« back to all changes in this revision
Viewing changes to serverguide/po/ace.po
- browse files at revision 1
- compare with another revision
- download diff
- download tarball
- view history from revision 1
- Committer: Matthew East
- Date: 2011-05-03 07:11:18 UTC
- Revision ID: mdke@ubuntu.com-20110503071118-081aatibsr9k2yqy
Add files from ubuntu-docs natty branch, trim to use only those necessary for serverguide
- files added:
- build
- build/libs
- build/libs/admon
- build/libs/callouts
- build/libs/img
- build/libs/navig
- build/serverguide
- build/serverguide/C
- build/serverguide/sample
- libs
- libs/C
- libs/admon
- libs/authors
- libs/callouts
- libs/img
- libs/navig
- scripts
- serverguide
- serverguide/C
- serverguide/po
- serverguide/sample
added
removed
serverguide/po/ace.po
1
# Achinese translation for ubuntu-docs
2
# Copyright (c) 2009 Rosetta Contributors and Canonical Ltd 2009
3
# This file is distributed under the same license as the ubuntu-docs package.
4
# FIRST AUTHOR <EMAIL@ADDRESS>, 2009.
5
#
6
msgid ""
7
msgstr ""
8
"Project-Id-Version: ubuntu-docs\n"
9
"Report-Msgid-Bugs-To: FULL NAME <EMAIL@ADDRESS>\n"
10
"POT-Creation-Date: 2010-08-14 22:34+0100\n"
11
"PO-Revision-Date: 2010-08-16 03:54+0000\n"
12
"Last-Translator: maxim(Feng Liu) <maximliu@gmail.com>\n"
13
"Language-Team: Achinese <ace@li.org>\n"
14
"MIME-Version: 1.0\n"
15
"Content-Type: text/plain; charset=UTF-8\n"
16
"Content-Transfer-Encoding: 8bit\n"
17
"X-Launchpad-Export-Date: 2010-09-18 10:44+0000\n"
18
"X-Generator: Launchpad (build Unknown)\n"
19
20
#: serverguide/C/serverguide-C.omf:6(creator) serverguide/C/serverguide-C.omf:7(maintainer)
21
msgid "ubuntu-doc@lists.ubuntu.com (Ubuntu Documentation Project)"
22
msgstr "ubuntu-doc@lists.ubuntu.com (Ubuntu 文档项目)"
23
24
#: serverguide/C/serverguide-C.omf:8(title) serverguide/C/serverguide-C.omf:11(description) serverguide/C/serverguide.xml:14(title) serverguide/C/bookinfo.xml:13(title)
25
msgid "Ubuntu Server Guide"
26
msgstr "Ubuntu服务器指南"
27
28
#: serverguide/C/serverguide-C.omf:9(date)
29
msgid "2007-09-30"
30
msgstr "2007年9月30日"
31
32
#: serverguide/C/windows-networking.xml:13(title)
33
msgid "Windows Networking"
34
msgstr "Windows网络"
35
36
#: serverguide/C/windows-networking.xml:15(para)
37
msgid ""
38
"Computer networks are often comprised of diverse systems, and while "
39
"operating a network made up entirely of Ubuntu desktop and server computers "
40
"would certainly be fun, some network environments must consist of both "
41
"Ubuntu and <trademark class=\"registered\">Microsoft</trademark><trademark "
42
"class=\"registered\">Windows</trademark> systems working together in "
43
"harmony. This section of the <phrase>Ubuntu</phrase> Server Guide introduces "
44
"principles and tools used in configuring your Ubuntu Server for sharing "
45
"network resources with Windows computers."
46
msgstr ""
47
"计算机网络通常有不同的网络系统组成,虽然运作一个完全有Ubuntu桌面系统以及服务器组成的网络会很好玩,但是有些网络环境必须由Ubuntu和<tradem"
48
"ark class=\"registered\">微软(Microsoft)</trademark><trademark "
49
"class=\"registered\">视窗(Windows)</trademark> 系统完美的在一起和谐的工作。这个部分 "
50
"<phrase>Ubuntu</phrase>服务器指南介绍一些原理以及工具用来配置您的Ubuntu服务器用来和装有视窗系统的计算机进行网络资源的共享。"
51
52
#: serverguide/C/windows-networking.xml:25(title) serverguide/C/virtualization.xml:402(title) serverguide/C/security.xml:349(title) serverguide/C/remote-administration.xml:21(title) serverguide/C/package-management.xml:20(title) serverguide/C/introduction.xml:13(title)
53
msgid "Introduction"
54
msgstr "介绍"
55
56
#: serverguide/C/windows-networking.xml:27(para)
57
msgid ""
58
"Successfully networking your Ubuntu system with Windows clients involves "
59
"providing and integrating with services common to Windows environments. Such "
60
"services assist the sharing of data and information about the computers and "
61
"users involved in the network, and may be classified under three major "
62
"categories of functionality:"
63
msgstr ""
64
65
#: serverguide/C/windows-networking.xml:35(para)
66
msgid ""
67
"<emphasis role=\"bold\">File and Printer Sharing Services</emphasis>. Using "
68
"the Server Message Block (SMB) protocol to facilitate the sharing of files, "
69
"folders, volumes, and the sharing of printers throughout the network."
70
msgstr ""
71
"<emphasis "
72
"role=\"bold\">文件和打印机共享服务</emphasis>.使用服务器消息块(SMB)协议来协助通过网络对文件,文件夹,卷宗以及打印机的共享。"
73
74
#: serverguide/C/windows-networking.xml:41(para)
75
msgid ""
76
"<emphasis role=\"bold\">Directory Services</emphasis>. Sharing vital "
77
"information about the computers and users of the network with such "
78
"technologies as the Lightweight Directory Access Protocol (LDAP) and "
79
"Microsoft <trademark class=\"registered\">Active Directory</trademark>."
80
msgstr ""
81
82
#: serverguide/C/windows-networking.xml:48(para)
83
msgid ""
84
"<emphasis role=\"bold\">Authentication and Access</emphasis>. Establishing "
85
"the identity of a computer or user of the network and determining the "
86
"information the computer or user is authorized to access using such "
87
"principles and technologies as file permissions, group policies, and the "
88
"Kerberos authentication service."
89
msgstr ""
90
91
#: serverguide/C/windows-networking.xml:56(para)
92
msgid ""
93
"Fortunately, your Ubuntu system may provide all such facilities to Windows "
94
"clients and share network resources among them. One of the principal pieces "
95
"of software your Ubuntu system includes for Windows networking is the Samba "
96
"suite of SMB server applications and tools."
97
msgstr ""
98
99
#: serverguide/C/windows-networking.xml:62(para)
100
msgid ""
101
"This section of the <phrase>Ubuntu</phrase> Server Guide will introduce some "
102
"of the common Samba use cases, and how to install and configure the "
103
"necessary packages. Additional detailed documentation and information on "
104
"Samba can be found on the <ulink url=\"http://www.samba.org\">Samba "
105
"website</ulink>."
106
msgstr ""
107
"这个部分的<phrase>Ubuntu</phrase>服务器指南将会介绍一些常用的Samba使用实例,以及如何安装和配置必须的软件包。关于Samba更详"
108
"细的文档以及信息可以参阅ulink url=\"http://www.samba.org\">Samba网站</ulink>."
109
110
#: serverguide/C/windows-networking.xml:70(title)
111
msgid "Samba File Server"
112
msgstr "Samba文件服务器"
113
114
#: serverguide/C/windows-networking.xml:72(para)
115
msgid ""
116
"One of the most common ways to network Ubuntu and Windows computers is to "
117
"configure Samba as a File Server. This section covers setting up a "
118
"<application>Samba</application> server to share files with Windows clients."
119
msgstr ""
120
"实现Ubuntu和Windows系统之间网络通讯的方法之一是将Samba配置成一个文件服务器。这个部分涵盖了设置<application>Samba</a"
121
"pplication> 服务器以用来和Windows客户端进行文件共享。"
122
123
#: serverguide/C/windows-networking.xml:77(para)
124
msgid ""
125
"The server will be configured to share files with any client on the network "
126
"without prompting for a password. If your environment requires stricter "
127
"Access Controls see <xref linkend=\"samba-fileprint-security\"/>"
128
msgstr ""
129
"服务器将会被设置成和任何在网络上的客户端进行文件共享,而不询问密码。如果您的环境需要更严格的存取控制,参阅<xref linkend=\"samba-"
130
"fileprint-security\"/>"
131
132
#: serverguide/C/windows-networking.xml:83(title) serverguide/C/windows-networking.xml:288(title) serverguide/C/windows-networking.xml:1317(title) serverguide/C/web-servers.xml:41(title) serverguide/C/web-servers.xml:675(title) serverguide/C/web-servers.xml:816(title) serverguide/C/web-servers.xml:940(title) serverguide/C/vpn.xml:33(title) serverguide/C/virtualization.xml:62(title) serverguide/C/vcs.xml:28(title) serverguide/C/vcs.xml:86(title) serverguide/C/vcs.xml:405(title) serverguide/C/remote-administration.xml:51(title) serverguide/C/network-config.xml:937(title) serverguide/C/network-auth.xml:52(title) serverguide/C/network-auth.xml:1590(title) serverguide/C/network-auth.xml:2102(title) serverguide/C/network-auth.xml:2493(title) serverguide/C/monitoring.xml:42(title) serverguide/C/monitoring.xml:428(title) serverguide/C/mail.xml:40(title) serverguide/C/mail.xml:496(title) serverguide/C/mail.xml:674(title) serverguide/C/mail.xml:823(title) serverguide/C/mail.xml:1315(title) serverguide/C/lamp-applications.xml:108(title) serverguide/C/lamp-applications.xml:287(title) serverguide/C/lamp-applications.xml:423(title) serverguide/C/installation.xml:13(title) serverguide/C/installation.xml:957(title) serverguide/C/file-server.xml:347(title) serverguide/C/file-server.xml:462(title) serverguide/C/dns.xml:23(title) serverguide/C/databases.xml:40(title) serverguide/C/databases.xml:164(title) serverguide/C/chat.xml:37(title) serverguide/C/chat.xml:141(title) serverguide/C/backups.xml:593(title)
133
msgid "Installation"
134
msgstr "安装"
135
136
#: serverguide/C/windows-networking.xml:85(para)
137
msgid ""
138
"The first step is to install the <application>samba</application> package. "
139
"From a terminal prompt enter:"
140
msgstr "第一步是安装<application>samba</application> 程序包。在终端提示符后输入:"
141
142
#: serverguide/C/windows-networking.xml:90(command) serverguide/C/windows-networking.xml:300(command)
143
msgid "sudo apt-get install samba"
144
msgstr "sudo apt-get install samba"
145
146
#: serverguide/C/windows-networking.xml:93(para)
147
msgid ""
148
"That's all there is to it; you are now ready to configure Samba to share "
149
"files."
150
msgstr "这就是全部了,您现在可以准备开始设置Samba来共享文件了。"
151
152
#: serverguide/C/windows-networking.xml:99(title) serverguide/C/windows-networking.xml:305(title) serverguide/C/web-servers.xml:61(title) serverguide/C/web-servers.xml:726(title) serverguide/C/web-servers.xml:827(title) serverguide/C/web-servers.xml:967(title) serverguide/C/web-servers.xml:1067(title) serverguide/C/vpn.xml:138(title) serverguide/C/vcs.xml:39(title) serverguide/C/vcs.xml:423(title) serverguide/C/remote-administration.xml:73(title) serverguide/C/package-management.xml:387(title) serverguide/C/network-config.xml:959(title) serverguide/C/network-auth.xml:2141(title) serverguide/C/network-auth.xml:2514(title) serverguide/C/monitoring.xml:187(title) serverguide/C/monitoring.xml:454(title) serverguide/C/mail.xml:505(title) serverguide/C/mail.xml:684(title) serverguide/C/mail.xml:908(title) serverguide/C/mail.xml:1344(title) serverguide/C/lamp-applications.xml:128(title) serverguide/C/lamp-applications.xml:314(title) serverguide/C/lamp-applications.xml:453(title) serverguide/C/file-server.xml:360(title) serverguide/C/file-server.xml:488(title) serverguide/C/dns.xml:39(title) serverguide/C/databases.xml:84(title) serverguide/C/databases.xml:183(title) serverguide/C/clustering.xml:47(title) serverguide/C/chat.xml:57(title) serverguide/C/chat.xml:153(title) serverguide/C/backups.xml:616(title)
153
msgid "Configuration"
154
msgstr "配置"
155
156
#: serverguide/C/windows-networking.xml:101(para)
157
msgid ""
158
"The main Samba configuration file is located in "
159
"<filename>/etc/samba/smb.conf</filename>. The default configuration file has "
160
"a significant amount of comments in order to document various configuration "
161
"directives."
162
msgstr ""
163
"Samba的主要配置文件在<filename>/etc/samba/smb.conf</filename>中。默认的配置文件中包括了大量的说明来说明不同的"
164
"配置指令。"
165
166
#: serverguide/C/windows-networking.xml:106(para)
167
msgid ""
168
"Not all the available options are included in the default configuration "
169
"file. See the <filename>smb.conf</filename><application>man</application> "
170
"page or the <ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
171
"Collection/\">Samba HOWTO Collection</ulink> for more details."
172
msgstr ""
173
174
#: serverguide/C/windows-networking.xml:116(para)
175
msgid ""
176
"First, edit the following key/value pairs in the "
177
"<emphasis>[global]</emphasis> section of "
178
"<filename>/etc/samba/smb.conf</filename>:"
179
msgstr ""
180
181
#: serverguide/C/windows-networking.xml:121(programlisting) serverguide/C/windows-networking.xml:312(programlisting) serverguide/C/windows-networking.xml:780(programlisting) serverguide/C/windows-networking.xml:1003(programlisting)
182
#, no-wrap
183
msgid ""
184
"\n"
185
" workgroup = EXAMPLE\n"
186
" ...\n"
187
" security = user\n"
188
msgstr ""
189
190
#: serverguide/C/windows-networking.xml:127(para)
191
msgid ""
192
"The <emphasis>security</emphasis> parameter is farther down in the [global] "
193
"section, and is commented by default. Also, change "
194
"<emphasis>EXAMPLE</emphasis> to better match your environment."
195
msgstr ""
196
197
#: serverguide/C/windows-networking.xml:135(para)
198
msgid ""
199
"Create a new section at the bottom of the file, or uncomment one of the "
200
"examples, for the directory to be shared:"
201
msgstr "在文件底部创建一个新的部分(Section), 或者使用其中的一个例子来实现目录的共享。"
202
203
#: serverguide/C/windows-networking.xml:139(programlisting)
204
#, no-wrap
205
msgid ""
206
"\n"
207
"[share]\n"
208
" comment = Ubuntu File Server Share\n"
209
" path = /srv/samba/share\n"
210
" browsable = yes\n"
211
" guest ok = yes\n"
212
" read only = no\n"
213
" create mask = 0755\n"
214
msgstr ""
215
216
#: serverguide/C/windows-networking.xml:151(para)
217
msgid ""
218
"<emphasis>comment:</emphasis> a short description of the share. Adjust to "
219
"fit your needs."
220
msgstr "<emphasis>注释(comment):</emphasis>是一个对于共享的简短描述。调整它们以满足你的需求。"
221
222
#: serverguide/C/windows-networking.xml:156(para)
223
msgid "<emphasis>path:</emphasis> the path to the directory to share."
224
msgstr "<emphasis>路径(path):</emphasis>表明共享目录 的路径"
225
226
#: serverguide/C/windows-networking.xml:159(para)
227
msgid ""
228
"This example uses <filename>/srv/samba/sharename</filename> because, "
229
"according to the <emphasis>Filesystem Hierarchy Standard (FHS)</emphasis>, "
230
"<ulink url=\"http://www.pathname.com/fhs/pub/fhs-"
231
"2.3.html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM\">/srv</ulink> is where site-"
232
"specific data should be served. Technically Samba shares can be placed "
233
"anywhere on the filesystem as long as the permissions are correct, but "
234
"adhering to standards is recommended."
235
msgstr ""
236
237
#: serverguide/C/windows-networking.xml:168(para)
238
msgid ""
239
"<emphasis>browsable:</emphasis> enables Windows clients to browse the shared "
240
"directory using <application>Windows Explorer</application>."
241
msgstr ""
242
"<emphasis>可浏览(browsable):</emphasis>使Windows客户端可以使用<application>Windows "
243
"Explorer</application>来浏览共享目录"
244
245
#: serverguide/C/windows-networking.xml:174(para)
246
msgid ""
247
"<emphasis>guest ok:</emphasis> allows clients to connect to the share "
248
"without supplying a password."
249
msgstr "<emphasis>允许客户guest ok:</emphasis>允许客户不用提供密码就可以连接共享"
250
251
#: serverguide/C/windows-networking.xml:179(para)
252
msgid ""
253
"<emphasis>read only:</emphasis> determines if the share is read only or if "
254
"write privileges are granted. Write privileges are allowed only when the "
255
"value is <emphasis>no</emphasis>, as is seen in this example. If the value "
256
"is <emphasis>yes</emphasis>, then access to the share is read only."
257
msgstr ""
258
259
#: serverguide/C/windows-networking.xml:184(para)
260
msgid ""
261
"<emphasis>create mask:</emphasis> determines the permissions new files will "
262
"have when created."
263
msgstr ""
264
265
#: serverguide/C/windows-networking.xml:193(para)
266
msgid ""
267
"Now that <application>Samba</application> is configured, the directory needs "
268
"to be created and the permissions changed. From a terminal enter:"
269
msgstr ""
270
271
#: serverguide/C/windows-networking.xml:199(command)
272
msgid "sudo mkdir -p /srv/samba/share"
273
msgstr ""
274
275
#: serverguide/C/windows-networking.xml:200(command)
276
msgid "sudo chown nobody.nogroup /srv/samba/share/"
277
msgstr ""
278
279
#: serverguide/C/windows-networking.xml:204(para)
280
msgid ""
281
"The <emphasis>-p</emphasis> switch tells mkdir to create the entire "
282
"directory tree if it doesn't exist. Change the share name to fit your "
283
"environment."
284
msgstr ""
285
286
#: serverguide/C/windows-networking.xml:213(para)
287
msgid ""
288
"Finally, restart the <application>samba</application> services to enable the "
289
"new configuration:"
290
msgstr ""
291
292
#: serverguide/C/windows-networking.xml:218(command) serverguide/C/windows-networking.xml:332(command) serverguide/C/windows-networking.xml:470(command) serverguide/C/windows-networking.xml:570(command) serverguide/C/windows-networking.xml:949(command) serverguide/C/windows-networking.xml:1060(command) serverguide/C/windows-networking.xml:1176(command) serverguide/C/network-auth.xml:1869(command)
293
msgid "sudo restart smbd"
294
msgstr ""
295
296
#: serverguide/C/windows-networking.xml:219(command) serverguide/C/windows-networking.xml:333(command) serverguide/C/windows-networking.xml:471(command) serverguide/C/windows-networking.xml:571(command) serverguide/C/windows-networking.xml:950(command) serverguide/C/windows-networking.xml:1061(command) serverguide/C/windows-networking.xml:1177(command) serverguide/C/network-auth.xml:1870(command)
297
msgid "sudo restart nmbd"
298
msgstr ""
299
300
#: serverguide/C/windows-networking.xml:226(para)
301
msgid ""
302
"Once again, the above configuration gives all access to any client on the "
303
"local network. For a more secure configuration see <xref linkend=\"samba-"
304
"fileprint-security\"/>."
305
msgstr ""
306
307
#: serverguide/C/windows-networking.xml:232(para)
308
msgid ""
309
"From a Windows client you should now be able to browse to the Ubuntu file "
310
"server and see the shared directory. To check that everything is working try "
311
"creating a directory from Windows."
312
msgstr ""
313
314
#: serverguide/C/windows-networking.xml:237(para)
315
msgid ""
316
"To create additional shares simply create new <emphasis>[dir]</emphasis> "
317
"sections in <filename>/etc/samba/smb.conf</filename>, and restart "
318
"<emphasis>Samba</emphasis>. Just make sure that the directory you want to "
319
"share actually exists and the permissions are correct."
320
msgstr ""
321
322
#: serverguide/C/windows-networking.xml:244(title) serverguide/C/windows-networking.xml:343(title) serverguide/C/windows-networking.xml:700(title) serverguide/C/windows-networking.xml:1080(title) serverguide/C/windows-networking.xml:1288(title) serverguide/C/virtualization.xml:366(title) serverguide/C/virtualization.xml:1168(title) serverguide/C/reporting-bugs.xml:304(title) serverguide/C/network-config.xml:569(title) serverguide/C/network-config.xml:824(title) serverguide/C/network-auth.xml:1540(title) serverguide/C/network-auth.xml:1985(title) serverguide/C/network-auth.xml:2589(title) serverguide/C/network-auth.xml:3097(title) serverguide/C/installation.xml:892(title) serverguide/C/installation.xml:1173(title) serverguide/C/databases.xml:122(title) serverguide/C/databases.xml:273(title) serverguide/C/backups.xml:855(title)
323
msgid "Resources"
324
msgstr ""
325
326
#: serverguide/C/windows-networking.xml:248(para) serverguide/C/windows-networking.xml:347(para) serverguide/C/windows-networking.xml:704(para) serverguide/C/windows-networking.xml:1084(para)
327
msgid ""
328
"For in depth Samba configurations see the <ulink "
329
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba HOWTO "
330
"Collection</ulink>"
331
msgstr ""
332
333
#: serverguide/C/windows-networking.xml:254(para) serverguide/C/windows-networking.xml:353(para) serverguide/C/windows-networking.xml:710(para) serverguide/C/windows-networking.xml:1090(para)
334
msgid ""
335
"The guide is also available in <ulink "
336
"url=\"http://www.amazon.com/exec/obidos/tg/detail/-/0131882228\">printed "
337
"format</ulink>."
338
msgstr ""
339
340
#: serverguide/C/windows-networking.xml:260(para) serverguide/C/windows-networking.xml:359(para)
341
msgid ""
342
"O'Reilly's <ulink "
343
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is "
344
"another good reference."
345
msgstr ""
346
347
#: serverguide/C/windows-networking.xml:266(para) serverguide/C/windows-networking.xml:370(para) serverguide/C/windows-networking.xml:735(para) serverguide/C/windows-networking.xml:1114(para) serverguide/C/windows-networking.xml:1301(para)
348
msgid ""
349
"The <ulink url=\"https://help.ubuntu.com/community/Samba\">Ubuntu Wiki Samba "
350
"</ulink> page."
351
msgstr ""
352
353
#: serverguide/C/windows-networking.xml:275(title)
354
msgid "Samba Print Server"
355
msgstr "Samba打印服务器"
356
357
#: serverguide/C/windows-networking.xml:277(para)
358
msgid ""
359
"Another common use of Samba is to configure it to share printers installed, "
360
"either locally or over the network, on an Ubuntu server. Similar to <xref "
361
"linkend=\"samba-fileserver\"/> this section will configure Samba to allow "
362
"any client on the local network to use the installed printers without "
363
"prompting for a username and password."
364
msgstr ""
365
366
#: serverguide/C/windows-networking.xml:283(para)
367
msgid ""
368
"For a more secure configuration see <xref linkend=\"samba-fileprint-"
369
"security\"/>."
370
msgstr ""
371
372
#: serverguide/C/windows-networking.xml:290(para)
373
msgid ""
374
"Before installing and configuring Samba it is best to already have a working "
375
"<application>CUPS</application> installation. See <xref linkend=\"cups\"/> "
376
"for details."
377
msgstr ""
378
379
#: serverguide/C/windows-networking.xml:295(para)
380
msgid ""
381
"To install the <application>samba</application> package, from a terminal "
382
"enter:"
383
msgstr ""
384
385
#: serverguide/C/windows-networking.xml:306(para)
386
msgid ""
387
"After installing samba edit <filename>/etc/samba/smb.conf</filename>. Change "
388
"the <emphasis>workgroup</emphasis> attribute to what is appropriate for your "
389
"network, and change <emphasis>security</emphasis> to <emphasis "
390
"role=\"italic\">share</emphasis>:"
391
msgstr ""
392
393
#: serverguide/C/windows-networking.xml:318(para)
394
msgid ""
395
"In the <emphasis>[printers]</emphasis> section change the <emphasis>guest "
396
"ok</emphasis> option to <emphasis role=\"italic\">yes</emphasis>:"
397
msgstr ""
398
399
#: serverguide/C/windows-networking.xml:322(programlisting)
400
#, no-wrap
401
msgid ""
402
"\n"
403
" browsable = yes\n"
404
" guest ok = yes\n"
405
msgstr ""
406
407
#: serverguide/C/windows-networking.xml:327(para)
408
msgid "After editing <filename>smb.conf</filename> restart Samba:"
409
msgstr ""
410
411
#: serverguide/C/windows-networking.xml:336(para)
412
msgid ""
413
"The default Samba configuration will automatically share any printers "
414
"installed. Simply install the printer locally on your Windows clients."
415
msgstr ""
416
417
#: serverguide/C/windows-networking.xml:365(para)
418
msgid ""
419
"Also, see the <ulink url=\"http://www.cups.org/\">CUPS Website</ulink> for "
420
"more information on configuring CUPS."
421
msgstr ""
422
"同时,参阅 <ulink url=\"http://www.cups.org/\">CUPS 网站</ulink>提供的更多关于CUPS设置的信息。"
423
424
#: serverguide/C/windows-networking.xml:379(title)
425
msgid "Securing a Samba File and Print Server"
426
msgstr "使Samba文件和打印服务器变的更安全"
427
428
#: serverguide/C/windows-networking.xml:382(title)
429
msgid "Samba Security Modes"
430
msgstr "Samba安全模式"
431
432
#: serverguide/C/windows-networking.xml:384(para)
433
msgid ""
434
"There are two security levels available to the Common Internet Filesystem "
435
"(CIFS) network protocol <emphasis>user-level</emphasis> and <emphasis>share-"
436
"level</emphasis>. Samba's <emphasis>security mode</emphasis> implementation "
437
"allows more flexibility, providing four ways of implementing user-level "
438
"security and one way to implement share-level:"
439
msgstr ""
440
441
#: serverguide/C/windows-networking.xml:393(para)
442
msgid ""
443
"<emphasis>security = user:</emphasis> requires clients to supply a username "
444
"and password to connect to shares. Samba user accounts are separate from "
445
"system accounts, but the <application>libpam-smbpass</application> package "
446
"will sync system users and passwords with the Samba user database."
447
msgstr ""
448
449
#: serverguide/C/windows-networking.xml:400(para)
450
msgid ""
451
"<emphasis>security = domain:</emphasis> this mode allows the Samba server to "
452
"appear to Windows clients as a Primary Domain Controller (PDC), Backup "
453
"Domain Controller (BDC), or a Domain Member Server (DMS). See <xref "
454
"linkend=\"samba-dc\"/> for further information."
455
msgstr ""
456
457
#: serverguide/C/windows-networking.xml:407(para)
458
msgid ""
459
"<emphasis>security = ADS:</emphasis> allows the Samba server to join an "
460
"Active Directory domain as a native member. See <xref linkend=\"samba-ad-"
461
"integration\"/> for details."
462
msgstr ""
463
464
#: serverguide/C/windows-networking.xml:413(para)
465
msgid ""
466
"<emphasis>security = server:</emphasis> this mode is left over from before "
467
"Samba could become a member server, and due to some security issues should "
468
"not be used. See the <ulink url=\"http://samba.org/samba/docs/man/Samba-"
469
"HOWTO-Collection/ServerType.html#id349531\">Server Security</ulink> section "
470
"of the Samba guide for more details."
471
msgstr ""
472
473
#: serverguide/C/windows-networking.xml:421(para)
474
msgid ""
475
"<emphasis>security = share:</emphasis> allows clients to connect to shares "
476
"without supplying a username and password."
477
msgstr "<emphasis>security = share:</emphasis>允许客户不提供用户名和密码便接入共享"
478
479
#: serverguide/C/windows-networking.xml:428(para)
480
msgid ""
481
"The security mode you choose will depend on your environment and what you "
482
"need the Samba server to accomplish."
483
msgstr ""
484
485
#: serverguide/C/windows-networking.xml:434(title)
486
msgid "Security = User"
487
msgstr ""
488
489
#: serverguide/C/windows-networking.xml:436(para)
490
msgid ""
491
"This section will reconfigure the Samba file and print server, from <xref "
492
"linkend=\"samba-fileserver\"/> and <xref linkend=\"samba-printserver\"/>, to "
493
"require authentication."
494
msgstr ""
495
496
#: serverguide/C/windows-networking.xml:441(para)
497
msgid ""
498
"First, install the <application>libpam-smbpass</application> package which "
499
"will sync the system users to the Samba user database:"
500
msgstr ""
501
502
#: serverguide/C/windows-networking.xml:447(command)
503
msgid "sudo apt-get install libpam-smbpass"
504
msgstr "sudo apt-get install libpam-smbpass"
505
506
#: serverguide/C/windows-networking.xml:451(para)
507
msgid ""
508
"If you chose the <emphasis>Samba Server</emphasis> task during installation "
509
"<application>libpam-smbpass</application> is already installed."
510
msgstr ""
511
512
#: serverguide/C/windows-networking.xml:457(para)
513
msgid ""
514
"Edit <filename>/etc/samba/smb.conf</filename>, and in the "
515
"<emphasis>[share]</emphasis> section change:"
516
msgstr ""
517
518
#: serverguide/C/windows-networking.xml:461(programlisting)
519
#, no-wrap
520
msgid ""
521
"\n"
522
" guest ok = no\n"
523
msgstr ""
524
525
#: serverguide/C/windows-networking.xml:465(para)
526
msgid "Finally, restart Samba for the new settings to take effect:"
527
msgstr ""
528
529
#: serverguide/C/windows-networking.xml:474(para)
530
msgid ""
531
"Now when connecting to the shared directories or printers you should be "
532
"prompted for a username and password."
533
msgstr ""
534
535
#: serverguide/C/windows-networking.xml:479(para)
536
msgid ""
537
"If you choose to map a network drive to the share you can check the "
538
"<quote>Reconnect at Logon</quote> check box, which will require you to only "
539
"enter the username and password once, at least until the password changes."
540
msgstr ""
541
542
#: serverguide/C/windows-networking.xml:487(title)
543
msgid "Share Security"
544
msgstr ""
545
546
#: serverguide/C/windows-networking.xml:489(para)
547
msgid ""
548
"There are several options available to increase the security for each "
549
"individual shared directory. Using the <emphasis>[share]</emphasis> example, "
550
"this section will cover some common options."
551
msgstr ""
552
553
#: serverguide/C/windows-networking.xml:495(title)
554
msgid "Groups"
555
msgstr "组"
556
557
#: serverguide/C/windows-networking.xml:497(para)
558
msgid ""
559
"Groups define a collection of computers or users which have a common level "
560
"of access to particular network resources and offer a level of granularity "
561
"in controlling access to such resources. For example, if a group <emphasis "
562
"role=\"italic\">qa</emphasis> is defined and contains the users <emphasis "
563
"role=\"italic\">freda</emphasis>, <emphasis "
564
"role=\"italic\">danika</emphasis>, and <emphasis "
565
"role=\"italic\">rob</emphasis> and a second group <emphasis "
566
"role=\"italic\">support</emphasis> is defined and consists of users "
567
"<emphasis role=\"italic\">danika</emphasis>, <emphasis "
568
"role=\"italic\">jeremy</emphasis>, and <emphasis "
569
"role=\"italic\">vincent</emphasis> then certain network resources configured "
570
"to allow access by the <emphasis role=\"italic\">qa</emphasis> group will "
571
"subsequently enable access by freda, danika, and rob, but not jeremy or "
572
"vincent. Since the user <emphasis role=\"italic\">danika</emphasis> belongs "
573
"to both the <emphasis role=\"italic\">qa</emphasis> and <emphasis "
574
"role=\"italic\">support</emphasis> groups, she will be able to access "
575
"resources configured for access by both groups, whereas all other users will "
576
"have only access to resources explicitly allowing the group they are part of."
577
msgstr ""
578
579
#: serverguide/C/windows-networking.xml:511(para)
580
msgid ""
581
"By default Samba looks for the local system groups defined in "
582
"<filename>/etc/group</filename> to determine which users belong to which "
583
"groups. For more information on adding and removing users from groups see "
584
"<xref linkend=\"adding-deleting-users\"/>."
585
msgstr ""
586
587
#: serverguide/C/windows-networking.xml:517(para)
588
msgid ""
589
"When defining groups in the Samba configuration file, "
590
"<filename>/etc/samba/smb.conf</filename>, the recognized syntax is to "
591
"preface the group name with an \"@\" symbol. For example, if you wished to "
592
"define a group named <emphasis role=\"italic\">sysadmin</emphasis> in a "
593
"certain section of the <filename>/etc/samba/smb.conf</filename>, you would "
594
"do so by entering the group name as <emphasis "
595
"role=\"bold\">@sysadmin</emphasis>."
596
msgstr ""
597
598
#: serverguide/C/windows-networking.xml:526(title)
599
msgid "File Permissions"
600
msgstr ""
601
602
#: serverguide/C/windows-networking.xml:528(para)
603
msgid ""
604
"File Permissions define the explicit rights a computer or user has to a "
605
"particular directory, file, or set of files. Such permissions may be defined "
606
"by editing the <filename>/etc/samba/smb.conf</filename> file and specifying "
607
"the explicit permissions of a defined file share."
608
msgstr ""
609
610
#: serverguide/C/windows-networking.xml:534(para)
611
msgid ""
612
"For example, if you have defined a Samba share called "
613
"<emphasis>share</emphasis> and wish to give <emphasis role=\"italic\">read-"
614
"only</emphasis> permissions to the group of users known as <emphasis "
615
"role=\"italic\">qa</emphasis>, but wanted to allow writing to the share by "
616
"the group called <emphasis role=\"italic\">sysadmin</emphasis> and the user "
617
"named <emphasis role=\"italic\">vincent</emphasis>, then you could edit the "
618
"<filename>/etc/samba/smb.conf</filename> file, and add the following entries "
619
"under the <emphasis>[share]</emphasis> entry:"
620
msgstr ""
621
622
#: serverguide/C/windows-networking.xml:543(programlisting)
623
#, no-wrap
624
msgid ""
625
"\n"
626
" read list = @qa\n"
627
" write list = @sysadmin, vincent\n"
628
msgstr ""
629
630
#: serverguide/C/windows-networking.xml:548(para)
631
msgid ""
632
"Another possible Samba permission is to declare "
633
"<emphasis>administrative</emphasis> permissions to a particular shared "
634
"resource. Users having administrative permissions may read, write, or modify "
635
"any information contained in the resource the user has been given explicit "
636
"administrative permissions to."
637
msgstr ""
638
639
#: serverguide/C/windows-networking.xml:554(para)
640
msgid ""
641
"For example, if you wanted to give the user <emphasis "
642
"role=\"italic\">melissa</emphasis> administrative permissions to the "
643
"<emphasis role=\"italic\">share</emphasis> example, you would edit the "
644
"<filename>/etc/samba/smb.conf</filename> file, and add the following line "
645
"under the <emphasis>[share]</emphasis> entry:"
646
msgstr ""
647
648
#: serverguide/C/windows-networking.xml:561(programlisting)
649
#, no-wrap
650
msgid ""
651
"\n"
652
" admin users = melissa\n"
653
msgstr ""
654
"\n"
655
" admin users = melissa\n"
656
657
#: serverguide/C/windows-networking.xml:565(para)
658
msgid ""
659
"After editing <filename>/etc/samba/smb.conf</filename>, restart Samba for "
660
"the changes to take effect:"
661
msgstr ""
662
663
#: serverguide/C/windows-networking.xml:575(para)
664
msgid ""
665
"For the <emphasis>read list</emphasis> and <emphasis>write list</emphasis> "
666
"to work the Samba security mode must <emphasis>not</emphasis> be set to "
667
"<emphasis role=\"italic\">security = share</emphasis>"
668
msgstr ""
669
670
#: serverguide/C/windows-networking.xml:581(para)
671
msgid ""
672
"Now that Samba has been configured to limit which groups have access to the "
673
"shared directory, the filesystem permissions need to be updated."
674
msgstr ""
675
676
#: serverguide/C/windows-networking.xml:586(para)
677
msgid ""
678
"Traditional Linux file permissions do not map well to Windows NT Access "
679
"Control Lists (ACLs). Fortunately POSIX ACLs are available on Ubuntu servers "
680
"providing more fine grained control. For example, to enable ACLs on "
681
"<filename>/srv</filename> an EXT3 filesystem, edit "
682
"<filename>/etc/fstab</filename> adding the <emphasis>acl</emphasis> option:"
683
msgstr ""
684
685
#: serverguide/C/windows-networking.xml:593(programlisting)
686
#, no-wrap
687
msgid ""
688
"\n"
689
"UUID=66bcdd2e-8861-4fb0-b7e4-e61c569fe17d /srv ext3 noatime,relatime,acl "
690
"0 1\n"
691
msgstr ""
692
"\n"
693
"UUID=66bcdd2e-8861-4fb0-b7e4-e61c569fe17d /srv ext3 noatime,relatime,acl 0 "
694
"1\n"
695
696
#: serverguide/C/windows-networking.xml:597(para)
697
msgid "Then remount the partition:"
698
msgstr ""
699
700
#: serverguide/C/windows-networking.xml:602(command)
701
msgid "sudo mount -v -o remount /srv"
702
msgstr "sudo mount -v -o remount /srv"
703
704
#: serverguide/C/windows-networking.xml:606(para)
705
msgid ""
706
"The above example assumes <filename>/srv</filename> on a separate partition. "
707
"If <filename>/srv</filename>, or wherever you have configured your share "
708
"path, is part of the <filename>/</filename> partition a reboot may be "
709
"required."
710
msgstr ""
711
712
#: serverguide/C/windows-networking.xml:613(para)
713
msgid ""
714
"To match the Samba configuration above the <emphasis>sysadmin</emphasis> "
715
"group will be given read, write, and execute permissions to "
716
"<filename>/srv/samba/share</filename>, the <emphasis>qa</emphasis> group "
717
"will be given read and execute permissions, and the files will be owned by "
718
"the username <emphasis>melissa</emphasis>. Enter the following in a terminal:"
719
msgstr ""
720
721
#: serverguide/C/windows-networking.xml:621(command)
722
msgid "sudo chown -R melissa /srv/samba/share/"
723
msgstr "sudo chown -R melissa /srv/samba/share/"
724
725
#: serverguide/C/windows-networking.xml:622(command)
726
msgid "sudo chgrp -R sysadmin /srv/samba/share/"
727
msgstr "sudo chgrp -R sysadmin /srv/samba/share/"
728
729
#: serverguide/C/windows-networking.xml:623(command)
730
msgid "sudo setfacl -R -m g:qa:rx /srv/samba/share/"
731
msgstr "sudo setfacl -R -m g:qa:rx /srv/samba/share/"
732
733
#: serverguide/C/windows-networking.xml:627(para)
734
msgid ""
735
"The <application>setfacl</application> command above gives "
736
"<emphasis>execute</emphasis> permissions to all files in the "
737
"<filename>/srv/samba/share</filename> directory, which you may or may not "
738
"want."
739
msgstr ""
740
741
#: serverguide/C/windows-networking.xml:633(para)
742
msgid ""
743
"Now from a Windows client you should notice the new file permissions are "
744
"implemented. See the <application>acl</application> and "
745
"<application>setfacl</application> man pages for more information on POSIX "
746
"ACLs."
747
msgstr ""
748
749
#: serverguide/C/windows-networking.xml:641(title)
750
msgid "Samba AppArmor Profile"
751
msgstr ""
752
753
#: serverguide/C/windows-networking.xml:643(para)
754
msgid ""
755
"Ubuntu comes with the <application>AppArmor</application> security module, "
756
"which provides mandatory access controls. The default AppArmor profile for "
757
"Samba will need to be adapted to your configuration. For more details on "
758
"using AppArmor see <xref linkend=\"apparmor\"/>."
759
msgstr ""
760
761
#: serverguide/C/windows-networking.xml:649(para)
762
msgid ""
763
"There are default AppArmor profiles for <filename>/usr/sbin/smbd</filename> "
764
"and <filename>/usr/sbin/nmbd</filename>, the Samba daemon binaries, as part "
765
"of the <application>apparmor-profiles</application> packages. To install the "
766
"package, from a terminal prompt enter:"
767
msgstr ""
768
769
#: serverguide/C/windows-networking.xml:656(command) serverguide/C/security.xml:920(command)
770
msgid "sudo apt-get install apparmor-profiles"
771
msgstr "sudo apt-get install apparmor-profiles"
772
773
#: serverguide/C/windows-networking.xml:660(para)
774
msgid "This package contains profiles for several other binaries."
775
msgstr ""
776
777
#: serverguide/C/windows-networking.xml:665(para)
778
msgid ""
779
"By default the profiles for <application>smbd</application> and "
780
"<application>nmbd</application> are in <emphasis>complain</emphasis> mode "
781
"allowing Samba to work without modifying the profile, and only logging "
782
"errors. To place the <application>smbd</application> profile into "
783
"<emphasis>enforce</emphasis> mode, and have Samba work as expected, the "
784
"profile will need to be modified to reflect any directories that are shared."
785
msgstr ""
786
787
#: serverguide/C/windows-networking.xml:672(para)
788
msgid ""
789
"Edit <filename>/etc/apparmor.d/usr.sbin.smbd</filename> adding information "
790
"for <emphasis>[share]</emphasis> from the file server example:"
791
msgstr ""
792
793
#: serverguide/C/windows-networking.xml:677(programlisting)
794
#, no-wrap
795
msgid ""
796
"\n"
797
" /srv/samba/share/ r,\n"
798
" /srv/samba/share/** rwkix,\n"
799
msgstr ""
800
801
#: serverguide/C/windows-networking.xml:682(para)
802
msgid ""
803
"Now place the profile into <emphasis>enforce</emphasis> and reload it:"
804
msgstr ""
805
806
#: serverguide/C/windows-networking.xml:687(command)
807
msgid "sudo aa-enforce /usr/sbin/smbd"
808
msgstr "sudo aa-enforce /usr/sbin/smbd"
809
810
#: serverguide/C/windows-networking.xml:688(command)
811
msgid "cat /etc/apparmor.d/usr.sbin.smbd | sudo apparmor_parser -r"
812
msgstr "cat /etc/apparmor.d/usr.sbin.smbd | sudo apparmor_parser -r"
813
814
#: serverguide/C/windows-networking.xml:691(para)
815
msgid ""
816
"You should now be able to read, write, and execute files in the shared "
817
"directory as normal, and the <application>smbd</application> binary will "
818
"have access to only the configured files and directories. Be sure to add "
819
"entries for each directory you configure Samba to share. Also, any errors "
820
"will be logged to <filename>/var/log/syslog</filename>."
821
msgstr ""
822
823
#: serverguide/C/windows-networking.xml:716(para) serverguide/C/windows-networking.xml:1096(para)
824
msgid ""
825
"O'Reilly's <ulink "
826
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is "
827
"also a good reference."
828
msgstr ""
829
830
#: serverguide/C/windows-networking.xml:722(para)
831
msgid ""
832
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/securing-"
833
"samba.html\">Chapter 18</ulink> of the Samba HOWTO Collection is devoted to "
834
"security."
835
msgstr ""
836
837
#: serverguide/C/windows-networking.xml:728(para)
838
msgid ""
839
"For more information on Samba and ACLs see the <ulink "
840
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
841
"Collection/AccessControls.html#id397568\">Samba ACLs page </ulink>."
842
msgstr ""
843
844
#: serverguide/C/windows-networking.xml:744(title)
845
msgid "Samba as a Domain Controller"
846
msgstr ""
847
848
#: serverguide/C/windows-networking.xml:746(para)
849
msgid ""
850
"Although it cannot act as an Active Directory Primary Domain Controller "
851
"(PDC), a Samba server can be configured to appear as a Windows NT4-style "
852
"domain controller. A major advantage of this configuration is the ability to "
853
"centralize user and machine credentials. Samba can also use multiple "
854
"backends to store the user information."
855
msgstr ""
856
857
#: serverguide/C/windows-networking.xml:753(title)
858
msgid "Primary Domain Controller"
859
msgstr ""
860
861
#: serverguide/C/windows-networking.xml:755(para)
862
msgid ""
863
"This section covers configuring Samba as a Primary Domain Controller (PDC) "
864
"using the default smbpasswd backend."
865
msgstr ""
866
867
#: serverguide/C/windows-networking.xml:762(para)
868
msgid ""
869
"First, install Samba, and <application>libpam-smbpass</application> to sync "
870
"the user accounts, by entering the following in a terminal prompt:"
871
msgstr ""
872
873
#: serverguide/C/windows-networking.xml:768(command) serverguide/C/windows-networking.xml:993(command)
874
msgid "sudo apt-get install samba libpam-smbpass"
875
msgstr ""
876
877
#: serverguide/C/windows-networking.xml:774(para)
878
msgid ""
879
"Next, configure Samba by editing <filename>/etc/samba/smb.conf</filename>. "
880
"The <emphasis>security</emphasis> mode should be set to <emphasis "
881
"role=\"italic\">user</emphasis>, and the <emphasis>workgroup</emphasis> "
882
"should relate to your organization:"
883
msgstr ""
884
885
#: serverguide/C/windows-networking.xml:789(para)
886
msgid ""
887
"In the commented <quote>Domains</quote> section add or uncomment the "
888
"following:"
889
msgstr ""
890
891
#: serverguide/C/windows-networking.xml:793(programlisting)
892
#, no-wrap
893
msgid ""
894
"\n"
895
" domain logons = yes\n"
896
" logon path = \\\\%N\\%U\\profile\n"
897
" logon drive = H:\n"
898
" logon home = \\\\%N\\%U\n"
899
" logon script = logon.cmd\n"
900
" add machine script = sudo /usr/sbin/useradd -N -g machines -c Machine -d "
901
"/var/lib/samba -s /bin/false %u\n"
902
msgstr ""
903
"\n"
904
" domain logons = yes\n"
905
" logon path = \\\\%N\\%U\\profile\n"
906
" logon drive = H:\n"
907
" logon home = \\\\%N\\%U\n"
908
" logon script = logon.cmd\n"
909
" add machine script = sudo /usr/sbin/useradd -N -g machines -c Machine -d "
910
"/var/lib/samba -s /bin/false %u\n"
911
912
#: serverguide/C/windows-networking.xml:804(para)
913
msgid ""
914
"<emphasis>domain logons:</emphasis> provides the netlogon service causing "
915
"Samba to act as a domain controller."
916
msgstr ""
917
918
#: serverguide/C/windows-networking.xml:809(para)
919
msgid ""
920
"<emphasis>logon path:</emphasis> places the user's Windows profile into "
921
"their home directory. It is also possible to configure a "
922
"<emphasis>[profiles]</emphasis> share placing all profiles under a single "
923
"directory."
924
msgstr ""
925
926
#: serverguide/C/windows-networking.xml:815(para)
927
msgid ""
928
"<emphasis>logon drive:</emphasis> specifies the home directory local path."
929
msgstr ""
930
931
#: serverguide/C/windows-networking.xml:820(para)
932
msgid ""
933
"<emphasis>logon home:</emphasis> specifies the home directory location."
934
msgstr ""
935
936
#: serverguide/C/windows-networking.xml:825(para)
937
msgid ""
938
"<emphasis>logon script:</emphasis> determines the script to be run locally "
939
"once a user has logged in. The script needs to be placed in the "
940
"<emphasis>[netlogon]</emphasis> share."
941
msgstr ""
942
943
#: serverguide/C/windows-networking.xml:831(para)
944
msgid ""
945
"<emphasis>add machine script:</emphasis> a script that will automatically "
946
"create the <emphasis>Machine Trust Account</emphasis> needed for a "
947
"workstation to join the domain."
948
msgstr ""
949
950
#: serverguide/C/windows-networking.xml:835(para)
951
msgid ""
952
"In this example the <emphasis>machines</emphasis> group will need to be "
953
"created using the <application>addgroup</application> utility see <xref "
954
"linkend=\"adding-deleting-users\"/> for details."
955
msgstr ""
956
957
#: serverguide/C/windows-networking.xml:839(para)
958
msgid ""
959
"Also, rights need to be explicitly provided to the <emphasis>Domain "
960
"Admins</emphasis> group to allow the <emphasis>add machine script</emphasis> "
961
"(and other admin functions) to work. This is achieved by executing:"
962
msgstr ""
963
964
#: serverguide/C/windows-networking.xml:844(command)
965
msgid ""
966
"net rpc rights grant \"EXAMPLE\\Domain Admins\" SeMachineAccountPrivilege "
967
"SePrintOperatorPrivilege \\ SeAddUsersPrivilege SeDiskOperatorPrivilege "
968
"SeRemoteShutdownPrivilege"
969
msgstr ""
970
971
#: serverguide/C/windows-networking.xml:851(para)
972
msgid ""
973
"If you wish to not use <emphasis>Roaming Profiles</emphasis> leave the "
974
"<emphasis>logon home</emphasis> and <emphasis>logon path</emphasis> options "
975
"commented."
976
msgstr ""
977
978
#: serverguide/C/windows-networking.xml:860(para)
979
msgid ""
980
"Uncomment the <emphasis>[homes]</emphasis> share to allow the <emphasis "
981
"role=\"italic\">logon home</emphasis> to be mapped:"
982
msgstr ""
983
984
#: serverguide/C/windows-networking.xml:865(programlisting)
985
#, no-wrap
986
msgid ""
987
"\n"
988
"[homes]\n"
989
" comment = Home Directories\n"
990
" browseable = no\n"
991
" read only = no\n"
992
" create mask = 0700\n"
993
" directory mask = 0700\n"
994
" valid users = %S\n"
995
msgstr ""
996
"\n"
997
"[homes]\n"
998
" comment = Home Directories\n"
999
" browseable = no\n"
1000
" read only = no\n"
1001
" create mask = 0700\n"
1002
" directory mask = 0700\n"
1003
" alid users = %S\n"
1004
1005
#: serverguide/C/windows-networking.xml:878(para)
1006
msgid ""
1007
"When configured as a domain controller a <emphasis>[netlogon]</emphasis> "
1008
"share needs to be configured. To enable the share, uncomment:"
1009
msgstr ""
1010
1011
#: serverguide/C/windows-networking.xml:883(programlisting)
1012
#, no-wrap
1013
msgid ""
1014
"\n"
1015
"[netlogon]\n"
1016
" comment = Network Logon Service\n"
1017
" path = /srv/samba/netlogon\n"
1018
" guest ok = yes\n"
1019
" read only = yes\n"
1020
" share modes = no\n"
1021
msgstr ""
1022
1023
#: serverguide/C/windows-networking.xml:893(para)
1024
msgid ""
1025
"The original <emphasis>netlogon</emphasis> share path is "
1026
"<filename>/home/samba/netlogon</filename>, but according to the Filesystem "
1027
"Hierarchy Standard (FHS), <ulink url=\"http://www.pathname.com/fhs/pub/fhs-"
1028
"2.3.html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM\">/srv</ulink> is the correct "
1029
"location for site-specific data provided by the system."
1030
msgstr ""
1031
1032
#: serverguide/C/windows-networking.xml:904(para)
1033
msgid ""
1034
"Now create the <filename role=\"directory\">netlogon</filename> directory, "
1035
"and an empty (for now) <filename>logon.cmd</filename> script file:"
1036
msgstr ""
1037
1038
#: serverguide/C/windows-networking.xml:910(command)
1039
msgid "sudo mkdir -p /srv/samba/netlogon"
1040
msgstr "sudo mkdir -p /srv/samba/netlogon"
1041
1042
#: serverguide/C/windows-networking.xml:911(command)
1043
msgid "sudo touch /srv/samba/netlogon/logon.cmd"
1044
msgstr "sudo touch /srv/samba/netlogon/logon.cmd"
1045
1046
#: serverguide/C/windows-networking.xml:914(para)
1047
msgid ""
1048
"You can enter any normal Windows logon script commands in "
1049
"<filename>logon.cmd</filename> to customize the client's environment."
1050
msgstr ""
1051
1052
#: serverguide/C/windows-networking.xml:922(para)
1053
msgid ""
1054
"With <emphasis>root</emphasis> being disabled by default, in order to join a "
1055
"workstation to the domain, a system group needs to be mapped to the Windows "
1056
"<emphasis>Domain Admins</emphasis> group. Using the "
1057
"<application>net</application> utility, from a terminal enter:"
1058
msgstr ""
1059
1060
#: serverguide/C/windows-networking.xml:929(command)
1061
msgid ""
1062
"sudo net groupmap add ntgroup=\"Domain Admins\" unixgroup=sysadmin rid=512 "
1063
"type=d"
1064
msgstr ""
1065
"sudo net groupmap add ntgroup=\"Domain Admins\" unixgroup=sysadmin rid=512 "
1066
"type=d"
1067
1068
#: serverguide/C/windows-networking.xml:933(para)
1069
msgid ""
1070
"Change <emphasis role=\"italic\">sysadmin</emphasis> to whichever group you "
1071
"prefer. Also, the user used to join the domain needs to be a member of the "
1072
"<emphasis>sysadmin</emphasis> group, as well as a member of the system "
1073
"<emphasis>admin</emphasis> group. The <emphasis>admin</emphasis> group "
1074
"allows <application>sudo</application> use."
1075
msgstr ""
1076
1077
#: serverguide/C/windows-networking.xml:944(para)
1078
msgid "Finally, restart Samba to enable the new domain controller:"
1079
msgstr ""
1080
1081
#: serverguide/C/windows-networking.xml:956(para)
1082
msgid ""
1083
"You should now be able to join Windows clients to the Domain in the same "
1084
"manner as joining them to an NT4 domain running on a Windows server."
1085
msgstr ""
1086
1087
#: serverguide/C/windows-networking.xml:966(title)
1088
msgid "Backup Domain Controller"
1089
msgstr ""
1090
1091
#: serverguide/C/windows-networking.xml:968(para)
1092
msgid ""
1093
"With a Primary Domain Controller (PDC) on the network it is best to have a "
1094
"Backup Domain Controller (BDC) as well. This will allow clients to "
1095
"authenticate in case the PDC becomes unavailable."
1096
msgstr ""
1097
1098
#: serverguide/C/windows-networking.xml:973(para)
1099
msgid ""
1100
"When configuring Samba as a BDC you need a way to sync account information "
1101
"with the PDC. There are multiple ways of accomplishing this "
1102
"<application>scp</application>, <application>rsync</application>, or by "
1103
"using <application>LDAP</application> as the <emphasis>passdb "
1104
"backend</emphasis>."
1105
msgstr ""
1106
1107
#: serverguide/C/windows-networking.xml:979(para)
1108
msgid ""
1109
"Using LDAP is the most robust way to sync account information, because both "
1110
"domain controllers can use the same information in real time. However, "
1111
"setting up a LDAP server may be overly complicated for a small number of "
1112
"user and computer accounts. See <xref linkend=\"samba-ldap\"/> for details."
1113
msgstr ""
1114
1115
#: serverguide/C/windows-networking.xml:988(para)
1116
msgid ""
1117
"First, install <application>samba</application> and <application>libpam-"
1118
"smbpass</application>. From a terminal enter:"
1119
msgstr ""
1120
1121
#: serverguide/C/windows-networking.xml:999(para)
1122
msgid ""
1123
"Now, edit <filename>/etc/samba/smb.conf</filename> and uncomment the "
1124
"following in the <emphasis>[global]</emphasis>:"
1125
msgstr ""
1126
1127
#: serverguide/C/windows-networking.xml:1012(para)
1128
msgid "In the commented <emphasis>Domains</emphasis> uncomment or add:"
1129
msgstr ""
1130
1131
#: serverguide/C/windows-networking.xml:1016(programlisting)
1132
#, no-wrap
1133
msgid ""
1134
"\n"
1135
" domain logons = yes\n"
1136
" domain master = no\n"
1137
msgstr ""
1138
"\n"
1139
" domain logons = yes\n"
1140
" domain master = no\n"
1141
1142
#: serverguide/C/windows-networking.xml:1024(para)
1143
msgid ""
1144
"Make sure a user has rights to read the files in "
1145
"<filename>/var/lib/samba</filename>. For example, to allow users in the "
1146
"<emphasis>admin</emphasis> group to <application>scp</application> the "
1147
"files, enter:"
1148
msgstr ""
1149
1150
#: serverguide/C/windows-networking.xml:1030(command)
1151
msgid "sudo chgrp -R admin /var/lib/samba"
1152
msgstr "sudo chgrp -R admin /var/lib/samba"
1153
1154
#: serverguide/C/windows-networking.xml:1036(para)
1155
msgid ""
1156
"Next, sync the user accounts, using <application>scp</application> to copy "
1157
"the <filename>/var/lib/samba</filename> directory from the PDC:"
1158
msgstr ""
1159
1160
#: serverguide/C/windows-networking.xml:1042(command)
1161
msgid "sudo scp -r username@pdc:/var/lib/samba /var/lib"
1162
msgstr "sudo scp -r username@pdc:/var/lib/samba /var/lib"
1163
1164
#: serverguide/C/windows-networking.xml:1046(para)
1165
msgid ""
1166
"Replace <emphasis>username</emphasis> with a valid username and "
1167
"<emphasis>pdc</emphasis> with the hostname or IP Address of your actual PDC."
