/mail.xml:452(para)
18416
msgid ""
18417
"Some of the options above can drastically increase the amount of information "
18418
"sent to the log files. Remember to return the log level back to normal after "
18419
"you have corrected the problem. Then reload the appropriate daemon for the "
18420
"new configuration to take affect."
18421
msgstr ""
18422
18423
#: serverguide/C/mail.xml:460(para)
18424
msgid ""
18425
"Administering a <application>Postfix</application> server can be a very "
18426
"complicated task. At some point you may need to turn to the Ubuntu community "
18427
"for more experienced help."
18428
msgstr ""
18429
18430
#: serverguide/C/mail.xml:464(para)
18431
msgid ""
18432
"A great place to ask for <application>Postfix</application> assistance, and "
18433
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
18434
"server</emphasis> IRC channel on <ulink "
18435
"url=\"http://freenode.net\">freenode</ulink>. You can also post a message to "
18436
"one of the <ulink "
18437
"url=\"http://www.ubuntu.com/support/community/webforums\">Web Forums</ulink>."
18438
msgstr ""
18439
18440
#: serverguide/C/mail.xml:469(para)
18441
msgid ""
18442
"For in depth <application>Postfix</application> information Ubuntu "
18443
"developers highly recommend: <ulink url=\"http://www.postfix-book.com/\">The "
18444
"Book of Postfix</ulink>."
18445
msgstr ""
18446
18447
#: serverguide/C/mail.xml:473(para)
18448
msgid ""
18449
"Finally, the <ulink "
18450
"url=\"http://www.postfix.org/documentation.html\">Postfix</ulink> website "
18451
"also has great documentation on all the different configuration options "
18452
"available."
18453
msgstr ""
18454
18455
#: serverguide/C/mail.xml:477(para)
18456
msgid ""
18457
"Also, the <ulink url=\"https://help.ubuntu.com/community/Postfix\">Ubuntu "
18458
"Wiki Postifx</ulink> page has more information."
18459
msgstr ""
18460
18461
#: serverguide/C/mail.xml:485(title) serverguide/C/mail.xml:872(title) serverguide/C/mail.xml:988(title)
18462
msgid "Exim4"
18463
msgstr ""
18464
18465
#: serverguide/C/mail.xml:486(para)
18466
msgid ""
18467
"<application>Exim4</application> is another Message Transfer Agent (MTA) "
18468
"developed at the University of Cambridge for use on Unix systems connected "
18469
"to the Internet. Exim can be installed in place of "
18470
"<application>sendmail</application>, although the configuration of "
18471
"<application>exim</application> is quite different to that of "
18472
"<application>sendmail</application>."
18473
msgstr ""
18474
18475
#: serverguide/C/mail.xml:497(para)
18476
msgid ""
18477
"To install <application>exim4</application>, run the following command: "
18478
"<screen>\n"
18479
"<command>sudo apt-get install exim4</command>\n"
18480
"</screen>"
18481
msgstr ""
18482
18483
#: serverguide/C/mail.xml:506(para)
18484
msgid ""
18485
"To configure <application>Exim4</application>, run the following command:"
18486
msgstr ""
18487
18488
#: serverguide/C/mail.xml:510(command)
18489
msgid "sudo dpkg-reconfigure exim4-config"
18490
msgstr ""
18491
18492
#: serverguide/C/mail.xml:512(para)
18493
msgid ""
18494
"The user interface will be displayed. The user interface lets you configure "
18495
"many parameters. For example, In <application>Exim4</application> the "
18496
"configuration files are split among multiple files. If you wish to have them "
18497
"in one file you can configure accordingly in this user interface."
18498
msgstr ""
18499
18500
#: serverguide/C/mail.xml:520(para)
18501
msgid ""
18502
"All the parameters you configure in the user interface are stored in "
18503
"<filename>/etc/exim4/update-exim4.conf.conf</filename> file. If you wish to "
18504
"re-configure, either you re-run the configuration wizard or manually edit "
18505
"this file using your favorite editor. Once you configure, you can run the "
18506
"following command to generate the master configuration file:"
18507
msgstr ""
18508
18509
#: serverguide/C/mail.xml:531(command) serverguide/C/mail.xml:604(command)
18510
msgid "sudo update-exim4.conf"
18511
msgstr ""
18512
18513
#: serverguide/C/mail.xml:533(para)
18514
msgid ""
18515
"The master configuration file, is generated and it is stored in "
18516
"<filename>/var/lib/exim4/config.autogenerated</filename>."
18517
msgstr ""
18518
18519
#: serverguide/C/mail.xml:539(para)
18520
msgid ""
18521
"At any time, you should not edit the master configuration file, "
18522
"<filename>/var/lib/exim4/config.autogenerated</filename> manually. It is "
18523
"updated automatically every time you run <command>update-exim4.conf</command>"
18524
msgstr ""
18525
18526
#: serverguide/C/mail.xml:547(para)
18527
msgid ""
18528
"You can run the following command to start <application>Exim4</application> "
18529
"daemon."
18530
msgstr ""
18531
18532
#: serverguide/C/mail.xml:552(command) serverguide/C/mail.xml:994(command)
18533
msgid "sudo /etc/init.d/exim4 start"
18534
msgstr ""
18535
18536
#: serverguide/C/mail.xml:557(para)
18537
msgid ""
18538
"This section covers configuring Exim4 to use SMTP-AUTH with TLS and SASL."
18539
msgstr ""
18540
18541
#: serverguide/C/mail.xml:560(para)
18542
msgid ""
18543
"The first step is to create a certificate for use with TLS. Enter the "
18544
"following into a terminal prompt:"
18545
msgstr ""
18546
18547
#: serverguide/C/mail.xml:564(command)
18548
msgid "sudo /usr/share/doc/exim4-base/examples/exim-gencert"
18549
msgstr ""
18550
18551
#: serverguide/C/mail.xml:566(para)
18552
msgid ""
18553
"Now Exim4 needs to be configured for TLS by editing "
18554
"<filename>/etc/exim4/conf.d/main/03_exim4-config_tlsoptions</filename> add "
18555
"the following:"
18556
msgstr ""
18557
18558
#: serverguide/C/mail.xml:570(programlisting)
18559
#, no-wrap
18560
msgid ""
18561
"\n"
18562
"MAIN_TLS_ENABLE = yes\n"
18563
msgstr ""
18564
18565
#: serverguide/C/mail.xml:573(para)
18566
msgid ""
18567
"Next you need to configure <application>Exim4</application> to use the "
18568
"<application>saslauthd</application> for authentication. Edit "
18569
"<filename>/etc/exim4/conf.d/auth/30_exim4-config_examples</filename> and "
18570
"uncomment the <emphasis>plain_saslauthd_server</emphasis> and "
18571
"<emphasis>login_saslauthd_server</emphasis> sections:"
18572
msgstr ""
18573
18574
#: serverguide/C/mail.xml:578(programlisting)
18575
#, no-wrap
18576
msgid ""
18577
"\n"
18578
" plain_saslauthd_server:\n"
18579
" driver = plaintext\n"
18580
" public_name = PLAIN\n"
18581
" server_condition = ${if saslauthd{{$auth2}{$auth3}}{1}{0}}\n"
18582
" server_set_id = $auth2\n"
18583
" server_prompts = :\n"
18584
" .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS\n"
18585
" server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}\n"
18586
" .endif\n"
18587
"#\n"
18588
" login_saslauthd_server:\n"
18589
" driver = plaintext\n"
18590
" public_name = LOGIN\n"
18591
" server_prompts = \"Username:: : Password::\"\n"
18592
" # don't send system passwords over unencrypted connections\n"
18593
" server_condition = ${if saslauthd{{$auth1}{$auth2}}{1}{0}}\n"
18594
" server_set_id = $auth1\n"
18595
" .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS\n"
18596
" server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}\n"
18597
" .endif\n"
18598
msgstr ""
18599
18600
#: serverguide/C/mail.xml:600(para)
18601
msgid "Finally, update the Exim4 configuration and restart the service:"
18602
msgstr ""
18603
18604
#: serverguide/C/mail.xml:605(command)
18605
msgid "sudo /etc/init.d/exim4 restart"
18606
msgstr ""
18607
18608
#: serverguide/C/mail.xml:610(para)
18609
msgid ""
18610
"This section provides details on configuring the saslauthd to provide "
18611
"authentication for <application>Exim4</application>."
18612
msgstr ""
18613
18614
#: serverguide/C/mail.xml:613(para)
18615
msgid ""
18616
"The first step is to install the sasl2-bin package. From a terminal prompt "
18617
"enter the following:"
18618
msgstr ""
18619
18620
#: serverguide/C/mail.xml:617(command)
18621
msgid "sudo apt-get install sasl2-bin"
18622
msgstr ""
18623
18624
#: serverguide/C/mail.xml:619(para)
18625
msgid ""
18626
"To configure saslauthd edit the /etc/default/saslauthd configuration file "
18627
"and set START=no to:"
18628
msgstr ""
18629
18630
#: serverguide/C/mail.xml:622(programlisting)
18631
#, no-wrap
18632
msgid ""
18633
"\n"
18634
"START=yes\n"
18635
msgstr ""
18636
18637
#: serverguide/C/mail.xml:625(para)
18638
msgid ""
18639
"Next the <emphasis>Debian-exim</emphasis> user needs to be part of the "
18640
"<emphasis>sasl</emphasis> group in order for Exim4 to use the saslauthd "
18641
"service:"
18642
msgstr ""
18643
18644
#: serverguide/C/mail.xml:630(command)
18645
msgid "sudo adduser Debian-exim sasl"
18646
msgstr ""
18647
18648
#: serverguide/C/mail.xml:632(para)
18649
msgid "Now start the <application>saslauthd</application> service:"
18650
msgstr ""
18651
18652
#: serverguide/C/mail.xml:636(command)
18653
msgid "sudo /etc/init.d/saslauthd start"
18654
msgstr ""
18655
18656
#: serverguide/C/mail.xml:638(para)
18657
msgid ""
18658
"<application>Exim4</application> is now configured with SMTP-AUTH using TLS "
18659
"and SASL authentication."
18660
msgstr ""
18661
18662
#: serverguide/C/mail.xml:647(para)
18663
msgid ""
18664
"See <ulink url=\"http://www.exim.org/\">exim.org</ulink> for more "
18665
"information."
18666
msgstr ""
18667
18668
#: serverguide/C/mail.xml:652(para)
18669
msgid ""
18670
"There is also an <ulink url=\"http://www.uit.co.uk/content/exim-smtp-mail-"
18671
"server\">Exim4 Book</ulink> available."
18672
msgstr ""
18673
18674
#: serverguide/C/mail.xml:657(para)
18675
msgid ""
18676
"Another resource is the <ulink "
18677
"url=\"https://help.ubuntu.com/community/Exim4\">Exim4 Ubuntu Wiki </ulink> "
18678
"page."
18679
msgstr ""
18680
18681
#: serverguide/C/mail.xml:666(title)
18682
msgid "Dovecot Server"
18683
msgstr ""
18684
18685
#: serverguide/C/mail.xml:667(para)
18686
msgid ""
18687
"<application>Dovecot</application> is a Mail Delivery Agent, written with "
18688
"security primarily in mind. It supports the major mailbox formats: mbox or "
18689
"Maildir. This section explain how to set it up as an imap or pop3 server."
18690
msgstr ""
18691
18692
#: serverguide/C/mail.xml:675(para)
18693
msgid ""
18694
"To install <application>dovecot</application>, run the following command in "
18695
"the command prompt:"
18696
msgstr ""
18697
18698
#: serverguide/C/mail.xml:680(command)
18699
msgid "sudo apt-get install dovecot-imapd dovecot-pop3d"
18700
msgstr ""
18701
18702
#: serverguide/C/mail.xml:685(para)
18703
msgid ""
18704
"To configure <application>dovecot</application>, you can edit the file "
18705
"<filename>/etc/dovecot/dovecot.conf</filename>. You can choose the protocol "
18706
"you use. It could be pop3, pop3s (pop3 secure), imap and imaps (imap "
18707
"secure). A description of these protocols is beyond the scope of this guide. "
18708
"For further information, refer to the Wikipedia articles on <ulink "
18709
"url=\"http://en.wikipedia.org/wiki/POP3\">POP3</ulink> and <ulink "
18710
"url=\"http://en.wikipedia.org/wiki/Internet_Message_Access_Protocol\">IMAP</u"
18711
"link>."
18712
msgstr ""
18713
18714
#: serverguide/C/mail.xml:695(para)
18715
msgid ""
18716
"IMAPS and POP3S are more secure that the simple IMAP and POP3 because they "
18717
"use SSL encryption to connect. Once you have chosen the protocol, amend the "
18718
"following line in the file <filename>/etc/dovecot/dovecot.conf</filename>:"
18719
msgstr ""
18720
18721
#: serverguide/C/mail.xml:701(programlisting)
18722
#, no-wrap
18723
msgid ""
18724
"\n"
18725
"protocols = pop3 pop3s imap imaps\n"
18726
msgstr ""
18727
18728
#: serverguide/C/mail.xml:704(para)
18729
msgid ""
18730
"Next, choose the mailbox you would like to use. "
18731
"<application>Dovecot</application> supports <emphasis "
18732
"role=\"strong\">maildir</emphasis> and <emphasis "
18733
"role=\"strong\">mbox</emphasis> formats. These are the most commonly used "
18734
"mailbox formats. They both have their own benefits and are discussed on "
18735
"<ulink url=\"http://wiki.dovecot.org/MailboxFormat\">the Dovecot web "
18736
"site</ulink>."
18737
msgstr ""
18738
18739
#: serverguide/C/mail.xml:712(para)
18740
msgid ""
18741
"Once you have chosen your mailbox type, edit the file "
18742
"<filename>/etc/dovecot/dovecot.conf</filename> and change the following line:"
18743
msgstr ""
18744
18745
#: serverguide/C/mail.xml:717(programlisting)
18746
#, no-wrap
18747
msgid ""
18748
"\n"
18749
"mail_location = maildir:~/Maildir # (for maildir)\n"
18750
"or\n"
18751
"mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u # (for mbox)\n"
18752
msgstr ""
18753
18754
#: serverguide/C/mail.xml:723(para)
18755
msgid ""
18756
"You should configure your Mail Transport Agent (MTA) to transfer the "
18757
"incoming mail to this type of mailbox if it is different from the one you "
18758
"have configured."
18759
msgstr ""
18760
18761
#: serverguide/C/mail.xml:729(para)
18762
msgid ""
18763
"Once you have configured dovecot, restart the "
18764
"<application>dovecot</application> daemon in order to test your setup:"
18765
msgstr ""
18766
18767
#: serverguide/C/mail.xml:738(para)
18768
msgid ""
18769
"If you have enabled imap, or pop3, you can also try to log in with the "
18770
"commands <command>telnet localhost pop3</command> or <command>telnet "
18771
"localhost imap2</command>. If you see something like the following, the "
18772
"installation has been successful:"
18773
msgstr ""
18774
18775
#: serverguide/C/mail.xml:745(programlisting)
18776
#, no-wrap
18777
msgid ""
18778
"\n"
18779
"bhuvan@rainbow:~$ telnet localhost pop3\n"
18780
"Trying 127.0.0.1...\n"
18781
"Connected to localhost.localdomain.\n"
18782
"Escape character is '^]'.\n"
18783
"+OK Dovecot ready.\n"
18784
msgstr ""
18785
18786
#: serverguide/C/mail.xml:754(title)
18787
msgid "Dovecot SSL Configuration"
18788
msgstr ""
18789
18790
#: serverguide/C/mail.xml:755(para)
18791
msgid ""
18792
"To configure <application>dovecot</application> to use SSL, you can edit the "
18793
"file <filename>/etc/dovecot/dovecot.conf</filename> and amend following "
18794
"lines:"
18795
msgstr ""
18796
18797
#: serverguide/C/mail.xml:760(programlisting)
18798
#, no-wrap
18799
msgid ""
18800
"\n"
18801
"ssl_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem\n"
18802
"ssl_key_file = /etc/ssl/private/ssl-cert-snakeoil.key\n"
18803
"ssl_disable = no\n"
18804
"disable_plaintext_auth = no\n"
18805
msgstr ""
18806
18807
#: serverguide/C/mail.xml:766(para)
18808
msgid ""
18809
"You can get the SSL certificate from a Certificate Issuing Authority or you "
18810
"can create self signed SSL certificate. The latter is a good option for "
18811
"email, because SMTP clients rarely complain about \"self-signed "
18812
"certificates\". Please refer to <xref linkend=\"certificates-and-"
18813
"security\"/> for details about how to create self signed SSL certificate. "
18814
"Once you create the certificate, you will have a key file and a certificate "
18815
"file. Please copy them to the location pointed in the "
18816
"<filename>/etc/dovecot/dovecot.conf</filename> configuration file."
18817
msgstr ""
18818
18819
#: serverguide/C/mail.xml:781(title)
18820
msgid "Firewall Configuration for an Email Server"
18821
msgstr ""
18822
18823
#: serverguide/C/mail.xml:787(para)
18824
msgid "IMAP - 143"
18825
msgstr ""
18826
18827
#: serverguide/C/mail.xml:788(para)
18828
msgid "IMAPS - 993"
18829
msgstr ""
18830
18831
#: serverguide/C/mail.xml:789(para)
18832
msgid "POP3 - 110"
18833
msgstr ""
18834
18835
#: serverguide/C/mail.xml:790(para)
18836
msgid "POP3S - 995"
18837
msgstr ""
18838
18839
#: serverguide/C/mail.xml:782(para)
18840
msgid ""
18841
"To access your mail server from another computer, you must configure your "
18842
"firewall to allow connections to the server on the necessary ports. "
18843
"<placeholder-1/>"
18844
msgstr ""
18845
18846
#: serverguide/C/mail.xml:799(para)
18847
msgid ""
18848
"See the <ulink url=\"http://www.dovecot.org/\">Dovecot website</ulink> for "
18849
"more information."
18850
msgstr ""
18851
18852
#: serverguide/C/mail.xml:804(para)
18853
msgid ""
18854
"Also, the <ulink url=\"https://help.ubuntu.com/community/Dovecot\">Dovecot "
18855
"Ubuntu Wiki</ulink> page has more details."
18856
msgstr ""
18857
18858
#: serverguide/C/mail.xml:813(title) serverguide/C/mail.xml:890(title) serverguide/C/mail.xml:1113(title)
18859
msgid "Mailman"
18860
msgstr ""
18861
18862
#: serverguide/C/mail.xml:814(para)
18863
msgid ""
18864
"Mailman is an open source program for managing electronic mail discussions "
18865
"and e-newsletter lists. Many open source mailing lists (including all the "
18866
"<ulink url=\"http://lists.ubuntu.com\">Ubuntu mailing lists</ulink>) use "
18867
"Mailman as their mailing list software. It is powerful and easy to install "
18868
"and maintain."
18869
msgstr ""
18870
18871
#: serverguide/C/mail.xml:824(para)
18872
msgid ""
18873
"Mailman provides a web interface for the administrators and users, using an "
18874
"external mail server to send and receive emails. It works perfectly with the "
18875
"following mail servers:"
18876
msgstr ""
18877
18878
#: serverguide/C/mail.xml:835(application)
18879
msgid "Exim"
18880
msgstr ""
18881
18882
#: serverguide/C/mail.xml:838(application)
18883
msgid "Sendmail"
18884
msgstr ""
18885
18886
#: serverguide/C/mail.xml:841(application)
18887
msgid "Qmail"
18888
msgstr ""
18889
18890
#: serverguide/C/mail.xml:846(para)
18891
msgid ""
18892
"We will see how to install and configure Mailman with, the Apache web "
18893
"server, and either the Postfix or Exim mail server. If you wish to install "
18894
"Mailman with a different mail server, please refer to the references section."
18895
msgstr ""
18896
18897
#: serverguide/C/mail.xml:853(para)
18898
msgid ""
18899
"You only need to install one mail server and "
18900
"<application>Postfix</application> is the default Ubuntu Mail Transfer Agent."
18901
msgstr ""
18902
18903
#: serverguide/C/mail.xml:858(title) serverguide/C/mail.xml:917(title)
18904
msgid "Apache2"
18905
msgstr ""
18906
18907
#: serverguide/C/mail.xml:859(para)
18908
msgid ""
18909
"To install apache2 you refer to <ulink url=\"./web-servers.xml#http-"
18910
"installation\">HTTPD Installation</ulink> section for details."
18911
msgstr ""
18912
18913
#: serverguide/C/mail.xml:867(para)
18914
msgid ""
18915
"For instructions on installing and configuring Postfix refer to <xref "
18916
"linkend=\"postfix\"/>"
18917
msgstr ""
18918
18919
#: serverguide/C/mail.xml:873(para)
18920
msgid "To install Exim4 refer to <xref linkend=\"exim4\"/>."
18921
msgstr ""
18922
18923
#: serverguide/C/mail.xml:884(application)
18924
msgid "dc_use_split_config='true'"
18925
msgstr ""
18926
18927
#: serverguide/C/mail.xml:876(para)
18928
msgid ""
18929
"Once exim4 is installed, the configuration files are stored in the "
18930
"<filename>/etc/exim4</filename> directory. In Ubuntu, by default, the exim4 "
18931
"configuration files are split across different files. You can change this "
18932
"behavior by changing the following variable in the "
18933
"<filename>/etc/exim4/update-exim4.conf</filename> file: <placeholder-1/>"
18934
msgstr ""
18935
18936
#: serverguide/C/mail.xml:891(para)
18937
msgid ""
18938
"To install <application>Mailman</application>, run following command at a "
18939
"terminal prompt:"
18940
msgstr ""
18941
18942
#: serverguide/C/mail.xml:895(command)
18943
msgid "sudo apt-get install mailman"
18944
msgstr ""
18945
18946
#: serverguide/C/mail.xml:897(para)
18947
msgid ""
18948
"It copies the installation files in "
18949
"<application>/var/lib/mailman</application> directory. It installs the CGI "
18950
"scripts in <application>/usr/lib/cgi-bin/mailman</application> directory. It "
18951
"creates <emphasis>list</emphasis> linux user. It creates the "
18952
"<emphasis>list</emphasis> linux group. The mailman process will be owned by "
18953
"this user."
18954
msgstr ""
18955
18956
#: serverguide/C/mail.xml:909(para)
18957
msgid ""
18958
"This section assumes you have successfully installed "
18959
"<application>mailman</application>, <application>apache2</application>, and "
18960
"<application>postfix</application> or <application>exim4</application>. Now "
18961
"you just need to configure them."
18962
msgstr ""
18963
18964
#: serverguide/C/mail.xml:918(para)
18965
msgid ""
18966
"An example Apache configuration file comes with "
18967
"<application>Mailman</application> and is placed in "
18968
"<filename>/etc/mailman/apache.conf</filename>. In order for Apache to use "
18969
"the config file it needs to be copied to <filename>/etc/apache2/sites-"
18970
"available</filename>:"
18971
msgstr ""
18972
18973
#: serverguide/C/mail.xml:924(command)
18974
msgid ""
18975
"sudo cp /etc/mailman/apache.conf /etc/apache2/sites-available/mailman.conf"
18976
msgstr ""
18977
18978
#: serverguide/C/mail.xml:926(para)
18979
msgid ""
18980
"This will setup a new Apache <emphasis>VirtualHost</emphasis> for the "
18981
"Mailman administration site. Now enable the new configuration and restart "
18982
"Apache:"
18983
msgstr ""
18984
18985
#: serverguide/C/mail.xml:931(command)
18986
msgid "sudo a2ensite mailman.conf"
18987
msgstr ""
18988
18989
#: serverguide/C/mail.xml:934(para)
18990
msgid ""
18991
"Mailman uses apache2 to render its CGI scripts. The mailman CGI scripts are "
18992
"installed in the <application>/usr/lib/cgi-bin/mailman</application> "
18993
"directory. So, the mailman url will be http://hostname/cgi-bin/mailman/. You "
18994
"can make changes to the <filename>/etc/apache2/sites-"
18995
"available/mailman.conf</filename> file if you wish to change this behavior."
18996
msgstr ""
18997
18998
#: serverguide/C/mail.xml:945(para)
18999
msgid ""
19000
"For <application>Postfix</application> integration, we will associate the "
19001
"domain lists.example.com with the mailing lists. Please replace "
19002
"<emphasis>lists.example.com</emphasis> with the domain of your choosing."
19003
msgstr ""
19004
19005
#: serverguide/C/mail.xml:949(para)
19006
msgid ""
19007
"You can use the postconf command to add the necessary configuration to "
19008
"<filename>/etc/postfix/main.cf</filename>:"
19009
msgstr ""
19010
19011
#: serverguide/C/mail.xml:953(command)
19012
msgid "sudo postconf -e 'relay_domains = lists.example.com'"
19013
msgstr ""
19014
19015
#: serverguide/C/mail.xml:954(command)
19016
msgid "sudo postconf -e 'transport_maps = hash:/etc/postfix/transport'"
19017
msgstr ""
19018
19019
#: serverguide/C/mail.xml:955(command)
19020
msgid "sudo postconf -e 'mailman_destination_recipient_limit = 1'"
19021
msgstr ""
19022
19023
#: serverguide/C/mail.xml:957(para)
19024
msgid ""
19025
"In <filename>/etc/postfix/master.cf</filename> double check that you have "
19026
"the following transport:"
19027
msgstr ""
19028
19029
#: serverguide/C/mail.xml:960(programlisting)
19030
#, no-wrap
19031
msgid ""
19032
"\n"
19033
"mailman unix - n n - - pipe\n"
19034
" flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py\n"
19035
" ${nexthop} ${user}\n"
19036
msgstr ""
19037
19038
#: serverguide/C/mail.xml:965(para)
19039
msgid ""
19040
"It calls the <emphasis>postfix-to-mailman.py</emphasis> script when a mail "
19041
"is delivered to a list."
19042
msgstr ""
19043
19044
#: serverguide/C/mail.xml:968(para)
19045
msgid ""
19046
"Associate the domain lists.example.com to the Mailman transport with the "
19047
"transport map. Edit the file <filename>/etc/postfix/transport</filename>:"
19048
msgstr ""
19049
19050
#: serverguide/C/mail.xml:971(programlisting)
19051
#, no-wrap
19052
msgid ""
19053
"\n"
19054
"lists.example.com mailman:\n"
19055
msgstr ""
19056
19057
#: serverguide/C/mail.xml:974(para)
19058
msgid ""
19059
"Now have <application>Postfix</application> build the transport map by "
19060
"entering the following from a terminal prompt:"
19061
msgstr ""
19062
19063
#: serverguide/C/mail.xml:978(command)
19064
msgid "sudo postmap -v /etc/postfix/transport"
19065
msgstr ""
19066
19067
#: serverguide/C/mail.xml:980(para)
19068
msgid "Then restart Postfix to enable the new configurations:"
19069
msgstr ""
19070
19071
#: serverguide/C/mail.xml:989(para)
19072
msgid ""
19073
"Once Exim4 is installed, you can start the Exim server using the following "
19074
"command from a terminal prompt:"
19075
msgstr ""
19076
19077
#: serverguide/C/mail.xml:1005(para) serverguide/C/mail.xml:1020(title)
19078
msgid "Main"
19079
msgstr ""
19080
19081
#: serverguide/C/mail.xml:1008(para) serverguide/C/mail.xml:1060(title)
19082
msgid "Transport"
19083
msgstr ""
19084
19085
#: serverguide/C/mail.xml:1011(para) serverguide/C/mail.xml:1083(title)
19086
msgid "Router"
19087
msgstr ""
19088
19089
#: serverguide/C/mail.xml:996(para)
19090
msgid ""
19091
"In order to make mailman work with Exim4, you need to configure Exim4. As "
19092
"mentioned earlier, by default, Exim4 uses multiple configuration files of "
19093
"different types. For details, please refer to the <ulink "
19094
"url=\"http://www.exim.org\">Exim</ulink> web site. To run mailman, we should "
19095
"add new a configuration file to the following configuration types: "
19096
"<placeholder-1/> Exim creates a master configuration file by sorting all "
19097
"these mini configuration files. So, the order of these configuration files "
19098
"is very important."
19099
msgstr ""
19100
19101
#: serverguide/C/mail.xml:1027(programlisting)
19102
#, no-wrap
19103
msgid ""
19104
"\n"
19105
"# start\n"
19106
"# Home dir for your Mailman installation -- aka Mailman's prefix\n"
19107
"# directory.\n"
19108
"# On Ubuntu this should be \"/var/lib/mailman\"\n"
19109
"# This is normally the same as ~mailman\n"
19110
"MM_HOME=/var/lib/mailman\n"
19111
"#\n"
19112
"# User and group for Mailman, should match your --with-mail-gid\n"
19113
"# switch to Mailman's configure script. Value is normally \"mailman\"\n"
19114
"MM_UID=list\n"
19115
"MM_GID=list\n"
19116
"#\n"
19117
"# Domains that your lists are in - colon separated list\n"
19118
"# you may wish to add these into local_domains as well\n"
19119
"domainlist mm_domains=hostname.com\n"
19120
"#\n"
19121
"# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n"
19122
"#\n"
19123
"# These values are derived from the ones above and should not need\n"
19124
"# editing unless you have munged your mailman installation\n"
19125
"#\n"
19126
"# The path of the Mailman mail wrapper script\n"
19127
"MM_WRAP=MM_HOME/mail/mailman\n"
19128
"#\n"
19129
"# The path of the list config file (used as a required file when\n"
19130
"# verifying list addresses)\n"
19131
"MM_LISTCHK=MM_HOME/lists/${lc::$local_part}/config.pck\n"
19132
"# end\n"
19133
msgstr ""
19134
19135
#: serverguide/C/mail.xml:1021(para)
19136
msgid ""
19137
"All the configuration files belonging to the main type are stored in the "
19138
"<filename>/etc/exim4/conf.d/main/</filename> directory. You can add the "
19139
"following content to a new file, named <filename>04_exim4-"
19140
"config_mailman</filename>: <placeholder-1/>"
19141
msgstr ""
19142
19143
#: serverguide/C/mail.xml:1067(programlisting)
19144
#, no-wrap
19145
msgid ""
19146
"\n"
19147
" mailman_transport:\n"
19148
" driver = pipe\n"
19149
" command = MM_WRAP \\\n"
19150
" '${if def:local_part_suffix \\\n"
19151
" {${sg{$local_part_suffix}{-(\\\\w+)(\\\\+.*)?}{\\$1}}} "
19152
"\\\n"
19153
" {post}}' \\\n"
19154
" $local_part\n"
19155
" current_directory = MM_HOME\n"
19156
" home_directory = MM_HOME\n"
19157
" user = MM_UID\n"
19158
" group = MM_GID\n"
19159
msgstr ""
19160
19161
#: serverguide/C/mail.xml:1061(para)
19162
msgid ""
19163
"All the configuration files belonging to transport type are stored in the "
19164
"<filename>/etc/exim4/conf.d/transport/</filename> directory. You can add the "
19165
"following content to a new file named <filename> 40_exim4-"
19166
"config_mailman</filename>: <placeholder-1/>"
19167
msgstr ""
19168
19169
#: serverguide/C/mail.xml:1088(programlisting)
19170
#, no-wrap
19171
msgid ""
19172
"\n"
19173
" mailman_router:\n"
19174
" driver = accept\n"
19175
" require_files = MM_HOME/lists/$local_part/config.pck\n"
19176
" local_part_suffix_optional\n"
19177
" local_part_suffix = -bounces : -bounces+* : \\\n"
19178
" -confirm+* : -join : -leave : \\\n"
19179
" -owner : -request : -admin\n"
19180
" transport = mailman_transport\n"
19181
msgstr ""
19182
19183
#: serverguide/C/mail.xml:1084(para)
19184
msgid ""
19185
"All the configuration files belonging to router type are stored in the "
19186
"<filename>/etc/exim4/conf.d/router/</filename> directory. You can add the "
19187
"following content in to a new file named <filename>101_exim4-"
19188
"config_mailman</filename>: <placeholder-1/>"
19189
msgstr ""
19190
19191
#: serverguide/C/mail.xml:1101(para)
19192
msgid ""
19193
"The order of main and transport configuration files can be in any order. "
19194
"But, the order of router configuration files must be the same. This "
19195
"particular file must appear before the <application>200_exim4-"
19196
"config_primary</application> file. These two configuration files contain "
19197
"same type of information. The first file takes the precedence. For more "
19198
"details, please refer to the references section."
19199
msgstr ""
19200
19201
#: serverguide/C/mail.xml:1114(para)
19202
msgid ""
19203
"Once mailman is installed, you can run it using the following command:"
19204
msgstr ""
19205
19206
#: serverguide/C/mail.xml:1118(command)
19207
msgid "sudo /etc/init.d/mailman start"
19208
msgstr ""
19209
19210
#: serverguide/C/mail.xml:1120(para)
19211
msgid ""
19212
"Once mailman is installed, you should create the default mailing list. Run "
19213
"the following command to create the mailing list:"
19214
msgstr ""
19215
19216
#: serverguide/C/mail.xml:1126(command)
19217
msgid "sudo /usr/sbin/newlist mailman"
19218
msgstr ""
19219
19220
#: serverguide/C/mail.xml:1129(programlisting)
19221
#, no-wrap
19222
msgid ""
19223
"\n"
19224
" Enter the email address of the person running the list: bhuvan at "
19225
"ubuntu.com\n"
19226
" Initial mailman password:\n"
19227
" To finish creating your mailing list, you must edit your "
19228
"<filename>/etc/aliases</filename> (or\n"
19229
" equivalent) file by adding the following lines, and possibly running the\n"
19230
" `newaliases' program:\n"
19231
"\n"
19232
" ## mailman mailing list\n"
19233
" mailman: \"|/var/lib/mailman/mail/mailman post mailman\"\n"
19234
" mailman-admin: \"|/var/lib/mailman/mail/mailman admin mailman\"\n"
19235
" mailman-bounces: \"|/var/lib/mailman/mail/mailman bounces mailman\"\n"
19236
" mailman-confirm: \"|/var/lib/mailman/mail/mailman confirm mailman\"\n"
19237
" mailman-join: \"|/var/lib/mailman/mail/mailman join mailman\"\n"
19238
" mailman-leave: \"|/var/lib/mailman/mail/mailman leave mailman\"\n"
19239
" mailman-owner: \"|/var/lib/mailman/mail/mailman owner mailman\"\n"
19240
" mailman-request: \"|/var/lib/mailman/mail/mailman request mailman\"\n"
19241
" mailman-subscribe: \"|/var/lib/mailman/mail/mailman subscribe "
19242
"mailman\"\n"
19243
" mailman-unsubscribe: \"|/var/lib/mailman/mail/mailman unsubscribe "
19244
"mailman\"\n"
19245
"\n"
19246
" Hit enter to notify mailman owner...\n"
19247
"\n"
19248
" # \n"
19249
msgstr ""
19250
19251
#: serverguide/C/mail.xml:1152(para)
19252
msgid ""
19253
"We have configured either Postfix or Exim4 to recognize all emails from "
19254
"mailman. So, it is not mandatory to make any new entries in "
19255
"<filename>/etc/aliases</filename>. If you have made any changes to the "
19256
"configuration files, please ensure that you restart those services before "
19257
"continuing to next section."
19258
msgstr ""
19259
19260
#: serverguide/C/mail.xml:1160(para)
19261
msgid ""
19262
"The Exim4 does not use the above aliases to forward mails to Mailman, as it "
19263
"uses a <emphasis>discover</emphasis> approach. To suppress the aliases while "
19264
"creating the list, you can add <emphasis>MTA=None</emphasis> line in Mailman "
19265
"configuration file, <filename>/etc/mailman/mm_cfg.py</filename>."
19266
msgstr ""
19267
19268
#: serverguide/C/mail.xml:1171(title)
19269
msgid "Administration"
19270
msgstr ""
19271
19272
#: serverguide/C/mail.xml:1172(para)
19273
msgid ""
19274
"We assume you have a default installation. The mailman cgi scripts are still "
19275
"in the <application>/usr/lib/cgi-bin/mailman/</application> directory. "
19276
"Mailman provides a web based administration facility. To access this page, "
19277
"point your browser to the following url:"
19278
msgstr ""
19279
19280
#: serverguide/C/mail.xml:1180(para)
19281
msgid "http://hostname/cgi-bin/mailman/admin"
19282
msgstr ""
19283
19284
#: serverguide/C/mail.xml:1184(para)
19285
msgid ""
19286
"The default mailing list, <emphasis>mailman</emphasis>, will appear in this "
19287
"screen. If you click the mailing list name, it will ask for your "
19288
"authentication password. If you enter the correct password, you will be able "
19289
"to change administrative settings of this mailing list. You can create a new "
19290
"mailing list using the command line utility "
19291
"(<command>/usr/sbin/newlist</command>). Alternatively, you can create a new "
19292
"mailing list using the web interface."
19293
msgstr ""
19294
19295
#: serverguide/C/mail.xml:1197(title)
19296
msgid "Users"
19297
msgstr ""
19298
19299
#: serverguide/C/mail.xml:1198(para)
19300
msgid ""
19301
"Mailman provides a web based interface for users. To access this page, point "
19302
"your browser to the following url:"
19303
msgstr ""
19304
19305
#: serverguide/C/mail.xml:1203(para)
19306
msgid "http://hostname/cgi-bin/mailman/listinfo"
19307
msgstr ""
19308
19309
#: serverguide/C/mail.xml:1207(para)
19310
msgid ""
19311
"The default mailing list, <emphasis>mailman</emphasis>, will appear in this "
19312
"screen. If you click the mailing list name, it will display the subscription "
19313
"form. You can enter your email address, name (optional), and password to "
19314
"subscribe. An email invitation will be sent to you. You can follow the "
19315
"instructions in the email to subscribe."