1168
msgstr ""
1169
1170
#: serverguide/C/windows-networking.xml:1055(para)
1171
msgid "Finally, restart <application>samba</application>:"
1172
msgstr ""
1173
1174
#: serverguide/C/windows-networking.xml:1067(para)
1175
msgid ""
1176
"You can test that your Backup Domain controller is working by stopping the "
1177
"Samba daemon on the PDC, then trying to login to a Windows client joined to "
1178
"the domain."
1179
msgstr ""
1180
1181
#: serverguide/C/windows-networking.xml:1072(para)
1182
msgid ""
1183
"Another thing to keep in mind is if you have configured the <emphasis>logon "
1184
"home</emphasis> option as a directory on the PDC, and the PDC becomes "
1185
"unavailable, access to the user's <emphasis>Home</emphasis> drive will also "
1186
"be unavailable. For this reason it is best to configure the <emphasis>logon "
1187
"home</emphasis> to reside on a separate file server from the PDC and BDC."
1188
msgstr ""
1189
1190
#: serverguide/C/windows-networking.xml:1102(para)
1191
msgid ""
1192
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-"
1193
"pdc.html\">Chapter 4</ulink> of the Samba HOWTO Collection explains setting "
1194
"up a Primary Domain Controller."
1195
msgstr ""
1196
1197
#: serverguide/C/windows-networking.xml:1108(para)
1198
msgid ""
1199
"<ulink url=\"http://us3.samba.org/samba/docs/man/Samba-HOWTO-"
1200
"Collection/samba-bdc.html\">Chapter 5</ulink> of the Samba HOWTO Collection "
1201
"explains setting up a Backup Domain Controller."
1202
msgstr ""
1203
1204
#: serverguide/C/windows-networking.xml:1123(title)
1205
msgid "Samba Active Directory Integration"
1206
msgstr ""
1207
1208
#: serverguide/C/windows-networking.xml:1126(title)
1209
msgid "Accessing a Samba Share"
1210
msgstr ""
1211
1212
#: serverguide/C/windows-networking.xml:1128(para)
1213
msgid ""
1214
"Another, use for Samba is to integrate into an existing Windows network. "
1215
"Once part of an Active Directory domain, Samba can provide file and print "
1216
"services to AD users."
1217
msgstr ""
1218
1219
#: serverguide/C/windows-networking.xml:1133(para)
1220
msgid ""
1221
"The simplest way to join an AD domain is to use <application>Likewise-"
1222
"open</application>. For detailed instructions see <xref linkend=\"likewise-"
1223
"open\"/>."
1224
msgstr ""
1225
1226
#: serverguide/C/windows-networking.xml:1138(para)
1227
msgid ""
1228
"Once part of the domain, enter the following command in the terminal prompt:"
1229
msgstr ""
1230
1231
#: serverguide/C/windows-networking.xml:1143(command)
1232
msgid "sudo apt-get install samba smbfs smbclient"
1233
msgstr ""
1234
1235
#: serverguide/C/windows-networking.xml:1146(para)
1236
msgid ""
1237
"Since the <application>likewise-open</application> and "
1238
"<application>samba</application> packages use separate "
1239
"<filename>secrets.tdb</filename> files, a symlink will need to be created in "
1240
"<filename role=\"directory\">/var/lib/samba</filename>:"
1241
msgstr ""
1242
1243
#: serverguide/C/windows-networking.xml:1152(command)
1244
msgid "sudo mv /var/lib/samba/secrets.tdb /var/lib/samba/secrets.tdb.orig"
1245
msgstr "sudo mv /var/lib/samba/secrets.tdb /var/lib/samba/secrets.tdb.orig"
1246
1247
#: serverguide/C/windows-networking.xml:1153(command)
1248
msgid "sudo ln -s /etc/samba/secrets.tdb /var/lib/samba"
1249
msgstr ""
1250
1251
#: serverguide/C/windows-networking.xml:1156(para)
1252
msgid "Next, edit <filename>/etc/samba/smb.conf</filename> changing:"
1253
msgstr ""
1254
1255
#: serverguide/C/windows-networking.xml:1160(programlisting)
1256
#, no-wrap
1257
msgid ""
1258
"\n"
1259
" workgroup = EXAMPLE\n"
1260
" ...\n"
1261
" security = ads\n"
1262
" realm = EXAMPLE.COM\n"
1263
" ...\n"
1264
" idmap backend = lwopen\n"
1265
" idmap uid = 50-9999999999\n"
1266
" idmap gid = 50-9999999999\n"
1267
msgstr ""
1268
1269
#: serverguide/C/windows-networking.xml:1171(para)
1270
msgid ""
1271
"Restart <application>samba</application> for the new settings to take effect:"
1272
msgstr ""
1273
1274
#: serverguide/C/windows-networking.xml:1180(para)
1275
msgid ""
1276
"You should now be able to access any <application>Samba</application> shares "
1277
"from a Windows client. However, be sure to give the appropriate AD users or "
1278
"groups access to the share directory. See <xref linkend=\"samba-fileprint-"
1279
"security\"/> for more details."
1280
msgstr ""
1281
1282
#: serverguide/C/windows-networking.xml:1188(title)
1283
msgid "Accessing a Windows Share"
1284
msgstr ""
1285
1286
#: serverguide/C/windows-networking.xml:1190(para)
1287
msgid ""
1288
"Now that the Samba server is part of the Active Directory domain you can "
1289
"access any Windows server shares:"
1290
msgstr ""
1291
1292
#: serverguide/C/windows-networking.xml:1197(para)
1293
msgid ""
1294
"To mount a Windows file share enter the following in a terminal prompt:"
1295
msgstr ""
1296
1297
#: serverguide/C/windows-networking.xml:1201(command)
1298
msgid "mount.cifs //fs01.example.com/share mount_point"
1299
msgstr "mount.cifs //fs01.example.com/share mount_point"
1300
1301
#: serverguide/C/windows-networking.xml:1204(para)
1302
msgid ""
1303
"It is also possible to access shares on computers not part of an AD domain, "
1304
"but a username and password will need to be provided."
1305
msgstr ""
1306
1307
#: serverguide/C/windows-networking.xml:1212(para)
1308
msgid ""
1309
"To mount the share during boot place an entry in "
1310
"<filename>/etc/fstab</filename>, for example:"
1311
msgstr ""
1312
1313
#: serverguide/C/windows-networking.xml:1216(programlisting)
1314
#, no-wrap
1315
msgid ""
1316
"\n"
1317
"//192.168.0.5/share /mnt/windows cifs auto,username=steve,password=secret,rw "
1318
"0 0\n"
1319
msgstr ""
1320
"\n"
1321
"//192.168.0.5/share /mnt/windows cifs auto,username=steve,password=secret,rw "
1322
"0 0\n"
1323
1324
#: serverguide/C/windows-networking.xml:1223(para)
1325
msgid ""
1326
"Another way to copy files from a Windows server is to use the "
1327
"<application>smbclient</application> utility. To list the files in a Windows "
1328
"share:"
1329
msgstr ""
1330
1331
#: serverguide/C/windows-networking.xml:1229(command)
1332
msgid "smbclient //fs01.example.com/share -k -c \"ls\""
1333
msgstr "smbclient //fs01.example.com/share -k -c \"ls\""
1334
1335
#: serverguide/C/windows-networking.xml:1235(para)
1336
msgid "To copy a file from the share, enter:"
1337
msgstr ""
1338
1339
#: serverguide/C/windows-networking.xml:1240(command)
1340
msgid "smbclient //fs01.example.com/share -k -c \"get file.txt\""
1341
msgstr "smbclient //fs01.example.com/share -k -c \"get file.txt\""
1342
1343
#: serverguide/C/windows-networking.xml:1243(para)
1344
msgid ""
1345
"This will copy the <filename>file.txt</filename> into the current directory."
1346
msgstr ""
1347
1348
#: serverguide/C/windows-networking.xml:1250(para)
1349
msgid "And to copy a file to the share:"
1350
msgstr ""
1351
1352
#: serverguide/C/windows-networking.xml:1255(command)
1353
msgid "smbclient //fs01.example.com/share -k -c \"put /etc/hosts hosts\""
1354
msgstr "smbclient //fs01.example.com/share -k -c \"put /etc/hosts hosts\""
1355
1356
#: serverguide/C/windows-networking.xml:1258(para)
1357
msgid ""
1358
"This will copy the <filename>/etc/hosts</filename> to "
1359
"<filename>//fs01.example.com/share/hosts</filename>."
1360
msgstr ""
1361
1362
#: serverguide/C/windows-networking.xml:1265(para)
1363
msgid ""
1364
"The <emphasis>-c</emphasis> option used above allows you to execute the "
1365
"<application>smbclient</application> command all at once. This is useful for "
1366
"scripting and minor file operations. To enter the <emphasis>smb: \\"
1367
"></emphasis> prompt, a FTP like prompt where you can execute normal file "
1368
"and directory commands, simply execute:"
1369
msgstr ""
1370
1371
#: serverguide/C/windows-networking.xml:1272(command)
1372
msgid "smbclient //fs01.example.com/share -k"
1373
msgstr "smbclient //fs01.example.com/share -k"
1374
1375
#: serverguide/C/windows-networking.xml:1279(para)
1376
msgid ""
1377
"Replace all instances of <emphasis>fs01.example.com/share</emphasis>, "
1378
"<emphasis>//192.168.0.5/share</emphasis>, "
1379
"<emphasis>username=steve,password=secret</emphasis>, and "
1380
"<emphasis>file.txt</emphasis> with your server's IP, hostname, share name, "
1381
"file name, and an actual username and password with rights to the share."
1382
msgstr ""
1383
1384
#: serverguide/C/windows-networking.xml:1290(para)
1385
msgid ""
1386
"For more <application>smbclient</application> options see the man page: "
1387
"<command>man smbclient</command>, also available <ulink "
1388
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man1/smbclient.1.html\""
1389
">online</ulink>."
1390
msgstr ""
1391
1392
#: serverguide/C/windows-networking.xml:1295(para)
1393
msgid ""
1394
"The <application>mount.cifs</application><ulink "
1395
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/mount.cifs.8.html"
1396
"\">man page</ulink> is also useful for more detailed information."
1397
msgstr ""
1398
1399
#: serverguide/C/windows-networking.xml:1308(title)
1400
msgid "Likewise Open"
1401
msgstr ""
1402
1403
#: serverguide/C/windows-networking.xml:1310(para)
1404
msgid ""
1405
"<application>Likewise Open</application> simplifies the necessary "
1406
"configuration needed to authenticate a Linux machine to an Active Directory "
1407
"domain. Based on <application>winbind</application>, the "
1408
"<application>likewise-open</application> package takes the pain out of "
1409
"integrating Ubuntu authentication into an existing Windows network."
1410
msgstr ""
1411
1412
#: serverguide/C/windows-networking.xml:1319(para)
1413
msgid ""
1414
"There are two ways to use Likewise Open, <application>likewise-"
1415
"open</application> the command line utility and <application>likewise-open-"
1416
"gui</application>. This section focuses on the command line utility."
1417
msgstr ""
1418
1419
#: serverguide/C/windows-networking.xml:1324(para)
1420
msgid ""
1421
"To install the <application>likewise-open</application> package, open a "
1422
"terminal prompt and enter:"
1423
msgstr ""
1424
1425
#: serverguide/C/windows-networking.xml:1329(command)
1426
msgid "sudo apt-get install likewise-open"
1427
msgstr "sudo apt-get install likewise-open"
1428
1429
#: serverguide/C/windows-networking.xml:1334(title)
1430
msgid "Joining a Domain"
1431
msgstr ""
1432
1433
#: serverguide/C/windows-networking.xml:1336(para)
1434
msgid ""
1435
"The main executable file of the <application>likewise-open</application> "
1436
"package is <filename>/usr/bin/domainjoin-cli</filename>, which is used to "
1437
"join your computer to the domain. Before you join a domain you will need to "
1438
"make sure you have:"
1439
msgstr ""
1440
1441
#: serverguide/C/windows-networking.xml:1344(para)
1442
msgid ""
1443
"Access to an Active Directory user with appropriate rights to join the "
1444
"domain."
1445
msgstr ""
1446
1447
#: serverguide/C/windows-networking.xml:1349(para)
1448
msgid ""
1449
"The <emphasis>Fully Qualified Domain Name</emphasis> (FQDN) of the domain "
1450
"you want to join. If your AD domain does not match a valid domain such as "
1451
"<emphasis role=\"italic\">example.com</emphasis>, it is likely that it has "
1452
"the form of <emphasis>domainname.local</emphasis>."
1453
msgstr ""
1454
1455
#: serverguide/C/windows-networking.xml:1356(para)
1456
msgid ""
1457
"DNS for the domain setup properly. In a production AD environment this "
1458
"should be the case. Proper Microsoft DNS is needed so that client "
1459
"workstations can determine the Active Directory domain is available."
1460
msgstr ""
1461
1462
#: serverguide/C/windows-networking.xml:1360(para)
1463
msgid ""
1464
"If you don't have a Windows DNS server on your network, see <xref "
1465
"linkend=\"likewise-open-ms-dns\"/> for details."
1466
msgstr ""
1467
1468
#: serverguide/C/windows-networking.xml:1367(para)
1469
msgid "To join a domain, from a terminal prompt enter:"
1470
msgstr ""
1471
1472
#: serverguide/C/windows-networking.xml:1372(command)
1473
msgid "sudo domainjoin-cli join example.com Administrator"
1474
msgstr "sudo domainjoin-cli join example.com Administrator"
1475
1476
#: serverguide/C/windows-networking.xml:1376(para)
1477
msgid ""
1478
"Replace <emphasis>example.com</emphasis> with your domain name, and "
1479
"<emphasis>Administrator</emphasis> with the appropriate user name."
1480
msgstr ""
1481
1482
#: serverguide/C/windows-networking.xml:1382(para)
1483
msgid ""
1484
"You will then be prompted for the user's password. If all goes well a "
1485
"<emphasis>SUCCESS</emphasis> message should be printed to the console."
1486
msgstr ""
1487
1488
#: serverguide/C/windows-networking.xml:1388(para)
1489
msgid ""
1490
"After joining the domain, it is necessary to reboot before attempting to "
1491
"authenticate against the domain."
1492
msgstr ""
1493
1494
#: serverguide/C/windows-networking.xml:1394(para)
1495
msgid ""
1496
"After successfully joining an Ubuntu machine to an Active Directory domain "
1497
"you can authenticate using any valid AD user. To login you will need to "
1498
"enter the user name as 'domain\\username'. For example to ssh to a server "
1499
"joined to the domain enter:"
1500
msgstr ""
1501
1502
#: serverguide/C/windows-networking.xml:1401(command)
1503
msgid "ssh 'example\\steve'@hostname"
1504
msgstr "ssh 'example\\steve'@hostname"
1505
1506
#: serverguide/C/windows-networking.xml:1405(para)
1507
msgid ""
1508
"If configuring a Desktop the user name will need to be prefixed with "
1509
"<emphasis role=\"italic\">domain\\</emphasis> in the graphical logon as well."
1510
msgstr ""
1511
1512
#: serverguide/C/windows-networking.xml:1411(para)
1513
msgid ""
1514
"To make likewise-open use a default domain, you can add the following "
1515
"statement to <filename>/etc/samba/lwiauthd.conf</filename>:"
1516
msgstr ""
1517
1518
#: serverguide/C/windows-networking.xml:1415(programlisting)
1519
#, no-wrap
1520
msgid ""
1521
"\n"
1522
"winbind use default domain = yes\n"
1523
msgstr ""
1524
"\n"
1525
"winbind use default domain = yes\n"
1526
1527
#: serverguide/C/windows-networking.xml:1419(para)
1528
msgid "Then restart the <application>likewise-open</application> daemons:"
1529
msgstr ""
1530
1531
#: serverguide/C/windows-networking.xml:1424(command)
1532
msgid "sudo /etc/init.d/likewise-open restart"
1533
msgstr "sudo /etc/init.d/likewise-open restart"
1534
1535
#: serverguide/C/windows-networking.xml:1428(para)
1536
msgid ""
1537
"Once configured for a <emphasis>default domain</emphasis> the <emphasis "
1538
"role=\"italic\">'domain\\'</emphasis> is no longer required, users can login "
1539
"using only their username."
1540
msgstr ""
1541
1542
#: serverguide/C/windows-networking.xml:1434(para)
1543
msgid ""
1544
"The <application>domainjoin-cli</application> utility can also be used to "
1545
"leave the domain. From a terminal:"
1546
msgstr ""
1547
1548
#: serverguide/C/windows-networking.xml:1439(command)
1549
msgid "sudo domainjoin-cli leave"
1550
msgstr "sudo domainjoin-cli leave"
1551
1552
#: serverguide/C/windows-networking.xml:1444(title) serverguide/C/security.xml:1772(title)
1553
msgid "Other Utilities"
1554
msgstr ""
1555
1556
#: serverguide/C/windows-networking.xml:1446(para)
1557
msgid ""
1558
"The <application>likewise-open</application> package comes with a few other "
1559
"utilities that may be useful for gathering information about the Active "
1560
"Directory environment. These utilities are used to join the machine to the "
1561
"domain, and are the same as those available in the <application>samba-"
1562
"common</application> and <application>winbind</application> packages:"
1563
msgstr ""
1564
1565
#: serverguide/C/windows-networking.xml:1455(para)
1566
msgid ""
1567
"<application>lwinet</application>: Returns information about the network and "
1568
"the domain."
1569
msgstr ""
1570
1571
#: serverguide/C/windows-networking.xml:1460(para)
1572
msgid ""
1573
"<application>lwimsg</application>: Allows interaction with the "
1574
"<application>likewise-winbindd</application> daemon."
1575
msgstr ""
1576
1577
#: serverguide/C/windows-networking.xml:1465(para)
1578
msgid ""
1579
"<application>lwiinfo</application>: Displays information about various parts "
1580
"of the Domain."
1581
msgstr ""
1582
1583
#: serverguide/C/windows-networking.xml:1471(para)
1584
msgid "Please refer to each utility's man page specific for details."
1585
msgstr ""
1586
1587
#: serverguide/C/windows-networking.xml:1477(title) serverguide/C/mail.xml:351(title) serverguide/C/mail.xml:1631(title) serverguide/C/dns.xml:338(title)
1588
msgid "Troubleshooting"
1589
msgstr ""
1590
1591
#: serverguide/C/windows-networking.xml:1481(para)
1592
msgid ""
1593
"If the client has trouble joining the domain, double check that the "
1594
"Microsoft DNS is listed first in <filename>/etc/resolv.conf</filename>. For "
1595
"example:"
1596
msgstr ""
1597
1598
#: serverguide/C/windows-networking.xml:1486(programlisting)
1599
#, no-wrap
1600
msgid ""
1601
"\n"
1602
"nameserver 192.168.0.1\n"
1603
msgstr ""
1604
"\n"
1605
"nameserver 192.168.0.1\n"
1606
1607
#: serverguide/C/windows-networking.xml:1491(para)
1608
msgid ""
1609
"For more information when joining a domain, use the <emphasis>--loglevel "
1610
"verbose</emphasis> or <emphasis>--advanced</emphasis> option of the "
1611
"<application>domainjoin-cli</application> utility:"
1612
msgstr ""
1613
1614
#: serverguide/C/windows-networking.xml:1497(command)
1615
msgid "sudo domainjoin-cli --loglevel verbose join example.com Administrator"
1616
msgstr ""
1617
"sudo domainjoin-cli --loglevel verbose join example.com Administrator"
1618
1619
#: serverguide/C/windows-networking.xml:1501(para)
1620
msgid ""
1621
"If an Active Directory user has trouble logging in, check the "
1622
"<filename>/var/log/auth.log</filename> for details."
1623
msgstr ""
1624
1625
#: serverguide/C/windows-networking.xml:1506(para)
1626
msgid ""
1627
"When joining an Ubuntu Desktop workstation to a domain, you may need to edit "
1628
"<filename>/etc/nsswitch.conf</filename> if your AD domain uses the <emphasis "
1629
"role=\"italic\">.local</emphasis> syntax. In order to join the domain the "
1630
"<emphasis>\"mdns4\"</emphasis> entry should be removed from the "
1631
"<emphasis>hosts</emphasis> option. For example:"
1632
msgstr ""
1633
1634
#: serverguide/C/windows-networking.xml:1512(programlisting)
1635
#, no-wrap
1636
msgid ""
1637
"\n"
1638
"hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4\n"
1639
msgstr ""
1640
"\n"
1641
"hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4\n"
1642
1643
#: serverguide/C/windows-networking.xml:1516(para)
1644
msgid "Change the above to:"
1645
msgstr ""
1646
1647
#: serverguide/C/windows-networking.xml:1520(programlisting)
1648
#, no-wrap
1649
msgid ""
1650
"\n"
1651
"hosts: files dns [NOTFOUND=return]\n"
1652
msgstr ""
1653
"\n"
1654
"hosts: files dns [NOTFOUND=return]\n"
1655
1656
#: serverguide/C/windows-networking.xml:1524(para)
1657
msgid "Then restart networking by entering:"
1658
msgstr ""
1659
1660
#: serverguide/C/windows-networking.xml:1529(command) serverguide/C/network-config.xml:559(command)
1661
msgid "sudo /etc/init.d/networking restart"
1662
msgstr "sudo /etc/init.d/networking restart"
1663
1664
#: serverguide/C/windows-networking.xml:1532(para)
1665
msgid "You should now be able to join the Active Directory domain."
1666
msgstr ""
1667
1668
#: serverguide/C/windows-networking.xml:1540(title)
1669
msgid "Microsoft DNS"
1670
msgstr ""
1671
1672
#: serverguide/C/windows-networking.xml:1542(para)
1673
msgid ""
1674
"The following are instructions for installing DNS on an Active Directory "
1675
"domain controller running Windows Server 2003, but the instructions should "
1676
"be similar for other versions:"
1677
msgstr ""
1678
1679
#: serverguide/C/windows-networking.xml:1551(para)
1680
msgid ""
1681
"Click "
1682
"<menuchoice><guimenuitem>Start</guimenuitem><guimenuitem>Administrative Tools"
1683
"</guimenuitem><guimenuitem>Manage Your Server</guimenuitem></menuchoice>. "
1684
"This will open the <application>Server Role Mangement</application> utility."
1685
msgstr ""
1686
1687
#: serverguide/C/windows-networking.xml:1559(para)
1688
msgid "Click <guilabel>Add or remove a role</guilabel>"
1689
msgstr ""
1690
1691
#: serverguide/C/windows-networking.xml:1560(para) serverguide/C/windows-networking.xml:1562(para) serverguide/C/windows-networking.xml:1565(para)
1692
msgid "Click Next"
1693
msgstr ""
1694
1695
#: serverguide/C/windows-networking.xml:1561(para)
1696
msgid "Select \"DNS Server\""
1697
msgstr ""
1698
1699
#: serverguide/C/windows-networking.xml:1563(para)
1700
msgid "Click Next again to proceed"
1701
msgstr ""
1702
1703
#: serverguide/C/windows-networking.xml:1564(para)
1704
msgid "Select \"Create a forward lookup zone\" if it is not selected."
1705
msgstr ""
1706
1707
#: serverguide/C/windows-networking.xml:1566(para)
1708
msgid ""
1709
"Make sure \"This server maintains the zone\" is selected and click Next."
1710
msgstr ""
1711
1712
#: serverguide/C/windows-networking.xml:1567(para)
1713
msgid "Enter your domain name and click Next"
1714
msgstr ""
1715
1716
#: serverguide/C/windows-networking.xml:1568(para)
1717
msgid "Click Next to \"Allow only secure dynamic updates\""
1718
msgstr ""
1719
1720
#: serverguide/C/windows-networking.xml:1570(para)
1721
msgid ""
1722
"Enter the IP for DNS servers to forward queries to, or Select \"No, it "
1723
"should not forward queries\" and click Next."
1724
msgstr ""
1725
1726
#: serverguide/C/windows-networking.xml:1574(para) serverguide/C/windows-networking.xml:1575(para)
1727
msgid "Click Finish"
1728
msgstr ""
1729
1730
#: serverguide/C/windows-networking.xml:1577(para)
1731
msgid ""
1732
"DNS is now installed and can be further configured using the "
1733
"<application>Microsoft Management Console</application> DNS snap-in."
1734
msgstr ""
1735
1736
#: serverguide/C/windows-networking.xml:1585(para)
1737
msgid "Click Start"
1738
msgstr ""
1739
1740
#: serverguide/C/windows-networking.xml:1586(para)
1741
msgid "Control Panel"
1742
msgstr ""
1743
1744
#: serverguide/C/windows-networking.xml:1587(para)
1745
msgid "Network Connections"
1746
msgstr ""
1747
1748
#: serverguide/C/windows-networking.xml:1588(para)
1749
msgid "Right Click \"Local Area Connection\""
1750
msgstr ""
1751
1752
#: serverguide/C/windows-networking.xml:1589(para)
1753
msgid "Click Properties"
1754
msgstr ""
1755
1756
#: serverguide/C/windows-networking.xml:1590(para)
1757
msgid "Double click \"Internet Protocol (TCP/IP)\""
1758
msgstr "双击\"互联网协议(TCP/IP)\""
1759
1760
#: serverguide/C/windows-networking.xml:1591(para)
1761
msgid "Enter the Server's IP Address as the \"Preferred DNS server\""
1762
msgstr ""
1763
1764
#: serverguide/C/windows-networking.xml:1592(para)
1765
msgid "Click Ok"
1766
msgstr ""
1767
1768
#: serverguide/C/windows-networking.xml:1593(para)
1769
msgid "Click Ok again to save the settings"
1770
msgstr ""
1771
1772
#: serverguide/C/windows-networking.xml:1582(para)
1773
msgid ""
1774
"Next, configure the Server to use itself for DNS queries: <placeholder-1/>"
1775
msgstr ""
1776
1777
#: serverguide/C/windows-networking.xml:1600(title) serverguide/C/web-servers.xml:624(title) serverguide/C/web-servers.xml:772(title) serverguide/C/web-servers.xml:922(title) serverguide/C/web-servers.xml:1017(title) serverguide/C/web-servers.xml:1239(title) serverguide/C/vpn.xml:303(title) serverguide/C/virtualization.xml:2154(title) serverguide/C/vcs.xml:539(title) serverguide/C/security.xml:872(title) serverguide/C/security.xml:1206(title) serverguide/C/security.xml:1621(title) serverguide/C/security.xml:1812(title) serverguide/C/remote-administration.xml:202(title) serverguide/C/package-management.xml:454(title) serverguide/C/other-apps.xml:330(title) serverguide/C/network-config.xml:1006(title) serverguide/C/network-config.xml:1107(title) serverguide/C/monitoring.xml:391(title) serverguide/C/monitoring.xml:527(title) serverguide/C/mail.xml:459(title) serverguide/C/mail.xml:643(title) serverguide/C/mail.xml:795(title) serverguide/C/mail.xml:1217(title) serverguide/C/mail.xml:1679(title) serverguide/C/lamp-applications.xml:259(title) serverguide/C/lamp-applications.xml:388(title) serverguide/C/lamp-applications.xml:496(title) serverguide/C/file-server.xml:284(title) serverguide/C/file-server.xml:436(title) serverguide/C/file-server.xml:619(title) serverguide/C/dns.xml:572(title) serverguide/C/clustering.xml:234(title) serverguide/C/chat.xml:107(title) serverguide/C/chat.xml:221(title) serverguide/C/backups.xml:297(title)
1778
msgid "References"
1779
msgstr ""
1780
1781
#: serverguide/C/windows-networking.xml:1602(para)
1782
msgid ""
1783
"Please refer to the <ulink "
1784
"url=\"http://www.likewisesoftware.com/\">Likewise</ulink> home page for "
1785
"further information."
1786
msgstr ""
1787
1788
#: serverguide/C/windows-networking.xml:1606(para)
1789
msgid ""
1790
"For more <application>domainjoin-cli</application> options see the man page: "
1791
"<command>man domainjoin-cli</command>."
1792
msgstr ""
1793
1794
#: serverguide/C/windows-networking.xml:1610(para)
1795
msgid ""
1796
"Also, see the <ulink "
1797
"url=\"https://help.ubuntu.com/community/LikewiseOpen\">Ubuntu Wiki "
1798
"LikewiseOpen</ulink> page."
1799
msgstr ""
1800
1801
#: serverguide/C/web-servers.xml:13(title)
1802
msgid "Web Servers"
1803
msgstr ""
1804
1805
#: serverguide/C/web-servers.xml:14(para)
1806
msgid ""
1807
"A Web server is a software responsible for accepting HTTP requests from "
1808
"clients, which are known as Web browsers, and serving them HTTP responses "
1809
"along with optional data contents, which usually are Web pages such as HTML "
1810
"documents and linked objects (images, etc.)."
1811
msgstr ""
1812
1813
#: serverguide/C/web-servers.xml:19(title)
1814
msgid "HTTPD - Apache2 Web Server"
1815
msgstr ""
1816
1817
#: serverguide/C/web-servers.xml:20(para)
1818
msgid ""
1819
"Apache is the most commonly used Web Server on Linux systems. Web Servers "
1820
"are used to serve Web Pages requested by client computers. Clients typically "
1821
"request and view Web Pages using Web Browser applications such as "
1822
"<application>Firefox</application>, <application>Opera</application>, or "
1823
"<application>Mozilla</application>."
1824
msgstr ""
1825
1826
#: serverguide/C/web-servers.xml:24(para)
1827
msgid ""
1828
"Users enter a Uniform Resource Locator (URL) to point to a Web server by "
1829
"means of its Fully Qualified Domain Name (FQDN) and a path to the required "
1830
"resource. For example, to view the home page of the <ulink "
1831
"url=\"http://www.ubuntu.com\">Ubuntu Web site</ulink> a user will enter only "
1832
"the FQDN. To request specific information about <ulink "
1833
"url=\"http://www.ubuntu.com/support/paid\">paid support</ulink>, a user will "
1834
"enter the FQDN followed by a path."
1835
msgstr ""
1836
1837
#: serverguide/C/web-servers.xml:29(para)
1838
msgid ""
1839
"The most common protocol used to transfer Web pages is the Hyper Text "
1840
"Transfer Protocol (HTTP). Protocols such as Hyper Text Transfer Protocol "
1841
"over Secure Sockets Layer (HTTPS), and File Transfer Protocol (FTP), a "
1842
"protocol for uploading and downloading files, are also supported."
1843
msgstr ""
1844
1845
#: serverguide/C/web-servers.xml:33(para)
1846
msgid ""
1847
"Apache Web Servers are often used in combination with the "
1848
"<application>MySQL</application> database engine, the HyperText Preprocessor "
1849
"(<application>PHP</application>) scripting language, and other popular "
1850
"scripting languages such as <application>Python</application> and "
1851
"<application>Perl</application>. This configuration is termed LAMP (Linux, "
1852
"Apache, MySQL and Perl/Python/PHP) and forms a powerful and robust platform "
1853
"for the development and deployment of Web-based applications."
1854
msgstr ""
1855
1856
#: serverguide/C/web-servers.xml:42(para)
1857
msgid ""
1858
"The <application>Apache2</application> web server is available in Ubuntu "
1859
"Linux. To install Apache2:"
1860
msgstr ""
1861
1862
#: serverguide/C/web-servers.xml:48(para)
1863
msgid "At a terminal prompt enter the following command:"
1864
msgstr ""
1865
1866
#: serverguide/C/web-servers.xml:53(command)
1867
msgid "sudo apt-get install apache2"
1868
msgstr "sudo apt-get install apache2"
1869
1870
#: serverguide/C/web-servers.xml:63(para)
1871
msgid ""
1872
"Apache2 is configured by placing <emphasis>directives</emphasis> in plain "
1873
"text configuration files. These <emphasis>directives</emphasis> are "
1874
"separated between the following files and directories:"
1875
msgstr ""
1876
1877
#: serverguide/C/web-servers.xml:71(para)
1878
msgid ""
1879
"<emphasis>apache2.conf:</emphasis> the main Apache2 configuration file. "
1880
"Contains settings that are <emphasis>global</emphasis> to Apache2."
1881
msgstr ""
1882
1883
#: serverguide/C/web-servers.xml:77(para)
1884
msgid ""
1885
"<emphasis>conf.d:</emphasis> contains configuration files which apply "
1886
"<emphasis>globally</emphasis> to Apache2. Other packages that use Apache2 to "
1887
"serve content may add files, or symlinks, to this directory."
1888
msgstr ""
1889
1890
#: serverguide/C/web-servers.xml:83(para)
1891
msgid ""
1892
"<emphasis>envvars:</emphasis> file where Apache2 "
1893
"<emphasis>environment</emphasis> variables are set."
1894
msgstr ""
1895
1896
#: serverguide/C/web-servers.xml:88(para)
1897
msgid ""
1898
"<emphasis>httpd.conf:</emphasis> historically the main Apache2 configuration "
1899
"file, named after the <application>httpd</application> daemon. The file can "
1900
"be used for <emphasis>user specific</emphasis> configuration options that "
1901
"globally effect Apache2."
1902
msgstr ""
1903
1904
#: serverguide/C/web-servers.xml:95(para)
1905
msgid ""
1906
"<emphasis>mods-available:</emphasis> this directory contains configuration "
1907
"files to both load <emphasis>modules</emphasis> and configure them. Not all "
1908
"modules will have specific configuration files, however."
1909
msgstr ""
1910
1911
#: serverguide/C/web-servers.xml:101(para)
1912
msgid ""
1913
"<emphasis>mods-enabled:</emphasis> holds <emphasis>symlinks</emphasis> to "
1914
"the files in <filename>/etc/apache2/mods-available</filename>. When a module "
1915
"configuration file is symlinked it will be enabled the next time "
1916
"<application>apache2</application> is restarted."
1917
msgstr ""
1918
1919
#: serverguide/C/web-servers.xml:108(para)
1920
msgid ""
1921
"<emphasis>ports.conf:</emphasis> houses the directives that determine which "
1922
"TCP ports Apache2 is listening on."
1923
msgstr ""
1924
1925
#: serverguide/C/web-servers.xml:113(para)
1926
msgid ""
1927
"<emphasis>sites-available:</emphasis> this directory has configuration files "
1928
"for Apache2 <emphasis>Virtual Hosts</emphasis>. Virtual Hosts allow Apache2 "
1929
"to be configured for multiple sites that have separate configurations."
1930
msgstr ""
1931
1932
#: serverguide/C/web-servers.xml:119(para)
1933
msgid ""
1934
"<emphasis>sites-enabled:</emphasis> like mods-enabled, <filename "
1935
"role=\"directory\">sites-enabled</filename> contains symlinks to the "
1936
"<filename>/etc/apache2/sites-available</filename> directory. Similarly when "
1937
"a configuration file in sites-available is symlinked, the site configured by "
1938
"it will be active once Apache2 is restarted."
1939
msgstr ""
1940
1941
#: serverguide/C/web-servers.xml:127(para)
1942
msgid ""
1943
"In addition, other configuration files may be added using the "
1944
"<emphasis>Include</emphasis> directive, and wildcards can be used to include "
1945
"many configuration files. Any directive may be placed in any of these "
1946
"configuration files. Changes to the main configuration files are only "
1947
"recognized by Apache2 when it is started or restarted."
1948
msgstr ""
1949
1950
#: serverguide/C/web-servers.xml:136(para)
1951
msgid ""
1952
"The server also reads a file containing mime document types; the filename is "
1953
"set by the <emphasis>TypesConfig</emphasis> directive, and is "
1954
"<filename>/etc/mime.types</filename> by default."
1955
msgstr ""
1956
1957
#: serverguide/C/web-servers.xml:141(title)
1958
msgid "Basic Settings"
1959
msgstr "基本设定"
1960
1961
#: serverguide/C/web-servers.xml:142(para)
1962
msgid ""
1963
"This section explains Apache2 server essential configuration parameters. "
1964
"Refer to the <ulink url=\"http://httpd.apache.org/docs/2.2/\">Apache2 "
1965
"Documentation</ulink> for more details."
1966
msgstr ""
1967
1968
#: serverguide/C/web-servers.xml:150(para)
1969
msgid ""
1970
"Apache2 ships with a virtual-host-friendly default configuration. That is, "
1971
"it is configured with a single default virtual host (using the "
1972
"<emphasis>VirtualHost</emphasis> directive) which can modified or used as-is "
1973
"if you have a single site, or used as a template for additional virtual "
1974
"hosts if you have multiple sites. If left alone, the default virtual host "
1975
"will serve as your default site, or the site users will see if the URL they "
1976
"enter does not match the <emphasis>ServerName</emphasis> directive of any of "
1977
"your custom sites. To modify the default virtual host, edit the file "
1978
"<filename>/etc/apache2/sites-available/default</filename>."
1979
msgstr ""
1980
1981
#: serverguide/C/web-servers.xml:163(para)
1982
msgid ""
1983
"The directives set for a virtual host only apply to that particular virtual "
1984
"host. If a directive is set server-wide and not defined within the virtual "
1985
"host settings, the default setting is used. For example, you can define a "
1986
"Webmaster email address and not define individual email addresses for each "
1987
"virtual host."
1988
msgstr ""
1989
1990
#: serverguide/C/web-servers.xml:171(para)
1991
msgid ""
1992
"If you wish to configure a new virtual host or site, copy that file into the "
1993
"same directory with a name you choose. For example:"
1994
msgstr ""
1995
1996
#: serverguide/C/web-servers.xml:177(command)
1997
msgid ""
1998
"sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-"
1999
"available/mynewsite"
2000
msgstr ""
2001
"sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-"
2002
"available/mynewsite"
2003
2004
#: serverguide/C/web-servers.xml:180(para)
2005
msgid ""
2006
"Edit the new file to configure the new site using some of the directives "
2007
"described below."
2008
msgstr ""
2009
2010
#: serverguide/C/web-servers.xml:187(para)
2011
msgid ""
2012
"The <emphasis>ServerAdmin</emphasis> directive specifies the email address "
2013
"to be advertised for the server's administrator. The default value is "
2014
"webmaster@localhost. This should be changed to an email address that is "
2015
"delivered to you (if you are the server's administrator). If your website "
2016
"has a problem, Apache2 will display an error message containing this email "
2017
"address to report the problem to. Find this directive in your site's "
2018
"configuration file in /etc/apache2/sites-available."
2019
msgstr ""
2020
2021
#: serverguide/C/web-servers.xml:198(para)
2022
msgid ""
2023
"The <emphasis>Listen</emphasis> directive specifies the port, and optionally "
2024
"the IP address, Apache2 should listen on. If the IP address is not "
2025
"specified, Apache2 will listen on all IP addresses assigned to the machine "
2026
"it runs on. The default value for the Listen directive is 80. Change this to "
2027
"127.0.0.1:80 to cause Apache2 to listen only on your loopback interface so "
2028
"that it will not be available to the Internet, to (for example) 81 to change "
2029
"the port that it listens on, or leave it as is for normal operation. This "
2030
"directive can be found and changed in its own file, "
2031
"<filename>/etc/apache2/ports.conf</filename>"
2032
msgstr ""
2033
2034
#: serverguide/C/web-servers.xml:211(para)
2035
msgid ""
2036
"The <emphasis>ServerName</emphasis> directive is optional and specifies what "
2037
"FQDN your site should answer to. The default virtual host has no ServerName "
2038
"directive specified, so it will respond to all requests that do not match a "
2039
"ServerName directive in another virtual host. If you have just acquired the "
2040
"domain name ubunturocks.com and wish to host it on your Ubuntu server, the "
2041
"value of the ServerName directive in your virtual host configuration file "
2042
"should be ubunturocks.com. Add this directive to the new virtual host file "
2043
"you created earlier (<filename>/etc/apache2/sites-"
2044
"available/mynewsite</filename>)."
2045
msgstr ""
2046
2047
#: serverguide/C/web-servers.xml:223(para)
2048
msgid ""
2049
"You may also want your site to respond to www.ubunturocks.com, since many "
2050
"users will assume the www prefix is appropriate. Use the "
2051
"<emphasis>ServerAlias</emphasis> directive for this. You may also use "
2052
"wildcards in the ServerAlias directive."
2053
msgstr ""
2054
2055
#: serverguide/C/web-servers.xml:230(para)
2056
msgid ""
2057
"For example, the following configuration will cause your site to respond to "
2058
"any domain request ending in <emphasis>.ubunturocks.com</emphasis>."
2059
msgstr ""
2060
2061
#: serverguide/C/web-servers.xml:236(programlisting)
2062
#, no-wrap
2063
msgid ""
2064
"\n"
2065
"ServerAlias *.ubunturocks.com\n"
2066
msgstr ""
2067
"\n"
2068
"ServerAlias *.ubunturocks.com\n"
2069
2070
#: serverguide/C/web-servers.xml:242(para)
2071
msgid ""
2072
"The <emphasis>DocumentRoot</emphasis> directive specifies where Apache2 "
2073
"should look for the files that make up the site. The default value is "
2074
"/var/www. No site is configured there, but if you uncomment the "
2075
"<emphasis>RedirectMatch</emphasis> directive in "
2076
"<filename>/etc/apache2/apache2.conf</filename> requests will be redirected "
2077
"to /var/www/apache2-default where the default Apache2 site awaits. Change "
2078
"this value in your site's virtual host file, and remember to create that "
2079
"directory if necessary!"
2080
msgstr ""
2081
2082
#: serverguide/C/web-servers.xml:254(para)
2083
msgid ""
2084
"The /etc/apache2/sites-available directory is <emphasis role=\"bold\"> "
2085
"not</emphasis> parsed by Apache2. Symbolic links in /etc/apache2/sites-"
2086
"enabled point to \"available\" sites."
2087
msgstr ""
2088
2089
#: serverguide/C/web-servers.xml:260(para)
2090
msgid ""
2091
"Enable the new <emphasis>VirtualHost</emphasis> using the "
2092
"<application>a2ensite</application> utility and restart Apache2:"
2093
msgstr ""
2094
2095
#: serverguide/C/web-servers.xml:266(command)
2096
msgid "sudo a2ensite mynewsite"
2097
msgstr "sudo a2ensite mynewsite"
2098
2099
#: serverguide/C/web-servers.xml:267(command) serverguide/C/web-servers.xml:285(command) serverguide/C/web-servers.xml:538(command) serverguide/C/web-servers.xml:547(command) serverguide/C/web-servers.xml:606(command) serverguide/C/mail.xml:932(command) serverguide/C/lamp-applications.xml:228(command)
2100
msgid "sudo /etc/init.d/apache2 restart"
2101
msgstr "sudo /etc/init.d/apache2 restart"
2102
2103
#: serverguide/C/web-servers.xml:271(para)
2104
msgid ""
2105
"Be sure to replace <emphasis>mynewsite</emphasis> with a more descriptive "
2106
"name for the VirtualHost. One method is to name the file after the "
2107
"<emphasis>ServerName</emphasis> directive of the VirtualHost."
2108
msgstr ""
2109
2110
#: serverguide/C/web-servers.xml:278(para)
2111
msgid ""
2112
"Similarly, use the <application>a2dissite</application> utility to disable "
2113
"sites. This is can be useful when troubleshooting configuration problems "
2114
"with multiple VirtualHosts:"
2115
msgstr ""
2116
2117
#: serverguide/C/web-servers.xml:284(command)
2118
msgid "sudo a2dissite mynewsite"
2119
msgstr "sudo a2dissite mynewsite"
2120
2121
#: serverguide/C/web-servers.xml:290(title)
2122
msgid "Default Settings"
2123
msgstr "默认设定"
2124
2125
#: serverguide/C/web-servers.xml:292(para)
2126
msgid ""
2127
"This section explains configuration of the Apache2 server default settings. "
2128
"For example, if you add a virtual host, the settings you configure for the "
2129
"virtual host take precedence for that virtual host. For a directive not "
2130
"defined within the virtual host settings, the default value is used."
2131
msgstr ""
2132
2133
#: serverguide/C/web-servers.xml:304(para)
2134
msgid ""
2135
"The <emphasis>DirectoryIndex</emphasis> is the default page served by the "
2136
"server when a user requests an index of a directory by specifying a forward "
2137
"slash (/) at the end of the directory name."
2138
msgstr ""
2139
2140
#: serverguide/C/web-servers.xml:311(para)
2141
msgid ""
2142
"For example, when a user requests the page "
2143
"http://www.example.com/this_directory/, he or she will get either the "
2144
"DirectoryIndex page if it exists, a server-generated directory list if it "
2145
"does not and the Indexes option is specified, or a Permission Denied page if "
2146
"neither is true. The server will try to find one of the files listed in the "
2147
"DirectoryIndex directive and will return the first one it finds. If it does "
2148
"not find any of these files and if <emphasis>Options Indexes</emphasis> is "
2149
"set for that directory, the server will generate and return a list, in HTML "
2150
"format, of the subdirectories and files in the directory. The default value, "
2151
"found in <filename>/etc/apache2/mods-available/dir.conf</filename> is "
2152
"\"index.html index.cgi index.pl index.php index.xhtml index.htm\". Thus, if "
2153
"Apache2 finds a file in a requested directory matching any of these names, "
2154
"the first will be displayed."
2155
msgstr ""
2156
2157
#: serverguide/C/web-servers.xml:332(para)
2158
msgid ""
2159
"The <emphasis>ErrorDocument</emphasis> directive allows you to specify a "
2160
"file for Apache2 to use for specific error events. For example, if a user "
2161
"requests a resource that does not exist, a 404 error will occur, and per "
2162
"Apache2's default configuration, the file "
2163
"<filename>/usr/share/apache2/error/HTTP_NOT_FOUND.html.var </filename> will "
2164
"be displayed. That file is not in the server's DocumentRoot, but there is an "
2165
"Alias directive in <filename>/etc/apache2/apache2.conf</filename> that "
2166
"redirects requests to the /error directory to "
2167
"<filename>/usr/share/apache2/error/</filename>."
2168
msgstr ""
2169
2170
#: serverguide/C/web-servers.xml:344(para)
2171
msgid ""
2172
"To see a list of the default ErrorDocument directives, use this command:"
2173
msgstr ""
2174
2175
#: serverguide/C/web-servers.xml:350(command)
2176
msgid "grep ErrorDocument /etc/apache2/apache2.conf"
2177
msgstr "grep ErrorDocument /etc/apache2/apache2.conf"
2178
2179
#: serverguide/C/web-servers.xml:355(para)
2180
msgid ""
2181
"By default, the server writes the transfer log to the file "
2182
"<filename>/var/log/apache2/access.log</filename>. You can change this on a "
2183
"per-site basis in your virtual host configuration files with the "
2184
"<emphasis>CustomLog</emphasis> directive, or omit it to accept the default, "
2185
"specified in <filename> /etc/apache2/apache2.conf</filename>. You may also "
2186
"specify the file to which errors are logged, via the "
2187
"<emphasis>ErrorLog</emphasis> directive, whose default is "
2188
"<filename>/var/log/apache2/error.log</filename>. These are kept separate "
2189
"from the transfer logs to aid in troubleshooting problems with your Apache2 "
2190
"server. You may also specify the <emphasis>LogLevel</emphasis> (the default "
2191
"value is \"warn\") and the <emphasis>LogFormat</emphasis> (see <filename> "
2192
"/etc/apache2/apache2.conf</filename> for the default value)."
2193
msgstr ""
2194
2195
#: serverguide/C/web-servers.xml:370(para)
2196
msgid ""
2197
"Some options are specified on a per-directory basis rather than per-server. "
2198
"<emphasis>Options</emphasis> is one of these directives. A Directory stanza "
2199
"is enclosed in XML-like tags, like so:"
2200
msgstr ""
2201
2202
#: serverguide/C/web-servers.xml:376(programlisting)
2203
#, no-wrap
2204
msgid ""
2205
"\n"
2206
"<Directory /var/www/mynewsite>\n"
2207
"...\n"
2208
"</Directory>\n"
2209
msgstr ""
2210
"\n"
2211
"<Directory /var/www/mynewsite>\n"
2212
"...\n"
2213
"</Directory>\n"
2214
2215
#: serverguide/C/web-servers.xml:382(para)
2216
msgid ""
2217
"The <emphasis>Options</emphasis> directive within a Directory stanza accepts "
2218
"one or more of the following values (among others), separated by spaces:"
2219
msgstr ""
2220
2221
#: serverguide/C/web-servers.xml:394(para)
2222
msgid ""
2223
"Most files should not be executed as CGI scripts. This would be very "
2224
"dangerous. CGI scripts should kept in a directory separate from and outside "
2225
"your DocumentRoot, and only this directory should have the ExecCGI option "
2226
"set. This is the default, and the default location for CGI scripts is "
2227
"<filename>/usr/lib/cgi-bin</filename>."
2228
msgstr ""
2229
2230
#: serverguide/C/web-servers.xml:389(para)
2231
msgid ""
2232
"<emphasis role=\"bold\">ExecCGI</emphasis> - Allow execution of CGI scripts. "
2233
"CGI scripts are not executed if this option is not chosen. <placeholder-1/>"
2234
msgstr ""
2235
2236
#: serverguide/C/web-servers.xml:405(para)
2237
msgid ""
2238
"<emphasis role=\"bold\">Includes</emphasis> - Allow server-side includes. "
2239
"Server-side includes allow an HTML file to <emphasis> include</emphasis> "
2240
"other files. This is not a common option. See <ulink "
2241
"url=\"http://httpd.apache.org/docs/2.2/howto/ssi.html\">the Apache2 SSI "
2242
"HOWTO</ulink> for more information."
2243
msgstr ""
2244
2245
#: serverguide/C/web-servers.xml:414(para)
2246
msgid ""
2247
"<emphasis role=\"bold\">IncludesNOEXEC</emphasis> - Allow server-side "
2248
"includes, but disable the <emphasis>#exec</emphasis> and "
2249
"<emphasis>#include</emphasis> commands in CGI scripts."
2250
msgstr ""
2251
2252
#: serverguide/C/web-servers.xml:426(para)
2253
msgid ""
2254
"For security reasons, this should usually not be set, and certainly should "
2255
"not be set on your DocumentRoot directory. Enable this option carefully on a "
2256
"per-directory basis only if you are certain you want users to see the entire "
2257
"contents of the directory."
2258
msgstr ""
2259
2260
#: serverguide/C/web-servers.xml:421(para)
2261
msgid ""
2262
"<emphasis role=\"bold\">Indexes</emphasis> - Display a formatted list of the "
2263
"directory's contents, if no <emphasis>DirectoryIndex</emphasis> (such as "
2264
"index.html) exists in the requested directory. <placeholder-1/>"
2265
msgstr ""
2266
2267
#: serverguide/C/web-servers.xml:436(para)
2268
msgid ""
2269
"<emphasis role=\"bold\">Multiview</emphasis> - Support content-negotiated "
2270
"multiviews; this option is disabled by default for security reasons. See the "
2271
"<ulink "
2272
"url=\"http://httpd.apache.org/docs/2.2/mod/mod_negotiation.html#multiviews\">"
2273
"Apache2 documentation on this option</ulink>."
2274
msgstr ""
2275
2276
#: serverguide/C/web-servers.xml:444(para)
2277
msgid ""
2278
"<emphasis role=\"bold\">SymLinksIfOwnerMatch</emphasis> - Only follow "
2279
"symbolic links if the target file or directory has the same owner as the "
2280
"link."
2281
msgstr ""
2282
2283
#: serverguide/C/web-servers.xml:456(title)
2284
msgid "httpd Settings"
2285
msgstr ""
2286
2287
#: serverguide/C/web-servers.xml:458(para)
2288
msgid ""
2289
"This section explains some basic <application>httpd</application> daemon "
2290
"configuration settings."
2291
msgstr ""
2292
2293
#: serverguide/C/web-servers.xml:462(para)
2294
msgid ""
2295
"<emphasis role=\"bold\">LockFile</emphasis> - The LockFile directive sets "
2296
"the path to the lockfile used when the server is compiled with either "
2297
"USE_FCNTL_SERIALIZED_ACCEPT or USE_FLOCK_SERIALIZED_ACCEPT. It must be "
2298
"stored on the local disk. It should be left to the default value unless the "
2299
"logs directory is located on an NFS share. If this is the case, the default "
2300
"value should be changed to a location on the local disk and to a directory "
2301
"that is readable only by root."
2302
msgstr ""
2303
2304
#: serverguide/C/web-servers.xml:471(para)
2305
msgid ""
2306
"<emphasis role=\"bold\">PidFile</emphasis> - The PidFile directive sets the "
2307
"file in which the server records its process ID (pid). This file should only "
2308
"be readable by root. In most cases, it should be left to the default value."
2309
msgstr ""
2310
2311
#: serverguide/C/web-servers.xml:477(para)
2312
msgid ""
2313
"<emphasis role=\"bold\">User</emphasis> - The User directive sets the userid "
2314
"used by the server to answer requests. This setting determines the server's "
2315
"access. Any files inaccessible to this user will also be inaccessible to "
2316
"your website's visitors. The default value for User is www-data."
2317
msgstr ""
2318
2319
#: serverguide/C/web-servers.xml:484(para)
2320
msgid ""
2321
"Unless you know exactly what you are doing, do not set the User directive to "
2322
"root. Using root as the User will create large security holes for your Web "
2323
"server."
2324
msgstr ""
2325
2326
#: serverguide/C/web-servers.xml:490(para)
2327
msgid ""
2328
"The Group directive is similar to the User directive. Group sets the group "
2329
"under which the server will answer requests. The default group is also www-"
2330
"data."
2331
msgstr ""
2332
2333
#: serverguide/C/web-servers.xml:496(title)
2334
msgid "Apache2 Modules"
2335
msgstr ""
2336
2337
#: serverguide/C/web-servers.xml:498(para)
2338
msgid ""
2339
"Apache2 is a modular server. This implies that only the most basic "
2340
"functionality is included in the core server. Extended features are "
2341
"available through modules which can be loaded into Apache2. By default, a "
2342
"base set of modules is included in the server at compile-time. If the server "
2343
"is compiled to use dynamically loaded modules, then modules can be compiled "
2344
"separately, and added at any time using the LoadModule directive. Otherwise, "
2345
"Apache2 must be recompiled to add or remove modules."
2346
msgstr ""
2347
2348
#: serverguide/C/web-servers.xml:510(para)
2349
msgid ""
2350
"Ubuntu compiles Apache2 to allow the dynamic loading of modules. "
2351
"Configuration directives may be conditionally included on the presence of a "
2352
"particular module by enclosing them in an "
2353
"<emphasis><IfModule></emphasis> block."
2354
msgstr ""
2355
2356
#: serverguide/C/web-servers.xml:517(para)
2357
msgid ""
2358
"You can install additional Apache2 modules and use them with your Web "
2359
"server. For example, run the following command from a terminal prompt to "
2360
"install the <emphasis>MySQL Authentication</emphasis> module:"
2361
msgstr ""
2362
2363
#: serverguide/C/web-servers.xml:524(command)
2364
msgid "sudo apt-get install libapache2-mod-auth-mysql"
2365
msgstr ""
2366
2367
#: serverguide/C/web-servers.xml:527(para)
2368
msgid ""
2369
"See the <filename>/etc/apache2/mods-available</filename> directory, for "
2370
"additional modules."
2371
msgstr ""
2372
2373
#: serverguide/C/web-servers.xml:531(para)
2374
msgid ""
2375
"Use the <application>a2enmod</application> utility to enable a module:"
2376
msgstr ""
2377
2378
#: serverguide/C/web-servers.xml:537(command)
2379
msgid "sudo a2enmod auth_mysql"
2380
msgstr ""
2381
2382
#: serverguide/C/web-servers.xml:541(para)
2383
msgid "Similarly, <application>a2dismod</application> will disable a module:"
2384
msgstr ""
2385
2386
#: serverguide/C/web-servers.xml:546(command)
2387
msgid "sudo a2dismod auth_mysql"
2388
msgstr ""
2389
2390
#: serverguide/C/web-servers.xml:553(title)
2391
msgid "HTTPS Configuration"
2392
msgstr ""
2393
2394
#: serverguide/C/web-servers.xml:555(para)
2395
msgid ""
2396
"The <application>mod_ssl</application> module adds an important feature to "
2397
"the Apache2 server - the ability to encrypt communications. Thus, when your "
2398
"browser is communicating using SSL, the https:// prefix is used at the "
2399
"beginning of the Uniform Resource Locator (URL) in the browser navigation "
2400
"bar."
2401
msgstr ""
2402
2403
#: serverguide/C/web-servers.xml:564(para)
2404
msgid ""
2405
"The <application>mod_ssl</application> module is available in "
2406
"<application>apache2-common</application> package. Execute the following "
2407
"command from a terminal prompt to enable the "
2408
"<application>mod_ssl</application> module:"
2409
msgstr ""
2410
2411
#: serverguide/C/web-servers.xml:571(command)
2412
msgid "sudo a2enmod ssl"
2413
msgstr ""
2414
2415
#: serverguide/C/web-servers.xml:574(para)
2416
msgid ""
2417
"There is a default HTTPS configuration file in <filename>/etc/apache2/sites-"
2418
"available/default-ssl</filename>. In order for "
2419
"<application>Apache2</application> to provide HTTPS, a "
2420
"<emphasis>certificate</emphasis> and <emphasis>key</emphasis> file are also "
2421
"needed. The default HTTPS configuration will use a certificate and key "
2422
"generated by the <application>ssl-cert</application> package. They are good "
2423
"for testing, but the auto-generated certificate and key should be replaced "
2424
"by a certificate specific to the site or server. For information on "
2425
"generating a key and obtaining a certificate see <xref "
2426
"linkend=\"certificates-and-security\"/>"
2427
msgstr ""
2428
2429
#: serverguide/C/web-servers.xml:584(para)
2430
msgid ""
2431
"To configure <application>Apache2</application> for HTTPS, enter the "
2432
"following:"
2433
msgstr ""
2434
2435
#: serverguide/C/web-servers.xml:589(command)
2436
msgid "sudo a2ensite default-ssl"
2437
msgstr ""
2438
2439
#: serverguide/C/web-servers.xml:593(para)
2440
msgid ""
2441
"The directories <filename>/etc/ssl/certs</filename> and "
2442
"<filename>/etc/ssl/private</filename> are the default locations. If you "
2443
"install the certificate and key in another directory make sure to change "
2444
"<emphasis>SSLCertificateFile</emphasis> and "
2445
"<emphasis>SSLCertificateKeyFile</emphasis> appropriately."
2446
msgstr ""
2447
2448
#: serverguide/C/web-servers.xml:600(para)
2449
msgid ""
2450
"With Apache2 now configured for HTTPS, restart the service to enable the new "
2451
"settings:"
2452
msgstr ""
2453
2454
#: serverguide/C/web-servers.xml:611(para)
2455
msgid ""
2456
"Depending on how you obtained your certificate you may need to enter a "
2457
"passphrase when <application>Apache2</application> starts."
2458
msgstr ""
2459
2460
#: serverguide/C/web-servers.xml:617(para)
2461
msgid ""
2462
"You can access the secure server pages by typing https://your_hostname/url/ "
2463
"in your browser address bar."
2464
msgstr ""
2465
2466
#: serverguide/C/web-servers.xml:628(para)
2467
msgid ""
2468
"<ulink url=\"http://httpd.apache.org/docs/2.2/\">Apache2 "
2469
"Documentation</ulink> contains in depth information on Apache2 configuration "
2470
"directives. Also, see the <application>apache2-doc</application> package for "
2471
"the official Apache2 docs."
2472
msgstr ""
2473
2474
#: serverguide/C/web-servers.xml:635(para)
2475
msgid ""
2476
"See the <ulink url=\"http://www.modssl.org/docs/\">Mod SSL "
2477
"Documentation</ulink> site for more SSL related information."
2478
msgstr ""
2479
2480
#: serverguide/C/web-servers.xml:641(para)
2481
msgid ""
2482
"O'Reilly's <ulink url=\"http://oreilly.com/catalog/9780596001919/\">Apache "
2483
"Cookbook</ulink> is a good resource for accomplishing specific Apache2 "
2484
"configurations."
2485
msgstr ""
2486
2487
#: serverguide/C/web-servers.xml:647(para)
2488
msgid ""
2489
"For Ubuntu specific Apache2 questions, ask in the <emphasis>#ubuntu-"
2490
"server</emphasis> IRC channel on <ulink "
2491
"url=\"http://freenode.net/\">freenode.net</ulink>."
2492
msgstr ""
2493
2494
#: serverguide/C/web-servers.xml:653(para)
2495
msgid ""
2496
"Usually integrated with PHP and MySQL the <ulink "
2497
"url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache MySQL PHP "
2498
"Ubuntu Wiki </ulink> page is a good resource."
2499
msgstr ""
2500
2501
#: serverguide/C/web-servers.xml:664(title)
2502
msgid "PHP5 - Scripting Language"
2503
msgstr ""
2504
2505
#: serverguide/C/web-servers.xml:665(para)
2506
msgid ""
2507
"PHP is a general-purpose scripting language suited for Web development. The "
2508
"PHP script can be embedded into HTML. This section explains how to install "
2509
"and configure PHP5 in Ubuntu System with Apache2 and MySQL."
2510
msgstr ""
2511
2512
#: serverguide/C/web-servers.xml:669(para)
2513
msgid ""
2514
"This section assumes you have installed and configured Apache2 Web Server "
2515
"and MySQL Database Server. You can refer to Apache2 section and MySQL "
2516
"sections in this document to install and configure Apache2 and MySQL "
2517
"respectively."
2518
msgstr ""
2519
2520
#: serverguide/C/web-servers.xml:676(para)
2521
msgid "The PHP5 is available in Ubuntu Linux."
2522
msgstr ""
2523
2524
#: serverguide/C/web-servers.xml:678(para)
2525
msgid ""
2526
"To install PHP5 you can enter the following command in the terminal prompt: "
2527
"<screen>\n"
2528
"<command>sudo apt-get install php5 libapache2-mod-php5</command>\n"
2529
"</screen>"
2530
msgstr ""
2531
2532
#: serverguide/C/web-servers.xml:687(para)
2533
msgid ""
2534
"You can run PHP5 scripts from command line. To run PHP5 scripts from command "
2535
"line you should install <application>php5-cli</application> package. To "
2536
"install <application>php5-cli</application> you can enter the following "
2537
"command in the terminal prompt: <screen>\n"
2538
"<command>sudo apt-get install php5-cli</command>\n"
2539
"</screen>"
2540
msgstr ""
2541
2542
#: serverguide/C/web-servers.xml:696(para)
2543
msgid ""
2544
"You can also execute PHP5 scripts without installing PHP5 Apache module. To "
2545
"accomplish this, you should install <application>php5-cgi</application> "
2546
"package. You can run the following command in a terminal prompt to install "
2547
"<application>php5-cgi</application> package: <screen>\n"
2548
"<command>sudo apt-get install php5-cgi</command>\n"
2549
"</screen>"
2550
msgstr ""
2551
2552
#: serverguide/C/web-servers.xml:706(para)
2553
msgid ""
2554
"To use <application>MySQL</application> with PHP5 you should install "
2555
"<application>php5-mysql</application> package. To install <application>php5-"
2556
"mysql</application> you can enter the following command in the terminal "
2557
"prompt: <screen>\n"
2558
"<command>sudo apt-get install php5-mysql</command>\n"
2559
"</screen>"
2560
msgstr ""
2561
2562
#: serverguide/C/web-servers.xml:714(para)
2563
msgid ""
2564
"Similarly, to use <application>PostgreSQL</application> with PHP5 you should "
2565
"install <application>php5-pgsql</application> package. To install "
2566
"<application>php5-pgsql</application> you can enter the following command in "
2567
"the terminal prompt: <screen>\n"
2568
"<command>sudo apt-get install php5-pgsql</command>\n"
2569
"</screen>"
2570
msgstr ""
2571
2572
#: serverguide/C/web-servers.xml:727(para)
2573
msgid ""
2574
"Once you install PHP5, you can run PHP5 scripts from your web browser. If "
2575
"you have installed <application>php5-cli</application> package, you can run "
2576
"PHP5 scripts from your command prompt."
2577
msgstr ""
2578
2579
#: serverguide/C/web-servers.xml:734(para)
2580
msgid ""
2581
"By default, the Apache 2 Web server is configured to run PHP5 scripts. In "
2582
"other words, the PHP5 module is enabled in Apache2 Web server automatically "
2583
"when you install the module. Please verify if the files "
2584
"<filename>/etc/apache2/mods-enabled/php5.conf</filename> and "
2585
"<filename>/etc/apache2/mods-enabled/php5.load</filename> exist. If they do "
2586
"not exists, you can enable the module using <command>a2enmod</command> "
2587
"command."
2588
msgstr ""
2589
2590
#: serverguide/C/web-servers.xml:745(para)
2591
msgid ""
2592
"Once you install PHP5 related packages and enabled PHP5 Apache 2 module, you "
2593
"should restart Apache2 Web server to run PHP5 scripts. You can run the "
2594
"following command at a terminal prompt to restart your web server: "
2595
"<screen><command>sudo /etc/init.d/apache2 restart</command> </screen>"
2596
msgstr ""
2597
2598
#: serverguide/C/web-servers.xml:753(title) serverguide/C/mail.xml:320(title) serverguide/C/mail.xml:1602(title) serverguide/C/dns.xml:343(title) serverguide/C/clustering.xml:184(title)
2599
msgid "Testing"
2600
msgstr ""
2601
2602
#: serverguide/C/web-servers.xml:754(para)
2603
msgid ""
2604
"To verify your installation, you can run following PHP5 phpinfo script:"
2605
msgstr ""
2606
2607
#: serverguide/C/web-servers.xml:757(programlisting)
2608
#, no-wrap
2609
msgid ""
2610
"\n"
2611
"<?php\n"
2612
" phpinfo();\n"
2613
"?>\n"
2614
msgstr ""
2615
2616
#: serverguide/C/web-servers.xml:762(para)
2617
msgid ""
2618
"You can save the content in a file <filename>phpinfo.php</filename> and "
2619
"place it under <command>DocumentRoot</command> directory of Apache2 Web "
2620
"server. When point your browser to "
2621
"<filename>http://hostname/phpinfo.php</filename>, it would display values of "
2622
"various PHP5 configuration parameters."
2623
msgstr ""
2624
2625
#: serverguide/C/web-servers.xml:776(para)
2626
msgid ""
2627
"For more in depth information see <ulink "
2628
"url=\"http://www.php.net/docs.php\">php.net</ulink> documentation."
2629
msgstr ""
2630
2631
#: serverguide/C/web-servers.xml:781(para)
2632
msgid ""
2633
"There are a plethora of books on PHP. Two good books from O'Reilly are "
2634
"<ulink url=\"http://oreilly.com/catalog/9780596005603/\">Learning PHP "
2635
"5</ulink> and the <ulink "
2636
"url=\"http://oreilly.com/catalog/9781565926813/\">PHP Cook Book</ulink>."
2637
msgstr ""
2638
2639
#: serverguide/C/web-servers.xml:788(para)
2640
msgid ""
2641
"Also, see the <ulink "
2642
"url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache MySQL PHP "
2643
"Ubuntu Wiki</ulink> page for more information."
2644
msgstr ""
2645
2646
#: serverguide/C/web-servers.xml:799(title)
2647
msgid "Squid - Proxy Server"
2648
msgstr ""
2649
2650
#: serverguide/C/web-servers.xml:800(para)
2651
msgid ""
2652
"Squid is a full-featured web proxy cache server application which provides "
2653
"proxy and cache services for Hyper Text Transport Protocol (HTTP), File "
2654
"Transfer Protocol (FTP), and other popular network protocols. Squid can "
2655
"implement caching and proxying of Secure Sockets Layer (SSL) requests and "
2656
"caching of Domain Name Server (DNS) lookups, and perform transparent "
2657
"caching. Squid also supports a wide variety of caching protocols, such as "
2658
"Internet Cache Protocol, (ICP) the Hyper Text Caching Protocol, (HTCP) the "
2659
"Cache Array Routing Protocol (CARP), and the Web Cache Coordination "
2660
"Protocol. (WCCP)"
2661
msgstr ""
2662
2663
#: serverguide/C/web-servers.xml:808(para)
2664
msgid ""
2665
"The Squid proxy cache server is an excellent solution to a variety of proxy "
2666
"and caching server needs, and scales from the branch office to enterprise "
2667
"level networks while providing extensive, granular access control mechanisms "
2668
"and monitoring of critical parameters via the Simple Network Management "
2669
"Protocol (SNMP). When selecting a computer system for use as a dedicated "
2670
"Squid proxy, or caching servers, ensure your system is configured with a "
2671
"large amount of physical memory, as Squid maintains an in-memory cache for "
2672
"increased performance."
2673
msgstr ""
2674
2675
#: serverguide/C/web-servers.xml:817(para)
2676
msgid ""
2677
"At a terminal prompt, enter the following command to install the Squid "
2678
"server:"
2679
msgstr ""
2680
2681
#: serverguide/C/web-servers.xml:822(command)
2682
msgid "sudo apt-get install squid"
2683
msgstr ""
2684
2685
#: serverguide/C/web-servers.xml:828(para)
2686
msgid ""
2687
"Squid is configured by editing the directives contained within the "
2688
"<filename>/etc/squid/squid.conf</filename> configuration file. The following "
2689
"examples illustrate some of the directives which may be modified to affect "
2690
"the behavior of the Squid server. For more in-depth configuration of Squid, "
2691
"see the References section."
2692
msgstr ""
2693
2694
#: serverguide/C/web-servers.xml:834(para)
2695
msgid ""
2696
"Prior to editing the configuration file, you should make a copy of the "
2697
"original file and protect it from writing so you will have the original "
2698
"settings as a reference, and to re-use as necessary."
2699
msgstr ""
2700
2701
#: serverguide/C/web-servers.xml:837(para)
2702
msgid ""
2703
"Copy the <filename>/etc/squid/squid.conf</filename> file and protect it from "
2704
"writing with the following commands entered at a terminal prompt:"
2705
msgstr ""
2706
2707
#: serverguide/C/web-servers.xml:842(command)
2708
msgid "sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.original"
2709
msgstr ""
2710
2711
#: serverguide/C/web-servers.xml:843(command)
2712
msgid "sudo chmod a-w /etc/squid/squid.conf.original"
2713
msgstr ""
2714
2715
#: serverguide/C/web-servers.xml:849(para)
2716
msgid ""
2717
"To set your Squid server to listen on TCP port 8888 instead of the default "
2718
"TCP port 3128, change the http_port directive as such:"
2719
msgstr ""
2720
2721
#: serverguide/C/web-servers.xml:853(programlisting)
2722
#, no-wrap
2723
msgid ""
2724
"\n"
2725
"http_port 8888\n"
2726
msgstr ""
2727
2728
#: serverguide/C/web-servers.xml:858(para)
2729
msgid ""
2730
"Change the visible_hostname directive in order to give the Squid server a "
2731
"specific hostname. This hostname does not necessarily need to be the "
2732
"computer's hostname. In this example it is set to <emphasis>weezie</emphasis>"
2733
msgstr ""
2734
2735
#: serverguide/C/web-servers.xml:862(programlisting)
2736
#, no-wrap
2737
msgid ""
2738
"\n"
2739
"visible_hostname weezie\n"
2740
msgstr ""
2741
2742
#: serverguide/C/web-servers.xml:867(para)
2743
msgid ""
2744
"Using Squid's access control, you may configure use of Internet services "
2745
"proxied by Squid to be available only users with certain Internet Protocol "
2746
"(IP) addresses. For example, we will illustrate access by users of the "
2747
"192.168.42.0/24 subnetwork only:"
2748
msgstr ""
2749
2750
#: serverguide/C/web-servers.xml:872(para) serverguide/C/web-servers.xml:892(para)
2751
msgid ""
2752
"Add the following to the <emphasis role=\"bold\">bottom</emphasis> of the "
2753
"ACL section of your <filename>/etc/squid/squid.conf</filename> file:"
2754
msgstr ""
2755
2756
#: serverguide/C/web-servers.xml:875(programlisting)
2757
#, no-wrap
2758
msgid ""
2759
"\n"
2760
"acl fortytwo_network src 192.168.42.0/24\n"
2761
msgstr ""
2762
2763
#: serverguide/C/web-servers.xml:878(para) serverguide/C/web-servers.xml:899(para)
2764
msgid ""
2765
"Then, add the following to the <emphasis role=\"bold\">top</emphasis> of the "
2766
"http_access section of your <filename>/etc/squid/squid.conf</filename> file:"
2767
msgstr ""
2768
2769
#: serverguide/C/web-servers.xml:882(programlisting)
2770
#, no-wrap
2771
msgid ""
2772
"\n"
2773
"http_access allow fortytwo_network\n"
2774
msgstr ""
2775
2776
#: serverguide/C/web-servers.xml:887(para)
2777
msgid ""
2778
"Using the excellent access control features of Squid, you may configure use "
2779
"of Internet services proxied by Squid to be available only during normal "
2780
"business hours. For example, we'll illustrate access by employees of a "
2781
"business which is operating between 9:00AM and 5:00PM, Monday through "
2782
"Friday, and which uses the 10.1.42.0/42 subnetwork:"
2783
msgstr ""
2784
2785
#: serverguide/C/web-servers.xml:895(programlisting)
2786
#, no-wrap
2787
msgid ""
2788
"\n"
2789
"acl biz_network src 10.1.42.0/24\n"
2790
"acl biz_hours time M T W T F 9:00-17:00\n"
2791
msgstr ""
2792
2793
#: serverguide/C/web-servers.xml:903(programlisting)
2794
#, no-wrap
2795
msgid ""
2796
"\n"
2797
"http_access allow biz_network biz_hours\n"
2798
msgstr ""
2799
2800
#: serverguide/C/web-servers.xml:910(para)
2801
msgid ""
2802
"After making changes to the <filename>/etc/squid/squid.conf</filename> file, "
2803
"save the file and restart the <application>squid</application> server "
2804
"application to effect the changes using the following command entered at a "
2805
"terminal prompt:"
2806
msgstr ""
2807
2808
#: serverguide/C/web-servers.xml:917(command)
2809
msgid "sudo /etc/init.d/squid restart"
2810
msgstr ""
2811
2812
#: serverguide/C/web-servers.xml:924(ulink)
2813
msgid "Squid Website"
2814
msgstr ""
2815
2816
#: serverguide/C/web-servers.xml:926(para)
2817
msgid ""
2818
"<ulink url=\"https://help.ubuntu.com/community/Squid\">Ubuntu Wiki "
2819
"Squid</ulink> page."
2820
msgstr ""
2821
2822
#: serverguide/C/web-servers.xml:933(title)
2823
msgid "Ruby on Rails"
2824
msgstr ""
2825
2826
#: serverguide/C/web-servers.xml:934(para)
2827
msgid ""
2828
"Ruby on Rails is an open source web framework for developing database backed "
2829
"web applications. It is optimized for sustainable productivity of the "
2830
"programmer since it lets the programmer to write code by favouring "
2831
"convention over configuration."
2832
msgstr ""
2833
2834
#: serverguide/C/web-servers.xml:941(para)
2835
msgid ""
2836
"Before installing <application>Rails</application> you should install "
2837
"<application>Apache</application> and <application>MySQL</application>. To "
2838
"install the <application>Apache</application> package, please refer to <xref "
2839
"linkend=\"httpd\"/>. For instructions on installing "
2840
"<application>MySQL</application> refer to <xref linkend=\"mysql\"/>."
2841
msgstr ""
2842
2843
#: serverguide/C/web-servers.xml:949(para)
2844
msgid ""
2845
"Once you have <application>Apache</application> and "
2846
"<application>MySQL</application> packages installed, you are ready to "
2847
"install <application>Ruby on Rails</application> package."
2848
msgstr ""
2849
2850
#: serverguide/C/web-servers.xml:956(para)
2851
msgid ""
2852
"To install the <application>Ruby</application> base packages and "
2853
"<application>Ruby on Rails</application>, you can enter the following "
2854
"command in the terminal prompt:"
2855
msgstr ""
2856
2857
#: serverguide/C/web-servers.xml:962(command)
2858
msgid "sudo apt-get install rails"
2859
msgstr ""
2860
2861
#: serverguide/C/web-servers.xml:968(para)
2862
msgid ""
2863
"Modify the <filename>/etc/apache2/sites-available/default</filename> "
2864
"configuration file to setup your domains."
2865
msgstr ""
2866
2867
#: serverguide/C/web-servers.xml:972(para)
2868
msgid ""
2869
"The first thing to change is the <emphasis>DocumentRoot</emphasis> directive:"
2870
msgstr ""
2871
2872
#: serverguide/C/web-servers.xml:976(programlisting)
2873
#, no-wrap
2874
msgid ""
2875
"\n"
2876
"DocumentRoot /path/to/rails/application/public\n"
2877
msgstr ""
2878
2879
#: serverguide/C/web-servers.xml:979(para)
2880
msgid ""
2881
"Next, change the <Directory \"/path/to/rails/application/public\"> "
2882
"directive:"
2883
msgstr ""
2884
2885
#: serverguide/C/web-servers.xml:983(programlisting)
2886
#, no-wrap
2887
msgid ""
2888
"\n"
2889
"<Directory \"/path/to/rails/application/public\">\n"
2890
" Options Indexes FollowSymLinks MultiViews ExecCGI\n"
2891
" AllowOverride All\n"
2892
" Order allow,deny\n"
2893
" allow from all\n"
2894
" AddHandler cgi-script .cgi\n"
2895
"</Directory>\n"
2896
msgstr ""
2897
2898
#: serverguide/C/web-servers.xml:993(para)
2899
msgid ""
2900
"You should also enable the <application>mod_rewrite</application> module for "
2901
"Apache. To enable <application>mod_rewrite</application> module, please "
2902
"enter the following command in a terminal prompt:"
2903
msgstr ""
2904
2905
#: serverguide/C/web-servers.xml:999(command)
2906
msgid "sudo a2enmod rewrite"
2907
msgstr ""
2908
2909
#: serverguide/C/web-servers.xml:1002(para)
2910
msgid ""
2911
"Finally you will need to change the ownership of the "
2912
"<filename>/path/to/rails/application/public</filename> and "
2913
"<filename>/path/to/rails/application/tmp</filename> directories to the user "
2914
"used to run the <application>Apache</application> process:"
2915
msgstr ""
2916
2917
#: serverguide/C/web-servers.xml:1008(command)
2918
msgid "sudo chown -R www-data:www-data /path/to/rails/application/public"
2919
msgstr ""
2920
2921
#: serverguide/C/web-servers.xml:1009(command)
2922
msgid "sudo chown -R www-data:www-data /path/to/rails/application/tmp"
2923
msgstr ""
2924
2925
#: serverguide/C/web-servers.xml:1012(para)
2926
msgid ""
2927
"That's it! Now you have your Server ready for your <application>Ruby on "
2928
"Rails</application> applications."
2929
msgstr ""
2930
2931
#: serverguide/C/web-servers.xml:1021(para)
2932
msgid ""
2933
"See the <ulink url=\"http://rubyonrails.org/\">Ruby on Rails</ulink> website "
2934
"for more information."
2935
msgstr ""
2936
2937
#: serverguide/C/web-servers.xml:1026(para)
2938
msgid ""
2939
"Also <ulink url=\"http://pragprog.com/titles/rails3/agile-web-development-"
2940
"with-rails-third-edition\">Agile Development with Rails</ulink> is a great "
2941
"resource."
2942
msgstr ""
2943
2944
#: serverguide/C/web-servers.xml:1032(para)
2945
msgid ""
2946
"Another place for more information is the <ulink "
2947
"url=\"https://help.ubuntu.com/community/RubyOnRails\">Ruby on Rails Ubuntu "
2948
"Wiki</ulink> page."
2949
msgstr ""
2950
2951
#: serverguide/C/web-servers.xml:1043(title)
2952
msgid "Apache Tomcat"
2953
msgstr ""
2954
2955
#: serverguide/C/web-servers.xml:1044(para)
2956
msgid ""
2957
"Apache Tomcat is a web container that allows you to serve Java Servlets and "
2958
"JSP (Java Server Pages) web applications."
2959
msgstr ""
2960
2961
#: serverguide/C/web-servers.xml:1046(para)
2962
msgid ""
2963
"The <application>Tomcat 6.0</application> packages in Ubuntu support two "
2964
"different ways of running Tomcat. You can install them as a classic unique "
2965
"system-wide instance, that will be started at boot time and will run as the "
2966
"tomcat6 unpriviledged user. But you can also deploy private instances that "
2967
"will run with your own user rights, and that you should start and stop by "
2968
"yourself. This second way is particularly useful in a development server "
2969
"context where multiple users need to test on their own private Tomcat "
2970
"instances."
2971
msgstr ""
2972
2973
#: serverguide/C/web-servers.xml:1056(title)
2974
msgid "System-wide installation"
2975
msgstr ""
2976
2977
#: serverguide/C/web-servers.xml:1057(para)
2978
msgid ""
2979
"To install the <application>Tomcat</application> server, you can enter the "
2980
"following command in the terminal prompt:"
2981
msgstr ""
2982
2983
#: serverguide/C/web-servers.xml:1060(command)
2984
msgid "sudo apt-get install tomcat6"
2985
msgstr ""
2986
2987
#: serverguide/C/web-servers.xml:1062(para)
2988
msgid ""
2989
"This will install a Tomcat server with just a default ROOT webapp that "
2990
"displays a minimal \"It works\" page by default."
2991
msgstr ""
2992
2993
#: serverguide/C/web-servers.xml:1068(para)
2994
msgid ""
2995
"Tomcat configuration files can be found in "
2996
"<filename>/etc/tomcat6</filename>. Only a few common configuration tweaks "
2997
"will be described here, please see <ulink "
2998
"url=\"http://tomcat.apache.org/tomcat-6.0-doc/index.html\">Tomcat 6.0 "
2999
"documentation</ulink> for more."
3000
msgstr ""
3001
3002
#: serverguide/C/web-servers.xml:1074(title)
3003
msgid "Changing default ports"
3004
msgstr ""
3005
3006
#: serverguide/C/web-servers.xml:1075(para)
3007
msgid ""
3008
"By default Tomcat 6.0 runs a HTTP connector on port 8080 and an AJP "
3009
"connector on port 8009. You might want to change those default ports to "
3010
"avoid conflict with another server on the system. This is done by changing "
3011
"the following lines in <filename>/etc/tomcat6/server.xml</filename>:"
3012
msgstr ""
3013
3014
#: serverguide/C/web-servers.xml:1080(programlisting)
3015
#, no-wrap
3016
msgid ""
3017
"\n"
3018
"<Connector port=\"8080\" protocol=\"HTTP/1.1\" \n"
3019
" connectionTimeout=\"20000\" \n"
3020
" redirectPort=\"8443\" />\n"
3021
"...\n"
3022
"<Connector port=\"8009\" protocol=\"AJP/1.3\" redirectPort=\"8443\" "
3023
"/>\n"
3024
msgstr ""
3025
3026
#: serverguide/C/web-servers.xml:1089(title)
3027
msgid "Changing JVM used"
3028
msgstr ""
3029
3030
#: serverguide/C/web-servers.xml:1090(para)
3031
msgid ""
3032
"By default Tomcat will run preferably with OpenJDK-6, then try Sun's JVM, "
3033
"then try some other JVMs. If you have various JVMs installed, you can set "
3034
"which should be used by setting JAVA_HOME in "
3035
"<filename>/etc/default/tomcat6</filename>:"
3036
msgstr ""
3037
3038
#: serverguide/C/web-servers.xml:1094(programlisting)
3039
#, no-wrap
3040
msgid ""
3041
"\n"
3042
"JAVA_HOME=/usr/lib/jvm/java-6-sun\n"
3043
msgstr ""
3044
3045
#: serverguide/C/web-servers.xml:1099(title)
3046
msgid "Declaring users and roles"
3047
msgstr ""
3048
3049
#: serverguide/C/web-servers.xml:1100(para)
3050
msgid ""
3051
"Usernames, passwords and roles (groups) can be defined centrally in a "
3052
"Servlet container. In Tomcat 6.0 this is done in the "
3053
"<filename>/etc/tomcat6/tomcat-users.xml</filename> file:"
3054
msgstr ""
3055
3056
#: serverguide/C/web-servers.xml:1103(programlisting)
3057
#, no-wrap
3058
msgid ""
3059
"\n"
3060
"<role rolename=\"admin\"/>\n"
3061
"<user username=\"tomcat\" password=\"s3cret\" roles=\"admin\"/>\n"
3062
msgstr ""
3063
3064
#: serverguide/C/web-servers.xml:1111(title)
3065
msgid "Using Tomcat standard webapps"
3066
msgstr ""
3067
3068
#: serverguide/C/web-servers.xml:1112(para)
3069
msgid ""
3070
"Tomcat is shipped with webapps that you can install for documentation, "
3071
"administration or demo purposes."
3072
msgstr ""
3073
3074
#: serverguide/C/web-servers.xml:1115(title)
3075
msgid "Tomcat documentation"
3076
msgstr ""
3077
3078
#: serverguide/C/web-servers.xml:1116(para)
3079
msgid ""
3080
"The <application>tomcat6-docs</application> package contains Tomcat 6.0 "
3081
"documentation, packaged as a webapp that you can access by default at "
3082
"http://yourserver:8080/docs. You can install it by entering the following "
3083
"command in the terminal prompt:"
3084
msgstr ""
3085
3086
#: serverguide/C/web-servers.xml:1121(command)
3087
msgid "sudo apt-get install tomcat6-docs"
3088
msgstr ""
3089
3090
#: serverguide/C/web-servers.xml:1125(title)
3091
msgid "Tomcat administration webapps"
3092
msgstr ""
3093
3094
#: serverguide/C/web-servers.xml:1126(para)
3095
msgid ""
3096
"The <application>tomcat6-admin</application> package contains two webapps "
3097
"that can be used to administer the Tomcat server using a web interface. You "
3098
"can install them by entering the following command in the terminal prompt:"
3099
msgstr ""
3100
3101
#: serverguide/C/web-servers.xml:1131(command)
3102
msgid "sudo apt-get install tomcat6-admin"
3103
msgstr ""
3104
3105
#: serverguide/C/web-servers.xml:1133(para)
3106
msgid ""
3107
"The first one is the <emphasis>manager</emphasis> webapp, which you can "
3108
"access by default at http://yourserver:8080/manager/html. It is primarily "
3109
"used to get server status and restart webapps."
3110
msgstr ""
3111
3112
#: serverguide/C/web-servers.xml:1136(para)
3113
msgid ""
3114
"Access to the <emphasis>manager</emphasis> application is protected by "
3115
"default: you need to define a user with the role \"manager\" in "
3116
"<filename>/etc/tomcat6/tomcat-users.xml</filename> before you can access it."
3117
msgstr ""
3118
3119
#: serverguide/C/web-servers.xml:1140(para)
3120
msgid ""
3121
"The second one is the <emphasis>host-manager</emphasis> webapp, which you "
3122
"can access by default at http://yourserver:8080/host-manager/html. It can be "
3123
"used to create virtual hosts dynamically."
3124
msgstr ""
3125
3126
#: serverguide/C/web-servers.xml:1144(para)
3127
msgid ""
3128
"Access to the <emphasis>host-manager</emphasis> application is also "
3129
"protected by default: you need to define a user with the role \"admin\" in "
3130
"<filename>/etc/tomcat6/tomcat-users.xml</filename> before you can access it."
3131
msgstr ""
3132
3133
#: serverguide/C/web-servers.xml:1149(para)
3134
msgid ""
3135
"For security reasons, the tomcat6 user cannot write to the "
3136
"<filename>/etc/tomcat6</filename> directory by default. Some features in "
3137
"these admin webapps (application deployment, virtual host creation) need "
3138
"write access to that directory. If you want to use these features execute "
3139
"the following, to give users in the tomcat6 group the necessary rights:"
3140
msgstr ""
3141
3142
#: serverguide/C/web-servers.xml:1156(command)
3143
msgid "sudo chgrp -R tomcat6 /etc/tomcat6"
3144
msgstr ""
3145
3146
#: serverguide/C/web-servers.xml:1157(command)
3147
msgid "sudo chmod -R g+w /etc/tomcat6"
3148
msgstr ""
3149
3150
#: serverguide/C/web-servers.xml:1162(title)
3151
msgid "Tomcat examples webapps"
3152
msgstr ""
3153
3154
#: serverguide/C/web-servers.xml:1163(para)
3155
msgid ""
3156
"The <application>tomcat6-examples</application> package contains two webapps "
3157
"that can be used to test or demonstrate Servlets and JSP features, which you "
3158
"can access them by default at http://yourserver:8080/examples. You can "
3159
"install them by entering the following command in the terminal prompt:"
3160
msgstr ""
3161
3162
#: serverguide/C/web-servers.xml:1169(command)
3163
msgid "sudo apt-get install tomcat6-examples"
3164
msgstr ""
3165
3166
#: serverguide/C/web-servers.xml:1175(title)
3167
msgid "Using private instances"
3168
msgstr ""
3169
3170
#: serverguide/C/web-servers.xml:1176(para)
3171
msgid ""
3172
"Tomcat is heavily used in development and testing scenarios where using a "
3173
"single system-wide instance doesn't meet the requirements of multiple users "
3174
"on a single system. The Tomcat 6.0 packages in Ubuntu come with tools to "
3175
"help deploy your own user-oriented instances, allowing every user on a "
3176
"system to run (without root rights) separate private instances while still "
3177
"using the system-installed libraries."
3178
msgstr ""
3179
3180
#: serverguide/C/web-servers.xml:1183(para)
3181
msgid ""
3182
"It is possible to run the system-wide instance and the private instances in "
3183
"parallel, as long as they do not use the same TCP ports."
3184
msgstr ""
3185
3186
#: serverguide/C/web-servers.xml:1187(title)
3187
msgid "Installing private instance support"
3188
msgstr ""
3189
3190
#: serverguide/C/web-servers.xml:1188(para)
3191
msgid ""
3192
"You can install everything necessary to run private instances by entering "
3193
"the following command in the terminal prompt:"
3194
msgstr ""
3195
3196
#: serverguide/C/web-servers.xml:1191(command)
3197
msgid "sudo apt-get install tomcat6-user"
3198
msgstr ""
3199
3200
#: serverguide/C/web-servers.xml:1195(title)
3201
msgid "Creating a private instance"
3202
msgstr ""
3203
3204
#: serverguide/C/web-servers.xml:1196(para)
3205
msgid ""
3206
"You can create a private instance directory by entering the following "
3207
"command in the terminal prompt:"
3208
msgstr ""
3209
3210
#: serverguide/C/web-servers.xml:1199(command)
3211
msgid "tomcat6-instance-create my-instance"
3212
msgstr ""
3213
3214
#: serverguide/C/web-servers.xml:1201(para)
3215
msgid ""
3216
"This will create a new <filename>my-instance</filename> directory with all "
3217
"the necessary subdirectories and scripts. You can for example install your "
3218
"common libraries in the <filename>lib/</filename> subdirectory and deploy "
3219
"your webapps in the <filename>webapps/</filename> subdirectory. No webapps "
3220
"are deployed by default."
3221
msgstr ""
3222
3223
#: serverguide/C/web-servers.xml:1209(title)
3224
msgid "Configuring your private instance"
3225
msgstr ""
3226
3227
#: serverguide/C/web-servers.xml:1210(para)
3228
msgid ""
3229
"You will find the classic Tomcat configuration files for your private "
3230
"instance in the <filename>conf/</filename> subdirectory. You should for "
3231
"example certainly edit the <filename>conf/server.xml</filename> file to "
3232
"change the default ports used by your private Tomcat instance to avoid "
3233
"conflict with other instances that might be running."
3234
msgstr ""
3235
3236
#: serverguide/C/web-servers.xml:1218(title)
3237
msgid "Starting/stopping your private instance"
3238
msgstr ""
3239
3240
#: serverguide/C/web-servers.xml:1219(para)
3241
msgid ""
3242
"You can start your private instance by entering the following command in the "
3243
"terminal prompt (supposing your instance is located in the <filename>my-"
3244
"instance</filename> directory):"
3245
msgstr ""
3246
3247
#: serverguide/C/web-servers.xml:1223(command)
3248
msgid "my-instance/bin/startup.sh"
3249
msgstr ""
3250
3251
#: serverguide/C/web-servers.xml:1225(para)
3252
msgid ""
3253
"You should check the <filename>logs/</filename> subdirectory for any error. "
3254
"If you have a <emphasis>java.net.BindException: Address already in "
3255
"use<null>:8080</emphasis> error, it means that the port you're using "
3256
"is already taken and that you should change it."
3257
msgstr ""
3258
3259
#: serverguide/C/web-servers.xml:1230(para)
3260
msgid ""
3261
"You can stop your instance by entering the following command in the terminal "
3262
"prompt (supposing your instance is located in the <filename>my-"
3263
"instance</filename> directory):"
3264
msgstr ""
3265
3266
#: serverguide/C/web-servers.xml:1234(command)
3267
msgid "my-instance/bin/shutdown.sh"
3268
msgstr ""
3269
3270
#: serverguide/C/web-servers.xml:1243(para)
3271
msgid ""
3272
"See the <ulink url=\"http://tomcat.apache.org/\">Apache Tomcat</ulink> "
3273
"website for more information."
3274
msgstr ""
3275
3276
#: serverguide/C/web-servers.xml:1248(para)
3277
msgid ""
3278
"<ulink url=\"http://oreilly.com/catalog/9780596003180/\">Tomcat: The "
3279
"Definitive Guide</ulink> is a good resource for building web applications "
3280
"with Tomcat."
3281
msgstr ""
3282
3283
#: serverguide/C/web-servers.xml:1254(para)
3284
msgid ""
3285
"For additional books see the <ulink "
3286
"url=\"http://wiki.apache.org/tomcat/Tomcat/Books\">Tomcat Books</ulink> list "
3287
"page."
3288
msgstr ""
3289
3290
#: serverguide/C/web-servers.xml:1259(para)
3291
msgid ""
3292
"Also, see the<ulink "
3293
"url=\"https://help.ubuntu.com/community/ApacheTomcat5\">Ubuntu Wiki Apache "
3294
"Tomcat</ulink> page."
3295
msgstr ""
3296
3297
#: serverguide/C/vpn.xml:13(title)
3298
msgid "VPN"
3299
msgstr ""
3300
3301
#: serverguide/C/vpn.xml:15(para)
3302
msgid ""
3303
"A Virtual Private Network, or <emphasis>VPN</emphasis>, is an encrypted "
3304
"network connection between two or more networks. There are several ways to "
3305
"create a VPN using software as well as dedicated hardware appliances. This "
3306
"chapter will cover installing and configuring "
3307
"<application>OpenVPN</application> to create a VPN between two servers."
3308
msgstr ""
3309
3310
#: serverguide/C/vpn.xml:23(title)
3311
msgid "OpenVPN"
3312
msgstr ""
3313
3314
#: serverguide/C/vpn.xml:25(para)
3315
msgid ""
3316
"OpenVPN uses Public Key Infrastructure (PKI) to encrypt VPN traffic between "
3317
"nodes. A simple way of setting up a VPN with OpenVPN is to connect the "
3318
"clients through a bridge interface on the VPN server. This guide will assume "
3319
"that one VPN node, the server in this case, has a bridge interface "
3320
"configured. For more information on setting up a bridge see <xref "
3321
"linkend=\"bridging\"/>."
3322
msgstr ""
3323
3324
#: serverguide/C/vpn.xml:35(para)
3325
msgid "To install <application>openvpn</application> in a terminal enter:"
3326
msgstr ""
3327
3328
#: serverguide/C/vpn.xml:41(command) serverguide/C/vpn.xml:257(command)
3329
msgid "sudo apt-get install openvpn"
3330
msgstr ""
3331
3332
#: serverguide/C/vpn.xml:45(title)
3333
msgid "Server Certificates"
3334
msgstr ""
3335
3336
#: serverguide/C/vpn.xml:47(para)
3337
msgid ""
3338
"Now that the <application>openvpn</application> package is installed, the "
3339
"certificates for the VPN server need to be created."
3340
msgstr ""
3341
3342
#: serverguide/C/vpn.xml:52(para)
3343
msgid ""
3344
"First, copy the <filename>easy-rsa</filename> directory to "
3345
"<filename>/etc/openvpn</filename>. This will ensure that any changes to the "
3346
"scripts will not be lost when the package is updated. You will also need to "
3347
"adjust permissions in the <filename>easy-rsa</filename> directory to allow "
3348
"the current user permission to create files. From a terminal enter:"
3349
msgstr ""
3350
3351
#: serverguide/C/vpn.xml:59(command)
3352
msgid "sudo mkdir /etc/openvpn/easy-rsa/"
3353
msgstr ""
3354
3355
#: serverguide/C/vpn.xml:60(command)
3356
msgid ""
3357
"sudo cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-"
3358
"rsa/"
3359
msgstr ""
3360
3361
#: serverguide/C/vpn.xml:61(command)
3362
msgid "sudo chown -R $USER /etc/openvpn/easy-rsa/"
3363
msgstr ""
3364
3365
#: serverguide/C/vpn.xml:64(para)
3366
msgid ""
3367
"Next, edit <filename>/etc/openvpn/easy-rsa/vars</filename> adjusting the "
3368
"following to your environment:"
3369
msgstr ""
3370
3371
#: serverguide/C/vpn.xml:68(programlisting)
3372
#, no-wrap
3373
msgid ""
3374
"\n"
3375
"export KEY_COUNTRY=\"US\"\n"
3376
"export KEY_PROVINCE=\"NC\"\n"
3377
"export KEY_CITY=\"Winston-Salem\"\n"
3378
"export KEY_ORG=\"Example Company\"\n"
3379
"export KEY_EMAIL=\"steve@example.com\"\n"
3380
msgstr ""
3381
3382
#: serverguide/C/vpn.xml:76(para)
3383
msgid "Enter the following to create the server certificates:"
3384
msgstr ""
3385
3386
#: serverguide/C/vpn.xml:81(command) serverguide/C/vpn.xml:102(command)
3387
msgid "cd /etc/openvpn/easy-rsa/"
3388
msgstr ""
3389
3390
#: serverguide/C/vpn.xml:82(command) serverguide/C/vpn.xml:103(command)
3391
msgid "source vars"
3392
msgstr ""
3393
3394
#: serverguide/C/vpn.xml:83(command)
3395
msgid "./clean-all"
3396
msgstr ""
3397
3398
#: serverguide/C/vpn.xml:84(command)
3399
msgid "./build-dh"
3400
msgstr ""
3401
3402
#: serverguide/C/vpn.xml:85(command)
3403
msgid "./pkitool --initca"
3404
msgstr ""
3405
3406
#: serverguide/C/vpn.xml:86(command)
3407
msgid "./pkitool --server server"
3408
msgstr ""
3409
3410
#: serverguide/C/vpn.xml:87(command)
3411
msgid "cd keys"
3412
msgstr ""
3413
3414
#: serverguide/C/vpn.xml:88(command)
3415
msgid "openvpn --genkey --secret ta.key"
3416
msgstr ""
3417
3418
#: serverguide/C/vpn.xml:89(command)
3419
msgid "sudo cp server.crt server.key ca.crt dh1024.pem ta.key /etc/openvpn/"
3420
msgstr ""
3421
3422
#: serverguide/C/vpn.xml:94(title)
3423
msgid "Client Certificates"
3424
msgstr ""
3425
3426
#: serverguide/C/vpn.xml:96(para)
3427
msgid ""
3428
"The VPN client will also need a certificate to authenticate itself to the "
3429
"server. To create the certificate, enter the following in a terminal:"
3430
msgstr ""
3431
3432
#: serverguide/C/vpn.xml:104(command)
3433
msgid "./pkitool hostname"
3434
msgstr ""
3435
3436
#: serverguide/C/vpn.xml:108(para)
3437
msgid ""
3438
"Replace <emphasis>hostname</emphasis> with the actual hostname of the "
3439
"machine connecting to the VPN."
3440
msgstr ""
3441
3442
#: serverguide/C/vpn.xml:113(para)
3443
msgid "Copy the following files to the client:"
3444
msgstr ""
3445
3446
#: serverguide/C/vpn.xml:118(para)
3447
msgid "/etc/openvpn/ca.crt"
3448
msgstr ""
3449
3450
#: serverguide/C/vpn.xml:119(para)
3451
msgid "/etc/openvpn/easy-rsa/keys/hostname.crt"
3452
msgstr ""
3453
3454
#: serverguide/C/vpn.xml:120(para)
3455
msgid "/etc/openvpn/easy-rsa/keys/hostname.key"
3456
msgstr ""
3457
3458
#: serverguide/C/vpn.xml:121(para)
3459
msgid "/etc/openvpn/ta.key"
3460
msgstr ""
3461
3462
#: serverguide/C/vpn.xml:125(para)
3463
msgid ""
3464
"Remember to adjust the above file names for your client machine's "
3465
"<emphasis>hostname</emphasis>."
3466
msgstr ""
3467
3468
#: serverguide/C/vpn.xml:130(para)
3469
msgid ""
3470
"It is best to use a secure method to copy the certificate and key files. The "
3471
"<application>scp</application> utility is a good choice, but copying the "
3472
"files to removable media then to the client, also works well."
3473
msgstr ""
3474
3475
#: serverguide/C/vpn.xml:141(title) serverguide/C/vcs.xml:107(title)
3476
msgid "Server Configuration"
3477
msgstr ""
3478
3479
#: serverguide/C/vpn.xml:143(para)
3480
msgid ""
3481
"Now configure the <application>openvpn</application> server by creating "
3482
"<filename>/etc/openvpn/server.conf</filename> from the example file. In a "
3483
"terminal enter:"
3484
msgstr ""
3485
3486
#: serverguide/C/vpn.xml:149(command)
3487
msgid ""
3488
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz "
3489
"/etc/openvpn/"
3490
msgstr ""
3491
3492
#: serverguide/C/vpn.xml:150(command)
3493
msgid "sudo gzip -d /etc/openvpn/server.conf.gz"
3494
msgstr ""
3495
3496
#: serverguide/C/vpn.xml:153(para)
3497
msgid ""
3498
"Edit <filename>/etc/openvpn/server.conf</filename> changing the following "
3499
"options to:"
3500
msgstr ""
3501
3502
#: serverguide/C/vpn.xml:157(programlisting)
3503
#, no-wrap
3504
msgid ""
3505
"\n"
3506
"local 172.18.100.101\n"
3507
"dev tap0\n"
3508
"up \"/etc/openvpn/up.sh br0\"\n"
3509
"down \"/etc/openvpn/down.sh br0\"\n"
3510
";server 10.8.0.0 255.255.255.0\n"
3511
"server-bridge 172.18.100.101 255.255.255.0 172.18.100.105 172.18.100.200\n"
3512
"push \"route 172.18.100.1 255.255.255.0\"\n"
3513
"push \"dhcp-option DNS 172.18.100.20\"\n"
3514
"push \"dhcp-option DOMAIN example.com\"\n"
3515
"tls-auth ta.key 0 # This file is secret\n"
3516
"user nobody\n"
3517
"group nogroup\n"
3518
msgstr ""
3519
3520
#: serverguide/C/vpn.xml:174(para)
3521
msgid ""
3522
"<emphasis>local</emphasis>: is the IP address of the bridge interface."
3523
msgstr ""
3524
3525
#: serverguide/C/vpn.xml:179(para)
3526
msgid ""
3527
"<emphasis>server-bridge</emphasis>: needed when the configuration uses "
3528
"bridging. The <emphasis>172.18.100.101 255.255.255.0</emphasis> portion is "
3529
"the bridge interface and mask. The IP range <emphasis>172.18.100.105 "
3530
"172.18.100.200</emphasis> is the range of IP addresses that will be assigned "
3531
"to clients."
3532
msgstr ""
3533
3534
#: serverguide/C/vpn.xml:186(para)
3535
msgid ""
3536
"<emphasis>push</emphasis>: are directives to add networking options for "
3537
"clients."
3538
msgstr ""
3539
3540
#: serverguide/C/vpn.xml:191(para)
3541
msgid ""
3542
"<emphasis>user and group</emphasis>: configure which user and group the "
3543
"<application>openvpn</application> daemon executes as."
3544
msgstr ""
3545
3546
#: serverguide/C/vpn.xml:198(para)
3547
msgid ""
3548
"Replace all IP addresses and domain names above with those of your network."
3549
msgstr ""
3550
3551
#: serverguide/C/vpn.xml:203(para)
3552
msgid ""
3553
"Next, create a couple of helper scripts to add the <emphasis>tap</emphasis> "
3554
"interface to the bridge. Create <filename>/etc/openvpn/up.sh</filename>:"
3555
msgstr ""
3556
3557
#: serverguide/C/vpn.xml:207(programlisting)
3558
#, no-wrap
3559
msgid ""
3560
"\n"
3561
"#!/bin/sh\n"
3562
"\n"
3563
"BR=$1\n"
3564
"DEV=$2\n"
3565
"MTU=$3\n"
3566
"/sbin/ifconfig $DEV mtu $MTU promisc up\n"
3567
"/usr/sbin/brctl addif $BR $DEV\n"
3568
msgstr ""
3569
3570
#: serverguide/C/vpn.xml:217(para)
3571
msgid "And <filename>/etc/openvpn/down.sh</filename>:"
3572
msgstr ""
3573
3574
#: serverguide/C/vpn.xml:221(programlisting)
3575
#, no-wrap
3576
msgid ""
3577
"\n"
3578
"#!/bin/sh\n"
3579
"\n"
3580
"BR=$1\n"
3581
"DEV=$2\n"
3582
"\n"
3583
"/usr/sbin/brctl delif $BR $DEV\n"
3584
"/sbin/ifconfig $DEV down\n"
3585
msgstr ""
3586
3587
#: serverguide/C/vpn.xml:231(para)
3588
msgid "Then make them executable:"
3589
msgstr ""
3590
3591
#: serverguide/C/vpn.xml:236(command)
3592
msgid "sudo chmod 755 /etc/openvpn/down.sh"
3593
msgstr ""
3594
3595
#: serverguide/C/vpn.xml:237(command)
3596
msgid "sudo chmod 755 /etc/openvpn/up.sh"
3597
msgstr ""
3598
3599
#: serverguide/C/vpn.xml:240(para)
3600
msgid ""
3601
"After configuring the server, restart <application>openvpn</application> by "
3602
"entering:"
3603
msgstr ""
3604
3605
#: serverguide/C/vpn.xml:245(command) serverguide/C/vpn.xml:293(command)
3606
msgid "sudo /etc/init.d/openvpn restart"
3607
msgstr ""
3608
3609
#: serverguide/C/vpn.xml:250(title)
3610
msgid "Client Configuration"
3611
msgstr ""
3612
3613
#: serverguide/C/vpn.xml:252(para)
3614
msgid "First, install <application>openvpn</application> on the client:"
3615
msgstr ""
3616
3617
#: serverguide/C/vpn.xml:260(para)
3618
msgid ""
3619
"Then with the server configured and the client certificates copied to the "
3620
"<filename>/etc/openvpn/</filename> directory, create a client configuration "
3621
"file by copying the example. In a terminal on the client machine enter:"
3622
msgstr ""
3623
3624
#: serverguide/C/vpn.xml:266(command)
3625
msgid ""
3626
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf "
3627
"/etc/openvpn"
3628
msgstr ""
3629
3630
#: serverguide/C/vpn.xml:269(para)
3631
msgid ""
3632
"Now edit <filename>/etc/openvpn/client.conf</filename> changing the "
3633
"following options:"
3634
msgstr ""
3635
3636
#: serverguide/C/vpn.xml:273(programlisting)
3637
#, no-wrap
3638
msgid ""
3639
"\n"
3640
"dev tap\n"
3641
"remote vpn.example.com 1194\n"
3642
"cert hostname.crt\n"
3643
"key hostname.key\n"
3644
"tls-auth ta.key 1\n"
3645
msgstr ""
3646
3647
#: serverguide/C/vpn.xml:282(para)
3648
msgid ""
3649
"Replace <emphasis>vpn.example.com</emphasis> with the hostname of your VPN "
3650
"server, and <emphasis>hostname.*</emphasis> with the actual certificate and "
3651
"key filenames."
3652
msgstr ""
3653
3654
#: serverguide/C/vpn.xml:288(para)
3655
msgid "Finally, restart <application>openvpn</application>:"
3656
msgstr ""
3657
3658
#: serverguide/C/vpn.xml:296(para)
3659
msgid "You should now be able to connect to the remote LAN through the VPN."
3660
msgstr ""
3661
3662
#: serverguide/C/vpn.xml:307(para)
3663
msgid ""
3664
"See the <ulink url=\"http://openvpn.net/\">OpenVPN</ulink> website for "
3665
"additional information."
3666
msgstr ""
3667
3668
#: serverguide/C/vpn.xml:312(para)
3669
msgid ""
3670
"Also, Pakt's <ulink url=\"http://www.packtpub.com/openvpn/book\">OpenVPN: "
3671
"Building and Integrating Virtual Private Networks</ulink> is a good resource."
3672
msgstr ""
3673
3674
#: serverguide/C/vpn.xml:318(para)
3675
msgid ""
3676
"Another source of further information is the <ulink "
3677
"url=\"https://help.ubuntu.com/community/OpenVPN\">Ubuntu Wiki "
3678
"OpenVPN</ulink> page."
3679
msgstr ""
3680
3681
#: serverguide/C/virtualization.xml:13(title)
3682
msgid "Virtualization"
3683
msgstr ""
3684
3685
#: serverguide/C/virtualization.xml:14(para)
3686
msgid ""
3687
"Virtualization is being adopted in many different environments and "
3688
"situations. If you are a developer, virtualization can provide you with a "
3689
"contained environment where you can safely do almost any sort of development "
3690
"safe from messing up your main working environment. If you are a systems "
3691
"administrator, you can use virtualization to more easily separate your "
3692
"services and move them around based on demand."
3693
msgstr ""
3694
3695
#: serverguide/C/virtualization.xml:20(para)
3696
msgid ""
3697
"The default virtualization technology supported in Ubuntu is "
3698
"<application>KVM</application>, a technology that takes advantage of "
3699
"virtualization extensions built into Intel and AMD hardware. For hardware "
3700
"without virtualization extensions <application>Xen</application> and "
3701
"<application>Qemu</application> are popular solutions."
3702
msgstr ""
3703
3704
#: serverguide/C/virtualization.xml:27(title)
3705
msgid "libvirt"
3706
msgstr ""
3707
3708
#: serverguide/C/virtualization.xml:28(para)
3709
msgid ""
3710
"The <application>libvirt</application> library is used to interface with "
3711
"different virtualization technologies. Before getting started with "
3712
"<application>libvirt</application> it is best to make sure your hardware "
3713
"supports the necessary virtualization extensions for "
3714
"<application>KVM</application>. Enter the following from a terminal prompt:"
3715
msgstr ""
3716
3717
#: serverguide/C/virtualization.xml:35(command)
3718
msgid "kvm-ok"
3719
msgstr ""
3720
3721
#: serverguide/C/virtualization.xml:37(para)
3722
msgid ""
3723
"A message will be printed informing you if your CPU "
3724
"<emphasis>does</emphasis> or <emphasis>does not</emphasis> support hardware "
3725
"virtualization."
3726
msgstr ""
3727
3728
#: serverguide/C/virtualization.xml:41(para)
3729
msgid ""
3730
"On most computer whose processor supports virtualization, it is necessary to "
3731
"activate an option in the BIOS to enable it."
3732
msgstr ""
3733
3734
#: serverguide/C/virtualization.xml:47(title)
3735
msgid "Virtual Networking"
3736
msgstr ""
3737
3738
#: serverguide/C/virtualization.xml:49(para)
3739
msgid ""
3740
"There are a few different ways to allow a virtual machine access to the "
3741
"external network. The default virtual network configuration is "
3742
"<emphasis>usermode</emphasis> networking, which uses the SLIRP protocol and "
3743
"traffic is NATed through the host interface to the outside network."
3744
msgstr ""
3745
3746
#: serverguide/C/virtualization.xml:54(para)
3747
msgid ""
3748
"To enable external hosts to directly access services on virtual machines a "
3749
"<emphasis>bridge</emphasis> needs to be configured. This allows the virtual "
3750
"interfaces to connect to the outside network through the physical interface, "
3751
"making them appear as normal hosts to the rest of the network. For "
3752
"information on setting up a bridge see <xref linkend=\"bridging\"/>."
3753
msgstr ""
3754
3755
#: serverguide/C/virtualization.xml:63(para)
3756
msgid "To install the necessary packages, from a terminal prompt enter:"
3757
msgstr ""
3758
3759
#: serverguide/C/virtualization.xml:67(command)
3760
msgid "sudo apt-get install kvm libvirt-bin"
3761
msgstr ""
3762
3763
#: serverguide/C/virtualization.xml:69(para)
3764
msgid ""
3765
"After installing <application>libvirt-bin</application>, the user used to "
3766
"manage virtual machines will need to be added to the "
3767
"<emphasis>libvirtd</emphasis> group. Doing so will grant the user access to "
3768
"the advanced networking options."
3769
msgstr ""
3770
3771
#: serverguide/C/virtualization.xml:73(para)
3772
msgid "In a terminal enter:"
3773
msgstr ""
3774
3775
#: serverguide/C/virtualization.xml:77(command)
3776
msgid "sudo adduser $USER libvirtd"
3777
msgstr ""
3778
3779
#: serverguide/C/virtualization.xml:80(para)
3780
msgid ""
3781
"If the user chosen is the current user, you will need to log out and back in "
3782
"for the new group membership to take effect."
3783
msgstr ""
3784
3785
#: serverguide/C/virtualization.xml:84(para)
3786
msgid ""
3787
"You are now ready to install a <emphasis>Guest</emphasis> operating system. "
3788
"Installing a virtual machine follows the same process as installing the "
3789
"operating system directly on the hardware. You either need a way to automate "
3790
"the installation, or a keyboard and monitor will need to be attached to the "
3791
"physical machine."
3792
msgstr ""
3793
3794
#: serverguide/C/virtualization.xml:89(para)
3795
msgid ""
3796
"In the case of virtual machines a Graphical User Interface (GUI) is "
3797
"analogous to using a physical keyboard and mouse. Instead of installing a "
3798
"GUI the <application>virt-viewer</application> application can be used to "
3799
"connect to a virtual machine's console using <application>VNC</application>. "
3800
"See <xref linkend=\"libvirt-virt-viewer\"/> for more information."
3801
msgstr ""
3802
3803
#: serverguide/C/virtualization.xml:94(para)
3804
msgid ""
3805
"There are several ways to automate the Ubuntu installation process, for "
3806
"example using preseeds, kickstart, etc. Refer to the <ulink "
3807
"url=\"https://help.ubuntu.com/10.04/installation-guide/\">Ubuntu "
3808
"Installation Guide</ulink> for details."