19316
msgstr ""
19317
19318
#: serverguide/C/mail.xml:1219(ulink)
19319
msgid "GNU Mailman - Installation Manual"
19320
msgstr ""
19321
19322
#: serverguide/C/mail.xml:1223(ulink)
19323
msgid "HOWTO - Using Exim 4 and Mailman 2.1 together"
19324
msgstr ""
19325
19326
#: serverguide/C/mail.xml:1226(para)
19327
msgid ""
19328
"Also, see the <ulink "
19329
"url=\"https://help.ubuntu.com/community/Mailman\">Mailman Ubuntu "
19330
"Wiki</ulink> page."
19331
msgstr ""
19332
19333
#: serverguide/C/mail.xml:1232(title)
19334
msgid "Mail Filtering"
19335
msgstr ""
19336
19337
#: serverguide/C/mail.xml:1233(para)
19338
msgid ""
19339
"One of the largest issues with email today is the problem of Unsolicited "
19340
"Bulk Email (UBE). Also known as SPAM, such messages may also carry viruses "
19341
"and other forms of malware. According to some reports these messages make up "
19342
"the bulk of all email traffic on the Internet."
19343
msgstr ""
19344
19345
#: serverguide/C/mail.xml:1238(para)
19346
msgid ""
19347
"This section will cover integrating <application>Amavisd-new</application>, "
19348
"<application>Spamassassin</application>, and "
19349
"<application>ClamAV</application> with the "
19350
"<application>Postfix</application> Mail Transport Agent (MTA). "
19351
"<application>Postfix</application> can also check email validity by passing "
19352
"it through external content filters. These filters can sometimes determine "
19353
"if a message is spam without needing to process it with more resource "
19354
"intensive applications. Two common filters are <application>dkim-"
19355
"filter</application> and <application>python-policyd-spf</application>."
19356
msgstr ""
19357
19358
#: serverguide/C/mail.xml:1248(para)
19359
msgid ""
19360
"<application>Amavisd-new</application> is a wrapper program that can call "
19361
"any number of content filtering programs for spam detection, antivirus, etc."
19362
msgstr ""
19363
19364
#: serverguide/C/mail.xml:1254(para)
19365
msgid ""
19366
"<application>Spamassassin</application> uses a variety of mechanisms to "
19367
"filter email based on the message content."
19368
msgstr ""
19369
19370
#: serverguide/C/mail.xml:1259(para)
19371
msgid ""
19372
"<application>ClamAV</application> is an open source antivirus application."
19373
msgstr ""
19374
19375
#: serverguide/C/mail.xml:1264(para)
19376
msgid ""
19377
"<application>dkim-filter</application> implements a Sendmail Mail Filter "
19378
"(Milter) for the DomainKeys Identified Mail (DKIM) standard."
19379
msgstr ""
19380
19381
#: serverguide/C/mail.xml:1270(para)
19382
msgid ""
19383
"<application>python-policyd-spf</application> enables Sender Policy "
19384
"Framework (SPF) checking with <application>Postfix</application>."
19385
msgstr ""
19386
19387
#: serverguide/C/mail.xml:1275(para)
19388
msgid "This is how the pieces fit together:"
19389
msgstr ""
19390
19391
#: serverguide/C/mail.xml:1280(para)
19392
msgid "An email message is accepted by <application>Postfix</application>."
19393
msgstr ""
19394
19395
#: serverguide/C/mail.xml:1285(para)
19396
msgid ""
19397
"The message is passed through any external filters <application>dkim-"
19398
"filter</application> and <application>python-policyd-spf</application> in "
19399
"this case."
19400
msgstr ""
19401
19402
#: serverguide/C/mail.xml:1291(para)
19403
msgid "<application>Amavisd-new</application> then processes the message."
19404
msgstr ""
19405
19406
#: serverguide/C/mail.xml:1296(para)
19407
msgid ""
19408
"<application>ClamAV</application> is used to scan the message. If the "
19409
"message contains a virus <application>Postfix</application> will reject the "
19410
"message."
19411
msgstr ""
19412
19413
#: serverguide/C/mail.xml:1302(para)
19414
msgid ""
19415
"Clean messages will then be analyzed by "
19416
"<application>Spamassassin</application> to find out if the message is spam. "
19417
"<application>Spamassassin</application> will then add X-Header lines "
19418
"allowing <application>Amavisd-new</application> to further manipulate the "
19419
"message."
19420
msgstr ""
19421
19422
#: serverguide/C/mail.xml:1309(para)
19423
msgid ""
19424
"For example, if a message has a Spam score of over fifty the message could "
19425
"be automatically dropped from the queue without the recipient ever having to "
19426
"be bothered. Another, way to handle flagged messages is to deliver them to "
19427
"the Mail User Agent (MUA) allowing the user to deal with the message as they "
19428
"see fit."
19429
msgstr ""
19430
19431
#: serverguide/C/mail.xml:1316(para)
19432
msgid ""
19433
"See <xref linkend=\"postfix\"/> for instructions on installing and "
19434
"configuring Postfix."
19435
msgstr ""
19436
19437
#: serverguide/C/mail.xml:1319(para)
19438
msgid ""
19439
"To install the rest of the applications enter the following from a terminal "
19440
"prompt:"
19441
msgstr ""
19442
19443
#: serverguide/C/mail.xml:1323(command)
19444
msgid "sudo apt-get install amavisd-new spamassassin clamav-daemon"
19445
msgstr ""
19446
19447
#: serverguide/C/mail.xml:1324(command)
19448
msgid "sudo apt-get install dkim-filter python-policyd-spf"
19449
msgstr ""
19450
19451
#: serverguide/C/mail.xml:1326(para)
19452
msgid ""
19453
"There are some optional packages that integrate with "
19454
"<application>Spamassassin</application> for better spam detection:"
19455
msgstr ""
19456
19457
#: serverguide/C/mail.xml:1330(command)
19458
msgid "sudo apt-get install pyzor razor"
19459
msgstr ""
19460
19461
#: serverguide/C/mail.xml:1332(para)
19462
msgid ""
19463
"Along with the main filtering applications compression utilities are needed "
19464
"to process some email attachments:"
19465
msgstr ""
19466
19467
#: serverguide/C/mail.xml:1336(command)
19468
msgid ""
19469
"sudo apt-get install arj cabextract cpio lha nomarch pax rar unrar unzip zip"
19470
msgstr ""
19471
19472
#: serverguide/C/mail.xml:1339(para)
19473
msgid ""
19474
"If some packages are not found, check that the "
19475
"<emphasis>multiverse</emphasis> repository is enabled in "
19476
"<filename>/etc/apt/sources.list</filename>"
19477
msgstr ""
19478
19479
#: serverguide/C/mail.xml:1340(para)
19480
msgid ""
19481
"If you make changes to the file, be sure to run <command>sudo apt-get "
19482
"update</command> before trying to install again."
19483
msgstr ""
19484
19485
#: serverguide/C/mail.xml:1345(para)
19486
msgid "Now configure everything to work together and filter email."
19487
msgstr ""
19488
19489
#: serverguide/C/mail.xml:1349(title)
19490
msgid "ClamAV"
19491
msgstr ""
19492
19493
#: serverguide/C/mail.xml:1350(para)
19494
msgid ""
19495
"The default behaviour of <application>ClamAV</application> will fit our "
19496
"needs. For more ClamAV configuration options, check the configuration files "
19497
"in <filename>/etc/clamav</filename>."
19498
msgstr ""
19499
19500
#: serverguide/C/mail.xml:1355(para)
19501
msgid ""
19502
"Add the <emphasis>clamav</emphasis> user to the <emphasis>amavis</emphasis> "
19503
"group in order for <application>Amavisd-new</application> to have the "
19504
"appropriate access to scan files:"
19505
msgstr ""
19506
19507
#: serverguide/C/mail.xml:1360(command)
19508
msgid "sudo adduser clamav amavis"
19509
msgstr ""
19510
19511
#: serverguide/C/mail.xml:1364(title)
19512
msgid "Spamassassin"
19513
msgstr ""
19514
19515
#: serverguide/C/mail.xml:1365(para)
19516
msgid ""
19517
"Spamassassin automatically detects optional components and will use them if "
19518
"they are present. This means that there is no need to configure "
19519
"<application>pyzor</application> and <application>razor</application>."
19520
msgstr ""
19521
19522
#: serverguide/C/mail.xml:1369(para)
19523
msgid ""
19524
"Edit <filename>/etc/default/spamassassin</filename> to activate the "
19525
"<application>Spamassassin</application> daemon. Change "
19526
"<emphasis>ENABLED=0</emphasis> to:"
19527
msgstr ""
19528
19529
#: serverguide/C/mail.xml:1373(programlisting)
19530
#, no-wrap
19531
msgid ""
19532
"\n"
19533
"ENABLED=1\n"
19534
msgstr ""
19535
19536
#: serverguide/C/mail.xml:1376(para)
19537
msgid "Now start the daemon:"
19538
msgstr ""
19539
19540
#: serverguide/C/mail.xml:1380(command)
19541
msgid "sudo /etc/init.d/spamassassin start"
19542
msgstr ""
19543
19544
#: serverguide/C/mail.xml:1384(title)
19545
msgid "Amavisd-new"
19546
msgstr ""
19547
19548
#: serverguide/C/mail.xml:1385(para)
19549
msgid ""
19550
"First activate spam and antivirus detection in <application>Amavisd-"
19551
"new</application> by editing <filename>/etc/amavis/conf.d/15-"
19552
"content_filter_mode</filename>:"
19553
msgstr ""
19554
19555
#: serverguide/C/mail.xml:1389(programlisting)
19556
#, no-wrap
19557
msgid ""
19558
"\n"
19559
"use strict;\n"
19560
"\n"
19561
"# You can modify this file to re-enable SPAM checking through spamassassin\n"
19562
"# and to re-enable antivirus checking.\n"
19563
"\n"
19564
"#\n"
19565
"# Default antivirus checking mode\n"
19566
"# Uncomment the two lines below to enable it\n"
19567
"#\n"
19568
"\n"
19569
"@bypass_virus_checks_maps = (\n"
19570
" \\%bypass_virus_checks, \\@bypass_virus_checks_acl, \\"
19571
"$bypass_virus_checks_re);\n"
19572
"\n"
19573
"\n"
19574
"#\n"
19575
"# Default SPAM checking mode\n"
19576
"# Uncomment the two lines below to enable it\n"
19577
"#\n"
19578
"\n"
19579
"@bypass_spam_checks_maps = (\n"
19580
" \\%bypass_spam_checks, \\@bypass_spam_checks_acl, \\"
19581
"$bypass_spam_checks_re);\n"
19582
"\n"
19583
"1; # insure a defined return\n"
19584
msgstr ""
19585
19586
#: serverguide/C/mail.xml:1414(para)
19587
msgid ""
19588
"Bouncing spam can be a bad idea as the return address is often faked. "
19589
"Consider editing <filename>/etc/amavis/conf.d/20-debian_defaults</filename> "
19590
"to set <emphasis>$final_spam_destiny</emphasis> to D_DISCARD rather than "
19591
"D_BOUNCE, as follows:"
19592
msgstr ""
19593
19594
#: serverguide/C/mail.xml:1420(programlisting)
19595
#, no-wrap
19596
msgid ""
19597
"\n"
19598
"$final_spam_destiny = D_DISCARD;\n"
19599
msgstr ""
19600
19601
#: serverguide/C/mail.xml:1424(para)
19602
msgid ""
19603
"Additionally, you may want to adjust the following options to flag more "
19604
"messages as spam:"
19605
msgstr ""
19606
19607
#: serverguide/C/mail.xml:1428(programlisting)
19608
#, no-wrap
19609
msgid ""
19610
"\n"
19611
"$sa_tag_level_deflt = -999; # add spam info headers if at, or above that "
19612
"level\n"
19613
"$sa_tag2_level_deflt = 6.0; # add 'spam detected' headers at that level\n"
19614
"$sa_kill_level_deflt = 21.0; # triggers spam evasive actions\n"
19615
"$sa_dsn_cutoff_level = 4; # spam level beyond which a DSN is not sent\n"
19616
msgstr ""
19617
19618
#: serverguide/C/mail.xml:1435(para)
19619
msgid ""
19620
"If the server's <emphasis>hostname</emphasis> is different from the domain's "
19621
"MX record you may need to manually set the <emphasis>$myhostname</emphasis> "
19622
"option. Also, if the server receives mail for multiple domains the "
19623
"<emphasis>@local_domains_acl</emphasis> option will need to be customized. "
19624
"Edit the <filename>/etc/amavis/conf.d/50-user</filename> file:"
19625
msgstr ""
19626
19627
#: serverguide/C/mail.xml:1442(programlisting)
19628
#, no-wrap
19629
msgid ""
19630
"\n"
19631
"$myhostname = 'mail.example.com';\n"
19632
"@local_domains_acl = ( \"example.com\", \"example.org\" );\n"
19633
msgstr ""
19634
19635
#: serverguide/C/mail.xml:1447(para)
19636
msgid ""
19637
"After configuration <application>Amavisd-new</application> needs to be "
19638
"restarted:"
19639
msgstr ""
19640
19641
#: serverguide/C/mail.xml:1451(command) serverguide/C/mail.xml:1497(command)
19642
msgid "sudo /etc/init.d/amavis restart"
19643
msgstr ""
19644
19645
#: serverguide/C/mail.xml:1454(title)
19646
msgid "DKIM Whitelist"
19647
msgstr ""
19648
19649
#: serverguide/C/mail.xml:1456(para)
19650
msgid ""
19651
"<application>Amavisd-new</application> can be configured to automatically "
19652
"<emphasis>Whitelist</emphasis> addresses from domains with valid Domain "
19653
"Keys. There are some pre-configured domains in the "
19654
"<filename>/etc/amavis/conf.d/40-policy_banks</filename>."
19655
msgstr ""
19656
19657
#: serverguide/C/mail.xml:1462(para)
19658
msgid "There are multiple ways to configure the Whitelist for a domain:"
19659
msgstr ""
19660
19661
#: serverguide/C/mail.xml:1468(para)
19662
msgid ""
19663
"<emphasis>'example.com' => 'WHITELIST',</emphasis>: will whitelist any "
19664
"address from the \"example.com\" domain."
19665
msgstr ""
19666
19667
#: serverguide/C/mail.xml:1473(para)
19668
msgid ""
19669
"<emphasis>'.example.com' => 'WHITELIST',</emphasis>: will whitelist any "
19670
"address from any <emphasis>subdomains</emphasis> of \"example.com\" that "
19671
"have a valid signature."
19672
msgstr ""
19673
19674
#: serverguide/C/mail.xml:1479(para)
19675
msgid ""
19676
"<emphasis>'.example.com/@example.com' => 'WHITELIST',</emphasis>: will "
19677
"whitelist subdomains of \"example.com\" that use the signature of <emphasis "
19678
"role=\"italic\">example.com</emphasis> the parent domain."
19679
msgstr ""
19680
19681
#: serverguide/C/mail.xml:1485(para)
19682
msgid ""
19683
"<emphasis>'./@example.com' => 'WHITELIST',</emphasis>: adds addresses "
19684
"that have a valid signature from \"example.com\". This is usually used for "
19685
"discussion groups that sign thier messages."
19686
msgstr ""
19687
19688
#: serverguide/C/mail.xml:1492(para)
19689
msgid ""
19690
"A domain can also have multiple Whitelist configurations. After, editing the "
19691
"file restart <application>amaisd-new</application>:"
19692
msgstr ""
19693
19694
#: serverguide/C/mail.xml:1501(para)
19695
msgid ""
19696
"In this context, once a domain has been added to the Whitelist the message "
19697
"will not receive any anti-virus or spam filtering. This may or may not be "
19698
"the intended behavior you wish for a domain."
19699
msgstr ""
19700
19701
#: serverguide/C/mail.xml:1511(para)
19702
msgid ""
19703
"For <application>Postfix</application> integration, enter the following from "
19704
"a terminal prompt:"
19705
msgstr ""
19706
19707
#: serverguide/C/mail.xml:1515(command)
19708
msgid "sudo postconf -e 'content_filter = smtp-amavis:[127.0.0.1]:10024'"
19709
msgstr ""
19710
19711
#: serverguide/C/mail.xml:1517(para)
19712
msgid ""
19713
"Next edit <filename>/etc/postfix/master.cf</filename> and add the following "
19714
"to the end of the file:"
19715
msgstr ""
19716
19717
#: serverguide/C/mail.xml:1520(programlisting)
19718
#, no-wrap
19719
msgid ""
19720
"\n"
19721
"smtp-amavis unix - - - - 2 smtp\n"
19722
" -o smtp_data_done_timeout=1200\n"
19723
" -o smtp_send_xforward_command=yes\n"
19724
" -o disable_dns_lookups=yes\n"
19725
" -o max_use=20\n"
19726
"\n"
19727
"127.0.0.1:10025 inet n - - - - smtpd\n"
19728
" -o content_filter=\n"
19729
" -o local_recipient_maps=\n"
19730
" -o relay_recipient_maps=\n"
19731
" -o smtpd_restriction_classes=\n"
19732
" -o smtpd_delay_reject=no\n"
19733
" -o smtpd_client_restrictions=permit_mynetworks,reject\n"
19734
" -o smtpd_helo_restrictions=\n"
19735
" -o smtpd_sender_restrictions=\n"
19736
" -o smtpd_recipient_restrictions=permit_mynetworks,reject\n"
19737
" -o smtpd_data_restrictions=reject_unauth_pipelining\n"
19738
" -o smtpd_end_of_data_restrictions=\n"
19739
" -o mynetworks=127.0.0.0/8\n"
19740
" -o smtpd_error_sleep_time=0\n"
19741
" -o smtpd_soft_error_limit=1001\n"
19742
" -o smtpd_hard_error_limit=1000\n"
19743
" -o smtpd_client_connection_count_limit=0\n"
19744
" -o smtpd_client_connection_rate_limit=0\n"
19745
" -o "
19746
"receive_override_options=no_header_body_checks,no_unknown_recipient_checks\n"
19747
msgstr ""
19748
19749
#: serverguide/C/mail.xml:1547(para)
19750
msgid ""
19751
"Also add the following two lines immediately below the "
19752
"<emphasis>\"pickup\"</emphasis> transport service:"
19753
msgstr ""
19754
19755
#: serverguide/C/mail.xml:1550(programlisting)
19756
#, no-wrap
19757
msgid ""
19758
"\n"
19759
" -o content_filter=\n"
19760
" -o receive_override_options=no_header_body_checks\n"
19761
msgstr ""
19762
19763
#: serverguide/C/mail.xml:1554(para)
19764
msgid ""
19765
"This will prevent messages that are generated to report on spam from being "
19766
"classified as spam."
19767
msgstr ""
19768
19769
#: serverguide/C/mail.xml:1557(para)
19770
msgid "Now restart <application>Postfix</application>:"
19771
msgstr ""
19772
19773
#: serverguide/C/mail.xml:1563(para)
19774
msgid "Content filtering with spam and virus detection is now enabled."
19775
msgstr ""
19776
19777
#: serverguide/C/mail.xml:1570(para)
19778
msgid ""
19779
"First, test that the <application>Amavisd-new</application> SMTP is "
19780
"listening:"
19781
msgstr ""
19782
19783
#: serverguide/C/mail.xml:1573(programlisting)
19784
#, no-wrap
19785
msgid ""
19786
"\n"
19787
"telnet localhost 10024\n"
19788
"Trying 127.0.0.1...\n"
19789
"Connected to localhost.\n"
19790
"Escape character is '^]'.\n"
19791
"220 [127.0.0.1] ESMTP amavisd-new service ready\n"
19792
"^]\n"
19793
msgstr ""
19794
19795
#: serverguide/C/mail.xml:1581(para)
19796
msgid ""
19797
"In the Header of messages that go through the content filter you should see:"
19798
msgstr ""
19799
19800
#: serverguide/C/mail.xml:1584(programlisting)
19801
#, no-wrap
19802
msgid ""
19803
"\n"
19804
"X-Spam-Level: \n"
19805
"X-Virus-Scanned: Debian amavisd-new at example.com\n"
19806
"X-Spam-Status: No, hits=-2.3 tagged_above=-1000.0 required=5.0 tests=AWL, "
19807
"BAYES_00\n"
19808
"X-Spam-Level: \n"
19809
msgstr ""
19810
19811
#: serverguide/C/mail.xml:1591(para)
19812
msgid ""
19813
"Your output will vary, but the important thing is that there are <emphasis>X-"
19814
"Virus-Scanned</emphasis> and <emphasis>X-Spam-Status</emphasis> entries."
19815
msgstr ""
19816
19817
#: serverguide/C/mail.xml:1599(para)
19818
msgid ""
19819
"The best way to figure out why something is going wrong is to check the log "
19820
"files."
19821
msgstr ""
19822
19823
#: serverguide/C/mail.xml:1604(para)
19824
msgid ""
19825
"For instructions on <application>Postfix</application> logging see the <xref "
19826
"linkend=\"postfix-troubleshooting\"/> section."
19827
msgstr ""
19828
19829
#: serverguide/C/mail.xml:1610(para)
19830
msgid ""
19831
"<application>Amavisd-new</application> uses "
19832
"<application>Syslog</application> to send messages to "
19833
"<filename>/var/log/mail.log</filename>. The amount of detail can be "
19834
"increased by adding the <emphasis>$log_level</emphasis> option to "
19835
"<filename>/etc/amavis/conf.d/50-user</filename>, and setting the value from "
19836
"1 to 5."
19837
msgstr ""
19838
19839
#: serverguide/C/mail.xml:1615(programlisting)
19840
#, no-wrap
19841
msgid ""
19842
"\n"
19843
"$log_level = 2;\n"
19844
msgstr ""
19845
19846
#: serverguide/C/mail.xml:1619(para)
19847
msgid ""
19848
"When the <application>Amavisd-new</application> log output is increased "
19849
"<application>Spamassassin</application> log output is also increased."
19850
msgstr ""
19851
19852
#: serverguide/C/mail.xml:1626(para)
19853
msgid ""
19854
"The <application>ClamAV</application> log level can be increased by editing "
19855
"<filename>/etc/clamav/clamd.conf</filename> and setting the following option:"
19856
msgstr ""
19857
19858
#: serverguide/C/mail.xml:1630(programlisting)
19859
#, no-wrap
19860
msgid ""
19861
"\n"
19862
"LogVerbose true\n"
19863
msgstr ""
19864
19865
#: serverguide/C/mail.xml:1633(para)
19866
msgid ""
19867
"By default <application>ClamAV</application> will send log messages to "
19868
"<filename>/var/log/clamav/clamav.log</filename>."
19869
msgstr ""
19870
19871
#: serverguide/C/mail.xml:1639(para)
19872
msgid ""
19873
"After changing an applications log settings remember to restart the service "
19874
"for the new settings to take affect. Also, once the issue you are "
19875
"troubleshooting is resolved it is a good idea to change the log settings "
19876
"back to normal."
19877
msgstr ""
19878
19879
#: serverguide/C/mail.xml:1647(para)
19880
msgid "For more information on filtering mail see the following links:"
19881
msgstr ""
19882
19883
#: serverguide/C/mail.xml:1653(ulink)
19884
msgid "Amavisd-new Documentation"
19885
msgstr ""
19886
19887
#: serverguide/C/mail.xml:1657(para)
19888
msgid ""
19889
"<ulink url=\"http://www.clamav.org/doc/latest/html/\">ClamAV "
19890
"Documentation</ulink> and <ulink "
19891
"url=\"http://wiki.clamav.net/Main/WebHome\">ClamAV Wiki</ulink>"
19892
msgstr ""
19893
19894
#: serverguide/C/mail.xml:1664(ulink)
19895
msgid "Spamassassin Wiki"
19896
msgstr ""
19897
19898
#: serverguide/C/mail.xml:1669(ulink)
19899
msgid "Pyzor Homepage"
19900
msgstr ""
19901
19902
#: serverguide/C/mail.xml:1674(ulink)
19903
msgid "Razor Homepage"
19904
msgstr ""
19905
19906
#: serverguide/C/mail.xml:1679(ulink)
19907
msgid "DKIM.org"
19908
msgstr ""
19909
19910
#: serverguide/C/mail.xml:1684(ulink)
19911
msgid "Postfix Amavis New"
19912
msgstr ""
19913
19914
#: serverguide/C/mail.xml:1688(para)
19915
msgid ""
19916
"Also, feel free to ask questions in the <emphasis>#ubuntu-server</emphasis> "
19917
"IRC channel on <ulink url=\"http://freenode.net\">freenode</ulink>."
19918
msgstr ""
19919
19920
#: serverguide/C/lamp-applications.xml:13(title)
19921
msgid "LAMP Applications"
19922
msgstr ""
19923
19924
#: serverguide/C/lamp-applications.xml:19(para)
19925
msgid ""
19926
"LAMP installations (Linux + Apache + MySQL + PHP) are a popular setup for "
19927
"Ubuntu servers. There is a plethora of Open Source applications written "
19928
"using the LAMP application stack. Some popular LAMP applications are Wiki's, "
19929
"Content Management Systems, and Management Software such as phpMyAdmin."
19930
msgstr ""
19931
19932
#: serverguide/C/lamp-applications.xml:26(para)
19933
msgid ""
19934
"One advantage of LAMP is the substantial flexibility for different database, "
19935
"web server, and scripting languages. Popular substitutes for MySQL include "
19936
"Posgresql and SQLite. Python, Perl, and Ruby are also frequently used "
19937
"instead of PHP."
19938
msgstr ""
19939
19940
#: serverguide/C/lamp-applications.xml:32(para)
19941
msgid ""
19942
"The traditional way to install most <emphasis>LAMP</emphasis> applications "
19943
"is:"
19944
msgstr ""
19945
19946
#: serverguide/C/lamp-applications.xml:38(para)
19947
msgid "Download an archive containing the application source files."
19948
msgstr ""
19949
19950
#: serverguide/C/lamp-applications.xml:43(para)
19951
msgid ""
19952
"Unpack the archive, usually in a directory accessible to a web server."
19953
msgstr ""
19954
19955
#: serverguide/C/lamp-applications.xml:48(para)
19956
msgid ""
19957
"Depending on where the source was extracted, configure a web browser to "
19958
"serve the files."
19959
msgstr ""
19960
19961
#: serverguide/C/lamp-applications.xml:53(para)
19962
msgid "Configure the application to connect to the database."
19963
msgstr ""
19964
19965
#: serverguide/C/lamp-applications.xml:58(para)
19966
msgid ""
19967
"Run a script, or browse to a page of the application, to install the "
19968
"database needed by the application."
19969
msgstr ""
19970
19971
#: serverguide/C/lamp-applications.xml:63(para)
19972
msgid ""
19973
"Once the steps above, or similar steps, are completed you are ready to begin "
19974
"using the application."
19975
msgstr ""
19976
19977
#: serverguide/C/lamp-applications.xml:69(para)
19978
msgid ""
19979
"A disadvantage of using this approach is that the application files are not "
19980
"placed in the file system in a standard way, which can cause confusion as to "
19981
"where the application is installed. Another larger disadvantage is updating "
19982
"the application. When a new version is released, the same process used to "
19983
"install the application is needed to apply updates."
19984
msgstr ""
19985
19986
#: serverguide/C/lamp-applications.xml:76(para)
19987
msgid ""
19988
"Fortunately, a number of <emphasis>LAMP</emphasis> applications are already "
19989
"packaged for Ubuntu, and are available for installation in the same way as "
19990
"non-LAMP applications. Depending on the application some extra configuration "
19991
"and setup steps may be needed, however."
19992
msgstr ""
19993
19994
#: serverguide/C/lamp-applications.xml:82(para)
19995
msgid ""
19996
"This section covers howto install and configure the Wiki applications "
19997
"<application>MoinMoin</application>, <application>MediaWiki</application>, "
19998
"and the MySQL management application <application>phpMyAdmin</application>."
19999
msgstr ""
20000
20001
#: serverguide/C/lamp-applications.xml:88(para)
20002
msgid ""
20003
"A Wiki is a website that allows the visitors to easily add, remove and "
20004
"modify available content easily. The ease of interaction and operation makes "
20005
"Wiki an effective tool for mass collaborative authoring. The term Wiki is "
20006
"also referred to the collaborative software."
20007
msgstr ""
20008
"วิกิเป็นเว็บที่อนุญาติให้ผู้เข้าชมเพิ่มเติม แก้ไข "
20009
"และลบเนื้อหาได้อย่างง่ายดาย "
20010
"ความง่ายของการใช้งานทำให้วิกิเป็นเครื่องมือที่เหมาะอย่างยิ่งสำหรับการเขียนบทค"
20011
"วามร่วมกันโดยหลายๆคน "
20012
"คำว่าวิกินั้นหมายความว่าซอฟต์แวร์สำหรับการทำงานร่วมกันได้เช่นกัน"
20013
20014
#: serverguide/C/lamp-applications.xml:100(title)
20015
msgid "Moin Moin"
20016
msgstr "Moin Moin"
20017
20018
#: serverguide/C/lamp-applications.xml:102(para)
20019
msgid ""
20020
"MoinMoin is a Wiki engine implemented in Python, based on the PikiPiki Wiki "
20021
"engine, and licensed under the GNU GPL."
20022
msgstr ""
20023
"MoinMoin เป็นโปรแกรมวิกิที่เขียนด้วยภาษาไพธอน (Python) "
20024
"โดยปรับปรุงจากโปรแกรมวิกิ PikiPiki และอยู่ภายใต้สัญญาแบบ GNU GPL"
20025
20026
#: serverguide/C/lamp-applications.xml:110(para)
20027
msgid ""
20028
"To install <application>MoinMoin</application>, run the following command in "
20029
"the command prompt:"
20030
msgstr ""
20031
"คุณสามารถติดตั้งโปรแกรม <application>MoinMoin</application> "
20032
"ได้โดยพิมพ์คำสั่ง:"
20033
20034
#: serverguide/C/lamp-applications.xml:116(command)
20035
msgid "sudo apt-get install python-moinmoin"
20036
msgstr "sudo apt-get install python-moinmoin"
20037
20038
#: serverguide/C/lamp-applications.xml:119(para)
20039
msgid ""
20040
"You should also install <application>apache2</application> web server. For "
20041
"installing <application>apache2</application> web server, please refer to "
20042
"<xref linkend=\"http-installation\"/> sub-section in <xref "
20043
"linkend=\"httpd\"/> section."
20044
msgstr ""
20045
"เราแนะนำให้คุณติดตั้งโปรแกรมเว็บเซิร์ฟเวอร์ "
20046
"<application>apache2</application> ด้วย กรุณาอ่านบทความ <xref "
20047
"linkend=\"http-installation\"/> ในส่วน <xref linkend=\"httpd\"/> "
20048
"สำหรับคำแนะนำในการติดตั้ง <application>apache2</application>"
20049
20050
#: serverguide/C/lamp-applications.xml:130(para)
20051
msgid ""
20052
"For configuring your first Wiki application, please run the following set of "
20053
"commands. Let us assume that you are creating a Wiki named "
20054
"<emphasis>mywiki</emphasis>:"
20055
msgstr ""
20056
"สำหรับการตั้งค่าโปรแกรมวิกิแรกของคุณ กรุณาพิมพ์คำสั่งดังต่อไปนี้ "
20057
"สมมุติว่าคุณต้องการสร้างวิกิชื่อ <emphasis>mywiki</emphasis>:"
20058
20059
#: serverguide/C/lamp-applications.xml:137(command)
20060
msgid "cd /usr/share/moin"
20061
msgstr ""
20062
20063
#: serverguide/C/lamp-applications.xml:138(command)
20064
msgid "sudo mkdir mywiki"
20065
msgstr ""
20066
20067
#: serverguide/C/lamp-applications.xml:139(command)
20068
msgid "sudo cp -R data mywiki"
20069
msgstr ""
20070
20071
#: serverguide/C/lamp-applications.xml:140(command)
20072
msgid "sudo cp -R underlay mywiki"
20073
msgstr ""
20074
20075
#: serverguide/C/lamp-applications.xml:141(command)
20076
msgid "sudo cp server/moin.cgi mywiki"
20077
msgstr ""
20078
20079
#: serverguide/C/lamp-applications.xml:142(command)
20080
msgid "sudo chown -R www-data.www-data mywiki"
20081
msgstr ""
20082
20083
#: serverguide/C/lamp-applications.xml:143(command)
20084
msgid "sudo chmod -R ug+rwX mywiki"
20085
msgstr ""
20086
20087
#: serverguide/C/lamp-applications.xml:144(command)
20088
msgid "sudo chmod -R o-rwx mywiki"
20089
msgstr ""
20090
20091
#: serverguide/C/lamp-applications.xml:147(para)
20092
msgid ""
20093
"Now you should configure <application>MoinMoin</application> to find your "
20094
"new Wiki <emphasis>mywiki</emphasis>. To configure "
20095
"<application>MoinMoin</application>, open "
20096
"<filename>/etc/moin/mywiki.py</filename> file and change the following line:"
20097
msgstr ""
20098
"จากนั้นคุณต้องตั้งค่า <application>MoinMoin</application> "
20099
"ให้รู้จักวิกิใหม่ของคุณที่ชื่อ <emphasis>mywiki</emphasis> โดยเปิดไฟล์ "
20100
"<filename>/etc/moin/mywiki.py</filename> และแก้ไขบรรทัดต่อไปนี้:"
20101
20102
#: serverguide/C/lamp-applications.xml:155(programlisting)
20103
#, no-wrap
20104
msgid "data_dir = '/org/mywiki/data'"
20105
msgstr ""
20106
20107
#: serverguide/C/lamp-applications.xml:157(para)
20108
msgid "to"
20109
msgstr "เป็น"
20110
20111
#: serverguide/C/lamp-applications.xml:161(programlisting)
20112
#, no-wrap
20113
msgid "data_dir = '/usr/share/moin/mywiki/data'"
20114
msgstr "data_dir = '/usr/share/moin/mywiki/data'"
20115
20116
#: serverguide/C/lamp-applications.xml:163(para)
20117
msgid ""
20118
"Also, below the <emphasis>data_dir</emphasis> option add the "
20119
"<emphasis>data_underlay_dir</emphasis>:"
20120
msgstr ""
20121
20122
#: serverguide/C/lamp-applications.xml:167(programlisting)
20123
#, no-wrap
20124
msgid ""
20125
"\n"
20126
"data_underlay_dir='/usr/share/moin/mywiki/underlay'\n"
20127
msgstr ""
20128
20129
#: serverguide/C/lamp-applications.xml:172(para)
20130
msgid ""
20131
"If the <filename>/etc/moin/mywiki.py</filename> file does not exists, you "
20132
"should copy <filename>/etc/moin/moinmaster.py</filename> file to "
20133
"<filename>/etc/moin/mywiki.py</filename> file and do the above mentioned "
20134
"change."
20135
msgstr ""
20136
"ถ้าไม่มีไฟล์ <filename>/etc/moin/mywiki.py</filename> อยู่ "
20137
"คุณสามารถคัดลอกไฟล์ <filename>/etc/moin/moinmaster.py</filename> เป็นไฟล์ "
20138
"<filename>/etc/moin/mywiki.py</filename> และแก้ไขตามที่ได้อธิบายไว้"
20139
20140
#: serverguide/C/lamp-applications.xml:181(para)
20141
msgid ""
20142
"If you have named your Wiki as <emphasis>my_wiki_name</emphasis> you should "
20143
"insert a line <quote>(\"my_wiki_name\", r\".*\")</quote> in "
20144
"<filename>/etc/moin/farmconfig.py</filename> file after the line "
20145
"<quote>(\"mywiki\", r\".*\")</quote>."
20146
msgstr ""
20147
"ถ้าคุณตั้งชื่อวิกิของคุณชื่อ <emphasis>my_wiki_name</emphasis> "
20148
"คุณควรแทรกบรรทัด <quote>(\"my_wiki_name\", r\".*\")</quote> หลังบรรทัด "
20149
"<quote>(\"mywiki\", r\".*\")</quote> ในไฟล์ "
20150
"<filename>/etc/moin/farmconfig.py</filename>"
20151
20152
#: serverguide/C/lamp-applications.xml:189(para)
20153
msgid ""
20154
"Once you have configured <application>MoinMoin</application> to find your "
20155
"first Wiki application <emphasis>mywiki</emphasis>, you should configure "
20156
"<application>apache2</application> and make it ready for your Wiki "
20157
"application."