3809
msgstr ""
3810
3811
#: serverguide/C/virtualization.xml:98(para)
3812
msgid ""
3813
"Yet another way to install an Ubuntu virtual machine is to use "
3814
"<application>ubuntu-vm-builder</application>. <application>ubuntu-vm-"
3815
"builder</application> allows you to setup advanced partitions, execute "
3816
"custom post-install scripts, etc. For details see <xref linkend=\"jeos-and-"
3817
"vmbuilder\"/>"
3818
msgstr ""
3819
3820
#: serverguide/C/virtualization.xml:104(title)
3821
msgid "virt-install"
3822
msgstr ""
3823
3824
#: serverguide/C/virtualization.xml:105(para)
3825
msgid ""
3826
"<application>virt-install</application> is part of the <application>python-"
3827
"virtinst</application> package. To install it, from a terminal prompt enter:"
3828
msgstr ""
3829
3830
#: serverguide/C/virtualization.xml:109(command)
3831
msgid "sudo apt-get install python-virtinst"
3832
msgstr ""
3833
3834
#: serverguide/C/virtualization.xml:111(para)
3835
msgid ""
3836
"There are several options available when using <application>virt-"
3837
"install</application>. For example:"
3838
msgstr ""
3839
3840
#: serverguide/C/virtualization.xml:115(command)
3841
msgid ""
3842
"sudo virt-install -n web_devel -r 256 -f web_devel.img \\ -s 4 -c jeos.iso --"
3843
"accelerate \\ --connect=qemu:///system --vnc \\ --noautoconsole -v"
3844
msgstr ""
3845
3846
#: serverguide/C/virtualization.xml:122(para)
3847
msgid ""
3848
"<emphasis>-n web_devel:</emphasis> the name of the new virtual machine will "
3849
"be <emphasis>web_devel</emphasis> in this example."
3850
msgstr ""
3851
3852
#: serverguide/C/virtualization.xml:127(para)
3853
msgid ""
3854
"<emphasis>-r 256:</emphasis> specifies the amount of memory the virtual "
3855
"machine will use."
3856
msgstr ""
3857
3858
#: serverguide/C/virtualization.xml:132(para)
3859
msgid ""
3860
"<emphasis>-f web_devel.img:</emphasis> indicates the path to the virtual "
3861
"disk which can be a file, partition, or logical volume. In this example a "
3862
"file named <filename>web_devel.img</filename>."
3863
msgstr ""
3864
3865
#: serverguide/C/virtualization.xml:138(para)
3866
msgid "<emphasis>-s 4:</emphasis> the size of the virtual disk."
3867
msgstr ""
3868
3869
#: serverguide/C/virtualization.xml:143(para)
3870
msgid ""
3871
"<emphasis>-c jeos.iso:</emphasis> file to be used as a virtual CDROM. The "
3872
"file can be either an ISO file or the path to the host's CDROM device."
3873
msgstr ""
3874
3875
#: serverguide/C/virtualization.xml:149(para)
3876
msgid ""
3877
"<emphasis>--accelerate:</emphasis> enables the kernel's acceleration "
3878
"technologies."
3879
msgstr ""
3880
3881
#: serverguide/C/virtualization.xml:154(para)
3882
msgid ""
3883
"<emphasis>--vnc:</emphasis> exports the guest's virtual console using VNC."
3884
msgstr ""
3885
3886
#: serverguide/C/virtualization.xml:159(para)
3887
msgid ""
3888
"<emphasis>--noautoconsole:</emphasis> will not automatically connect to the "
3889
"virtual machine's console."
3890
msgstr ""
3891
3892
#: serverguide/C/virtualization.xml:164(para)
3893
msgid "<emphasis>-v:</emphasis> creates a fully virtualized guest."
3894
msgstr ""
3895
3896
#: serverguide/C/virtualization.xml:169(para)
3897
msgid ""
3898
"After launching <application>virt-install</application> you can connect to "
3899
"the virtual machine's console either locally using a GUI or with the "
3900
"<application>virt-viewer</application> utility."
3901
msgstr ""
3902
3903
#: serverguide/C/virtualization.xml:175(title)
3904
msgid "virt-clone"
3905
msgstr ""
3906
3907
#: serverguide/C/virtualization.xml:176(para)
3908
msgid ""
3909
"The <application>virt-clone</application> application can be used to copy "
3910
"one virtual machine to another. For example:"
3911
msgstr ""
3912
3913
#: serverguide/C/virtualization.xml:180(command)
3914
msgid ""
3915
"sudo virt-clone -o web_devel -n database_devel -f "
3916
"/path/to/database_devel.img --connect=qemu:///system"
3917
msgstr ""
3918
3919
#: serverguide/C/virtualization.xml:184(para)
3920
msgid "<emphasis>-o:</emphasis> original virtual machine."
3921
msgstr ""
3922
3923
#: serverguide/C/virtualization.xml:189(para)
3924
msgid "<emphasis>-n:</emphasis> name of the new virtual machine."
3925
msgstr ""
3926
3927
#: serverguide/C/virtualization.xml:194(para)
3928
msgid ""
3929
"<emphasis>-f:</emphasis> path to the file, logical volume, or partition to "
3930
"be used by the new virtual machine."
3931
msgstr ""
3932
3933
#: serverguide/C/virtualization.xml:199(para)
3934
msgid ""
3935
"<emphasis>--connect:</emphasis> specifies which hypervisor to connect to."
3936
msgstr ""
3937
3938
#: serverguide/C/virtualization.xml:204(para)
3939
msgid ""
3940
"Also, use <emphasis>-d</emphasis> or <emphasis>--debug</emphasis> option to "
3941
"help troubleshoot problems with <application>virt-clone</application>."
3942
msgstr ""
3943
3944
#: serverguide/C/virtualization.xml:209(para)
3945
msgid ""
3946
"Replace <emphasis>web_devel</emphasis> and "
3947
"<emphasis>database_devel</emphasis> with appropriate virtual machine names."
3948
msgstr ""
3949
3950
#: serverguide/C/virtualization.xml:215(title)
3951
msgid "Virtual Machine Management"
3952
msgstr ""
3953
3954
#: serverguide/C/virtualization.xml:217(title)
3955
msgid "virsh"
3956
msgstr ""
3957
3958
#: serverguide/C/virtualization.xml:218(para)
3959
msgid ""
3960
"There are several utilities available to manage virtual machines and "
3961
"<application>libvirt</application>. The <application>virsh</application> "
3962
"utility can be used from the command line. Some examples:"
3963
msgstr ""
3964
3965
#: serverguide/C/virtualization.xml:224(para)
3966
msgid "To list running virtual machines:"
3967
msgstr ""
3968
3969
#: serverguide/C/virtualization.xml:228(command)
3970
msgid "virsh -c qemu:///system list"
3971
msgstr ""
3972
3973
#: serverguide/C/virtualization.xml:232(para)
3974
msgid "To start a virtual machine:"
3975
msgstr ""
3976
3977
#: serverguide/C/virtualization.xml:236(command)
3978
msgid "virsh -c qemu:///system start web_devel"
3979
msgstr ""
3980
3981
#: serverguide/C/virtualization.xml:240(para)
3982
msgid "Similarly, to start a virtual machine at boot:"
3983
msgstr ""
3984
3985
#: serverguide/C/virtualization.xml:244(command)
3986
msgid "virsh -c qemu:///system autostart web_devel"
3987
msgstr ""
3988
3989
#: serverguide/C/virtualization.xml:248(para)
3990
msgid "Reboot a virtual machine with:"
3991
msgstr ""
3992
3993
#: serverguide/C/virtualization.xml:252(command)
3994
msgid "virsh -c qemu:///system reboot web_devel"
3995
msgstr ""
3996
3997
#: serverguide/C/virtualization.xml:256(para)
3998
msgid ""
3999
"The <emphasis>state</emphasis> of virtual machines can be saved to a file in "
4000
"order to be restored later. The following will save the virtual machine "
4001
"state into a file named according to the date:"
4002
msgstr ""
4003
4004
#: serverguide/C/virtualization.xml:261(command)
4005
msgid "virsh -c qemu:///system save web_devel web_devel-022708.state"
4006
msgstr ""
4007
4008
#: serverguide/C/virtualization.xml:263(para)
4009
msgid "Once saved the virtual machine will no longer be running."
4010
msgstr ""
4011
4012
#: serverguide/C/virtualization.xml:268(para)
4013
msgid "A saved virtual machine can be restored using:"
4014
msgstr ""
4015
4016
#: serverguide/C/virtualization.xml:272(command)
4017
msgid "virsh -c qemu:///system restore web_devel-022708.state"
4018
msgstr ""
4019
4020
#: serverguide/C/virtualization.xml:276(para)
4021
msgid "To shutdown a virtual machine do:"
4022
msgstr ""
4023
4024
#: serverguide/C/virtualization.xml:280(command)
4025
msgid "virsh -c qemu:///system shutdown web_devel"
4026
msgstr ""
4027
4028
#: serverguide/C/virtualization.xml:284(para)
4029
msgid "A CDROM device can be mounted in a virtual machine by entering:"
4030
msgstr ""
4031
4032
#: serverguide/C/virtualization.xml:288(command)
4033
msgid "virsh -c qemu:///system attach-disk web_devel /dev/cdrom /media/cdrom"
4034
msgstr ""
4035
4036
#: serverguide/C/virtualization.xml:293(para)
4037
msgid ""
4038
"In the above examples replace <emphasis>web_devel</emphasis> with the "
4039
"appropriate virtual machine name, and <filename>web_devel-"
4040
"022708.state</filename> with a descriptive file name."
4041
msgstr ""
4042
4043
#: serverguide/C/virtualization.xml:300(title)
4044
msgid "Virtual Machine Manager"
4045
msgstr ""
4046
4047
#: serverguide/C/virtualization.xml:301(para)
4048
msgid ""
4049
"The <application>virt-manager</application> package contains a graphical "
4050
"utility to manage local and remote virtual machines. To install virt-manager "
4051
"enter:"
4052
msgstr ""
4053
4054
#: serverguide/C/virtualization.xml:306(command)
4055
msgid "sudo apt-get install virt-manager"
4056
msgstr ""
4057
4058
#: serverguide/C/virtualization.xml:308(para)
4059
msgid ""
4060
"Since <application>virt-manager</application> requires a Graphical User "
4061
"Interface (GUI) environment it is recommended to be installed on a "
4062
"workstation or test machine instead of a production server. To connect to "
4063
"the local <application>libvirt</application> service enter:"
4064
msgstr ""
4065
4066
#: serverguide/C/virtualization.xml:314(command)
4067
msgid "virt-manager -c qemu:///system"
4068
msgstr ""
4069
4070
#: serverguide/C/virtualization.xml:316(para)
4071
msgid ""
4072
"You can connect to the <application>libvirt</application> service running on "
4073
"another host by entering the following in a terminal prompt:"
4074
msgstr ""
4075
4076
#: serverguide/C/virtualization.xml:320(command)
4077
msgid "virt-manager -c qemu+ssh://virtnode1.mydomain.com/system"
4078
msgstr ""
4079
4080
#: serverguide/C/virtualization.xml:323(para)
4081
msgid ""
4082
"The above example assumes that <application>SSH</application> connectivity "
4083
"between the management system and virtnode1.mydomain.com has already been "
4084
"configured, and uses SSH keys for authentication. SSH "
4085
"<emphasis>keys</emphasis> are needed because "
4086
"<application>libvirt</application> sends the password prompt to another "
4087
"process. For details on configuring <application>SSH</application> see <xref "
4088
"linkend=\"openssh-server\"/>"
4089
msgstr ""
4090
4091
#: serverguide/C/virtualization.xml:333(title)
4092
msgid "Virtual Machine Viewer"
4093
msgstr ""
4094
4095
#: serverguide/C/virtualization.xml:334(para)
4096
msgid ""
4097
"The <application>virt-viewer</application> application allows you to connect "
4098
"to a virtual machine's console. <application>virt-viewer</application> does "
4099
"require a Graphical User Interface (GUI) to interface with the virtual "
4100
"machine."
4101
msgstr ""
4102
4103
#: serverguide/C/virtualization.xml:338(para)
4104
msgid ""
4105
"To install <application>virt-viewer</application> from a terminal enter:"
4106
msgstr ""
4107
4108
#: serverguide/C/virtualization.xml:342(command)
4109
msgid "sudo apt-get install virt-viewer"
4110
msgstr ""
4111
4112
#: serverguide/C/virtualization.xml:344(para)
4113
msgid ""
4114
"Once a virtual machine is installed and running you can connect to the "
4115
"virtual machine's console by using:"
4116
msgstr ""
4117
4118
#: serverguide/C/virtualization.xml:348(command)
4119
msgid "virt-viewer -c qemu:///system web_devel"
4120
msgstr ""
4121
4122
#: serverguide/C/virtualization.xml:350(para)
4123
msgid ""
4124
"Similar to <application>virt-manager</application>, <application>virt-"
4125
"viewer</application> can connect to a remote host using "
4126
"<emphasis>SSH</emphasis> with key authentication, as well:"
4127
msgstr ""
4128
4129
#: serverguide/C/virtualization.xml:355(command)
4130
msgid "virt-viewer -c qemu+ssh://virtnode1.mydomain.com/system web_devel"
4131
msgstr ""
4132
4133
#: serverguide/C/virtualization.xml:357(para)
4134
msgid ""
4135
"Be sure to replace <emphasis role=\"italic\">web_devel</emphasis> with the "
4136
"appropriate virtual machine name."
4137
msgstr ""
4138
4139
#: serverguide/C/virtualization.xml:360(para)
4140
msgid ""
4141
"If configured to use a <emphasis>bridged</emphasis> network interface you "
4142
"can also setup <application>SSH</application> access to the virtual machine. "
4143
"See <xref linkend=\"openssh-server\"/> and <xref linkend=\"bridging\"/> for "
4144
"more details."
4145
msgstr ""
4146
4147
#: serverguide/C/virtualization.xml:369(para)
4148
msgid ""
4149
"See the <ulink url=\"http://kvm.qumranet.com/kvmwiki\">KVM</ulink> home page "
4150
"for more details."
4151
msgstr ""
4152
4153
#: serverguide/C/virtualization.xml:374(para)
4154
msgid ""
4155
"For more information on <application>libvirt</application> see the <ulink "
4156
"url=\"http://libvirt.org/\">libvirt home page</ulink>"
4157
msgstr ""
4158
4159
#: serverguide/C/virtualization.xml:379(para)
4160
msgid ""
4161
"The <ulink url=\"http://virt-manager.et.redhat.com/\">Virtual Machine "
4162
"Manager</ulink> site has more information on <application>virt-"
4163
"manager</application> development."
4164
msgstr ""
4165
4166
#: serverguide/C/virtualization.xml:385(para)
4167
msgid ""
4168
"Also, stop by the <emphasis>#ubuntu-virt</emphasis> IRC channel on <ulink "
4169
"url=\"http://freenode.net/\">freenode</ulink> to discuss virtualization "
4170
"technology in Ubuntu."
4171
msgstr ""
4172
4173
#: serverguide/C/virtualization.xml:391(para)
4174
msgid ""
4175
"Another good resource is the <ulink "
4176
"url=\"https://help.ubuntu.com/community/KVM\">Ubuntu Wiki KVM</ulink> page."
4177
msgstr ""
4178
4179
#: serverguide/C/virtualization.xml:399(title)
4180
msgid "JeOS and vmbuilder"
4181
msgstr ""
4182
4183
#: serverguide/C/virtualization.xml:405(title)
4184
msgid "What is JeOS"
4185
msgstr ""
4186
4187
#: serverguide/C/virtualization.xml:407(para)
4188
msgid ""
4189
"Ubuntu <emphasis>JeOS</emphasis> (pronounced \"Juice\") is an efficient "
4190
"variant of the Ubuntu Server operating system, configured specifically for "
4191
"virtual appliances. No longer available as a CD-ROM ISO for download, but "
4192
"only as an option either:"
4193
msgstr ""
4194
4195
#: serverguide/C/virtualization.xml:414(para)
4196
msgid ""
4197
"While installing from the Server Edition ISO (pressing "
4198
"<emphasis>F4</emphasis> on the first screen will allow you to pick \"Minimal "
4199
"installation\", which is the package selection equivalent to JeOS)."
4200
msgstr ""
4201
4202
#: serverguide/C/virtualization.xml:420(para)
4203
msgid "Or to be built using Ubuntu's vmbuilder, which is described here."
4204
msgstr ""
4205
4206
#: serverguide/C/virtualization.xml:426(para)
4207
msgid ""
4208
"JeOS is a specialized installation of Ubuntu Server Edition with a tuned "
4209
"kernel that only contains the base elements needed to run within a "
4210
"virtualized environment."
4211
msgstr ""
4212
4213
#: serverguide/C/virtualization.xml:431(para)
4214
msgid ""
4215
"Ubuntu JeOS has been tuned to take advantage of key performance technologies "
4216
"in the latest virtualization products from VMware. This combination of "
4217
"reduced size and optimized performance ensures that Ubuntu JeOS Edition "
4218
"delivers a highly efficient use of server resources in large virtual "
4219
"deployments."
4220
msgstr ""
4221
4222
#: serverguide/C/virtualization.xml:437(para)
4223
msgid ""
4224
"Without unnecessary drivers, and only the minimal required packages, ISVs "
4225
"can configure their supporting OS exactly as they require. They have the "
4226
"peace of mind that updates, whether for security or enhancement reasons, "
4227
"will be limited to the bare minimum of what is required in their specific "
4228
"environment. In turn, users deploying virtual appliances built on top of "
4229
"JeOS will have to go through fewer updates and therefore less maintenance "
4230
"than they would have had to with a standard full installation of a server."
4231
msgstr ""
4232
4233
#: serverguide/C/virtualization.xml:446(title)
4234
msgid "What is vmbuilder"
4235
msgstr ""
4236
4237
#: serverguide/C/virtualization.xml:448(para)
4238
msgid ""
4239
"With vmbuilder, there is no need to download a JeOS ISO anymore. vmbuilder "
4240
"will fetch the various package and build a virtual machine tailored for your "
4241
"needs in about a minute. vmbuilder is a script that automates the process of "
4242
"creating a ready to use Linux based VM. The currently supported hypervisors "
4243
"are KVM and Xen."
4244
msgstr ""
4245
4246
#: serverguide/C/virtualization.xml:454(para)
4247
msgid ""
4248
"You can pass command line options to add extra packages, remove packages, "
4249
"choose which version of Ubuntu, which mirror etc. On recent hardware with "
4250
"plenty of RAM, tmpdir in <filename>/dev/shm</filename> or using a tmpfs, and "
4251
"a local mirror, you can bootstrap a VM in less than a minute."
4252
msgstr ""
4253
4254
#: serverguide/C/virtualization.xml:460(para)
4255
msgid ""
4256
"First introduced as a shell script in Ubuntu 8.04 LTS, <application>ubuntu-"
4257
"vm-builder</application> started with little emphasis as a hack to help "
4258
"developers test their new code in a virtual machine without having to "
4259
"restart from scratch each time. As a few Ubuntu administrators started to "
4260
"notice this script, a few of them went on improving it and adapting it for "
4261
"so many use case that Soren Hansen (the author of the script and Ubuntu "
4262
"virtualization specialist, not the golf player) decided to rewrite it from "
4263
"scratch for Intrepid as a python script with a few new design goals:"
4264
msgstr ""
4265
4266
#: serverguide/C/virtualization.xml:470(para)
4267
msgid "Develop it so that it can be reused by other distributions."
4268
msgstr ""
4269
4270
#: serverguide/C/virtualization.xml:475(para)
4271
msgid ""
4272
"Use a plugin mechanisms for all virtualization interactions so that others "
4273
"can easily add logic for other virtualization environments."
4274
msgstr ""
4275
4276
#: serverguide/C/virtualization.xml:480(para)
4277
msgid ""
4278
"Provide an easy to maintain web interface as an option to the command line "
4279
"interface."
4280
msgstr ""
4281
4282
#: serverguide/C/virtualization.xml:486(para)
4283
msgid "But the general principles and commands remain the same."
4284
msgstr ""
4285
4286
#: serverguide/C/virtualization.xml:493(title)
4287
msgid "Initial Setup"
4288
msgstr ""
4289
4290
#: serverguide/C/virtualization.xml:495(para)
4291
msgid ""
4292
"It is assumed that you have installed and configured "
4293
"<application>libvirt</application> and <application>KVM</application> "
4294
"locally on the machine you are using. For details on how to perform this, "
4295
"please refer to:"
4296
msgstr ""
4297
4298
#: serverguide/C/virtualization.xml:507(para)
4299
msgid ""
4300
"The <ulink url=\"https://help.ubuntu.com/community/KVM\">KVM</ulink> Wiki "
4301
"page."
4302
msgstr ""
4303
4304
#: serverguide/C/virtualization.xml:513(para)
4305
msgid ""
4306
"We also assume that you know how to use a text based text editor such as "
4307
"nano or vi. If you have not used any of them before, you can get an overview "
4308
"of the various text editors available by reading the <ulink "
4309
"url=\"https://help.ubuntu.com/community/PowerUsersTextEditors\">PowerUsersTex"
4310
"tEditors</ulink> page. This tutorial has been done on KVM, but the general "
4311
"principle should remain on other virtualization technologies."
4312
msgstr ""
4313
4314
#: serverguide/C/virtualization.xml:521(title)
4315
msgid "Install vmbuilder"
4316
msgstr ""
4317
4318
#: serverguide/C/virtualization.xml:523(para)
4319
msgid ""
4320
"The name of the package that we need to install is <application>python-vm-"
4321
"builder</application>. In a terminal prompt enter:"
4322
msgstr ""
4323
4324
#: serverguide/C/virtualization.xml:528(command)
4325
msgid "sudo apt-get install python-vm-builder"
4326
msgstr ""
4327
4328
#: serverguide/C/virtualization.xml:532(para)
4329
msgid ""
4330
"If you are running Hardy, you can still perform most of this using the older "
4331
"version of the package named <application>ubuntu-vm-builder</application>, "
4332
"there are only a few changes to the syntax of the tool."
4333
msgstr ""
4334
4335
#: serverguide/C/virtualization.xml:541(title)
4336
msgid "Defining Your Virtual Machine"
4337
msgstr ""
4338
4339
#: serverguide/C/virtualization.xml:543(para)
4340
msgid ""
4341
"Defining a virtual machine with Ubuntu's vmbuilder is quite simple, but here "
4342
"are a few thing to consider:"
4343
msgstr ""
4344
4345
#: serverguide/C/virtualization.xml:549(para)
4346
msgid ""
4347
"If you plan on shipping a virtual appliance, do not assume that the end-user "
4348
"will know how to extend disk size to fit their need, so either plan for a "
4349
"large virtual disk to allow for your appliance to grow, or explain fairly "
4350
"well in your documentation how to allocate more space. It might actually be "
4351
"a good idea to store data on some separate external storage."
4352
msgstr ""
4353
4354
#: serverguide/C/virtualization.xml:556(para)
4355
msgid ""
4356
"Given that RAM is much easier to allocate in a VM, RAM size should be set to "
4357
"whatever you think is a safe minimum for your appliance."
4358
msgstr ""
4359
4360
#: serverguide/C/virtualization.xml:562(para)
4361
msgid ""
4362
"The <application>vmbuilder</application> command has 2 main parameters: the "
4363
"<emphasis>virtualization technology (hypervisor)</emphasis> and the targeted "
4364
"<emphasis>distribution</emphasis>. Optional parameters are quite numerous "
4365
"and can be found using the following command:"
4366
msgstr ""
4367
4368
#: serverguide/C/virtualization.xml:568(command)
4369
msgid "vmbuilder --help"
4370
msgstr ""
4371
4372
#: serverguide/C/virtualization.xml:572(title)
4373
msgid "Base Parameters"
4374
msgstr ""
4375
4376
#: serverguide/C/virtualization.xml:574(para)
4377
msgid ""
4378
"As this example is based on <application>KVM</application> and Ubuntu 10.10 "
4379
"(Maverick Meerkat), and we are likely to rebuild the same virtual machine "
4380
"multiple time, we'll invoke vmbuilder with the following first parameters:"
4381
msgstr ""
4382
4383
#: serverguide/C/virtualization.xml:580(command)
4384
msgid ""
4385
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 -o -"
4386
"-libvirt qemu:///system"
4387
msgstr ""
4388
4389
#: serverguide/C/virtualization.xml:583(para)
4390
msgid ""
4391
"The <emphasis>--suite</emphasis> defines the Ubuntu release, the <emphasis>--"
4392
"flavour</emphasis> specifies that we want to use the virtual kernel (that's "
4393
"the one used to build a JeOS image), the <emphasis>--arch</emphasis> tells "
4394
"that we want to use a 32 bit machine, the <emphasis>-o</emphasis> tells "
4395
"vmbuilder to overwrite the previous version of the VM and the <emphasis>--"
4396
"libvirt</emphasis> tells to inform the local virtualization environment to "
4397
"add the resulting VM to the list of available machines."
4398
msgstr ""
4399
4400
#: serverguide/C/virtualization.xml:591(para)
4401
msgid "Notes:"
4402
msgstr ""
4403
4404
#: serverguide/C/virtualization.xml:597(para)
4405
msgid ""
4406
"Because of the nature of operations performed by vmbuilder, it needs to have "
4407
"root privilege, hence the use of sudo."
4408
msgstr ""
4409
4410
#: serverguide/C/virtualization.xml:602(para)
4411
msgid ""
4412
"If your virtual machine needs to use more than 3Gb of ram, you should build "
4413
"a 64 bit machine (--arch amd64)."
4414
msgstr ""
4415
4416
#: serverguide/C/virtualization.xml:607(para)
4417
msgid ""
4418
"Until Ubuntu 8.10, the virtual kernel was only built for 32 bit "
4419
"architecture, so if you want to define an amd64 machine on Hardy, you should "
4420
"use <emphasis>--flavour</emphasis> server instead."
4421
msgstr ""
4422
4423
#: serverguide/C/virtualization.xml:615(title)
4424
msgid "JeOS Installation Parameters"
4425
msgstr ""
4426
4427
#: serverguide/C/virtualization.xml:618(title)
4428
msgid "JeOS Networking"
4429
msgstr ""
4430
4431
#: serverguide/C/virtualization.xml:621(title)
4432
msgid "Assigning a fixed IP address"
4433
msgstr ""
4434
4435
#: serverguide/C/virtualization.xml:623(para)
4436
msgid ""
4437
"As a virtual appliance that may be deployed on various very different "
4438
"networks, it is very difficult to know what the actual network will look "
4439
"like. In order to simplify configuration, it is a good idea to take an "
4440
"approach similar to what network hardware vendors usually do, namely "
4441
"assigning an initial fixed IP address to the appliance in a private class "
4442
"network that you will provide in your documentation. An address in the range "
4443
"192.168.0.0/255 is usually a good choice."
4444
msgstr ""
4445
4446
#: serverguide/C/virtualization.xml:630(para)
4447
msgid "To do this we'll use the following parameters:"
4448
msgstr ""
4449
4450
#: serverguide/C/virtualization.xml:636(para)
4451
msgid ""
4452
"<emphasis>--ip ADDRESS</emphasis>: IP address in dotted form (defaults to "
4453
"dhcp if not specified)"
4454
msgstr ""
4455
4456
#: serverguide/C/virtualization.xml:641(para)
4457
msgid ""
4458
"<emphasis>--mask VALUE</emphasis>: IP mask in dotted form (default: "
4459
"255.255.255.0)"
4460
msgstr ""
4461
4462
#: serverguide/C/virtualization.xml:646(para)
4463
msgid "<emphasis>--net VALUE</emphasis>: IP net address (default: X.X.X.0)"
4464
msgstr ""
4465
4466
#: serverguide/C/virtualization.xml:651(para)
4467
msgid "<emphasis>--bcast VALUE</emphasis>: IP broadcast (default: X.X.X.255)"
4468
msgstr ""
4469
4470
#: serverguide/C/virtualization.xml:656(para)
4471
msgid "<emphasis>--gw ADDRESS</emphasis>: Gateway address (default: X.X.X.1)"
4472
msgstr ""
4473
4474
#: serverguide/C/virtualization.xml:661(para)
4475
msgid ""
4476
"<emphasis>--dns ADDRESS</emphasis>: Name server address (default: X.X.X.1)"
4477
msgstr ""
4478
4479
#: serverguide/C/virtualization.xml:667(para)
4480
msgid ""
4481
"We assume for now that default values are good enough, so the resulting "
4482
"invocation becomes:"
4483
msgstr ""
4484
4485
#: serverguide/C/virtualization.xml:672(command)
4486
msgid ""
4487
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 -o -"
4488
"-libvirt qemu:///system --ip 192.168.0.100"
4489
msgstr ""
4490
4491
#: serverguide/C/virtualization.xml:677(title)
4492
msgid "Modifying the libvirt Template to use Bridging"
4493
msgstr ""
4494
4495
#: serverguide/C/virtualization.xml:679(para)
4496
msgid ""
4497
"Because our appliance will be likely to need to be accessed by remote hosts, "
4498
"we need to configure libvirt so that the appliance uses bridge networking. "
4499
"To do this we use vmbuilder template mechanism to modify the default one."
4500
msgstr ""
4501
4502
#: serverguide/C/virtualization.xml:684(para)
4503
msgid ""
4504
"In our working directory we create the template hierarchy and copy the "
4505
"default template:"
4506
msgstr ""
4507
4508
#: serverguide/C/virtualization.xml:689(command)
4509
msgid "mkdir -p VMBuilder/plugins/libvirt/templates"
4510
msgstr ""
4511
4512
#: serverguide/C/virtualization.xml:690(command)
4513
msgid "cp /etc/vmbuilder/libvirt/* VMBuilder/plugins/libvirt/templates/"
4514
msgstr ""
4515
4516
#: serverguide/C/virtualization.xml:693(para)
4517
msgid ""
4518
"We can then edit "
4519
"<filename>VMBuilder/plugins/libvirt/templates/libvirtxml.tmpl</filename> to "
4520
"change:"
4521
msgstr ""
4522
4523
#: serverguide/C/virtualization.xml:697(programlisting)
4524
#, no-wrap
4525
msgid ""
4526
"\n"
4527
" <interface type='network'>\n"
4528
" <source network='default'/>\n"
4529
" </interface>\n"
4530
msgstr ""
4531
4532
#: serverguide/C/virtualization.xml:703(para)
4533
msgid "To:"
4534
msgstr ""
4535
4536
#: serverguide/C/virtualization.xml:707(programlisting)
4537
#, no-wrap
4538
msgid ""
4539
"\n"
4540
" <interface type='bridge'>\n"
4541
" <source bridge='br0'/>\n"
4542
" </interface>\n"
4543
msgstr ""
4544
4545
#: serverguide/C/virtualization.xml:717(title) serverguide/C/installation.xml:459(title)
4546
msgid "Partitioning"
4547
msgstr ""
4548
4549
#: serverguide/C/virtualization.xml:719(para)
4550
msgid ""
4551
"Partitioning of the virtual appliance will have to take into consideration "
4552
"what you are planning to do with is. Because most appliances want to have a "
4553
"separate storage for data, having a separate <filename>/var</filename> would "
4554
"make sense."
4555
msgstr ""
4556
4557
#: serverguide/C/virtualization.xml:724(para)
4558
msgid ""
4559
"In order to do this vmbuilder provides us with <emphasis>--part</emphasis>:"
4560
msgstr ""
4561
4562
#: serverguide/C/virtualization.xml:728(programlisting)
4563
#, no-wrap
4564
msgid ""
4565
"\n"
4566
"--part PATH\n"
4567
" Allows you to specify a partition table in a partition file, located at "
4568
"PATH. Each line of the partition file should specify\n"
4569
" (root first):\n"
4570
" mountpoint size\n"
4571
" where size is in megabytes. You can have up to 4 virtual disks, a new "
4572
"disk starts on a\n"
4573
" line with ’---’. ie :\n"
4574
" root 1000\n"
4575
" /opt 1000\n"
4576
" swap 256\n"
4577
" ---\n"
4578
" /var 2000\n"
4579
" /log 1500\n"
4580
msgstr ""
4581
4582
#: serverguide/C/virtualization.xml:743(para)
4583
msgid ""
4584
"In our case we will define a text file name "
4585
"<filename>vmbuilder.partition</filename> which will contain the following:"
4586
msgstr ""
4587
4588
#: serverguide/C/virtualization.xml:747(programlisting)
4589
#, no-wrap
4590
msgid ""
4591
"\n"
4592
"root 8000\n"
4593
"swap 4000\n"
4594
"---\n"
4595
"/var 20000\n"
4596
msgstr ""
4597
4598
#: serverguide/C/virtualization.xml:755(para)
4599
msgid ""
4600
"Note that as we are using virtual disk images, the actual sizes that we put "
4601
"here are maximum sizes for these volumes."
4602
msgstr ""
4603
4604
#: serverguide/C/virtualization.xml:760(para)
4605
msgid "Our command line now looks like:"
4606
msgstr ""
4607
4608
#: serverguide/C/virtualization.xml:765(command)
4609
msgid ""
4610
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 \\ -"
4611
"o --libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition"
4612
msgstr ""
4613
4614
#: serverguide/C/virtualization.xml:770(para)
4615
msgid ""
4616
"Using a \"\\\" in a command will allow long command strings to wrap to the "
4617
"next line."
4618
msgstr ""
4619
4620
#: serverguide/C/virtualization.xml:777(title)
4621
msgid "User and Password"
4622
msgstr ""
4623
4624
#: serverguide/C/virtualization.xml:779(para)
4625
msgid ""
4626
"Again setting up a virtual appliance, you will need to provide a default "
4627
"user and password that is generic so that you can include it in your "
4628
"documentation. We will see later on in this tutorial how we will provide "
4629
"some security by defining a script that will be run the first time a user "
4630
"actually logs in the appliance, that will, among other things, ask him to "
4631
"change his password. In this example I will use <emphasis>'user'</emphasis> "
4632
"as my user name, and <emphasis>'default'</emphasis> as the password."
4633
msgstr ""
4634
4635
#: serverguide/C/virtualization.xml:787(para)
4636
msgid "To do this we use the following optional parameters:"
4637
msgstr ""
4638
4639
#: serverguide/C/virtualization.xml:793(para)
4640
msgid ""
4641
"<emphasis>--user USERNAME:</emphasis> Sets the name of the user to be added. "
4642
"Default: ubuntu."
4643
msgstr ""
4644
4645
#: serverguide/C/virtualization.xml:798(para)
4646
msgid ""
4647
"<emphasis>--name FULLNAME:</emphasis> Sets the full name of the user to be "
4648
"added. Default: Ubuntu."
4649
msgstr ""
4650
4651
#: serverguide/C/virtualization.xml:803(para)
4652
msgid ""
4653
"<emphasis>--pass PASSWORD:</emphasis> Sets the password for the user. "
4654
"Default: ubuntu."
4655
msgstr ""
4656
4657
#: serverguide/C/virtualization.xml:809(para)
4658
msgid "Our resulting command line becomes:"
4659
msgstr ""
4660
4661
#: serverguide/C/virtualization.xml:814(command)
4662
msgid ""
4663
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 \\ -"
4664
"o --libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition \\ -"
4665
"-user user --name user --pass default"
4666
msgstr ""
4667
4668
#: serverguide/C/virtualization.xml:822(title)
4669
msgid "Installing Required Packages"
4670
msgstr ""
4671
4672
#: serverguide/C/virtualization.xml:824(para)
4673
msgid ""
4674
"In this example we will be installing a package "
4675
"<application>(Limesurvey)</application> that accesses a "
4676
"<application>MySQL</application> database and has a web interface. We will "
4677
"therefore require our OS to provide us with:"
4678
msgstr ""
4679
4680
#: serverguide/C/virtualization.xml:831(para)
4681
msgid "Apache"
4682
msgstr ""
4683
4684
#: serverguide/C/virtualization.xml:832(para)
4685
msgid "PHP"
4686
msgstr ""
4687
4688
#: serverguide/C/virtualization.xml:833(para) serverguide/C/databases.xml:19(trademark) serverguide/C/databases.xml:31(title)
4689
msgid "MySQL"
4690
msgstr ""
4691
4692
#: serverguide/C/virtualization.xml:834(para) serverguide/C/remote-administration.xml:19(title)
4693
msgid "OpenSSH Server"
4694
msgstr ""
4695
4696
#: serverguide/C/virtualization.xml:835(para)
4697
msgid "Limesurvey (as an example application that we have packaged)"
4698
msgstr ""
4699
4700
#: serverguide/C/virtualization.xml:838(para)
4701
msgid ""
4702
"This is done using vmbuilder by specifying the --addpkg option multiple "
4703
"times:"
4704
msgstr ""
4705
4706
#: serverguide/C/virtualization.xml:842(programlisting)
4707
#, no-wrap
4708
msgid ""
4709
"\n"
4710
"--addpkg PKG\n"
4711
" Install PKG into the guest (can be specfied multiple times)\n"
4712
msgstr ""
4713
4714
#: serverguide/C/virtualization.xml:847(para)
4715
msgid ""
4716
"However, due to the way vmbuilder operates, packages that have to ask "
4717
"questions to the user during the post install phase are not supported and "
4718
"should instead be installed while interactivity can occur. This is the case "
4719
"of Limesurvey, which we will have to install later, once the user logs in."
4720
msgstr ""
4721
4722
#: serverguide/C/virtualization.xml:853(para)
4723
msgid ""
4724
"Other packages that ask simple debconf question, such as <application>mysql-"
4725
"server</application> asking to set a password, the package can be installed "
4726
"immediately, but we will have to reconfigure it the first time the user logs "
4727
"in."
4728
msgstr ""
4729
4730
#: serverguide/C/virtualization.xml:859(para)
4731
msgid ""
4732
"If some packages that we need to install are not in main, we need to enable "
4733
"the additional repositories using --comp and --ppa:"
4734
msgstr ""
4735
4736
#: serverguide/C/virtualization.xml:863(programlisting)
4737
#, no-wrap
4738
msgid ""
4739
"\n"
4740
"--components COMP1,COMP2,...,COMPN\n"
4741
" A comma separated list of distro components to include (e.g. "
4742
"main,universe). This defaults\n"
4743
" to \"main\"\n"
4744
"--ppa=PPA Add ppa belonging to PPA to the vm's sources.list.\n"
4745
msgstr ""
4746
4747
#: serverguide/C/virtualization.xml:870(para)
4748
msgid ""
4749
"Limesurvey not being part of the archive at the moment, we'll specify it's "
4750
"PPA (personal package archive) address so that it is added to the VM "
4751
"<filename>/etc/apt/source.list</filename>, so we add the following options "
4752
"to the command line:"
4753
msgstr ""
4754
4755
#: serverguide/C/virtualization.xml:876(command)
4756
msgid ""
4757
"--addpkg apache2 --addpkg apache2-mpm-prefork --addpkg apache2-utils --"
4758
"addpkg apache2.2-common \\ --addpkg dbconfig-common --addpkg libapache2-mod-"
4759
"php5 --addpkg mysql-client --addpkg php5-cli \\ --addpkg php5-gd --addpkg "
4760
"php5-ldap --addpkg php5-mysql --addpkg wwwconfig-common \\ --addpkg mysql-"
4761
"server --ppa nijaba"
4762
msgstr ""
4763
4764
#: serverguide/C/virtualization.xml:883(title)
4765
msgid "OpenSSH"
4766
msgstr ""
4767
4768
#: serverguide/C/virtualization.xml:885(para)
4769
msgid ""
4770
"Another convenient tool that we want to have on our appliance is OpenSSH, as "
4771
"it will allow our admins to access the appliance remotely. However, pushing "
4772
"in the wild an appliance with a pre-installed OpenSSH server is a big "
4773
"security risk as all these server will share the same secret key, making it "
4774
"very easy for hackers to target our appliance with all the tools they need "
4775
"to crack it open in a breeze. As for the user password, we will instead rely "
4776
"on a script that will install OpenSSH the first time a user logs in so that "
4777
"the key generated will be different for each appliance. For this we'll use a "
4778
"<emphasis>--firstboot</emphasis> script, as it does not need any user "
4779
"interaction."
4780
msgstr ""
4781
4782
#: serverguide/C/virtualization.xml:897(title)
4783
msgid "Speed Considerations"
4784
msgstr ""
4785
4786
#: serverguide/C/virtualization.xml:900(title)
4787
msgid "Package Caching"
4788
msgstr ""
4789
4790
#: serverguide/C/virtualization.xml:902(para)
4791
msgid ""
4792
"When vmbuilder creates builds your system, it has to go fetch each one of "
4793
"the packages that composes it over the network to one of the official "
4794
"repositories, which, depending on your internet connection speed and the "
4795
"load of the mirror, can have a big impact on the actual build time. In order "
4796
"to reduce this, it is recommended to either have a local repository (which "
4797
"can be created using <application>apt-mirror</application>) or using a "
4798
"caching proxy such as <application>apt-proxy</application>. The later option "
4799
"being much simpler to implement and requiring less disk space, it is the one "
4800
"we will pick in this tutorial. To install it, simply type:"
4801
msgstr ""
4802
4803
#: serverguide/C/virtualization.xml:912(command)
4804
msgid "sudo apt-get install apt-proxy"
4805
msgstr ""
4806
4807
#: serverguide/C/virtualization.xml:915(para)
4808
msgid ""
4809
"Once this is complete, your (empty) proxy is ready for use on "
4810
"http://mirroraddress:9999 and will find ubuntu repository under /ubuntu. For "
4811
"vmbuilder to use it, we'll have to use the <emphasis>--mirror</emphasis> "
4812
"option:"
4813
msgstr ""
4814
4815
#: serverguide/C/virtualization.xml:920(programlisting)
4816
#, no-wrap
4817
msgid ""
4818
"\n"
4819
"--mirror=URL Use Ubuntu mirror at URL instead of the default, which\n"
4820
" is http://archive.ubuntu.com/ubuntu for official\n"
4821
" arches and http://ports.ubuntu.com/ubuntu-ports\n"
4822
" otherwise\n"
4823
msgstr ""
4824
4825
#: serverguide/C/virtualization.xml:927(para)
4826
msgid "So we add to the command line:"
4827
msgstr ""
4828
4829
#: serverguide/C/virtualization.xml:932(command)
4830
msgid "--mirror http://mirroraddress:9999/ubuntu"
4831
msgstr ""
4832
4833
#: serverguide/C/virtualization.xml:936(para)
4834
msgid ""
4835
"The mirror address specified here will also be used in the "
4836
"<filename>/etc/apt/sources.list</filename> of the newly created guest, so it "
4837
"is useful to specify here an address that can be resolved by the guest or to "
4838
"plan on reseting this address later on, such as in a <emphasis>--"
4839
"firstboot</emphasis> script."
4840
msgstr ""
4841
4842
#: serverguide/C/virtualization.xml:945(title)
4843
msgid "Install a Local Mirror"
4844
msgstr ""
4845
4846
#: serverguide/C/virtualization.xml:947(para)
4847
msgid ""
4848
"If we are in a larger environment, it may make sense to setup a local mirror "
4849
"of the Ubuntu repositories. The package apt-mirror provides you with a "
4850
"script that will handle the mirroring for you. You should plan on having "
4851
"about 20 gigabyte of free space per supported release and architecture."
4852
msgstr ""
4853
4854
#: serverguide/C/virtualization.xml:953(para)
4855
msgid ""
4856
"By default, <application>apt-mirror</application> uses the configuration "
4857
"file in <filename>/etc/apt/mirror.list</filename>. As it is set up, it will "
4858
"replicate only the architecture of the local machine. If you would like to "
4859
"support other architectures on your mirror, simply duplicate the lines "
4860
"starting with “deb”, replacing the deb keyword by /deb-{arch} where arch can "
4861
"be i386, amd64, etc... For example, on an amd64 machine, to have the i386 "
4862
"archives as well, you will have:"
4863
msgstr ""
4864
4865
#: serverguide/C/virtualization.xml:960(programlisting)
4866
#, no-wrap
4867
msgid ""
4868
"\n"
4869
"deb http://archive.ubuntu.com/ubuntu maverick main restricted universe "
4870
"multiverse \n"
4871
"/deb-i386 http://archive.ubuntu.com/ubuntu maverick main restricted "
4872
"universe multiverse\n"
4873
"\n"
4874
"deb http://archive.ubuntu.com/ubuntu maverick-updates main restricted "
4875
"universe multiverse \n"
4876
"/deb-i386 http://archive.ubuntu.com/ubuntu maverick-updates main restricted "
4877
"universe multiverse \n"
4878
"\n"
4879
"deb http://archive.ubuntu.com/ubuntu/ maverick-backports main restricted "
4880
"universe multiverse \n"
4881
"/deb-i386 http://archive.ubuntu.com/ubuntu maverick-backports main "
4882
"restricted universe multiverse \n"
4883
"\n"
4884
"deb http://security.ubuntu.com/ubuntu maverick-security main restricted "
4885
"universe multiverse \n"
4886
"/deb-i386 http://security.ubuntu.com/ubuntu maverick-security main "
4887
"restricted universe multiverse \n"
4888
"\n"
4889
"deb http://archive.ubuntu.com/ubuntu maverick main/debian-installer "
4890
"restricted/debian-installer universe/debian-installer multiverse/debian-"
4891
"installer \n"
4892
"/deb-i386 http://archive.ubuntu.com/ubuntu maverick main/debian-installer "
4893
"restricted/debian-installer universe/debian-installer multiverse/debian-"
4894
"installer \n"
4895
msgstr ""
4896
4897
#: serverguide/C/virtualization.xml:977(para)
4898
msgid ""
4899
"Notice that the source packages are not mirrored as they are seldom used "
4900
"compared to the binaries and they do take a lot more space, but they can be "
4901
"easily added to the list."
4902
msgstr ""
4903
4904
#: serverguide/C/virtualization.xml:982(para)
4905
msgid ""
4906
"Once the mirror has finished replicating (and this can be quite long), you "
4907
"need to configure Apache so that your mirror files (in "
4908
"<filename>/var/spool/apt-mirror</filename> if you did not change the "
4909
"default), are published by your Apache server. For more information on "
4910
"Apache see <xref linkend=\"httpd\"/>."
4911
msgstr ""
4912
4913
#: serverguide/C/virtualization.xml:991(title)
4914
msgid "Installing in a RAM Disk"
4915
msgstr ""
4916
4917
#: serverguide/C/virtualization.xml:993(para)
4918
msgid ""
4919
"As you can easily imagine, writing to RAM is a <emphasis>LOT</emphasis> "
4920
"faster than writing to disk. If you have some free memory, letting vmbuilder "
4921
"perform its operation in a RAMdisk will help a lot and the option <emphasis>-"
4922
"-tmpfs</emphasis> will help you do just that:"
4923
msgstr ""
4924
4925
#: serverguide/C/virtualization.xml:999(programlisting)
4926
#, no-wrap
4927
msgid ""
4928
"\n"
4929
"--tmpfs OPTS Use a tmpfs as the working directory, specifying its\n"
4930
" size or \"-\" to use tmpfs default (suid,dev,size=1G).\n"
4931
msgstr ""
4932
4933
#: serverguide/C/virtualization.xml:1004(para)
4934
msgid ""
4935
"So adding <command>--tmpfs -</command> sounds like a very good idea if you "
4936
"have 1G of free ram."
4937
msgstr ""
4938
4939
#: serverguide/C/virtualization.xml:1011(title)
4940
msgid "Package the Application"
4941
msgstr ""
4942
4943
#: serverguide/C/virtualization.xml:1013(para)
4944
msgid "Two option are available to us:"
4945
msgstr ""
4946
4947
#: serverguide/C/virtualization.xml:1019(para)
4948
msgid ""
4949
"The recommended method to do so is to make a <emphasis>Debian</emphasis> "
4950
"package. Since this is outside of the scope of this tutorial, we will not "
4951
"perform this here and invite the reader to read the documentation on how to "
4952
"do this in the <ulink url=\"https://wiki.ubuntu.com/PackagingGuide\">Ubuntu "
4953
"Packaging Guide</ulink>. In this case it is also a good idea to setup a "
4954
"repository for your package so that updates can be conveniently pulled from "
4955
"it. See the <ulink url=\"http://www.debian-"
4956
"administration.org/articles/286\">Debian Administration</ulink> article for "
4957
"a tutorial on this."
4958
msgstr ""
4959
4960
#: serverguide/C/virtualization.xml:1028(para)
4961
msgid ""
4962
"Manually install the application under <filename>/opt</filename> as "
4963
"recommended by the <ulink url=\"http://www.pathname.com/fhs/\">FHS "
4964
"guidelines</ulink>."
4965
msgstr ""
4966
4967
#: serverguide/C/virtualization.xml:1035(para)
4968
msgid ""
4969
"In our case we'll use <application>Limesurvey</application> as example web "
4970
"application for which we wish to provide a virtual appliance. As noted "
4971
"before, we've made a version of the package available in a PPA (Personal "
4972
"Package Archive)."
4973
msgstr ""
4974
4975
#: serverguide/C/virtualization.xml:1042(title)
4976
msgid "Finishing Install"
4977
msgstr ""
4978
4979
#: serverguide/C/virtualization.xml:1045(title) serverguide/C/virtualization.xml:1942(title)
4980
msgid "First Boot"
4981
msgstr ""
4982
4983
#: serverguide/C/virtualization.xml:1047(para)
4984
msgid ""
4985
"As we mentioned earlier, the first time the machine boots we'll need to "
4986
"install <application>openssh-server</application> so that the key generated "
4987
"for it is unique for each machine. To do this, we'll write a script called "
4988
"<filename>boot.sh</filename> as follows:"
4989
msgstr ""
4990
4991
#: serverguide/C/virtualization.xml:1053(programlisting)
4992
#, no-wrap
4993
msgid ""
4994
"\n"
4995
"# This script will run the first time the virtual machine boots\n"
4996
"# It is ran as root.\n"
4997
"\n"
4998
"apt-get update\n"
4999
"apt-get install -qqy --force-yes openssh-server\n"
5000
msgstr ""
5001
5002
#: serverguide/C/virtualization.xml:1061(para)
5003
msgid ""
5004
"And we add the <command>--firstboot boot.sh</command> option to our command "
5005
"line."
5006
msgstr ""
5007
5008
#: serverguide/C/virtualization.xml:1067(title)
5009
msgid "First Login"
5010
msgstr ""
5011
5012
#: serverguide/C/virtualization.xml:1069(para)
5013
msgid ""
5014
"Mysql and Limesurvey needing some user interaction during their setup, we'll "
5015
"set them up the first time a user logs in using a script named login.sh. "
5016
"We'll also use this script to let the user specify:"
5017
msgstr ""
5018
5019
#: serverguide/C/virtualization.xml:1075(para)
5020
msgid "His own password"
5021
msgstr ""
5022
5023
#: serverguide/C/virtualization.xml:1076(para)
5024
msgid "Define the keyboard and other locale info he wants to use"
5025
msgstr ""
5026
5027
#: serverguide/C/virtualization.xml:1079(para)
5028
msgid "So we'll define <filename>login.sh</filename> as follows:"
5029
msgstr ""
5030
5031
#: serverguide/C/virtualization.xml:1083(programlisting)
5032
#, no-wrap
5033
msgid ""
5034
"\n"
5035
"# This script is ran the first time a user logs in\n"
5036
"\n"
5037
"echo \"Your appliance is about to be finished to be set up.\"\n"
5038
"echo \"In order to do it, we'll need to ask you a few questions,\"\n"
5039
"echo \"starting by changing your user password.\"\n"
5040
"\n"
5041
"passwd\n"
5042
"\n"
5043
"#give the opportunity to change the keyboard\n"
5044
"sudo dpkg-reconfigure console-setup\n"
5045
"\n"
5046
"#configure the mysql server root password\n"
5047
"sudo dpkg-reconfigure mysql-server-5.0\n"
5048
"\n"
5049
"#install limesurvey\n"
5050
"sudo apt-get install -qqy --force-yes limesurvey\n"
5051
"\n"
5052
"echo \"Your appliance is now configured. To use it point your\"\n"
5053
"echo \"browser to http://serverip/limesurvey/admin\"\n"
5054
msgstr ""
5055
5056
#: serverguide/C/virtualization.xml:1105(para)
5057
msgid ""
5058
"And we add the <command>--firstlogin login.sh</command> option to our "
5059
"command line."
5060
msgstr ""
5061
5062
#: serverguide/C/virtualization.xml:1112(title)
5063
msgid "Useful Additions"
5064
msgstr ""
5065
5066
#: serverguide/C/virtualization.xml:1115(title)
5067
msgid "Configuring Automatic Updates"
5068
msgstr ""
5069
5070
#: serverguide/C/virtualization.xml:1117(para)
5071
msgid ""
5072
"To have your system be configured to update itself on a regular basis, we "
5073
"will just install <application>unattended-upgrades</application>, so we add "
5074
"the following option to our command line:"
5075
msgstr ""
5076
5077
#: serverguide/C/virtualization.xml:1123(command)
5078
msgid "--addpkg unattended-upgrades"
5079
msgstr ""
5080
5081
#: serverguide/C/virtualization.xml:1126(para)
5082
msgid ""
5083
"As we have put our application package in a PPA, the process will update not "
5084
"only the system, but also the application each time we update the version in "
5085
"the PPA."
5086
msgstr ""
5087
5088
#: serverguide/C/virtualization.xml:1133(title)
5089
msgid "ACPI Event Handling"
5090
msgstr ""
5091
5092
#: serverguide/C/virtualization.xml:1135(para)
5093
msgid ""
5094
"For your virtual machine to be able to handle restart and shutdown events it "
5095
"is being sent, it is a good idea to install the acpid package as well. To do "
5096
"this we just add the following option:"
5097
msgstr ""
5098
5099
#: serverguide/C/virtualization.xml:1141(command)
5100
msgid "--addpkg acpid"
5101
msgstr ""
5102
5103
#: serverguide/C/virtualization.xml:1147(title)
5104
msgid "Final Command"
5105
msgstr ""
5106
5107
#: serverguide/C/virtualization.xml:1149(para)
5108
msgid "Here is the command with all the options discussed above:"
5109
msgstr ""
5110
5111
#: serverguide/C/virtualization.xml:1154(command)
5112
msgid ""
5113
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 -o "
5114
"\\ --libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition --"
5115
"user user \\ --name user --pass default --addpkg apache2 --addpkg apache2-"
5116
"mpm-prefork \\ --addpkg apache2-utils --addpkg apache2.2-common --addpkg "
5117
"dbconfig-common \\ --addpkg libapache2-mod-php5 --addpkg mysql-client --"
5118
"addpkg php5-cli \\ --addpkg php5-gd --addpkg php5-ldap --addpkg php5-mysql --"
5119
"addpkg wwwconfig-common \\ --addpkg mysql-server --addpkg unattended-"
5120
"upgrades --addpkg acpid --ppa nijaba \\ --mirror "
5121
"http://mirroraddress:9999/ubuntu --tmpfs - --firstboot boot.sh \\ --"
5122
"firstlogin login.sh"
5123
msgstr ""
5124
5125
#: serverguide/C/virtualization.xml:1169(para)
5126
msgid ""
5127
"If you are interested in learning more, have questions or suggestions, "
5128
"please contact the Ubuntu Server Team at:"
5129
msgstr ""
5130
5131
#: serverguide/C/virtualization.xml:1174(para)
5132
msgid "IRC: #ubuntu-server on freenode"
5133
msgstr ""
5134
5135
#: serverguide/C/virtualization.xml:1179(para)
5136
msgid ""
5137
"Mailing list: <ulink url=\"https://lists.ubuntu.com/mailman/listinfo/ubuntu-"
5138
"server\">ubuntu-server at lists.ubuntu.com</ulink>"
5139
msgstr ""
5140
5141
#: serverguide/C/virtualization.xml:1184(para)
5142
msgid ""
5143
"Also, see the <ulink "
5144
"url=\"https://help.ubuntu.com/community/JeOSVMBuilder\">JeOSVMBuilder Ubuntu "
5145
"Wiki</ulink> page."
5146
msgstr ""
5147
5148
#: serverguide/C/virtualization.xml:1192(title)
5149
msgid "UEC"
5150
msgstr ""
5151
5152
#: serverguide/C/virtualization.xml:1195(title) serverguide/C/network-auth.xml:2036(title) serverguide/C/monitoring.xml:15(title) serverguide/C/lamp-applications.xml:17(title) serverguide/C/installation.xml:928(title) serverguide/C/dns.xml:64(title) serverguide/C/chat.xml:17(title) serverguide/C/backups.xml:541(title)
5153
msgid "Overview"
5154
msgstr ""
5155
5156
#: serverguide/C/virtualization.xml:1197(para)
5157
msgid ""
5158
"This tutorial covers <application>UEC</application> installation from the "
5159
"Ubuntu 10.10 Server Edition CD, and assumes a basic network topology, with a "
5160
"single system serving as the <emphasis>\"all-in-one controller\"</emphasis>, "
5161
"and one or more nodes attached."
5162
msgstr ""
5163
5164
#: serverguide/C/virtualization.xml:1202(para)
5165
msgid ""
5166
"From this Tutorial you will learn how to install, configure, register and "
5167
"perform several operations on a basic <application>UEC</application> setup "
5168
"that results in a cloud with a one controller <emphasis>\"front-"
5169
"end\"</emphasis> and one or several node(s) for running Virtual Machine (VM) "
5170
"instances. You will also use examples to help get you started using your own "
5171
"private compute cloud."