20158
msgstr ""
20159
"หลังจากที่คุณได้ตั้งค่าของ <application>MoinMoin</application> ให้หาวิกิ "
20160
"<emphasis>mywiki</emphasis> ของคุณเจอแล้ว คุณจะต้องทำให้ "
20161
"<application>apache2</application> พร้อมที่จะให้บริการวิกิของคุณผ่านเว็บ"
20162
20163
#: serverguide/C/lamp-applications.xml:196(para)
20164
msgid ""
20165
"You should add the following lines in <filename>/etc/apache2/sites-"
20166
"available/default</filename> file inside the <quote><VirtualHost "
20167
"*></quote> tag:"
20168
msgstr ""
20169
"คุณควรเพิ่มบรรทัดต่อไปนี้ในไฟล์ <filename>/etc/apache2/sites-"
20170
"available/default</filename> ในแท็ก <quote><VirtualHost *></quote>"
20171
20172
#: serverguide/C/lamp-applications.xml:202(programlisting)
20173
#, no-wrap
20174
msgid ""
20175
"\n"
20176
"### moin\n"
20177
" ScriptAlias /mywiki \"/usr/share/moin/mywiki/moin.cgi\"\n"
20178
" alias /moin_static184 \"/usr/share/moin/htdocs\"\n"
20179
" <Directory /usr/share/moin/htdocs>\n"
20180
" Order allow,deny\n"
20181
" allow from all\n"
20182
" </Directory>\n"
20183
"### end moin\n"
20184
msgstr ""
20185
20186
#: serverguide/C/lamp-applications.xml:214(para)
20187
msgid ""
20188
"Adjust the <emphasis>\"moin_static184\"</emphasis> in the "
20189
"<emphasis>alias</emphasis> line above, to the "
20190
"<application>moinmoin</application> version installed."
20191
msgstr ""
20192
20193
#: serverguide/C/lamp-applications.xml:220(para)
20194
msgid ""
20195
"Once you configure the <application>apache2</application> web server and "
20196
"make it ready for your Wiki application, you should restart it. You can run "
20197
"the following command to restart the <application>apache2</application> web "
20198
"server:"
20199
msgstr ""
20200
"หลังจากที่คุณตั้งค่าของโปรแกรม <application>apache2</application> "
20201
"เว็บเซิร์ฟเวอร์แล้ว คุณจะต้องเริ่มโปรแกรม <application>apache2</application> "
20202
"เว็บเซิร์ฟเวอร์ใหม่โดยพิมพ์คำสั่งดังนี้:"
20203
20204
#: serverguide/C/lamp-applications.xml:233(title)
20205
msgid "Verification"
20206
msgstr "ยืนยันว่าใช้งานได้อย่างถูกต้อง"
20207
20208
#: serverguide/C/lamp-applications.xml:235(para)
20209
msgid ""
20210
"You can verify the Wiki application and see if it works by pointing your web "
20211
"browser to the following URL:"
20212
msgstr ""
20213
"คุณสามารถทดสอบดูว่าวิกิของคุณทำงานได้อย่างถูกต้องโดยเปิดเว็บเบราเซอร์ของคุณแล"
20214
"ะไปที่ที่อยู่:"
20215
20216
#: serverguide/C/lamp-applications.xml:239(programlisting)
20217
#, no-wrap
20218
msgid ""
20219
"\n"
20220
"http://localhost/mywiki\n"
20221
msgstr ""
20222
"\n"
20223
"http://localhost/mywiki\n"
20224
20225
#: serverguide/C/lamp-applications.xml:243(para)
20226
msgid ""
20227
"You can also run the test command by pointing your web browser to the "
20228
"following URL:"
20229
msgstr "คุณยังสามารถทดสอบได้โดยชี้เว็บเบราเซอร์ของคุณไปที่ที่อยู่:"
20230
20231
#: serverguide/C/lamp-applications.xml:248(programlisting)
20232
#, no-wrap
20233
msgid ""
20234
"\n"
20235
"http://localhost/mywiki?action=test\n"
20236
msgstr ""
20237
"\n"
20238
"http://localhost/mywiki?action=test\n"
20239
20240
#: serverguide/C/lamp-applications.xml:252(para)
20241
msgid ""
20242
"For more details, please refer to the <ulink "
20243
"url=\"http://moinmo.in/\">MoinMoin</ulink> web site."
20244
msgstr ""
20245
20246
#: serverguide/C/lamp-applications.xml:263(para)
20247
msgid ""
20248
"For more information see the <ulink url=\"http://moinmo.in/\">moinmoin "
20249
"Wiki</ulink>."
20250
msgstr ""
20251
20252
#: serverguide/C/lamp-applications.xml:268(para)
20253
msgid ""
20254
"Also, see the <ulink "
20255
"url=\"https://help.ubuntu.com/community/MoinMoin\">Ubuntu Wiki "
20256
"MoinMoin</ulink> page."
20257
msgstr ""
20258
20259
#: serverguide/C/lamp-applications.xml:277(title)
20260
msgid "MediaWiki"
20261
msgstr "มีเดียวิกิ (MediaWiki)"
20262
20263
#: serverguide/C/lamp-applications.xml:279(para)
20264
msgid ""
20265
"MediaWiki is an web based Wiki software written in the PHP language. It can "
20266
"either use <application>MySQL</application> or "
20267
"<application>PostgreSQL</application> Database Management System."
20268
msgstr ""
20269
"มีเดียวิกิ (MediaWiki) เป็นระบบวิกิที่ทำงานบนเว็บและถูกเขียนด้วยภาษา PHP "
20270
"มีเดียวิกิสามารถใช้ฐานข้อมูล <application>MySQL</application> หรือ "
20271
"<application>PostgreSQL</application> เพื่อจัดเก็บข้อมูลในวิกิ"
20272
20273
#: serverguide/C/lamp-applications.xml:289(para)
20274
msgid ""
20275
"Before installing <application>MediaWiki</application> you should also "
20276
"install <application>Apache2</application>, the "
20277
"<application>PHP5</application> scripting language and Database a Management "
20278
"System. <application>MySQL</application> or "
20279
"<application>PostgreSQL</application> are the most common, choose one "
20280
"depending on your need. Please refer to those sections in this manual for "
20281
"installation instructions."
20282
msgstr ""
20283
"ก่อนติดตั้ง <application>MediaWiki</application> คุณควรติดตั้งโปรแกรม "
20284
"<application>Apache2</application>, ภาษาสคริปต์ "
20285
"<application>PHP5</application> และฐานข้อมูลเสียก่อน "
20286
"โดยคุณสามารถใช้ฐานข้อมูล <application>MySQL</application> หรือ "
20287
"<application>PostgreSQL</application> ก็ได้ "
20288
"กรุณาอ่านวิธีการติดตั้งโปรแกรมต่างๆเหล่านี้ในส่วนที่เกี่ยวข้องของคู่มือฉบับนี"
20289
"้"
20290
20291
#: serverguide/C/lamp-applications.xml:297(para)
20292
msgid ""
20293
"To install <application>MediaWiki</application>, run the following command "
20294
"in the command prompt:"
20295
msgstr ""
20296
"คุณสามารถติดตั้งโปรแกรม <application>MediaWiki</application> "
20297
"ได้โดยพิมพ์คำสั่งดังนี้:"
20298
20299
#: serverguide/C/lamp-applications.xml:303(command)
20300
msgid "sudo apt-get install mediawiki php5-gd"
20301
msgstr "sudo apt-get install mediawiki php5-gd"
20302
20303
#: serverguide/C/lamp-applications.xml:306(para)
20304
msgid ""
20305
"For additional <application>MediaWiki</application> functionality see the "
20306
"<application>mediawiki-extensions</application> package."
20307
msgstr ""
20308
20309
#: serverguide/C/lamp-applications.xml:316(para)
20310
msgid ""
20311
"The Apache configuration file <filename>mediawiki.conf</filename> for "
20312
"MediaWiki is installed in <filename>/etc/apache2/conf.d/</filename> "
20313
"directory. You should uncomment the following line in this file to access "
20314
"MediaWiki application."
20315
msgstr ""
20316
20317
#: serverguide/C/lamp-applications.xml:324(screen)
20318
#, no-wrap
20319
msgid ""
20320
"\n"
20321
"# Alias /mediawiki /var/lib/mediawiki\n"
20322
msgstr ""
20323
20324
#: serverguide/C/lamp-applications.xml:328(para)
20325
msgid ""
20326
"After you uncomment the above line, restart Apache server and access "
20327
"MediaWiki using the following url:"
20328
msgstr ""
20329
20330
#: serverguide/C/lamp-applications.xml:333(programlisting)
20331
#, no-wrap
20332
msgid ""
20333
"\n"
20334
"http://localhost/mediawiki/config/index.php\n"
20335
msgstr ""
20336
"\n"
20337
"http://localhost/mediawiki/config/index.php\n"
20338
20339
#: serverguide/C/lamp-applications.xml:338(para)
20340
msgid ""
20341
"Please read the <quote>Checking environment...</quote> section in this page. "
20342
"You should be able to fix many issues by carefully reading this section."
20343
msgstr ""
20344
"กรุณาอ่านส่วน <quote>ตรวจสอบสภาพแวดล้อม...</quote> ในหน้านี้ด้วย "
20345
"คุณจะสามารถแก้ปัญหาหลายๆข้อได้จากการอ่านส่วนดังกล่าวอย่างละเอียด"
20346
20347
#: serverguide/C/lamp-applications.xml:345(para)
20348
msgid ""
20349
"Once the configuration is complete, you should copy the "
20350
"<filename>LocalSettings.php</filename> file to "
20351
"<filename>/etc/mediawiki</filename> directory:"
20352
msgstr ""
20353
20354
#: serverguide/C/lamp-applications.xml:352(command)
20355
msgid "sudo mv /var/lib/mediawiki/config/LocalSettings.php /etc/mediawiki/"
20356
msgstr ""
20357
20358
#: serverguide/C/lamp-applications.xml:355(para)
20359
msgid ""
20360
"You may also want to edit "
20361
"<filename>/etc/mediawiki/LocalSettings.php</filename> adjusting:"
20362
msgstr ""
20363
20364
#: serverguide/C/lamp-applications.xml:360(programlisting)
20365
#, no-wrap
20366
msgid ""
20367
"\n"
20368
"ini_set( 'memory_limit', '64M' );\n"
20369
msgstr ""
20370
20371
#: serverguide/C/lamp-applications.xml:367(title)
20372
msgid "Extensions"
20373
msgstr ""
20374
20375
#: serverguide/C/lamp-applications.xml:368(para)
20376
msgid ""
20377
"The extensions add new features and enhancements for the MediaWiki "
20378
"application. The extensions give wiki administrators and end users the "
20379
"ability to customize MediaWiki to their requirements."
20380
msgstr ""
20381
20382
#: serverguide/C/lamp-applications.xml:374(para)
20383
msgid ""
20384
"You can download MediaWiki extensions as an archive file or checkout from "
20385
"the Subversion repository. You should copy it to "
20386
"<filename>/var/lib/mediawiki/extensions</filename> directory. You should "
20387
"also add the following line at the end of file: "
20388
"<filename>/etc/mediawiki/LocalSettings.php</filename>."
20389
msgstr ""
20390
20391
#: serverguide/C/lamp-applications.xml:382(programlisting)
20392
#, no-wrap
20393
msgid ""
20394
"\n"
20395
"require_once \"$IP/extensions/ExtentionName/ExtentionName.php\";\n"
20396
msgstr ""
20397
20398
#: serverguide/C/lamp-applications.xml:392(para)
20399
msgid ""
20400
"For more details, please refer to the <ulink "
20401
"url=\"http://www.mediawiki.org\">MediaWiki</ulink> web site."
20402
msgstr ""
20403
"คุณสามารถอ่านรายละเอียดเพิ่มเติมได้จากเว็บ <ulink "
20404
"url=\"http://www.mediawiki.org\">MediaWiki</ulink>"
20405
20406
#: serverguide/C/lamp-applications.xml:398(para)
20407
msgid ""
20408
"The <ulink url=\"http://www.packtpub.com/Mediawiki/book\">MediaWiki "
20409
"Administrators’ Tutorial Guide</ulink> contains a wealth of information for "
20410
"new MediaWiki administrators."
20411
msgstr ""
20412
20413
#: serverguide/C/lamp-applications.xml:404(para)
20414
msgid ""
20415
"Also, the <ulink url=\"https://help.ubuntu.com/community/MediaWiki\">Ubuntu "
20416
"Wiki MediaWiki</ulink> page is a good resource."
20417
msgstr ""
20418
20419
#: serverguide/C/lamp-applications.xml:414(title)
20420
msgid "phpMyAdmin"
20421
msgstr ""
20422
20423
#: serverguide/C/lamp-applications.xml:416(para)
20424
msgid ""
20425
"<application>phpMyAdmin</application> is a LAMP application specifically "
20426
"written for administering <application>MySQL</application> servers. Written "
20427
"in <application>PHP</application>, and accessed through a web browser, "
20428
"phpMyAdmin provides a graphical interface for database administration tasks."
20429
msgstr ""
20430
20431
#: serverguide/C/lamp-applications.xml:425(para)
20432
msgid ""
20433
"Before installing <application>phpMyAdmin</application> you will need access "
20434
"to a <application>MySQL</application> database either on the same host as "
20435
"that phpMyAdmin is installed on, or on a host accessible over the network. "
20436
"For more information see <xref linkend=\"mysql\"/>. From a terminal prompt "
20437
"enter:"
20438
msgstr ""
20439
20440
#: serverguide/C/lamp-applications.xml:432(command)
20441
msgid "sudo apt-get install phpmyadmin"
20442
msgstr ""
20443
20444
#: serverguide/C/lamp-applications.xml:435(para)
20445
msgid ""
20446
"At the prompt choose which web server to be configured for "
20447
"<application>phpMyAdmin</application>. The rest of this section will use "
20448
"<application>Apache2</application> for the web server."
20449
msgstr ""
20450
20451
#: serverguide/C/lamp-applications.xml:440(para)
20452
msgid ""
20453
"In a browser go to <emphasis>http://servername/phpmyadmin</emphasis>, "
20454
"replacing <emphasis role=\"italic\">serveranme</emphasis> with the server's "
20455
"actual hostname. At the login, page enter <emphasis>root</emphasis> for the "
20456
"<emphasis>username</emphasis>, or another <application>MySQL</application> "
20457
"user if you any setup, and enter the <application>MySQL</application> user's "
20458
"password."
20459
msgstr ""
20460
20461
#: serverguide/C/lamp-applications.xml:447(para)
20462
msgid ""
20463
"Once logged in you can reset the <emphasis>root</emphasis> password if "
20464
"needed, create users, create/destroy databases and tables, etc."
20465
msgstr ""
20466
20467
#: serverguide/C/lamp-applications.xml:455(para)
20468
msgid ""
20469
"The configuration files for <application>phpMyAdmin</application> are "
20470
"located in <filename>/etc/phpmyadmin</filename>. The main configuration file "
20471
"is <filename>/etc/phpmyadmin/config.inc.php</filename>. This file contains "
20472
"configuration options that apply globally to "
20473
"<application>phpMyAdmin</application>."
20474
msgstr ""
20475
20476
#: serverguide/C/lamp-applications.xml:461(para)
20477
msgid ""
20478
"To use <application>phpMyAdmin</application> to administer a MySQL database "
20479
"hosted on another server, adjust the following in "
20480
"<filename>/etc/phpmyadmin/config.inc.php</filename>:"
20481
msgstr ""
20482
20483
#: serverguide/C/lamp-applications.xml:466(programlisting)
20484
#, no-wrap
20485
msgid ""
20486
"\n"
20487
"$cfg['Servers'][$i]['host'] = 'db_server';\n"
20488
msgstr ""
20489
20490
#: serverguide/C/lamp-applications.xml:471(para)
20491
msgid ""
20492
"Replace <emphasis role=\"italic\">db_server</emphasis> with the actual "
20493
"remote database server name or IP address. Also, be sure that the "
20494
"<application>phpMyAdmin</application> host has permissions to access the "
20495
"remote database."
20496
msgstr ""
20497
20498
#: serverguide/C/lamp-applications.xml:477(para)
20499
msgid ""
20500
"Once configured, log out of <application>phpMyAdmin</application> and back "
20501
"in, and you should be accessing the new server."
20502
msgstr ""
20503
20504
#: serverguide/C/lamp-applications.xml:481(para)
20505
msgid ""
20506
"The <filename>config.header.inc.php</filename> and "
20507
"<filename>config.footer.inc.php</filename> files are used to add a HTML "
20508
"header and footer to <application>phpMyAdmin</application>."
20509
msgstr ""
20510
20511
#: serverguide/C/lamp-applications.xml:486(para)
20512
msgid ""
20513
"Another important configuration file is "
20514
"<filename>/etc/phpmyadmin/apache.conf</filename>, this file is symlinked to "
20515
"<filename>/etc/apache2/conf.d/phpmyadmin.conf</filename>, and is used to "
20516
"configure <application>Apache2</application> to serve the "
20517
"<application>phpMyAdmin</application> site. The file contains directives for "
20518
"loading <application>PHP</application>, directory permissions, etc. For more "
20519
"information on configuring <application>Apache2</application> see <xref "
20520
"linkend=\"httpd\"/>."
20521
msgstr ""
20522
20523
#: serverguide/C/lamp-applications.xml:500(para)
20524
msgid ""
20525
"The <application>phpMyAdmin</application> documentation comes installed with "
20526
"the package and can be accessed from the <emphasis>phpMyAdmin "
20527
"Documentation</emphasis> link (a question mark with a box around it) under "
20528
"the phpMyAdmin logo. The official docs can also be access on the <ulink "
20529
"url=\"http://www.phpmyadmin.net/home_page/docs.php\">phpMyAdmin</ulink> site."
20530
msgstr ""
20531
20532
#: serverguide/C/lamp-applications.xml:507(para)
20533
msgid ""
20534
"Also, <ulink url=\"http://www.packtpub.com/phpmyadmin-3rd-"
20535
"edition/book\">Mastering phpMyAdmin</ulink> is a great resource."
20536
msgstr ""
20537
20538
#: serverguide/C/lamp-applications.xml:512(para)
20539
msgid ""
20540
"A third resource is the <ulink "
20541
"url=\"https://help.ubuntu.com/community/phpMyAdmin\">phpMyAdmin Ubuntu "
20542
"Wiki</ulink> page."
20543
msgstr ""
20544
20545
#: serverguide/C/introduction.xml:14(para)
20546
msgid "Welcome to the <emphasis>Ubuntu Server Guide</emphasis>!"
20547
msgstr ""
20548
20549
#: serverguide/C/introduction.xml:15(para)
20550
msgid ""
20551
"Here you can find information on how to install and configure various server "
20552
"applications. It is a step-by-step, task-oriented guide for configuring and "
20553
"customizing your system."
20554
msgstr ""
20555
20556
#: serverguide/C/introduction.xml:19(para)
20557
msgid ""
20558
"This guide assumes you have a basic understanding of your Ubuntu system. "
20559
"Some installation details are covered in <xref linkend=\"installation\"/>, "
20560
"but if you need detailed instructions installing Ubuntu please refer to the "
20561
"<ulink url=\"https://help.ubuntu.com/10.04 LTS/installation-guide/\">Ubuntu "
20562
"Installation Guide</ulink>."
20563
msgstr ""
20564
20565
#: serverguide/C/introduction.xml:25(para)
20566
msgid ""
20567
"A HTML version of the manual is available online at <ulink "
20568
"url=\"http://help.ubuntu.com\">the Ubuntu Documentation website</ulink>. The "
20569
"HTML files are also available in the <application>ubuntu-"
20570
"serverguide</application> package. See <xref linkend=\"package-"
20571
"management\"/> for details on installing packages."
20572
msgstr ""
20573
20574
#: serverguide/C/introduction.xml:32(para)
20575
msgid ""
20576
"If you choose to install the <application>ubuntu-serverguide</application> "
20577
"you can view this document from a console by:"
20578
msgstr ""
20579
20580
#: serverguide/C/introduction.xml:36(command)
20581
msgid "w3m /usr/share/ubuntu-serverguide/html/C/index.html"
20582
msgstr ""
20583
20584
#: serverguide/C/introduction.xml:39(para)
20585
msgid ""
20586
"If you are using a localized version of Ubuntu, replace "
20587
"<emphasis>C</emphasis> with your language localization (e.g. "
20588
"<emphasis>en_GB</emphasis>)."
20589
msgstr ""
20590
20591
#: serverguide/C/introduction.xml:53(title)
20592
msgid "Support"
20593
msgstr ""
20594
20595
#: serverguide/C/introduction.xml:55(para)
20596
msgid ""
20597
"There are a couple of different ways that Ubuntu Server Edition is "
20598
"supported, commercial support and community support. The main commercial "
20599
"support (and development funding) is available from Canonical Ltd. They "
20600
"supply reasonably priced support contracts on a per desktop or per server "
20601
"basis. For more information see the <ulink "
20602
"url=\"http://www.canonical.com/services/support\">Canonical Services</ulink> "
20603
"page."
20604
msgstr ""
20605
20606
#: serverguide/C/introduction.xml:62(para)
20607
msgid ""
20608
"Community support is also provided by dedicated individuals, and companies, "
20609
"that wish to make Ubuntu the best distribution possible. Support is provided "
20610
"through multiple mailing lists, IRC channels, forums, blogs, wikis, etc. The "
20611
"large amount of information available can be overwhelming, but a good search "
20612
"engine query can usually provide an answer to your questions. See the <ulink "
20613
"url=\"http://www.ubuntu.com/support\">Ubuntu Support</ulink> page for more "
20614
"information."
20615
msgstr ""
20616
20617
#: serverguide/C/installation.xml:14(para)
20618
msgid ""
20619
"This chapter provides a quick overview of installing Ubuntu 10.04 LTS Server "
20620
"Edition. For more detailed instructions, please refer to the <ulink "
20621
"url=\"https://help.ubuntu.com/10.04 LTS/installation-guide/\">Ubuntu "
20622
"Installation Guide</ulink>."
20623
msgstr ""
20624
20625
#: serverguide/C/installation.xml:19(title)
20626
msgid "Preparing to Install"
20627
msgstr ""
20628
20629
#: serverguide/C/installation.xml:20(para)
20630
msgid ""
20631
"This section explains various aspects to consider before starting the "
20632
"installation."
20633
msgstr ""
20634
20635
#: serverguide/C/installation.xml:24(title)
20636
msgid "System Requirements"
20637
msgstr ""
20638
20639
#: serverguide/C/installation.xml:25(para)
20640
msgid ""
20641
"Ubuntu 10.04 LTS Server Edition supports two (2) major architectures: Intel "
20642
"x86 and AMD64. The table below lists recommended hardware specifications. "
20643
"Depending on your needs, you might manage with less than this. However, most "
20644
"users risk being frustrated if they ignore these suggestions."
20645
msgstr ""
20646
20647
#: serverguide/C/installation.xml:27(title)
20648
msgid "Recommended Minimum Requirements"
20649
msgstr ""
20650
20651
#: serverguide/C/installation.xml:35(para)
20652
msgid "Install Type"
20653
msgstr ""
20654
20655
#: serverguide/C/installation.xml:36(para)
20656
msgid "RAM"
20657
msgstr ""
20658
20659
#: serverguide/C/installation.xml:37(para)
20660
msgid "Hard Drive Space"
20661
msgstr ""
20662
20663
#: serverguide/C/installation.xml:40(para)
20664
msgid "Base System"
20665
msgstr ""
20666
20667
#: serverguide/C/installation.xml:41(para)
20668
msgid "All Tasks Installed"
20669
msgstr ""
20670
20671
#: serverguide/C/installation.xml:46(para)
20672
msgid "Server"
20673
msgstr "เซิร์ฟเวอร์"
20674
20675
#: serverguide/C/installation.xml:47(para)
20676
msgid "128 megabytes"
20677
msgstr ""
20678
20679
#: serverguide/C/installation.xml:48(para)
20680
msgid "500 megabytes"
20681
msgstr ""
20682
20683
#: serverguide/C/installation.xml:49(para)
20684
msgid "1 gigabyte"
20685
msgstr ""
20686
20687
#: serverguide/C/installation.xml:54(para)
20688
msgid ""
20689
"The Server Edition provides a common base for all sorts of server "
20690
"applications. It is a minimalist design providing a platform for the desired "
20691
"services, such as file/print services, web hosting, email hosting, etc."
20692
msgstr ""
20693
20694
#: serverguide/C/installation.xml:60(para)
20695
msgid ""
20696
"The requirements for UEC are slightly different for Front End requirements "
20697
"see <xref linkend=\"uec-frontend-requirements\"/> and for UEC Node "
20698
"requirements see <xref linkend=\"uec-node-requirements\"/>."
20699
msgstr ""
20700
20701
#: serverguide/C/installation.xml:68(title)
20702
msgid "Server and Desktop Differences"
20703
msgstr ""
20704
20705
#: serverguide/C/installation.xml:69(para)
20706
msgid ""
20707
"There are a few differences between the <emphasis>Ubuntu Server "
20708
"Edition</emphasis> and the <emphasis>Ubuntu Desktop Edition</emphasis>. It "
20709
"should be noted that both editions use the same "
20710
"<application>apt</application> repositories. Making it just as easy to "
20711
"install a <emphasis role=\"italic\">server</emphasis> application on the "
20712
"Desktop Edition as it is on the Server Edition."
20713
msgstr ""
20714
20715
#: serverguide/C/installation.xml:75(para)
20716
msgid ""
20717
"The differences between the two editions are the lack of an X window "
20718
"environment in the Server Edition, the installation process, and different "
20719
"Kernel options."
20720
msgstr ""
20721
20722
#: serverguide/C/installation.xml:82(title)
20723
msgid "Kernel Differences:"
20724
msgstr ""
20725
20726
#: serverguide/C/installation.xml:85(para)
20727
msgid ""
20728
"The Server Edition uses the <emphasis>Deadline</emphasis> I/O scheduler "
20729
"instead of the <emphasis>CFQ</emphasis> scheduler used by the Desktop "
20730
"Edition."
20731
msgstr ""
20732
20733
#: serverguide/C/installation.xml:91(para)
20734
msgid "<emphasis>Preemption</emphasis> is turned off in the Server Edition."
20735
msgstr ""
20736
20737
#: serverguide/C/installation.xml:96(para)
20738
msgid ""
20739
"The timer interrupt is 100 Hz in the Server Edition and 250 Hz in the "
20740
"Desktop Edition."
20741
msgstr ""
20742
20743
#: serverguide/C/installation.xml:102(para)
20744
msgid ""
20745
"When running a 64-bit version of Ubuntu on 64-bit processors you are not "
20746
"limited by memory addressing space."
20747
msgstr ""
20748
20749
#: serverguide/C/installation.xml:107(para)
20750
msgid ""
20751
"To see all kernel configuration options you can look through "
20752
"<filename>/boot/config-2.6.31-server</filename>. Also, <ulink "
20753
"url=\"http://www.kroah.com/lkn/\">Linux Kernel in a Nutshell</ulink> is a "
20754
"great resource on the options available."
20755
msgstr ""
20756
20757
#: serverguide/C/installation.xml:116(title)
20758
msgid "Backing Up"
20759
msgstr ""
20760
20761
#: serverguide/C/installation.xml:119(para)
20762
msgid ""
20763
"Before installing <application>Ubuntu Server Edition</application> you "
20764
"should make sure all data on the system is backed up. See <xref "
20765
"linkend=\"backups\"/> for backup options."
20766
msgstr ""
20767
20768
#: serverguide/C/installation.xml:123(para)
20769
msgid ""
20770
"If this is not the first time an operating system has been installed on your "
20771
"computer, it is likely you will need to re-partition your disk to make room "
20772
"for Ubuntu."
20773
msgstr ""
20774
20775
#: serverguide/C/installation.xml:127(para)
20776
msgid ""
20777
"Any time you partition your disk, you should be prepared to lose everything "
20778
"on the disk should you make a mistake or something goes wrong during "
20779
"partitioning. The programs used in installation are quite reliable, most "
20780
"have seen years of use, but they also perform destructive actions."
20781
msgstr ""
20782
20783
#: serverguide/C/installation.xml:139(title)
20784
msgid "Installing from CD"
20785
msgstr ""
20786
20787
#: serverguide/C/installation.xml:140(para)
20788
msgid ""
20789
"The basic steps to install Ubuntu Server Edition from CD are the same for "
20790
"installing any operating system from CD. Unlike the <emphasis>Desktop "
20791
"Edition</emphasis> the <emphasis>Server Edition</emphasis> does not include "
20792
"a graphical installation program. Instead the Server Edition uses a console "
20793
"menu based process."
20794
msgstr ""
20795
20796
#: serverguide/C/installation.xml:147(para)
20797
msgid ""
20798
"First, download and burn the appropriate ISO file from the <ulink "
20799
"url=\"http://www.ubuntu.com/getubuntu/download\"> Ubuntu web site</ulink>."
20800
msgstr ""
20801
20802
#: serverguide/C/installation.xml:153(para)
20803
msgid "Boot the system from the CD-ROM drive."
20804
msgstr ""
20805
20806
#: serverguide/C/installation.xml:158(para)
20807
msgid ""
20808
"At the boot prompt you will be asked to select the language. Afterwards the "
20809
"installation process begins by asking for your keyboard layout."
20810
msgstr ""
20811
20812
#: serverguide/C/installation.xml:164(para)
20813
msgid ""
20814
"From the main boot menu there are some additional options to install Ubuntu "
20815
"Server Edition. You can install a basic Ubuntu Server, or install Ubuntu "
20816
"Server as part of a <emphasis>Ubuntu Enterprise Cloud</emphasis>. For more "
20817
"information on UEC see <xref linkend=\"uec\"/>. The rest of this section "
20818
"will cover the basic Ubuntu Server install."
20819
msgstr ""
20820
20821
#: serverguide/C/installation.xml:172(para)
20822
msgid ""
20823
"The installer then discovers your hardware configuration, and configures the "
20824
"network settings using DHCP. If you do not wish to use DHCP at the next "
20825
"screen choose \"Go Back\", and you have the option to \"Configure the "
20826
"network manually\"."
20827
msgstr ""
20828
20829
#: serverguide/C/installation.xml:179(para)
20830
msgid "Next, the installer asks for the system's hostname and Time Zone."
20831
msgstr ""
20832
20833
#: serverguide/C/installation.xml:184(para)
20834
msgid ""
20835
"You can then choose from several options to configure the hard drive layout. "
20836
"For advanced disk options see <xref linkend=\"advanced-installation\"/>."
20837
msgstr ""
20838
20839
#: serverguide/C/installation.xml:190(para)
20840
msgid "The Ubuntu base system is then installed."
20841
msgstr ""
20842
20843
#: serverguide/C/installation.xml:195(para)
20844
msgid ""
20845
"A new user is setup, this user will have <emphasis>root</emphasis> access "
20846
"through the <application>sudo</application> utility."
20847
msgstr ""
20848
20849
#: serverguide/C/installation.xml:201(para)
20850
msgid ""
20851
"After the user is setup, you will be asked to encrypt your <filename "
20852
"role=\"directory\">home</filename> directory."
20853
msgstr ""
20854
20855
#: serverguide/C/installation.xml:207(para)
20856
msgid ""
20857
"The next step in the installation process is to decide how you want to "
20858
"update the system. There are three options:"
20859
msgstr ""
20860
20861
#: serverguide/C/installation.xml:213(para)
20862
msgid ""
20863
"<emphasis>No automatic updates</emphasis>: this requires an administrator to "
20864
"log into the machine and manually install updates."
20865
msgstr ""
20866
20867
#: serverguide/C/installation.xml:219(para)
20868
msgid ""
20869
"<emphasis>Install security updates Automatically</emphasis>: will install "
20870
"the <application>unattended-upgrades</application> package, which will "
20871
"install security updates without the intervention of an administrator. For "
20872
"more details see <xref linkend=\"automatic-updates\"/>."
20873
msgstr ""
20874
20875
#: serverguide/C/installation.xml:226(para)
20876
msgid ""
20877
"<emphasis>Manage the system with Landscape</emphasis>: Landscape is a paid "
20878
"service provided by Canonical to help manage your Ubuntu machines. See the "
20879
"<ulink url=\"http://www.canonical.com/projects/landscape\">Landscape</ulink> "
20880
"site for details."
20881
msgstr ""
20882
20883
#: serverguide/C/installation.xml:235(para)
20884
msgid ""
20885
"You now have the option to install, or not install, several package tasks. "
20886
"See <xref linkend=\"install-tasks\"/> for details. Also, there is an option "
20887
"to launch <application>aptitude</application> to choose specific packages to "
20888
"install. For more information see <xref linkend=\"aptitude\"/>."
20889
msgstr ""
20890
20891
#: serverguide/C/installation.xml:243(para)
20892
msgid "Finally, the last step before rebooting is to set the clock to UTC."
20893
msgstr ""
20894
20895
#: serverguide/C/installation.xml:249(para)
20896
msgid ""
20897
"If at any point during installation you are not satisfied by the default "
20898
"setting, use the \"Go Back\" function at any prompt to be brought to a "
20899
"detailed installation menu that will allow you to modify the default "
20900
"settings."
20901
msgstr ""
20902
20903
#: serverguide/C/installation.xml:254(para)
20904
msgid ""
20905
"At some point during the installation process you may want to read the help "
20906
"screen provided by the installation system. To do this, press F1."
20907
msgstr ""
20908
20909
#: serverguide/C/installation.xml:259(para)
20910
msgid ""
20911
"Once again, for detailed instructions see the <ulink "
20912
"url=\"https://help.ubuntu.com/10.04 LTS/installation-guide/\"> Ubuntu "
20913
"Installation Guide</ulink>."
20914
msgstr ""
20915
20916
#: serverguide/C/installation.xml:265(title)
20917
msgid "Package Tasks"
20918
msgstr ""
20919
20920
#: serverguide/C/installation.xml:266(para)
20921
msgid ""
20922
"During the Server Edition installation you have the option of installing "
20923
"additional packages from the CD. The packages are grouped by the type of "
20924
"service they provide."
20925
msgstr ""
20926
20927
#: serverguide/C/installation.xml:272(para)
20928
msgid "Cloud computing: Walrus storage service"
20929
msgstr ""
20930
20931
#: serverguide/C/installation.xml:277(para)
20932
msgid "Cloud computing: all-in-one cluster"
20933
msgstr ""
20934
20935
#: serverguide/C/installation.xml:282(para)
20936
msgid "Cloud computing: Cluster controller"
20937
msgstr ""
20938
20939
#: serverguide/C/installation.xml:287(para)
20940
msgid "Cloud computing: Node controller"
20941
msgstr ""
20942
20943
#: serverguide/C/installation.xml:292(para)
20944
msgid "Cloud computing: Storage controller"
20945
msgstr ""
20946
20947
#: serverguide/C/installation.xml:297(para)
20948
msgid "Cloud computing: top-level cloud controller"
20949
msgstr ""
20950
20951
#: serverguide/C/installation.xml:302(para)
20952
msgid "DNS server: Selects the BIND DNS server and its documentation."
20953
msgstr ""
20954
20955
#: serverguide/C/installation.xml:307(para)
20956
msgid "LAMP server: Selects a ready-made Linux/Apache/MySQL/PHP server."
20957
msgstr ""
20958
20959
#: serverguide/C/installation.xml:312(para)
20960
msgid ""
20961
"Mail server: This task selects a variety of package useful for a general "
20962
"purpose mail server system."
20963
msgstr ""
20964
20965
#: serverguide/C/installation.xml:317(para)
20966
msgid "OpenSSH server: Selects packages needed for an OpenSSH server."
20967
msgstr ""
20968
20969
#: serverguide/C/installation.xml:322(para)
20970
msgid ""
20971
"PostgreSQL database: This task selects client and server packages for the "
20972
"PostgreSQL database."
20973
msgstr ""
20974
20975
#: serverguide/C/installation.xml:327(para)
20976
msgid "Print server: This task sets up your system to be a print server."
20977
msgstr ""
20978
20979
#: serverguide/C/installation.xml:332(para)
20980
msgid ""
20981
"Samba File server: This task sets up your system to be a Samba file server, "
20982
"which is especially suitable in networks with both Windows and Linux systems."
20983
msgstr ""
20984
20985
#: serverguide/C/installation.xml:338(para)
20986
msgid ""
20987
"Tomcat server: Installs the Apache Tomcat and needed dependencies Java, gcj, "
20988
"etc."
20989
msgstr ""
20990
20991
#: serverguide/C/installation.xml:343(para)
20992
msgid ""
20993
"Virtual machine host: Includes packages needed to run KVM virtual machines."
20994
msgstr ""
20995
20996
#: serverguide/C/installation.xml:348(para)
20997
msgid ""
20998
"Manually select packages: Executes <application>apptitude</application> "
20999
"allowing you to individually select packages."
21000
msgstr ""
21001
21002
#: serverguide/C/installation.xml:353(para)
21003
msgid ""
21004
"Installing the package groups is accomplished using the "
21005
"<application>tasksel</application> utility. One of the important difference "
21006
"between Ubuntu (or Debian) and other GNU/Linux distribution is that, when "
21007
"installed, a package is also configured to reasonable defaults, eventually "
21008
"prompting you for additional required information. Likewise, when installing "
21009
"a task, the packages are not only installed, but also configured to provided "
21010
"a fully integrated service."
21011
msgstr ""
21012
21013
#: serverguide/C/installation.xml:360(para)
21014
msgid ""
21015
"For more information on the <emphasis>Cloud Computing</emphasis> tasks see "
21016
"<xref linkend=\"uec\"/>."
21017
msgstr ""
21018
21019
#: serverguide/C/installation.xml:363(para)
21020
msgid ""
21021
"Once the installation process has finished you can view a list of available "
21022
"tasks by entering the following from a terminal prompt:"
21023
msgstr ""
21024
21025
#: serverguide/C/installation.xml:368(command)
21026
msgid "tasksel --list-tasks"
21027
msgstr ""
21028
21029
#: serverguide/C/installation.xml:371(para)
21030
msgid ""
21031
"The output will list tasks from other Ubuntu based distributions such as "
21032
"Kubuntu and Edubuntu. Note that you can also invoke the "
21033
"<command>tasksel</command> command by itself, which will bring up a menu of "
21034
"the different tasks available."