5172
msgstr ""
5173
5174
#: serverguide/C/virtualization.xml:1210(title)
5175
msgid "Prerequisites"
5176
msgstr ""
5177
5178
#: serverguide/C/virtualization.xml:1212(para)
5179
msgid ""
5180
"To deploy a minimal cloud infrastructure, you’ll need at least "
5181
"<emphasis>two</emphasis> dedicated systems:"
5182
msgstr ""
5183
5184
#: serverguide/C/virtualization.xml:1218(para)
5185
msgid "A front end."
5186
msgstr ""
5187
5188
#: serverguide/C/virtualization.xml:1223(para)
5189
msgid "One or more node(s)."
5190
msgstr ""
5191
5192
#: serverguide/C/virtualization.xml:1229(para)
5193
msgid ""
5194
"The following are recommendations, rather than fixed requirements. However, "
5195
"our experience in developing this documentation indicated the following "
5196
"suggestions."
5197
msgstr ""
5198
5199
#: serverguide/C/virtualization.xml:1234(title)
5200
msgid "Front End Requirements"
5201
msgstr ""
5202
5203
#: serverguide/C/virtualization.xml:1236(para)
5204
msgid "Use the following table for a system that will run one or more of:"
5205
msgstr ""
5206
5207
#: serverguide/C/virtualization.xml:1241(para)
5208
msgid "Cloud Controller (CLC)"
5209
msgstr ""
5210
5211
#: serverguide/C/virtualization.xml:1242(para)
5212
msgid "Cluster Controller (CC)"
5213
msgstr ""
5214
5215
#: serverguide/C/virtualization.xml:1243(para)
5216
msgid "Walrus (the S3-like storage service)"
5217
msgstr ""
5218
5219
#: serverguide/C/virtualization.xml:1244(para)
5220
msgid "Storage Controller (SC)"
5221
msgstr ""
5222
5223
#: serverguide/C/virtualization.xml:1248(title)
5224
msgid "UEC Front End Requirements"
5225
msgstr ""
5226
5227
#: serverguide/C/virtualization.xml:1256(para) serverguide/C/virtualization.xml:1318(para)
5228
msgid "Hardware"
5229
msgstr ""
5230
5231
#: serverguide/C/virtualization.xml:1257(para) serverguide/C/virtualization.xml:1319(para)
5232
msgid "Minimum"
5233
msgstr ""
5234
5235
#: serverguide/C/virtualization.xml:1258(para) serverguide/C/virtualization.xml:1320(para)
5236
msgid "Suggested"
5237
msgstr ""
5238
5239
#: serverguide/C/virtualization.xml:1259(para) serverguide/C/virtualization.xml:1321(para)
5240
msgid "Notes"
5241
msgstr ""
5242
5243
#: serverguide/C/virtualization.xml:1264(para) serverguide/C/virtualization.xml:1326(para)
5244
msgid "CPU"
5245
msgstr ""
5246
5247
#: serverguide/C/virtualization.xml:1265(para)
5248
msgid "1 GHz"
5249
msgstr ""
5250
5251
#: serverguide/C/virtualization.xml:1266(para)
5252
msgid "2 x 2 GHz"
5253
msgstr ""
5254
5255
#: serverguide/C/virtualization.xml:1267(para)
5256
msgid ""
5257
"For an <emphasis>all-in-one</emphasis> front end, it helps to have at least "
5258
"a dual core processor."
5259
msgstr ""
5260
5261
#: serverguide/C/virtualization.xml:1270(para) serverguide/C/virtualization.xml:1332(para)
5262
msgid "Memory"
5263
msgstr ""
5264
5265
#: serverguide/C/virtualization.xml:1271(para)
5266
msgid "2 GB"
5267
msgstr ""
5268
5269
#: serverguide/C/virtualization.xml:1272(para) serverguide/C/virtualization.xml:1334(para)
5270
msgid "4 GB"
5271
msgstr ""
5272
5273
#: serverguide/C/virtualization.xml:1273(para)
5274
msgid "The Java web front end benefits from lots of available memory."
5275
msgstr ""
5276
5277
#: serverguide/C/virtualization.xml:1276(para) serverguide/C/virtualization.xml:1338(para)
5278
msgid "Disk"
5279
msgstr ""
5280
5281
#: serverguide/C/virtualization.xml:1277(para) serverguide/C/virtualization.xml:1339(para)
5282
msgid "5400 RPM IDE"
5283
msgstr ""
5284
5285
#: serverguide/C/virtualization.xml:1278(para)
5286
msgid "7200 RPM SATA"
5287
msgstr ""
5288
5289
#: serverguide/C/virtualization.xml:1279(para)
5290
msgid ""
5291
"Slower disks will work, but will yield much longer instance startup times."
5292
msgstr ""
5293
5294
#: serverguide/C/virtualization.xml:1282(para) serverguide/C/virtualization.xml:1344(para)
5295
msgid "Disk Space"
5296
msgstr ""
5297
5298
#: serverguide/C/virtualization.xml:1283(para) serverguide/C/virtualization.xml:1345(para)
5299
msgid "40 GB"
5300
msgstr ""
5301
5302
#: serverguide/C/virtualization.xml:1284(para)
5303
msgid "200 GB"
5304
msgstr ""
5305
5306
#: serverguide/C/virtualization.xml:1285(para)
5307
msgid ""
5308
"40GB is only enough space for only a single image, cache, etc., Eucalyptus "
5309
"does not like to run out of disk space."
5310
msgstr ""
5311
5312
#: serverguide/C/virtualization.xml:1288(para) serverguide/C/virtualization.xml:1350(para) serverguide/C/network-config.xml:13(title)
5313
msgid "Networking"
5314
msgstr ""
5315
5316
#: serverguide/C/virtualization.xml:1289(para) serverguide/C/virtualization.xml:1351(para)
5317
msgid "100 Mbps"
5318
msgstr ""
5319
5320
#: serverguide/C/virtualization.xml:1290(para) serverguide/C/virtualization.xml:1352(para)
5321
msgid "1000 Mbps"
5322
msgstr ""
5323
5324
#: serverguide/C/virtualization.xml:1291(para) serverguide/C/virtualization.xml:1353(para)
5325
msgid ""
5326
"Machine images are hundreds of MB, and need to be copied over the network to "
5327
"nodes."
5328
msgstr ""
5329
5330
#: serverguide/C/virtualization.xml:1299(title)
5331
msgid "Node Requirements"
5332
msgstr ""
5333
5334
#: serverguide/C/virtualization.xml:1301(para)
5335
msgid "The other system(s) are <emphasis>nodes</emphasis>, which will run::"
5336
msgstr ""
5337
5338
#: serverguide/C/virtualization.xml:1306(para)
5339
msgid "the Node Controller (NC)"
5340
msgstr ""
5341
5342
#: serverguide/C/virtualization.xml:1310(title)
5343
msgid "UEC Node Requirements"
5344
msgstr ""
5345
5346
#: serverguide/C/virtualization.xml:1327(para)
5347
msgid "VT Extensions"
5348
msgstr ""
5349
5350
#: serverguide/C/virtualization.xml:1328(para)
5351
msgid "VT, 64-bit, Multicore"
5352
msgstr ""
5353
5354
#: serverguide/C/virtualization.xml:1329(para)
5355
msgid ""
5356
"64-bit can run both i386, and amd64 instances; by default, Eucalyptus will "
5357
"only run 1 VM per CPU core on a Node."
5358
msgstr ""
5359
5360
#: serverguide/C/virtualization.xml:1333(para)
5361
msgid "1 GB"
5362
msgstr ""
5363
5364
#: serverguide/C/virtualization.xml:1335(para)
5365
msgid "Additional memory means more, and larger guests."
5366
msgstr ""
5367
5368
#: serverguide/C/virtualization.xml:1340(para)
5369
msgid "7200 RPM SATA or SCSI"
5370
msgstr ""
5371
5372
#: serverguide/C/virtualization.xml:1341(para)
5373
msgid ""
5374
"Eucalyptus nodes are disk-intensive; I/O wait will likely be the performance "
5375
"bottleneck."
5376
msgstr ""
5377
5378
#: serverguide/C/virtualization.xml:1346(para)
5379
msgid "100 GB"
5380
msgstr ""
5381
5382
#: serverguide/C/virtualization.xml:1347(para)
5383
msgid ""
5384
"Images will be cached locally, Eucalyptus does not like to run out of disk "
5385
"space."
5386
msgstr ""
5387
5388
#: serverguide/C/virtualization.xml:1363(title)
5389
msgid "Installing the Cloud/Cluster/Storage/Walrus Front End Server"
5390
msgstr ""
5391
5392
#: serverguide/C/virtualization.xml:1367(para)
5393
msgid "Download the Ubuntu 10.10 Server ISO file, and burn it to a CD."
5394
msgstr ""
5395
5396
#: serverguide/C/virtualization.xml:1372(para)
5397
msgid ""
5398
"When you boot, select <emphasis>“Install Ubuntu Enterprise "
5399
"Cloud”</emphasis>. The installer will detect if any other Eucalyptus "
5400
"components are present."
5401
msgstr ""
5402
5403
#: serverguide/C/virtualization.xml:1377(para)
5404
msgid ""
5405
"You can then choose which components to install, based on your chosen <ulink "
5406
"url=\"https://help.ubuntu.com/community/UEC/Topologies\">topology</ulink>."
5407
msgstr ""
5408
5409
#: serverguide/C/virtualization.xml:1382(para)
5410
msgid ""
5411
"When asked whether you want a <emphasis>“Cluster”</emphasis> or a "
5412
"<emphasis>“Node”</emphasis> install, select <emphasis>“Cluster”</emphasis>."
5413
msgstr ""
5414
5415
#: serverguide/C/virtualization.xml:1388(para)
5416
msgid ""
5417
"It will ask two other cloud-specific questions during the course of the "
5418
"install:"
5419
msgstr ""
5420
5421
#: serverguide/C/virtualization.xml:1393(para)
5422
msgid "Name of your cluster."
5423
msgstr ""
5424
5425
#: serverguide/C/virtualization.xml:1396(para)
5426
msgid "e.g. <emphasis>cluster1</emphasis>."
5427
msgstr ""
5428
5429
#: serverguide/C/virtualization.xml:1399(para)
5430
msgid ""
5431
"A range of public IP addresses on the LAN that the cloud can allocate to "
5432
"instances."
5433
msgstr ""
5434
5435
#: serverguide/C/virtualization.xml:1402(para)
5436
msgid "e.g. <emphasis>192.168.1.200-192.168.1.249</emphasis>."
5437
msgstr ""
5438
5439
#: serverguide/C/virtualization.xml:1410(title)
5440
msgid "Installing the Node Controller(s)"
5441
msgstr ""
5442
5443
#: serverguide/C/virtualization.xml:1412(para)
5444
msgid ""
5445
"The node controller install is even simpler. Just make sure that you are "
5446
"connected to the network on which the cloud/cluster controller is already "
5447
"running."
5448
msgstr ""
5449
5450
#: serverguide/C/virtualization.xml:1418(para)
5451
msgid "Boot from the same ISO on the node(s)."
5452
msgstr ""
5453
5454
#: serverguide/C/virtualization.xml:1423(para)
5455
msgid ""
5456
"When you boot, select <emphasis>“Install Ubuntu Enterprise Cloud”</emphasis>."
5457
msgstr ""
5458
5459
#: serverguide/C/virtualization.xml:1428(para)
5460
msgid "Select <emphasis>“Install Ubuntu Enterprise Cloud”</emphasis>."
5461
msgstr ""
5462
5463
#: serverguide/C/virtualization.xml:1433(para)
5464
msgid ""
5465
"It should detect the Cluster and preselect <emphasis>“Node”</emphasis> "
5466
"install for you."
5467
msgstr ""
5468
5469
#: serverguide/C/virtualization.xml:1438(para)
5470
msgid "Confirm the partitioning scheme."
5471
msgstr ""
5472
5473
#: serverguide/C/virtualization.xml:1443(para)
5474
msgid ""
5475
"The rest of the installation should proceed uninterrupted; complete the "
5476
"installation and reboot the node."
5477
msgstr ""
5478
5479
#: serverguide/C/virtualization.xml:1451(title)
5480
msgid "Register the Node(s)"
5481
msgstr ""
5482
5483
#: serverguide/C/virtualization.xml:1456(para)
5484
msgid ""
5485
"Nodes are the physical systems within <application>UEC</application> that "
5486
"actually run the virtual machine instances of the cloud."
5487
msgstr ""
5488
5489
#: serverguide/C/virtualization.xml:1460(para)
5490
msgid "All component registration should be automatic, assuming:"
5491
msgstr ""
5492
5493
#: serverguide/C/virtualization.xml:1466(para)
5494
msgid "Public SSH keys have been exchanged properly."
5495
msgstr ""
5496
5497
#: serverguide/C/virtualization.xml:1471(para)
5498
msgid "The services are configured properly."
5499
msgstr ""
5500
5501
#: serverguide/C/virtualization.xml:1476(para)
5502
msgid ""
5503
"The appropriate <emphasis>uec-component-listener</emphasis> is running."
5504
msgstr ""
5505
5506
#: serverguide/C/virtualization.xml:1481(para)
5507
msgid "Verify Registration."
5508
msgstr ""
5509
5510
#: serverguide/C/virtualization.xml:1487(para)
5511
msgid ""
5512
"Steps a to e should only be required if you're using the <ulink "
5513
"url=\"https://help.ubuntu.com/community/UEC/PackageInstall\">UEC/PackageInsta"
5514
"ll</ulink> method. Otherwise, if you are following this guide, these steps "
5515
"should already be completed automatically for you, and therefore you can "
5516
"skip <emphasis>\"a\"</emphasis> to <emphasis>\"e\"</emphasis>."
5517
msgstr ""
5518
5519
#: serverguide/C/virtualization.xml:1495(para)
5520
msgid "Exchange Public Keys"
5521
msgstr ""
5522
5523
#: serverguide/C/virtualization.xml:1497(para)
5524
msgid ""
5525
"The Cloud Controller's <emphasis>eucalyptus</emphasis> user needs to have "
5526
"SSH access to the Walrus Controller, Cluster Controller, and Storage "
5527
"Controller as the eucalyptus user."
5528
msgstr ""
5529
5530
#: serverguide/C/virtualization.xml:1502(para)
5531
msgid ""
5532
"Install the Cloud Controller's <emphasis>eucalyptus</emphasis> user's public "
5533
"ssh key by:"
5534
msgstr ""
5535
5536
#: serverguide/C/virtualization.xml:1508(para)
5537
msgid ""
5538
"On the target controller, temporarily set a password for the eucalyptus user:"
5539
msgstr ""
5540
5541
#: serverguide/C/virtualization.xml:1512(command)
5542
msgid "sudo passwd eucalyptus"
5543
msgstr ""
5544
5545
#: serverguide/C/virtualization.xml:1516(para)
5546
msgid "Then, on the Cloud Controller:"
5547
msgstr ""
5548
5549
#: serverguide/C/virtualization.xml:1520(command)
5550
msgid ""
5551
"sudo -u eucalyptus ssh-copy-id -i ~eucalyptus/.ssh/id_rsa.pub "
5552
"eucalyptus@<IP_OF_NODE>"
5553
msgstr ""
5554
5555
#: serverguide/C/virtualization.xml:1524(para)
5556
msgid ""
5557
"You can now remove the password of the eucalyptus account on the target "
5558
"controller, if you wish:"
5559
msgstr ""
5560
5561
#: serverguide/C/virtualization.xml:1528(command)
5562
msgid "sudo passwd -d eucalyptus"
5563
msgstr ""
5564
5565
#: serverguide/C/virtualization.xml:1535(para)
5566
msgid "Configuring the Services"
5567
msgstr ""
5568
5569
#: serverguide/C/virtualization.xml:1537(para)
5570
msgid "On the <emphasis>Cloud Controller</emphasis>:"
5571
msgstr ""
5572
5573
#: serverguide/C/virtualization.xml:1543(para)
5574
msgid "For the <emphasis>Cluster Controller</emphasis> Registration:"
5575
msgstr ""
5576
5577
#: serverguide/C/virtualization.xml:1547(para) serverguide/C/virtualization.xml:1575(para)
5578
msgid ""
5579
"Define the shell variable CC_NAME in <filename>/etc/eucalyptus/eucalyptus-"
5580
"cc.conf</filename>"
5581
msgstr ""
5582
5583
#: serverguide/C/virtualization.xml:1549(para)
5584
msgid ""
5585
"Define the shell variable CC_IP_ADDR in <filename>/etc/eucalyptus/eucalyptus-"
5586
"ipaddr.conf</filename>, as a space separated list of one or more IP "
5587
"addresses."
5588
msgstr ""
5589
5590
#: serverguide/C/virtualization.xml:1556(para)
5591
msgid "For the <emphasis>Walrus Controller</emphasis> Registration:"
5592
msgstr ""
5593
5594
#: serverguide/C/virtualization.xml:1560(para)
5595
msgid ""
5596
"Define the shell variable WALRUS_IP_ADDR in "
5597
"<filename>/etc/eucalyptus/eucalyptus-ipaddr.conf</filename>, as a single IP "
5598
"address."
5599
msgstr ""
5600
5601
#: serverguide/C/virtualization.xml:1565(para)
5602
msgid "On the <emphasis>Cluster Controller</emphasis>:"
5603
msgstr ""
5604
5605
#: serverguide/C/virtualization.xml:1571(para)
5606
msgid "For <emphasis>Storage Controller</emphasis> Registration:"
5607
msgstr ""
5608
5609
#: serverguide/C/virtualization.xml:1577(para)
5610
msgid ""
5611
"Define the shell variable SC_IP_ADDR in <filename>/etc/eucalyptus/eucalyptus-"
5612
"ipaddr.conf</filename>, as a space separated list of one or more IP "
5613
"addresses."
5614
msgstr ""
5615
5616
#: serverguide/C/virtualization.xml:1587(para)
5617
msgid "Publish"
5618
msgstr ""
5619
5620
#: serverguide/C/virtualization.xml:1589(para)
5621
msgid "Now start the publication services."
5622
msgstr ""
5623
5624
#: serverguide/C/virtualization.xml:1595(emphasis)
5625
msgid "Walrus Controller:"
5626
msgstr ""
5627
5628
#: serverguide/C/virtualization.xml:1597(command)
5629
msgid "sudo start eucalyptus-walrus-publication"
5630
msgstr ""
5631
5632
#: serverguide/C/virtualization.xml:1601(emphasis)
5633
msgid "Cluster Controller:"
5634
msgstr ""
5635
5636
#: serverguide/C/virtualization.xml:1603(command)
5637
msgid "sudo start eucalyptus-cc-publication"
5638
msgstr ""
5639
5640
#: serverguide/C/virtualization.xml:1607(emphasis)
5641
msgid "Storage Controller:"
5642
msgstr ""
5643
5644
#: serverguide/C/virtualization.xml:1609(command)
5645
msgid "sudo start eucalyptus-sc-publication"
5646
msgstr ""
5647
5648
#: serverguide/C/virtualization.xml:1613(emphasis)
5649
msgid "Node Controller:"
5650
msgstr ""
5651
5652
#: serverguide/C/virtualization.xml:1615(command)
5653
msgid "sudo start eucalyptus-nc-publication"
5654
msgstr ""
5655
5656
#: serverguide/C/virtualization.xml:1622(para)
5657
msgid "Start the Listener"
5658
msgstr ""
5659
5660
#: serverguide/C/virtualization.xml:1624(para)
5661
msgid ""
5662
"On the <emphasis>Cloud Controller</emphasis> and the <emphasis>Cluster "
5663
"Controller(s)</emphasis>, run:"
5664
msgstr ""
5665
5666
#: serverguide/C/virtualization.xml:1629(command)
5667
msgid "sudo start uec-component-listener"
5668
msgstr ""
5669
5670
#: serverguide/C/virtualization.xml:1634(para)
5671
msgid "Verify Registration"
5672
msgstr ""
5673
5674
#: serverguide/C/virtualization.xml:1637(command)
5675
msgid "cat /var/log/eucalyptus/registration.log"
5676
msgstr ""
5677
5678
#: serverguide/C/virtualization.xml:1638(computeroutput)
5679
#, no-wrap
5680
msgid ""
5681
"2010-04-08 15:46:36-05:00 | 24243 -> Calling node cluster1 node "
5682
"10.1.1.75\n"
5683
"2010-04-08 15:46:36-05:00 | 24243 -> euca_conf --register-nodes returned "
5684
"0\n"
5685
"2010-04-08 15:48:47-05:00 | 25858 -> Calling walrus Walrus 10.1.1.71\n"
5686
"2010-04-08 15:48:51-05:00 | 25858 -> euca_conf --register-walrus returned "
5687
"0\n"
5688
"2010-04-08 15:49:04-05:00 | 26237 -> Calling cluster cluster1 10.1.1.71\n"
5689
"2010-04-08 15:49:08-05:00 | 26237 -> euca_conf --register-cluster "
5690
"returned 0\n"
5691
"2010-04-08 15:49:17-05:00 | 26644 -> Calling storage cluster1 storage "
5692
"10.1.1.71\n"
5693
"2010-04-08 15:49:18-05:00 | 26644 -> euca_conf --register-sc returned 0"
5694
msgstr ""
5695
5696
#: serverguide/C/virtualization.xml:1649(para)
5697
msgid "The output on your machine will vary from the example above."
5698
msgstr ""
5699
5700
#: serverguide/C/virtualization.xml:1659(title)
5701
msgid "Obtain Credentials"
5702
msgstr ""
5703
5704
#: serverguide/C/virtualization.xml:1661(para)
5705
msgid ""
5706
"After installing and booting the <emphasis>Cloud Controller</emphasis>, "
5707
"users of the cloud will need to retrieve their credentials. This can be done "
5708
"either through a web browser, or at the command line."
5709
msgstr ""
5710
5711
#: serverguide/C/virtualization.xml:1667(title)
5712
msgid "From a Web Browser"
5713
msgstr ""
5714
5715
#: serverguide/C/virtualization.xml:1671(para)
5716
msgid ""
5717
"From your web browser (either remotely or on your Ubuntu server) access the "
5718
"following URL:"
5719
msgstr ""
5720
5721
#: serverguide/C/virtualization.xml:1674(programlisting) serverguide/C/virtualization.xml:1804(programlisting)
5722
#, no-wrap
5723
msgid ""
5724
"\n"
5725
"https://<cloud-controller-ip-address>:8443/\n"
5726
msgstr ""
5727
5728
#: serverguide/C/virtualization.xml:1679(para)
5729
msgid ""
5730
"You must use a secure connection, so make sure you use \"https\" not "
5731
"\"http\" in your URL. You will get a security certificate warning. You will "
5732
"have to add an exception to view the page. If you do not accept it you will "
5733
"not be able to view the Eucalyptus configuration page."
5734
msgstr ""
5735
5736
#: serverguide/C/virtualization.xml:1687(para)
5737
msgid ""
5738
"Use username <emphasis>'admin'</emphasis> and password "
5739
"<emphasis>'admin'</emphasis> for the first time login (you will be prompted "
5740
"to change your password)."
5741
msgstr ""
5742
5743
#: serverguide/C/virtualization.xml:1693(para)
5744
msgid ""
5745
"Then follow the on-screen instructions to update the admin password and "
5746
"email address."
5747
msgstr ""
5748
5749
#: serverguide/C/virtualization.xml:1698(para)
5750
msgid ""
5751
"Once the first time configuration process is completed, click the "
5752
"<emphasis>'credentials'</emphasis> tab located in the top-left portion of "
5753
"the screen."
5754
msgstr ""
5755
5756
#: serverguide/C/virtualization.xml:1704(para)
5757
msgid ""
5758
"Click the <emphasis>'Download Credentials'</emphasis> button to get your "
5759
"certificates."
5760
msgstr ""
5761
5762
#: serverguide/C/virtualization.xml:1709(para)
5763
msgid "Save them to <filename>~/.euca</filename>."
5764
msgstr ""
5765
5766
#: serverguide/C/virtualization.xml:1714(para)
5767
msgid ""
5768
"Unzip the downloaded zip file into a safe location "
5769
"(<filename>~/.euca</filename>)."
5770
msgstr ""
5771
5772
#: serverguide/C/virtualization.xml:1718(command)
5773
msgid "unzip -d ~/.euca mycreds.zip"
5774
msgstr ""
5775
5776
#: serverguide/C/virtualization.xml:1725(title)
5777
msgid "From a Command Line"
5778
msgstr ""
5779
5780
#: serverguide/C/virtualization.xml:1729(para)
5781
msgid ""
5782
"Alternatively, if you are on the command line of the <emphasis>Cloud "
5783
"Controller</emphasis>, you can run:"
5784
msgstr ""
5785
5786
#: serverguide/C/virtualization.xml:1733(command)
5787
msgid "mkdir -p ~/.euca"
5788
msgstr ""
5789
5790
#: serverguide/C/virtualization.xml:1734(command)
5791
msgid "chmod 700 ~/.euca"
5792
msgstr ""
5793
5794
#: serverguide/C/virtualization.xml:1735(command)
5795
msgid "cd ~/.euca"
5796
msgstr ""
5797
5798
#: serverguide/C/virtualization.xml:1736(command)
5799
msgid "sudo euca_conf --get-credentials mycreds.zip"
5800
msgstr ""
5801
5802
#: serverguide/C/virtualization.xml:1737(command)
5803
msgid "unzip mycreds.zip"
5804
msgstr ""
5805
5806
#: serverguide/C/virtualization.xml:1738(command)
5807
msgid "ln -s ~/.euca/eucarc ~/.eucarc"
5808
msgstr ""
5809
5810
#: serverguide/C/virtualization.xml:1739(command)
5811
msgid "cd -"
5812
msgstr ""
5813
5814
#: serverguide/C/virtualization.xml:1746(title)
5815
msgid "Extracting and Using Your Credentials"
5816
msgstr ""
5817
5818
#: serverguide/C/virtualization.xml:1748(para)
5819
msgid ""
5820
"Now you will need to setup EC2 API and AMI tools on your server using X.509 "
5821
"certificates."
5822
msgstr ""
5823
5824
#: serverguide/C/virtualization.xml:1754(para)
5825
msgid "Install the required cloud user tools:"
5826
msgstr ""
5827
5828
#: serverguide/C/virtualization.xml:1758(command)
5829
msgid "sudo apt-get install euca2ools"
5830
msgstr ""
5831
5832
#: serverguide/C/virtualization.xml:1762(para)
5833
msgid ""
5834
"To validate that everything is working correctly, get the local cluster "
5835
"availability details:"
5836
msgstr ""
5837
5838
#: serverguide/C/virtualization.xml:1766(command)
5839
msgid ". ~/.euca/eucarc"
5840
msgstr ""
5841
5842
#: serverguide/C/virtualization.xml:1767(command)
5843
msgid "euca-describe-availability-zones verbose"
5844
msgstr ""
5845
5846
#: serverguide/C/virtualization.xml:1768(computeroutput)
5847
#, no-wrap
5848
msgid ""
5849
"AVAILABILITYZONE myowncloud 192.168.1.1\n"
5850
"AVAILABILITYZONE |- vm types free / max cpu ram disk\n"
5851
"AVAILABILITYZONE |- m1.small 0004 / 0004 1 128 2\n"
5852
"AVAILABILITYZONE |- c1.medium 0004 / 0004 1 256 5\n"
5853
"AVAILABILITYZONE |- m1.large 0002 / 0002 2 512 10\n"
5854
"AVAILABILITYZONE |- m1.xlarge 0002 / 0002 2 1024 20\n"
5855
"AVAILABILITYZONE |- c1.xlarge 0001 / 0001 4 2048 20"
5856
msgstr ""
5857
5858
#: serverguide/C/virtualization.xml:1778(para)
5859
msgid "Your output from the above command will vary."
5860
msgstr ""
5861
5862
#: serverguide/C/virtualization.xml:1788(title)
5863
msgid "Install an Image from the Store"
5864
msgstr ""
5865
5866
#: serverguide/C/virtualization.xml:1790(para)
5867
msgid ""
5868
"The following is by far the simplest way to install an image. However, "
5869
"advanced users may be interested in learning how to <ulink "
5870
"url=\"https://help.ubuntu.com/community/UEC/BundlingImages\">Bundle their "
5871
"own image</ulink>."
5872
msgstr ""
5873
5874
#: serverguide/C/virtualization.xml:1795(para)
5875
msgid ""
5876
"The simplest way to add an image to <application>UEC</application> is to "
5877
"install it from the Image Store on the UEC web interface."
5878
msgstr ""
5879
5880
#: serverguide/C/virtualization.xml:1801(para)
5881
msgid ""
5882
"Access the web interface at the following URL (Make sure you specify https):"
5883
msgstr ""
5884
5885
#: serverguide/C/virtualization.xml:1809(para)
5886
msgid ""
5887
"Enter your login and password (if requested, as you may still be logged in "
5888
"from earlier)."
5889
msgstr ""
5890
5891
#: serverguide/C/virtualization.xml:1814(para)
5892
msgid "Click on the <emphasis>Store</emphasis> tab."
5893
msgstr ""
5894
5895
#: serverguide/C/virtualization.xml:1819(para)
5896
msgid "Browse available images."
5897
msgstr ""
5898
5899
#: serverguide/C/virtualization.xml:1824(para)
5900
msgid "Click on <emphasis>install</emphasis> for the image you want."
5901
msgstr ""
5902
5903
#: serverguide/C/virtualization.xml:1830(para)
5904
msgid ""
5905
"Once the image has been downloaded and installed, you can click on "
5906
"<emphasis>\"How to run?\"</emphasis> that will be displayed below the image "
5907
"button to view the command to execute to instantiate (start) this image. The "
5908
"image will also appear on the list given on the <emphasis>Image</emphasis> "
5909
"tab."
5910
msgstr ""
5911
5912
#: serverguide/C/virtualization.xml:1838(title)
5913
msgid "Run an Image"
5914
msgstr ""
5915
5916
#: serverguide/C/virtualization.xml:1840(para)
5917
msgid "There are multiple ways to instantiate an image in UEC:"
5918
msgstr ""
5919
5920
#: serverguide/C/virtualization.xml:1845(para)
5921
msgid "Use the command line."
5922
msgstr ""
5923
5924
#: serverguide/C/virtualization.xml:1846(para)
5925
msgid ""
5926
"Use one of the UEC compatible management tools such as "
5927
"<emphasis>Landscape</emphasis>."
5928
msgstr ""
5929
5930
#: serverguide/C/virtualization.xml:1848(para)
5931
msgid ""
5932
"Use the <ulink "
5933
"url=\"https://help.ubuntu.com/community/UEC/ElasticFox\">ElasticFox</ulink> "
5934
"extension to Firefox."
5935
msgstr ""
5936
5937
#: serverguide/C/virtualization.xml:1854(para)
5938
msgid "Here we will describe the process from the command line:"
5939
msgstr ""
5940
5941
#: serverguide/C/virtualization.xml:1860(para)
5942
msgid ""
5943
"Before running an instance of your image, you should first create a "
5944
"<emphasis>keypair</emphasis> (ssh key) that you can use to log into your "
5945
"instance as root, once it boots. The key is stored, so you will only have to "
5946
"do this once."
5947
msgstr ""
5948
5949
#: serverguide/C/virtualization.xml:1864(para)
5950
msgid "Run the following command:"
5951
msgstr ""
5952
5953
#: serverguide/C/virtualization.xml:1867(programlisting)
5954
#, no-wrap
5955
msgid ""
5956
"\n"
5957
"if [ ! -e ~/.euca/mykey.priv ]; then\n"
5958
" mkdir -p -m 700 ~/.euca\n"
5959
" touch ~/.euca/mykey.priv\n"
5960
" chmod 0600 ~/.euca/mykey.priv\n"
5961
" euca-add-keypair mykey > ~/.euca/mykey.priv\n"
5962
"fi\n"
5963
msgstr ""
5964
5965
#: serverguide/C/virtualization.xml:1876(para)
5966
msgid ""
5967
"You can call your key whatever you like (in this example, the key is called "
5968
"<emphasis>'mykey'</emphasis>), but remember what it is called. If you "
5969
"forget, you can always run <command>euca-describe-keypairs</command> to get "
5970
"a list of created keys stored in the system."
5971
msgstr ""
5972
5973
#: serverguide/C/virtualization.xml:1883(para)
5974
msgid "You must also allow access to port 22 in your instances:"
5975
msgstr ""
5976
5977
#: serverguide/C/virtualization.xml:1887(command)
5978
msgid "euca-authorize default -P tcp -p 22 -s 0.0.0.0/0"
5979
msgstr ""
5980
5981
#: serverguide/C/virtualization.xml:1891(para)
5982
msgid "Next, you can create instances of your registered image:"
5983
msgstr ""
5984
5985
#: serverguide/C/virtualization.xml:1895(command)
5986
msgid "euca-run-instances $EMI -k mykey -t m1.small"
5987
msgstr ""
5988
5989
#: serverguide/C/virtualization.xml:1898(para)
5990
msgid ""
5991
"If you receive an error regarding <emphasis>image_id</emphasis>, you may "
5992
"find it by viewing Images page or click <emphasis>\"How to Run\"</emphasis> "
5993
"on the <emphasis>Store</emphasis> page to see the sample command."
5994
msgstr ""
5995
5996
#: serverguide/C/virtualization.xml:1905(para)
5997
msgid ""
5998
"The first time you run an instance, the system will be setting up caches for "
5999
"the image from which it will be created. This can often take some time the "
6000
"first time an instance is run given that VM images are usually quite large."
6001
msgstr ""
6002
6003
#: serverguide/C/virtualization.xml:1909(para)
6004
msgid "To monitor the state of your instance, run:"
6005
msgstr ""
6006
6007
#: serverguide/C/virtualization.xml:1913(command)
6008
msgid "watch -n5 euca-describe-instances"
6009
msgstr ""
6010
6011
#: serverguide/C/virtualization.xml:1915(para)
6012
msgid ""
6013
"In the output, you should see information about the instance, including its "
6014
"state. While first-time caching is being performed, the instance's state "
6015
"will be <emphasis>'pending'</emphasis>."
6016
msgstr ""
6017
6018
#: serverguide/C/virtualization.xml:1921(para)
6019
msgid ""
6020
"When the instance is fully started, the above state will become "
6021
"<emphasis>'running'</emphasis>. Look at the IP address assigned to your "
6022
"instance in the output, then connect to it:"
6023
msgstr ""
6024
6025
#: serverguide/C/virtualization.xml:1926(command)
6026
msgid ""
6027
"IPADDR=$(euca-describe-instances | grep $EMI | grep running | tail -n1 | awk "
6028
"'{print $4}')"
6029
msgstr ""
6030
6031
#: serverguide/C/virtualization.xml:1927(command)
6032
msgid "ssh -i ~/.euca/mykey.priv ubuntu@$IPADDR"
6033
msgstr ""
6034
6035
#: serverguide/C/virtualization.xml:1931(para)
6036
msgid ""
6037
"And when you are done with this instance, exit your SSH connection, then "
6038
"terminate your instance:"
6039
msgstr ""
6040
6041
#: serverguide/C/virtualization.xml:1935(command)
6042
msgid ""
6043
"INSTANCEID=$(euca-describe-instances | grep $EMI | grep running | tail -n1 | "
6044
"awk '{print $2}')"
6045
msgstr ""
6046
6047
#: serverguide/C/virtualization.xml:1936(command)
6048
msgid "euca-terminate-instances $INSTANCEID"
6049
msgstr ""
6050
6051
#: serverguide/C/virtualization.xml:1944(para)
6052
msgid ""
6053
"The <application>cloud-init</application> package provides \"first boot\" "
6054
"functionality for the Ubuntu UEC images. It is in charge of taking the "
6055
"generic filesystem image that is booting and customizing it for this "
6056
"particular instance. That includes things like:"
6057
msgstr ""
6058
6059
#: serverguide/C/virtualization.xml:1952(para)
6060
msgid "Setting the hostname."
6061
msgstr ""
6062
6063
#: serverguide/C/virtualization.xml:1957(para)
6064
msgid ""
6065
"Putting the provided ssh public keys into "
6066
"<filename>~ubuntu/.ssh/authorized_keys</filename>."
6067
msgstr ""
6068
6069
#: serverguide/C/virtualization.xml:1962(para)
6070
msgid "Running a user provided script, or otherwise modifying the image."
6071
msgstr ""
6072
6073
#: serverguide/C/virtualization.xml:1968(para)
6074
msgid ""
6075
"Setting hostname and configuring a system so the person who launched it can "
6076
"actually log into it are not terribly interesting. The interesting things "
6077
"that can be done with <application>cloud-init</application> are made "
6078
"possible by data provided at launch time called <ulink "
6079
"url=\"http://developer.amazonwebservices.com/connect/entry.jspa?externalID=10"
6080
"85\">user-data</ulink>."
6081
msgstr ""
6082
6083
#: serverguide/C/virtualization.xml:1974(para)
6084
msgid "First, install the <application>cloud-init</application> package:"
6085
msgstr ""
6086
6087
#: serverguide/C/virtualization.xml:1979(command)
6088
msgid "sudo apt-get install cloud-init"
6089
msgstr ""
6090
6091
#: serverguide/C/virtualization.xml:1982(para)
6092
msgid ""
6093
"If the user-data starts with <emphasis>'#!'</emphasis>, then it will be "
6094
"stored and executed as root late in the boot process of the instance's first "
6095
"boot (similar to a traditional 'rc.local' script). Output from the script is "
6096
"directed to the console."
6097
msgstr ""
6098
6099
#: serverguide/C/virtualization.xml:1987(para)
6100
msgid ""
6101
"For example, create a file named <filename>ud.txt</filename> containing:"
6102
msgstr ""
6103
6104
#: serverguide/C/virtualization.xml:1991(programlisting)
6105
#, no-wrap
6106
msgid ""
6107
"\n"
6108
"#!/bin/sh\n"
6109
"echo ========== Hello World: $(date) ==========\n"
6110
"echo \"I have been up for $(cut -d\\ -f 1 < /proc/uptime) sec\"\n"
6111
msgstr ""
6112
6113
#: serverguide/C/virtualization.xml:1997(para)
6114
msgid ""
6115
"Now start an instance with the <emphasis>--user-data-file</emphasis> option:"
6116
msgstr ""
6117
6118
#: serverguide/C/virtualization.xml:2002(command)
6119
msgid "euca-run-instances $EMI -k mykey -t m1.small --user-data-file=ud.txt"
6120
msgstr ""
6121
6122
#: serverguide/C/virtualization.xml:2005(para)
6123
msgid ""
6124
"Wait now for the system to come up and console to be available. To see the "
6125
"result of the data file commands enter:"
6126
msgstr ""
6127
6128
#: serverguide/C/virtualization.xml:2010(command)
6129
msgid "euca-get-console-output $EMI | grep --after-context=1 Hello"
6130
msgstr ""
6131
6132
#: serverguide/C/virtualization.xml:2011(computeroutput)
6133
#, no-wrap
6134
msgid ""
6135
"========== Hello World: Mon Mar 29 18:05:05 UTC 2010 ==========\n"
6136
"I have been up for 28.26 sec"
6137
msgstr ""
6138
6139
#: serverguide/C/virtualization.xml:2016(para)
6140
msgid "Your output may vary."
6141
msgstr ""
6142
6143
#: serverguide/C/virtualization.xml:2021(para)
6144
msgid ""
6145
"The simple approach shown above gives a great deal of power. The user-data "
6146
"can contain a script in any language where an interpreter already exists in "
6147
"the image (#!/bin/sh, #!/usr/bin/python, #!/usr/bin/perl, #!/usr/bin/awk ... "
6148
")."
6149
msgstr ""
6150
6151
#: serverguide/C/virtualization.xml:2026(para)
6152
msgid ""
6153
"For many cases, the user may not be interested in writing a program. For "
6154
"this case, cloud-init provides <emphasis>\"cloud-config\"</emphasis>, a "
6155
"configuration based approach towards customization. To utilize the cloud-"
6156
"config syntax, the supplied user-data must start with a <emphasis>'#cloud-"
6157
"config'</emphasis>."
6158
msgstr ""
6159
6160
#: serverguide/C/virtualization.xml:2031(para)
6161
msgid ""
6162
"For example, create a text file named <filename>clout-config.txt</filename> "
6163
"containing:"
6164
msgstr ""
6165
6166
#: serverguide/C/virtualization.xml:2035(programlisting)
6167
#, no-wrap
6168
msgid ""
6169
"\n"
6170
"#cloud-config\n"
6171
"apt_upgrade: true\n"
6172
"apt_sources:\n"
6173
"- source: \"ppa:ubuntu-server-edgers/server-edgers-apache \"\n"
6174
"\n"
6175
"packages:\n"
6176
"- build-essential\n"
6177
"- pastebinit\n"
6178
"\n"
6179
"runcmd:\n"
6180
"- echo ======= Hello World =====\n"
6181
"- echo \"I have been up for $(cut -d\\ -f 1 < /proc/uptime) sec\"\n"
6182
msgstr ""
6183
6184
#: serverguide/C/virtualization.xml:2050(para)
6185
msgid "Create a new instance:"
6186
msgstr ""
6187
6188
#: serverguide/C/virtualization.xml:2055(command)
6189
msgid ""
6190
"euca-run-instances $EMI -k mykey -t m1.small --user-data-file=cloud-"
6191
"config.txt"
6192
msgstr ""
6193
6194
#: serverguide/C/virtualization.xml:2058(para)
6195
msgid "Now, when the above system is booted, it will have:"
6196
msgstr ""
6197
6198
#: serverguide/C/virtualization.xml:2063(para)
6199
msgid "Added the Apache Edgers PPA."
6200
msgstr ""
6201
6202
#: serverguide/C/virtualization.xml:2064(para)
6203
msgid "Run an upgrade to get all updates available"
6204
msgstr ""
6205
6206
#: serverguide/C/virtualization.xml:2065(para)
6207
msgid "Installed the 'build-essential' and 'pastebinit' packages"
6208
msgstr ""
6209
6210
#: serverguide/C/virtualization.xml:2066(para)
6211
msgid "Printed a similar message to the script above"
6212
msgstr ""
6213
6214
#: serverguide/C/virtualization.xml:2070(para)
6215
msgid ""
6216
"The <emphasis>Apache Edgers PPA</emphasis>, in the above example, contains "
6217
"the latest version of Apache from upstream source repositories. Package "
6218
"versions in the PPA are unsupported, and depending on your situation, this "
6219
"may or may not be desirable. See the <ulink "
6220
"url=\"https://launchpad.net/~ubuntu-server-edgers\">Ubuntu Server "
6221
"Edgers</ulink> web page for more details."
6222
msgstr ""
6223
6224
#: serverguide/C/virtualization.xml:2077(para)
6225
msgid ""
6226
"The <emphasis>'runcmd'</emphasis> commands are run at the same point in boot "
6227
"that the <emphasis>'#!'</emphasis> script would run in the previous example. "
6228
"It is present to allow you to get the full power of a scripting language if "
6229
"you need it without abandoning <emphasis>cloud-config</emphasis>."
6230
msgstr ""
6231
6232
#: serverguide/C/virtualization.xml:2082(para)
6233
msgid ""
6234
"For more information on what kinds of things can be done with "
6235
"<application>cloud-config</application>, see <ulink "
6236
"url=\"http://bazaar.launchpad.net/~cloud-init-dev/cloud-"
6237
"init/trunk/files/head:/doc/examples/\">doc/examples</ulink> in the source."
6238
msgstr ""
6239
6240
#: serverguide/C/virtualization.xml:2091(title) serverguide/C/dns.xml:619(title)
6241
msgid "More Information"
6242
msgstr ""
6243
6244
#: serverguide/C/virtualization.xml:2093(para)
6245
msgid ""
6246
"How to use the <ulink "
6247
"url=\"https://help.ubuntu.com/community/UEC/StorageController\">Storage "
6248
"Controller</ulink>"
6249
msgstr ""
6250
6251
#: serverguide/C/virtualization.xml:2097(para)
6252
msgid "Controlling eucalyptus services:"
6253
msgstr ""
6254
6255
#: serverguide/C/virtualization.xml:2102(para)
6256
msgid ""
6257
"sudo service eucalyptus [start|stop|restart] (on the CLC/CC/SC/Walrus side)"
6258
msgstr ""
6259
6260
#: serverguide/C/virtualization.xml:2103(para)
6261
msgid "sudo service eucalyptus-nc [start|stop|restart] (on the Node side)"
6262
msgstr ""
6263
6264
#: serverguide/C/virtualization.xml:2106(para)
6265
msgid "Locations of some important files:"
6266
msgstr ""
6267
6268
#: serverguide/C/virtualization.xml:2113(emphasis)
6269
msgid "Log files:"
6270
msgstr ""
6271
6272
#: serverguide/C/virtualization.xml:2116(para)
6273
msgid "/var/log/eucalyptus"
6274
msgstr ""
6275
6276
#: serverguide/C/virtualization.xml:2121(emphasis)
6277
msgid "Configuration files:"
6278
msgstr ""
6279
6280
#: serverguide/C/virtualization.xml:2124(para)
6281
msgid "/etc/eucalyptus"
6282
msgstr ""
6283
6284
#: serverguide/C/virtualization.xml:2129(emphasis)
6285
msgid "Database:"
6286
msgstr ""
6287
6288
#: serverguide/C/virtualization.xml:2132(para)
6289
msgid "/var/lib/eucalyptus/db"
6290
msgstr ""
6291
6292
#: serverguide/C/virtualization.xml:2137(emphasis)
6293
msgid "Keys:"
6294
msgstr ""
6295
6296
#: serverguide/C/virtualization.xml:2140(para)
6297
msgid "/var/lib/eucalyptus"
6298
msgstr ""
6299
6300
#: serverguide/C/virtualization.xml:2141(para)
6301
msgid "/var/lib/eucalyptus/.ssh"
6302
msgstr ""
6303
6304
#: serverguide/C/virtualization.xml:2147(para)
6305
msgid ""
6306
"Don't forget to source your <filename>~/.euca/eucarc</filename> before "
6307
"running the client tools."
6308
msgstr ""
6309
6310
#: serverguide/C/virtualization.xml:2158(para)
6311
msgid ""
6312
"For information on loading instances see the <ulink "
6313
"url=\"https://help.ubuntu.com/community/Eucalyptus\">Eucalyptus Wiki</ulink> "
6314
"page."
6315
msgstr ""
6316
6317
#: serverguide/C/virtualization.xml:2163(para)
6318
msgid ""
6319
"<ulink url=\"http://open.eucalyptus.com/\">Eucalyptus Project Site (forums, "
6320
"documentation, downloads)</ulink>."
6321
msgstr ""
6322
6323
#: serverguide/C/virtualization.xml:2168(para)
6324
msgid ""
6325
"<ulink url=\"https://launchpad.net/eucalyptus/\">Eucalyptus on Launchpad "
6326
"(bugs, code)</ulink>."
6327
msgstr ""
6328
6329
#: serverguide/C/virtualization.xml:2173(para)
6330
msgid ""
6331
"<ulink "
6332
"url=\"http://open.eucalyptus.com/wiki/EucalyptusTroubleshooting_v1.5\">Eucaly"
6333
"ptus Troubleshooting (1.5)</ulink>."
6334
msgstr ""
6335
6336
#: serverguide/C/virtualization.xml:2178(para)
6337
msgid ""
6338
"<ulink url=\"http://support.rightscale.com/2._References/02-"
6339
"Cloud_Infrastructures/Eucalyptus/03-"
6340
"Administration_Guide/Register_with_RightScale\"> Register your cloud with "
6341
"RightScale</ulink>."
6342
msgstr ""
6343
6344
#: serverguide/C/virtualization.xml:2184(para)
6345
msgid ""
6346
"You can also find help in the <emphasis>#ubuntu-virt</emphasis>, "
6347
"<emphasis>#eucalyptus</emphasis>, and <emphasis>#ubuntu-server</emphasis> "
6348
"IRC channels on <ulink url=\"http://freenode.net\">Freenode</ulink>."
6349
msgstr ""
6350
6351
#: serverguide/C/virtualization.xml:2193(title)
6352
msgid "Glossary"
6353
msgstr ""
6354
6355
#: serverguide/C/virtualization.xml:2195(para)
6356
msgid ""
6357
"The Ubuntu Enterprise Cloud documentation uses terminology that might be "
6358
"unfamiliar to some readers. This page is intended to provide a glossary of "
6359
"such terms and acronyms."
6360
msgstr ""
6361
6362
#: serverguide/C/virtualization.xml:2202(para)
6363
msgid ""
6364
"<emphasis>Cloud</emphasis> - A federated set of physical machines that offer "
6365
"computing resources through virtual machines, provisioned and recollected "
6366
"dynamically."
6367
msgstr ""
6368
6369
#: serverguide/C/virtualization.xml:2208(para)
6370
msgid ""
6371
"<emphasis>Cloud Controller (CLC)</emphasis> - Eucalyptus component that "
6372
"provides the web UI (an https server on port 8443), and implements the "
6373
"Amazon EC2 API. There should be only one Cloud Controller in an installation "
6374
"of UEC. This service is provided by the Ubuntu <application>eucalyptus-"
6375
"cloud</application> package."
6376
msgstr ""
6377
6378
#: serverguide/C/virtualization.xml:2215(para)
6379
msgid ""
6380
"<emphasis>Cluster</emphasis> - A collection of nodes, associated with a "
6381
"Cluster Controller. There can be more than one Cluster in an installation of "
6382
"UEC. Clusters are sometimes physically separate sets of nodes. (e.g. floor1, "
6383
"floor2, floor2)."
6384
msgstr ""
6385
6386
#: serverguide/C/virtualization.xml:2221(para)
6387
msgid ""
6388
"<emphasis>Cluster Controller (CC)</emphasis> - Eucalyptus component that "
6389
"manages collections of node resources. This service is provided by the "
6390
"Ubuntu <application>eucalyptus-cc</application> package."
6391
msgstr ""
6392
6393
#: serverguide/C/virtualization.xml:2227(para)
6394
msgid "<emphasis>EBS</emphasis> - Elastic Block Storage."
6395
msgstr ""
6396
6397
#: serverguide/C/virtualization.xml:2232(para)
6398
msgid ""
6399
"<emphasis>EC2</emphasis> - Elastic Compute Cloud. Amazon's pay-by-the-hour, "
6400
"pay-by-the-gigabyte public cloud computing offering."
6401
msgstr ""
6402
6403
#: serverguide/C/virtualization.xml:2237(para)
6404
msgid "<emphasis>EKI</emphasis> - Eucalyptus Kernel Image."
6405
msgstr ""
6406
6407
#: serverguide/C/virtualization.xml:2242(para)
6408
msgid "<emphasis>EMI</emphasis> - Eucalyptus Machine Image."
6409
msgstr ""
6410
6411
#: serverguide/C/virtualization.xml:2247(para)
6412
msgid "<emphasis>ERI</emphasis> - Eucalyptus Ramdisk Image."
6413
msgstr ""
6414
6415
#: serverguide/C/virtualization.xml:2252(para)
6416
msgid ""
6417
"<emphasis>Eucalyptus</emphasis> - Elastic Utility Computing Architecture for "
6418
"Linking Your Programs To Useful Systems. An open source project originally "
6419
"from the University of California at Santa Barbara, now supported by "
6420
"Eucalyptus Systems, a Canonical Partner."
6421
msgstr ""
6422
6423
#: serverguide/C/virtualization.xml:2259(para)
6424
msgid ""
6425
"<emphasis>Front-end</emphasis> - Physical machine hosting one (or more) of "
6426
"the high level Eucalyptus components (cloud, walrus, storage controller, "
6427
"cluster controller)."
6428
msgstr ""
6429
6430
#: serverguide/C/virtualization.xml:2265(para)
6431
msgid ""
6432
"<emphasis>Node</emphasis> - A node is a physical machine that's capable of "
6433
"running virtual machines, running a node controller. Within Ubuntu, this "
6434
"generally means that the CPU has VT extensions, and can run the KVM "
6435
"hypervisor."
6436
msgstr ""
6437
6438
#: serverguide/C/virtualization.xml:2271(para)
6439
msgid ""
6440
"<emphasis>Node Controller (NC)</emphasis> - Eucalyptus component that runs "
6441
"on nodes which host the virtual machines that comprise the cloud. This "
6442
"service is provided by the Ubuntu package <application>eucalyptus-"
6443
"nc</application>."
6444
msgstr ""
6445
6446
#: serverguide/C/virtualization.xml:2277(para)
6447
msgid ""
6448
"<emphasis>S3</emphasis> - Simple Storage Service. Amazon's pay-by-the-"
6449
"gigabyte persistent storage solution for EC2."
6450
msgstr ""
6451
6452
#: serverguide/C/virtualization.xml:2282(para)
6453
msgid ""
6454
"<emphasis>Storage Controller (SC)</emphasis> - Eucalyptus component that "
6455
"manages dynamic block storage services (EBS). Each 'cluster' in a Eucalyptus "
6456
"installation can have its own Storage Controller. This component is provided "
6457
"by the <application>eucalyptus-sc</application> package."
6458
msgstr ""
6459
6460
#: serverguide/C/virtualization.xml:2289(para)
6461
msgid ""
6462
"<emphasis>UEC</emphasis> - Ubuntu Enterprise Cloud. Ubuntu's cloud computing "
6463
"solution, based on Eucalyptus."
6464
msgstr ""
6465
6466
#: serverguide/C/virtualization.xml:2294(para)
6467
msgid "<emphasis>VM</emphasis> - Virtual Machine."
6468
msgstr ""
6469
6470
#: serverguide/C/virtualization.xml:2299(para)
6471
msgid ""
6472
"<emphasis>VT</emphasis> - Virtualization Technology. An optional feature of "
6473
"some modern CPUs, allowing for accelerated virtual machine hosting."
6474
msgstr ""
6475
6476
#: serverguide/C/virtualization.xml:2304(para)
6477
msgid ""
6478
"<emphasis>Walrus</emphasis> - Eucalyptus component that implements the "
6479
"Amazon S3 API, used for storing VM images and user storage using S3 bucket "
6480
"put/get abstractions."
6481
msgstr ""
6482
6483
#: serverguide/C/vcs.xml:13(title)
6484
msgid "Version Control System"
6485
msgstr ""
6486
6487
#: serverguide/C/vcs.xml:14(para)
6488
msgid ""
6489
"Version control is the art of managing changes to information. It has long "
6490
"been a critical tool for programmers, who typically spend their time making "
6491
"small changes to software and then undoing those changes the next day. But "
6492
"the usefulness of version control software extends far beyond the bounds of "
6493
"the software development world. Anywhere you can find people using computers "
6494
"to manage information that changes often, there is room for version control."
6495
msgstr ""
6496
6497
#: serverguide/C/vcs.xml:17(title)
6498
msgid "Bazaar"
6499
msgstr ""
6500
6501
#: serverguide/C/vcs.xml:18(para)
6502
msgid ""
6503
"Bazaar is a new version control system sponsored by Canonical, the "
6504
"commercial company behind Ubuntu. Unlike Subversion and CVS that only "
6505
"support a central repository model, Bazaar also supports "
6506
"<emphasis>distributed version control</emphasis>, giving people the ability "
6507
"to collaborate more efficiently. In particular, Bazaar is designed to "
6508
"maximize the level of community participation in open source projects."
6509
msgstr ""
6510
6511
#: serverguide/C/vcs.xml:29(para)
6512
msgid ""
6513
"At a terminal prompt, enter the following command to install "
6514
"<application>bzr</application>: <screen>\n"
6515
"<command>sudo apt-get install bzr</command>\n"
6516
"</screen>"
6517
msgstr ""
6518
6519
#: serverguide/C/vcs.xml:40(para)
6520
msgid ""
6521
"To introduce yourself to <application>bzr</application>, use the "
6522
"<emphasis>whoami</emphasis> command like this: <screen>\n"
6523
"<command>$ bzr whoami 'Joe Doe <joe.doe@gmail.com>'</command>\n"
6524
"</screen>"
6525
msgstr ""
6526
6527
#: serverguide/C/vcs.xml:49(title)
6528
msgid "Learning Bazaar"
6529
msgstr ""
6530
6531
#: serverguide/C/vcs.xml:50(para)
6532
msgid ""
6533
"Bazaar comes with bundled documentation installed into "
6534
"<application>/usr/share/doc/bzr/html</application> by default. The tutorial "
6535
"is a good place to start. The <application>bzr</application> command also "
6536
"comes with built-in help: <screen>\n"
6537
"<command>$ bzr help</command>\n"
6538
"</screen>"
6539
msgstr ""
6540
6541
#: serverguide/C/vcs.xml:60(para)
6542
msgid ""
6543
"To learn more about the <emphasis>foo</emphasis> command: <screen>\n"
6544
"<command>$ bzr help foo</command>\n"
6545
"</screen>"
6546
msgstr ""
6547
6548
#: serverguide/C/vcs.xml:68(title)
6549
msgid "Launchpad Integration"
6550
msgstr ""
6551
6552
#: serverguide/C/vcs.xml:69(para)
6553
msgid ""
6554
"While highly useful as a stand-alone system, Bazaar has good, optional "
6555
"integration with <ulink url=\"https://launchpad.net/\">Launchpad</ulink>, "
6556
"the collaborative development system used by Canonical and the broader open "
6557
"source community to manage and extend Ubuntu itself. For information on how "
6558
"Bazaar can be used with Launchpad to collaborate on open source projects, "
6559
"see <ulink url=\"http://bazaar-vcs.org/LaunchpadIntegration/\"> "
6560
"http://bazaar-vcs.org/LaunchpadIntegration</ulink>."
6561
msgstr ""
6562
6563
#: serverguide/C/vcs.xml:81(title)
6564
msgid "Subversion"
6565
msgstr ""
6566
6567
#: serverguide/C/vcs.xml:82(para)
6568
msgid ""
6569
"Subversion is an open source version control system. Using Subversion, you "
6570
"can record the history of source files and documents. It manages files and "
6571
"directories over time. A tree of files is placed into a central repository. "
6572
"The repository is much like an ordinary file server, except that it "
6573
"remembers every change ever made to files and directories."
6574
msgstr ""
6575
6576
#: serverguide/C/vcs.xml:87(para)
6577
msgid ""
6578
"To access Subversion repository using the HTTP protocol, you must install "
6579
"and configure a web server. Apache2 is proven to work with Subversion. "
6580
"Please refer to the HTTP subsection in the Apache2 section to install and "
6581
"configure Apache2. To access the Subversion repository using the HTTPS "
6582
"protocol, you must install and configure a digital certificate in your "
6583
"Apache 2 web server. Please refer to the HTTPS subsection in the Apache2 "
6584
"section to install and configure the digital certificate."
6585
msgstr ""
6586
6587
#: serverguide/C/vcs.xml:96(para)
6588
msgid ""
6589
"To install Subversion, run the following command from a terminal prompt:"
6590
msgstr ""
6591
6592
#: serverguide/C/vcs.xml:101(command)
6593
msgid "sudo apt-get install subversion libapache2-svn"
6594
msgstr ""
6595
6596
#: serverguide/C/vcs.xml:108(para)
6597
msgid ""
6598
"This step assumes you have installed above mentioned packages on your "
6599
"system. This section explains how to create a Subversion repository and "
6600
"access the project."
6601
msgstr ""
6602
6603
#: serverguide/C/vcs.xml:111(title)
6604
msgid "Create Subversion Repository"
6605
msgstr ""
6606
6607
#: serverguide/C/vcs.xml:112(para)
6608
msgid ""
6609
"The Subversion repository can be created using the following command from a "
6610
"terminal prompt:"
6611
msgstr ""
6612
6613
#: serverguide/C/vcs.xml:116(command)
6614
msgid "svnadmin create /path/to/repos/project"
6615
msgstr ""
6616
6617
#: serverguide/C/vcs.xml:121(title)
6618
msgid "Importing Files"
6619
msgstr ""
6620
6621
#: serverguide/C/vcs.xml:122(para)
6622
msgid ""
6623
"Once you create the repository you can <emphasis>import</emphasis> files "
6624
"into the repository. To import a directory, enter the following from a "
6625
"terminal prompt: <screen>\n"
6626
"<command>svn import /path/to/import/directory "
6627
"file:///path/to/repos/project</command>\n"
6628
"</screen>"
6629
msgstr ""
6630
6631
#: serverguide/C/vcs.xml:134(title) serverguide/C/vcs.xml:139(title)
6632
msgid "Access Methods"
6633
msgstr ""
6634
6635
#: serverguide/C/vcs.xml:135(para)
6636
msgid ""
6637
"Subversion repositories can be accessed (checked out) through many different "
6638
"methods --on local disk, or through various network protocols. A repository "
6639
"location, however, is always a URL. The table describes how different URL "
6640
"schemes map to the available access methods."
6641
msgstr ""
6642
6643
#: serverguide/C/vcs.xml:146(para)
6644
msgid "Schema"
6645
msgstr ""
6646
6647
#: serverguide/C/vcs.xml:147(para)
6648
msgid "Access Method"
6649
msgstr ""
6650
6651
#: serverguide/C/vcs.xml:152(para)
6652
msgid "file://"
6653
msgstr ""
6654
6655
#: serverguide/C/vcs.xml:153(para)
6656
msgid "direct repository access (on local disk)"
6657
msgstr ""
6658
6659
#: serverguide/C/vcs.xml:156(para)
6660
msgid "http://"
6661
msgstr ""
6662
6663
#: serverguide/C/vcs.xml:157(para)
6664
msgid "Access via WebDAV protocol to Subversion-aware Apache2 web server"
6665
msgstr ""
6666
6667
#: serverguide/C/vcs.xml:160(para)
6668
msgid "https://"
6669
msgstr ""
6670
6671
#: serverguide/C/vcs.xml:161(para)
6672
msgid "Same as http://, but with SSL encryption"
6673
msgstr ""
6674
6675
#: serverguide/C/vcs.xml:164(para)
6676
msgid "svn://"
6677
msgstr ""
6678
6679
#: serverguide/C/vcs.xml:165(para)
6680
msgid "Access via custom protocol to an svnserve server"
6681
msgstr ""
6682
6683
#: serverguide/C/vcs.xml:168(para)
6684
msgid "svn+ssh://"
6685
msgstr ""
6686
6687
#: serverguide/C/vcs.xml:169(para)
6688
msgid "Same as svn://, but through an SSH tunnel"
6689
msgstr ""
6690
6691
#: serverguide/C/vcs.xml:175(para)
6692
msgid ""
6693
"In this section, we will see how to configure Subversion for all these "
6694
"access methods. Here, we cover the basics. For more advanced usage details, "
6695
"refer to the <ulink url=\"http://svnbook.red-bean.com/\">svn book</ulink>."
6696
msgstr ""
6697
6698
#: serverguide/C/vcs.xml:182(title)
6699
msgid "Direct repository access (file://)"
6700
msgstr ""
6701
6702
#: serverguide/C/vcs.xml:183(para)
6703
msgid ""
6704
"This is the simplest of all access methods. It does not require any "
6705
"Subversion server process to be running. This access method is used to "
6706
"access Subversion from the same machine. The syntax of the command, entered "
6707
"at a terminal prompt, is as follows:"
6708
msgstr ""
6709
6710
#: serverguide/C/vcs.xml:190(command)
6711
msgid "svn co file:///path/to/repos/project"
6712
msgstr ""
6713
6714
#: serverguide/C/vcs.xml:193(para)
6715
msgid "or"
6716
msgstr ""
6717
6718
#: serverguide/C/vcs.xml:196(command)
6719
msgid "svn co file://localhost/path/to/repos/project"
6720
msgstr ""
6721
6722
#: serverguide/C/vcs.xml:200(para)
6723
msgid ""
6724
"If you do not specify the hostname, there are three forward slashes (///) -- "
6725
"two for the protocol (file, in this case) plus the leading slash in the "
6726
"path. If you specify the hostname, you must use two forward slashes (//)."
6727
msgstr ""
6728
6729
#: serverguide/C/vcs.xml:202(para)
6730
msgid ""
6731
"The repository permissions depend on filesystem permissions. If the user has "
6732
"read/write permission, he can checkout from and commit to the repository."
6733
msgstr ""
6734
6735
#: serverguide/C/vcs.xml:205(title)
6736
msgid "Access via WebDAV protocol (http://)"
6737
msgstr ""
6738
6739
#: serverguide/C/vcs.xml:206(para)
6740
msgid ""
6741
"To access the Subversion repository via WebDAV protocol, you must configure "
6742
"your Apache 2 web server. Add the following snippet between the "
6743
"<emphasis><VirtualHost></emphasis> and "
6744
"<emphasis></VirtualHost></emphasis> elements in "
6745
"<filename>/etc/apache2/sites-available/default</filename>, or another "
6746
"VirtualHost file:"
6747
msgstr ""
6748
6749
#: serverguide/C/vcs.xml:212(programlisting)
6750
#, no-wrap
6751
msgid ""
6752
"\n"
6753
" <Location /svn>\n"
6754
" DAV svn\n"
6755
" SVNPath /home/svn\n"
6756
" AuthType Basic\n"
6757
" AuthName \"Your repository name\"\n"
6758
" AuthUserFile /etc/subversion/passwd\n"
6759
" Require valid-user\n"
6760
" </Location> \n"
6761
msgstr ""
6762
6763
#: serverguide/C/vcs.xml:223(para)
6764
msgid ""
6765
"The above configuration snippet assumes that Subversion repositories are "
6766
"created under <filename>/home/svn/</filename> directory using "
6767
"<command>svnadmin</command> command. They can be accessible using "
6768
"<command>http://hostname/svn/repos_name</command> url."
6769
msgstr ""
6770
6771
#: serverguide/C/vcs.xml:229(para)
6772
msgid ""
6773
"To import or commit files to your Subversion repository over HTTP, the "
6774
"repository should be owned by the HTTP user. In Ubuntu systems, normally the "
6775
"HTTP user is <command>www-data</command>. To change the ownership of the "
6776
"repository files enter the following command from terminal prompt:"
6777
msgstr ""
6778
6779
#: serverguide/C/vcs.xml:238(command)
6780
msgid "sudo chown -R www-data:www-data /path/to/repos"
6781
msgstr ""
6782
6783
#: serverguide/C/vcs.xml:241(para)
6784
msgid ""
6785
"By changing the ownership of repository as <command>www-data</command> you "
6786
"will not be able to import or commit files into the repository by running "
6787
"<command>svn import file:///</command> command as any user other than "
6788
"<command>www-data</command>."
6789
msgstr ""
6790
6791
#: serverguide/C/vcs.xml:250(para)
6792
msgid ""
6793
"Next, you must create the <filename>/etc/subversion/passwd</filename> file "
6794
"that will contain user authentication details. To create a file issue the "
6795
"following command at a command prompt (which will create the file and add "
6796
"the first user):"
6797
msgstr ""
6798
6799
#: serverguide/C/vcs.xml:256(command)
6800
msgid "sudo htpasswd -c /etc/subversion/passwd user_name"
6801
msgstr ""
6802
6803
#: serverguide/C/vcs.xml:259(para)
6804
msgid ""
6805
"To add additional users omit the <emphasis>\"-c\"</emphasis> option as this "
6806
"option replaces the old file. Instead use this form:"
6807
msgstr ""
6808
6809
#: serverguide/C/vcs.xml:264(command)
6810
msgid "sudo htpasswd /etc/subversion/password user_name"
6811
msgstr ""
6812
6813
#: serverguide/C/vcs.xml:268(para)
6814
msgid ""
6815
"This command will prompt you to enter the password. Once you enter the "
6816
"password, the user is added. Now, to access the repository you can run the "
6817
"following command:"
6818
msgstr ""
6819
6820
#: serverguide/C/vcs.xml:269(command)
6821
msgid "svn co http://servername/svn"
6822
msgstr ""
6823
6824
#: serverguide/C/vcs.xml:271(para)
6825
msgid ""
6826
"The password is transmitted as plain text. If you are worried about password "
6827
"snooping, you are advised to use SSL encryption. For details, please refer "
6828
"next section."
6829
msgstr ""
6830
6831
#: serverguide/C/vcs.xml:277(title)
6832
msgid "Access via WebDAV protocol with SSL encryption (https://)"
6833
msgstr ""
6834
6835
#: serverguide/C/vcs.xml:278(para)
6836
msgid ""
6837
"Accessing Subversion repository via WebDAV protocol with SSL encryption "
6838
"(https://) is similar to http:// except that you must install and configure "
6839
"the digital certificate in your Apache2 web server. To use SSL with "
6840
"Subversion add the above Apache2 configuration to "
6841
"<filename>/etc/apache2/sites-available/default-ssl</filename>. For more "
6842
"information on setting up Apache2 with SSL see <xref linkend=\"https-"
6843
"configuration\"/>."
6844
msgstr ""
6845
6846
#: serverguide/C/vcs.xml:287(para)
6847
msgid ""
6848
"You can install a digital certificate issued by a signing authority. "
6849
"Alternatively, you can install your own self-signed certificate."
6850
msgstr ""
6851
6852
#: serverguide/C/vcs.xml:292(para)
6853
msgid ""
6854
"This step assumes you have installed and configured a digital certificate in "
6855
"your Apache 2 web server. Now, to access the Subversion repository, please "
6856
"refer to the above section! The access methods are exactly the same, except "
6857
"the protocol. You must use https:// to access the Subversion repository."
6858
msgstr ""
6859
6860
#: serverguide/C/vcs.xml:302(title)
6861
msgid "Access via custom protocol (svn://)"
6862
msgstr ""
6863
6864
#: serverguide/C/vcs.xml:303(para)
6865
msgid ""
6866
"Once the Subversion repository is created, you can configure the access "
6867
"control. You can edit the <filename> "
6868
"/path/to/repos/project/conf/svnserve.conf</filename> file to configure the "
6869
"access control. For example, to set up authentication, you can uncomment the "
6870
"following lines in the configuration file:"
6871
msgstr ""
6872
6873
#: serverguide/C/vcs.xml:310(programlisting)
6874
#, no-wrap
6875
msgid ""
6876
"# [general]\n"
6877
"# password-db = passwd"
6878
msgstr ""
6879
6880
#: serverguide/C/vcs.xml:313(para)
6881
msgid ""
6882
"After uncommenting the above lines, you can maintain the user list in the "
6883
"passwd file. So, edit the file <filename>passwd </filename> in the same "
6884
"directory and add the new user. The syntax is as follows:"
6885
msgstr ""
6886
6887
#: serverguide/C/vcs.xml:319(programlisting)
6888
#, no-wrap
6889
msgid "username = password"
6890
msgstr ""
6891
6892
#: serverguide/C/vcs.xml:320(para)
6893
msgid "For more details, please refer to the file."
6894
msgstr ""
6895
6896
#: serverguide/C/vcs.xml:324(para)
6897
msgid ""
6898
"Now, to access Subversion via the svn:// custom protocol, either from the "
6899
"same machine or a different machine, you can run svnserver using svnserve "
6900
"command. The syntax is as follows:"
6901
msgstr ""
6902
6903
#: serverguide/C/vcs.xml:329(programlisting)
6904
#, no-wrap
6905
msgid ""
6906
"$ svnserve -d --foreground -r /path/to/repos\n"
6907
"# -d -- daemon mode\n"
6908
"# --foreground -- run in foreground (useful for debugging)\n"
6909
"# -r -- root of directory to serve\n"
6910
"\n"
6911
"For more usage details, please refer to:\n"
6912
"$ svnserve --help"
6913
msgstr ""
6914
6915
#: serverguide/C/vcs.xml:337(para)
6916
msgid ""
6917
"Once you run this command, Subversion starts listening on default port "
6918
"(3690). To access the project repository, you must run the following command "
6919
"from a terminal prompt:"
6920
msgstr ""
6921
6922
#: serverguide/C/vcs.xml:340(command)
6923
msgid "svn co svn://hostname/project project --username user_name"
6924
msgstr ""
6925
6926
#: serverguide/C/vcs.xml:343(para)
6927
msgid ""
6928
"Based on server configuration, it prompts for password. Once you are "
6929
"authenticated, it checks out the code from Subversion repository. To "
6930
"synchronize the project repository with the local copy, you can run the "
6931
"<command>update</command> sub-command. The syntax of the command, entered at "
6932
"a terminal prompt, is as follows:"
6933
msgstr ""
6934
6935
#: serverguide/C/vcs.xml:351(command)
6936
msgid "cd project_dir ; svn update"
6937
msgstr ""
6938
6939
#: serverguide/C/vcs.xml:354(para)
6940
msgid ""
6941
"For more details about using each Subversion sub-command, you can refer to "
6942
"the manual. For example, to learn more about the co (checkout) command, "
6943
"please run the following command from a terminal prompt:"
6944
msgstr ""
6945
6946
#: serverguide/C/vcs.xml:358(command)
6947
msgid "svn co help"
6948
msgstr ""
6949
6950
#: serverguide/C/vcs.xml:362(title)
6951
msgid "Access via custom protocol with SSL encryption (svn+ssh://)"
6952
msgstr ""
6953
6954
#: serverguide/C/vcs.xml:363(para)
6955
msgid ""
6956
"The configuration and server process is same as in the svn:// method. For "
6957
"details, please refer to the above section. This step assumes you have "
6958
"followed the above step and started the Subversion server using "
6959
"<application>svnserve</application> command."
6960
msgstr ""
6961
6962
#: serverguide/C/vcs.xml:369(para)
6963
msgid ""
6964
"It is also assumed that the ssh server is running on that machine and that "
6965
"it is allowing incoming connections. To confirm, please try to login to that "
6966
"machine using ssh. If you can login, everything is perfect. If you cannot "
6967
"login, please address it before continuing further."
6968
msgstr ""
6969
6970
#: serverguide/C/vcs.xml:375(para)
6971
msgid ""
6972
"The svn+ssh:// protocol is used to access the Subversion repository using "
6973
"SSL encryption. The data transfer is encrypted using this method. To access "
6974
"the project repository (for example with a checkout), you must use the "
6975
"following command syntax:"
6976
msgstr ""
6977
6978
#: serverguide/C/vcs.xml:382(command)
6979
msgid "svn co svn+ssh://hostname/var/svn/repos/project"
6980
msgstr ""
6981
6982
#: serverguide/C/vcs.xml:386(para)
6983
msgid ""
6984
"You must use the full path (/path/to/repos/project) to access the Subversion "
6985
"repository using this access method."
6986
msgstr ""
6987
6988
#: serverguide/C/vcs.xml:389(para)
6989
msgid ""
6990
"Based on server configuration, it prompts for password. You must enter the "
6991
"password you use to login via ssh. Once you are authenticated, it checks out "
6992
"the code from the Subversion repository."
6993
msgstr ""
6994
6995
#: serverguide/C/vcs.xml:399(title)
6996
msgid "CVS Server"
6997
msgstr ""
6998
6999
#: serverguide/C/vcs.xml:400(para)
7000
msgid ""
7001
"CVS is a version control system. You can use it to record the history of "
7002
"source files."
7003
msgstr ""
7004
7005
#: serverguide/C/vcs.xml:406(para)
7006
msgid ""
7007
"To install <application>CVS</application>, run the following command from a "
7008
"terminal prompt: <screen>\n"
7009
"<command>sudo apt-get install cvs</command>\n"
7010
"</screen> After you install <application>cvs</application>, you should "
7011
"install <application>xinetd</application> to start/stop the cvs server. At "
7012
"the prompt, enter the following command to install "
7013
"<application>xinetd</application>: <screen>\n"
7014
"<command>sudo apt-get install xinetd</command>\n"
7015
"</screen>"
7016
msgstr ""
7017
7018
#: serverguide/C/vcs.xml:439(programlisting)
7019
#, no-wrap
7020
msgid ""
7021
"\n"
7022
"service cvspserver\n"
7023
"{\n"
7024
" port = 2401\n"
7025
" socket_type = stream\n"
7026
" protocol = tcp\n"
7027
" user = root\n"
7028
" wait = no\n"
7029
" type = UNLISTED\n"
7030
" server = /usr/bin/cvs\n"
7031
" server_args = -f --allow-root /var/lib/cvs pserver\n"
7032
" disable = no\n"
7033
"}\n"
7034
msgstr ""
7035
7036
#: serverguide/C/vcs.xml:455(para)
7037
msgid ""
7038
"Be sure to edit the repository if you have changed the default repository "
7039
"(<application>/var/lib/cvs</application>) directory."
7040
msgstr ""
7041
7042
#: serverguide/C/vcs.xml:424(para)
7043
msgid ""
7044
"Once you install cvs, the repository will be automatically initialized. By "
7045
"default, the repository resides under the "
7046
"<application>/var/lib/cvs</application> directory. You can change this path "
7047
"by running following command: <screen>\n"
7048
"<command>cvs -d /your/new/cvs/repo init</command>\n"
7049
"</screen> Once the initial repository is set up, you can configure "
7050
"<application>xinetd</application> to start the CVS server. You can copy the "
7051
"following lines to the <filename> /etc/xinetd.d/cvspserver</filename> file. "
7052
"<placeholder-1/><placeholder-2/> Once you have configured "
7053
"<application>xinetd</application> you can start the cvs server by running "
7054
"following command: <screen>\n"
7055
"<command>sudo /etc/init.d/xinetd restart</command>\n"
7056
"</screen>"
7057
msgstr ""
7058
7059
#: serverguide/C/vcs.xml:468(para)
7060
msgid ""
7061
"You can confirm that the CVS server is running by issuing the following "
7062
"command:"
7063
msgstr ""
7064
7065
#: serverguide/C/vcs.xml:475(command)
7066
msgid "sudo netstat -tap | grep cvs"
7067
msgstr ""
7068
7069
#: serverguide/C/vcs.xml:479(para) serverguide/C/databases.xml:65(para)
7070
msgid ""
7071
"When you run this command, you should see the following line or something "
7072
"similar:"
7073
msgstr ""
7074
7075
#: serverguide/C/vcs.xml:484(programlisting)
7076
#, no-wrap
7077
msgid ""
7078
"\n"
7079
"tcp 0 0 *:cvspserver *:* LISTEN \n"
7080
msgstr ""
7081
7082
#: serverguide/C/vcs.xml:488(para)
7083
msgid ""
7084
"From here you can continue to add users, add new projects, and manage the "
7085
"CVS server."
7086
msgstr ""
7087
7088
#: serverguide/C/vcs.xml:493(para)
7089
msgid ""
7090
"CVS allows the user to add users independently of the underlying OS "
7091
"installation. Probably the easiest way is to use the Linux Users for CVS, "
7092
"although it has potential security issues. Please refer to the CVS manual "
7093
"for details."
7094
msgstr ""
7095
7096
#: serverguide/C/vcs.xml:503(title)
7097
msgid "Add Projects"
7098
msgstr ""
7099
7100
#: serverguide/C/vcs.xml:515(para)
7101
msgid ""
7102
"You can use the CVSROOT environment variable to store the CVS root "
7103
"directory. Once you export the CVSROOT environment variable, you can avoid "
7104
"using -d option in the above cvs command."
7105
msgstr ""
7106
7107
#: serverguide/C/vcs.xml:527(para)
7108
msgid ""
7109
"When you add a new project, the CVS user you use must have write access to "
7110
"the CVS repository (<application>/var/lib/cvs</application>). By default, "
7111
"the <application>src</application> group has write access to the CVS "
7112
"repository. So, you can add the user to this group, and he can then add and "
7113
"manage projects in the CVS repository."
7114
msgstr ""
7115
7116
#: serverguide/C/vcs.xml:504(para)
7117
msgid ""
7118
"This section explains how to add new project to the CVS repository. Create "
7119
"the directory and add necessary document and source files to the directory. "
7120
"Now, run the following command to add this project to CVS repository: "
7121
"<screen>\n"
7122
"<command>cd your/project</command>\n"
7123
"<command>cvs -d :pserver:username@hostname.com:/var/lib/cvs import -m "
7124
"\"Importing my project to CVS repository\" . new_project start</command>\n"
7125
"</screen><placeholder-1/> The string <emphasis>new_project</emphasis> is a "
7126
"vendor tag, and <emphasis>start</emphasis> is a release tag. They serve no "
7127
"purpose in this context, but since CVS requires them, they must be present. "
7128
"<placeholder-2/>"
7129
msgstr ""
7130
7131
#: serverguide/C/vcs.xml:540(ulink)
7132
msgid "Bazaar Home Page"
7133
msgstr ""
7134
7135
#: serverguide/C/vcs.xml:541(ulink)
7136
msgid "Launchpad"
7137
msgstr ""
7138
7139
#: serverguide/C/vcs.xml:542(ulink)
7140
msgid "Subversion Home Page"
7141
msgstr ""
7142
7143
#: serverguide/C/vcs.xml:543(ulink)
7144
msgid "Subversion Book"
7145
msgstr ""
7146
7147
#: serverguide/C/vcs.xml:545(ulink)
7148
msgid "CVS Manual"
7149
msgstr ""
7150
7151
#: serverguide/C/vcs.xml:546(ulink)
7152
msgid "Easy Bazaar Ubuntu Wiki page"
7153
msgstr ""
7154
7155
#: serverguide/C/vcs.xml:547(ulink)
7156
msgid "Ubuntu Wiki Subversion page"
7157
msgstr ""
7158
7159
#: serverguide/C/serverguide.xml:3(title) serverguide/C/bookinfo.xml:3(title)
7160
msgid "Credits and License"
7161
msgstr ""
7162
7163
#: serverguide/C/serverguide.xml:4(para) serverguide/C/bookinfo.xml:4(para)
7164
msgid ""
7165
"This document is maintained by the Ubuntu documentation team "
7166
"(https://wiki.ubuntu.com/DocumentationTeam). For a list of contributors, see "
7167
"the <ulink url=\"../../libs/C/contributors.xml\">contributors page</ulink>"
7168
msgstr ""
7169
7170
#: serverguide/C/serverguide.xml:5(para) serverguide/C/bookinfo.xml:5(para)
7171
msgid ""
7172
"This document is made available under the Creative Commons ShareAlike 2.5 "
7173
"License (CC-BY-SA)."
7174
msgstr ""
7175
7176
#: serverguide/C/serverguide.xml:6(para) serverguide/C/bookinfo.xml:6(para)
7177
msgid ""
7178
"You are free to modify, extend, and improve the Ubuntu documentation source "
7179
"code under the terms of this license. All derivative works must be released "
7180
"under this license."
7181
msgstr ""
7182
7183
#: serverguide/C/serverguide.xml:8(para) serverguide/C/bookinfo.xml:8(para)
7184
msgid ""
7185
"This documentation is distributed in the hope that it will be useful, but "
7186
"WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY "
7187
"or FITNESS FOR A PARTICULAR PURPOSE AS DESCRIBED IN THE DISCLAIMER."
7188
msgstr ""
7189
7190
#: serverguide/C/serverguide.xml:11(para) serverguide/C/bookinfo.xml:11(para)
7191
msgid ""
7192
"A copy of the license is available here: <ulink url=\"/usr/share/ubuntu-"
7193
"docs/libs/C/ccbysa.xml\">Creative Commons ShareAlike License</ulink>."
7194
msgstr ""
7195
7196
#: serverguide/C/serverguide.xml:14(year) serverguide/C/bookinfo.xml:14(year)
7197
msgid "2010"
7198
msgstr ""
7199
7200
#: serverguide/C/serverguide.xml:15(ulink) serverguide/C/bookinfo.xml:15(ulink)
7201
msgid "Ubuntu Documentation Project"
7202
msgstr ""
7203
7204
#: serverguide/C/serverguide.xml:15(holder) serverguide/C/bookinfo.xml:15(holder)
7205
msgid "Canonical Ltd. and members of the <placeholder-1/>"
7206
msgstr ""
7207
7208
#: serverguide/C/serverguide.xml:18(publishername) serverguide/C/bookinfo.xml:18(publishername)
7209
msgid "The Ubuntu Documentation Project"
7210
msgstr ""
7211
7212
#: serverguide/C/serverguide.xml:17(para)
7213
msgid ""
7214
"Welcome to the <emphasis>Ubuntu Server Guide</emphasis>! It contains "
7215
"information on how to install and configure various server applications on "
7216
"your Ubuntu system to fit your needs. It is a step-by-step, task-oriented "
7217
"guide for configuring and customizing your system."
7218
msgstr ""
7219
7220
#: serverguide/C/security.xml:13(title)
7221
msgid "Security"
7222
msgstr ""
7223
7224
#: serverguide/C/security.xml:14(para)
7225
msgid ""
7226
"Security should always be considered when installing, deploying, and using "
7227
"any type of computer system. Although a fresh installation of Ubuntu is "
7228
"relatively safe for immediate use on the Internet, it is important to have a "
7229
"balanced understanding of your systems security posture based on how it will "
7230
"be used after deployment."
7231
msgstr ""
7232
7233
#: serverguide/C/security.xml:17(para)
7234
msgid ""
7235
"This chapter provides an overview of security related topics as they pertain "
7236
"to Ubuntu 10.10 Server Edition, and outlines simple measures you may use to "
7237
"protect your server and network from any number of potential security "
7238
"threats."
7239
msgstr ""
7240
7241
#: serverguide/C/security.xml:21(title)
7242
msgid "User Management"
7243
msgstr ""
7244
7245
#: serverguide/C/security.xml:22(para)
7246
msgid ""
7247
"User management is a critical part of maintaining a secure system. "
7248
"Ineffective user and privilege management often lead many systems into being "
7249
"compromised. Therefore, it is important that you understand how you can "
7250
"protect your server through simple and effective user account management "
7251
"techniques."
7252
msgstr ""
7253
7254
#: serverguide/C/security.xml:26(title)
7255
msgid "Where is root?"
7256
msgstr ""
7257
7258
#: serverguide/C/security.xml:27(para)
7259
msgid ""
7260
"Ubuntu developers made a conscientious decision to disable the "
7261
"administrative root account by default in all Ubuntu installations. This "
7262
"does not mean that the root account has been deleted or that it may not be "
7263
"accessed. It merely has been given a password which matches no possible "
7264
"encrypted value, therefore may not log in directly by itself."
7265
msgstr ""
7266
7267
#: serverguide/C/security.xml:30(para)
7268
msgid ""
7269
"Instead, users are encouraged to make use of a tool by the name of "
7270
"<application>sudo</application> to carry out system administrative duties. "
7271
"<application>Sudo</application> allows an authorized user to temporarily "
7272
"elevate their privileges using their own password instead of having to know "
7273
"the password belonging to the root account. This simple yet effective "
7274
"methodology provides accountability for all user actions, and gives the "
7275
"administrator granular control over which actions a user can perform with "
7276
"said privileges."
7277
msgstr ""
7278
7279
#: serverguide/C/security.xml:35(para)
7280
msgid ""
7281
"If for some reason you wish to enable the root account, simply give it a "
7282
"password:"
7283
msgstr ""
7284
7285
#: serverguide/C/security.xml:39(command)
7286
msgid "sudo passwd"
7287
msgstr ""
7288
7289
#: serverguide/C/security.xml:41(para)
7290
msgid ""
7291
"Sudo will prompt you for your password, and then ask you to supply a new "
7292
"password for root as shown below:"
7293
msgstr ""
7294
7295
#: serverguide/C/security.xml:44(userinput)
7296
#, no-wrap
7297
msgid "(enter your own password)"
7298
msgstr ""
7299
7300
#: serverguide/C/security.xml:45(userinput)
7301
#, no-wrap
7302
msgid "(enter a new password for root)"
7303
msgstr ""
7304
7305
#: serverguide/C/security.xml:46(userinput)
7306
#, no-wrap
7307
msgid "(repeat new password for root)"
7308
msgstr ""
7309
7310
#: serverguide/C/security.xml:44(computeroutput)
7311
#, no-wrap
7312
msgid ""
7313
"[sudo] password for username: <placeholder-1/>\n"
7314
"Enter new UNIX password: <placeholder-2/>\n"
7315
"Retype new UNIX password: <placeholder-3/>\n"
7316
"passwd: password updated successfully"
7317
msgstr ""
7318
7319
#: serverguide/C/security.xml:51(para)
7320
msgid "To disable the root account, use the following passwd syntax:"
7321
msgstr ""
7322
7323
#: serverguide/C/security.xml:55(command)
7324
msgid "sudo passwd -l root"
7325
msgstr ""
7326
7327
#: serverguide/C/security.xml:59(para)
7328
msgid ""
7329
"You should read more on <application>Sudo</application> by checking out it's "
7330
"man page:"
7331
msgstr ""
7332
7333
#: serverguide/C/security.xml:63(command)
7334
msgid "man sudo"
7335
msgstr ""
7336
7337
#: serverguide/C/security.xml:67(para)
7338
msgid ""
7339
"By default, the initial user created by the Ubuntu installer is a member of "
7340
"the group \"admin\" which is added to the file "
7341
"<filename>/etc/sudoers</filename> as an authorized sudo user. If you wish to "
7342
"give any other account full root access through "
7343
"<application>sudo</application>, simply add them to the admin group."
7344
msgstr ""
7345
7346
#: serverguide/C/security.xml:73(title)
7347
msgid "Adding and Deleting Users"
7348
msgstr ""
7349
7350
#: serverguide/C/security.xml:74(para)
7351
msgid ""
7352
"The process for managing local users and groups is straight forward and "
7353
"differs very little from most other GNU/Linux operating systems. Ubuntu and "
7354
"other Debian based distributions, encourage the use of the \"adduser\" "
7355
"package for account management."
7356
msgstr ""
7357
7358
#: serverguide/C/security.xml:79(para)
7359
msgid ""
7360
"To add a user account, use the following syntax, and follow the prompts to "
7361
"give the account a password and identifiable characteristics such as a full "
7362
"name, phone number, etc."
7363
msgstr ""
7364
7365
#: serverguide/C/security.xml:83(command)
7366
msgid "sudo adduser username"
7367
msgstr ""
7368
7369
#: serverguide/C/security.xml:87(para)
7370
msgid ""
7371
"To delete a user account and its primary group, use the following syntax:"
7372
msgstr ""
7373
7374
#: serverguide/C/security.xml:91(command)
7375
msgid "sudo deluser username"
7376
msgstr ""
7377
7378
#: serverguide/C/security.xml:93(para)
7379
msgid ""
7380
"Deleting an account does not remove their respective home folder. It is up "
7381
"to you whether or not you wish to delete the folder manually or keep it "
7382
"according to your desired retention policies."
7383
msgstr ""
7384
7385
#: serverguide/C/security.xml:96(para)
7386
msgid ""
7387
"Remember, any user added later on with the same UID/GID as the previous "
7388
"owner will now have access to this folder if you have not taken the "
7389
"necessary precautions."
7390
msgstr ""
7391
7392
#: serverguide/C/security.xml:99(para)
7393
msgid ""
7394
"You may want to change these UID/GID values to something more appropriate, "
7395
"such as the root account, and perhaps even relocate the folder to avoid "
7396
"future conflicts:"
7397
msgstr ""
7398
7399
#: serverguide/C/security.xml:103(command)
7400
msgid "sudo chown -R root:root /home/username/"
7401
msgstr ""
7402
7403
#: serverguide/C/security.xml:104(command)
7404
msgid "sudo mkdir /home/archived_users/"
7405
msgstr ""
7406
7407
#: serverguide/C/security.xml:105(command)
7408
msgid "sudo mv /home/username /home/archived_users/"
7409
msgstr ""
7410
7411
#: serverguide/C/security.xml:109(para)
7412
msgid ""
7413
"To temporarily lock or unlock a user account, use the following syntax, "
7414
"respectively:"
7415
msgstr ""
7416
7417
#: serverguide/C/security.xml:113(command)
7418
msgid "sudo passwd -l username"
7419
msgstr ""
7420
7421
#: serverguide/C/security.xml:114(command)
7422
msgid "sudo passwd -u username"
7423
msgstr ""
7424
7425
#: serverguide/C/security.xml:118(para)
7426
msgid ""
7427
"To add or delete a personalized group, use the following syntax, "
7428
"respectively:"
7429
msgstr ""
7430
7431
#: serverguide/C/security.xml:122(command)
7432
msgid "sudo addgroup groupname"
7433
msgstr ""
7434
7435
#: serverguide/C/security.xml:123(command)
7436
msgid "sudo delgroup groupname"
7437
msgstr ""
7438
7439
#: serverguide/C/security.xml:127(para)
7440
msgid "To add a user to a group, use the following syntax:"
7441
msgstr ""
7442
7443
#: serverguide/C/security.xml:131(command)
7444
msgid "sudo adduser username groupname"
7445
msgstr ""
7446
7447
#: serverguide/C/security.xml:138(title)
7448
msgid "User Profile Security"
7449
msgstr ""
7450
7451
#: serverguide/C/security.xml:139(para)
7452
msgid ""
7453
"When a new user is created, the adduser utility creates a brand new home "
7454
"directory named <filename class=\"directory\">/home/username</filename>, "
7455
"respectively. The default profile is modeled after the contents found in the "
7456
"directory of <filename class=\"directory\">/etc/skel</filename>, which "
7457
"includes all profile basics."
7458
msgstr ""
7459
7460
#: serverguide/C/security.xml:142(para)
7461
msgid ""
7462
"If your server will be home to multiple users, you should pay close "
7463
"attention to the user home directory permissions to ensure confidentiality. "
7464
"By default, user home directories in Ubuntu are created with world "
7465
"read/execute permissions. This means that all users can browse and access "
7466
"the contents of other users home directories. This may not be suitable for "
7467
"your environment."
7468
msgstr ""
7469
7470
#: serverguide/C/security.xml:147(para)
7471
msgid ""
7472
"To verify your current users home directory permissions, use the following "
7473
"syntax:"
7474
msgstr ""
7475
7476
#: serverguide/C/security.xml:151(command) serverguide/C/security.xml:183(command)
7477
msgid "ls -ld /home/username"
7478
msgstr ""
7479
7480
#: serverguide/C/security.xml:153(para)
7481
msgid ""
7482
"The following output shows that the directory <filename "
7483
"class=\"directory\">/home/username</filename> has world readable permissions:"
7484
msgstr ""
7485
7486
#: serverguide/C/security.xml:156(computeroutput)
7487
#, no-wrap
7488
msgid "drwxr-xr-x 2 username username 4096 2007-10-02 20:03 username"
7489
msgstr ""
7490
7491
#: serverguide/C/security.xml:160(para)
7492
msgid ""
7493
"You can remove the world readable permissions using the following syntax:"
7494
msgstr ""
7495
7496
#: serverguide/C/security.xml:164(command)
7497
msgid "sudo chmod 0750 /home/username"
7498
msgstr ""
7499
7500
#: serverguide/C/security.xml:167(para)
7501
msgid ""
7502
"Some people tend to use the recursive option (-R) indiscriminately which "
7503
"modifies all child folders and files, but this is not necessary, and may "
7504
"yield other undesirable results. The parent directory alone is sufficient "
7505
"for preventing unauthorized access to anything below the parent."
7506
msgstr ""
7507
7508
#: serverguide/C/security.xml:171(para)
7509
msgid ""
7510
"A much more efficient approach to the matter would be to modify the "
7511
"<application>adduser</application> global default permissions when creating "
7512
"user home folders. Simply edit the file "
7513
"<filename>/etc/adduser.conf</filename> and modify the "
7514
"<varname>DIR_MODE</varname> variable to something appropriate, so that all "
7515
"new home directories will receive the correct permissions."
7516
msgstr ""
7517
7518
#: serverguide/C/security.xml:174(programlisting)
7519
#, no-wrap
7520
msgid ""
7521
"\n"
7522
"DIR_MODE=0750\n"
7523
msgstr ""
7524
7525
#: serverguide/C/security.xml:179(para)
7526
msgid ""
7527
"After correcting the directory permissions using any of the previously "
7528
"mentioned techniques, verify the results using the following syntax:"
7529
msgstr ""
7530
7531
#: serverguide/C/security.xml:185(para)
7532
msgid ""
7533
"The results below show that world readable permissions have been removed:"
7534
msgstr ""
7535
7536
#: serverguide/C/security.xml:188(computeroutput)
7537
#, no-wrap
7538
msgid "drwxr-x--- 2 username username 4096 2007-10-02 20:03 username"
7539
msgstr ""
7540
7541
#: serverguide/C/security.xml:195(title)
7542
msgid "Password Policy"
7543
msgstr ""
7544
7545
#: serverguide/C/security.xml:196(para)
7546
msgid ""
7547
"A strong password policy is one of the most important aspects of your "
7548
"security posture. Many successful security breaches involve simple brute "
7549
"force and dictionary attacks against weak passwords. If you intend to offer "
7550
"any form of remote access involving your local password system, make sure "
7551
"you adequately address minimum password complexity requirements, maximum "
7552
"password lifetimes, and frequent audits of your authentication systems."
7553
msgstr ""
7554
7555
#: serverguide/C/security.xml:200(title)
7556
msgid "Minimum Password Length"
7557
msgstr ""
7558
7559
#: serverguide/C/security.xml:201(para)
7560
msgid ""
7561
"By default, Ubuntu requires a minimum password length of 6 characters, as "
7562
"well as some basic entropy checks. These values are controlled in the file "
7563
"<filename>/etc/pam.d/common-password</filename>, which is outlined below."
7564
msgstr ""
7565
7566
#: serverguide/C/security.xml:204(programlisting)
7567
#, no-wrap
7568
msgid ""
7569
"\n"
7570
"password [success=2 default=ignore] pam_unix.so obscure sha512\n"
7571
msgstr ""
7572
7573
#: serverguide/C/security.xml:207(para)
7574
msgid ""
7575
"If you would like to adjust the minimum length to 8 characters, change the "
7576
"appropriate variable to min=8. The modification is outlined below."
7577
msgstr ""
7578
7579
#: serverguide/C/security.xml:210(programlisting)
7580
#, no-wrap
7581
msgid ""
7582
"\n"
7583
"password [success=2 default=ignore] pam_unix.so obscure sha512 "
7584
"min=8\n"
7585
msgstr ""
7586
7587
#: serverguide/C/security.xml:215(title)
7588
msgid "Password Expiration"
7589
msgstr ""
7590
7591
#: serverguide/C/security.xml:216(para)
7592
msgid ""
7593
"When creating user accounts, you should make it a policy to have a minimum "
7594
"and maximum password age forcing users to change their passwords when they "
7595
"expire."
7596
msgstr ""
7597
7598
#: serverguide/C/security.xml:221(para)
7599
msgid ""
7600
"To easily view the current status of a user account, use the following "
7601
"syntax:"
7602
msgstr ""
7603
7604
#: serverguide/C/security.xml:225(command) serverguide/C/security.xml:258(command)
7605
msgid "sudo chage -l username"
7606
msgstr ""
7607
7608
#: serverguide/C/security.xml:227(para)
7609
msgid ""
7610
"The output below shows interesting facts about the user account, namely that "
7611
"there are no policies applied:"
7612
msgstr ""
7613
7614
#: serverguide/C/security.xml:230(computeroutput)
7615
#, no-wrap
7616
msgid ""
7617
"Last password change : Jan 20, 2008\n"
7618
"Password expires : never\n"
7619
"Password inactive : never\n"
7620
"Account expires : never\n"
7621
"Minimum number of days between password change : 0\n"
7622
"Maximum number of days between password change : 99999\n"
7623
"Number of days of warning before password expires : 7"
7624
msgstr ""
7625
7626
#: serverguide/C/security.xml:240(para)
7627
msgid ""
7628
"To set any of these values, simply use the following syntax, and follow the "
7629
"interactive prompts:"
7630
msgstr ""
7631
7632
#: serverguide/C/security.xml:244(command)
7633
msgid "sudo chage username"
7634
msgstr ""
7635
7636
#: serverguide/C/security.xml:246(para)
7637
msgid ""
7638
"The following is also an example of how you can manually change the explicit "
7639
"expiration date (-E) to 01/31/2008, minimum password age (-m) of 5 days, "
7640
"maximum password age (-M) of 90 days, inactivity period (-I) of 5 days after "
7641
"password expiration, and a warning time period (-W) of 14 days before "
7642
"password expiration."
7643
msgstr ""
7644
7645
#: serverguide/C/security.xml:250(command)
7646
msgid "sudo chage -E 01/31/2011 -m 5 -M 90 -I 30 -W 14 username"
7647
msgstr ""
7648
7649
#: serverguide/C/security.xml:254(para)
7650
msgid "To verify changes, use the same syntax as mentioned previously:"
7651
msgstr ""
7652
7653
#: serverguide/C/security.xml:260(para)
7654
msgid ""
7655
"The output below shows the new policies that have been established for the "
7656
"account:"
7657
msgstr ""
7658
7659
#: serverguide/C/security.xml:263(computeroutput)
7660
#, no-wrap
7661
msgid ""
7662
"Last password change : Jan 20, 2008\n"
7663
"Password expires : Apr 19, 2008\n"
7664
"Password inactive : May 19, 2008\n"
7665
"Account expires : Jan 31, 2008\n"
7666
"Minimum number of days between password change : 5\n"
7667
"Maximum number of days between password change : 90\n"
7668
"Number of days of warning before password expires : 14"
7669
msgstr ""
7670
7671
#: serverguide/C/security.xml:279(title)
7672
msgid "Other Security Considerations"
7673
msgstr ""
7674
7675
#: serverguide/C/security.xml:280(para)
7676
msgid ""
7677
"Many applications use alternate authentication mechanisms that can be easily "
7678
"overlooked by even experienced system administrators. Therefore, it is "
7679
"important to understand and control how users authenticate and gain access "
7680
"to services and applications on your server."
7681
msgstr ""
7682
7683
#: serverguide/C/security.xml:285(title)
7684
msgid "SSH Access by Disabled Users"
7685
msgstr ""
7686
7687
#: serverguide/C/security.xml:286(para)
7688
msgid ""
7689
"Simply disabling/locking a user account will not prevent a user from logging "
7690
"into your server remotely if they have previously set up RSA public key "
7691
"authentication. They will still be able to gain shell access to the server, "
7692
"without the need for any password. Remember to check the users home "
7693
"directory for files that will allow for this type of authenticated SSH "
7694
"access. e.g. <filename>/home/username/.ssh/authorized_keys</filename>."
7695
msgstr ""
7696
7697
#: serverguide/C/security.xml:289(para)
7698
msgid ""
7699
"Remove or rename the directory <filename "
7700
"class=\"directory\">.ssh/</filename> in the user's home folder to prevent "
7701
"further SSH authentication capabilities."
7702
msgstr ""
7703
7704
#: serverguide/C/security.xml:292(para)
7705
msgid ""
7706
"Be sure to check for any established SSH connections by the disabled user, "
7707
"as it is possible they may have existing inbound or outbound connections. "
7708
"Kill any that are found."
7709
msgstr ""
7710
7711
#: serverguide/C/security.xml:295(para)
7712
msgid ""
7713
"Restrict SSH access to only user accounts that should have it. For example, "
7714
"you may create a group called \"sshlogin\" and add the group name as the "
7715
"value associated with the <varname>AllowGroups</varname> variable located in "
7716
"the file <filename>/etc/ssh/sshd_config</filename>."
7717
msgstr ""
7718
7719
#: serverguide/C/security.xml:298(programlisting)
7720
#, no-wrap
7721
msgid ""
7722
"\n"
7723
"AllowGroups sshlogin\n"
7724
msgstr ""
7725
7726
#: serverguide/C/security.xml:301(para)
7727
msgid ""
7728
"Then add your permitted SSH users to the group \"sshlogin\", and restart the "
7729
"SSH service."
7730
msgstr ""
7731
7732
#: serverguide/C/security.xml:305(command)
7733
msgid "sudo adduser username sshlogin"
7734
msgstr ""
7735
7736
#: serverguide/C/security.xml:306(command) serverguide/C/remote-administration.xml:149(command)
7737
msgid "sudo /etc/init.d/ssh restart"
7738
msgstr ""
7739
7740
#: serverguide/C/security.xml:310(title)
7741
msgid "External User Database Authentication"
7742
msgstr ""
7743
7744
#: serverguide/C/security.xml:311(para)
7745
msgid ""
7746
"Most enterprise networks require centralized authentication and access "
7747
"controls for all system resources. If you have configured your server to "
7748
"authenticate users against external databases, be sure to disable the user "
7749
"accounts both externally and locally, this way you ensure that local "
7750
"fallback authentication is not possible."
7751
msgstr ""
7752
7753
#: serverguide/C/security.xml:320(title)
7754
msgid "Console Security"
7755
msgstr ""
7756
7757
#: serverguide/C/security.xml:321(para)
7758
msgid ""
7759
"As with any other security barrier you put in place to protect your server, "
7760
"it is pretty tough to defend against untold damage caused by someone with "
7761
"physical access to your environment, for example, theft of hard drives, "
7762
"power or service disruption and so on. Therefore, console security should be "
7763
"addressed merely as one component of your overall physical security "
7764
"strategy. A locked \"screen door\" may deter a casual criminal, or at the "
7765
"very least slow down a determined one, so it is still advisable to perform "
7766
"basic precautions with regard to console security."
7767
msgstr ""
7768
7769
#: serverguide/C/security.xml:324(para)
7770
msgid ""
7771
"The following instructions will help defend your server against issues that "
7772
"could otherwise yield very serious consequences."
7773
msgstr ""
7774
7775
#: serverguide/C/security.xml:329(title)
7776
msgid "Disable Ctrl+Alt+Delete"
7777
msgstr ""
7778
7779
#: serverguide/C/security.xml:330(para)
7780
msgid ""
7781
"First and foremost, anyone that has physical access to the keyboard can "
7782
"simply use the "
7783
"<keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>Delete</keycap></k"
7784
"eycombo> key combination to reboot the server without having to log on. "
7785
"Sure, someone could simply unplug the power source, but you should still "
7786
"prevent the use of this key combination on a production server. This forces "
7787
"an attacker to take more drastic measures to reboot the server, and will "
7788
"prevent accidental reboots at the same time."
7789
msgstr ""
7790
7791
#: serverguide/C/security.xml:335(para)
7792
msgid ""
7793
"To disable the reboot action taken by pressing the "
7794
"<keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>Delete</keycap></k"
7795
"eycombo> key combination, comment out the following line in the file "
7796
"<filename>/etc/init/control-alt-delete.conf</filename>."
7797
msgstr ""
7798
7799
#: serverguide/C/security.xml:338(programlisting)
7800
#, no-wrap
7801
msgid ""
7802
"\n"
7803
"#exec shutdown -r now \"Control-Alt-Delete pressed\"\n"
7804
msgstr ""
7805
7806
#: serverguide/C/security.xml:347(title)
7807
msgid "Firewall"
7808
msgstr ""
7809
7810
#: serverguide/C/security.xml:350(para)
7811
msgid ""
7812
"The Linux kernel includes the <emphasis>Netfilter</emphasis> subsystem, "
7813
"which is used to manipulate or decide the fate of network traffic headed "
7814
"into or through your server. All modern Linux firewall solutions use this "
7815
"system for packet filtering."
7816
msgstr ""
7817
7818
#: serverguide/C/security.xml:355(para)
7819
msgid ""
7820
"The kernel's packet filtering system would be of little use to "
7821
"administrators without a userspace interface to manage it. This is the "
7822
"purpose of iptables. When a packet reaches your server, it will be handed "
7823
"off to the Netfilter subsystem for acceptance, manipulation, or rejection "
7824
"based on the rules supplied to it from userspace via iptables. Thus, "
7825
"iptables is all you need to manage your firewall if you're familiar with it, "
7826
"but many frontends are available to simplify the task."
7827
msgstr ""
7828
7829
#: serverguide/C/security.xml:365(title)
7830
msgid "ufw - Uncomplicated Firewall"
7831
msgstr ""
7832
7833
#: serverguide/C/security.xml:366(para)
7834
msgid ""
7835
"The default firewall configuration tool for Ubuntu is "
7836
"<application>ufw</application>. Developed to ease iptables firewall "
7837
"configuration, <application>ufw</application> provides a user friendly way "
7838
"to create an IPv4 or IPv6 host-based firewall."
7839
msgstr ""
7840
7841
#: serverguide/C/security.xml:370(para)
7842
msgid ""
7843
"<application>ufw</application> by default is initially disabled. From the "
7844
"<application>ufw</application> man page:"
7845
msgstr ""
7846
7847
#: serverguide/C/security.xml:374(quote)
7848
msgid ""
7849
"ufw is not intended to provide complete firewall functionality via its "
7850
"command interface, but instead provides an easy way to add or remove simple "
7851
"rules. It is currently mainly used for host-based firewalls."
7852
msgstr ""
7853
7854
#: serverguide/C/security.xml:378(para)
7855
msgid ""
7856
"The following are some examples of how to use <application>ufw</application>:"
7857
msgstr ""
7858
7859
#: serverguide/C/security.xml:383(para)
7860
msgid ""
7861
"First, <application>ufw</application> needs to be enabled. From a terminal "
7862
"prompt enter:"
7863
msgstr ""
7864
7865
#: serverguide/C/security.xml:387(command)
7866
msgid "sudo ufw enable"
7867
msgstr ""
7868
7869
#: serverguide/C/security.xml:391(para)
7870
msgid "To open a port (ssh in this example):"
7871
msgstr ""
7872
7873
#: serverguide/C/security.xml:395(command)
7874
msgid "sudo ufw allow 22"
7875
msgstr ""
7876
7877
#: serverguide/C/security.xml:399(para)
7878
msgid "Rules can also be added using a <emphasis>numbered</emphasis> format:"
7879
msgstr ""
7880
7881
#: serverguide/C/security.xml:403(command)
7882
msgid "sudo ufw insert 1 allow 80"
7883
msgstr ""
7884
7885
#: serverguide/C/security.xml:407(para)
7886
msgid "Similarly, to close an opened port:"
7887
msgstr ""
7888
7889
#: serverguide/C/security.xml:411(command)
7890
msgid "sudo ufw deny 22"
7891
msgstr ""
7892
7893
#: serverguide/C/security.xml:415(para)
7894
msgid "To remove a rule, use delete followed by the rule:"
7895
msgstr ""
7896
7897
#: serverguide/C/security.xml:419(command)
7898
msgid "sudo ufw delete deny 22"
7899
msgstr ""
7900
7901
#: serverguide/C/security.xml:423(para)
7902
msgid ""
7903
"It is also possible to allow access from specific hosts or networks to a "
7904
"port. The following example allows ssh access from host 192.168.0.2 to any "
7905
"ip address on this host:"
7906
msgstr ""
7907
7908
#: serverguide/C/security.xml:428(command)
7909
msgid "sudo ufw allow proto tcp from 192.168.0.2 to any port 22"
7910
msgstr ""
7911
7912
#: serverguide/C/security.xml:430(para)
7913
msgid ""
7914
"Replace 192.168.0.2 with 192.168.0.0/24 to allow ssh access from the entire "
7915
"subnet."
7916
msgstr ""
7917
7918
#: serverguide/C/security.xml:436(para)
7919
msgid ""
7920
"Adding the <emphasis>--dry-run</emphasis> option to a "
7921
"<emphasis>ufw</emphasis> command will output the resulting rules, but not "
7922
"apply them. For example, the following is what would be applied if opening "
7923
"the HTTP port:"
7924
msgstr ""
7925
7926
#: serverguide/C/security.xml:442(command)
7927
msgid "sudo ufw --dry-run allow http"
7928
msgstr ""
7929
7930
#: serverguide/C/security.xml:446(computeroutput)
7931
#, no-wrap
7932
msgid ""
7933
"*filter\n"
7934
":ufw-user-input - [0:0]\n"
7935
":ufw-user-output - [0:0]\n"
7936
":ufw-user-forward - [0:0]\n"
7937
":ufw-user-limit - [0:0]\n"
7938
":ufw-user-limit-accept - [0:0]\n"
7939
"### RULES ###\n"
7940
"\n"
7941
"### tuple ### allow tcp 80 0.0.0.0/0 any 0.0.0.0/0\n"
7942
"-A ufw-user-input -p tcp --dport 80 -j ACCEPT\n"
7943
"\n"
7944
"### END RULES ###\n"
7945
"-A ufw-user-input -j RETURN\n"
7946
"-A ufw-user-output -j RETURN\n"
7947
"-A ufw-user-forward -j RETURN\n"
7948
"-A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix \"[UFW "
7949
"LIMIT]: \"\n"
7950
"-A ufw-user-limit -j REJECT\n"
7951
"-A ufw-user-limit-accept -j ACCEPT\n"
7952
"COMMIT\n"
7953
"Rules updated"
7954
msgstr ""
7955
7956
#: serverguide/C/security.xml:470(para)
7957
msgid "<application>ufw</application> can be disabled by:"
7958
msgstr ""
7959
7960
#: serverguide/C/security.xml:474(command)
7961
msgid "sudo ufw disable"
7962
msgstr ""
7963
7964
#: serverguide/C/security.xml:478(para)
7965
msgid "To see the firewall status, enter:"
7966
msgstr ""
7967
7968
#: serverguide/C/security.xml:482(command)
7969
msgid "sudo ufw status"
7970
msgstr ""
7971
7972
#: serverguide/C/security.xml:486(para)
7973
msgid "And for more verbose status information use:"
7974
msgstr ""
7975
7976
#: serverguide/C/security.xml:490(command)
7977
msgid "sudo ufw status verbose"
7978
msgstr ""
7979
7980
#: serverguide/C/security.xml:494(para)
7981
msgid "To view the <emphasis>numbered</emphasis> format:"
7982
msgstr ""
7983
7984
#: serverguide/C/security.xml:498(command)
7985
msgid "sudo ufw status numbered"
7986
msgstr ""
7987
7988
#: serverguide/C/security.xml:503(para)
7989
msgid ""
7990
"If the port you want to open or close is defined in "
7991
"<filename>/etc/services</filename>, you can use the port name instead of the "
7992
"number. In the above examples, replace <emphasis>22</emphasis> with "
7993
"<emphasis>ssh</emphasis>."
7994
msgstr ""
7995
7996
#: serverguide/C/security.xml:509(para)
7997
msgid ""
7998
"This is a quick introduction to using <application>ufw</application>. Please "
7999
"refer to the <application>ufw</application> man page for more information."
8000
msgstr ""
8001
8002
#: serverguide/C/security.xml:515(title)
8003
msgid "ufw Application Integration"
8004
msgstr ""
8005
8006
#: serverguide/C/security.xml:517(para)
8007
msgid ""
8008
"Applications that open ports can include an <application>ufw</application> "
8009
"profile, which details the ports needed for the application to function "
8010
"properly. The profiles are kept in <filename "
8011
"role=\"directory\">/etc/ufw/applications.d</filename>, and can be edited if "
8012
"the default ports have been changed."