21035
msgstr ""
21036
21037
#: serverguide/C/installation.xml:377(para)
21038
msgid ""
21039
"You can view a list of which packages are installed with each task using the "
21040
"<emphasis>--task-packages</emphasis> option. For example, to list the "
21041
"packages installed with the <emphasis>DNS Server</emphasis> task enter the "
21042
"following:"
21043
msgstr ""
21044
21045
#: serverguide/C/installation.xml:382(command)
21046
msgid "tasksel --task-packages dns-server"
21047
msgstr ""
21048
21049
#: serverguide/C/installation.xml:384(para)
21050
msgid "The output of the command should list:"
21051
msgstr ""
21052
21053
#: serverguide/C/installation.xml:387(programlisting)
21054
#, no-wrap
21055
msgid ""
21056
"\n"
21057
"bind9-doc \n"
21058
"bind9utils \n"
21059
"bind9\n"
21060
msgstr ""
21061
21062
#: serverguide/C/installation.xml:392(para)
21063
msgid ""
21064
"Also, if you did not install one of the tasks during the installation "
21065
"process, but for example you decide to make your new LAMP server a DNS "
21066
"server as well. Simply insert the installation CD and from a terminal:"
21067
msgstr ""
21068
21069
#: serverguide/C/installation.xml:397(command)
21070
msgid "sudo tasksel install dns-server"
21071
msgstr ""
21072
21073
#: serverguide/C/installation.xml:402(title)
21074
msgid "Upgrading"
21075
msgstr ""
21076
21077
#: serverguide/C/installation.xml:403(para)
21078
msgid ""
21079
"There are several ways to upgrade from one Ubuntu release to another. This "
21080
"section gives an overview of the recommended upgrade method."
21081
msgstr ""
21082
21083
#: serverguide/C/installation.xml:407(title) serverguide/C/installation.xml:422(command)
21084
msgid "do-release-upgrade"
21085
msgstr ""
21086
21087
#: serverguide/C/installation.xml:408(para)
21088
msgid ""
21089
"The recommended way to upgrade a Server Edition installation is to use the "
21090
"<application>do-release-upgrade</application> utility. Part of the "
21091
"<emphasis>update-manager-core</emphasis> package, it does not have any "
21092
"graphical dependencies and is installed by default."
21093
msgstr ""
21094
21095
#: serverguide/C/installation.xml:413(para)
21096
msgid ""
21097
"Debian based systems can also be upgraded by using <command>apt-get dist-"
21098
"upgrade</command>. However, using <application>do-release-"
21099
"upgrade</application> is recommended because it has the ability to handle "
21100
"system configuration changes sometimes needed between releases."
21101
msgstr ""
21102
21103
#: serverguide/C/installation.xml:418(para)
21104
msgid "To upgrade to a newer release, from a terminal prompt enter:"
21105
msgstr ""
21106
21107
#: serverguide/C/installation.xml:424(para)
21108
msgid ""
21109
"It is also possible to use <application>do-release-upgrade</application> to "
21110
"upgrade to a development version of Ubuntu. To accomplish this use the "
21111
"<emphasis>-d</emphasis> switch:"
21112
msgstr ""
21113
21114
#: serverguide/C/installation.xml:429(command)
21115
msgid "do-release-upgrade -d"
21116
msgstr ""
21117
21118
#: serverguide/C/installation.xml:432(para)
21119
msgid ""
21120
"Upgrading to a development release is <emphasis>not</emphasis> recommended "
21121
"for production environments."
21122
msgstr ""
21123
21124
#: serverguide/C/installation.xml:439(title)
21125
msgid "Advanced Installation"
21126
msgstr ""
21127
21128
#: serverguide/C/installation.xml:442(title)
21129
msgid "Software RAID"
21130
msgstr ""
21131
21132
#: serverguide/C/installation.xml:444(para)
21133
msgid ""
21134
"RAID is a method of configuring multiple hard drives to act as one, reducing "
21135
"the probability of catastrophic data loss in case of drive failure. RAID is "
21136
"implemented in either software (where the operating system knows about both "
21137
"drives and actively maintains both of them) or hardware (where a special "
21138
"controller makes the OS think there's only one drive and maintains the "
21139
"drives 'invisibly')."
21140
msgstr ""
21141
21142
#: serverguide/C/installation.xml:451(para)
21143
msgid ""
21144
"The RAID software included with current versions of Linux (and Ubuntu) is "
21145
"based on the <application>'mdadm'</application> driver and works very well, "
21146
"better even than many so-called 'hardware' RAID controllers. This section "
21147
"will guide you through installing Ubuntu Server Edition using two RAID1 "
21148
"partitions on two physical hard drives, one for <emphasis>/</emphasis> and "
21149
"another for <emphasis>swap</emphasis>."
21150
msgstr ""
21151
21152
#: serverguide/C/installation.xml:461(para) serverguide/C/installation.xml:975(para)
21153
msgid ""
21154
"Follow the installation steps until you get to the <emphasis>Partition "
21155
"disks</emphasis> step, then:"
21156
msgstr ""
21157
21158
#: serverguide/C/installation.xml:468(para)
21159
msgid "Select <emphasis>Manual</emphasis> as the partition method."
21160
msgstr ""
21161
21162
#: serverguide/C/installation.xml:475(para)
21163
msgid ""
21164
"Select the first hard drive, and agree to <emphasis>\"Create a new empty "
21165
"partition table on this device?\"</emphasis>."
21166
msgstr ""
21167
21168
#: serverguide/C/installation.xml:479(para)
21169
msgid ""
21170
"Repeat this step for each drive you wish to be part of the RAID array."
21171
msgstr ""
21172
21173
#: serverguide/C/installation.xml:486(para)
21174
msgid ""
21175
"Select the <emphasis>\"FREE SPACE\"</emphasis> on the first drive then "
21176
"select <emphasis>\"Create a new partition\"</emphasis>."
21177
msgstr ""
21178
21179
#: serverguide/C/installation.xml:493(para)
21180
msgid ""
21181
"Next, select the <emphasis>Size</emphasis> of the partition. This partition "
21182
"will be the <emphasis>swap</emphasis> partition, and a general rule for swap "
21183
"size is twice that of RAM. Enter the partition size, then choose "
21184
"<emphasis>Primary</emphasis>, then <emphasis>Beginning</emphasis>."
21185
msgstr ""
21186
21187
#: serverguide/C/installation.xml:502(para)
21188
msgid ""
21189
"Select the <emphasis>\"Use as:\"</emphasis> line at the top. By default this "
21190
"is <emphasis role=\"italic\">\"Ext4 journaling file system\"</emphasis>, "
21191
"change that to <emphasis>\"physical volume for RAID\"</emphasis> then "
21192
"<emphasis>\"Done setting up partition\"</emphasis>."
21193
msgstr ""
21194
21195
#: serverguide/C/installation.xml:511(para)
21196
msgid ""
21197
"For the <emphasis>/</emphasis> partition once again select <emphasis>\"Free "
21198
"Space\"</emphasis> on the first drive then <emphasis>\"Create a new "
21199
"partition\"</emphasis>."
21200
msgstr ""
21201
21202
#: serverguide/C/installation.xml:519(para)
21203
msgid ""
21204
"Use the rest of the free space on the drive and choose "
21205
"<emphasis>Continue</emphasis>, then <emphasis>Primary</emphasis>."
21206
msgstr ""
21207
21208
#: serverguide/C/installation.xml:526(para)
21209
msgid ""
21210
"As with the swap partition, select the <emphasis>\"Use as:\"</emphasis> line "
21211
"at the top, changing it to <emphasis>\"physical volume for "
21212
"RAID\"</emphasis>. Also select the <emphasis>\"Bootable flag:\"</emphasis> "
21213
"line to change the value to <emphasis>\"on\"</emphasis>. Then choose "
21214
"<emphasis>\"Done setting up partition\"</emphasis>."
21215
msgstr ""
21216
21217
#: serverguide/C/installation.xml:536(para)
21218
msgid "Repeat steps three through eight for the other disk and partitions."
21219
msgstr ""
21220
21221
#: serverguide/C/installation.xml:545(title)
21222
msgid "RAID Configuration"
21223
msgstr ""
21224
21225
#: serverguide/C/installation.xml:547(para)
21226
msgid "With the partitions setup the arrays are ready to be configured:"
21227
msgstr ""
21228
21229
#: serverguide/C/installation.xml:554(para)
21230
msgid ""
21231
"Back in the main \"Partition Disks\" page, select <emphasis>\"Configure "
21232
"Software RAID\"</emphasis> at the top."
21233
msgstr ""
21234
21235
#: serverguide/C/installation.xml:561(para)
21236
msgid "Select <emphasis>\"yes\"</emphasis> to write the changes to disk."
21237
msgstr ""
21238
21239
#: serverguide/C/installation.xml:568(para)
21240
msgid "Choose <emphasis>\"Create MD device\"</emphasis>."
21241
msgstr ""
21242
21243
#: serverguide/C/installation.xml:575(para)
21244
msgid ""
21245
"For this example, select <emphasis>\"RAID1\"</emphasis>, but if you are "
21246
"using a different setup choose the appropriate type (RAID0 RAID1 RAID5)."
21247
msgstr ""
21248
21249
#: serverguide/C/installation.xml:581(para)
21250
msgid ""
21251
"In order to use <emphasis>RAID5</emphasis> you need at least "
21252
"<emphasis>three</emphasis> drives. Using RAID0 or RAID1 only "
21253
"<emphasis>two</emphasis> drives are required."
21254
msgstr ""
21255
21256
#: serverguide/C/installation.xml:590(para)
21257
msgid ""
21258
"Enter the number of active devices <emphasis>\"2\"</emphasis>, or the amount "
21259
"of hard drives you have, for the array. Then select "
21260
"<emphasis>\"Continue\"</emphasis>."
21261
msgstr ""
21262
21263
#: serverguide/C/installation.xml:598(para)
21264
msgid ""
21265
"Next, enter the number of spare devices <emphasis>\"0\"</emphasis> by "
21266
"default, then choose <emphasis>\"Continue\"</emphasis>."
21267
msgstr ""
21268
21269
#: serverguide/C/installation.xml:605(para)
21270
msgid ""
21271
"Choose which partitions to use. Generally they will be sda1, sdb1, sdc1, "
21272
"etc. The numbers will usually match and the different letters correspond to "
21273
"different hard drives."
21274
msgstr ""
21275
21276
#: serverguide/C/installation.xml:610(para)
21277
msgid ""
21278
"For the <emphasis>swap</emphasis> partition choose <emphasis>sda1</emphasis> "
21279
"and <emphasis>sdb1</emphasis>. Select <emphasis>\"Continue\"</emphasis> to "
21280
"go to the next step."
21281
msgstr ""
21282
21283
#: serverguide/C/installation.xml:618(para)
21284
msgid ""
21285
"Repeat steps <emphasis>three</emphasis> through <emphasis>seven</emphasis> "
21286
"for the <emphasis>/</emphasis> partition choosing <emphasis>sda2</emphasis> "
21287
"and <emphasis>sdb2</emphasis>."
21288
msgstr ""
21289
21290
#: serverguide/C/installation.xml:626(para)
21291
msgid "Once done select <emphasis>\"Finish\"</emphasis>."
21292
msgstr ""
21293
21294
#: serverguide/C/installation.xml:636(title)
21295
msgid "Formatting"
21296
msgstr ""
21297
21298
#: serverguide/C/installation.xml:638(para)
21299
msgid ""
21300
"There should now be a list of hard drives and RAID devices. The next step is "
21301
"to format and set the mount point for the RAID devices. Treat the RAID "
21302
"device as a local hard drive, format and mount accordingly."
21303
msgstr ""
21304
21305
#: serverguide/C/installation.xml:646(para)
21306
msgid ""
21307
"Select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
21308
"#0\"</emphasis> partition."
21309
msgstr ""
21310
21311
#: serverguide/C/installation.xml:653(para)
21312
msgid ""
21313
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"swap "
21314
"area\"</emphasis>, then <emphasis>\"Done setting up partition\"</emphasis>."
21315
msgstr ""
21316
21317
#: serverguide/C/installation.xml:661(para)
21318
msgid ""
21319
"Next, select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
21320
"#1\"</emphasis> partition."
21321
msgstr ""
21322
21323
#: serverguide/C/installation.xml:668(para)
21324
msgid ""
21325
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"Ext4 "
21326
"journaling file system\"</emphasis>."
21327
msgstr ""
21328
21329
#: serverguide/C/installation.xml:675(para)
21330
msgid ""
21331
"Then select the <emphasis>\"Mount point\"</emphasis> and choose "
21332
"<emphasis>\"/ - the root file system\"</emphasis>. Change any of the other "
21333
"options as appropriate, then select <emphasis>\"Done setting up "
21334
"partition\"</emphasis>."
21335
msgstr ""
21336
21337
#: serverguide/C/installation.xml:683(para)
21338
msgid ""
21339
"Finally, select <emphasis>\"Finish partitioning and write changes to "
21340
"disk\"</emphasis>."
21341
msgstr ""
21342
21343
#: serverguide/C/installation.xml:690(para)
21344
msgid ""
21345
"If you choose to place the root partition on a RAID array, the installer "
21346
"will then ask if you would like to boot in a <emphasis>degraded</emphasis> "
21347
"state. See <xref linkend=\"raid-degraded\"/> for further details."
21348
msgstr ""
21349
21350
#: serverguide/C/installation.xml:695(para)
21351
msgid "The installation process will then continue normally."
21352
msgstr ""
21353
21354
#: serverguide/C/installation.xml:701(title)
21355
msgid "Degraded RAID"
21356
msgstr ""
21357
21358
#: serverguide/C/installation.xml:703(para)
21359
msgid ""
21360
"At some point in the life of the computer a disk failure event may occur. "
21361
"When this happens, using Software RAID, the operating system will place the "
21362
"array into what is known as a <emphasis>degraded</emphasis> state."
21363
msgstr ""
21364
21365
#: serverguide/C/installation.xml:708(para)
21366
msgid ""
21367
"If the array has become degraded, due to the chance of data corruption, by "
21368
"default Ubuntu Server Edition will boot to <emphasis>initramfs</emphasis> "
21369
"after thirty seconds. Once the initramfs has booted there is a fifteen "
21370
"second prompt giving you the option to go ahead and boot the system, or "
21371
"attempt manual recover. Booting to the initramfs prompt may or may not be "
21372
"the desired behavior, especially if the machine is in a remote location. "
21373
"Booting to a degraded array can be configured several ways:"
21374
msgstr ""
21375
21376
#: serverguide/C/installation.xml:719(para)
21377
msgid ""
21378
"The <application>dpkg-reconfigure</application> utility can be used to "
21379
"configure the default behavior, and during the process you will be queried "
21380
"about additional settings related to the array. Such as monitoring, email "
21381
"alerts, etc. To reconfigure <application>mdadm</application> enter the "
21382
"following:"
21383
msgstr ""
21384
21385
#: serverguide/C/installation.xml:726(command)
21386
msgid "sudo dpkg-reconfigure mdadm"
21387
msgstr ""
21388
21389
#: serverguide/C/installation.xml:732(para)
21390
msgid ""
21391
"The <command>dpkg-reconfigure mdadm</command> process will change the "
21392
"<filename>/etc/initramfs-tools/conf.d/mdadm</filename> configuration file. "
21393
"The file has the advantage of being able to pre-configure the system's "
21394
"behavior, and can also be manually edited:"
21395
msgstr ""
21396
21397
#: serverguide/C/installation.xml:738(programlisting)
21398
#, no-wrap
21399
msgid ""
21400
"\n"
21401
"BOOT_DEGRADED=true\n"
21402
msgstr ""
21403
21404
#: serverguide/C/installation.xml:743(para)
21405
msgid "The configuration file can be overridden by using a Kernel argument."
21406
msgstr ""
21407
21408
#: serverguide/C/installation.xml:751(para)
21409
msgid ""
21410
"Using a Kernel argument will allow the system to boot to a degraded array as "
21411
"well:"
21412
msgstr ""
21413
21414
#: serverguide/C/installation.xml:757(para)
21415
msgid ""
21416
"When the server is booting press <keycap>Shift</keycap> to open the "
21417
"<application>Grub</application> menu."
21418
msgstr ""
21419
21420
#: serverguide/C/installation.xml:762(para)
21421
msgid "Press <keycap>e</keycap> to edit your kernel command options."
21422
msgstr ""
21423
21424
#: serverguide/C/installation.xml:767(para)
21425
msgid "Press the <keycap>down</keycap> arrow to highlight the kernel line."
21426
msgstr ""
21427
21428
#: serverguide/C/installation.xml:772(para)
21429
msgid ""
21430
"Add <emphasis>\"bootdegraded=true\"</emphasis> (without the quotes) to the "
21431
"end of the line."
21432
msgstr ""
21433
21434
#: serverguide/C/installation.xml:777(para)
21435
msgid ""
21436
"Press <keycombo><keycap>Ctrl</keycap><keycap>x</keycap></keycombo> to boot "
21437
"the system."
21438
msgstr ""
21439
21440
#: serverguide/C/installation.xml:786(para)
21441
msgid ""
21442
"Once the system has booted you can either repair the array see <xref "
21443
"linkend=\"raid-maintenance\"/> for details, or copy important data to "
21444
"another machine due to major hardware failure."
21445
msgstr ""
21446
21447
#: serverguide/C/installation.xml:793(title)
21448
msgid "RAID Maintenance"
21449
msgstr ""
21450
21451
#: serverguide/C/installation.xml:795(para)
21452
msgid ""
21453
"The <application>mdadm</application> utility can be used to view the status "
21454
"of an array, add disks to an array, remove disks, etc:"
21455
msgstr ""
21456
21457
#: serverguide/C/installation.xml:802(para)
21458
msgid "To view the status of an array, from a terminal prompt enter:"
21459
msgstr ""
21460
21461
#: serverguide/C/installation.xml:806(command)
21462
msgid "sudo mdadm -D /dev/md0"
21463
msgstr ""
21464
21465
#: serverguide/C/installation.xml:809(para)
21466
msgid ""
21467
"The <emphasis>-D</emphasis> tells <application>mdadm</application> to "
21468
"display <emphasis>detailed</emphasis> information about the "
21469
"<filename>/dev/md0</filename> device. Replace <filename>/dev/md0</filename> "
21470
"with the appropriate RAID device."
21471
msgstr ""
21472
21473
#: serverguide/C/installation.xml:815(para)
21474
msgid "To view the status of a disk in an array:"
21475
msgstr ""
21476
21477
#: serverguide/C/installation.xml:819(command)
21478
msgid "sudo mdadm -E /dev/sda1"
21479
msgstr ""
21480
21481
#: serverguide/C/installation.xml:821(para)
21482
msgid ""
21483
"The output if very similar to the <command>mdadm -D</command> command, "
21484
"adjust <filename>/dev/sda1</filename> for each disk."
21485
msgstr ""
21486
21487
#: serverguide/C/installation.xml:826(para)
21488
msgid "If a disk fails and needs to be removed from an array enter:"
21489
msgstr ""
21490
21491
#: serverguide/C/installation.xml:830(command)
21492
msgid "sudo mdadm --remove /dev/md0 /dev/sda1"
21493
msgstr ""
21494
21495
#: serverguide/C/installation.xml:832(para)
21496
msgid ""
21497
"Change <filename>/dev/md0</filename> and <filename>/dev/sda1</filename> to "
21498
"the appropriate RAID device and disk."
21499
msgstr ""
21500
21501
#: serverguide/C/installation.xml:837(para)
21502
msgid "Similarly, to add a new disk:"
21503
msgstr ""
21504
21505
#: serverguide/C/installation.xml:841(command)
21506
msgid "sudo mdadm --add /dev/md0 /dev/sda1"
21507
msgstr ""
21508
21509
#: serverguide/C/installation.xml:846(para)
21510
msgid ""
21511
"Sometimes a disk can change to a <emphasis>faulty</emphasis> state even "
21512
"though there is nothing physically wrong with the drive. It is usually "
21513
"worthwhile to remove the drive from the array then re-add it. This will "
21514
"cause the drive to re-sync with the array. If the drive will not sync with "
21515
"the array, it is a good indication of hardware failure."
21516
msgstr ""
21517
21518
#: serverguide/C/installation.xml:852(para)
21519
msgid ""
21520
"The <filename>/proc/mdstat</filename> file also contains useful information "
21521
"about the system's RAID devices:"
21522
msgstr ""
21523
21524
#: serverguide/C/installation.xml:857(command)
21525
msgid "cat /proc/mdstat"
21526
msgstr ""
21527
21528
#: serverguide/C/installation.xml:858(computeroutput)
21529
#, no-wrap
21530
msgid ""
21531
"Personalities : [linear] [multipath] [raid0] [raid1] [raid6] [raid5] [raid4] "
21532
"[raid10] \n"
21533
"md0 : active raid1 sda1[0] sdb1[1]\n"
21534
" 10016384 blocks [2/2] [UU]\n"
21535
" \n"
21536
"unused devices: <none>"
21537
msgstr ""
21538
21539
#: serverguide/C/installation.xml:865(para)
21540
msgid ""
21541
"The following command is great for watching the status of a syncing drive:"
21542
msgstr ""
21543
21544
#: serverguide/C/installation.xml:870(command)
21545
msgid "watch -n1 cat /proc/mdstat"
21546
msgstr ""
21547
21548
#: serverguide/C/installation.xml:873(para)
21549
msgid ""
21550
"Press <emphasis>Ctrl+c</emphasis> to stop the "
21551
"<application>watch</application> command."
21552
msgstr ""
21553
21554
#: serverguide/C/installation.xml:877(para)
21555
msgid ""
21556
"If you do need to replace a faulty drive, after the drive has been replaced "
21557
"and synced, <application>grub</application> will need to be installed. To "
21558
"install <application>grub</application> on the new drive, enter the "
21559
"following:"
21560
msgstr ""
21561
21562
#: serverguide/C/installation.xml:883(command)
21563
msgid "sudo grub-install /dev/md0"
21564
msgstr ""
21565
21566
#: serverguide/C/installation.xml:886(para)
21567
msgid ""
21568
"Replace <filename>/dev/md0</filename> with the appropriate array device name."
21569
msgstr ""
21570
21571
#: serverguide/C/installation.xml:894(para)
21572
msgid ""
21573
"The topic of RAID arrays is a complex one due to the plethora of ways RAID "
21574
"can be configured. Please see the following links for more information:"
21575
msgstr ""
21576
21577
#: serverguide/C/installation.xml:901(para)
21578
msgid ""
21579
"<ulink url=\"https://help.ubuntu.com/community/Installation#raid\">Ubuntu "
21580
"Wiki Articles on RAID</ulink>."
21581
msgstr ""
21582
21583
#: serverguide/C/installation.xml:907(ulink)
21584
msgid "Software RAID HOWTO"
21585
msgstr ""
21586
21587
#: serverguide/C/installation.xml:912(ulink)
21588
msgid "Managing RAID on Linux"
21589
msgstr ""
21590
21591
#: serverguide/C/installation.xml:919(title)
21592
msgid "Logical Volume Manager (LVM)"
21593
msgstr ""
21594
21595
#: serverguide/C/installation.xml:921(para)
21596
msgid ""
21597
"Logical Volume Manger, or <emphasis>LVM</emphasis>, allows administrators to "
21598
"create <emphasis>logical</emphasis> volumes out of one or multiple physical "
21599
"hard disks. LVM volumes can be created on both software RAID partitions and "
21600
"standard partitions residing on a single disk. Volumes can also be extended, "
21601
"giving greater flexibility to systems as requirements change."
21602
msgstr ""
21603
21604
#: serverguide/C/installation.xml:930(para)
21605
msgid ""
21606
"A side effect of LVM's power and flexibility is a greater degree of "
21607
"complication. Before diving into the LVM installation process, it is best to "
21608
"get familiar with some terms."
21609
msgstr ""
21610
21611
#: serverguide/C/installation.xml:937(para)
21612
msgid ""
21613
"<emphasis>Volume Group (VG):</emphasis> contains one or several Logical "
21614
"Volumes (LV)."
21615
msgstr ""
21616
21617
#: serverguide/C/installation.xml:942(para)
21618
msgid ""
21619
"<emphasis>Logical Volume (LV):</emphasis> is similar to a partition in a non-"
21620
"LVM system. Multiple Physical Volumes (PV) can make up one LV, on top of "
21621
"which resides the actual EXT3, XFS, JFS, etc filesystem."
21622
msgstr ""
21623
21624
#: serverguide/C/installation.xml:948(para)
21625
msgid ""
21626
"<emphasis>Physical Volume (PV):</emphasis> physical hard disk or software "
21627
"RAID partition. The Volume Group can be extended by adding more PVs."
21628
msgstr ""
21629
21630
#: serverguide/C/installation.xml:959(para)
21631
msgid ""
21632
"As an example this section covers installing Ubuntu Server Edition with "
21633
"<filename role=\"directory\">/srv</filename> mounted on a LVM volume. During "
21634
"the initial install only one Physical Volume (PV) will be part of the Volume "
21635
"Group (VG). Another PV will be added after install to demonstrate how a VG "
21636
"can be extended."
21637
msgstr ""
21638
21639
#: serverguide/C/installation.xml:965(para)
21640
msgid ""
21641
"There are several installation options for LVM, <emphasis>\"Guided - use the "
21642
"entire disk and setup LVM\"</emphasis> which will also allow you to assign a "
21643
"portion of the available space to LVM, <emphasis>\"Guided - use entire and "
21644
"setup encrypted LVM\"</emphasis>, or <emphasis>Manually</emphasis> setup the "
21645
"partitions and configure LVM. At this time the only way to configure a "
21646
"system with both LVM and standard partitions, during installation, is to use "
21647
"the Manual approach."
21648
msgstr ""
21649
21650
#: serverguide/C/installation.xml:982(para)
21651
msgid ""
21652
"At the <emphasis>\"Partition Disks</emphasis> screen choose "
21653
"<emphasis>\"Manual\"</emphasis>."
21654
msgstr ""
21655
21656
#: serverguide/C/installation.xml:989(para)
21657
msgid ""
21658
"Select the hard disk and on the next screen choose \"yes\" to "
21659
"<emphasis>\"Create a new empty partition table on this device\"</emphasis>."
21660
msgstr ""
21661
21662
#: serverguide/C/installation.xml:996(para)
21663
msgid ""
21664
"Next, create standard <emphasis>/boot</emphasis>, <emphasis>swap</emphasis>, "
21665
"and <emphasis>/</emphasis> partitions with whichever filesystem you prefer."
21666
msgstr ""
21667
21668
#: serverguide/C/installation.xml:1004(para)
21669
msgid ""
21670
"For the LVM <emphasis>/srv</emphasis>, create a new "
21671
"<emphasis>Logical</emphasis> partition. Then change <emphasis>\"Use "
21672
"as\"</emphasis> to <emphasis>\"physical volume for LVM\"</emphasis> then "
21673
"<emphasis>\"Done setting up the partition\"</emphasis>."
21674
msgstr ""
21675
21676
#: serverguide/C/installation.xml:1012(para)
21677
msgid ""
21678
"Now select <emphasis>\"Configure the Logical Volume Manager\"</emphasis> at "
21679
"the top, and choose <emphasis>\"Yes\"</emphasis> to write the changes to "
21680
"disk."
21681
msgstr ""
21682
21683
#: serverguide/C/installation.xml:1020(para)
21684
msgid ""
21685
"For the <emphasis>\"LVM configuration action\"</emphasis> on the next "
21686
"screen, choose <emphasis>\"Create volume group\"</emphasis>. Enter a name "
21687
"for the VG such as <emphasis>vg01</emphasis>, or something more descriptive. "
21688
"After entering a name, select the partition configured for LVM, and choose "
21689
"<emphasis>\"Continue\"</emphasis>."
21690
msgstr ""
21691
21692
#: serverguide/C/installation.xml:1029(para)
21693
msgid ""
21694
"Back at the <emphasis>\"LVM configuration action\"</emphasis> screen, select "
21695
"<emphasis>\"Create logical volume\"</emphasis>. Select the newly created "
21696
"volume group, and enter a name for the new LV, for example "
21697
"<emphasis>srv</emphasis> since that is the intended mount point. Then choose "
21698
"a size, which may be the full partition because it can always be extended "
21699
"later. Choose <emphasis>\"Finish\"</emphasis> and you should be back at the "
21700
"main <emphasis>\"Partition Disks\"</emphasis> screen."
21701
msgstr ""
21702
21703
#: serverguide/C/installation.xml:1039(para)
21704
msgid ""
21705
"Now add a filesystem to the new LVM. Select the partition under "
21706
"<emphasis>\"LVM VG vg01, LV srv\"</emphasis>, or whatever name you have "
21707
"chosen, the choose <emphasis>Use as</emphasis>. Setup a file system as "
21708
"normal selecting <emphasis>/srv</emphasis> as the mount point. Once done, "
21709
"select <emphasis>\"Done setting up the partition\"</emphasis>."
21710
msgstr ""
21711
21712
#: serverguide/C/installation.xml:1048(para)
21713
msgid ""
21714
"Finally, select <emphasis>\"Finish partitioning and write changes to "
21715
"disk\"</emphasis>. Then confirm the changes and continue with the rest of "
21716
"the installation."
21717
msgstr ""
21718
21719
#: serverguide/C/installation.xml:1056(para)
21720
msgid "There are some useful utilities to view information about LVM:"
21721
msgstr ""
21722
21723
#: serverguide/C/installation.xml:1061(para)
21724
msgid ""
21725
"<emphasis>vgdisplay:</emphasis> shows information about Volume Groups."
21726
msgstr ""
21727
21728
#: serverguide/C/installation.xml:1062(para)
21729
msgid ""
21730
"<emphasis>lvdisplay:</emphasis> has information about Logical Volumes."
21731
msgstr ""
21732
21733
#: serverguide/C/installation.xml:1063(para)
21734
msgid ""
21735
"<emphasis>pvdisplay:</emphasis> similarly displays information about "
21736
"Physical Volumes."
21737
msgstr ""
21738
21739
#: serverguide/C/installation.xml:1068(title)
21740
msgid "Extending Volume Groups"
21741
msgstr ""
21742
21743
#: serverguide/C/installation.xml:1070(para)
21744
msgid ""
21745
"Continuing with <emphasis>srv</emphasis> as an LVM volume example, this "
21746
"section covers adding a second hard disk, creating a Physical Volume (PV), "
21747
"adding it to the volume group (VG), extending the logical volume <filename "
21748
"role=\"directory\">srv</filename> and finally extending the filesystem. This "
21749
"example assumes a second hard disk has been added to the system. This hard "
21750
"disk will be named <filename>/dev/sdb</filename> in our example. BEWARE: "
21751
"make sure you don't already have an existing <filename>/dev/sdb</filename> "
21752
"before issuing the commands below. You could lose some data if you issue "
21753
"those commands on a non-empty disk. In our example we will use the entire "
21754
"disk as a physical volume (you could choose to create partitions and use "
21755
"them as different physical volumes)"
21756
msgstr ""
21757
21758
#: serverguide/C/installation.xml:1082(para)
21759
msgid "First, create the physical volume, in a terminal execute:"
21760
msgstr ""
21761
21762
#: serverguide/C/installation.xml:1087(command)
21763
msgid "sudo pvcreate /dev/sdb"
21764
msgstr ""
21765
21766
#: serverguide/C/installation.xml:1093(para)
21767
msgid "Now extend the Volume Group (VG):"
21768
msgstr ""
21769
21770
#: serverguide/C/installation.xml:1098(command)
21771
msgid "sudo vgextend vg01 /dev/sdb"
21772
msgstr ""
21773
21774
#: serverguide/C/installation.xml:1104(para)
21775
msgid ""
21776
"Use <application>vgdisplay</application> to find out the free physical "
21777
"extents - Free PE / size (the size you can allocate). We will assume a free "
21778
"size of 511 PE (equivalent to 2GB with a PE size of 4MB) and we will use the "
21779
"whole free space available. Use your own PE and/or free space."
21780
msgstr ""
21781
21782
#: serverguide/C/installation.xml:1110(para)
21783
msgid ""
21784
"The Logical Volume (LV) can now be extended by different methods, we will "
21785
"only see how to use the PE to extend the LV:"
21786
msgstr ""
21787
21788
#: serverguide/C/installation.xml:1115(command)
21789
msgid "sudo lvextend /dev/vg01/srv -l +511"
21790
msgstr ""
21791
21792
#: serverguide/C/installation.xml:1118(para)
21793
msgid ""
21794
"The <emphasis>-l</emphasis> option allows the LV to be extended using PE. "
21795
"The <emphasis>-L</emphasis> option allows the LV to be extended using Meg, "
21796
"Gig, Tera, etc bytes."
21797
msgstr ""
21798
21799
#: serverguide/C/installation.xml:1126(para)
21800
msgid ""
21801
"Even though you are supposed to be able to <emphasis>expand</emphasis> an "
21802
"ext3 or ext4 filesystem without unmounting it first, it may be a good "
21803
"pratice to unmount it anyway and check the filesystem, so that you don't "
21804
"mess up the day you want to reduce a logical volume (in that case unmounting "
21805
"first is compulsory)."
21806
msgstr ""
21807
21808
#: serverguide/C/installation.xml:1132(para)
21809
msgid ""
21810
"The following commands are for an <emphasis>EXT3</emphasis> or "
21811
"<emphasis>EXT4</emphasis> filesystem. If you are using another filesystem "
21812
"there may be other utilities available."
21813
msgstr ""
21814
21815
#: serverguide/C/installation.xml:1139(command)
21816
msgid "sudo e2fsck -f /dev/vg01/srv"
21817
msgstr ""
21818
21819
#: serverguide/C/installation.xml:1142(para)
21820
msgid ""
21821
"The <emphasis>-f</emphasis> option of <application>e2fsck</application> "
21822
"forces checking even if the system seems clean."
21823
msgstr ""
21824
21825
#: serverguide/C/installation.xml:1149(para)
21826
msgid "Finally, resize the filesystem:"
21827
msgstr ""
21828
21829
#: serverguide/C/installation.xml:1154(command)
21830
msgid "sudo resize2fs /dev/vg01/srv"
21831
msgstr ""
21832
21833
#: serverguide/C/installation.xml:1160(para)
21834
msgid "Now mount the partition and check its size."
21835
msgstr ""
21836
21837
#: serverguide/C/installation.xml:1165(command)
21838
msgid "mount /dev/vg01/srv /srv && df -h /srv"
21839
msgstr ""
21840
21841
#: serverguide/C/installation.xml:1177(para)
21842
msgid ""
21843
"See the <ulink "
21844
"url=\"https://help.ubuntu.com/community/Installation#lvm\">Ubuntu Wiki LVM "
21845
"Articles</ulink>."
21846
msgstr ""
21847
21848
#: serverguide/C/installation.xml:1182(para)
21849
msgid ""
21850
"See the <ulink url=\"http://tldp.org/HOWTO/LVM-HOWTO/index.html\">LVM "
21851
"HOWTO</ulink> for more information."
21852
msgstr ""
21853
21854
#: serverguide/C/installation.xml:1187(para)
21855
msgid ""
21856
"Another good article is <ulink "
21857
"url=\"http://www.linuxdevcenter.com/pub/a/linux/2006/04/27/managing-disk-"
21858
"space-with-lvm.html\">Managing Disk Space with LVM</ulink> on O'Reilly's "
21859
"linuxdevcenter.com site."
21860
msgstr ""
21861
21862
#: serverguide/C/installation.xml:1194(para)
21863
msgid ""
21864
"For more information on <application>fdisk</application> see the <ulink "
21865
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man8/fdisk.8.html\">fdisk "
21866
"man page</ulink>."
21867
msgstr ""
21868
21869
#: serverguide/C/file-server.xml:13(title)
21870
msgid "File Servers"
21871
msgstr ""
21872
21873
#: serverguide/C/file-server.xml:15(para)
21874
msgid ""
21875
"If you have more than one computer on a single network. At some point you "
21876
"will probably need to share files between them. In this section we cover "
21877
"installing and configuring FTP, NFS, and CUPS."
21878
msgstr ""
21879
21880
#: serverguide/C/file-server.xml:22(title)
21881
msgid "FTP Server"
21882
msgstr ""
21883
21884
#: serverguide/C/file-server.xml:24(para)
21885
msgid ""
21886
"File Transfer Protocol (FTP) is a TCP protocol for uploading and downloading "
21887
"files between computers. FTP works on a client/server model. The server "
21888
"component is called an <emphasis>FTP daemon</emphasis>. It continuously "
21889
"listens for FTP requests from remote clients. When a request is received, it "
21890
"manages the login and sets up the connection. For the duration of the "
21891
"session it executes any of commands sent by the FTP client."
21892
msgstr ""
21893
21894
#: serverguide/C/file-server.xml:33(para)
21895
msgid "Access to an FTP server can be managed in two ways:"
21896
msgstr ""
21897
21898
#: serverguide/C/file-server.xml:37(para)
21899
msgid "Anonymous"
21900
msgstr ""
21901
21902
#: serverguide/C/file-server.xml:40(para)
21903
msgid "Authenticated"
21904
msgstr ""
21905
21906
#: serverguide/C/file-server.xml:43(para)
21907
msgid ""
21908
"In the Anonymous mode, remote clients can access the FTP server by using the "
21909
"default user account called \"anonymous\" or \"ftp\" and sending an email "
21910
"address as the password. In the Authenticated mode a user must have an "
21911
"account and a password. User access to the FTP server directories and files "
21912
"is dependent on the permissions defined for the account used at login. As a "
21913
"general rule, the FTP daemon will hide the root directory of the FTP server "
21914
"and change it to the FTP Home directory. This hides the rest of the file "
21915
"system from remote sessions."