8013
msgstr ""
8014
8015
#: serverguide/C/security.xml:526(para)
8016
msgid ""
8017
"To view which applications have installed a profile, enter the following in "
8018
"a terminal:"
8019
msgstr ""
8020
8021
#: serverguide/C/security.xml:531(command)
8022
msgid "sudo ufw app list"
8023
msgstr ""
8024
8025
#: serverguide/C/security.xml:537(para)
8026
msgid ""
8027
"Similar to allowing traffic to a port, using an application profile is "
8028
"accomplished by entering:"
8029
msgstr ""
8030
8031
#: serverguide/C/security.xml:542(command)
8032
msgid "sudo ufw allow Samba"
8033
msgstr ""
8034
8035
#: serverguide/C/security.xml:548(para)
8036
msgid "An extended syntax is available as well:"
8037
msgstr ""
8038
8039
#: serverguide/C/security.xml:553(command)
8040
msgid "ufw allow from 192.168.0.0/24 to any app Samba"
8041
msgstr ""
8042
8043
#: serverguide/C/security.xml:556(para)
8044
msgid ""
8045
"Replace <emphasis>Samba</emphasis> and <emphasis>192.168.0.0/24</emphasis> "
8046
"with the application profile you are using and the IP range for your network."
8047
msgstr ""
8048
8049
#: serverguide/C/security.xml:562(para)
8050
msgid ""
8051
"There is no need to specify the <emphasis>protocol</emphasis> for the "
8052
"application, because that information is detailed in the profile. Also, note "
8053
"that the <emphasis>app</emphasis> name replaces the "
8054
"<emphasis>port</emphasis> number."
8055
msgstr ""
8056
8057
#: serverguide/C/security.xml:571(para)
8058
msgid ""
8059
"To view details about which ports, protocols, etc are defined for an "
8060
"application, enter:"
8061
msgstr ""
8062
8063
#: serverguide/C/security.xml:576(command)
8064
msgid "sudo ufw app info Samba"
8065
msgstr ""
8066
8067
#: serverguide/C/security.xml:582(para)
8068
msgid ""
8069
"Not all applications that require opening a network port come with "
8070
"<application>ufw</application> profiles, but if you have profiled an "
8071
"application and want the file to be included with the package, please file a "
8072
"bug against the package in <ulink "
8073
"url=\"https://launchpad.net/\">Launchpad</ulink>."
8074
msgstr ""
8075
8076
#: serverguide/C/security.xml:591(title)
8077
msgid "IP Masquerading"
8078
msgstr ""
8079
8080
#: serverguide/C/security.xml:592(para)
8081
msgid ""
8082
"The purpose of IP Masquerading is to allow machines with private, non-"
8083
"routable IP addresses on your network to access the Internet through the "
8084
"machine doing the masquerading. Traffic from your private network destined "
8085
"for the Internet must be manipulated for replies to be routable back to the "
8086
"machine that made the request. To do this, the kernel must modify the "
8087
"<emphasis>source</emphasis> IP address of each packet so that replies will "
8088
"be routed back to it, rather than to the private IP address that made the "
8089
"request, which is impossible over the Internet. Linux uses "
8090
"<emphasis>Connection Tracking</emphasis> (conntrack) to keep track of which "
8091
"connections belong to which machines and reroute each return packet "
8092
"accordingly. Traffic leaving your private network is thus \"masqueraded\" as "
8093
"having originated from your Ubuntu gateway machine. This process is referred "
8094
"to in Microsoft documentation as Internet Connection Sharing."
8095
msgstr ""
8096
8097
#: serverguide/C/security.xml:608(title)
8098
msgid "ufw Masquerading"
8099
msgstr ""
8100
8101
#: serverguide/C/security.xml:609(para)
8102
msgid ""
8103
"IP Masquerading can be achieved using custom <application>ufw</application> "
8104
"rules. This is possible because the current back-end for "
8105
"<application>ufw</application> is <application>iptables-"
8106
"restore</application> with the rules files located in "
8107
"<filename>/etc/ufw/*.rules</filename>. These files are a great place to add "
8108
"legacy iptables rules used without <application>ufw</application>, and rules "
8109
"that are more network gateway or bridge related."
8110
msgstr ""
8111
8112
#: serverguide/C/security.xml:615(para)
8113
msgid ""
8114
"The rules are split into two different files, rules that should be executed "
8115
"before <application>ufw</application> command line rules, and rules that are "
8116
"executed after <application>ufw</application> command line rules."
8117
msgstr ""
8118
8119
#: serverguide/C/security.xml:621(para)
8120
msgid ""
8121
"First, packet forwarding needs to be enabled in "
8122
"<application>ufw</application>. Two configuration files will need to be "
8123
"adjusted, in <filename>/etc/default/ufw</filename> change the "
8124
"<emphasis>DEFAULT_FORWARD_POLICY</emphasis> to <quote>ACCEPT</quote>:"
8125
msgstr ""
8126
8127
#: serverguide/C/security.xml:625(programlisting)
8128
#, no-wrap
8129
msgid ""
8130
"\n"
8131
"DEFAULT_FORWARD_POLICY=\"ACCEPT\"\n"
8132
msgstr ""
8133
8134
#: serverguide/C/security.xml:628(para)
8135
msgid "Then edit <filename>/etc/ufw/sysctl.conf</filename> and uncomment:"
8136
msgstr ""
8137
8138
#: serverguide/C/security.xml:631(programlisting)
8139
#, no-wrap
8140
msgid ""
8141
"\n"
8142
"net/ipv4/ip_forward=1\n"
8143
msgstr ""
8144
8145
#: serverguide/C/security.xml:634(para)
8146
msgid "Similarly, for IPv6 forwarding uncomment:"
8147
msgstr ""
8148
8149
#: serverguide/C/security.xml:637(programlisting)
8150
#, no-wrap
8151
msgid ""
8152
"\n"
8153
"net/ipv6/conf/default/forwarding=1\n"
8154
msgstr ""
8155
8156
#: serverguide/C/security.xml:642(para)
8157
msgid ""
8158
"Now we will add rules to the <filename>/etc/ufw/before.rules</filename> "
8159
"file. The default rules only configure the <emphasis>filter</emphasis> "
8160
"table, and to enable masquerading the <emphasis>nat</emphasis> table will "
8161
"need to be configured. Add the following to the top of the file just after "
8162
"the header comments:"
8163
msgstr ""
8164
8165
#: serverguide/C/security.xml:647(programlisting)
8166
#, no-wrap
8167
msgid ""
8168
"\n"
8169
"# nat Table rules\n"
8170
"*nat\n"
8171
":POSTROUTING ACCEPT [0:0]\n"
8172
"\n"
8173
"# Forward traffic from eth1 through eth0.\n"
8174
"-A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE\n"
8175
"\n"
8176
"# don't delete the 'COMMIT' line or these nat table rules won't be "
8177
"processed\n"
8178
"COMMIT\n"
8179
msgstr ""
8180
8181
#: serverguide/C/security.xml:658(para)
8182
msgid ""
8183
"The comments are not strictly necessary, but it is considered good practice "
8184
"to document your configuration. Also, when modifying any of the "
8185
"<emphasis>rules</emphasis> files in <filename "
8186
"class=\"directory\">/etc/ufw</filename>, make sure these lines are the last "
8187
"line for each table modified:"
8188
msgstr ""
8189
8190
#: serverguide/C/security.xml:664(programlisting)
8191
#, no-wrap
8192
msgid ""
8193
"\n"
8194
"# don't delete the 'COMMIT' line or these rules won't be processed\n"
8195
"COMMIT\n"
8196
msgstr ""
8197
8198
#: serverguide/C/security.xml:669(para)
8199
msgid ""
8200
"For each <emphasis>Table</emphasis> a corresponding "
8201
"<emphasis>COMMIT</emphasis> statement is required. In these examples only "
8202
"the <emphasis>nat</emphasis> and <emphasis>filter</emphasis> tables are "
8203
"shown, but you can also add rules for the <emphasis>raw</emphasis> and "
8204
"<emphasis>mangle</emphasis> tables."
8205
msgstr ""
8206
8207
#: serverguide/C/security.xml:676(para)
8208
msgid ""
8209
"In the above example replace <emphasis>eth0</emphasis>, "
8210
"<emphasis>eth1</emphasis>, and <emphasis>192.168.0.0/24</emphasis> with the "
8211
"appropriate interfaces and IP range for your network."
8212
msgstr ""
8213
8214
#: serverguide/C/security.xml:684(para)
8215
msgid ""
8216
"Finally, disable and re-enable <application>ufw</application> to apply the "
8217
"changes:"
8218
msgstr ""
8219
8220
#: serverguide/C/security.xml:688(command)
8221
msgid "sudo ufw disable && sudo ufw enable"
8222
msgstr ""
8223
8224
#: serverguide/C/security.xml:692(para)
8225
msgid ""
8226
"IP Masquerading should now be enabled. You can also add any additional "
8227
"FORWARD rules to the <filename>/etc/ufw/before.rules</filename>. It is "
8228
"recommended that these additional rules be added to the <emphasis>ufw-before-"
8229
"forward</emphasis> chain."
8230
msgstr ""
8231
8232
#: serverguide/C/security.xml:699(title)
8233
msgid "iptables Masquerading"
8234
msgstr ""
8235
8236
#: serverguide/C/security.xml:700(para)
8237
msgid ""
8238
"<application>iptables</application> can also be used to enable masquerading."
8239
msgstr ""
8240
8241
#: serverguide/C/security.xml:705(para)
8242
msgid ""
8243
"Similar to <application>ufw</application>, the first step is to enable IPv4 "
8244
"packet forwarding by editing <filename>/etc/sysctl.conf</filename> and "
8245
"uncomment the following line"
8246
msgstr ""
8247
8248
#: serverguide/C/security.xml:709(programlisting)
8249
#, no-wrap
8250
msgid ""
8251
"\n"
8252
"net.ipv4.ip_forward=1\n"
8253
msgstr ""
8254
8255
#: serverguide/C/security.xml:712(para)
8256
msgid "If you wish to enable IPv6 forwarding also uncomment:"
8257
msgstr ""
8258
8259
#: serverguide/C/security.xml:715(programlisting)
8260
#, no-wrap
8261
msgid ""
8262
"\n"
8263
"net.ipv6.conf.default.forwarding=1\n"
8264
msgstr ""
8265
8266
#: serverguide/C/security.xml:720(para)
8267
msgid ""
8268
"Next, execute the <application>sysctl</application> command to enable the "
8269
"new settings in the configuration file:"
8270
msgstr ""
8271
8272
#: serverguide/C/security.xml:724(command)
8273
msgid "sudo sysctl -p"
8274
msgstr ""
8275
8276
#: serverguide/C/security.xml:728(para)
8277
msgid ""
8278
"IP Masquerading can now be accomplished with a single iptables rule, which "
8279
"may differ slightly based on your network configuration:"
8280
msgstr ""
8281
8282
#: serverguide/C/security.xml:731(screen)
8283
#, no-wrap
8284
msgid ""
8285
"\n"
8286
"sudo iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
8287
msgstr ""
8288
8289
#: serverguide/C/security.xml:734(para)
8290
msgid ""
8291
"The above command assumes that your private address space is 192.168.0.0/16 "
8292
"and that your Internet-facing device is ppp0. The syntax is broken down as "
8293
"follows:"
8294
msgstr ""
8295
8296
#: serverguide/C/security.xml:739(para)
8297
msgid "-t nat -- the rule is to go into the nat table"
8298
msgstr ""
8299
8300
#: serverguide/C/security.xml:740(para)
8301
msgid ""
8302
"-A POSTROUTING -- the rule is to be appended (-A) to the POSTROUTING chain"
8303
msgstr ""
8304
8305
#: serverguide/C/security.xml:741(para)
8306
msgid ""
8307
"-s 192.168.0.0/16 -- the rule applies to traffic originating from the "
8308
"specified address space"
8309
msgstr ""
8310
8311
#: serverguide/C/security.xml:742(para)
8312
msgid ""
8313
"-o ppp0 -- the rule applies to traffic scheduled to be routed through the "
8314
"specified network device"
8315
msgstr ""
8316
8317
#: serverguide/C/security.xml:744(para)
8318
msgid ""
8319
"-j MASQUERADE -- traffic matching this rule is to \"jump\" (-j) to the "
8320
"MASQUERADE target to be manipulated as described above"
8321
msgstr ""
8322
8323
#: serverguide/C/security.xml:752(para)
8324
msgid ""
8325
"Also, each chain in the filter table (the default table, and where most or "
8326
"all packet filtering occurs) has a default <emphasis>policy</emphasis> of "
8327
"ACCEPT, but if you are creating a firewall in addition to a gateway device, "
8328
"you may have set the policies to DROP or REJECT, in which case your "
8329
"masqueraded traffic needs to be allowed through the FORWARD chain for the "
8330
"above rule to work:"
8331
msgstr ""
8332
8333
#: serverguide/C/security.xml:759(screen)
8334
#, no-wrap
8335
msgid ""
8336
"\n"
8337
"sudo iptables -A FORWARD -s 192.168.0.0/16 -o ppp0 -j ACCEPT\n"
8338
"sudo iptables -A FORWARD -d 192.168.0.0/16 -m state --state "
8339
"ESTABLISHED,RELATED -i ppp0 -j ACCEPT\n"
8340
msgstr ""
8341
8342
#: serverguide/C/security.xml:763(para)
8343
msgid ""
8344
"The above commands will allow all connections from your local network to the "
8345
"Internet and all traffic related to those connections to return to the "
8346
"machine that initiated them."
8347
msgstr ""
8348
8349
#: serverguide/C/security.xml:770(para)
8350
msgid ""
8351
"If you want masquerading to be enabled on reboot, which you probably do, "
8352
"edit <filename>/etc/rc.local</filename> and add any commands used above. For "
8353
"example add the first command with no filtering:"
8354
msgstr ""
8355
8356
#: serverguide/C/security.xml:774(screen)
8357
#, no-wrap
8358
msgid ""
8359
"\n"
8360
"iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
8361
msgstr ""
8362
8363
#: serverguide/C/security.xml:782(title)
8364
msgid "Logs"
8365
msgstr ""
8366
8367
#: serverguide/C/security.xml:783(para)
8368
msgid ""
8369
"Firewall logs are essential for recognizing attacks, troubleshooting your "
8370
"firewall rules, and noticing unusual activity on your network. You must "
8371
"include logging rules in your firewall for them to be generated, though, and "
8372
"logging rules must come before any applicable terminating rule (a rule with "
8373
"a target that decides the fate of the packet, such as ACCEPT, DROP, or "
8374
"REJECT)."
8375
msgstr ""
8376
8377
#: serverguide/C/security.xml:790(para)
8378
msgid ""
8379
"If you are using <application>ufw</application>, you can turn on logging by "
8380
"entering the following in a terminal:"
8381
msgstr ""
8382
8383
#: serverguide/C/security.xml:794(command)
8384
msgid "sudo ufw logging on"
8385
msgstr ""
8386
8387
#: serverguide/C/security.xml:796(para)
8388
msgid ""
8389
"To turn logging off in <application>ufw</application>, simply replace "
8390
"<emphasis role=\"italic\">on</emphasis> with <emphasis "
8391
"role=\"italic\">off</emphasis> in the above command."
8392
msgstr ""
8393
8394
#: serverguide/C/security.xml:799(para)
8395
msgid ""
8396
"If using <application>iptables</application> instead of "
8397
"<application>ufw</application>, enter:"
8398
msgstr ""
8399
8400
#: serverguide/C/security.xml:802(screen)
8401
#, no-wrap
8402
msgid ""
8403
"\n"
8404
"sudo iptables -A INPUT -m state --state NEW -p tcp --dport 80 -j LOG --log-"
8405
"prefix \"NEW_HTTP_CONN: \"\n"
8406
msgstr ""
8407
8408
#: serverguide/C/security.xml:805(para)
8409
msgid ""
8410
"A request on port 80 from the local machine, then, would generate a log in "
8411
"dmesg that looks like this:"
8412
msgstr ""
8413
8414
#: serverguide/C/security.xml:810(programlisting)
8415
#, no-wrap
8416
msgid ""
8417
"[4304885.870000] NEW_HTTP_CONN: IN=lo OUT= "
8418
"MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 "
8419
"LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=58288 DF PROTO=TCP SPT=53981 DPT=80 "
8420
"WINDOW=32767 RES=0x00 SYN URGP=0"
8421
msgstr ""
8422
8423
#: serverguide/C/security.xml:812(para)
8424
msgid ""
8425
"The above log will also appear in <filename>/var/log/messages</filename>, "
8426
"<filename>/var/log/syslog</filename>, and "
8427
"<filename>/var/log/kern.log</filename>. This behavior can be modified by "
8428
"editing <filename>/etc/syslog.conf</filename> appropriately or by installing "
8429
"and configuring <application>ulogd</application> and using the ULOG target "
8430
"instead of LOG. The <application>ulogd</application> daemon is a userspace "
8431
"server that listens for logging instructions from the kernel specifically "
8432
"for firewalls, and can log to any file you like, or even to a "
8433
"<application>PostgreSQL</application> or <application>MySQL</application> "
8434
"database. Making sense of your firewall logs can be simplified by using a "
8435
"log analyzing tool such as <application>fwanalog</application>, "
8436
"<application> fwlogwatch</application>, or <application>lire</application>."
8437
msgstr ""
8438
8439
#: serverguide/C/security.xml:827(title)
8440
msgid "Other Tools"
8441
msgstr ""
8442
8443
#: serverguide/C/security.xml:828(para)
8444
msgid ""
8445
"There are many tools available to help you construct a complete firewall "
8446
"without intimate knowledge of iptables. For the GUI-inclined:"
8447
msgstr ""
8448
8449
#: serverguide/C/security.xml:834(para)
8450
msgid ""
8451
"<ulink url=\"http://www.fs-security.com/\">Firestarter</ulink> is quite "
8452
"popular and easy to use."
8453
msgstr ""
8454
8455
#: serverguide/C/security.xml:839(para)
8456
msgid ""
8457
"<ulink url=\"http://www.fwbuilder.org/\">fwbuilder</ulink> is very powerful "
8458
"and will look familiar to an administrator who has used a commercial "
8459
"firewall utility such as <application>Checkpoint FireWall-1</application>."
8460
msgstr ""
8461
8462
#: serverguide/C/security.xml:845(para)
8463
msgid ""
8464
"If you prefer a command-line tool with plain-text configuration files:"
8465
msgstr ""
8466
8467
#: serverguide/C/security.xml:850(para)
8468
msgid ""
8469
"<ulink url=\"http://www.shorewall.net/\">Shorewall</ulink> is a very "
8470
"powerful solution to help you configure an advanced firewall for any network."
8471
msgstr ""
8472
8473
#: serverguide/C/security.xml:856(para)
8474
msgid ""
8475
"<ulink url=\"http://www.linuxkungfu.org/\">ipkungfu</ulink> should give you "
8476
"a working firewall \"out of the box\" with zero configuration, and will "
8477
"allow you to easily set up a more advanced firewall by editing simple, well-"
8478
"documented configuration files."
8479
msgstr ""
8480
8481
#: serverguide/C/security.xml:863(para)
8482
msgid ""
8483
"<ulink url=\"http://fireflier.sourceforge.net/\">fireflier</ulink> is "
8484
"designed to be a desktop firewall application. It is made up of a server "
8485
"(fireflier-server) and your choice of GUI clients (GTK or QT), and behaves "
8486
"like many popular interactive firewall applications for Windows."
8487
msgstr ""
8488
8489
#: serverguide/C/security.xml:875(para)
8490
msgid ""
8491
"The <ulink url=\"https://wiki.ubuntu.com/UbuntuFirewall\">Ubuntu "
8492
"Firewall</ulink> wiki page contains information on the development of "
8493
"<application>ufw</application>."
8494
msgstr ""
8495
8496
#: serverguide/C/security.xml:881(para)
8497
msgid ""
8498
"Also, the <application>ufw</application> manual page contains some very "
8499
"useful information: <command>man ufw</command>."
8500
msgstr ""
8501
8502
#: serverguide/C/security.xml:886(para)
8503
msgid ""
8504
"See the <ulink url=\"http://www.netfilter.org/documentation/HOWTO/packet-"
8505
"filtering-HOWTO.html\">packet-filtering-HOWTO</ulink> for more information "
8506
"on using <application>iptables</application>."
8507
msgstr ""
8508
8509
#: serverguide/C/security.xml:892(para)
8510
msgid ""
8511
"The <ulink url=\"http://www.netfilter.org/documentation/HOWTO/NAT-"
8512
"HOWTO.html\">nat-HOWTO</ulink> contains further details on masquerading."
8513
msgstr ""
8514
8515
#: serverguide/C/security.xml:898(para)
8516
msgid ""
8517
"The <ulink url=\"https://help.ubuntu.com/community/IptablesHowTo\">IPTables "
8518
"HowTo</ulink> in the Ubuntu wiki is a great resource."
8519
msgstr ""
8520
8521
#: serverguide/C/security.xml:906(title)
8522
msgid "AppArmor"
8523
msgstr ""
8524
8525
#: serverguide/C/security.xml:907(para)
8526
msgid ""
8527
"<application>AppArmor</application> is a Linux Security Module "
8528
"implementation of name-based mandatory access controls. AppArmor confines "
8529
"individual programs to a set of listed files and posix 1003.1e draft "
8530
"capabilities."
8531
msgstr ""
8532
8533
#: serverguide/C/security.xml:911(para)
8534
msgid ""
8535
"<application>AppArmor</application> is installed and loaded by default. It "
8536
"uses <emphasis>profiles</emphasis> of an application to determine what files "
8537
"and permissions the application requires. Some packages will install their "
8538
"own profiles, and additional profiles can be found in the "
8539
"<application>apparmor-profiles</application> package."
8540
msgstr ""
8541
8542
#: serverguide/C/security.xml:916(para)
8543
msgid ""
8544
"To install the <application>apparmor-profiles</application> package from a "
8545
"terminal prompt:"
8546
msgstr ""
8547
8548
#: serverguide/C/security.xml:922(para)
8549
msgid "AppArmor profiles have two modes of execution:"
8550
msgstr ""
8551
8552
#: serverguide/C/security.xml:927(para)
8553
msgid ""
8554
"Complaining/Learning: profile violations are permitted and logged. Useful "
8555
"for testing and developing new profiles."
8556
msgstr ""
8557
8558
#: serverguide/C/security.xml:932(para)
8559
msgid ""
8560
"Enforced/Confined: enforces profile policy as well as logging the violation."
8561
msgstr ""
8562
8563
#: serverguide/C/security.xml:938(title)
8564
msgid "Using AppArmor"
8565
msgstr ""
8566
8567
#: serverguide/C/security.xml:939(para)
8568
msgid ""
8569
"The <application>apparmor-utils</application> package contains command line "
8570
"utilities that you can use to change the <application>AppArmor</application> "
8571
"execution mode, find the status of a profile, create new profiles, etc."
8572
msgstr ""
8573
8574
#: serverguide/C/security.xml:945(para)
8575
msgid ""
8576
"<application>apparmor_status</application> is used to view the current "
8577
"status of AppArmor profiles."
8578
msgstr ""
8579
8580
#: serverguide/C/security.xml:949(command)
8581
msgid "sudo apparmor_status"
8582
msgstr ""
8583
8584
#: serverguide/C/security.xml:953(para)
8585
msgid ""
8586
"<application>aa-complain</application> places a profile into "
8587
"<emphasis>complain</emphasis> mode."
8588
msgstr ""
8589
8590
#: serverguide/C/security.xml:957(command)
8591
msgid "sudo aa-complain /path/to/bin"
8592
msgstr ""
8593
8594
#: serverguide/C/security.xml:961(para)
8595
msgid ""
8596
"<application>aa-enforce</application> places a profile into "
8597
"<emphasis>enforce</emphasis> mode."
8598
msgstr ""
8599
8600
#: serverguide/C/security.xml:965(command)
8601
msgid "sudo aa-enforce /path/to/bin"
8602
msgstr ""
8603
8604
#: serverguide/C/security.xml:969(para)
8605
msgid ""
8606
"The <filename>/etc/apparmor.d</filename> directory is where the AppArmor "
8607
"profiles are located. It can be used to manipulate the "
8608
"<emphasis>mode</emphasis> of all profiles."
8609
msgstr ""
8610
8611
#: serverguide/C/security.xml:973(para)
8612
msgid "Enter the following to place all profiles into complain mode:"
8613
msgstr ""
8614
8615
#: serverguide/C/security.xml:977(command)
8616
msgid "sudo aa-complain /etc/apparmor.d/*"
8617
msgstr ""
8618
8619
#: serverguide/C/security.xml:979(para)
8620
msgid "To place all profiles in enforce mode:"
8621
msgstr ""
8622
8623
#: serverguide/C/security.xml:983(command)
8624
msgid "sudo aa-enforce /etc/apparmor.d/*"
8625
msgstr ""
8626
8627
#: serverguide/C/security.xml:987(para)
8628
msgid ""
8629
"<application>apparmor_parser</application> is used to load a profile into "
8630
"the kernel. It can also be used to reload a currently loaded profile using "
8631
"the <emphasis>-r</emphasis> option. To load a profile:"
8632
msgstr ""
8633
8634
#: serverguide/C/security.xml:992(command) serverguide/C/security.xml:1024(command)
8635
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -a"
8636
msgstr ""
8637
8638
#: serverguide/C/security.xml:994(para)
8639
msgid "To reload a profile:"
8640
msgstr ""
8641
8642
#: serverguide/C/security.xml:998(command)
8643
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -r"
8644
msgstr ""
8645
8646
#: serverguide/C/security.xml:1002(para)
8647
msgid ""
8648
"<filename>/etc/init.d/apparmor</filename> can be used to "
8649
"<emphasis>reload</emphasis> all profiles:"
8650
msgstr ""
8651
8652
#: serverguide/C/security.xml:1006(command) serverguide/C/network-auth.xml:632(command)
8653
msgid "sudo /etc/init.d/apparmor reload"
8654
msgstr ""
8655
8656
#: serverguide/C/security.xml:1010(para)
8657
msgid ""
8658
"The <filename>/etc/apparmor.d/disable</filename> directory can be used along "
8659
"with the <application>apparmor_parser -R</application> option to "
8660
"<emphasis>disable</emphasis> a profile."
8661
msgstr ""
8662
8663
#: serverguide/C/security.xml:1015(command)
8664
msgid "sudo ln -s /etc/apparmor.d/profile.name /etc/apparmor.d/disable/"
8665
msgstr ""
8666
8667
#: serverguide/C/security.xml:1016(command)
8668
msgid "sudo apparmor_parser -R /etc/apparmor.d/profile.name"
8669
msgstr ""
8670
8671
#: serverguide/C/security.xml:1018(para)
8672
msgid ""
8673
"To <emphasis>re-enable</emphasis> a disabled profile remove the symbolic "
8674
"link to the profile in <filename>/etc/apparmor.d/disable/</filename>. Then "
8675
"load the profile using the <emphasis>-a</emphasis> option."
8676
msgstr ""
8677
8678
#: serverguide/C/security.xml:1023(command)
8679
msgid "sudo rm /etc/apparmor.d/disable/profile.name"
8680
msgstr ""
8681
8682
#: serverguide/C/security.xml:1028(para)
8683
msgid ""
8684
"<application>AppArmor</application> can be disabled, and the kernel module "
8685
"unloaded by entering the following:"
8686
msgstr ""
8687
8688
#: serverguide/C/security.xml:1032(command)
8689
msgid "sudo /etc/init.d/apparmor stop"
8690
msgstr ""
8691
8692
#: serverguide/C/security.xml:1033(command)
8693
msgid "sudo update-rc.d -f apparmor remove"
8694
msgstr ""
8695
8696
#: serverguide/C/security.xml:1037(para)
8697
msgid "To re-enable <application>AppArmor</application> enter:"
8698
msgstr ""
8699
8700
#: serverguide/C/security.xml:1041(command)
8701
msgid "sudo /etc/init.d/apparmor start"
8702
msgstr ""
8703
8704
#: serverguide/C/security.xml:1042(command)
8705
msgid "sudo update-rc.d apparmor defaults"
8706
msgstr ""
8707
8708
#: serverguide/C/security.xml:1047(para)
8709
msgid ""
8710
"Replace <emphasis>profile.name</emphasis> with the name of the profile you "
8711
"want to manipulate. Also, replace <filename>/path/to/bin/</filename> with "
8712
"the actual executable file path. For example for the "
8713
"<application>ping</application> command use <filename>/bin/ping</filename>"
8714
msgstr ""
8715
8716
#: serverguide/C/security.xml:1055(title)
8717
msgid "Profiles"
8718
msgstr ""
8719
8720
#: serverguide/C/security.xml:1056(para)
8721
msgid ""
8722
"<application>AppArmor</application> profiles are simple text files located "
8723
"in <filename>/etc/apparmor.d/</filename>. The files are named after the full "
8724
"path to the executable they profile replacing the \"/\" with \".\". For "
8725
"example <filename>/etc/apparmor.d/bin.ping</filename> is the AppArmor "
8726
"profile for the <filename>/bin/ping</filename> command."
8727
msgstr ""
8728
8729
#: serverguide/C/security.xml:1062(para)
8730
msgid "There are two main type of rules used in profiles:"
8731
msgstr ""
8732
8733
#: serverguide/C/security.xml:1067(para)
8734
msgid ""
8735
"<emphasis>Path entries:</emphasis> which detail which files an application "
8736
"can access in the file system."
8737
msgstr ""
8738
8739
#: serverguide/C/security.xml:1072(para)
8740
msgid ""
8741
"<emphasis>Capability entries:</emphasis> determine what privileges a "
8742
"confined process is allowed to use."
8743
msgstr ""
8744
8745
#: serverguide/C/security.xml:1077(para)
8746
msgid ""
8747
"As an example take a look at <filename>/etc/apparmor.d/bin.ping</filename>:"
8748
msgstr ""
8749
8750
#: serverguide/C/security.xml:1080(programlisting)
8751
#, no-wrap
8752
msgid ""
8753
"\n"
8754
"#include <tunables/global>\n"
8755
"/bin/ping flags=(complain) {\n"
8756
" #include <abstractions/base>\n"
8757
" #include <abstractions/consoles>\n"
8758
" #include <abstractions/nameservice>\n"
8759
"\n"
8760
" capability net_raw,\n"
8761
" capability setuid,\n"
8762
" network inet raw,\n"
8763
" \n"
8764
" /bin/ping mixr,\n"
8765
" /etc/modules.conf r,\n"
8766
"}\n"
8767
msgstr ""
8768
8769
#: serverguide/C/security.xml:1097(para)
8770
msgid ""
8771
"<emphasis>#include <tunables/global>:</emphasis> include statements "
8772
"from other files. This allows statements pertaining to multiple applications "
8773
"to be placed in a common file."
8774
msgstr ""
8775
8776
#: serverguide/C/security.xml:1103(para)
8777
msgid ""
8778
"<emphasis>/bin/ping flags=(complain):</emphasis> path to the profiled "
8779
"program, also setting the mode to <emphasis>complain</emphasis>."
8780
msgstr ""
8781
8782
#: serverguide/C/security.xml:1109(para)
8783
msgid ""
8784
"<emphasis>capability net_raw,:</emphasis> allows the application access to "
8785
"the CAP_NET_RAW Posix.1e capability."
8786
msgstr ""
8787
8788
#: serverguide/C/security.xml:1114(para)
8789
msgid ""
8790
"<emphasis>/bin/ping mixr,:</emphasis> allows the application read and "
8791
"execute access to the file."
8792
msgstr ""
8793
8794
#: serverguide/C/security.xml:1120(para)
8795
msgid ""
8796
"After editing a profile file the profile must be reloaded. See <xref "
8797
"linkend=\"apparmor-usage\"/> for details."
8798
msgstr ""
8799
8800
#: serverguide/C/security.xml:1125(title)
8801
msgid "Creating a Profile"
8802
msgstr ""
8803
8804
#: serverguide/C/security.xml:1128(para)
8805
msgid ""
8806
"<emphasis>Design a test plan:</emphasis> Try to think about how the "
8807
"application should be exercised. The test plan should be divided into small "
8808
"test cases. Each test case should have a small description and list the "
8809
"steps to follow."
8810
msgstr ""
8811
8812
#: serverguide/C/security.xml:1132(para)
8813
msgid "Some standard test cases are:"
8814
msgstr ""
8815
8816
#: serverguide/C/security.xml:1137(para)
8817
msgid "Starting the program."
8818
msgstr ""
8819
8820
#: serverguide/C/security.xml:1142(para)
8821
msgid "Stopping the program."
8822
msgstr ""
8823
8824
#: serverguide/C/security.xml:1147(para)
8825
msgid "Reloading the program."
8826
msgstr ""
8827
8828
#: serverguide/C/security.xml:1152(para)
8829
msgid "Testing all the commands supported by the init script."
8830
msgstr ""
8831
8832
#: serverguide/C/security.xml:1159(para)
8833
msgid ""
8834
"<emphasis>Generate the new profile:</emphasis> Use <application>aa-"
8835
"genprof</application> to generate a new profile. From a terminal:"
8836
msgstr ""
8837
8838
#: serverguide/C/security.xml:1164(command)
8839
msgid "sudo aa-genprof executable"
8840
msgstr ""
8841
8842
#: serverguide/C/security.xml:1166(para)
8843
msgid "For example:"
8844
msgstr ""
8845
8846
#: serverguide/C/security.xml:1170(command)
8847
msgid "sudo aa-genprof slapd"
8848
msgstr ""
8849
8850
#: serverguide/C/security.xml:1174(para)
8851
msgid ""
8852
"To get your new profile included in the <application>apparmor-"
8853
"profiles</application> package, file a bug in <emphasis>Launchpad</emphasis> "
8854
"against the <ulink "
8855
"url=\"https://bugs.launchpad.net/ubuntu/+source/apparmor/+filebug\">AppArmor<"
8856
"/ulink> package:"
8857
msgstr ""
8858
8859
#: serverguide/C/security.xml:1181(para)
8860
msgid "Include your test plan and test cases."
8861
msgstr ""
8862
8863
#: serverguide/C/security.xml:1186(para)
8864
msgid "Attach your new profile to the bug."
8865
msgstr ""
8866
8867
#: serverguide/C/security.xml:1195(title)
8868
msgid "Updating Profiles"
8869
msgstr ""
8870
8871
#: serverguide/C/security.xml:1196(para)
8872
msgid ""
8873
"When the program is misbehaving, audit messages are sent to the log files. "
8874
"The program <application>aa-logprof</application> can be used to scan log "
8875
"files for <application>AppArmor</application> audit messages, review them "
8876
"and update the profiles. From a terminal:"
8877
msgstr ""
8878
8879
#: serverguide/C/security.xml:1201(command)
8880
msgid "sudo aa-logprof"
8881
msgstr ""
8882
8883
#: serverguide/C/security.xml:1209(para)
8884
msgid ""
8885
"See the <ulink "
8886
"url=\"http://www.novell.com/documentation/apparmor/apparmor201_sp10_admin/ind"
8887
"ex.html?page=/documentation/apparmor/apparmor201_sp10_admin/data/book_apparmo"
8888
"r_admin.html\">AppArmor Administration Guide</ulink> for advanced "
8889
"configuration options."
8890
msgstr ""
8891
8892
#: serverguide/C/security.xml:1216(para)
8893
msgid ""
8894
"For details using AppArmor with other Ubuntu releases see the <ulink "
8895
"url=\"https://help.ubuntu.com/community/AppArmor\"> AppArmor Community "
8896
"Wiki</ulink> page."
8897
msgstr ""
8898
8899
#: serverguide/C/security.xml:1224(para)
8900
msgid ""
8901
"The <ulink url=\"http://en.opensuse.org/AppArmor\">OpenSUSE AppArmor</ulink> "
8902
"page is another introduction to AppArmor."
8903
msgstr ""
8904
8905
#: serverguide/C/security.xml:1231(para)
8906
msgid ""
8907
"A great place to ask for <application>AppArmor</application> assistance, and "
8908
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
8909
"server</emphasis> IRC channel on <ulink "
8910
"url=\"http://freenode.net\">freenode</ulink>."
8911
msgstr ""
8912
8913
#: serverguide/C/security.xml:1241(title)
8914
msgid "Certificates"
8915
msgstr ""
8916
8917
#: serverguide/C/security.xml:1242(para)
8918
msgid ""
8919
"One of the most common forms of cryptography today is <emphasis>public-"
8920
"key</emphasis> cryptography. Public-key cryptography utilizes a "
8921
"<emphasis>public key</emphasis> and a <emphasis>private key</emphasis>. The "
8922
"system works by <emphasis>encrypting</emphasis> information using the public "
8923
"key. The information can then only be <emphasis>decrypted</emphasis> using "
8924
"the private key."
8925
msgstr ""
8926
8927
#: serverguide/C/security.xml:1248(para)
8928
msgid ""
8929
"A common use for public-key cryptography is encrypting application traffic "
8930
"using a Secure Socket Layer (SSL) or Transport Layer Security (TLS) "
8931
"connection. For example, configuring Apache to provide "
8932
"<emphasis>HTTPS</emphasis>, the HTTP protocol over SSL. This allows a way to "
8933
"encrypt traffic using a protocol that does not itself provide encryption."
8934
msgstr ""
8935
8936
#: serverguide/C/security.xml:1253(para)
8937
msgid ""
8938
"A <emphasis>Certificate</emphasis> is a method used to distribute a "
8939
"<emphasis>public key</emphasis> and other information about a server and the "
8940
"organization who is responsible for it. Certificates can be digitally signed "
8941
"by a <emphasis>Certification Authority</emphasis> or CA. A CA is a trusted "
8942
"third party that has confirmed that the information contained in the "
8943
"certificate is accurate."
8944
msgstr ""
8945
8946
#: serverguide/C/security.xml:1260(title)
8947
msgid "Types of Certificates"
8948
msgstr ""
8949
8950
#: serverguide/C/security.xml:1261(para)
8951
msgid ""
8952
"To set up a secure server using public-key cryptography, in most cases, you "
8953
"send your certificate request (including your public key), proof of your "
8954
"company's identity, and payment to a CA. The CA verifies the certificate "
8955
"request and your identity, and then sends back a certificate for your secure "
8956
"server. Alternatively, you can create your own <emphasis>self-"
8957
"signed</emphasis> certificate."
8958
msgstr ""
8959
8960
#: serverguide/C/security.xml:1271(para)
8961
msgid ""
8962
"Note, that self-signed certificates should not be used in most production "
8963
"environments."
8964
msgstr ""
8965
8966
#: serverguide/C/security.xml:1275(para)
8967
msgid ""
8968
"Continuing the HTTPS example, a CA-signed certificate provides two important "
8969
"capabilities that a self-signed certificate does not:"
8970
msgstr ""
8971
8972
#: serverguide/C/security.xml:1282(para)
8973
msgid ""
8974
"Browsers (usually) automatically recognize the certificate and allow a "
8975
"secure connection to be made without prompting the user."
8976
msgstr ""
8977
8978
#: serverguide/C/security.xml:1289(para)
8979
msgid ""
8980
"When a CA issues a signed certificate, it is guaranteeing the identity of "
8981
"the organization that is providing the web pages to the browser."
8982
msgstr ""
8983
8984
#: serverguide/C/security.xml:1297(para)
8985
msgid ""
8986
"Most Web browsers, and computers, that support SSL have a list of CAs whose "
8987
"certificates they automatically accept. If a browser encounters a "
8988
"certificate whose authorizing CA is not in the list, the browser asks the "
8989
"user to either accept or decline the connection. Also, other applications "
8990
"may generate an error message when using a self-singed certificate."
8991
msgstr ""
8992
8993
#: serverguide/C/security.xml:1305(para)
8994
msgid ""
8995
"The process of getting a certificate from a CA is fairly easy. A quick "
8996
"overview is as follows:"
8997
msgstr ""
8998
8999
#: serverguide/C/security.xml:1312(para)
9000
msgid "Create a private and public encryption key pair."
9001
msgstr ""
9002
9003
#: serverguide/C/security.xml:1315(para)
9004
msgid ""
9005
"Create a certificate request based on the public key. The certificate "
9006
"request contains information about your server and the company hosting it."
9007
msgstr ""
9008
9009
#: serverguide/C/security.xml:1320(para)
9010
msgid ""
9011
"Send the certificate request, along with documents proving your identity, to "
9012
"a CA. We cannot tell you which certificate authority to choose. Your "
9013
"decision may be based on your past experiences, or on the experiences of "
9014
"your friends or colleagues, or purely on monetary factors."
9015
msgstr ""
9016
9017
#: serverguide/C/security.xml:1326(para)
9018
msgid ""
9019
"Once you have decided upon a CA, you need to follow the instructions they "
9020
"provide on how to obtain a certificate from them."
9021
msgstr ""
9022
9023
#: serverguide/C/security.xml:1331(para)
9024
msgid ""
9025
"When the CA is satisfied that you are indeed who you claim to be, they send "
9026
"you a digital certificate."
9027
msgstr ""
9028
9029
#: serverguide/C/security.xml:1335(para)
9030
msgid ""
9031
"Install this certificate on your secure server, and configure the "
9032
"appropriate applications to use the certificate."
9033
msgstr ""
9034
9035
#: serverguide/C/security.xml:1344(title)
9036
msgid "Generating a Certificate Signing Request (CSR)"
9037
msgstr ""
9038
9039
#: serverguide/C/security.xml:1346(para)
9040
msgid ""
9041
"Whether you are getting a certificate from a CA or generating your own self-"
9042
"signed certificate, the first step is to generate a key."
9043
msgstr ""
9044
9045
#: serverguide/C/security.xml:1351(para)
9046
msgid ""
9047
"If the certificate will be used by service daemons, such as Apache, Postfix, "
9048
"Dovecot, etc, a key without a passphrase is often appropriate. Not having a "
9049
"passphrase allows the services to start without manual intervention, usually "
9050
"the preferred way to start a daemon."
9051
msgstr ""
9052
9053
#: serverguide/C/security.xml:1357(para)
9054
msgid ""
9055
"This section will cover generating a key with a passphrase, and one without. "
9056
"The non-passphrase key will then be used to generate a certificate that can "
9057
"be used with various service daemons."
9058
msgstr ""
9059
9060
#: serverguide/C/security.xml:1363(para)
9061
msgid ""
9062
"Running your secure service without a passphrase is convenient because you "
9063
"will not need to enter the passphrase every time you start your secure "
9064
"service. But it is insecure and a compromise of the key means a compromise "
9065
"of the server as well."
9066
msgstr ""
9067
9068
#: serverguide/C/security.xml:1370(para)
9069
msgid ""
9070
"To generate the <emphasis>keys</emphasis> for the Certificate Signing "
9071
"Request (CSR) run the following command from a terminal prompt:"
9072
msgstr ""
9073
9074
#: serverguide/C/security.xml:1376(command)
9075
msgid "openssl genrsa -des3 -out server.key 1024"
9076
msgstr ""
9077
9078
#: serverguide/C/security.xml:1379(programlisting)
9079
#, no-wrap
9080
msgid ""
9081
"\n"
9082
"Generating RSA private key, 1024 bit long modulus\n"
9083
".....................++++++\n"
9084
".................++++++\n"
9085
"unable to write 'random state'\n"
9086
"e is 65537 (0x10001)\n"
9087
"Enter pass phrase for server.key:\n"
9088
msgstr ""
9089
9090
#: serverguide/C/security.xml:1388(para)
9091
msgid ""
9092
"You can now enter your passphrase. For best security, it should at least "
9093
"contain eight characters. The minimum length when specifying -des3 is four "
9094
"characters. It should include numbers and/or punctuation and not be a word "
9095
"in a dictionary. Also remember that your passphrase is case-sensitive."
9096
msgstr ""
9097
9098
#: serverguide/C/security.xml:1396(para)
9099
msgid ""
9100
"Re-type the passphrase to verify. Once you have re-typed it correctly, the "
9101
"server key is generated and stored in the <filename>server.key</filename> "
9102
"file."
9103
msgstr ""
9104
9105
#: serverguide/C/security.xml:1402(para)
9106
msgid ""
9107
"Now create the insecure key, the one without a passphrase, and shuffle the "
9108
"key names:"
9109
msgstr ""
9110
9111
#: serverguide/C/security.xml:1408(command)
9112
msgid "openssl rsa -in server.key -out server.key.insecure"
9113
msgstr ""
9114
9115
#: serverguide/C/security.xml:1409(command)
9116
msgid "mv server.key server.key.secure"
9117
msgstr ""
9118
9119
#: serverguide/C/security.xml:1410(command)
9120
msgid "mv server.key.insecure server.key"
9121
msgstr ""
9122
9123
#: serverguide/C/security.xml:1413(para)
9124
msgid ""
9125
"The insecure key is now named <filename>server.key</filename>, and you can "
9126
"use this file to generate the CSR without passphrase."
9127
msgstr ""
9128
9129
#: serverguide/C/security.xml:1418(para)
9130
msgid "To create the CSR, run the following command at a terminal prompt:"
9131
msgstr ""
9132
9133
#: serverguide/C/security.xml:1423(command)
9134
msgid "openssl req -new -key server.key -out server.csr"
9135
msgstr ""
9136
9137
#: serverguide/C/security.xml:1426(para)
9138
msgid ""
9139
"It will prompt you enter the passphrase. If you enter the correct "
9140
"passphrase, it will prompt you to enter Company Name, Site Name, Email Id, "
9141
"etc. Once you enter all these details, your CSR will be created and it will "
9142
"be stored in the <filename>server.csr</filename> file."
9143
msgstr ""
9144
9145
#: serverguide/C/security.xml:1434(para)
9146
msgid ""
9147
"You can now submit this CSR file to a CA for processing. The CA will use "
9148
"this CSR file and issue the certificate. On the other hand, you can create "
9149
"self-signed certificate using this CSR."
9150
msgstr ""
9151
9152
#: serverguide/C/security.xml:1442(title)
9153
msgid "Creating a Self-Signed Certificate"
9154
msgstr ""
9155
9156
#: serverguide/C/security.xml:1443(para)
9157
msgid ""
9158
"To create the self-signed certificate, run the following command at a "
9159
"terminal prompt:"
9160
msgstr ""
9161
9162
#: serverguide/C/security.xml:1448(command)
9163
msgid ""
9164
"openssl x509 -req -days 365 -in server.csr -signkey server.key -out "
9165
"server.crt"
9166
msgstr ""
9167
9168
#: serverguide/C/security.xml:1451(para)
9169
msgid ""
9170
"The above command will prompt you to enter the passphrase. Once you enter "
9171
"the correct passphrase, your certificate will be created and it will be "
9172
"stored in the <filename>server.crt</filename> file."
9173
msgstr ""
9174
9175
#: serverguide/C/security.xml:1456(para)
9176
msgid ""
9177
"If your secure server is to be used in a production environment, you "
9178
"probably need a CA-signed certificate. It is not recommended to use self-"
9179
"signed certificate."
9180
msgstr ""
9181
9182
#: serverguide/C/security.xml:1464(title)
9183
msgid "Installing the Certificate"
9184
msgstr ""
9185
9186
#: serverguide/C/security.xml:1466(para)
9187
msgid ""
9188
"You can install the key file <filename>server.key</filename> and certificate "
9189
"file <filename>server.crt</filename>, or the certificate file issued by your "
9190
"CA, by running following commands at a terminal prompt:"
9191
msgstr ""
9192
9193
#: serverguide/C/security.xml:1472(command)
9194
msgid "sudo cp server.crt /etc/ssl/certs"
9195
msgstr ""
9196
9197
#: serverguide/C/security.xml:1473(command)
9198
msgid "sudo cp server.key /etc/ssl/private"
9199
msgstr ""
9200
9201
#: serverguide/C/security.xml:1475(para)
9202
msgid ""
9203
"Now simply configure any applications, with the ability to use public-key "
9204
"cryptography, to use the <emphasis>certificate</emphasis> and "
9205
"<emphasis>key</emphasis> files. For example, "
9206
"<application>Apache</application> can provide HTTPS, "
9207
"<application>Dovecot</application> can provide IMAPS and POP3S, etc."
9208
msgstr ""
9209
9210
#: serverguide/C/security.xml:1482(title)
9211
msgid "Certification Authority"
9212
msgstr ""
9213
9214
#: serverguide/C/security.xml:1484(para)
9215
msgid ""
9216
"If the services on your network require more than a few self-signed "
9217
"certificates it may be worth the additional effort to setup your own "
9218
"internal <emphasis>Certification Authority (CA)</emphasis>. Using "
9219
"certificates signed by your own CA, allows the various services using the "
9220
"certificates to easily trust other services using certificates issued from "
9221
"the same CA."
9222
msgstr ""
9223
9224
#: serverguide/C/security.xml:1494(para)
9225
msgid ""
9226
"First, create the directories to hold the CA certificate and related files:"
9227
msgstr ""
9228
9229
#: serverguide/C/security.xml:1499(command)
9230
msgid "sudo mkdir /etc/ssl/CA"
9231
msgstr ""
9232
9233
#: serverguide/C/security.xml:1500(command)
9234
msgid "sudo mkdir /etc/ssl/newcerts"
9235
msgstr ""
9236
9237
#: serverguide/C/security.xml:1506(para)
9238
msgid ""
9239
"The CA needs a few additional files to operate, one to keep track of the "
9240
"last serial number used by the CA, each certificate must have a unique "
9241
"serial number, and another file to record which certificates have been "
9242
"issued:"
9243
msgstr ""
9244
9245
#: serverguide/C/security.xml:1513(command)
9246
msgid "sudo sh -c \"echo '01' > /etc/ssl/CA/serial\""
9247
msgstr ""
9248
9249
#: serverguide/C/security.xml:1514(command)
9250
msgid "sudo touch /etc/ssl/CA/index.txt"
9251
msgstr ""
9252
9253
#: serverguide/C/security.xml:1520(para)
9254
msgid ""
9255
"The third file is a CA configuration file. Though not strictly necessary, it "
9256
"is very convenient when issuing multiple certificates. Edit "
9257
"<filename>/etc/ssl/openssl.cnf</filename>, and in the <emphasis>[ CA_default "
9258
"]</emphasis> change:"
9259
msgstr ""
9260
9261
#: serverguide/C/security.xml:1526(programlisting)
9262
#, no-wrap
9263
msgid ""
9264
"\n"
9265
"dir = /etc/ssl/ # Where everything is kept\n"
9266
"database = $dir/CA/index.txt # database index file.\n"
9267
"certificate = $dir/certs/cacert.pem # The CA certificate\n"
9268
"serial = $dir/CA/serial # The current serial number\n"
9269
"private_key = $dir/private/cakey.pem# The private key\n"
9270
msgstr ""
9271
9272
#: serverguide/C/security.xml:1537(para)
9273
msgid "Next, create the self-singed root certificate:"
9274
msgstr ""
9275
9276
#: serverguide/C/security.xml:1542(command)
9277
msgid ""
9278
"openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -"
9279
"days 3650"
9280
msgstr ""
9281
9282
#: serverguide/C/security.xml:1545(para)
9283
msgid "You will then be asked to enter the details about the certificate."
9284
msgstr ""
9285
9286
#: serverguide/C/security.xml:1552(para)
9287
msgid "Now install the root certificate and key:"
9288
msgstr ""
9289
9290
#: serverguide/C/security.xml:1557(command)
9291
msgid "sudo mv cakey.pem /etc/ssl/private/"
9292
msgstr ""
9293
9294
#: serverguide/C/security.xml:1558(command)
9295
msgid "sudo mv cacert.pem /etc/ssl/certs/"
9296
msgstr ""
9297
9298
#: serverguide/C/security.xml:1564(para)
9299
msgid ""
9300
"You are now ready to start signing certificates. The first item needed is a "
9301
"Certificate Signing Request (CSR), see <xref linkend=\"generating-a-csr\"/> "
9302
"for details. Once you have a CSR, enter the following to generate a "
9303
"certificate signed by the CA:"
9304
msgstr ""
9305
9306
#: serverguide/C/security.xml:1571(command)
9307
msgid "sudo openssl ca -in server.csr -config /etc/ssl/openssl.cnf"
9308
msgstr ""
9309
9310
#: serverguide/C/security.xml:1574(para)
9311
msgid ""
9312
"After entering the password for the CA key, you will be prompted to sign the "
9313
"certificate, and again to commit the new certificate. You should then see a "
9314
"somewhat large amount of output related to the certificate creation."
9315
msgstr ""
9316
9317
#: serverguide/C/security.xml:1583(para)
9318
msgid ""
9319
"There should now be a new file, "
9320
"<filename>/etc/ssl/newcerts/01.pem</filename>, containing the same output. "
9321
"Copy and paste everything beginning with the line: <emphasis>-----BEGIN "
9322
"CERTIFICATE-----</emphasis> and continuing through the line: <emphasis>----"
9323
"END CERTIFICATE-----</emphasis> lines to a file named after the hostname of "
9324
"the server where the certificate will be installed. For example "
9325
"<filename>mail.example.com.crt</filename>, is a nice descriptive name."
9326
msgstr ""
9327
9328
#: serverguide/C/security.xml:1591(para)
9329
msgid ""
9330
"Subsequent certificates will be named <filename>02.pem</filename>, "
9331
"<filename>03.pem</filename>, etc."
9332
msgstr ""
9333
9334
#: serverguide/C/security.xml:1596(para)
9335
msgid ""
9336
"Replace <emphasis>mail.example.com.crt</emphasis> with your own descriptive "
9337
"name."
9338
msgstr ""
9339
9340
#: serverguide/C/security.xml:1604(para)
9341
msgid ""
9342
"Finally, copy the new certificate to the host that needs it, and configure "
9343
"the appropriate applications to use it. The default location to install "
9344
"certificates is <filename role=\"directory\">/etc/ssl/certs</filename>. This "
9345
"enables multiple services to use the same certificate without overly "
9346
"complicated file permissions."
9347
msgstr ""
9348
9349
#: serverguide/C/security.xml:1610(para)
9350
msgid ""
9351
"For applications that can be configured to use a CA certificate, you should "
9352
"also copy the <filename>/etc/ssl/certs/cacert.pem</filename> file to the "
9353
"<filename role=\"directory\">/etc/ssl/certs/</filename> directory on each "
9354
"server."
9355
msgstr ""
9356
9357
#: serverguide/C/security.xml:1624(para)
9358
msgid ""
9359
"For more detailed instructions on using cryptography see the <ulink "
9360
"url=\"http://tldp.org/HOWTO/SSL-Certificates-HOWTO/index.html\">SSL "
9361
"Certificates HOWTO</ulink> by tlpd.org"
9362
msgstr ""
9363
9364
#: serverguide/C/security.xml:1630(para)
9365
msgid ""
9366
"<ulink url=\"http://www.pki-page.org/\">The PKI Page</ulink> contains a list "
9367
"of Certificate Authorities."
9368
msgstr ""
9369
9370
#: serverguide/C/security.xml:1635(para)
9371
msgid ""
9372
"The Wikipedia <ulink "
9373
"url=\"http://en.wikipedia.org/wiki/Https\">HTTPS</ulink> page has more "
9374
"information regarding HTTPS."
9375
msgstr ""
9376
9377
#: serverguide/C/security.xml:1640(para)
9378
msgid ""
9379
"For more information on <emphasis>OpenSSL</emphasis> see the <ulink "
9380
"url=\"http://www.openssl.org/\">OpenSSL Home Page</ulink>."
9381
msgstr ""
9382
9383
#: serverguide/C/security.xml:1645(para)
9384
msgid ""
9385
"Also, O'Reilly's <ulink "
9386
"url=\"http://oreilly.com/catalog/9780596002701/\">Network Security with "
9387
"OpenSSL</ulink> is a good in depth reference."
9388
msgstr ""
9389
9390
#: serverguide/C/security.xml:1654(title)
9391
msgid "eCryptfs"
9392
msgstr ""
9393
9394
#: serverguide/C/security.xml:1656(para)
9395
msgid ""
9396
"<emphasis>eCryptfs</emphasis> is a POSIX-compliant enterprise-class stacked "
9397
"cryptographic filesystem for Linux. Layering on top of the filesystem layer "
9398
"<emphasis>eCryptfs</emphasis> protects files no matter the underlying "
9399
"filesystem, partition type, etc."
9400
msgstr ""
9401
9402
#: serverguide/C/security.xml:1662(para)
9403
msgid ""
9404
"During installation there is an option to encrypt the <filename "
9405
"role=\"directory\">/home</filename> partition. This will automatically "
9406
"configure everything needed to encrypt and mount the partition."
9407
msgstr ""
9408
9409
#: serverguide/C/security.xml:1667(para)
9410
msgid ""
9411
"As an example, this section will cover configuring <filename "
9412
"role=\"directory\">/srv</filename> to be encrypted using eCryptfs."
9413
msgstr ""
9414
9415
#: serverguide/C/security.xml:1672(title)
9416
msgid "Using eCryptfs"
9417
msgstr ""
9418
9419
#: serverguide/C/security.xml:1674(para)
9420
msgid "First, install the necessary packages. From a terminal prompt enter:"
9421
msgstr ""
9422
9423
#: serverguide/C/security.xml:1679(command)
9424
msgid "sudo apt-get install ecryptfs-utils"
9425
msgstr ""
9426
9427
#: serverguide/C/security.xml:1682(para)
9428
msgid "Now mount the partition to be encrypted:"
9429
msgstr ""
9430
9431
#: serverguide/C/security.xml:1687(command)
9432
msgid "sudo mount -t ecryptfs /srv /srv"
9433
msgstr ""
9434
9435
#: serverguide/C/security.xml:1690(para)
9436
msgid ""
9437
"You will then be prompted for some details on how "
9438
"<application>ecryptfs</application> should encrypt the data."