21916
msgstr ""
21917
21918
#: serverguide/C/file-server.xml:55(title)
21919
msgid "vsftpd - FTP Server Installation"
21920
msgstr ""
21921
21922
#: serverguide/C/file-server.xml:57(para)
21923
msgid ""
21924
"vsftpd is an FTP daemon available in Ubuntu. It is easy to install, set up, "
21925
"and maintain. To install <application>vsftpd</application> you can run the "
21926
"following command:"
21927
msgstr ""
21928
21929
#: serverguide/C/file-server.xml:65(command)
21930
msgid "sudo apt-get install vsftpd"
21931
msgstr ""
21932
21933
#: serverguide/C/file-server.xml:71(title)
21934
msgid "Anonymous FTP Configuration"
21935
msgstr ""
21936
21937
#: serverguide/C/file-server.xml:73(para)
21938
msgid ""
21939
"By default <application>vsftpd</application> is configured to only allow "
21940
"anonymous download. During installation a <emphasis>ftp</emphasis> user is "
21941
"created with a home directory of <filename>/home/ftp</filename>. This is the "
21942
"default FTP directory."
21943
msgstr ""
21944
21945
#: serverguide/C/file-server.xml:80(para)
21946
msgid ""
21947
"If you wish to change this location, to <filename>/srv/ftp</filename> for "
21948
"example, simply create a directory in another location and change the "
21949
"<emphasis>ftp</emphasis> user's home directory:"
21950
msgstr ""
21951
21952
#: serverguide/C/file-server.xml:87(command)
21953
msgid "sudo mkdir /srv/ftp"
21954
msgstr ""
21955
21956
#: serverguide/C/file-server.xml:88(command)
21957
msgid "sudo usermod -d /srv/ftp ftp"
21958
msgstr ""
21959
21960
#: serverguide/C/file-server.xml:91(para)
21961
msgid "After making the change restart <application>vsftpd</application>:"
21962
msgstr ""
21963
21964
#: serverguide/C/file-server.xml:96(command) serverguide/C/file-server.xml:124(command) serverguide/C/file-server.xml:189(command) serverguide/C/file-server.xml:237(command)
21965
msgid "sudo /etc/init.d/vsftpd restart"
21966
msgstr ""
21967
21968
#: serverguide/C/file-server.xml:99(para)
21969
msgid ""
21970
"Finally, copy any files and directories you would like to make available "
21971
"through anonymous FTP to <filename>/srv/ftp</filename>."
21972
msgstr ""
21973
21974
#: serverguide/C/file-server.xml:106(title)
21975
msgid "User Authenticated FTP Configuration"
21976
msgstr ""
21977
21978
#: serverguide/C/file-server.xml:108(para)
21979
msgid ""
21980
"To configure <application>vsftpd</application> to authenticate system users "
21981
"and allow them to upload files edit <filename>/etc/vsftpd.conf</filename>:"
21982
msgstr ""
21983
21984
#: serverguide/C/file-server.xml:114(programlisting)
21985
#, no-wrap
21986
msgid ""
21987
"\n"
21988
"local_enable=YES\n"
21989
"write_enable=YES\n"
21990
msgstr ""
21991
21992
#: serverguide/C/file-server.xml:119(para)
21993
msgid "Now restart <application>vsftpd</application>:"
21994
msgstr ""
21995
21996
#: serverguide/C/file-server.xml:127(para)
21997
msgid ""
21998
"Now when system users login to FTP they will start in their "
21999
"<emphasis>home</emphasis> directories where they can download, upload, "
22000
"create directories, etc."
22001
msgstr ""
22002
22003
#: serverguide/C/file-server.xml:133(para)
22004
msgid ""
22005
"Similarly, by default, the anonymous users are not allowed to upload files "
22006
"to FTP server. To change this setting, you should uncomment the following "
22007
"line, and restart <application>vsftpd</application>:"
22008
msgstr ""
22009
22010
#: serverguide/C/file-server.xml:140(programlisting)
22011
#, no-wrap
22012
msgid ""
22013
"\n"
22014
"anon_upload_enable=YES\n"
22015
msgstr ""
22016
22017
#: serverguide/C/file-server.xml:145(para)
22018
msgid ""
22019
"Enabling anonymous FTP upload can be an extreme security risk. It is best to "
22020
"not enable anonymous upload on servers accessed directly from the Internet."
22021
msgstr ""
22022
22023
#: serverguide/C/file-server.xml:151(para)
22024
msgid ""
22025
"The configuration file consists of many configuration parameters. The "
22026
"information about each parameter is available in the configuration file. "
22027
"Alternatively, you can refer to the man page, <command>man 5 "
22028
"vsftpd.conf</command> for details of each parameter."
22029
msgstr ""
22030
22031
#: serverguide/C/file-server.xml:162(title)
22032
msgid "Securing FTP"
22033
msgstr ""
22034
22035
#: serverguide/C/file-server.xml:164(para)
22036
msgid ""
22037
"There are options in <filename>/etc/vsftpd.conf</filename> to help make "
22038
"<application>vsftpd</application> more secure. For example users can be "
22039
"limited to their home directories by uncommenting:"
22040
msgstr ""
22041
22042
#: serverguide/C/file-server.xml:170(programlisting)
22043
#, no-wrap
22044
msgid ""
22045
"\n"
22046
"chroot_local_user=YES\n"
22047
msgstr ""
22048
22049
#: serverguide/C/file-server.xml:174(para)
22050
msgid ""
22051
"You can also limit a specific list of users to just their home directories:"
22052
msgstr ""
22053
22054
#: serverguide/C/file-server.xml:178(programlisting)
22055
#, no-wrap
22056
msgid ""
22057
"\n"
22058
"chroot_list_enable=YES\n"
22059
"chroot_list_file=/etc/vsftpd.chroot_list\n"
22060
msgstr ""
22061
22062
#: serverguide/C/file-server.xml:183(para)
22063
msgid ""
22064
"After uncommenting the above options, create a "
22065
"<filename>/etc/vsftpd.chroot_list</filename> containing a list of users one "
22066
"per line. Then restart <application>vsftpd</application>:"
22067
msgstr ""
22068
22069
#: serverguide/C/file-server.xml:192(para)
22070
msgid ""
22071
"Also, the <filename>/etc/ftpusers</filename> file is a list of users that "
22072
"are <emphasis>disallowed</emphasis> FTP access. The default list includes "
22073
"root, daemon, nobody, etc. To disable FTP access for additional users simply "
22074
"add them to the list."
22075
msgstr ""
22076
22077
#: serverguide/C/file-server.xml:199(para)
22078
msgid ""
22079
"FTP can also be encrypted using <emphasis>FTPS</emphasis>. Different from "
22080
"<emphasis>SFTP</emphasis>, <emphasis>FTPS</emphasis> is FTP over Secure "
22081
"Socket Layer (SSL). <emphasis>SFTP</emphasis> is a FTP like session over an "
22082
"encrypted <emphasis>SSH</emphasis> connection. A major difference is that "
22083
"users of SFTP need to have a <emphasis>shell</emphasis> account on the "
22084
"system, instead of a <emphasis>nologin</emphasis> shell. Providing all users "
22085
"with a shell may not be ideal for some environments, such as a shared web "
22086
"host."
22087
msgstr ""
22088
22089
#: serverguide/C/file-server.xml:208(para)
22090
msgid ""
22091
"To configure <emphasis>FTPS</emphasis>, edit "
22092
"<filename>/etc/vsftpd.conf</filename> and at the bottom add:"
22093
msgstr ""
22094
22095
#: serverguide/C/file-server.xml:212(programlisting)
22096
#, no-wrap
22097
msgid ""
22098
"\n"
22099
"ssl_enable=Yes\n"
22100
msgstr ""
22101
22102
#: serverguide/C/file-server.xml:216(para)
22103
msgid "Also, notice the certificate and key related options:"
22104
msgstr ""
22105
22106
#: serverguide/C/file-server.xml:220(programlisting)
22107
#, no-wrap
22108
msgid ""
22109
"\n"
22110
"rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem\n"
22111
"rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key\n"
22112
msgstr ""
22113
22114
#: serverguide/C/file-server.xml:225(para)
22115
msgid ""
22116
"By default these options are set the certificate and key provided by the "
22117
"<application>ssl-cert</application> package. In a production environment "
22118
"these should be replaced with a certificate and key generated for the "
22119
"specific host. For more information on certificates see <xref "
22120
"linkend=\"certificates-and-security\"/>."
22121
msgstr ""
22122
22123
#: serverguide/C/file-server.xml:231(para)
22124
msgid ""
22125
"Now restart <application>vsftpd</application>, and non-anonymous users will "
22126
"be forced to use <emphasis>FTPS</emphasis>:"
22127
msgstr ""
22128
22129
#: serverguide/C/file-server.xml:240(para)
22130
msgid ""
22131
"To allow users with a shell of <filename>/usr/sbin/nologin</filename> access "
22132
"to FTP, but have no shell access, edit <filename>/etc/shells</filename> "
22133
"adding the <emphasis>nologin</emphasis> shell:"
22134
msgstr ""
22135
22136
#: serverguide/C/file-server.xml:245(programlisting)
22137
#, no-wrap
22138
msgid ""
22139
"\n"
22140
"# /etc/shells: valid login shells\n"
22141
"/bin/csh\n"
22142
"/bin/sh\n"
22143
"/usr/bin/es\n"
22144
"/usr/bin/ksh\n"
22145
"/bin/ksh\n"
22146
"/usr/bin/rc\n"
22147
"/usr/bin/tcsh\n"
22148
"/bin/tcsh\n"
22149
"/usr/bin/esh\n"
22150
"/bin/dash\n"
22151
"/bin/bash\n"
22152
"/bin/rbash\n"
22153
"/usr/bin/screen\n"
22154
"/usr/sbin/nologin\n"
22155
msgstr ""
22156
22157
#: serverguide/C/file-server.xml:263(para)
22158
msgid ""
22159
"This is necessary because, by default <application>vsftpd</application> uses "
22160
"PAM for authentication, and the <filename>/etc/pam.d/vsftpd</filename> "
22161
"configuration file contains:"
22162
msgstr ""
22163
22164
#: serverguide/C/file-server.xml:268(programlisting)
22165
#, no-wrap
22166
msgid ""
22167
"\n"
22168
"auth required pam_shells.so\n"
22169
msgstr ""
22170
22171
#: serverguide/C/file-server.xml:272(para)
22172
msgid ""
22173
"The <emphasis>shells</emphasis> PAM module restricts access to shells listed "
22174
"in the <filename>/etc/shells</filename> file."
22175
msgstr ""
22176
22177
#: serverguide/C/file-server.xml:277(para)
22178
msgid ""
22179
"Most popular FTP clients can be configured connect using FTPS. The "
22180
"<application>lftp</application> command line FTP client has the ability to "
22181
"use FTPS as well."
22182
msgstr ""
22183
22184
#: serverguide/C/file-server.xml:288(para)
22185
msgid ""
22186
"See the <ulink url=\"http://vsftpd.beasts.org/vsftpd_conf.html\">vsftpd "
22187
"website</ulink> for more information."
22188
msgstr ""
22189
22190
#: serverguide/C/file-server.xml:293(para)
22191
msgid ""
22192
"For detailed <filename>/etc/vsftpd.conf</filename> options see the <ulink "
22193
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man5/vsftpd.conf.5.html\">"
22194
"vsftpd.conf man page</ulink>."
22195
msgstr ""
22196
22197
#: serverguide/C/file-server.xml:299(para)
22198
msgid ""
22199
"The CodeGurus article <ulink "
22200
"url=\"http://www.codeguru.com/csharp/.net/net_general/internet/article.php/c1"
22201
"4329\"> FTPS vs. SFTP: What to Choose</ulink> has useful information "
22202
"contrasting FTPS and SFTP."
22203
msgstr ""
22204
22205
#: serverguide/C/file-server.xml:305(para)
22206
msgid ""
22207
"Also, for more information see the <ulink "
22208
"url=\"https://help.ubuntu.com/community/vsftpd\">Ubuntu Wiki vsftpd</ulink> "
22209
"page."
22210
msgstr ""
22211
22212
#: serverguide/C/file-server.xml:315(title)
22213
msgid "Network File System (NFS)"
22214
msgstr ""
22215
22216
#: serverguide/C/file-server.xml:316(para)
22217
msgid ""
22218
"NFS allows a system to share directories and files with others over a "
22219
"network. By using NFS, users and programs can access files on remote systems "
22220
"almost as if they were local files."
22221
msgstr ""
22222
22223
#: serverguide/C/file-server.xml:322(para)
22224
msgid "Some of the most notable benefits that NFS can provide are:"
22225
msgstr ""
22226
22227
#: serverguide/C/file-server.xml:328(para)
22228
msgid ""
22229
"Local workstations use less disk space because commonly used data can be "
22230
"stored on a single machine and still remain accessible to others over the "
22231
"network."
22232
msgstr ""
22233
22234
#: serverguide/C/file-server.xml:333(para)
22235
msgid ""
22236
"There is no need for users to have separate home directories on every "
22237
"network machine. Home directories could be set up on the NFS server and made "
22238
"available throughout the network."
22239
msgstr ""
22240
22241
#: serverguide/C/file-server.xml:339(para)
22242
msgid ""
22243
"Storage devices such as floppy disks, CDROM drives, and USB Thumb drives can "
22244
"be used by other machines on the network. This may reduce the number of "
22245
"removable media drives throughout the network."
22246
msgstr ""
22247
22248
#: serverguide/C/file-server.xml:349(para)
22249
msgid ""
22250
"At a terminal prompt enter the following command to install the NFS Server:"
22251
msgstr ""
22252
22253
#: serverguide/C/file-server.xml:355(command)
22254
msgid "sudo apt-get install nfs-kernel-server"
22255
msgstr ""
22256
22257
#: serverguide/C/file-server.xml:361(para)
22258
msgid ""
22259
"You can configure the directories to be exported by adding them to the "
22260
"<filename>/etc/exports</filename> file. For example:"
22261
msgstr ""
22262
22263
#: serverguide/C/file-server.xml:366(screen)
22264
#, no-wrap
22265
msgid ""
22266
"\n"
22267
"/ubuntu *(ro,sync,no_root_squash)\n"
22268
"/home *(rw,sync,no_root_squash)\n"
22269
msgstr ""
22270
22271
#: serverguide/C/file-server.xml:372(para)
22272
msgid ""
22273
"You can replace * with one of the hostname formats. Make the hostname "
22274
"declaration as specific as possible so unwanted systems cannot access the "
22275
"NFS mount."
22276
msgstr ""
22277
22278
#: serverguide/C/file-server.xml:378(para)
22279
msgid ""
22280
"To start the NFS server, you can run the following command at a terminal "
22281
"prompt:"
22282
msgstr ""
22283
22284
#: serverguide/C/file-server.xml:383(command)
22285
msgid "sudo /etc/init.d/nfs-kernel-server start"
22286
msgstr ""
22287
22288
#: serverguide/C/file-server.xml:388(title)
22289
msgid "NFS Client Configuration"
22290
msgstr ""
22291
22292
#: serverguide/C/file-server.xml:389(para)
22293
msgid ""
22294
"Use the <application>mount</application> command to mount a shared NFS "
22295
"directory from another machine, by typing a command line similar to the "
22296
"following at a terminal prompt:"
22297
msgstr ""
22298
22299
#: serverguide/C/file-server.xml:395(command)
22300
msgid "sudo mount example.hostname.com:/ubuntu /local/ubuntu"
22301
msgstr ""
22302
22303
#: serverguide/C/file-server.xml:399(para)
22304
msgid ""
22305
"The mount point directory <filename>/local/ubuntu</filename> must exist. "
22306
"There should be no files or subdirectories in the "
22307
"<filename>/local/ubuntu</filename> directory."
22308
msgstr ""
22309
22310
#: serverguide/C/file-server.xml:406(para)
22311
msgid ""
22312
"An alternate way to mount an NFS share from another machine is to add a line "
22313
"to the <filename>/etc/fstab</filename> file. The line must state the "
22314
"hostname of the NFS server, the directory on the server being exported, and "
22315
"the directory on the local machine where the NFS share is to be mounted."
22316
msgstr ""
22317
22318
#: serverguide/C/file-server.xml:414(para)
22319
msgid ""
22320
"The general syntax for the line in <filename>/etc/fstab</filename> file is "
22321
"as follows:"
22322
msgstr ""
22323
22324
#: serverguide/C/file-server.xml:420(programlisting)
22325
#, no-wrap
22326
msgid ""
22327
"\n"
22328
"example.hostname.com:/ubuntu /local/ubuntu nfs "
22329
"rsize=8192,wsize=8192,timeo=14,intr\n"
22330
msgstr ""
22331
22332
#: serverguide/C/file-server.xml:424(para)
22333
msgid ""
22334
"If you have trouble mounting an NFS share, make sure the <application>nfs-"
22335
"common</application> package is installed on your client. To install "
22336
"<application>nfs-common</application> enter the following command at the "
22337
"terminal prompt: <screen>\n"
22338
"<command>sudo apt-get install nfs-common</command>\n"
22339
"</screen>"
22340
msgstr ""
22341
22342
#: serverguide/C/file-server.xml:437(ulink)
22343
msgid "Linux NFS faq"
22344
msgstr ""
22345
22346
#: serverguide/C/file-server.xml:439(ulink)
22347
msgid "Ubuntu Wiki NFS Howto"
22348
msgstr ""
22349
22350
#: serverguide/C/file-server.xml:445(title)
22351
msgid "CUPS - Print Server"
22352
msgstr ""
22353
22354
#: serverguide/C/file-server.xml:446(para)
22355
msgid ""
22356
"The primary mechanism for Ubuntu printing and print services is the "
22357
"<emphasis role=\"bold\">Common UNIX Printing System</emphasis> (CUPS). This "
22358
"printing system is a freely available, portable printing layer which has "
22359
"become the new standard for printing in most Linux distributions."
22360
msgstr ""
22361
22362
#: serverguide/C/file-server.xml:453(para)
22363
msgid ""
22364
"CUPS manages print jobs and queues and provides network printing using the "
22365
"standard Internet Printing Protocol (IPP), while offering support for a very "
22366
"large range of printers, from dot-matrix to laser and many in between. CUPS "
22367
"also supports PostScript Printer Description (PPD) and auto-detection of "
22368
"network printers, and features a simple web-based configuration and "
22369
"administration tool."
22370
msgstr ""
22371
22372
#: serverguide/C/file-server.xml:463(para)
22373
msgid ""
22374
"To install CUPS on your Ubuntu computer, simply use "
22375
"<application>sudo</application> with the <application>apt-get</application> "
22376
"command and give the packages to install as the first parameter. A complete "
22377
"CUPS install has many package dependencies, but they may all be specified on "
22378
"the same command line. Enter the following at a terminal prompt to install "
22379
"CUPS:"
22380
msgstr ""
22381
22382
#: serverguide/C/file-server.xml:468(command)
22383
msgid "sudo apt-get install cups"
22384
msgstr ""
22385
22386
#: serverguide/C/file-server.xml:471(para)
22387
msgid ""
22388
"Upon authenticating with your user password, the packages should be "
22389
"downloaded and installed without error. Upon the conclusion of installation, "
22390
"the CUPS server will be started automatically."
22391
msgstr ""
22392
22393
#: serverguide/C/file-server.xml:476(para)
22394
msgid ""
22395
"For troubleshooting purposes, you can access CUPS server errors via the "
22396
"error log file at: <filename>/var/log/cups/error_log</filename>. If the "
22397
"error log does not show enough information to troubleshoot any problems you "
22398
"encounter, the verbosity of the CUPS log can be increased by changing the "
22399
"<emphasis role=\"bold\">LogLevel</emphasis> directive in the configuration "
22400
"file (discussed below) to \"debug\" or even \"debug2\", which logs "
22401
"everything, from the default of \"info\". If you make this change, remember "
22402
"to change it back once you've solved your problem, to prevent the log file "
22403
"from becoming overly large."
22404
msgstr ""
22405
22406
#: serverguide/C/file-server.xml:489(para)
22407
msgid ""
22408
"The Common UNIX Printing System server's behavior is configured through the "
22409
"directives contained in the file <filename>/etc/cups/cupsd.conf</filename>. "
22410
"The CUPS configuration file follows the same syntax as the primary "
22411
"configuration file for the Apache HTTP server, so users familiar with "
22412
"editing Apache's configuration file should feel at ease when editing the "
22413
"CUPS configuration file. Some examples of settings you may wish to change "
22414
"initially will be presented here."
22415
msgstr ""
22416
22417
#: serverguide/C/file-server.xml:499(para)
22418
msgid ""
22419
"Prior to editing the configuration file, you should make a copy of the "
22420
"original file and protect it from writing, so you will have the original "
22421
"settings as a reference, and to reuse as necessary."
22422
msgstr ""
22423
22424
#: serverguide/C/file-server.xml:503(para)
22425
msgid ""
22426
"Copy the <filename>/etc/cups/cupsd.conf</filename> file and protect it from "
22427
"writing with the following commands, issued at a terminal prompt:"
22428
msgstr ""
22429
22430
#: serverguide/C/file-server.xml:509(command)
22431
msgid "sudo cp /etc/cups/cupsd.conf /etc/cups/cupsd.conf.original"
22432
msgstr ""
22433
22434
#: serverguide/C/file-server.xml:510(command)
22435
msgid "sudo chmod a-w /etc/cups/cupsd.conf.original"
22436
msgstr ""
22437
22438
#: serverguide/C/file-server.xml:515(para)
22439
msgid ""
22440
"<emphasis role=\"bold\">ServerAdmin</emphasis>: To configure the email "
22441
"address of the designated administrator of the CUPS server, simply edit the "
22442
"<filename>/etc/cups/cupsd.conf</filename> configuration file with your "
22443
"preferred text editor, and add or modify the <emphasis "
22444
"role=\"italics\">ServerAdmin</emphasis> line accordingly. For example, if "
22445
"you are the Administrator for the CUPS server, and your e-mail address is "
22446
"'bjoy@somebigco.com', then you would modify the ServerAdmin line to appear "
22447
"as such:"
22448
msgstr ""
22449
22450
#: serverguide/C/file-server.xml:526(screen)
22451
#, no-wrap
22452
msgid ""
22453
"\n"
22454
"ServerAdmin bjoy@somebigco.com\n"
22455
msgstr ""
22456
22457
#: serverguide/C/file-server.xml:532(para)
22458
msgid ""
22459
"<emphasis role=\"bold\">Listen</emphasis>: By default on Ubuntu, the CUPS "
22460
"server installation listens only on the loopback interface at IP address "
22461
"<emphasis>127.0.0.1</emphasis>. In order to instruct the CUPS server to "
22462
"listen on an actual network adapter's IP address, you must specify either a "
22463
"hostname, the IP address, or optionally, an IP address/port pairing via the "
22464
"addition of a Listen directive. For example, if your CUPS server resides on "
22465
"a local network at the IP address <emphasis "
22466
"role=\"italics\">192.168.10.250</emphasis> and you'd like to make it "
22467
"accessible to the other systems on this subnetwork, you would edit the "
22468
"<filename>/etc/cups/cupsd.conf</filename> and add a Listen directive, as "
22469
"such:"
22470
msgstr ""
22471
22472
#: serverguide/C/file-server.xml:546(screen)
22473
#, no-wrap
22474
msgid ""
22475
"\n"
22476
"Listen 127.0.0.1:631 # existing loopback Listen\n"
22477
"Listen /var/run/cups/cups.sock # existing socket Listen\n"
22478
"Listen 192.168.10.250:631 # Listen on the LAN interface, Port 631 "
22479
"(IPP)\n"
22480
msgstr ""
22481
22482
#: serverguide/C/file-server.xml:552(para)
22483
msgid ""
22484
"In the example above, you may comment out or remove the reference to the "
22485
"Loopback address (127.0.0.1) if you do not wish <application>cupsd "
22486
"</application> to listen on that interface, but would rather have it only "
22487
"listen on the Ethernet interfaces of the Local Area Network (LAN). To enable "
22488
"listening for all network interfaces for which a certain hostname is bound, "
22489
"including the Loopback, you could create a Listen entry for the hostname "
22490
"<emphasis>socrates</emphasis> as such:"
22491
msgstr ""
22492
22493
#: serverguide/C/file-server.xml:562(screen)
22494
#, no-wrap
22495
msgid ""
22496
"\n"
22497
"Listen socrates:631 # Listen on all interfaces for the hostname 'socrates'\n"
22498
msgstr ""
22499
22500
#: serverguide/C/file-server.xml:566(para)
22501
msgid ""
22502
"or by omitting the Listen directive and using <emphasis>Port</emphasis> "
22503
"instead, as in:"
22504
msgstr ""
22505
22506
#: serverguide/C/file-server.xml:568(screen)
22507
#, no-wrap
22508
msgid ""
22509
"\n"
22510
"Port 631 # Listen on port 631 on all interfaces\n"
22511
msgstr ""
22512
22513
#: serverguide/C/file-server.xml:575(para)
22514
msgid ""
22515
"For more examples of configuration directives in the CUPS server "
22516
"configuration file, view the associated system manual page by entering the "
22517
"following command at a terminal prompt:"
22518
msgstr ""
22519
22520
#: serverguide/C/file-server.xml:582(command)
22521
msgid "man cupsd.conf"
22522
msgstr ""
22523
22524
#: serverguide/C/file-server.xml:586(para)
22525
msgid ""
22526
"Whenever you make changes to the <filename>/etc/cups/cupsd.conf</filename> "
22527
"configuration file, you'll need to restart the CUPS server by typing the "
22528
"following command at a terminal prompt:"
22529
msgstr ""
22530
22531
#: serverguide/C/file-server.xml:592(command)
22532
msgid "sudo /etc/init.d/cups restart"
22533
msgstr ""
22534
22535
#: serverguide/C/file-server.xml:598(title)
22536
msgid "Web Interface"
22537
msgstr ""
22538
22539
#: serverguide/C/file-server.xml:600(para)
22540
msgid ""
22541
"CUPS can be configured and monitored using a web interface, which by default "
22542
"is available at <ulink "
22543
"url=\"http://localhost:631/admin\">http://localhost:631/admin</ulink>. The "
22544
"web interface can be used to perform all printer management tasks."
22545
msgstr ""
22546
22547
#: serverguide/C/file-server.xml:604(para)
22548
msgid ""
22549
"In order to perform administrative tasks via the web interface, you must "
22550
"either have the root account enabled on your server, or authenticate as a "
22551
"user in the <emphasis role=\"italic\">lpadmin</emphasis> group. For security "
22552
"reasons, CUPS won't authenticate a user that doesn't have a password."
22553
msgstr ""
22554
22555
#: serverguide/C/file-server.xml:607(para)
22556
msgid ""
22557
"To add a user to the <emphasis role=\"italic\">lpadmin</emphasis> group, run "
22558
"at the terminal prompt: <screen>\n"
22559
"<command>sudo usermod -aG lpadmin username</command>\n"
22560
"</screen>"
22561
msgstr ""
22562
22563
#: serverguide/C/file-server.xml:613(para)
22564
msgid ""
22565
"Further documentation is available in the <emphasis "
22566
"role=\"italic\">Documentation/Help</emphasis> tab of the web interface."
22567
msgstr ""
22568
22569
#: serverguide/C/file-server.xml:621(ulink)
22570
msgid "CUPS Website"
22571
msgstr ""
22572
22573
#: serverguide/C/file-server.xml:624(ulink)
22574
msgid "Ubuntu Wiki CUPS page"
22575
msgstr ""
22576
22577
#: serverguide/C/dns.xml:13(title)
22578
msgid "Domain Name Service (DNS)"
22579
msgstr ""
22580
22581
#: serverguide/C/dns.xml:14(para)
22582
msgid ""
22583
"Domain Name Service (DNS) is an Internet service that maps IP addresses and "
22584
"fully qualified domain names (FQDN) to one another. In this way, DNS "
22585
"alleviates the need to remember IP addresses. Computers that run DNS are "
22586
"called <emphasis>name servers</emphasis>. Ubuntu ships with "
22587
"<application>BIND</application> (Berkley Internet Naming Daemon), the most "
22588
"common program used for maintaining a name server on Linux."
22589
msgstr ""
22590
22591
#: serverguide/C/dns.xml:24(para)
22592
msgid ""
22593
"At a terminal prompt, enter the following command to install "
22594
"<application>dns</application>:"
22595
msgstr ""
22596
22597
#: serverguide/C/dns.xml:28(command)
22598
msgid "sudo apt-get install bind9"
22599
msgstr ""
22600
22601
#: serverguide/C/dns.xml:30(para)
22602
msgid ""
22603
"A very useful package for testing and troubleshooting DNS issues is the "
22604
"dnsutils package. To install <application>dnsutils</application> enter the "
22605
"following:"
22606
msgstr ""
22607
22608
#: serverguide/C/dns.xml:35(command)
22609
msgid "sudo apt-get install dnsutils"
22610
msgstr ""
22611
22612
#: serverguide/C/dns.xml:40(para)
22613
msgid ""
22614
"There a many ways to configure <application>BIND9</application>. Some of the "
22615
"most common configurations are a caching nameserver, primary master, and a "
22616
"as a secondary master."
22617
msgstr ""
22618
22619
#: serverguide/C/dns.xml:46(para)
22620
msgid ""
22621
"When configured as a caching nameserver BIND9 will find the answer to name "
22622
"queries and remember the answer when the domain is queried again."
22623
msgstr ""
22624
22625
#: serverguide/C/dns.xml:52(para)
22626
msgid ""
22627
"As a primary master server BIND9 reads the data for a zone from a file on "
22628
"it's host and is authoritative for that zone."
22629
msgstr ""
22630
22631
#: serverguide/C/dns.xml:57(para)
22632
msgid ""
22633
"In a secondary master configuration BIND9 gets the zone data from another "
22634
"nameserver authoritative for the zone."
22635
msgstr ""
22636
22637
#: serverguide/C/dns.xml:65(para)
22638
msgid ""
22639
"The DNS configuration files are stored in the <filename>/etc/bind</filename> "
22640
"directory. The primary configuration file is "
22641
"<filename>/etc/bind/named.conf</filename>."
22642
msgstr ""
22643
22644
#: serverguide/C/dns.xml:72(para)
22645
msgid ""
22646
"The <emphasis>include</emphasis> line specifies the filename which contains "
22647
"the DNS options. The <emphasis>directory</emphasis> line in the "
22648
"<filename>/etc/bind/named.conf.options</filename> file tells DNS where to "
22649
"look for files. All files BIND uses will be relative to this directory."
22650
msgstr ""
22651
22652
#: serverguide/C/dns.xml:80(para)
22653
msgid ""
22654
"The file named <filename>/etc/bind/db.root</filename> describes the root "
22655
"nameservers in the world. The servers change over time, so the "
22656
"<filename>/etc/bind/db.root</filename> file must be maintained now and then. "
22657
"This is usually done as updates to the <application>bind9</application> "
22658
"package. The <emphasis>zone</emphasis> section defines a master server, and "
22659
"it is stored in a file mentioned in the <emphasis>file</emphasis> option."
22660
msgstr ""
22661
22662
#: serverguide/C/dns.xml:90(para)
22663
msgid ""
22664
"It is possible to configure the same server to be a caching name server, "
22665
"primary master, and secondary master. A server can be the Start of Authority "
22666
"(SOA) for one zone, while providing secondary service for another zone. All "
22667
"the while providing caching services for hosts on the local LAN."
22668
msgstr ""
22669
22670
#: serverguide/C/dns.xml:98(title)
22671
msgid "Caching Nameserver"
22672
msgstr ""
22673
22674
#: serverguide/C/dns.xml:99(para)
22675
msgid ""
22676
"The default configuration is setup to act as a caching server. All that is "
22677
"required is simply adding the IP Addresses of your ISP's DNS servers. Simply "
22678
"uncomment and edit the following in "
22679
"<filename>/etc/bind/named.conf.options</filename>:"
22680
msgstr ""
22681
22682
#: serverguide/C/dns.xml:103(programlisting)
22683
#, no-wrap
22684
msgid ""
22685
"\n"
22686
"forwarders {\n"
22687
" 1.2.3.4;\n"
22688
" 5.6.7.8;\n"
22689
" };\n"
22690
msgstr ""
22691
22692
#: serverguide/C/dns.xml:110(para)
22693
msgid ""
22694
"Replace <emphasis>1.2.3.4</emphasis> and <emphasis>5.6.7.8</emphasis> with "
22695
"the IP Adresses of actual nameservers."
22696
msgstr ""
22697
22698
#: serverguide/C/dns.xml:114(para)
22699
msgid ""
22700
"Now restart the DNS server, to enable the new configuration. From a terminal "
22701
"prompt:"
22702
msgstr ""
22703
22704
#: serverguide/C/dns.xml:118(command) serverguide/C/dns.xml:194(command) serverguide/C/dns.xml:253(command) serverguide/C/dns.xml:312(command) serverguide/C/dns.xml:561(command)
22705
msgid "sudo /etc/init.d/bind9 restart"
22706
msgstr ""
22707
22708
#: serverguide/C/dns.xml:120(para)
22709
msgid ""
22710
"See <xref linkend=\"dns-testing-dig\"/> for information on testing a caching "
22711
"DNS server."
22712
msgstr ""
22713
22714
#: serverguide/C/dns.xml:125(title)
22715
msgid "Primary Master"
22716
msgstr ""
22717
22718
#: serverguide/C/dns.xml:126(para)
22719
msgid ""
22720
"In this section <application>BIND9</application> will be configured as the "
22721
"Primary Master for the domain <emphasis>example.com</emphasis>. Simply "
22722
"replace <emphasis role=\"italic\">example.com</emphasis> with your FQDN "
22723
"(Fully Qualified Domain Name)."
22724
msgstr ""
22725
22726
#: serverguide/C/dns.xml:132(title)
22727
msgid "Forward Zone File"
22728
msgstr ""
22729
22730
#: serverguide/C/dns.xml:133(para)
22731
msgid ""
22732
"To add a DNS zone to BIND9, turning BIND9 into a Primary Master server, the "
22733
"first step is to edit <filename>/etc/bind/named.conf.local</filename>:"
22734
msgstr ""
22735
22736
#: serverguide/C/dns.xml:137(programlisting)
22737
#, no-wrap
22738
msgid ""
22739
"\n"
22740
"zone \"example.com\" {\n"
22741
"\ttype master;\n"
22742
" file \"/etc/bind/db.example.com\";\n"
22743
"};\n"
22744
msgstr ""
22745
22746
#: serverguide/C/dns.xml:143(para)
22747
msgid ""
22748
"Now use an existing zone file as a template to create the "
22749
"<filename>/etc/bind/db.example.com</filename> file:"
22750
msgstr ""
22751
22752
#: serverguide/C/dns.xml:147(command)
22753
msgid "sudo cp /etc/bind/db.local /etc/bind/db.example.com"
22754
msgstr ""
22755
22756
#: serverguide/C/dns.xml:149(para)
22757
msgid ""
22758
"Edit the new zone file <filename>/etc/bind/db.example.com</filename> change "
22759
"<emphasis>localhost.</emphasis> to the FQDN of your server, leaving the "
22760
"additional \".\" at the end. Change <emphasis>127.0.0.1</emphasis> to the "
22761
"nameserver's IP Address and <emphasis>root.localhost</emphasis> to a valid "
22762
"email address, but with a \".\" instead of the usual \"@\" symbol, again "
22763
"leaving the \".\" at the end."
22764
msgstr ""
22765
22766
#: serverguide/C/dns.xml:155(para)
22767
msgid ""
22768
"Also, create an <emphasis>A record</emphasis> for <emphasis "
22769
"role=\"italic\">ns.example.com</emphasis>. The name server in this example:"
22770
msgstr ""
22771
22772
#: serverguide/C/dns.xml:159(programlisting)
22773
#, no-wrap
22774
msgid ""
22775
"\n"
22776
";\n"
22777
"; BIND data file for local loopback interface\n"
22778
";\n"
22779
"$TTL 604800\n"
22780
"@ IN SOA ns.example.com. root.example.com. (\n"
22781
" 2 ; Serial\n"
22782
" 604800 ; Refresh\n"
22783
" 86400 ; Retry\n"
22784
" 2419200 ; Expire\n"
22785
" 604800 ) ; Negative Cache TTL\n"
22786
";\n"
22787
"@ IN NS ns.example.com.\n"
22788
"@ IN A 127.0.0.1\n"
22789
"@ IN AAAA ::1\n"
22790
"ns IN A 192.168.1.10\n"
22791
msgstr ""
22792
22793
#: serverguide/C/dns.xml:176(para)
22794
msgid ""
22795
"You must increment the <emphasis>Serial Number</emphasis> every time you "
22796
"make changes to the zone file. If you make multiple changes before "
22797
"restarting BIND9, simply increment the Serial once."
22798
msgstr ""
22799
22800
#: serverguide/C/dns.xml:180(para)
22801
msgid ""
22802
"Now, you can add DNS records to the bottom of the zone file. See <xref "
22803
"linkend=\"dns-record-types\"/> for details."
22804
msgstr ""
22805
22806
#: serverguide/C/dns.xml:184(para)
22807
msgid ""
22808
"Many admins like to use the last date edited as the serial of a zone, such "
22809
"as <emphasis>2007010100</emphasis> which is yyyymmddss (where "
22810
"<emphasis>ss</emphasis> is the Serial Number)"
22811
msgstr ""
22812
22813
#: serverguide/C/dns.xml:189(para)
22814
msgid ""
22815
"Once you have made a change to the zone file "
22816
"<application>BIND9</application> will need to be restarted for the changes "
22817
"to take effect:"
22818
msgstr ""
22819
22820
#: serverguide/C/dns.xml:198(title)
22821
msgid "Reverse Zone File"
22822
msgstr ""
22823
22824
#: serverguide/C/dns.xml:199(para)
22825
msgid ""
22826
"Now that the zone is setup and resolving names to IP Adresses a "
22827
"<emphasis>Reverse zone</emphasis> is also required. A Reverse zone allows "
22828
"DNS to resolve an address to a name."
22829
msgstr ""
22830
22831
#: serverguide/C/dns.xml:203(para)
22832
msgid "Edit /etc/bind/named.conf.local and add the following:"
22833
msgstr ""
22834
22835
#: serverguide/C/dns.xml:206(programlisting)
22836
#, no-wrap
22837
msgid ""
22838
"\n"
22839
"zone \"1.168.192.in-addr.arpa\" {\n"
22840
" type master;\n"
22841
" notify no;\n"
22842
" file \"/etc/bind/db.192\";\n"
22843
"};\n"
22844
msgstr ""
22845
22846
#: serverguide/C/dns.xml:214(para)
22847
msgid ""
22848
"Replace <emphasis>1.168.192</emphasis> with the first three octets of "
22849
"whatever network you are using. Also, name the zone file "
22850
"<filename>/etc/bind/db.192</filename> appropriately. It should match the "
22851
"first octet of your network."
22852
msgstr ""
22853
22854
#: serverguide/C/dns.xml:219(para)
22855
msgid "Now create the <filename>/etc/bind/db.192</filename> file:"
22856
msgstr ""
22857
22858
#: serverguide/C/dns.xml:223(command)
22859
msgid "sudo cp /etc/bind/db.127 /etc/bind/db.192"
22860
msgstr ""
22861
22862
#: serverguide/C/dns.xml:225(para)
22863
msgid ""
22864
"Next edit <filename>/etc/bind/db.192</filename> changing the basically the "
22865
"same options as <filename>/etc/bind/db.example.com</filename>:"
22866
msgstr ""
22867
22868
#: serverguide/C/dns.xml:229(programlisting)
22869
#, no-wrap
22870
msgid ""
22871
"\n"
22872
";\n"
22873
"; BIND reverse data file for local loopback interface\n"
22874
";\n"
22875
"$TTL 604800\n"
22876
"@ IN SOA ns.example.com. root.example.com. (\n"
22877
" 2 ; Serial\n"
22878
" 604800 ; Refresh\n"
22879
" 86400 ; Retry\n"
22880
" 2419200 ; Expire\n"
22881
" 604800 ) ; Negative Cache TTL\n"
22882
";\n"
22883
"@ IN NS ns.\n"
22884
"10 IN PTR ns.example.com.\n"
22885
msgstr ""
22886
22887
#: serverguide/C/dns.xml:244(para)
22888
msgid ""
22889
"The <emphasis>Serial Number</emphasis> in the Reverse zone needs to be "
22890
"incremented on each changes as well. For each <emphasis>A record</emphasis> "
22891
"you configure in <filename>/etc/bind/db.example.com</filename> you need to "
22892
"create a <emphasis>PTR record</emphasis> in "
22893
"<filename>/etc/bind/db.192</filename>."
22894
msgstr ""
22895
22896
#: serverguide/C/dns.xml:249(para)
22897
msgid ""
22898
"After creating the reverse zone file restart "
22899
"<application>BIND9</application>:"
22900
msgstr ""
22901
22902
#: serverguide/C/dns.xml:258(title)
22903
msgid "Secondary Master"
22904
msgstr ""
22905
22906
#: serverguide/C/dns.xml:259(para)
22907
msgid ""
22908
"Once a <emphasis>Primary Master</emphasis> has been configured a "
22909
"<emphasis>Secondary Master</emphasis> is needed in order to maintain the "
22910
"availability of the domain should the Primary become unavailable."
22911
msgstr ""
22912
22913
#: serverguide/C/dns.xml:263(para)
22914
msgid ""
22915
"First, on the Primary Master server, the zone transfer needs to be allowed. "
22916
"Add the <emphasis>allow-transfer</emphasis> option to the example Forward "
22917
"and Reverse zone definitions in "
22918
"<filename>/etc/bind/named.conf.local</filename>:"
22919
msgstr ""
22920
22921
#: serverguide/C/dns.xml:267(programlisting)
22922
#, no-wrap
22923
msgid ""
22924
"\n"
22925
"zone \"example.com\" {\n"
22926
" type master;\n"
22927
"\tfile \"/etc/bind/db.example.com\";\n"
22928
" allow-transfer { 192.168.1.11; };\n"
22929
"};\n"
22930
"\n"
22931
"zone \"1.168.192.in-addr.arpa\" {\n"
22932
" type master;\n"
22933
" notify no;\n"
22934
" file \"/etc/bind/db.192\";\n"
22935
"\tallow-transfer { 192.168.1.11; };\n"
22936
"};\n"
22937
msgstr ""
22938
22939
#: serverguide/C/dns.xml:282(para)
22940
msgid ""
22941
"Replace <emphasis>192.168.1.11</emphasis> with the IP Address of your "
22942
"Secondary nameserver."
22943
msgstr ""
22944
22945
#: serverguide/C/dns.xml:286(para)
22946
msgid ""
22947
"Next, on the Secondary Master, install the <application>bind9</application> "
22948
"package the same way as on the Primary. Then edit the "
22949
"<filename>/etc/bind/named.conf.local</filename> and add the following "
22950
"declarations for the Forward and Reverse zones:"
22951
msgstr ""
22952
22953
#: serverguide/C/dns.xml:290(programlisting)
22954
#, no-wrap
22955
msgid ""
22956
"\n"
22957
"zone \"example.com\" {\n"
22958
"\ttype slave;\n"
22959
" file \"/var/cache/bind/db.example.com\";\n"
22960
" masters { 192.168.1.10; };\n"
22961
"}; \n"
22962
" \n"
22963
"zone \"1.168.192.in-addr.arpa\" {\n"
22964
"\ttype slave;\n"
22965
" file \"/var/cache/bind/db.192\";\n"
22966
" masters { 192.168.1.10; };\n"
22967
"};\n"
22968
msgstr ""
22969
22970
#: serverguide/C/dns.xml:304(para)
22971
msgid ""
22972
"Replace <emphasis>192.168.1.10</emphasis> with the IP Address of your "
22973
"Primary nameserver."
22974
msgstr ""
22975
22976
#: serverguide/C/dns.xml:308(para)
22977
msgid "Restart <application>BIND9</application> on the Secondary Master:"
22978
msgstr ""
22979
22980
#: serverguide/C/dns.xml:314(para)
22981
msgid ""
22982
"In <filename>/var/log/syslog</filename> you should see something similar to:"
22983
msgstr ""
22984
22985
#: serverguide/C/dns.xml:317(programlisting)
22986
#, no-wrap
22987
msgid ""
22988
"\n"
22989
"slave zone \"example.com\" (IN) loaded (serial 6)\n"
22990
"slave zone \"100.18.172.in-addr.arpa\" (IN) loaded (serial 3)\n"
22991
msgstr ""
22992
22993
#: serverguide/C/dns.xml:322(para)
22994
msgid ""
22995
"Note: A zone is only transferred if the <emphasis>Serial Number</emphasis> "
22996
"on the Primary is larger than the one on the Secondary."
22997
msgstr ""
22998
22999
#: serverguide/C/dns.xml:328(para)
23000
msgid ""
23001
"The default directory for non-authoritative zone files is "
23002
"<filename>/var/cache/bind/</filename>. This directory is also configured in "
23003
"<application>AppArmor</application> to allow the "
23004
"<application>named</application> daemon to write to. For more information on "
23005
"AppArmor see <xref linkend=\"apparmor\"/>."
23006
msgstr ""
23007
23008
#: serverguide/C/dns.xml:339(para)
23009
msgid ""
23010
"This section covers ways to help determine the cause when problems happen "
23011
"with DNS and <application>BIND9</application>."
23012
msgstr ""
23013
23014
#: serverguide/C/dns.xml:345(title)
23015
msgid "resolv.conf"
23016
msgstr ""
23017
23018
#: serverguide/C/dns.xml:346(para)
23019
msgid ""
23020
"The first step in testing <application>BIND9</application> is to add the "
23021
"nameserver's IP Address to a hosts resolver. The Primary nameserver should "
23022
"be configured as well as another host to double check things. Simply edit "
23023
"<filename>/etc/resolv.conf</filename> and add the following:"
23024
msgstr ""
23025
23026
#: serverguide/C/dns.xml:351(programlisting)
23027
#, no-wrap
23028
msgid ""
23029
"\n"
23030
"nameserver\t192.168.1.10\n"
23031
"nameserver\t192.168.1.11\n"
23032
msgstr ""
23033
23034
#: serverguide/C/dns.xml:356(para)
23035
msgid ""
23036
"You should also add the IP Address of the Secondary nameserver in case the "
23037
"Primary becomes unavailable."
23038
msgstr ""
23039
23040
#: serverguide/C/dns.xml:362(title)
23041
msgid "dig"
23042
msgstr ""
23043
23044
#: serverguide/C/dns.xml:363(para)
23045
msgid ""
23046
"If you installed the <application>dnsutils</application> package you can "
23047
"test your setup using the DNS lookup utility <application>dig</application>:"
23048
msgstr ""
23049
23050
#: serverguide/C/dns.xml:369(para)
23051
msgid ""
23052
"After installing <application>BIND9</application> use "
23053
"<application>dig</application> against the loopback interface to make sure "
23054
"it is listening on port 53. From a terminal prompt:"
23055
msgstr ""
23056
23057
#: serverguide/C/dns.xml:374(command)
23058
msgid "dig -x 127.0.0.1"
23059
msgstr ""
23060
23061
#: serverguide/C/dns.xml:376(para)
23062
msgid "You should see lines similar to the following in the command output:"
23063
msgstr ""
23064
23065
#: serverguide/C/dns.xml:379(programlisting)
23066
#, no-wrap
23067
msgid ""
23068
"\n"
23069
";; Query time: 1 msec\n"
23070
";; SERVER: 192.168.1.10#53(192.168.1.10)\n"
23071
msgstr ""
23072
23073
#: serverguide/C/dns.xml:385(para)
23074
msgid ""
23075
"If you have configured <application>BIND9</application> as a "
23076
"<emphasis>Caching</emphasis> nameserver \"dig\" an outside domain to check "
23077
"the query time:"
23078
msgstr ""
23079
23080
#: serverguide/C/dns.xml:390(command)
23081
msgid "dig ubuntu.com"
23082
msgstr ""
23083
23084
#: serverguide/C/dns.xml:392(para)
23085
msgid "Note the query time toward the end of the command output:"
23086
msgstr ""
23087
23088
#: serverguide/C/dns.xml:395(programlisting)
23089
#, no-wrap
23090
msgid ""
23091
"\n"
23092
";; Query time: 49 msec\n"
23093
msgstr ""
23094
23095
#: serverguide/C/dns.xml:398(para)
23096
msgid "After a second dig there should be improvement:"
23097
msgstr ""
23098
23099
#: serverguide/C/dns.xml:401(programlisting)
23100
#, no-wrap
23101
msgid ""
23102
"\n"
23103
";; Query time: 1 msec\n"
23104
msgstr ""
23105
23106
#: serverguide/C/dns.xml:408(title)
23107
msgid "ping"
23108
msgstr ""
23109
23110
#: serverguide/C/dns.xml:410(para)
23111
msgid ""
23112
"Now to demonstrate how applications make use of DNS to resolve a host name "
23113
"use the <application>ping</application> utility to send an ICMP echo "
23114
"request. From a terminal prompt enter:"
23115
msgstr ""
23116
23117
#: serverguide/C/dns.xml:416(command)
23118
msgid "ping example.com"
23119
msgstr ""
23120
23121
#: serverguide/C/dns.xml:418(para)
23122
msgid ""
23123
"This tests if the nameserver can resolve the name "
23124
"<emphasis>ns.example.com</emphasis> to an IP Address. The command output "
23125
"should resemble:"
23126
msgstr ""
23127
23128
#: serverguide/C/dns.xml:422(programlisting)
23129
#, no-wrap
23130
msgid ""
23131
"\n"
23132
"PING ns.example.com (192.168.1.10) 56(84) bytes of data.\n"
23133
"64 bytes from 192.168.1.10: icmp_seq=1 ttl=64 time=0.800 ms\n"
23134
"64 bytes from 192.168.1.10: icmp_seq=2 ttl=64 time=0.813 ms\n"
23135
msgstr ""
23136
23137
#: serverguide/C/dns.xml:429(title)
23138
msgid "named-checkzone"
23139
msgstr ""
23140
23141
#: serverguide/C/dns.xml:430(para)
23142
msgid ""
23143
"A great way to test your zone files is by using the <application>named-"
23144
"checkzone</application> utility installed with the "
23145
"<application>bind9</application> package. This utility allows you to make "
23146
"sure the configuration is correct before restarting "
23147
"<application>BIND9</application> and making the changes live."
23148
msgstr ""
23149
23150
#: serverguide/C/dns.xml:437(para)
23151
msgid ""
23152
"To test our example Forward zone file enter the following from a command "
23153
"prompt:"
23154
msgstr ""
23155
23156
#: serverguide/C/dns.xml:441(command)
23157
msgid "named-checkzone example.com /etc/bind/db.example.com"
23158
msgstr ""
23159
23160
#: serverguide/C/dns.xml:443(para)
23161
msgid ""
23162
"If everything is configured correctly you should see output similar to:"
23163
msgstr ""
23164
23165
#: serverguide/C/dns.xml:446(programlisting)
23166
#, no-wrap
23167
msgid ""
23168
"\n"
23169
"zone example.com/IN: loaded serial 6\n"
23170
"OK\n"
23171
msgstr ""
23172
23173
#: serverguide/C/dns.xml:452(para)
23174
msgid "Similarly, to test the Reverse zone file enter the following:"
23175
msgstr ""
23176
23177
#: serverguide/C/dns.xml:456(command)
23178
msgid "named-checkzone example.com /etc/bind/db.192"
23179
msgstr ""
23180
23181
#: serverguide/C/dns.xml:458(para)
23182
msgid "The output should be similar to:"
23183
msgstr ""
23184
23185
#: serverguide/C/dns.xml:461(programlisting)
23186
#, no-wrap
23187
msgid ""
23188
"\n"
23189
"zone example.com/IN: loaded serial 3\n"
23190
"OK\n"
23191
msgstr ""
23192
23193
#: serverguide/C/dns.xml:468(para)
23194
msgid ""
23195
"The <emphasis>Serial Number</emphasis> of your zone file will probably be "
23196
"different."
23197
msgstr ""
23198
23199
#: serverguide/C/dns.xml:475(title)
23200
msgid "Logging"
23201
msgstr ""
23202
23203
#: serverguide/C/dns.xml:476(para)
23204
msgid ""
23205
"<application>BIND9</application> has a wide variety of logging configuration "
23206
"options available. There are two main options. The "
23207
"<emphasis>channel</emphasis> option configures where logs go, and the "
23208
"<emphasis>category</emphasis> option determines what information to log."
23209
msgstr ""
23210
23211
#: serverguide/C/dns.xml:480(para)
23212
msgid "If no logging option is configured the default option is:"
23213
msgstr ""
23214
23215
#: serverguide/C/dns.xml:483(programlisting)
23216
#, no-wrap
23217
msgid ""
23218
"\n"
23219
"logging {\n"
23220
" category default { default_syslog; default_debug; };\n"
23221
" category unmatched { null; };\n"
23222
"};\n"
23223
msgstr ""
23224
23225
#: serverguide/C/dns.xml:489(para)
23226
msgid ""
23227
"This section covers configuring <application>BIND9</application> to send "
23228
"<emphasis>debug</emphasis> messages related to DNS queries to a separate "
23229
"file."
23230
msgstr ""
23231
23232
#: serverguide/C/dns.xml:494(para)
23233
msgid ""
23234
"First, we need to configure a channel to specify which file to send the "
23235
"messages to. Edit <filename>/etc/bind/named.conf.local</filename> and add "
23236
"the following:"
23237
msgstr ""
23238
23239
#: serverguide/C/dns.xml:498(programlisting)
23240
#, no-wrap
23241
msgid ""
23242
"\n"
23243
"logging {\n"
23244
" channel query.log { \n"
23245
" file \"/var/log/query.log\";\n"
23246
" severity debug 3; \n"
23247
" }; \n"
23248
"};\n"
23249
msgstr ""
23250
23251
#: serverguide/C/dns.xml:508(para)
23252
msgid "Next, configure a category to send all DNS queries to the query file:"
23253
msgstr ""
23254
23255
#: serverguide/C/dns.xml:511(programlisting)
23256
#, no-wrap
23257
msgid ""
23258
"\n"
23259
"logging {\n"
23260
" channel query.log { \n"
23261
" file \"/var/log/query.log\"; \n"
23262
" severity debug 3; \n"
23263
" }; \n"
23264
" <emphasis>category queries { query.log; };</emphasis> \n"
23265
"};\n"
23266
msgstr ""
23267
23268
#: serverguide/C/dns.xml:523(para)
23269
msgid ""
23270
"Note: the <emphasis>debug</emphasis> option can be set from 1 to 3. If a "
23271
"level isn't specified level 1 is the default."
23272
msgstr ""
23273
23274
#: serverguide/C/dns.xml:529(para)
23275
msgid ""
23276
"Since the <emphasis>named daemon</emphasis> runs as the "
23277
"<emphasis>bind</emphasis> user the <filename>/var/log/query.log</filename> "
23278
"file must be created and the ownership changed:"
23279
msgstr ""
23280
23281
#: serverguide/C/dns.xml:534(command)
23282
msgid "sudo touch /var/log/query.log"
23283
msgstr ""
23284
23285
#: serverguide/C/dns.xml:535(command)
23286
msgid "sudo chown bind /var/log/query.log"
23287
msgstr ""
23288
23289
#: serverguide/C/dns.xml:539(para)
23290
msgid ""
23291
"Before <application>named</application> daemon can write to the new log file "
23292
"the <application>AppArmor</application> profile must be updated. First, edit "
23293
"<filename>/etc/apparmor.d/usr.sbin.named</filename> and add:"
23294
msgstr ""
23295
23296
#: serverguide/C/dns.xml:543(programlisting)
23297
#, no-wrap
23298
msgid ""
23299
"\n"
23300
"/var/log/query.log w,\n"
23301
msgstr ""
23302
23303
#: serverguide/C/dns.xml:546(para)
23304
msgid "Next, reload the profile:"
23305
msgstr ""
23306
23307
#: serverguide/C/dns.xml:550(command)
23308
msgid "cat /etc/apparmor.d/usr.sbin.named | sudo apparmor_parser -r"
23309
msgstr ""
23310
23311
#: serverguide/C/dns.xml:552(para)
23312
msgid ""
23313
"For more information on <application>AppArmor</application> see <xref "
23314
"linkend=\"apparmor\"/>"
23315
msgstr ""
23316
23317
#: serverguide/C/dns.xml:557(para)
23318
msgid ""
23319
"Now restart <application>BIND9</application> for the changes to take effect:"
23320
msgstr ""
23321
23322
#: serverguide/C/dns.xml:565(para)
23323
msgid ""
23324
"You should see the file <filename>/var/log/query.log</filename> fill with "
23325
"query information. This is a simple example of the "
23326
"<application>BIND9</application> logging options. For coverage of advanced "
23327
"options see <xref linkend=\"dns-more-info\"/>."
23328
msgstr ""
23329
23330
#: serverguide/C/dns.xml:574(title)
23331
msgid "Common Record Types"
23332
msgstr ""
23333
23334
#: serverguide/C/dns.xml:575(para)
23335
msgid "This section covers some of the most common DNS record types."
23336
msgstr ""
23337
23338
#: serverguide/C/dns.xml:580(para)
23339
msgid ""
23340
"<emphasis>A</emphasis> record: This record maps an IP Address to a hostname."
23341
msgstr ""
23342
23343
#: serverguide/C/dns.xml:583(programlisting)
23344
#, no-wrap
23345
msgid ""
23346
"\n"
23347
"www IN A 192.168.1.12\n"
23348
msgstr ""
23349
23350
#: serverguide/C/dns.xml:588(para)
23351
msgid ""
23352
"<emphasis>CNAME</emphasis> record: Used to create an alias to an existing A "
23353
"record. You cannot create a CNAME record pointing to another CNAME record."
23354
msgstr ""
23355
23356
#: serverguide/C/dns.xml:591(programlisting)
23357
#, no-wrap
23358
msgid ""
23359
"\n"
23360
"web IN CNAME www\n"
23361
msgstr ""
23362
23363
#: serverguide/C/dns.xml:596(para)
23364
msgid ""
23365
"<emphasis>MX</emphasis> record: Used to define where email should be sent "
23366
"to. Must point to an A record, not a CNAME."
23367
msgstr ""
23368
23369
#: serverguide/C/dns.xml:599(programlisting)
23370
#, no-wrap
23371
msgid ""
23372
"\n"
23373
" IN MX 1 mail.example.com.\n"
23374
"mail IN A 192.168.1.13\n"
23375
msgstr ""
23376
23377
#: serverguide/C/dns.xml:605(para)
23378
msgid ""
23379
"<emphasis>NS</emphasis> record: Used to define which servers serve copies of "
23380
"a zone. It must point to an A record, not a CNAME. This is where Primary and "
23381
"Secondary servers are defined."
23382
msgstr ""
23383
23384
#: serverguide/C/dns.xml:609(programlisting)
23385
#, no-wrap
23386
msgid ""
23387
"\n"
23388
" IN NS ns.example.com.\n"
23389
"\tIN NS ns2.example.com.\n"
23390
"ns IN A 192.168.1.10\n"
23391
"ns2\tIN A\t 192.168.1.11\n"
23392
msgstr ""
23393
23394
#: serverguide/C/dns.xml:622(para)
23395
msgid ""
23396
"The <ulink url=\"http://www.tldp.org/HOWTO/DNS-HOWTO.html\">DNS "
23397
"HOWTO</ulink> explains more advanced options for configuring BIND9."
23398
msgstr ""
23399
23400
#: serverguide/C/dns.xml:627(para)
23401
msgid ""
23402
"For in depth coverage of <emphasis>DNS</emphasis> and "
23403
"<application>BIND9</application> see <ulink "
23404
"url=\"http://www.bind9.net/\">Bind9.net</ulink>."
23405
msgstr ""
23406
23407
#: serverguide/C/dns.xml:632(para)
23408
msgid ""
23409
"<ulink url=\"http://www.oreilly.com/catalog/dns5/index.html\">DNS and "
23410
"BIND</ulink> is a popular book now in it's fifth edition."
23411
msgstr ""
23412
23413
#: serverguide/C/dns.xml:637(para)
23414
msgid ""
23415
"A great place to ask for <application>BIND9</application> assistance, and "
23416
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
23417
"server</emphasis> IRC channel on <ulink "
23418
"url=\"http://freenode.net\">freenode</ulink>."
23419
msgstr ""
23420
23421
#: serverguide/C/dns.xml:643(para)
23422
msgid ""
23423
"Also, see the <ulink "
23424
"url=\"https://help.ubuntu.com/community/BIND9ServerHowto\">BIND9 Server "
23425
"HOWTO</ulink> in the Ubuntu Wiki."
23426
msgstr ""
23427
23428
#: serverguide/C/databases.xml:13(title)
23429
msgid "Databases"
23430
msgstr ""
23431
23432
#: serverguide/C/databases.xml:14(para)
23433
msgid "Ubuntu provides two popular database servers. They are:"
23434
msgstr ""
23435
23436
#: serverguide/C/databases.xml:22(application) serverguide/C/databases.xml:157(title)
23437
msgid "PostgreSQL"
23438
msgstr ""
23439
23440
#: serverguide/C/databases.xml:25(para)
23441
msgid ""
23442
"They are available in the main repository. This section explains how to "
23443
"install and configure these database servers."
23444
msgstr ""
23445
23446
#: serverguide/C/databases.xml:32(para)
23447
msgid ""
23448
"MySQL is a fast, multi-threaded, multi-user, and robust SQL database server. "
23449
"It is intended for mission-critical, heavy-load production systems as well "
23450
"as for embedding into mass-deployed software."
23451
msgstr ""
23452
23453
#: serverguide/C/databases.xml:41(para)
23454
msgid "To install MySQL, run the following command from a terminal prompt:"
23455
msgstr ""
23456
23457
#: serverguide/C/databases.xml:46(command)
23458
msgid "sudo apt-get install mysql-server"
23459
msgstr ""
23460
23461
#: serverguide/C/databases.xml:48(para)
23462
msgid ""
23463
"During the installation process you will be prompted to enter a password for "
23464
"the <application>MySQL</application> root user."
23465
msgstr ""
23466
23467
#: serverguide/C/databases.xml:53(para)
23468
msgid ""
23469
"Once the installation is complete, the MySQL server should be started "
23470
"automatically. You can run the following command from a terminal prompt to "
23471
"check whether the MySQL server is running:"
23472
msgstr ""
23473
23474
#: serverguide/C/databases.xml:61(command)
23475
msgid "sudo netstat -tap | grep mysql"
23476
msgstr ""
23477
23478
#: serverguide/C/databases.xml:70(programlisting)
23479
#, no-wrap
23480
msgid ""
23481
"\n"
23482
"tcp 0 0 localhost:mysql *:* LISTEN "
23483
" 2556/mysqld\n"
23484
msgstr ""
23485
23486
#: serverguide/C/databases.xml:74(para)
23487
msgid ""
23488
"If the server is not running correctly, you can type the following command "
23489
"to start it:"
23490
msgstr ""
23491
23492
#: serverguide/C/databases.xml:79(command) serverguide/C/databases.xml:104(command)
23493
msgid "sudo /etc/init.d/mysql restart"
23494
msgstr ""
23495
23496
#: serverguide/C/databases.xml:85(para)
23497
msgid ""
23498
"You can edit the <filename>/etc/mysql/my.cnf</filename> file to configure "
23499
"the basic settings -- log file, port number, etc. For example, to configure "
23500
"<application>MySQL</application> to listen for connections from network "
23501
"hosts, change the <emphasis>bind-address</emphasis> directive to the "
23502
"server's IP address:"
23503
msgstr ""
23504
23505
#: serverguide/C/databases.xml:91(programlisting)
23506
#, no-wrap
23507
msgid ""
23508
"\n"
23509
"bind-address = 192.168.0.5\n"
23510
msgstr ""
23511
23512
#: serverguide/C/databases.xml:95(para)
23513
msgid "Replace 192.168.0.5 with the appropriate address."
23514
msgstr ""
23515
23516
#: serverguide/C/databases.xml:99(para)
23517
msgid ""
23518
"After making a change to <filename>/etc/mysql/my.cnf</filename> the "
23519
"<application>mysql</application> daemon will need to be restarted:"
23520
msgstr ""
23521
23522
#: serverguide/C/databases.xml:107(para)
23523
msgid ""
23524
"If you would like to change the "
23525
"<application>MySQL</application><emphasis>root</emphasis> password, in a "
23526
"terminal enter:"
23527
msgstr ""
23528
23529
#: serverguide/C/databases.xml:113(command)
23530
msgid "sudo dpkg-reconfigure mysql-server-5.1"
23531
msgstr ""
23532
23533
#: serverguide/C/databases.xml:116(para)
23534
msgid ""
23535
"The <application>mysql</application> daemon will be stopped, and you will be "
23536
"prompted to enter a new password."
23537
msgstr ""
23538
23539
#: serverguide/C/databases.xml:125(para)
23540
msgid ""
23541
"See the <ulink url=\"http://www.mysql.com/\">MySQL Home Page</ulink> for "
23542
"more information."
23543
msgstr ""
23544
23545
#: serverguide/C/databases.xml:130(para)
23546
msgid ""
23547
"The <emphasis>MySQL Handbook</emphasis> is also available in the "
23548
"<application>mysql-doc-5.0</application> package. To install the package "
23549
"enter the following in a terminal:"
23550
msgstr ""
23551
23552
#: serverguide/C/databases.xml:135(command)
23553
msgid "sudo apt-get install mysql-doc-5.0"
23554
msgstr ""
23555
23556
#: serverguide/C/databases.xml:137(para)
23557
msgid ""
23558
"The documentation is in HTML format, to view them enter "
23559
"<command>file:///usr/share/doc/mysql-doc-5.0/refman-5.0-en.html-"
23560
"chapter/index.html</command> in your browser's address bar."
23561
msgstr ""
23562
23563
#: serverguide/C/databases.xml:143(para) serverguide/C/databases.xml:290(para)
23564
msgid ""
23565
"For general SQL information see <ulink "
23566
"url=\"http://www.informit.com/store/product.aspx?isbn=0768664128\">Using SQL "
23567
"Special Edition</ulink> by Rafe Colburn."
23568
msgstr ""
23569
23570
#: serverguide/C/databases.xml:149(para)
23571
msgid ""
23572
"The <ulink url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache "
23573
"MySQL PHP Ubuntu Wiki</ulink> page also has useful information."
23574
msgstr ""
23575
23576
#: serverguide/C/databases.xml:158(para)
23577
msgid ""
23578
"PostgreSQL is an object-relational database system that has the features of "
23579
"traditional commercial database systems with enhancements to be found in "
23580
"next-generation DBMS systems."
23581
msgstr ""
23582
23583
#: serverguide/C/databases.xml:165(para)
23584
msgid ""
23585
"To install PostgreSQL, run the following command in the command prompt:"
23586
msgstr ""
23587
23588
#: serverguide/C/databases.xml:172(command)
23589
msgid "sudo apt-get install postgresql"
23590
msgstr ""
23591
23592
#: serverguide/C/databases.xml:176(para)
23593
msgid ""
23594
"Once the installation is complete, you should configure the PostgreSQL "
23595
"server based on your needs, although the default configuration is viable."
23596
msgstr ""
23597
23598
#: serverguide/C/databases.xml:184(para)
23599
msgid ""
23600
"By default, connection via TCP/IP is disabled. PostgreSQL supports multiple "
23601
"client authentication methods. By default, IDENT authentication method is "
23602
"used for <application>postgres</application> and local users. Please refer "
23603
"<ulink url=\"http://www.postgresql.org/docs/8.4/static/admin.html\"> the "
23604
"PostgreSQL Administrator's Guide</ulink>."
23605
msgstr ""
23606
23607
#: serverguide/C/databases.xml:191(para)
23608
msgid ""
23609
"The following discussion assumes that you wish to enable TCP/IP connections "
23610
"and use the MD5 method for client authentication. PostgreSQL configuration "
23611
"files are stored in the "
23612
"<filename>/etc/postgresql/<version>/main</filename> directory. For "
23613
"example, if you install PostgreSQL 8.4, the configuration files are stored "
23614
"in the <filename>/etc/postgresql/8.4/main</filename> directory."
23615
msgstr ""
23616
23617
#: serverguide/C/databases.xml:201(para)
23618
msgid ""
23619
"To configure <emphasis>ident</emphasis> authentication, add entries to the "
23620
"<filename>/etc/postgresql/8.4/main/pg_ident.conf</filename> file."
23621
msgstr ""
23622
23623
#: serverguide/C/databases.xml:208(para)
23624
msgid ""
23625
"To enable TCP/IP connections, edit the file "
23626
"<filename>/etc/postgresql/8.4/main/postgresql.conf</filename>"
23627
msgstr ""
23628
23629
#: serverguide/C/databases.xml:210(para)
23630
msgid ""
23631
"Locate the line <emphasis>#listen_addresses = 'localhost'</emphasis> and "
23632
"change it to:"
23633
msgstr ""
23634
23635
#: serverguide/C/databases.xml:213(programlisting)
23636
#, no-wrap
23637
msgid ""
23638
"\n"
23639
"listen_addresses = 'localhost'\n"
23640
msgstr ""
23641
23642
#: serverguide/C/databases.xml:217(para)
23643
msgid ""
23644
"To allow other computers to connect to your "
23645
"<application>PostgreSQL</application> server replace 'localhost' with the "
23646
"<emphasis>IP Address</emphasis> of your server."
23647
msgstr ""
23648
23649
#: serverguide/C/databases.xml:222(para)
23650
msgid ""
23651
"You may also edit all other parameters, if you know what you are doing! For "
23652
"details, refer to the configuration file or to the PostgreSQL documentation."
23653
msgstr ""
23654
23655
#: serverguide/C/databases.xml:227(para)
23656
msgid ""
23657
"Now that we can connect to our <application>PostgreSQL</application> server, "
23658
"the next step is to set a password for the <emphasis>postgres</emphasis> "
23659
"user. Run the following command at a terminal prompt to connect to the "
23660
"default PostgreSQL template database:"
23661
msgstr ""
23662
23663
#: serverguide/C/databases.xml:234(command)
23664
msgid "sudo -u postgres psql template1"
23665
msgstr ""
23666
23667
#: serverguide/C/databases.xml:236(para)
23668
msgid ""
23669
"The above command connects to PostgreSQL database "
23670
"<emphasis>template1</emphasis> as user <emphasis>postgres</emphasis>. Once "
23671
"you connect to the PostgreSQL server, you will be at a SQL prompt. You can "
23672
"run the following SQL command at the <application>psql</application> prompt "
23673
"to configure the password for the user <emphasis "
23674
"role=\"italics\">postgres</emphasis>."
23675
msgstr ""
23676
23677
#: serverguide/C/databases.xml:244(command)
23678
msgid "ALTER USER postgres with encrypted password 'your_password';"
23679
msgstr ""
23680
23681
#: serverguide/C/databases.xml:246(para)
23682
msgid ""
23683
"After configuring the password, edit the file "
23684
"<filename>/etc/postgresql/8.4/main/pg_hba.conf</filename> to use "
23685
"<emphasis>MD5</emphasis> authentication with the "
23686
"<emphasis>postgres</emphasis> user:"
23687
msgstr ""
23688
23689
#: serverguide/C/databases.xml:252(programlisting)
23690
#, no-wrap
23691
msgid ""
23692
"\n"
23693
"local all postgres md5\n"
23694
msgstr ""
23695
23696
#: serverguide/C/databases.xml:256(para)
23697
msgid ""
23698
"Finally, you should restart the <application>PostgreSQL</application> "
23699
"service to initialize the new configuration. From a terminal prompt enter "
23700
"the following to restart <application>PostgreSQL</application>:"
23701
msgstr ""
23702
23703
#: serverguide/C/databases.xml:262(command)
23704
msgid "sudo /etc/init.d/postgresql-8.4 restart"
23705
msgstr ""
23706
23707
#: serverguide/C/databases.xml:265(para)
23708
msgid ""
23709
"The above configuration is not complete by any means. Please refer <ulink "
23710
"url=\"http://www.postgresql.org/docs/8.4/static/admin.html\"> the PostgreSQL "
23711
"Administrator's Guide</ulink> to configure more parameters."
23712
msgstr ""
23713
23714
#: serverguide/C/databases.xml:276(para)
23715
msgid ""
23716
"As mentioned above the <ulink "
23717
"url=\"http://www.postgresql.org/docs/8.4/static/admin.html\">Administrator's "
23718
"Guide</ulink> is an excellent resource. The guide is also available in the "
23719
"<application>postgresql-doc-8.4</application> package. Execute the following "
23720
"in a terminal to install the package:"
23721
msgstr ""
23722
23723
#: serverguide/C/databases.xml:282(command)
23724
msgid "sudo apt-get install postgresql-doc-8.4"
23725
msgstr ""
23726
23727
#: serverguide/C/databases.xml:284(para)
23728
msgid ""
23729
"To view the guide enter <command>file:///usr/share/doc/postgresql-doc-"
23730
"8.4/html/index.html</command> into the address bar of your browser."
23731
msgstr ""
23732
23733
#: serverguide/C/databases.xml:296(para)
23734
msgid ""
23735
"Also, see the <ulink "
23736
"url=\"https://help.ubuntu.com/community/PostgreSQL\">PostgreSQL Ubuntu "
23737
"Wiki</ulink> page for more information."
23738
msgstr ""
23739
23740
#: serverguide/C/clustering.xml:13(title)
23741
msgid "Clustering"
23742
msgstr ""
23743
23744
#: serverguide/C/clustering.xml:16(title)
23745
msgid "DRBD"
23746
msgstr ""
23747
23748
#: serverguide/C/clustering.xml:18(para)
23749
msgid ""
23750
"Distributed Replicated Block Device (DRBD) mirrors block devices between "
23751
"multiple hosts. The replication is transparent to other applications on the "
23752
"host systems. Any block device hard disks, partitions, RAID devices, logical "
23753
"volumes, etc can be mirrored."
23754
msgstr ""
23755
23756
#: serverguide/C/clustering.xml:24(para)
23757
msgid ""
23758
"To get started using <application>drbd</application>, first install the "
23759
"necessary packages. From a terminal enter:"
23760
msgstr ""
23761
23762
#: serverguide/C/clustering.xml:29(command)
23763
msgid "sudo apt-get install drbd8-utils"
23764
msgstr ""
23765
23766
#: serverguide/C/clustering.xml:33(para)
23767
msgid ""
23768
"If you are using the <emphasis>virtual kernel</emphasis> as part of a "
23769
"virtual machine you will need to manually compile the "
23770
"<application>drbd</application> module. It may be easier to install the "
23771
"<application>linux-server</application> package inside the virtual machine."
23772
msgstr ""
23773
23774
#: serverguide/C/clustering.xml:40(para)
23775
msgid ""
23776
"This section covers setting up a <application>drbd</application> to "
23777
"replicate a separate <filename>/srv</filename> partition, with an "
23778
"<application>ext3</application> filesystem between two hosts. The partition "
23779
"size is not particularly relevant, but both partitions need to be the same "
23780
"size."
23781
msgstr ""
23782
23783
#: serverguide/C/clustering.xml:49(para)
23784
msgid ""
23785
"The two hosts in this example will be called <emphasis>drbd01</emphasis> and "
23786
"<emphasis>drbd02</emphasis>. They will need to have name resolution "
23787
"configured either through DNS or the <filename>/etc/hosts</filename> file. "
23788
"See <xref linkend=\"dns\"/> for details."
23789
msgstr ""
23790
23791
#: serverguide/C/clustering.xml:57(para)
23792
msgid ""
23793
"To configure <application>drbd</application>, on the first host edit "
23794
"<filename>/etc/drbd.conf</filename>:"
23795
msgstr ""
23796
23797
#: serverguide/C/clustering.xml:61(programlisting)
23798
#, no-wrap
23799
msgid ""
23800
"\n"
23801
"global { usage-count no; }\n"
23802
"common { syncer { rate 100M; } }\n"
23803
"resource r0 {\n"
23804
" protocol C;\n"
23805
" startup {\n"
23806
" wfc-timeout 15;\n"
23807
" degr-wfc-timeout 60;\n"
23808
" }\n"
23809
" net {\n"
23810
" cram-hmac-alg sha1;\n"
23811
" shared-secret \"secret\";\n"
23812
" }\n"
23813
" on drbd01 {\n"
23814
" device /dev/drbd0;\n"
23815
" disk /dev/sdb1;\n"
23816
" address 192.168.0.1:7788;\n"
23817
" meta-disk internal;\n"
23818
" }\n"
23819
" on drbd02 {\n"
23820
" device /dev/drbd0;\n"
23821
" disk /dev/sdb1;\n"
23822
" address 192.168.0.2:7788;\n"
23823
" meta-disk internal;\n"
23824
" }\n"
23825
"} \n"
23826
msgstr ""
23827
23828
#: serverguide/C/clustering.xml:90(para)
23829
msgid ""
23830
"There are many other options in <filename>/etc/drbd.conf</filename>, but for "
23831
"this example their default values are fine."
23832
msgstr ""
23833
23834
#: serverguide/C/clustering.xml:98(para)
23835
msgid "Now copy <filename>/etc/drbd.conf</filename> to the second host:"
23836
msgstr ""
23837
23838
#: serverguide/C/clustering.xml:103(command)
23839
msgid "scp /etc/drbd.conf drbd02:~"
23840
msgstr ""
23841
23842
#: serverguide/C/clustering.xml:109(para)
23843
msgid ""
23844
"And, on <emphasis>drbd02</emphasis> move the file to "
23845
"<filename>/etc</filename>:"
23846
msgstr ""
23847
23848
#: serverguide/C/clustering.xml:114(command)
23849
msgid "sudo mv drbd.conf /etc/"
23850
msgstr ""
23851
23852
#: serverguide/C/clustering.xml:120(para)
23853
msgid ""
23854
"Next, on both hosts, start the <application>drbd</application> daemon:"
23855
msgstr ""
23856
23857
#: serverguide/C/clustering.xml:125(command)
23858
msgid "sudo /etc/init.d/drbd start"
23859
msgstr ""
23860
23861
#: serverguide/C/clustering.xml:131(para)
23862
msgid ""
23863
"Now using the <application>drbdadm</application> utility initialize the meta "
23864
"data storage. On each server execute:"
23865
msgstr ""
23866
23867
#: serverguide/C/clustering.xml:137(command)
23868
msgid "sudo drbdadm create-md r0"
23869
msgstr ""
23870
23871
#: serverguide/C/clustering.xml:143(para)
23872
msgid ""
23873
"On the <emphasis>drbd01</emphasis>, or whichever host you wish to be the "
23874
"primary, enter the following:"
23875
msgstr ""
23876
23877
#: serverguide/C/clustering.xml:148(command)
23878
msgid "sudo drbdadm -- --overwrite-data-of-peer primary all"
23879
msgstr ""
23880
23881
#: serverguide/C/clustering.xml:154(para)
23882
msgid ""
23883
"After executing the above command, the data will start syncing with the "
23884
"secondary host. To watch the progresss, on <emphasis>drbd02</emphasis> enter "
23885
"the following:"
23886
msgstr ""
23887
23888
#: serverguide/C/clustering.xml:160(command)
23889
msgid "watch -n1 cat /proc/drbd"
23890
msgstr ""
23891
23892
#: serverguide/C/clustering.xml:163(para)
23893
msgid "To stop watching the output press <emphasis>Ctrl+c</emphasis>."
23894
msgstr ""
23895
23896
#: serverguide/C/clustering.xml:170(para)
23897
msgid ""
23898
"Finally, add a filesystem to <filename>/dev/drbd0</filename> and mount it:"
23899
msgstr ""
23900
23901
#: serverguide/C/clustering.xml:175(command)
23902
msgid "sudo mkfs.ext3 /dev/drbd0"
23903
msgstr ""
23904
23905
#: serverguide/C/clustering.xml:176(command) serverguide/C/clustering.xml:224(command)
23906
msgid "sudo mount /dev/drbd0 /srv"
23907
msgstr ""
23908
23909
#: serverguide/C/clustering.xml:186(para)
23910
msgid ""
23911
"To test that the data is actually syncing between the hosts copy some files "
23912
"on the <emphasis>drbd01</emphasis>, the primary, to "
23913
"<filename>/srv</filename>:"
23914
msgstr ""
23915
23916
#: serverguide/C/clustering.xml:195(para)
23917
msgid "Next, unmount <filename>/srv</filename>:"
23918
msgstr ""
23919
23920
#: serverguide/C/clustering.xml:203(para)
23921
msgid ""
23922
"<emphasis>Demote</emphasis> the <emphasis>primary</emphasis> server to the "
23923
"<emphasis>secondary</emphasis> role:"
23924
msgstr ""
23925
23926
#: serverguide/C/clustering.xml:208(command)
23927
msgid "sudo drbdadm secondary r0"
23928
msgstr ""
23929
23930
#: serverguide/C/clustering.xml:211(para)
23931
msgid ""
23932
"Now on the <emphasis>secondary</emphasis> server "
23933
"<emphasis>promote</emphasis> it to the <emphasis>primary</emphasis> role:"
23934
msgstr ""
23935
23936
#: serverguide/C/clustering.xml:216(command)
23937
msgid "sudo drbdadm primary r0"
23938
msgstr ""
23939
23940
#: serverguide/C/clustering.xml:219(para)
23941
msgid "Lastly, mount the partition:"
23942
msgstr ""
23943
23944
#: serverguide/C/clustering.xml:227(para)
23945
msgid ""
23946
"Using <emphasis>ls</emphasis> you should see "
23947
"<filename>/srv/default</filename> copied from the former "
23948
"<emphasis>primary</emphasis> host <emphasis>drbd01</emphasis>."
23949
msgstr ""
23950
23951
#: serverguide/C/clustering.xml:238(para)
23952
msgid ""
23953
"For more information on <application>DRBD</application> see the <ulink "
23954
"url=\"http://www.drbd.org/\">DRBD web site</ulink>."
23955
msgstr ""
23956
23957
#: serverguide/C/clustering.xml:243(para)
23958
msgid ""
23959
"The <ulink "
23960
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man5/drbd.conf.5.html\">dr"
23961
"bd.conf man page</ulink> contains details on the options not covered in this "
23962
"guide."
23963
msgstr ""
23964
23965
#: serverguide/C/clustering.xml:249(para)
23966
msgid ""
23967
"Also, see the <ulink "
23968
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man8/drbdadm.8.html\">drbd"
23969
"adm man page</ulink>."
23970
msgstr ""
23971
23972
#: serverguide/C/clustering.xml:254(para)
23973
msgid ""
23974
"The <ulink url=\"https://help.ubuntu.com/community/DRBD\">DRBD Ubuntu "
23975
"Wiki</ulink> page also has more information."
23976
msgstr ""
23977
23978
#: serverguide/C/chat.xml:13(title)
23979
msgid "Chat Applications"
23980
msgstr ""
23981
23982
#: serverguide/C/chat.xml:19(para)
23983
msgid ""
23984
"In this section, we will discuss how to install and configure a IRC server, "
23985
"<application>ircd-irc2</application>. We will also discuss how to install "
23986
"and configure Jabber, an instance messaging server."
23987
msgstr ""
23988
23989
#: serverguide/C/chat.xml:28(title)
23990
msgid "IRC Server"
23991
msgstr ""
23992
23993
#: serverguide/C/chat.xml:30(para)
23994
msgid ""
23995
"The Ubuntu repository has many Internet Relay Chat servers. This section "
23996
"explains how to install and configure the original IRC server "
23997
"<application>ircd-irc2</application>."
23998
msgstr ""
23999
24000
#: serverguide/C/chat.xml:39(para)
24001
msgid ""
24002
"To install <application>ircd-irc2</application>, run the following command "
24003
"in the command prompt:"
24004
msgstr ""
24005
24006
#: serverguide/C/chat.xml:45(command)
24007
msgid "sudo apt-get install ircd-irc2"
24008
msgstr ""
24009
24010
#: serverguide/C/chat.xml:48(para)
24011
msgid ""
24012
"The configuration files are stored in <filename>/etc/ircd</filename> "
24013
"directory. The documents are available in <filename>/usr/share/doc/ircd-"
24014
"irc2</filename> directory."
24015
msgstr ""
24016
24017
#: serverguide/C/chat.xml:59(para)
24018
msgid ""
24019
"The IRC settings can be done in the configuration file "
24020
"<filename>/etc/ircd/ircd.conf</filename>. You can set the IRC host name in "
24021
"this file by editing the following line:"
24022
msgstr ""
24023
24024
#: serverguide/C/chat.xml:64(programlisting)
24025
#, no-wrap
24026
msgid ""
24027
"\n"
24028
"M:irc.localhost::Debian ircd default configuration::000A\n"
24029
msgstr ""
24030
24031
#: serverguide/C/chat.xml:68(para)
24032
msgid ""
24033
"Please make sure you add DNS aliases for the IRC host name. For instance, if "
24034
"you set irc.livecipher.com as IRC host name, please make sure "
24035
"irc.livecipher.com is resolvable in your Domain Name Server. The IRC host "
24036
"name should not be same as the host name."
24037
msgstr ""
24038
24039
#: serverguide/C/chat.xml:75(para)
24040
msgid ""
24041
"The IRC admin details can be configured by editting the following line:"
24042
msgstr ""
24043
24044
#: serverguide/C/chat.xml:80(programlisting)
24045
#, no-wrap
24046
msgid ""
24047
"\n"
24048
"A:Organization, IRC dept.:Daemon <ircd@example.irc.org>:Client "
24049
"Server::IRCnet:\n"
24050
msgstr ""
24051
24052
#: serverguide/C/chat.xml:84(para)
24053
msgid ""
24054
"You should add specific lines to configure the list of IRC ports to listen "
24055
"on, to configure Operator credentials, to configure client authentication, "
24056
"etc. For details, please refer to the example configuration file "
24057
"<filename>/usr/share/doc/ircd-irc2/ircd.conf.example.gz</filename>."
24058
msgstr ""
24059
24060
#: serverguide/C/chat.xml:92(para)
24061
msgid ""
24062
"The IRC banner to be displayed in the IRC client, when the user connects to "
24063
"the server can be set in <filename>/etc/ircd/ircd.motd</filename> file."
24064
msgstr ""
24065
24066
#: serverguide/C/chat.xml:97(para)
24067
msgid ""
24068
"After making necessary changes to the configuration file, you can restart "
24069
"the IRC server using following command:"
24070
msgstr ""
24071
24072
#: serverguide/C/chat.xml:101(programlisting)
24073
#, no-wrap
24074
msgid ""
24075
"\n"
24076
"sudo /etc/init.d/ircd-irc2 restart\n"
24077
msgstr ""
24078
24079
#: serverguide/C/chat.xml:109(para)
24080
msgid ""
24081
"You may also be interested to take a look at other IRC servers available in "
24082
"Ubuntu Repository. It includes, <application>ircd-ircu</application> and "
24083
"<application>ircd-hybrid</application>."
24084
msgstr ""
24085
24086
#: serverguide/C/chat.xml:117(para)
24087
msgid ""
24088
"Refer to <ulink url=\"http://www.irc.org/tech_docs/ircnet/faq.html\">IRCD "
24089
"FAQ</ulink> for more details about the IRC Server."
24090
msgstr ""
24091
24092
#: serverguide/C/chat.xml:124(para)
24093
msgid ""
24094
"Also, the <ulink url=\"https://help.ubuntu.com/community/ircd\">Ubuntu Wiki "
24095
"IRCD</ulink> page has more information."
24096
msgstr ""
24097
24098
#: serverguide/C/chat.xml:132(title)
24099
msgid "Jabber Instant Messaging Server"
24100
msgstr ""
24101
24102
#: serverguide/C/chat.xml:134(para)
24103
msgid ""
24104
"<emphasis>Jabber</emphasis> a popular instant message protocol is based on "
24105
"XMPP, an open standard for instant messaging, and used by many popular "
24106
"applications. This section covers setting up a <emphasis>Jabberd "
24107
"2</emphasis> server on a local LAN. This configuration can also be adapted "
24108
"to providing messaging services to users over the Internet."
24109
msgstr ""
24110
24111
#: serverguide/C/chat.xml:143(para)
24112
msgid "To install <application>jabberd2</application>, in a terminal enter:"
24113
msgstr ""
24114
24115
#: serverguide/C/chat.xml:148(command)
24116
msgid "sudo apt-get install jabberd2"
24117
msgstr ""
24118
24119
#: serverguide/C/chat.xml:155(para)
24120
msgid ""
24121
"A couple of XML configuration files will be used to configure "
24122
"<application>jabberd2</application> for <emphasis>Berkely DB</emphasis> user "
24123
"authentication. This is a very simple form of authentication. However, "
24124
"<application>jabberd2</application> can be configured to use LDAP, MySQL, "
24125
"Postgresql, etc for for user authentication."
24126
msgstr ""
24127
24128
#: serverguide/C/chat.xml:162(para)
24129
msgid "First, edit <filename>/etc/jabberd2/sm.xml</filename> changing:"
24130
msgstr ""
24131
24132
#: serverguide/C/chat.xml:166(programlisting)
24133
#, no-wrap
24134
msgid ""
24135
"\n"
24136
" <id>jabber.example.com</id>\n"
24137
msgstr ""
24138
24139
#: serverguide/C/chat.xml:171(para)
24140
msgid ""
24141
"Replace <emphasis>jabber.example.com</emphasis> with the hostname, or other "
24142
"id, of your server."
24143
msgstr ""
24144
24145
#: serverguide/C/chat.xml:176(para)
24146
msgid "Now in the <storage> section change the <driver> to:"
24147
msgstr ""
24148
24149
#: serverguide/C/chat.xml:180(programlisting)
24150
#, no-wrap
24151
msgid ""
24152
"\n"
24153
" <driver>db</driver>\n"
24154
msgstr ""
24155
24156
#: serverguide/C/chat.xml:184(para)
24157
msgid ""
24158
"Next, edit <filename>/etc/jabberd2/c2s.xml</filename> in the "
24159
"<emphasis><local></emphasis> section change:"
24160
msgstr ""
24161
24162
#: serverguide/C/chat.xml:188(programlisting)
24163
#, no-wrap
24164
msgid ""
24165
"\n"
24166
" <id>jabber.example.com</id>\n"
24167
msgstr ""
24168
24169
#: serverguide/C/chat.xml:192(para)
24170
msgid ""
24171
"And in the <authreg> section adjust the <module> section to:"
24172
msgstr ""
24173
24174
#: serverguide/C/chat.xml:196(programlisting)
24175
#, no-wrap
24176
msgid ""
24177
"\n"
24178
" <module>db</module>\n"
24179
msgstr ""
24180
24181
#: serverguide/C/chat.xml:200(para)
24182
msgid ""
24183
"Finally, restart <application>jabberd2</application> to enable the new "
24184
"settings:"
24185
msgstr ""
24186
24187
#: serverguide/C/chat.xml:205(command)
24188
msgid "sudo /etc/init.d/jabberd2 restart"
24189
msgstr ""
24190
24191
#: serverguide/C/chat.xml:208(para)
24192
msgid ""
24193
"You should now be able to connect to the server using a Jabber client like "
24194
"<application>Pidgin</application> for example."
24195
msgstr ""
24196
24197
#: serverguide/C/chat.xml:213(para)
24198
msgid ""
24199
"The advantage of using Berkeley DB for user data is that after being "
24200
"configured no additional maintenance is required. If you need more control "
24201
"over user accounts and credentials another authentication method is "
24202
"recommended."
24203
msgstr ""
24204
24205
#: serverguide/C/chat.xml:225(para)
24206
msgid ""
24207
"The <ulink url=\"http://codex.xiaoka.com/wiki/jabberd2:start\">Jabberd2 Web "
24208
"Site</ulink> contains more details on configuring "
24209
"<application>Jabberd2</application>."
24210
msgstr ""
24211
24212
#: serverguide/C/chat.xml:231(para)
24213
msgid ""
24214
"For more authentication options see the <ulink "
24215
"url=\"http://jabberd2.xiaoka.com/wiki/InstallGuide\">Jabberd2 Install "
24216
"Guide</ulink>."
24217
msgstr ""
24218
24219
#: serverguide/C/chat.xml:236(para)
24220
msgid ""
24221
"Also, the <ulink "
24222
"url=\"https://help.ubuntu.com/community/SettingUpJabberServer\">Setting Up "
24223
"Jabber Server Ubuntu Wiki</ulink> page has more information."
24224
msgstr ""
24225
24226
#: serverguide/C/backups.xml:13(title)
24227
msgid "Backups"
24228
msgstr ""
24229
24230
#: serverguide/C/backups.xml:14(para)
24231
msgid ""
24232
"There are many ways to backup an Ubuntu installation. The most important "
24233
"thing about backups is to develop a <emphasis>backup plan</emphasis> "
24234
"consisting of what to backup, where to back it up to, and how to restore it."
24235
msgstr ""
24236
24237
#: serverguide/C/backups.xml:18(para)
24238
msgid ""
24239
"The following sections discuss various ways of accomplishing these tasks."
24240
msgstr ""
24241
24242
#: serverguide/C/backups.xml:22(title)
24243
msgid "Shell Scripts"
24244
msgstr ""
24245
24246
#: serverguide/C/backups.xml:23(para)
24247
msgid ""
24248
"One of the simplest ways to backup a system is using a <emphasis>shell "
24249
"script</emphasis>. For example, a script can be used to configure which "
24250
"directories to backup, and use those directories as arguments to the "
24251
"<application>tar</application> utility creating an archive file. The archive "
24252
"file can then be moved or copied to another location. The archive can also "
24253
"be created on a remote file system such as an <emphasis>NFS</emphasis> mount."
24254
msgstr ""
24255
24256
#: serverguide/C/backups.xml:29(para)
24257
msgid ""
24258
"The <application>tar</application> utility creates one archive file out of "
24259
"many files or directories. <application>tar</application> can also filter "
24260
"the files through compression utilities reducing the size of the archive "
24261
"file."
24262
msgstr ""
24263
24264
#: serverguide/C/backups.xml:35(title)
24265
msgid "Simple Shell Script"
24266
msgstr ""
24267
24268
#: serverguide/C/backups.xml:36(para)
24269
msgid ""
24270
"The following shell script uses <application>tar</application> to create an "
24271
"archive file on a remotely mounted NFS file system. The archive filename is "
24272
"determined using additional command line utilities."
24273
msgstr ""
24274
24275
#: serverguide/C/backups.xml:40(programlisting)
24276
#, no-wrap
24277
msgid ""
24278
"\n"
24279
"#!/bin/sh\n"
24280
"####################################\n"
24281
"#\n"
24282
"# Backup to NFS mount script.\n"
24283
"#\n"
24284
"####################################\n"
24285
"\n"
24286
"# What to backup. \n"
24287
"backup_files=\"/home /var/spool/mail /etc /root /boot /opt\"\n"
24288
"\n"
24289
"# Where to backup to.\n"
24290
"dest=\"/mnt/backup\"\n"
24291
"\n"
24292
"# Create archive filename.\n"
24293
"day=$(date +%A)\n"
24294
"hostname=$(hostname -s)\n"
24295
"archive_file=\"$hostname-$day.tgz\"\n"
24296
"\n"
24297
"# Print start status message.\n"
24298
"echo \"Backing up $backup_files to $dest/$archive_file\"\n"
24299
"date\n"
24300
"echo\n"
24301
"\n"
24302
"# Backup the files using tar.\n"
24303
"tar czf $dest/$archive_file $backup_files\n"
24304
"\n"
24305
"# Print end status message.\n"
24306
"echo\n"
24307
"echo \"Backup finished\"\n"
24308
"date\n"
24309
"\n"
24310
"# Long listing of files in $dest to check file sizes.\n"
24311
"ls -lh $dest\n"
24312
msgstr ""
24313
24314
#: serverguide/C/backups.xml:77(para)
24315
msgid ""
24316
"<emphasis>$backup_files:</emphasis> a variable listing which directories you "
24317
"would like to backup. The list should be customized to fit your needs."
24318
msgstr ""
24319
24320
#: serverguide/C/backups.xml:83(para)
24321
msgid ""
24322
"<emphasis>$day:</emphasis> a variable holding the day of the week (Monday, "
24323
"Tuesday, Wednesday, etc). This is used to create an archive file for each "
24324
"day of the week, giving a backup history of seven days. There are other ways "
24325
"to accomplish this including other ways using the "
24326
"<application>date</application> utility."
24327
msgstr ""
24328
24329
#: serverguide/C/backups.xml:90(para)
24330
msgid ""
24331
"<emphasis>$hostname:</emphasis> variable containing the "
24332
"<emphasis>short</emphasis> hostname of the system. Using the hostname in the "
24333
"archive filename gives you the option of placing daily archive files from "
24334
"multiple systems in the same directory."
24335
msgstr ""
24336
24337
#: serverguide/C/backups.xml:97(para)
24338
msgid "<emphasis>$archive_file:</emphasis> the full archive filename."
24339
msgstr ""
24340
24341
#: serverguide/C/backups.xml:102(para)
24342
msgid ""
24343
"<emphasis>$dest:</emphasis> destination of the archive file. The directory "
24344
"needs to be created and in this case <emphasis>mounted</emphasis> before "
24345
"executing the backup script. See <xref linkend=\"network-file-system\"/> for "
24346
"details using <emphasis>NFS</emphasis>."
24347
msgstr ""
24348
24349
#: serverguide/C/backups.xml:109(para)
24350
msgid ""
24351
"<emphasis>status messages:</emphasis> optional messages printed to the "
24352
"console using the <application>echo</application> utility."
24353
msgstr ""
24354
24355
#: serverguide/C/backups.xml:115(para)
24356
msgid ""
24357
"<emphasis>tar czf $dest/$archive_file $backup_files:</emphasis> the "
24358
"<application>tar</application> command used to create the archive file."
24359
msgstr ""
24360
24361
#: serverguide/C/backups.xml:121(para)
24362
msgid "<emphasis>c:</emphasis> creates an archive."
24363
msgstr ""
24364
24365
#: serverguide/C/backups.xml:126(para)
24366
msgid ""
24367
"<emphasis>z:</emphasis> filter the archive through the "
24368
"<application>gzip</application> utility compressing the archive."
24369
msgstr ""
24370
24371
#: serverguide/C/backups.xml:131(para)
24372
msgid ""
24373
"<emphasis>f:</emphasis> use archive file. Otherwise the "
24374
"<application>tar</application> output will be sent to STDOUT."
24375
msgstr ""
24376
24377
#: serverguide/C/backups.xml:138(para)
24378
msgid ""
24379
"<emphasis>ls -lh $dest:</emphasis> optional statement prints a <emphasis>-"
24380
"l</emphasis> long listing in <emphasis>-h</emphasis> human readable format "
24381
"of the destination directory. This is useful for a quick file size check of "
24382
"the archive file. This check should not replace testing the archive file."
24383
msgstr ""
24384
24385
#: serverguide/C/backups.xml:145(para)
24386
msgid ""
24387
"This is a simple example of a backup shell script. There are large amount of "
24388
"options that can be included in a backup script. See <xref linkend=\"backup-"
24389
"shellscript-references\"/> for links to resources providing more in depth "
24390
"shell scripting information."
24391
msgstr ""
24392
24393
#: serverguide/C/backups.xml:152(title)
24394
msgid "Executing the Script"
24395
msgstr ""
24396
24397
#: serverguide/C/backups.xml:154(title)
24398
msgid "Executing from a Terminal"
24399
msgstr ""
24400
24401
#: serverguide/C/backups.xml:155(para)
24402
msgid ""
24403
"The simplest way of executing the above backup script is to copy and paste "
24404
"the contents into a file. <filename>backup.sh</filename> for example. Then "
24405
"from a terminal prompt:"
24406
msgstr ""
24407
24408
#: serverguide/C/backups.xml:160(command)
24409
msgid "sudo bash backup.sh"
24410
msgstr ""
24411
24412
#: serverguide/C/backups.xml:162(para)
24413
msgid ""
24414
"This is a great way to test the script to make sure everything works as "
24415
"expected."
24416
msgstr ""
24417
24418
#: serverguide/C/backups.xml:167(title)
24419
msgid "Executing with cron"
24420
msgstr ""
24421
24422
#: serverguide/C/backups.xml:168(para)
24423
msgid ""
24424
"The <application>cron</application> utility can be used to automate the "
24425
"script execution. The <application>cron</application> daemon allows the "
24426
"execution of scripts, or commands, at a specified time and date."
24427
msgstr ""
24428
24429
#: serverguide/C/backups.xml:172(para)
24430
msgid ""
24431
"<application>cron</application> is configured through entries in a "
24432
"<filename>crontab</filename> file. <filename>crontab</filename> files are "
24433
"separated into fields:"
24434
msgstr ""
24435
24436
#: serverguide/C/backups.xml:176(programlisting)
24437
#, no-wrap
24438
msgid ""
24439
"\n"
24440
"# m h dom mon dow command\n"
24441
msgstr ""
24442
24443
#: serverguide/C/backups.xml:181(para)
24444
msgid ""
24445
"<emphasis>m:</emphasis> minute the command executes on between 0 and 59."
24446
msgstr ""
24447
24448
#: serverguide/C/backups.xml:186(para)
24449
msgid ""
24450
"<emphasis>h:</emphasis> hour the command executes on between 0 and 23."
24451
msgstr ""
24452
24453
#: serverguide/C/backups.xml:191(para)
24454
msgid "<emphasis>dom:</emphasis> day of month the command executes on."
24455
msgstr ""
24456
24457
#: serverguide/C/backups.xml:196(para)
24458
msgid ""
24459
"<emphasis>mon:</emphasis> the month the command executes on between 1 and 12."
24460
msgstr ""
24461
24462
#: serverguide/C/backups.xml:201(para)
24463
msgid ""
24464
"<emphasis>dow:</emphasis> the day of the week the command executes on "
24465
"between 0 and 7. Sunday may be specified by using 0 or 7, both values are "
24466
"valid."
24467
msgstr ""
24468
24469
#: serverguide/C/backups.xml:206(para)
24470
msgid "<emphasis>command:</emphasis> the command to execute."
24471
msgstr ""
24472
24473
#: serverguide/C/backups.xml:211(para)
24474
msgid ""
24475
"To add or change entries in a <filename>crontab</filename> file the "
24476
"<application>crontab -e</application> command should be used. Also, the "
24477
"contents of a <filename>crontab</filename> file can be viewed using the "
24478
"<application>crontab -l</application> command."
24479
msgstr ""
24480
24481
#: serverguide/C/backups.xml:215(para)
24482
msgid ""
24483
"To execute the <application>backup.sh</application> script listed above "
24484
"using <application>cron</application>. Enter the following from a terminal "
24485
"prompt:"
24486
msgstr ""
24487
24488
#: serverguide/C/backups.xml:220(command)
24489
msgid "sudo crontab -e"
24490
msgstr ""
24491
24492
#: serverguide/C/backups.xml:223(para)
24493
msgid ""
24494
"Using <application>sudo</application> with the <application>crontab -"
24495
"e</application> command edits the <emphasis>root</emphasis> user's crontab. "
24496
"This is necessary if you are backing up directories only the root user has "
24497
"access to."
24498
msgstr ""
24499
24500
#: serverguide/C/backups.xml:228(para)
24501
msgid "Add the following entry to the <filename>crontab</filename> file:"
24502
msgstr ""
24503
24504
#: serverguide/C/backups.xml:231(programlisting)
24505
#, no-wrap
24506
msgid ""
24507
"\n"
24508
"# m h dom mon dow command\n"
24509
"0 0 * * * bash /usr/local/bin/backup.sh\n"
24510
msgstr ""
24511
24512
#: serverguide/C/backups.xml:235(para)
24513
msgid ""
24514
"The <application>backup.sh</application> script will now be executed every "
24515
"day at 12:00 am."
24516
msgstr ""
24517
24518
#: serverguide/C/backups.xml:239(para)
24519
msgid ""
24520
"The <application>backup.sh</application> script will need to be copied to "
24521
"the <filename>/usr/local/bin/</filename> directory in order for this entry "
24522
"to execute properly. The script can reside anywhere on the file system "
24523
"simply change the script path appropriately."
24524
msgstr ""
24525
24526
#: serverguide/C/backups.xml:244(para)
24527
msgid ""
24528
"For more in depth <application>crontab</application> options see <xref "
24529
"linkend=\"backup-shellscript-references\"/>."
24530
msgstr ""
24531
24532
#: serverguide/C/backups.xml:250(title)
24533
msgid "Restoring from the Archive"
24534
msgstr ""
24535
24536
#: serverguide/C/backups.xml:251(para)
24537
msgid ""
24538
"Once an archive has been created it is important to test the archive. The "
24539
"archive can be tested by listing the files it contains, but the best test is "
24540
"to <emphasis>restore</emphasis> a file from the archive."
24541
msgstr ""
24542
24543
#: serverguide/C/backups.xml:257(para)
24544
msgid "To see a listing of the archive contents. From a terminal prompt:"
24545
msgstr ""
24546
24547
#: serverguide/C/backups.xml:261(command)
24548
msgid "tar -tzvf /mnt/backup/host-Monday.tgz"
24549
msgstr ""
24550
24551
#: serverguide/C/backups.xml:265(para)
24552
msgid "To restore a file from the archive to a different directory enter:"
24553
msgstr ""
24554
24555
#: serverguide/C/backups.xml:269(command)
24556
msgid "tar -xzvf /mnt/backup/host-Monday.tgz -C /tmp etc/hosts"
24557
msgstr ""
24558
24559
#: serverguide/C/backups.xml:271(para)
24560
msgid ""
24561
"The <emphasis>-C</emphasis> option to <application>tar</application> "
24562
"redirects the extracted files to the specified directory. The above example "
24563
"will extract the <filename>/etc/hosts</filename> file to "
24564
"<filename>/tmp/etc/hosts</filename>. <application>tar</application> "
24565
"recreates the directory structure that it contains."
24566
msgstr ""
24567
24568
#: serverguide/C/backups.xml:276(para)
24569
msgid ""
24570
"Also, notice the leading <emphasis>\"/\"</emphasis> is left off the path of "
24571
"the file to restore."
24572
msgstr ""
24573
24574
#: serverguide/C/backups.xml:281(para)
24575
msgid "To restore all files in the archive enter the following:"
24576
msgstr ""
24577
24578
#: serverguide/C/backups.xml:285(command)
24579
msgid "cd /"
24580
msgstr ""
24581
24582
#: serverguide/C/backups.xml:286(command)
24583
msgid "sudo tar -xzvf /mnt/backup/host-Monday.tgz"
24584
msgstr ""
24585
24586
#: serverguide/C/backups.xml:291(para)
24587
msgid "This will overwrite the files currently on the file system."
24588
msgstr ""
24589
24590
#: serverguide/C/backups.xml:300(para)
24591
msgid ""
24592
"For more information on shell scripting see the <ulink "
24593
"url=\"http://tldp.org/LDP/abs/html/\">Advanced Bash-Scripting Guide</ulink>"
24594
msgstr ""
24595
24596
#: serverguide/C/backups.xml:305(para)
24597
msgid ""
24598
"The book <ulink url=\"http://safari.samspublishing.com/0672323583\">Teach "
24599
"Yourself Shell Programming in 24 Hours</ulink> is available online and a "
24600
"great resource for shell scripting."
24601
msgstr ""
24602
24603
#: serverguide/C/backups.xml:311(para)
24604
msgid ""
24605
"The <ulink url=\"https://help.ubuntu.com/community/CronHowto\">CronHowto "
24606
"Wiki Page</ulink> contains details on advanced "
24607
"<application>cron</application> options."
24608
msgstr ""
24609
24610
#: serverguide/C/backups.xml:318(para)
24611
msgid ""
24612
"See the <ulink url=\"http://www.gnu.org/software/tar/manual/index.html\">GNU "
24613
"tar Manual</ulink> for more <application>tar</application> options."
24614
msgstr ""
24615
24616
#: serverguide/C/backups.xml:324(para)
24617
msgid ""
24618
"The Wikipedia <ulink "
24619
"url=\"http://en.wikipedia.org/wiki/Backup_rotation_scheme\">Backup Rotation "
24620
"Scheme</ulink> article contains information on other backup rotation schemes."
24621
msgstr ""
24622
24623
#: serverguide/C/backups.xml:330(para)
24624
msgid ""
24625
"The shell script uses <application>tar</application> to create the archive, "
24626
"but there many other command line utilities that can be used. For example:"
24627
msgstr ""
24628
24629
#: serverguide/C/backups.xml:336(para)
24630
msgid ""
24631
"<ulink url=\"http://www.gnu.org/software/cpio/\">cpio</ulink>: used to copy "
24632
"files to and from archives."
24633
msgstr ""
24634
24635
#: serverguide/C/backups.xml:341(para)
24636
msgid ""
24637
"<ulink url=\"http://www.gnu.org/software/coreutils/\">dd</ulink>: part of "
24638
"the <application>coreutils</application> package. A low level utility that "
24639
"can copy data from one format to another"
24640
msgstr ""
24641
24642
#: serverguide/C/backups.xml:347(para)
24643
msgid ""
24644
"<ulink url=\"http://www.rsnapshot.org/\">rsnapshot</ulink>: a file system "
24645
"snap shot utility used to create copies of an entire file system."
24646
msgstr ""
24647
24648
#: serverguide/C/backups.xml:358(title)
24649
msgid "Archive Rotation"
24650
msgstr ""
24651
24652
#: serverguide/C/backups.xml:359(para)
24653
msgid ""
24654
"The shell script in section <xref linkend=\"backup-shellscripts\"/> only "
24655
"allows for seven different archives. For a server whose data doesn't change "
24656
"often this may be enough. If the server has a large amount of data a more "
24657
"robust rotation scheme should be used."
24658
msgstr ""
24659
24660
#: serverguide/C/backups.xml:365(title)
24661
msgid "Rotating NFS Archives"
24662
msgstr ""
24663
24664
#: serverguide/C/backups.xml:366(para)
24665
msgid ""
24666
"In this section the shell script will be slightly modified to implement a "
24667
"grandfather-father-son rotation scheme (monthly-weekly-daily):"
24668
msgstr ""
24669
24670
#: serverguide/C/backups.xml:372(para)
24671
msgid ""
24672
"The rotation will do a <emphasis>daily</emphasis> backup Sunday through "
24673
"Friday."
24674
msgstr ""
24675
24676
#: serverguide/C/backups.xml:377(para)
24677
msgid ""
24678
"On Saturday a <emphasis>weekly</emphasis> backup is done giving you four "
24679
"weekly backups a month."
24680
msgstr ""
24681
24682
#: serverguide/C/backups.xml:382(para)
24683
msgid ""
24684
"The <emphasis>monthly</emphasis> backup is done on the first of the month "
24685
"rotating two monthly backups based on if the month is odd or even."
24686
msgstr ""
24687
24688
#: serverguide/C/backups.xml:388(para)
24689
msgid "Here is the new script:"
24690
msgstr ""
24691
24692
#: serverguide/C/backups.xml:391(programlisting)
24693
#, no-wrap
24694
msgid ""
24695
"\n"
24696
"#!/bin/bash\n"
24697
"####################################\n"
24698
"#\n"
24699
"# Backup to NFS mount script with\n"
24700
"# grandfather-father-son rotation.\n"
24701
"#\n"
24702
"####################################\n"
24703
"\n"
24704
"# What to backup. \n"
24705
"backup_files=\"/home /var/spool/mail /etc /root /boot /opt\"\n"
24706
"\n"
24707
"# Where to backup to.\n"
24708
"dest=\"/mnt/backup\"\n"
24709
"\n"
24710
"# Setup variables for the archive filename.\n"
24711
"day=$(date +%A)\n"
24712
"hostname=$(hostname -s)\n"
24713
"\n"
24714
"# Find which week of the month 1-4 it is.\n"
24715
"day_num=$(date +%d)\n"
24716
"if (( $day_num <= 7 )); then\n"
24717
" week_file=\"$hostname-week1.tgz\"\n"
24718
"elif (( $day_num > 7 && $day_num <= 14 )); then\n"
24719
" week_file=\"$hostname-week2.tgz\"\n"
24720
"elif (( $day_num > 14 && $day_num <= 21 )); then\n"
24721
" week_file=\"$hostname-week3.tgz\"\n"
24722
"elif (( $day_num > 21 && $day_num < 32 )); then\n"
24723
" week_file=\"$hostname-week4.tgz\"\n"
24724
"fi\n"
24725
"\n"
24726
"# Find if the Month is odd or even.\n"
24727
"month_num=$(date +%m)\n"
24728
"month=$(expr $month_num % 2)\n"
24729
"if [ $month -eq 0 ]; then\n"
24730
" month_file=\"$hostname-month2.tgz\"\n"
24731
"else\n"
24732
" month_file=\"$hostname-month1.tgz\"\n"
24733
"fi\n"
24734
"\n"
24735
"# Create archive filename.\n"
24736
"if [ $day_num == 1 ]; then\n"
24737
"\tarchive_file=$month_file\n"
24738
"elif [ $day != \"Saturday\" ]; then\n"
24739
" archive_file=\"$hostname-$day.tgz\"\n"
24740
"else \n"
24741
"\tarchive_file=$week_file\n"
24742
"fi\n"
24743
"\n"
24744
"# Print start status message.\n"
24745
"echo \"Backing up $backup_files to $dest/$archive_file\"\n"
24746
"date\n"
24747
"echo\n"
24748
"\n"
24749
"# Backup the files using tar.\n"
24750
"tar czf $dest/$archive_file $backup_files\n"
24751
"\n"
24752
"# Print end status message.\n"
24753
"echo\n"
24754
"echo \"Backup finished\"\n"
24755
"date\n"
24756
"\n"
24757
"# Long listing of files in $dest to check file sizes.\n"
24758
"ls -lh $dest/\n"
24759
msgstr ""
24760
24761
#: serverguide/C/backups.xml:456(para)
24762
msgid ""
24763
"The script can be executed using the same methods as in <xref "
24764
"linkend=\"backup-executing-shellscript\"/>."
24765
msgstr ""
24766
24767
#: serverguide/C/backups.xml:459(para)
24768
msgid ""
24769
"It is good practice to take backup media off site in case of a disaster. In "
24770
"the shell script example the backup media is another server providing an NFS "
24771
"share. In all likelihood taking the NFS server to another location would not "
24772
"be practical. Depending upon connection speeds it may be an option to copy "
24773
"the archive file over a WAN link to a server in another location."
24774
msgstr ""
24775
24776
#: serverguide/C/backups.xml:465(para)
24777
msgid ""
24778
"Another option is to copy the archive file to an external hard drive which "
24779
"can then be taken off site. Since the price of external hard drives continue "
24780
"to decrease it may be cost affective to use two drives for each archive "
24781
"level. This would allow you to have one external drive attached to the "
24782
"backup server and one in another location."
24783
msgstr ""
24784
24785
#: serverguide/C/backups.xml:472(title)
24786
msgid "Tape Drives"
24787
msgstr ""
24788
24789
#: serverguide/C/backups.xml:473(para)
24790
msgid ""
24791
"A tape drive attached to the server can be used instead of a NFS share. "
24792
"Using a tape drive simplifies archive rotation, and taking the media off "
24793
"site as well."
24794
msgstr ""
24795
24796
#: serverguide/C/backups.xml:477(para)
24797
msgid ""
24798
"When using a tape drive the filename portions of the script aren't needed "
24799
"because the date is sent directly to the tape device. Some commands to "
24800
"manipulate the tape are needed. This is accomplished using "
24801
"<application>mt</application>, a magnetic tape control utility part of the "
24802
"<application>cpio</application> package."
24803
msgstr ""
24804
24805
#: serverguide/C/backups.xml:482(para)
24806
msgid "Here is the shell script modified to use a tape drive:"
24807
msgstr ""
24808
24809
#: serverguide/C/backups.xml:485(programlisting)
24810
#, no-wrap
24811
msgid ""
24812
"\n"
24813
"#!/bin/bash\n"
24814
"####################################\n"
24815
"#\n"
24816
"# Backup to tape drive script.\n"
24817
"#\n"
24818
"####################################\n"
24819
"\n"
24820
"# What to backup. \n"
24821
"backup_files=\"/home /var/spool/mail /etc /root /boot /opt\"\n"
24822
"\n"
24823
"# Where to backup to.\n"
24824
"dest=\"/dev/st0\"\n"
24825
"\n"
24826
"# Print start status message.\n"
24827
"echo \"Backing up $backup_files to $dest\"\n"
24828
"date\n"
24829
"echo\n"
24830
"\n"
24831
"# Make sure the tape is rewound.\n"
24832
"mt -f $dest rewind\n"
24833
"\n"
24834
"# Backup the files using tar.\n"
24835
"tar czf $dest $backup_files\n"
24836
"\n"
24837
"# Rewind and eject the tape.\n"
24838
"mt -f $dest rewoffl\n"
24839
"\n"
24840
"# Print end status message.\n"
24841
"echo\n"
24842
"echo \"Backup finished\"\n"
24843
"date\n"
24844
msgstr ""
24845
24846
#: serverguide/C/backups.xml:519(para)
24847
msgid ""
24848
"The default device name for a SCSI tape drive is "
24849
"<filename>/dev/st0</filename>. Use the appropriate device path for your "
24850
"system."
24851
msgstr ""
24852
24853
#: serverguide/C/backups.xml:524(para)
24854
msgid ""
24855
"Restoring from a tape drive is basically the same as restoring from a file. "
24856
"Simply rewind the tape and use the device path instead of a file path. For "
24857
"example to restore the <filename>/etc/hosts</filename> file to "
24858
"<filename>/tmp/etc/hosts</filename>:"
24859
msgstr ""
24860
24861
#: serverguide/C/backups.xml:529(command)
24862
msgid "mt -f /dev/st0 rewind"
24863
msgstr ""
24864
24865
#: serverguide/C/backups.xml:530(command)
24866
msgid "tar -xzf /dev/st0 -C /tmp etc/hosts"
24867
msgstr ""
24868
24869
#: serverguide/C/backups.xml:535(title)
24870
msgid "Bacula"
24871
msgstr ""
24872
24873
#: serverguide/C/backups.xml:536(para)
24874
msgid ""
24875
"<application>Bacula</application> is a backup program enabling you to "
24876
"backup, restore, and verify data across your network. There are Bacula "
24877
"clients for Linux, Windows, and Mac OSX. Making it a cross platform network "
24878
"wide solution."
24879
msgstr ""
24880
24881
#: serverguide/C/backups.xml:542(para)
24882
msgid ""
24883
"<application>Bacula</application> is made up of several components and "
24884
"services used to manage which files to backup and where to back them up to:"
24885
msgstr ""
24886
24887
#: serverguide/C/backups.xml:548(para)
24888
msgid ""
24889
"<application>Bacula Director:</application> a service that controls all "
24890
"backup, restore, verify, and archive operations."
24891
msgstr ""
24892
24893
#: serverguide/C/backups.xml:553(para)
24894
msgid ""
24895
"<application>Bacula Console:</application> an application allowing "
24896
"communication with the Director. There are three versions of the Console:"
24897
msgstr ""
24898
24899
#: serverguide/C/backups.xml:558(para)
24900
msgid "Text based command line version."
24901
msgstr ""
24902
24903
#: serverguide/C/backups.xml:559(para)
24904
msgid "Gnome based GTK+ Graphical User Interface (GUI) interface."
24905
msgstr ""
24906
24907
#: serverguide/C/backups.xml:560(para)
24908
msgid "wxWidgets GUI interface."
24909
msgstr ""
24910
24911
#: serverguide/C/backups.xml:564(para)
24912
msgid ""
24913
"<application>Bacula File:</application> also known as the "
24914
"<application>Bacula Client</application> program. This application is "
24915
"installed on machines to be backed up, and is responsible for the data "
24916
"requested by the Director."
24917
msgstr ""
24918
24919
#: serverguide/C/backups.xml:570(para)
24920
msgid ""
24921
"<application>Bacula Storage:</application> the programs that perform the "
24922
"storage and recovery of data to the physical media."
24923
msgstr ""
24924
24925
#: serverguide/C/backups.xml:575(para)
24926
msgid ""
24927
"<application>Bacula Catalog:</application> is responsible for maintaining "
24928
"the file indexes and volume databases for all files backed up, enabling "
24929
"quick location and restoration of archived files. The Catalog supports three "
24930
"different databases MySQL, PostgreSQL, and SQLite."
24931
msgstr ""
24932
24933
#: serverguide/C/backups.xml:581(para)
24934
msgid ""
24935
"<application>Bacula Monitor:</application> allows the monitoring of the "
24936
"Director, File daemons, and Storage daemons. Currently the Monitor is only "
24937
"available as a GTK+ GUI application."
24938
msgstr ""
24939
24940
#: serverguide/C/backups.xml:587(para)
24941
msgid ""
24942
"These services and applications can be run on multiple servers and clients, "
24943
"or they can be installed on one machine if backing up a single disk or "
24944
"volume."
24945
msgstr ""
24946
24947
#: serverguide/C/backups.xml:594(para)
24948
msgid ""
24949
"There are multiple packages containing the different "
24950
"<application>Bacula</application> components. To install Bacula, from a "
24951
"terminal prompt enter:"
24952
msgstr ""
24953
24954
#: serverguide/C/backups.xml:599(command)
24955
msgid "sudo apt-get install bacula"
24956
msgstr ""
24957
24958
#: serverguide/C/backups.xml:601(para)
24959
msgid ""
24960
"By default installing the <application>bacula</application> package will use "
24961
"a <application>MySQL</application> database for the Catalog. If you want to "
24962
"use SQLite or PostgreSQL, for the Catalog, install <application>bacula-"
24963
"director-sqlite3</application> or <application>bacula-director-"
24964
"pgsql</application> respectively."
24965
msgstr ""
24966
24967
#: serverguide/C/backups.xml:607(para)
24968
msgid ""
24969
"During the install process you will be asked to supply credentials for the "
24970
"database <emphasis>administrator</emphasis> and the "
24971
"<emphasis>bacula</emphasis> database <emphasis>owner</emphasis>. The "
24972
"database administrator will need to have the appropriate rights to create a "
24973
"database, see <xref linkend=\"mysql\"/> for more information."
24974
msgstr ""
24975
24976
#: serverguide/C/backups.xml:617(para)
24977
msgid ""
24978
"<application>Bacula</application> configuration files are formatted based on "
24979
"<emphasis>resources</emphasis> comprising of <emphasis>directives</emphasis> "
24980
"surrounded by <quote>{}</quote> braces. Each Bacula component has an "
24981
"individual file in the <filename role=\"directory\">/etc/bacula</filename> "
24982
"directory."
24983
msgstr ""
24984
24985
#: serverguide/C/backups.xml:622(para)
24986
msgid ""
24987
"The various <application>Bacula</application> components must authorize "
24988
"themselves to each other. This is accomplished using the "
24989
"<emphasis>password</emphasis> directive. For example, the "
24990
"<emphasis>Storage</emphasis> resource password in the "
24991
"<filename>/etc/bacula/bacula-dir.conf</filename> file must match the "
24992
"<emphasis>Director</emphasis> resource password in "
24993
"<filename>/etc/bacula/bacula-sd.conf</filename>."
24994
msgstr ""
24995
24996
#: serverguide/C/backups.xml:628(para)
24997
msgid ""
24998
"By default the backup job named <emphasis>Client1</emphasis> is configured "
24999
"to archive the <application>Bacula</application> Catalog. If you plan on "
25000
"using the server to backup more than one client you should change the name "
25001
"of this job to something more descriptive. To change the name edit "
25002
"<filename>/etc/bacula/bacula-dir.conf</filename>:"
25003
msgstr ""
25004
25005
#: serverguide/C/backups.xml:633(programlisting)
25006
#, no-wrap
25007
msgid ""
25008
"\n"
25009
"#\n"
25010
"# Define the main nightly save backup job\n"
25011
"# By default, this job will back up to disk in \n"
25012
"Job {\n"
25013
" Name = \"BackupServer\"\n"
25014
" JobDefs = \"DefaultJob\"\n"
25015
" Write Bootstrap = \"/var/lib/bacula/Client1.bsr\"\n"
25016
"}\n"
25017
msgstr ""
25018
25019
#: serverguide/C/backups.xml:644(para)
25020
msgid ""
25021
"The example above changes the job name to <emphasis>BackupServer</emphasis> "
25022
"matching the machine's host name. Replace <quote>BackupServer</quote> with "
25023
"your appropriate hostname, or other descriptive name."
25024
msgstr ""
25025
25026
#: serverguide/C/backups.xml:649(para)
25027
msgid ""
25028
"The <emphasis>Console</emphasis> can be used to query the "
25029
"<emphasis>Director</emphasis> about jobs, but to use the Console with a "
25030
"<emphasis>non-root</emphasis> user, the user needs to be in the "
25031
"<emphasis>bacula</emphasis> group. To add a user to the bacula group enter "
25032
"the following from a terminal:"
25033
msgstr ""
25034
25035
#: serverguide/C/backups.xml:655(command)
25036
msgid "sudo adduser $username bacula"
25037
msgstr ""
25038
25039
#: serverguide/C/backups.xml:658(para)
25040
msgid ""
25041
"Replace <emphasis>$username</emphasis> with the actual username. Also, if "
25042
"you are adding the current user to the group you should log out and back in "
25043
"for the new permissions to take effect."
25044
msgstr ""
25045
25046
#: serverguide/C/backups.xml:665(title)
25047
msgid "Localhost Backup"
25048
msgstr ""
25049
25050
#: serverguide/C/backups.xml:666(para)
25051
msgid ""
25052
"This section describes how to backup specified directories on a single host "
25053
"to a local tape drive."
25054
msgstr ""
25055
25056
#: serverguide/C/backups.xml:671(para)
25057
msgid ""
25058
"First, the <emphasis>Storage</emphasis> device needs to be configured. Edit "
25059
"<filename>/etc/bacula/bacula-sd.conf</filename> add:"
25060
msgstr ""
25061
25062
#: serverguide/C/backups.xml:674(programlisting)
25063
#, no-wrap
25064
msgid ""
25065
"\n"
25066
"Device {\n"
25067
" Name = \"Tape Drive\"\n"
25068
" Device Type = tape\n"
25069
" Media Type = DDS-4\n"
25070
" Archive Device = /dev/st0\n"
25071
" Hardware end of medium = No;\n"
25072
" AutomaticMount = yes; # when device opened, read it\n"
25073
" AlwaysOpen = Yes;\n"
25074
" RemovableMedia = yes;\n"
25075
" RandomAccess = no;\n"
25076
" Alert Command = \"sh -c 'tapeinfo -f %c | grep TapeAlert'\"\n"
25077
"}\n"
25078
msgstr ""
25079
25080
#: serverguide/C/backups.xml:688(para)
25081
msgid ""
25082
"The example is for a <emphasis>DDS-4</emphasis> tape drive. Adjust the Media "
25083
"Type and Archive Device to match your hardware."
25084
msgstr ""
25085
25086
#: serverguide/C/backups.xml:691(para)
25087
msgid "You could also uncomment one of the other examples in the file."
25088
msgstr ""
25089
25090
#: serverguide/C/backups.xml:696(para)
25091
msgid ""
25092
"After editing <filename>/etc/bacula/bacula-sd.conf</filename> the "
25093
"<application>Storage</application> daemon will need to be restarted:"
25094
msgstr ""
25095
25096
#: serverguide/C/backups.xml:701(command)
25097
msgid "sudo /etc/init.d/bacula-sd restart"
25098
msgstr ""
25099
25100
#: serverguide/C/backups.xml:705(para)
25101
msgid ""
25102
"Now add a <emphasis>Storage</emphasis> resource in "
25103
"<filename>/etc/bacula/bacula-dir.conf</filename> to use the new Device:"
25104
msgstr ""
25105
25106
#: serverguide/C/backups.xml:708(programlisting)
25107
#, no-wrap
25108
msgid ""
25109
"\n"
25110
"# Definition of \"Tape Drive\" storage device\n"
25111
"Storage {\n"
25112
" Name = TapeDrive\n"
25113
" # Do not use \"localhost\" here \n"
25114
" Address = backupserver # N.B. Use a fully qualified name "
25115
"here\n"
25116
" SDPort = 9103\n"
25117
" Password = \"Cv70F6pf1t6pBopT4vQOnigDrR0v3LT3Cgkiyj\"\n"
25118
" Device = \"Tape Drive\"\n"
25119
" Media Type = tape\n"
25120
"}\n"
25121
msgstr ""
25122
25123
#: serverguide/C/backups.xml:720(para)
25124
msgid ""
25125
"The <emphasis>Address</emphasis> directive needs to be the Fully Qualified "
25126
"Domain Name (FQDN) of the server. Change <emphasis>backupserver</emphasis> "
25127
"to the actual host name."
25128
msgstr ""
25129
25130
#: serverguide/C/backups.xml:724(para)
25131
msgid ""
25132
"Also, make sure the <emphasis>Password</emphasis> directive matches the "
25133
"password string in <filename>/etc/bacula/bacula-sd.conf</filename>."
25134
msgstr ""
25135
25136
#: serverguide/C/backups.xml:730(para)
25137
msgid ""
25138
"Create a new <emphasis>FileSet</emphasis>, which will determine what "
25139
"directories to backup, by adding:"
25140
msgstr ""
25141
25142
#: serverguide/C/backups.xml:733(programlisting)
25143
#, no-wrap
25144
msgid ""
25145
"\n"
25146
"# LocalhostBacup FileSet.\n"
25147
"FileSet {\n"
25148
" Name = \"LocalhostFiles\"\n"
25149
" Include {\n"
25150
" Options {\n"
25151
" signature = MD5\n"
25152
" compression=GZIP\n"
25153
" }\n"
25154
" File = /etc\n"
25155
" File = /home\n"
25156
" }\n"
25157
"}\n"
25158
msgstr ""
25159
25160
#: serverguide/C/backups.xml:747(para)
25161
msgid ""
25162
"This <emphasis>FileSet</emphasis> will backup the <filename "
25163
"role=\"directory\">/etc</filename> and <filename "
25164
"role=\"directory\">/home</filename> directories. The "
25165
"<emphasis>Options</emphasis> resource directives configure the FileSet to "
25166
"create a MD5 signature for each file backed up, and to compress the files "
25167
"using GZIP."
25168
msgstr ""
25169
25170
#: serverguide/C/backups.xml:754(para)
25171
msgid "Next, create a new <emphasis>Schedule</emphasis> for the backup job:"
25172
msgstr ""
25173
25174
#: serverguide/C/backups.xml:757(programlisting)
25175
#, no-wrap
25176
msgid ""
25177
"\n"
25178
"# LocalhostBackup Schedule -- Daily.\n"
25179
"Schedule {\n"
25180
" Name = \"LocalhostDaily\"\n"
25181
" Run = Full daily at 00:01\n"
25182
"}\n"
25183
msgstr ""
25184
25185
#: serverguide/C/backups.xml:764(para)
25186
msgid ""
25187
"The job will run every day at 00:01 or 12:01 am. There are many other "
25188
"scheduling options available."
25189
msgstr ""
25190
25191
#: serverguide/C/backups.xml:769(para)
25192
msgid "Finally create the <emphasis>Job</emphasis>:"
25193
msgstr ""
25194
25195
#: serverguide/C/backups.xml:772(programlisting)
25196
#, no-wrap
25197
msgid ""
25198
"\n"
25199
"# Localhost backup.\n"
25200
"Job {\n"
25201
" Name = \"LocalhostBackup\"\n"
25202
" JobDefs = \"DefaultJob\"\n"
25203
" Enabled = yes\n"
25204
" Level = Full\n"
25205
" FileSet = \"LocalhostFiles\"\n"
25206
" Schedule = \"LocalhostDaily\"\n"
25207
" Storage = TapeDrive\n"
25208
" Write Bootstrap = \"/var/lib/bacula/LocalhostBackup.bsr\"\n"
25209
"} \n"
25210
msgstr ""
25211
25212
#: serverguide/C/backups.xml:785(para)
25213
msgid ""
25214
"The job will do a <emphasis>Full</emphasis> backup every day to the tape "
25215
"drive."
25216
msgstr ""
25217
25218
#: serverguide/C/backups.xml:790(para)
25219
msgid ""
25220
"Each tape used will need to have a <emphasis>Label</emphasis>. If the "
25221
"current tape does not have a label <application>Bacula</application> will "
25222
"send an email letting you know. To label a tape using the "
25223
"<application>Console</application> enter the following from a terminal:"
25224
msgstr ""
25225
25226
#: serverguide/C/backups.xml:796(command)
25227
msgid "bconsole"
25228
msgstr ""
25229
25230
#: serverguide/C/backups.xml:800(para)
25231
msgid "At the Bacula Console prompt enter:"
25232
msgstr ""
25233
25234
#: serverguide/C/backups.xml:804(command)
25235
msgid "label"
25236
msgstr ""
25237
25238
#: serverguide/C/backups.xml:808(para)
25239
msgid ""
25240
"You will then be prompted for the <emphasis>Storage</emphasis> resource:"
25241
msgstr ""
25242
25243
#: serverguide/C/backups.xml:818(userinput)
25244
#, no-wrap
25245
msgid "2"
25246
msgstr ""
25247
25248
#: serverguide/C/backups.xml:812(computeroutput)
25249
#, no-wrap
25250
msgid ""
25251
"\n"
25252
"Automatically selected Catalog: MyCatalog\n"
25253
"Using Catalog \"MyCatalog\"\n"
25254
"The defined Storage resources are:\n"
25255
" 1: File\n"
25256
" 2: TapeDrive\n"
25257
"Select Storage resource (1-2):<placeholder-1/>\n"
25258
msgstr ""
25259
25260
#: serverguide/C/backups.xml:823(para)
25261
msgid "Enter the new <emphasis>Volume</emphasis> name:"
25262
msgstr ""
25263
25264
#: serverguide/C/backups.xml:828(userinput)
25265
#, no-wrap
25266
msgid "Sunday"
25267
msgstr ""
25268
25269
#: serverguide/C/backups.xml:827(computeroutput)
25270
#, no-wrap
25271
msgid ""
25272
"\n"
25273
"Enter new Volume name: <placeholder-1/>\n"
25274
"Defined Pools:\n"
25275
" 1: Default\n"
25276
" 2: Scratch"
25277
msgstr ""
25278
25279
#: serverguide/C/backups.xml:833(para)
25280
msgid "Replace <emphasis>Sunday</emphasis> with the desired label."
25281
msgstr ""
25282
25283
#: serverguide/C/backups.xml:838(para)
25284
msgid "Now, select the <emphasis>Pool</emphasis>:"
25285
msgstr ""
25286
25287
#: serverguide/C/backups.xml:843(userinput)
25288
#, no-wrap
25289
msgid "1"
25290
msgstr ""
25291
25292
#: serverguide/C/backups.xml:842(computeroutput)
25293
#, no-wrap
25294
msgid ""
25295
"\n"
25296
"Select the Pool (1-2): <placeholder-1/>\n"
25297
"Connecting to Storage daemon TapeDrive at backupserver:9103 ...\n"
25298
"Sending label command for Volume \"Sunday\" Slot 0 ...\n"
25299
msgstr ""
25300
25301
#: serverguide/C/backups.xml:850(para)
25302
msgid ""
25303
"Congratulations, you have now configured <emphasis>Bacula</emphasis> to "
25304
"backup the localhost to an attached tape drive."
25305
msgstr ""
25306
25307
#: serverguide/C/backups.xml:858(para)
25308
msgid ""
25309
"For more <emphasis>Bacula</emphasis> configuration options refer to the "
25310
"<ulink url=\"http://www.bacula.org/en/rel-manual/index.html\">Bacula User's "
25311
"Manual</ulink>"
25312
msgstr ""
25313
25314
#: serverguide/C/backups.xml:864(para)
25315
msgid ""
25316
"The <ulink url=\"http://www.bacula.org/\">Bacula Home Page</ulink> contains "
25317
"the latest Bacula news and developments."
25318
msgstr ""
25319
"คุณสามารถอ่านข่าวคราวล่าสุดเกี่ยวกับ Bacula ได้ที่<ulink "
25320
"url=\"http://www.bacula.org/\">หน้าโฮมเพจของ Bacula</ulink>"
25321
25322
#: serverguide/C/backups.xml:869(para)
25323
msgid ""
25324
"Also, see the <ulink url=\"https://help.ubuntu.com/community/Bacula\">Bacula "
25325
"Ubuntu Wiki</ulink> page."
25326
msgstr ""
25327
25328
#. Put one translator per line, in the form of NAME <EMAIL>, YEAR1, YEAR2
25329
#: serverguide/C/backups.xml:0(None)
25330
msgid "translator-credits"
25331
msgstr ""
25332
"Launchpad Contributions:\n"
25333
" Matthew East https://launchpad.net/~mdke\n"
25334
" Sukit Arseanrapoj https://launchpad.net/~sukit"
25335
25336
#~ msgid ""
25337
#~ "With Apache now configured for HTTPS, restart the service to enable the new "
25338
#~ "settings:"
25339
#~ msgstr ""
25340
#~ "ตอนนี้เมื่อคุณได้ตั้งค่า Apache ให้สนับสนุน HTTPS แล้วคุณจะต้องเริ่มโปรแกรม "
25341
#~ "Apache ใหม่เพื่อให้การตั้งค่าใหม่มีผลบังคับใช้:"
25342
25343
#~ msgid ""
25344
#~ "To configure <application>Apache</application> for HTTPS, enter the "
25345
#~ "following:"
25346
#~ msgstr ""
25347
#~ "คุณต้องพิมพ์คำสั่งดังนี้เพื่อให้ <application>Apache</application> "
25348
#~ "สนับสนุนการใช้ HTTPS"
25349
25350
#~ msgid ""
25351
#~ "There is a default HTTPS configuration file in <filename>/etc/apache2/sites-"
25352
#~ "available/default-ssl</filename>. In order for "
25353
#~ "<application>Apache</application> to provide HTTPS, a "
25354
#~ "<emphasis>certificate</emphasis> and <emphasis>key</emphasis> file are also "
25355
#~ "needed. The default HTTPS configuration will use a certificate and key "
25356
#~ "generated by the <application>ssl-cert</application> package. They are good "
25357
#~ "for testing, but the auto-generated certificate and key should be replaced "
25358
#~ "by a certificate specific to the site or server. For information on "
25359
#~ "generating a key and obtaining a certificate see <xref "
25360
#~ "linkend=\"certificates-and-security\"/>"
25361
#~ msgstr ""
25362
#~ "ไฟล์การตั้งค่า HTTPS ที่มาพร้อมกับการติดตั้งอยู่ที่ "
25363
#~ "<filename>/etc/apache2/sites-available/default-ssl</filename> เพื่อที่จะให้ "
25364
#~ "<application>Apache</application> สนับสนุน HTTPS คุณจะต้องมี "
25365
#~ "<emphasis>หนังสือรับรองดิจิตอล (certificate)</emphasis> และ "
25366
#~ "<emphasis>กุญแจสำหรับเข้าและถอดรหัส (key)</emphasis> ไฟล์การตั้งค่า HTTPS "
25367
#~ "เริ่มต้นใช้หนังสือรับรองและกุญแจที่สร้างโดยชุดโปรแกรม <application>ssl-"
25368
#~ "cert</application> ไฟล์ทั้งสองนี้เหมาะสำหรับใช้ทดสอบ "
25369
#~ "แต่อย่างไรก็ตามคุณควรแทนที่ไฟล์ทั้งสองนี้ด้วยหนังสือรับรองและกุญแจที่ใช้เฉพาะ"
25370
#~ "สำหรับเว็บไซต์หรือเครื่องเซิร์ฟเวอร์เมื่อใช้งานจริง "
25371
#~ "สำหรับข้อมูลการสร้างกุญแจและขอหนังสือรับรอง กรุณาอ่าน <xref "
25372
#~ "linkend=\"certificates-and-security\"/>"
25373
25374
#~ msgid "Click Add or remove a role"
25375
#~ msgstr "คลิ๊ก Add or remove a role"
25376
25377
#~ msgid ""
25378
#~ "When joining an Ubuntu Desktop workstation to a domain, you may need to edit "
25379
#~ "<filename>/etc/nsswitch.conf</filename> if your AD domain uses the <emphasis "
25380
#~ "role=\"italic\">.local</emphasis> syntax. In order to join the domain the "
25381
#~ "<emphasis>\"mdns4\"</emphasis> entry from the <emphasis>hosts</emphasis> "
25382
#~ "option. For example:"
25383
#~ msgstr ""
25384
#~ "เวลาคุณเอาเครื่องอูบุนตู เดสก์ท๊อปเข้าร่วมกับโดเมน คุณอาจจะต้องแก้ไขไฟล์ "
25385
#~ "<filename>/etc/nsswitch.conf</filename> ถ้าโดเมน AD ใช้ชื่อแบบ <emphasis "
25386
#~ "role=\"italic\">.local</emphasis> โดยแก้ไขส่วน "
25387
#~ "<emphasis>\"mdns4\"</emphasis> ของตัวเลือก <emphasis>hosts</emphasis> เช่น:"
25388
25389
#~ msgid "Once part of the domain, install the following packages:"
25390
#~ msgstr "หลังจากเห็นส่วนหนึ่งของโดเมนแล้ว ให้ติดตั้งแพคเกจเหล่านี้ :"
25391
25392
#~ msgid ""
25393
#~ "Click "
25394
#~ "<menuchoice><guimenuitem>Start</guimenuitem><guimenuitem>Administrative Tools"
25395
#~ "</guimenuitem><guimenuitem>Manager Your Server</guimenuitem></menuchoice>. "
25396
#~ "This will open the <application>Server Role Mangement</application> utility."
25397
#~ msgstr ""
25398
#~ "คลิ๊ก "
25399
#~ "<menuchoice><guimenuitem>Start</guimenuitem><guimenuitem>Administrative Tools"
25400
#~ "</guimenuitem><guimenuitem>Manager Your Server</guimenuitem></menuchoice> "
25401
#~ "เมนูนี้จะเปิดโปรแกรม <application>Server Role Mangement</application>"
25402
25403
#~ msgid ""
25404
#~ "This section assumes you have installed and configured Apache 2 Web Server "
25405
#~ "and MySQL Database Server. You can refer to Apache 2 section and MySQL "
25406
#~ "sections in this document to install and configure Apache 2 and MySQL "
25407
#~ "respectively."
25408
#~ msgstr ""
25409
#~ "ส่วนนี้จะสันนิฐฐานว่าคุณได้ติดตั้งและตั้งค่าต่างๆของเว็บเซิร์ฟเวอร์ Apache 2 "
25410
#~ "และฐานข้อมูล MySQL เรียบร้อยแล้ว คุณสามารถดูบทความส่วน Apache 2 และ MySQL "
25411
#~ "เพื่อติดตั้งโปรแกรมเหล่านี้ได้"
25412
25413
#~ msgid ""
25414
#~ "Again, Using Squid's access control, you may configure use of Internet "
25415
#~ "services proxied by Squid to be available only users with certain Internet "
25416
#~ "Protocol (IP) addresses. For example, we will illustrate access by users of "
25417
#~ "the 192.168.42.0/24 subnetwork only:"
25418
#~ msgstr ""
25419
#~ "คุณยังสามารถใช้ความสามารถในการระบุสิทธิ์ของ Squid เพื่อระบุเลขที่ IP "
25420
#~ "ของผู้ใช้ที่สามารถใช้บริการอินเตอร์เน็ตต่างๆผ่าน Squid "
25421
#~ "เช่นถ้าคุณต้องการให้ผู้ใช้ที่มีเลขที่ IP 192.168.42.0/24 "
25422
#~ "ในเครือข่ายย่อยสามารถใช้ Squid ได้เท่านั้น คุณจะต้อง:"
25423
25424
#~ msgid ""
25425
#~ "For example, when a user requests the page "
25426
#~ "http://www.example.com/this_directory/, he or she will get either the "
25427
#~ "DirectoryIndex page if it exists, a server-generated directory list if it "
25428
#~ "does not and the Indexes option is specified, or a Permission Denied page if "
25429
#~ "neither is true. The server will try to find one of the files listed in the "
25430
#~ "DirectoryIndex directive and will return the first one it finds. If it does "
25431
#~ "not find any of these files and if Options Indexes is set for that "
25432
#~ "directory, the server will generate and return a list, in HTML format, of "
25433
#~ "the subdirectories and files in the directory. The default value, found in "
25434
#~ "<filename>/etc/apache2/apache2.conf</filename> is \" index.html index.cgi "
25435
#~ "index.pl index.php index.xhtml\". Thus, if Apache2 finds a file in a "
25436
#~ "requested directory matching any of these names, the first will be displayed."
25437
#~ msgstr ""
25438
#~ "ยกตัวอย่างเช่น ถ้าผู้ใช้ต้องการดูหน้า http://www.example.com/this_directory/ "
25439
#~ "สิ่งที่ผู้ใช้จะเห็นคือหน้า DirectoryIndex ถ้าคุณได้ระบุไว้ในคำสั่ง "
25440
#~ "DirectoryIndex แต่ถ้าเซิร์ฟเวอร์หาไฟล์ที่ระบุใน DirectoryIndex ไม่พบ "
25441
#~ "หรือคุณไม่ได้ระบุ DirectoryIndex แต่ได้ใช้ตัวเลือก Indexes "
25442
#~ "สำหรับไดเร็คทอรี่นี้ "
25443
#~ "เซิร์ฟเวอร์จะสร้างและคืนหน้าเว็บที่มีรายชื่อของไฟล์และไดเร็คทอรี่ลูกแทน "
25444
#~ "สุดท้ายนี้ถ้าเซิร์ฟเวอร์ไม่สามารถคืนหน้า index ได้จะคืนหน้า Permission "
25445
#~ "Denied ให้กลับผู้ใช้แทน ชื่อไฟล์ที่เซิร์ฟเวอร์ค้นหาที่อยู่ในไฟล์ "
25446
#~ "<filename>/etc/apache2/apache2.conf</filename> คือ \"index.html index.cgi "
25447
#~ "index.pl index.php index.xhtml\" "
25448
#~ "ถ้าเซิร์ฟเวอร์ค้นพบไฟล์ที่ตรงกับชื่อใดชื่อหนึ่งในรายชื่อนี้ "
25449
#~ "ไฟล์แรกที่ถูกค้นพบจะถูกคืนและแสดงผลให้ผู้ใช้"
25450
25451
#~ msgid "Apache Modules"
25452
#~ msgstr "โมดูลของ Apache"
25453
25454
#~ msgid ""
25455
#~ "Depending on how you obtained your certificate you may need to enter a "
25456
#~ "passphrase when <application>Apache</application> starts."
25457
#~ msgstr ""
25458
#~ "คุณอาจจะต้องใส่รหัสผ่านเมื่อโปรแกรม <application>Apache</application> "
25459
#~ "เริ่มทำงาน (ขึ้นอยู่กับว่าคุณได้หนังสือรับรองมายังไง)"
25460
25461
#~ msgid ""
25462
#~ "The <emphasis>DocumentRoot</emphasis> directive specifies where Apache "
25463
#~ "should look for the files that make up the site. The default value is "
25464
#~ "/var/www. No site is configured there, but if you uncomment the "
25465
#~ "<emphasis>RedirectMatch</emphasis> directive in "
25466
#~ "<filename>/etc/apache2/apache2.conf</filename> requests will be redirected "
25467
#~ "to /var/www/apache2-default where the default Apache2 site awaits. Change "
25468
#~ "this value in your site's virtual host file, and remember to create that "
25469
#~ "directory if necessary!"
25470
#~ msgstr ""
25471
#~ "คำสั่ง <emphasis>DocumentRoot</emphasis> "
25472
#~ "ใช้เพื่อระบุตำแหน่งโฟลเดอร์ที่เก็บหน้าเว็บต่างๆของเว็บไซต์ "
25473
#~ "ค่าเริ่มต้นจากการติดตั้งของคำสั่งนี้คือ /var/www "
25474
#~ "ซึ่งไม่มีเอกสารของเว็บไซต์ใดๆ แต่ถ้าคุณเอา comment ของคำสั่ง "
25475
#~ "<emphasis>RedirectMatch</emphasis> ในไฟล์ "
25476
#~ "<filename>/etc/apache2/apache2.conf</filename> ออก "
25477
#~ "คำร้องขอหน้าเว็บจะใช้ไฟล์จาก /var/www/apache2-default "
25478
#~ "ซึ่งเป็นที่ๆเก็บหน้าเว็บของ Apache2 แทน คุณสามารถแก้ไขคำสั่งนี้ในไฟล์ "
25479
#~ "virtual host ของเว็บไซต์ของคุณ และอย่าลืมสร้างโฟลเดอร์ของเว็บไซต์คุณด้วยล่ะ!"
25480
25481
#~ msgid ""
25482
#~ "The Apache2 web server is available in Ubuntu Linux. To install Apache2:"
25483
#~ msgstr ""
25484
#~ "ระบบอูบุนตูมาพร้อมกับเว็บเซิร์ฟเวอร์ Apache2 เช่นกัน "
25485
#~ "คุณสามารถติดตั้งโปรแกรมโดย:"
Loggerhead is a web-based interface for Breezy
Version: 2.0.1