9439
msgstr ""
9440
9441
#: serverguide/C/security.xml:1694(para)
9442
msgid ""
9443
"To test that files placed in <filename>/srv</filename> are indeed encrypted "
9444
"copy the <filename>/etc/default</filename> folder to "
9445
"<filename>/srv</filename>:"
9446
msgstr ""
9447
9448
#: serverguide/C/security.xml:1700(command) serverguide/C/clustering.xml:192(command)
9449
msgid "sudo cp -r /etc/default /srv"
9450
msgstr ""
9451
9452
#: serverguide/C/security.xml:1703(para)
9453
msgid "Now unmount <filename>/srv</filename>, and try to view a file:"
9454
msgstr ""
9455
9456
#: serverguide/C/security.xml:1708(command) serverguide/C/installation.xml:1138(command) serverguide/C/clustering.xml:200(command)
9457
msgid "sudo umount /srv"
9458
msgstr ""
9459
9460
#: serverguide/C/security.xml:1709(command)
9461
msgid "cat /srv/default/cron"
9462
msgstr ""
9463
9464
#: serverguide/C/security.xml:1712(para)
9465
msgid ""
9466
"Remounting <filename>/srv</filename> using "
9467
"<application>ecryptfs</application> will make the data viewable once again."
9468
msgstr ""
9469
9470
#: serverguide/C/security.xml:1718(title)
9471
msgid "Automatically Mounting Encrypted Partitions"
9472
msgstr ""
9473
9474
#: serverguide/C/security.xml:1720(para)
9475
msgid ""
9476
"There are a couple of ways to automatically mount an "
9477
"<application>ecryptfs</application> encrypted filesystem at boot. This "
9478
"example will use a <filename>/root/.ecryptfsrc</filename> file containing "
9479
"mount options, along with a passphrase file residing on a USB key."
9480
msgstr ""
9481
9482
#: serverguide/C/security.xml:1726(para)
9483
msgid "First, create <filename>/root/.ecryptfsrc</filename> containing:"
9484
msgstr ""
9485
9486
#: serverguide/C/security.xml:1730(programlisting)
9487
#, no-wrap
9488
msgid ""
9489
"\n"
9490
"key=passphrase:passphrase_passwd_file=/mnt/usb/passwd_file.txt\n"
9491
"ecryptfs_sig=5826dd62cf81c615\n"
9492
"ecryptfs_cipher=aes\n"
9493
"ecryptfs_key_bytes=16\n"
9494
"ecryptfs_passthrough=n\n"
9495
"ecryptfs_enable_filename_crypto=n\n"
9496
msgstr ""
9497
9498
#: serverguide/C/security.xml:1740(para)
9499
msgid ""
9500
"Adjust the <emphasis>ecryptfs_sig</emphasis> to the signature in "
9501
"<filename>/root/.ecryptfs/sig-cache.txt</filename>."
9502
msgstr ""
9503
9504
#: serverguide/C/security.xml:1745(para)
9505
msgid ""
9506
"Next, create the <filename>/mnt/usb/passwd_file.txt</filename> passphrase "
9507
"file:"
9508
msgstr ""
9509
9510
#: serverguide/C/security.xml:1749(programlisting)
9511
#, no-wrap
9512
msgid ""
9513
"\n"
9514
"passphrase_passwd=[secrets]\n"
9515
msgstr ""
9516
9517
#: serverguide/C/security.xml:1753(para)
9518
msgid "Now add the necessary lines to <filename>/etc/fstab</filename>:"
9519
msgstr ""
9520
9521
#: serverguide/C/security.xml:1757(programlisting)
9522
#, no-wrap
9523
msgid ""
9524
"\n"
9525
"/dev/sdb1 /mnt/usb ext3 ro 0 0\n"
9526
"/srv /srv ecryptfs defaults 0 0\n"
9527
msgstr ""
9528
9529
#: serverguide/C/security.xml:1762(para)
9530
msgid "Make sure the USB drive is mounted before the encrypted partition."
9531
msgstr ""
9532
9533
#: serverguide/C/security.xml:1766(para)
9534
msgid ""
9535
"Finally, reboot and the <filename>/srv</filename> should be mounted using "
9536
"ecryptfs."
9537
msgstr ""
9538
9539
#: serverguide/C/security.xml:1774(para)
9540
msgid ""
9541
"The <application>ecryptfs-utils</application> package includes several other "
9542
"useful utilities:"
9543
msgstr ""
9544
9545
#: serverguide/C/security.xml:1780(para)
9546
msgid ""
9547
"<emphasis>ecryptfs-setup-private:</emphasis> creates a "
9548
"<filename>~/Private</filename> directory to contain encrypted information. "
9549
"This utility can be run by unprivileged users to keep data private from "
9550
"other users on the system."
9551
msgstr ""
9552
9553
#: serverguide/C/security.xml:1787(para)
9554
msgid ""
9555
"<emphasis>ecryptfs-mount-private and ecryptfs-umount-private:</emphasis> "
9556
"will mount and unmount respectively, a users <filename>~/Private</filename> "
9557
"directory."
9558
msgstr ""
9559
9560
#: serverguide/C/security.xml:1793(para)
9561
msgid ""
9562
"<emphasis>ecryptfs-add-passphrase:</emphasis> adds a new passphrase to the "
9563
"kernel keyring."
9564
msgstr ""
9565
9566
#: serverguide/C/security.xml:1798(para)
9567
msgid ""
9568
"<emphasis>ecryptfs-manager:</emphasis> manages "
9569
"<application>eCryptfs</application> objects such as keys."
9570
msgstr ""
9571
9572
#: serverguide/C/security.xml:1803(para)
9573
msgid ""
9574
"<emphasis>ecryptfs-stat:</emphasis> allows you to view the "
9575
"<application>ecryptfs</application> meta information for a file."
9576
msgstr ""
9577
9578
#: serverguide/C/security.xml:1816(para)
9579
msgid ""
9580
"For more information on eCryptfs see the <ulink "
9581
"url=\"https://launchpad.net/ecryptfs\">Launchpad project page</ulink>."
9582
msgstr ""
9583
9584
#: serverguide/C/security.xml:1821(para)
9585
msgid ""
9586
"There is also a <ulink "
9587
"url=\"http://www.linuxjournal.com/article/9400\">Linux Journal</ulink> "
9588
"article covering eCryptfs."
9589
msgstr ""
9590
9591
#: serverguide/C/security.xml:1826(para)
9592
msgid ""
9593
"Also, for more <application>ecryptfs</application> options see the <ulink "
9594
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man7/ecryptfs.7.html\">"
9595
"ecryptfs man page</ulink>."
9596
msgstr ""
9597
9598
#: serverguide/C/security.xml:1832(para)
9599
msgid ""
9600
"The <ulink url=\"https://help.ubuntu.com/community/eCryptfs\">eCryptfs "
9601
"Ubuntu Wiki</ulink> page also has more details."
9602
msgstr ""
9603
9604
#: serverguide/C/reporting-bugs.xml:13(title)
9605
msgid "Appendix"
9606
msgstr ""
9607
9608
#: serverguide/C/reporting-bugs.xml:16(title)
9609
msgid "Reporting Bugs in Ubuntu Server Edition"
9610
msgstr ""
9611
9612
#: serverguide/C/reporting-bugs.xml:18(para)
9613
msgid ""
9614
"While the Ubuntu Project attempts to release software with as few bugs as "
9615
"possible, they do occur. You can help fix these bugs by reporting ones that "
9616
"you find to the project. The Ubuntu Project uses <ulink "
9617
"url=\"https://launchpad.net/\">Launchpad</ulink> to track its bug reports. "
9618
"In order to file a bug about Ubuntu Server on Launchpad, you will need to "
9619
"<ulink url=\"https://help.launchpad.net/YourAccount/NewAccount\">create an "
9620
"account</ulink>."
9621
msgstr ""
9622
9623
#: serverguide/C/reporting-bugs.xml:30(title)
9624
msgid "Reporting Bugs With ubuntu-bug"
9625
msgstr ""
9626
9627
#: serverguide/C/reporting-bugs.xml:32(para)
9628
msgid ""
9629
"The preferred way to report a bug is with the <application>ubuntu-"
9630
"bug</application> command. The ubuntu-bug tool gathers information about the "
9631
"system useful to developers in diagnosing the reported problem that will "
9632
"then be included in the bug report filed on Launchpad. Bug reports in Ubuntu "
9633
"need to be filed against a specific software package, thus the name of the "
9634
"package that the bug occurs in needs to be given to ubuntu-bug:"
9635
msgstr ""
9636
9637
#: serverguide/C/reporting-bugs.xml:43(command)
9638
msgid "ubuntu-bug PACKAGENAME"
9639
msgstr ""
9640
9641
#: serverguide/C/reporting-bugs.xml:46(para)
9642
msgid ""
9643
"For example, to file a bug against the openssh-server package, you would do:"
9644
msgstr ""
9645
9646
#: serverguide/C/reporting-bugs.xml:51(command)
9647
msgid "ubuntu-bug openssh-server"
9648
msgstr ""
9649
9650
#: serverguide/C/reporting-bugs.xml:54(para)
9651
msgid ""
9652
"You can specify either a binary package or the source package for ubuntu-"
9653
"bug. Again using openssh-server as an example, you could also generate the "
9654
"report against the source package for openssh-server, openssh:"
9655
msgstr ""
9656
9657
#: serverguide/C/reporting-bugs.xml:62(command)
9658
msgid "ubuntu-bug openssh"
9659
msgstr ""
9660
9661
#: serverguide/C/reporting-bugs.xml:66(para)
9662
msgid ""
9663
"See <xref linkend=\"package-management\"/> for more information about "
9664
"packages in Ubuntu."
9665
msgstr ""
9666
9667
#: serverguide/C/reporting-bugs.xml:72(para)
9668
msgid ""
9669
"The ubuntu-bug command will gather information about the system in question, "
9670
"possibly including information specific to the specified package, and then "
9671
"ask you what you would like to do with collected information:"
9672
msgstr ""
9673
9674
#: serverguide/C/reporting-bugs.xml:80(command)
9675
msgid "ubuntu-bug postgresql"
9676
msgstr ""
9677
9678
#: serverguide/C/reporting-bugs.xml:79(screen)
9679
#, no-wrap
9680
msgid ""
9681
"\n"
9682
"<placeholder-1/>\n"
9683
"\n"
9684
"*** Collecting problem information\n"
9685
"\n"
9686
"The collected information can be sent to the developers to improve the\n"
9687
"application. This might take a few minutes.\n"
9688
"..........\n"
9689
"\n"
9690
"*** Send problem report to the developers?\n"
9691
"\n"
9692
"After the problem report has been sent, please fill out the form in the\n"
9693
"automatically opened web browser.\n"
9694
"\n"
9695
"What would you like to do? Your options are:\n"
9696
" S: Send report (1.7 KiB)\n"
9697
" V: View report\n"
9698
" K: Keep report file for sending later or copying to somewhere else\n"
9699
" C: Cancel\n"
9700
"Please choose (S/V/K/C):\n"
9701
msgstr ""
9702
9703
#: serverguide/C/reporting-bugs.xml:101(para)
9704
msgid "The options available are:"
9705
msgstr ""
9706
9707
#: serverguide/C/reporting-bugs.xml:108(para)
9708
msgid ""
9709
"<emphasis role=\"bold\">Send Report</emphasis> Selecting Send Report submits "
9710
"the collected information to Launchpad as part of the the process of filing "
9711
"a bug report. You will be given the opportunity to describe the situation "
9712
"that led up to the occurrence of the bug."
9713
msgstr ""
9714
9715
#: serverguide/C/reporting-bugs.xml:115(screen)
9716
#, no-wrap
9717
msgid ""
9718
"\n"
9719
"*** Uploading problem information\n"
9720
"\n"
9721
"The collected information is being sent to the bug tracking system.\n"
9722
"This might take a few minutes.\n"
9723
"91%\n"
9724
"\n"
9725
"*** To continue, you must visit the following URL:\n"
9726
"\n"
9727
" https://bugs.launchpad.net/ubuntu/+source/postgresql-"
9728
"8.4/+filebug/kc6eSnTLnLxF8u0t3e56EukFeqJ?\n"
9729
"\n"
9730
"You can launch a browser now, or copy this URL into a browser on another\n"
9731
"computer.\n"
9732
"\n"
9733
"Choices:\n"
9734
" 1: Launch a browser now\n"
9735
" C: Cancel\n"
9736
"Please choose (1/C):\n"
9737
msgstr ""
9738
9739
#: serverguide/C/reporting-bugs.xml:135(para)
9740
msgid ""
9741
"If you choose to start a browser, by default the text based web browser "
9742
"<application>w3m</application> will be used to finish filing the bug report. "
9743
"Alternately, you can copy the given URL to a currently running web browser."
9744
msgstr ""
9745
9746
#: serverguide/C/reporting-bugs.xml:144(para)
9747
msgid ""
9748
"<emphasis role=\"bold\">View Report</emphasis> Selecting View Report causes "
9749
"the collected information to be displayed to the terminal for review."
9750
msgstr ""
9751
9752
#: serverguide/C/reporting-bugs.xml:150(screen)
9753
#, no-wrap
9754
msgid ""
9755
"\n"
9756
"Package: postgresql 8.4.2-2\n"
9757
"PackageArchitecture: all\n"
9758
"Tags: lucid\n"
9759
"ProblemType: Bug\n"
9760
"ProcEnviron:\n"
9761
" LANG=en_US.UTF-8\n"
9762
" SHELL=/bin/bash\n"
9763
"Uname: Linux 2.6.32-16-server x86_64\n"
9764
"Dependencies:\n"
9765
" adduser 3.112ubuntu1\n"
9766
" base-files 5.0.0ubuntu10\n"
9767
" base-passwd 3.5.22\n"
9768
" coreutils 7.4-2ubuntu2\n"
9769
"...\n"
9770
msgstr ""
9771
9772
#: serverguide/C/reporting-bugs.xml:167(para)
9773
msgid ""
9774
"After viewing the report, you will be brought back to the same menu asking "
9775
"what you would like to do with the report."
9776
msgstr ""
9777
9778
#: serverguide/C/reporting-bugs.xml:174(para)
9779
msgid ""
9780
"<emphasis role=\"bold\">Keep Report File</emphasis> Selecting Keep Report "
9781
"File causes the gathered information to be written to a file. This file can "
9782
"then be used to later file a bug report or transferred to a different Ubuntu "
9783
"system for reporting. To submit the report file, simply give it as an "
9784
"argument to the ubuntu-bug command:"
9785
msgstr ""
9786
9787
#: serverguide/C/reporting-bugs.xml:189(userinput)
9788
#, no-wrap
9789
msgid "k"
9790
msgstr ""
9791
9792
#: serverguide/C/reporting-bugs.xml:192(command)
9793
msgid "ubuntu-bug /tmp/apport.postgresql.v4MQas.apport"
9794
msgstr ""
9795
9796
#: serverguide/C/reporting-bugs.xml:183(screen)
9797
#, no-wrap
9798
msgid ""
9799
"\n"
9800
"What would you like to do? Your options are:\n"
9801
" S: Send report (1.7 KiB)\n"
9802
" V: View report\n"
9803
" K: Keep report file for sending later or copying to somewhere else\n"
9804
" C: Cancel\n"
9805
"Please choose (S/V/K/C): <placeholder-1/>\n"
9806
"Problem report file: /tmp/apport.postgresql.v4MQas.apport\n"
9807
"\n"
9808
"<placeholder-2/>\n"
9809
"\n"
9810
"*** Send problem report to the developers?\n"
9811
"...\n"
9812
msgstr ""
9813
9814
#: serverguide/C/reporting-bugs.xml:200(para)
9815
msgid ""
9816
"<emphasis role=\"bold\">Cancel</emphasis> Selecting Cancel causes the "
9817
"collected information to be discarded."
9818
msgstr ""
9819
9820
#: serverguide/C/reporting-bugs.xml:210(title)
9821
msgid "Reporting Application Crashes"
9822
msgstr ""
9823
9824
#: serverguide/C/reporting-bugs.xml:212(para)
9825
msgid ""
9826
"The software package that provides the ubuntu-bug utility, "
9827
"<application>apport</application>, can be configured to trigger when "
9828
"applications crash. This is disabled by default, as capturing a crash can be "
9829
"resource intensive depending on how much memory the application that crashed "
9830
"was using as apport captures and processes the core dump."
9831
msgstr ""
9832
9833
#: serverguide/C/reporting-bugs.xml:221(para)
9834
msgid ""
9835
"Configuring apport to capture information about crashing applications "
9836
"requires a couple of steps. First, <application>gdb</application> needs to "
9837
"be installed; it is not installed by default in Ubuntu Server Edition."
9838
msgstr ""
9839
9840
#: serverguide/C/reporting-bugs.xml:229(command)
9841
msgid "sudo apt-get install gdb"
9842
msgstr ""
9843
9844
#: serverguide/C/reporting-bugs.xml:232(para)
9845
msgid ""
9846
"See <xref linkend=\"package-management\"/> for more information about "
9847
"managing packages in Ubuntu."
9848
msgstr ""
9849
9850
#: serverguide/C/reporting-bugs.xml:237(para)
9851
msgid ""
9852
"Once you have ensured that gdb is installed, open the file "
9853
"<filename>/etc/default/apport</filename> in your text editor, and change the "
9854
"<emphasis>enabled</emphasis> setting to be <emphasis "
9855
"role=\"bold\">1</emphasis> like so:"
9856
msgstr ""
9857
9858
#: serverguide/C/reporting-bugs.xml:244(programlisting)
9859
#, no-wrap
9860
msgid ""
9861
"\n"
9862
"# set this to 0 to disable apport, or to 1 to enable it\n"
9863
"# you can temporarily override this with\n"
9864
"# sudo service apport start force_start=1\n"
9865
"enabled=<userinput>1</userinput>\n"
9866
"\n"
9867
"# set maximum core dump file size (default: 209715200 bytes == 200 MB)\n"
9868
"maxsize=209715200\n"
9869
msgstr ""
9870
9871
#: serverguide/C/reporting-bugs.xml:254(para)
9872
msgid ""
9873
"Once you have completed editing <filename>/etc/default/apport</filename>, "
9874
"start the apport service:"
9875
msgstr ""
9876
9877
#: serverguide/C/reporting-bugs.xml:261(command)
9878
msgid "sudo start apport"
9879
msgstr ""
9880
9881
#: serverguide/C/reporting-bugs.xml:264(para)
9882
msgid ""
9883
"After an application crashes, use the <application>apport-cli</application> "
9884
"command to search for the existing saved crash report information:"
9885
msgstr ""
9886
9887
#: serverguide/C/reporting-bugs.xml:271(command)
9888
msgid "apport-cli"
9889
msgstr ""
9890
9891
#: serverguide/C/reporting-bugs.xml:270(screen)
9892
#, no-wrap
9893
msgid ""
9894
"\n"
9895
"<placeholder-1/>\n"
9896
"\n"
9897
"*** dash closed unexpectedly on 2010-03-11 at 21:40:59.\n"
9898
"\n"
9899
"If you were not doing anything confidential (entering passwords or other\n"
9900
"private information), you can help to improve the application by\n"
9901
"reporting\n"
9902
"the problem.\n"
9903
"\n"
9904
"What would you like to do? Your options are:\n"
9905
" R: Report Problem...\n"
9906
" I: Cancel and ignore future crashes of this program version\n"
9907
" C: Cancel\n"
9908
"Please choose (R/I/C):\n"
9909
msgstr ""
9910
9911
#: serverguide/C/reporting-bugs.xml:287(para)
9912
msgid ""
9913
"Selecting <emphasis>Report Problem</emphasis> will walk you through similar "
9914
"steps as when using ubuntu-bug. One important difference is that a crash "
9915
"report will be marked as private when filed on Launchpad, meaning that it "
9916
"will be visible to only a limited set of bug triagers. These triagers will "
9917
"review the gathered data for private information before making the bug "
9918
"report publicly visible."
9919
msgstr ""
9920
9921
#: serverguide/C/reporting-bugs.xml:307(para)
9922
msgid ""
9923
"See the <ulink "
9924
"url=\"https://help.ubuntu.com/community/ReportingBugs\">Reporting "
9925
"Bugs</ulink> Ubuntu wiki page."
9926
msgstr ""
9927
9928
#: serverguide/C/reporting-bugs.xml:313(para)
9929
msgid ""
9930
"Also, the <ulink url=\"https://wiki.ubuntu.com/Apport\">Apport</ulink> page "
9931
"has some useful information. Though some of it pertains to using a GUI."
9932
msgstr ""
9933
9934
#: serverguide/C/remote-administration.xml:13(title)
9935
msgid "Remote Administration"
9936
msgstr ""
9937
9938
#: serverguide/C/remote-administration.xml:14(para)
9939
msgid ""
9940
"There are many ways to remotely administer a Linux server. This chapter will "
9941
"cover one of the most popular <application>OpenSSH</application>."
9942
msgstr ""
9943
9944
#: serverguide/C/remote-administration.xml:22(para)
9945
msgid ""
9946
"This section of the Ubuntu Server Guide introduces a powerful collection of "
9947
"tools for the remote control of networked computers and transfer of data "
9948
"between networked computers, called <emphasis>OpenSSH</emphasis>. You will "
9949
"also learn about some of the configuration settings possible with the "
9950
"OpenSSH server application and how to change them on your Ubuntu system."
9951
msgstr ""
9952
9953
#: serverguide/C/remote-administration.xml:29(para)
9954
msgid ""
9955
"OpenSSH is a freely available version of the Secure Shell (SSH) protocol "
9956
"family of tools for remotely controlling a computer or transferring files "
9957
"between computers. Traditional tools used to accomplish these functions, "
9958
"such as <application>telnet</application> or <application>rcp</application>, "
9959
"are insecure and transmit the user's password in cleartext when used. "
9960
"OpenSSH provides a server daemon and client tools to facilitate secure, "
9961
"encrypted remote control and file transfer operations, effectively replacing "
9962
"the legacy tools."
9963
msgstr ""
9964
9965
#: serverguide/C/remote-administration.xml:38(para)
9966
msgid ""
9967
"The OpenSSH server component, <application>sshd</application>, listens "
9968
"continuously for client connections from any of the client tools. When a "
9969
"connection request occurs, <application>sshd</application> sets up the "
9970
"correct connection depending on the type of client tool connecting. For "
9971
"example, if the remote computer is connecting with the "
9972
"<application>ssh</application> client application, the OpenSSH server sets "
9973
"up a remote control session after authentication. If a remote user connects "
9974
"to an OpenSSH server with <application>scp</application>, the OpenSSH server "
9975
"daemon initiates a secure copy of files between the server and client after "
9976
"authentication. OpenSSH can use many authentication methods, including plain "
9977
"password, public key, and <application>Kerberos</application> tickets."
9978
msgstr ""
9979
9980
#: serverguide/C/remote-administration.xml:52(para)
9981
msgid ""
9982
"Installation of the OpenSSH client and server applications is simple. To "
9983
"install the OpenSSH client applications on your Ubuntu system, use this "
9984
"command at a terminal prompt:"
9985
msgstr ""
9986
9987
#: serverguide/C/remote-administration.xml:58(command)
9988
msgid "sudo apt-get install openssh-client"
9989
msgstr ""
9990
9991
#: serverguide/C/remote-administration.xml:60(para)
9992
msgid ""
9993
"To install the OpenSSH server application, and related support files, use "
9994
"this command at a terminal prompt:"
9995
msgstr ""
9996
9997
#: serverguide/C/remote-administration.xml:65(command)
9998
msgid "sudo apt-get install openssh-server"
9999
msgstr ""
10000
10001
#: serverguide/C/remote-administration.xml:67(para)
10002
msgid ""
10003
"The <application>openssh-server</application> package can also be selected "
10004
"to install during the Server Edition installation process."
10005
msgstr ""
10006
10007
#: serverguide/C/remote-administration.xml:74(para)
10008
msgid ""
10009
"You may configure the default behavior of the OpenSSH server application, "
10010
"<application>sshd</application>, by editing the file "
10011
"<filename>/etc/ssh/sshd_config</filename>. For information about the "
10012
"configuration directives used in this file, you may view the appropriate "
10013
"manual page with the following command, issued at a terminal prompt:"
10014
msgstr ""
10015
10016
#: serverguide/C/remote-administration.xml:82(command)
10017
msgid "man sshd_config"
10018
msgstr ""
10019
10020
#: serverguide/C/remote-administration.xml:84(para)
10021
msgid ""
10022
"There are many directives in the <application>sshd</application> "
10023
"configuration file controlling such things as communication settings and "
10024
"authentication modes. The following are examples of configuration directives "
10025
"that can be changed by editing the <filename>/etc/ssh/sshd_config</filename> "
10026
"file."
10027
msgstr ""
10028
10029
#: serverguide/C/remote-administration.xml:91(para)
10030
msgid ""
10031
"Prior to editing the configuration file, you should make a copy of the "
10032
"original file and protect it from writing so you will have the original "
10033
"settings as a reference and to reuse as necessary."
10034
msgstr ""
10035
10036
#: serverguide/C/remote-administration.xml:95(para)
10037
msgid ""
10038
"Copy the <filename>/etc/ssh/sshd_config</filename> file and protect it from "
10039
"writing with the following commands, issued at a terminal prompt:"
10040
msgstr ""
10041
10042
#: serverguide/C/remote-administration.xml:100(command)
10043
msgid "sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original"
10044
msgstr ""
10045
10046
#: serverguide/C/remote-administration.xml:101(command)
10047
msgid "sudo chmod a-w /etc/ssh/sshd_config.original"
10048
msgstr ""
10049
10050
#: serverguide/C/remote-administration.xml:103(para)
10051
msgid ""
10052
"The following are examples of configuration directives you may change:"
10053
msgstr ""
10054
10055
#: serverguide/C/remote-administration.xml:108(para)
10056
msgid ""
10057
"To set your OpenSSH to listen on TCP port 2222 instead of the default TCP "
10058
"port 22, change the Port directive as such:"
10059
msgstr ""
10060
10061
#: serverguide/C/remote-administration.xml:112(para)
10062
msgid "Port 2222"
10063
msgstr ""
10064
10065
#: serverguide/C/remote-administration.xml:117(para)
10066
msgid ""
10067
"To have <application>sshd</application> allow public key-based login "
10068
"credentials, simply add or modify the line:"
10069
msgstr ""
10070
10071
#: serverguide/C/remote-administration.xml:121(para)
10072
msgid "PubkeyAuthentication yes"
10073
msgstr ""
10074
10075
#: serverguide/C/remote-administration.xml:124(para)
10076
msgid ""
10077
"In the <filename>/etc/ssh/sshd_config</filename> file, or if already "
10078
"present, ensure the line is not commented out."
10079
msgstr ""
10080
10081
#: serverguide/C/remote-administration.xml:130(para)
10082
msgid ""
10083
"To make your OpenSSH server display the contents of the "
10084
"<filename>/etc/issue.net</filename> file as a pre-login banner, simply add "
10085
"or modify the line:"
10086
msgstr ""
10087
10088
#: serverguide/C/remote-administration.xml:135(para)
10089
msgid "Banner /etc/issue.net"
10090
msgstr ""
10091
10092
#: serverguide/C/remote-administration.xml:138(para)
10093
msgid "In the <filename>/etc/ssh/sshd_config</filename> file."
10094
msgstr ""
10095
10096
#: serverguide/C/remote-administration.xml:143(para)
10097
msgid ""
10098
"After making changes to the <filename>/etc/ssh/sshd_config</filename> file, "
10099
"save the file, and restart the <application>sshd</application> server "
10100
"application to effect the changes using the following command at a terminal "
10101
"prompt:"
10102
msgstr ""
10103
10104
#: serverguide/C/remote-administration.xml:152(para)
10105
msgid ""
10106
"Many other configuration directives for <application>sshd</application> are "
10107
"available for changing the server application's behavior to fit your needs. "
10108
"Be advised, however, if your only method of access to a server is "
10109
"<application>ssh</application>, and you make a mistake in configuring "
10110
"<application>sshd</application> via the "
10111
"<filename>/etc/ssh/sshd_config</filename> file, you may find you are locked "
10112
"out of the server upon restarting it, or that the "
10113
"<application>sshd</application> server refuses to start due to an incorrect "
10114
"configuration directive, so be extra careful when editing this file on a "
10115
"remote server."
10116
msgstr ""
10117
10118
#: serverguide/C/remote-administration.xml:167(title)
10119
msgid "SSH Keys"
10120
msgstr ""
10121
10122
#: serverguide/C/remote-administration.xml:168(para)
10123
msgid ""
10124
"SSH <emphasis>keys</emphasis> allow authentication between two hosts without "
10125
"the need of a password. SSH key authentication uses two keys a "
10126
"<emphasis>private</emphasis> key and a <emphasis>public</emphasis> key."
10127
msgstr ""
10128
10129
#: serverguide/C/remote-administration.xml:172(para)
10130
msgid "To generate the keys, from a terminal prompt enter:"
10131
msgstr ""
10132
10133
#: serverguide/C/remote-administration.xml:176(command)
10134
msgid "ssh-keygen -t dsa"
10135
msgstr ""
10136
10137
#: serverguide/C/remote-administration.xml:178(para)
10138
msgid ""
10139
"This will generate the keys using a <emphasis>DSA</emphasis> authentication "
10140
"identity of the user. During the process you will be prompted for a "
10141
"password. Simply hit <emphasis>Enter</emphasis> when prompted to create the "
10142
"key."
10143
msgstr ""
10144
10145
#: serverguide/C/remote-administration.xml:182(para)
10146
msgid ""
10147
"By default the <emphasis>public</emphasis> key is saved in the file "
10148
"<filename>~/.ssh/id_dsa.pub</filename>, while "
10149
"<filename>~/.ssh/id_dsa</filename> is the <emphasis>private</emphasis> key. "
10150
"Now copy the <filename>id_dsa.pub</filename> file to the remote host and "
10151
"append it to <filename>~/.ssh/authorized_keys</filename> by entering:"
10152
msgstr ""
10153
10154
#: serverguide/C/remote-administration.xml:188(command)
10155
msgid "ssh-copy-id username@remotehost"
10156
msgstr ""
10157
10158
#: serverguide/C/remote-administration.xml:190(para)
10159
msgid ""
10160
"Finally, double check the permissions on the "
10161
"<filename>authorized_keys</filename> file, only the authenticated user "
10162
"should have read and write permissions. If the permissions are not correct "
10163
"change them by:"
10164
msgstr ""
10165
10166
#: serverguide/C/remote-administration.xml:195(command)
10167
msgid "chmod 600 .ssh/authorized_keys"
10168
msgstr ""
10169
10170
#: serverguide/C/remote-administration.xml:197(para)
10171
msgid ""
10172
"You should now be able to SSH to the host without being prompted for a "
10173
"password."
10174
msgstr ""
10175
10176
#: serverguide/C/remote-administration.xml:206(para)
10177
msgid ""
10178
"<ulink url=\"https://help.ubuntu.com/community/SSH\">Ubuntu Wiki SSH</ulink> "
10179
"page."
10180
msgstr ""
10181
10182
#: serverguide/C/remote-administration.xml:212(ulink)
10183
msgid "OpenSSH Website"
10184
msgstr ""
10185
10186
#: serverguide/C/remote-administration.xml:217(ulink)
10187
msgid "Advanced OpenSSH Wiki Page"
10188
msgstr ""
10189
10190
#: serverguide/C/package-management.xml:13(title)
10191
msgid "Package Management"
10192
msgstr ""
10193
10194
#: serverguide/C/package-management.xml:14(para)
10195
msgid ""
10196
"Ubuntu features a comprehensive package management system for the "
10197
"installation, upgrade, configuration, and removal of software. In addition "
10198
"to providing access to an organized base of over 24,000 software packages "
10199
"for your Ubuntu computer, the package management facilities also feature "
10200
"dependency resolution capabilities and software update checking."
10201
msgstr ""
10202
10203
#: serverguide/C/package-management.xml:16(para)
10204
msgid ""
10205
"Several tools are available for interacting with Ubuntu's package management "
10206
"system, from simple command-line utilities which may be easily automated by "
10207
"system administrators, to a simple graphical interface which is easy to use "
10208
"by those new to Ubuntu."
10209
msgstr ""
10210
10211
#: serverguide/C/package-management.xml:21(para)
10212
msgid ""
10213
"Ubuntu's package management system is derived from the same system used by "
10214
"the Debian GNU/Linux distribution. The package files contain all of the "
10215
"necessary files, meta-data, and instructions to implement a particular "
10216
"functionality or software application on your Ubuntu computer."
10217
msgstr ""
10218
10219
#: serverguide/C/package-management.xml:24(para)
10220
msgid ""
10221
"Debian package files typically have the extension '.deb', and typically "
10222
"exist in <emphasis role=\"italics\">repositories</emphasis> which are "
10223
"collections of packages found on various media, such as CD-ROM discs, or "
10224
"online. Packages are normally of the pre-compiled binary format; thus "
10225
"installation is quick and requires no compiling of software."
10226
msgstr ""
10227
10228
#: serverguide/C/package-management.xml:27(para)
10229
msgid ""
10230
"Many complex packages use the concept of <emphasis "
10231
"role=\"italics\">dependencies</emphasis>. Dependencies are additional "
10232
"packages required by the principal package in order to function properly. "
10233
"For example, the speech synthesis package "
10234
"<application>Festival</application> depends upon the package "
10235
"<application>libasound2</application>, which is a package supplying the "
10236
"<application>ALSA</application> sound library needed for audio playback. In "
10237
"order for <application>Festival</application> to function, it and all of its "
10238
"dependencies must be installed. The software management tools in Ubuntu will "
10239
"do this automatically."
10240
msgstr ""
10241
10242
#: serverguide/C/package-management.xml:32(title)
10243
msgid "dpkg"
10244
msgstr ""
10245
10246
#: serverguide/C/package-management.xml:34(para)
10247
msgid ""
10248
"<application>dpkg</application> is a package manager for "
10249
"<emphasis>Debian</emphasis> based systems. It can install, remove, and build "
10250
"packages, but unlike other package management system's it can not "
10251
"automatically download and install packages and their dependencies. This "
10252
"section covers using <application>dpkg</application> to manage locally "
10253
"installed packages:"
10254
msgstr ""
10255
10256
#: serverguide/C/package-management.xml:43(para)
10257
msgid ""
10258
"To list all packages installed on the system, from a terminal prompt enter:"
10259
msgstr ""
10260
10261
#: serverguide/C/package-management.xml:48(command)
10262
msgid "dpkg -l"
10263
msgstr ""
10264
10265
#: serverguide/C/package-management.xml:54(para)
10266
msgid ""
10267
"Depending on the amount of packages on your system, this can generate a "
10268
"large amount of output. Pipe the output through "
10269
"<application>grep</application> to see if a specific package is installed:"
10270
msgstr ""
10271
10272
#: serverguide/C/package-management.xml:60(command)
10273
msgid "dpkg -l | grep apache2"
10274
msgstr ""
10275
10276
#: serverguide/C/package-management.xml:63(para)
10277
msgid ""
10278
"Replace <emphasis>apache2</emphasis> with any package name, part of a "
10279
"package name, or other regular expression."
10280
msgstr ""
10281
10282
#: serverguide/C/package-management.xml:70(para)
10283
msgid ""
10284
"To list the files installed by a package, in this case the "
10285
"<application>ufw</application> package, enter:"
10286
msgstr ""
10287
10288
#: serverguide/C/package-management.xml:75(command)
10289
msgid "dpkg -L ufw"
10290
msgstr ""
10291
10292
#: serverguide/C/package-management.xml:81(para)
10293
msgid ""
10294
"If you are not sure which package installed a file, <application>dpkg -"
10295
"S</application> may be able to tell you. For example:"
10296
msgstr ""
10297
10298
#: serverguide/C/package-management.xml:87(command)
10299
msgid "dpkg -S /etc/host.conf"
10300
msgstr ""
10301
10302
#: serverguide/C/package-management.xml:88(computeroutput)
10303
#, no-wrap
10304
msgid "base-files: /etc/host.conf"
10305
msgstr ""
10306
10307
#: serverguide/C/package-management.xml:91(para)
10308
msgid ""
10309
"The output shows that the <filename>/etc/host.conf</filename> belongs to the "
10310
"<application>base-files</application> package."
10311
msgstr ""
10312
10313
#: serverguide/C/package-management.xml:96(para)
10314
msgid ""
10315
"Many files are automatically generated during the package install process, "
10316
"and even though they are on the filesystem <command>dpkg -S</command> may "
10317
"not know which package they belong to."
10318
msgstr ""
10319
10320
#: serverguide/C/package-management.xml:105(para)
10321
msgid "You can install a local <emphasis>.deb</emphasis> file by entering:"
10322
msgstr ""
10323
10324
#: serverguide/C/package-management.xml:110(command)
10325
msgid "sudo dpkg -i zip_2.32-1_i386.deb"
10326
msgstr ""
10327
10328
#: serverguide/C/package-management.xml:113(para)
10329
msgid ""
10330
"Change <filename>zip_2.32-1_i386.deb</filename> to the actual file name of "
10331
"the local .deb file."
10332
msgstr ""
10333
10334
#: serverguide/C/package-management.xml:120(para)
10335
msgid "Uninstalling a package can be accomplished by:"
10336
msgstr ""
10337
10338
#: serverguide/C/package-management.xml:125(command)
10339
msgid "sudo dpkg -r zip"
10340
msgstr ""
10341
10342
#: serverguide/C/package-management.xml:129(para)
10343
msgid ""
10344
"Uninstalling packages using <application>dpkg</application>, in most cases, "
10345
"is <emphasis>NOT</emphasis> recommended. It is better to use a package "
10346
"manager that handles dependencies, to ensure that the system is in a "
10347
"consistent state. For example using <command>dpkg -r</command> you can "
10348
"remove the <application>zip</application> package, but any packages that "
10349
"depend on it will still be installed and may no longer function correctly."
10350
msgstr ""
10351
10352
#: serverguide/C/package-management.xml:140(para)
10353
msgid ""
10354
"For more <application>dpkg</application> options see the man page: "
10355
"<command>man dpkg</command>."
10356
msgstr ""
10357
10358
#: serverguide/C/package-management.xml:146(title)
10359
msgid "Apt-Get"
10360
msgstr ""
10361
10362
#: serverguide/C/package-management.xml:147(para)
10363
msgid ""
10364
"The <application>apt-get</application> command is a powerful command-line "
10365
"tool used to work with Ubuntu's <emphasis>Advanced Packaging Tool</emphasis> "
10366
"(APT) performing such functions as installation of new software packages, "
10367
"upgrade of existing software packages, updating of the package list index, "
10368
"and even upgrading the entire Ubuntu system."
10369
msgstr ""
10370
10371
#: serverguide/C/package-management.xml:150(para)
10372
msgid ""
10373
"Being a simple command-line tool, <application>apt-get</application> has "
10374
"numerous advantages over other package management tools available in Ubuntu "
10375
"for server administrators. Some of these advantages include ease of use over "
10376
"simple terminal connections (SSH) and the ability to be used in system "
10377
"administration scripts, which can in turn be automated by the "
10378
"<application>cron</application> scheduling utility."
10379
msgstr ""
10380
10381
#: serverguide/C/package-management.xml:157(para)
10382
msgid ""
10383
"<emphasis role=\"bold\">Install a Package</emphasis>: Installation of "
10384
"packages using the <application>apt-get</application> tool is quite simple. "
10385
"For example, to install the network scanner <emphasis "
10386
"role=\"italics\">nmap</emphasis>, type the following: <screen>\n"
10387
"<command>sudo apt-get install nmap</command>\n"
10388
"</screen>"
10389
msgstr ""
10390
10391
#: serverguide/C/package-management.xml:165(para)
10392
msgid ""
10393
"<emphasis role=\"bold\">Remove a Package</emphasis>: Removal of a package or "
10394
"packages is also a straightforward and simple process. To remove the nmap "
10395
"package installed in the previous example, type the following: <screen>\n"
10396
"<command>sudo apt-get remove nmap</command>\n"
10397
"</screen>"
10398
msgstr ""
10399
10400
#: serverguide/C/package-management.xml:172(para)
10401
msgid ""
10402
"<emphasis role=\"bold\">Multiple Packages</emphasis>: You may specify "
10403
"multiple packages to be installed or removed, separated by spaces."
10404
msgstr ""
10405
10406
#: serverguide/C/package-management.xml:175(para)
10407
msgid ""
10408
"Also, adding the <emphasis>--purge</emphasis> options to <command>apt-get "
10409
"remove</command> will remove the package configuration files as well. This "
10410
"may or may not be the desired effect so use with caution."
10411
msgstr ""
10412
10413
#: serverguide/C/package-management.xml:181(para)
10414
msgid ""
10415
"<emphasis role=\"bold\">Update the Package Index</emphasis>: The APT package "
10416
"index is essentially a database of available packages from the repositories "
10417
"defined in the <filename>/etc/apt/sources.list</filename> file. To update "
10418
"the local package index with the latest changes made in repositories, type "
10419
"the following: <screen>\n"
10420
"<command>sudo apt-get update</command>\n"
10421
"</screen>"
10422
msgstr ""
10423
10424
#: serverguide/C/package-management.xml:189(para)
10425
msgid ""
10426
"<emphasis role=\"bold\">Upgrade Packages</emphasis>: Over time, updated "
10427
"versions of packages currently installed on your computer may become "
10428
"available from the package repositories (for example security updates). To "
10429
"upgrade your system, first update your package index as outlined above, and "
10430
"then type: <screen>\n"
10431
"<command>sudo apt-get upgrade</command>\n"
10432
"</screen>"
10433
msgstr ""
10434
10435
#: serverguide/C/package-management.xml:195(para)
10436
msgid ""
10437
"For information on upgrading to a new Ubuntu release see <xref "
10438
"linkend=\"installing-upgrading\"/>."
10439
msgstr ""
10440
10441
#: serverguide/C/package-management.xml:153(para)
10442
msgid ""
10443
"Some examples of popular uses for the <application>apt-get</application> "
10444
"utility: <placeholder-1/>"
10445
msgstr ""
10446
10447
#: serverguide/C/package-management.xml:201(para)
10448
msgid ""
10449
"Actions of the <application>apt-get</application> command, such as "
10450
"installation and removal of packages, are logged in the /var/log/dpkg.log "
10451
"log file."
10452
msgstr ""
10453
10454
#: serverguide/C/package-management.xml:204(para)
10455
msgid ""
10456
"For further information about the use of <application>APT</application>, "
10457
"read the comprehensive <ulink url=\"http://www.debian.org/doc/user-"
10458
"manuals#apt-howto\">Debian APT User Manual</ulink> or type: <screen>apt-get "
10459
"help</screen>"
10460
msgstr ""
10461
10462
#: serverguide/C/package-management.xml:208(title)
10463
msgid "Aptitude"
10464
msgstr ""
10465
10466
#: serverguide/C/package-management.xml:209(para)
10467
msgid ""
10468
"<application>Aptitude</application> is a menu-driven, text-based front-end "
10469
"to the <emphasis>Advanced Packaging Tool</emphasis> (APT) system. Many of "
10470
"the common package management functions, such as installation, removal, and "
10471
"upgrade, are performed in <application>Aptitude</application> with single-"
10472
"key commands, which are typically lowercase letters."
10473
msgstr ""
10474
10475
#: serverguide/C/package-management.xml:212(para)
10476
msgid ""
10477
"<application>Aptitude</application> is best suited for use in a non-"
10478
"graphical terminal environment to ensure proper functioning of the command "
10479
"keys. You may start <application>Aptitude</application> as a normal user "
10480
"with the following command at a terminal prompt: <screen>\n"
10481
"<command>sudo aptitude</command>\n"
10482
"</screen>"
10483
msgstr ""
10484
10485
#: serverguide/C/package-management.xml:219(para)
10486
msgid ""
10487
"When <application>Aptitude</application> starts, you will see a menu bar at "
10488
"the top of the screen and two panes below the menu bar. The top pane "
10489
"contains package categories, such as <emphasis role=\"italics\">New "
10490
"Packages</emphasis> and <emphasis role=\"italics\">Not Installed "
10491
"Packages</emphasis>. The bottom pane contains information related to the "
10492
"packages and package categories."
10493
msgstr ""
10494
10495
#: serverguide/C/package-management.xml:222(para)
10496
msgid ""
10497
"Using <application>Aptitude</application> for package management is "
10498
"relatively straightforward, and the user interface makes common tasks simple "
10499
"to perform. The following are examples of common package management "
10500
"functions as performed in <application>Aptitude</application>:"
10501
msgstr ""
10502
10503
#: serverguide/C/package-management.xml:226(para)
10504
msgid ""
10505
"<emphasis role=\"bold\">Install Packages</emphasis>: To install a package, "
10506
"locate the package via the Not Installed Packages package category, for "
10507
"example, by using the keyboard arrow keys and the <keycap>ENTER</keycap> "
10508
"key, and highlight the package you wish to install. After highlighting the "
10509
"package you wish to install, press the <keycap>+</keycap> key, and the "
10510
"package entry should turn <emphasis role=\"italics\">green</emphasis>, "
10511
"indicating it has been marked for installation. Now press <keycap>g</keycap> "
10512
"to be presented with a summary of package actions. Press <keycap>g</keycap> "
10513
"again, and you will be prompted to become root to complete the installation. "
10514
"Press <keycap>ENTER</keycap> which will result in a Password: prompt. Enter "
10515
"your user password to become root. Finally, press <keycap>g</keycap> once "
10516
"more and you'll be prompted to download the package. Press "
10517
"<keycap>ENTER</keycap> on the <emphasis role=\"italics\">Continue</emphasis> "
10518
"prompt, and downloading and installation of the package will commence."
10519
msgstr ""
10520
10521
#: serverguide/C/package-management.xml:230(para)
10522
msgid ""
10523
"<emphasis role=\"bold\">Remove Packages</emphasis>: To remove a package, "
10524
"locate the package via the Installed Packages package category, for example, "
10525
"by using the keyboard arrow keys and the <keycap>ENTER</keycap> key, and "
10526
"highlight the package you wish to remove. After highlighting the package you "
10527
"wish to install, press the <keycap>-</keycap> key, and the package entry "
10528
"should turn <emphasis role=\"italics\">pink</emphasis>, indicating it has "
10529
"been marked for removal. Now press <keycap>g</keycap> to be presented with a "
10530
"summary of package actions. Press <keycap>g</keycap> again, and you will be "
10531
"prompted to become root to complete the installation. Press "
10532
"<keycap>ENTER</keycap> which will result in a Password: prompt. Enter your "
10533
"user password to become root. Finally, press <keycap>g</keycap> once more, "
10534
"and you'll be prompted to download the package. Press <keycap>ENTER</keycap> "
10535
"on the <emphasis role=\"italics\">Continue</emphasis> prompt, and removal of "
10536
"the package will commence."
10537
msgstr ""
10538
10539
#: serverguide/C/package-management.xml:234(para)
10540
msgid ""
10541
"<emphasis role=\"bold\">Update Package Index</emphasis>: To update the "
10542
"package index, simply press the <keycap>u</keycap> key and you will be "
10543
"prompted to become root to complete the update. Press <keycap>ENTER</keycap> "
10544
"which will result in a Password: prompt. Enter your user password to become "
10545
"root. Updating of the package index will commence. Press "
10546
"<keycap>ENTER</keycap> on the OK prompt when the download dialog is "
10547
"presented to complete the process."
10548
msgstr ""
10549
10550
#: serverguide/C/package-management.xml:238(para)
10551
msgid ""
10552
"<emphasis role=\"bold\">Upgrade Packages</emphasis>: To upgrade packages, "
10553
"perform the update of the package index as detailed above, and then press "
10554
"the <keycap>U</keycap> key to mark all packages with updates. Now press "
10555
"<keycap>g</keycap> whereby you'll be presented with a summary of package "
10556
"actions. Press <keycap>g</keycap> again, and you will be prompted to become "
10557
"root to complete the installation. Press <keycap>ENTER</keycap> which will "
10558
"result in a Password: prompt. Enter your user password to become root. "
10559
"Finally, press <keycap>g</keycap> once more, and you'll be prompted to "
10560
"download the packages. Press <keycap>ENTER</keycap> on the <emphasis "
10561
"role=\"italics\">Continue</emphasis> prompt, and upgrade of the packages "
10562
"will commence."
10563
msgstr ""
10564
10565
#: serverguide/C/package-management.xml:245(para)
10566
msgid "<emphasis role=\"bold\">i</emphasis>: Installed package"
10567
msgstr ""
10568
10569
#: serverguide/C/package-management.xml:250(para)
10570
msgid ""
10571
"<emphasis role=\"bold\">c</emphasis>: Package not installed, but package "
10572
"configuration remains on system"
10573
msgstr ""
10574
10575
#: serverguide/C/package-management.xml:254(para)
10576
msgid "<emphasis role=\"bold\">p</emphasis>: Purged from system"
10577
msgstr ""
10578
10579
#: serverguide/C/package-management.xml:258(para)
10580
msgid "<emphasis role=\"bold\">v</emphasis>: Virtual package"
10581
msgstr ""
10582
10583
#: serverguide/C/package-management.xml:262(para)
10584
msgid "<emphasis role=\"bold\">B</emphasis>: Broken package"
10585
msgstr ""
10586
10587
#: serverguide/C/package-management.xml:266(para)
10588
msgid ""
10589
"<emphasis role=\"bold\">u</emphasis>: Unpacked files, but package not yet "
10590
"configured"
10591
msgstr ""
10592
10593
#: serverguide/C/package-management.xml:270(para)
10594
msgid ""
10595
"<emphasis role=\"bold\">C</emphasis>: Half-configured - Configuration failed "
10596
"and requires fix"
10597
msgstr ""
10598
10599
#: serverguide/C/package-management.xml:274(para)
10600
msgid ""
10601
"<emphasis role=\"bold\">H</emphasis>: Half-installed - Removal failed and "
10602
"requires fix"
10603
msgstr ""
10604
10605
#: serverguide/C/package-management.xml:242(para)
10606
msgid ""
10607
"The first column of information displayed in the package list in the top "
10608
"pane, when actually viewing packages lists the current state of the package, "
10609
"and uses the following key to describe the state of the package: "
10610
"<placeholder-1/>"
10611
msgstr ""
10612
10613
#: serverguide/C/package-management.xml:280(para)
10614
msgid ""
10615
"To exit Aptitude, simply press the <keycap>q</keycap> key and confirm you "
10616
"wish to exit. Many other functions are available from the Aptitude menu by "
10617
"pressing the <keycap>F10</keycap> key."
10618
msgstr ""
10619
10620
#: serverguide/C/package-management.xml:285(title)
10621
msgid "Automatic Updates"
10622
msgstr ""
10623
10624
#: serverguide/C/package-management.xml:287(para)
10625
msgid ""
10626
"The <application>unattended-upgrades</application> package can be used to "
10627
"automatically install updated packages, and can be configured to update all "
10628
"packages or just install security updates. First, install the package by "
10629
"entering the following in a terminal:"
10630
msgstr ""
10631
10632
#: serverguide/C/package-management.xml:293(command)
10633
msgid "sudo apt-get install unattended-upgrades"
10634
msgstr ""
10635
10636
#: serverguide/C/package-management.xml:296(para)
10637
msgid ""
10638
"To configure <application>unattended-upgrades</application>, edit "
10639
"<filename>/etc/apt/apt.conf.d/50unattended-upgrades</filename> and adjust "
10640
"the following to fit your needs:"
10641
msgstr ""
10642
10643
#: serverguide/C/package-management.xml:301(programlisting)
10644
#, no-wrap
10645
msgid ""
10646
"\n"
10647
"Unattended-Upgrade::Allowed-Origins {\n"
10648
" \"Ubuntu maverick-security\";\n"
10649
"// \"Ubuntu maverick-updates\";\n"
10650
"};\n"
10651
msgstr ""
10652
10653
#: serverguide/C/package-management.xml:308(para)
10654
msgid ""
10655
"Certain packages can also be <emphasis>blacklisted</emphasis> and therefore "
10656
"will not be automatically updated. To blacklist a package, add it to the "
10657
"list:"
10658
msgstr ""
10659
10660
#: serverguide/C/package-management.xml:313(programlisting)
10661
#, no-wrap
10662
msgid ""
10663
"\n"
10664
"Unattended-Upgrade::Package-Blacklist {\n"
10665
"// \"vim\";\n"
10666
"// \"libc6\";\n"
10667
"// \"libc6-dev\";\n"
10668
"// \"libc6-i686\";\n"
10669
"};\n"
10670
msgstr ""
10671
10672
#: serverguide/C/package-management.xml:323(para)
10673
msgid ""
10674
"The double <emphasis><quote>//</quote></emphasis> serve as comments, so "
10675
"whatever follows \"//\" will not be evaluated."
10676
msgstr ""
10677
10678
#: serverguide/C/package-management.xml:328(para)
10679
msgid ""
10680
"To enable automatic updates, edit "
10681
"<filename>/etc/apt/apt.conf.d/10periodic</filename> and set the appropriate "
10682
"<application>apt</application> configuration options:"
10683
msgstr ""
10684
10685
#: serverguide/C/package-management.xml:332(programlisting)
10686
#, no-wrap
10687
msgid ""
10688
"\n"
10689
"APT::Periodic::Update-Package-Lists \"1\";\n"
10690
"APT::Periodic::Download-Upgradeable-Packages \"1\";\n"
10691
"APT::Periodic::AutocleanInterval \"7\";\n"
10692
"APT::Periodic::Unattended-Upgrade \"1\";\n"
10693
msgstr ""
10694
10695
#: serverguide/C/package-management.xml:339(para)
10696
msgid ""
10697
"The above configuration updates the package list, downloads, and installs "
10698
"available upgrades every day. The local download archive is cleaned every "
10699
"week."
10700
msgstr ""
10701
10702
#: serverguide/C/package-management.xml:345(para)
10703
msgid ""
10704
"You can read more about <application>apt</application> Periodic "
10705
"configuration options in the <filename>/etc/cron.daily/apt</filename> script "
10706
"header."
10707
msgstr ""
10708
10709
#: serverguide/C/package-management.xml:350(para)
10710
msgid ""
10711
"The results of <application>unattended-upgrades</application> will be logged "
10712
"to <filename>/var/log/unattended-upgrades</filename>."
10713
msgstr ""
10714
10715
#: serverguide/C/package-management.xml:355(title)
10716
msgid "Notifications"
10717
msgstr ""
10718
10719
#: serverguide/C/package-management.xml:357(para)
10720
msgid ""
10721
"Configuring <emphasis>Unattended-Upgrade::Mail</emphasis> in "
10722
"<filename>/etc/apt/apt.conf.d/50unattended-upgrades</filename> will enable "
10723
"<application>unattended-upgrades</application> to email an administrator "
10724
"detailing any packages that need upgrading or have problems."
10725
msgstr ""
10726
10727
#: serverguide/C/package-management.xml:362(para)
10728
msgid ""
10729
"Another useful package is <application>apticron</application>. "
10730
"<application>apticron</application> will configure a "
10731
"<application>cron</application> job to email an administrator information "
10732
"about any packages on the system that have updates available, as well as a "
10733
"summary of changes in each package."
10734
msgstr ""
10735
10736
#: serverguide/C/package-management.xml:368(para)
10737
msgid ""
10738
"To install the <application>apticron</application> package, in a terminal "
10739
"enter:"
10740
msgstr ""
10741
10742
#: serverguide/C/package-management.xml:373(command)
10743
msgid "sudo apt-get install apticron"
10744
msgstr ""
10745
10746
#: serverguide/C/package-management.xml:376(para)
10747
msgid ""
10748
"Once the package is installed edit "
10749
"<filename>/etc/apticron/apticron.conf</filename>, to set the email address "
10750
"and other options:"
10751
msgstr ""
10752
10753
#: serverguide/C/package-management.xml:380(programlisting)
10754
#, no-wrap
10755
msgid ""
10756
"\n"
10757
"EMAIL=\"root@example.com\"\n"
10758
msgstr ""
10759
10760
#: serverguide/C/package-management.xml:389(para)
10761
msgid ""
10762
"Configuration of the <emphasis>Advanced Packaging Tool</emphasis> (APT) "
10763
"system repositories is stored in the /etc/apt/sources.list configuration "
10764
"file. An example of this file is referenced here, along with information on "
10765
"adding or removing repository references from the file."
10766
msgstr ""
10767
10768
#: serverguide/C/package-management.xml:395(para)
10769
msgid ""
10770
"<ulink url=\"../sample/sources.list\">Here</ulink> is a simple example of a "
10771
"typical <filename>/etc/apt/sources.list</filename> file."
10772
msgstr ""
10773
10774
#: serverguide/C/package-management.xml:399(para)
10775
msgid ""
10776
"You may edit the file to enable repositories or disable them. For example, "
10777
"to disable the requirement of inserting the Ubuntu CD-ROM whenever package "
10778
"operations occur, simply comment out the appropriate line for the CD-ROM, "
10779
"which appears at the top of the file:"
10780
msgstr ""
10781
10782
#: serverguide/C/package-management.xml:404(screen)
10783
#, no-wrap
10784
msgid ""
10785
"\n"
10786
"# no more prompting for CD-ROM please\n"
10787
"# deb cdrom:[&distro-apt-cd-name; - Release i386 (20070419.1)]/ maverick "
10788
"main restricted\n"
10789
msgstr ""
10790
10791
#: serverguide/C/package-management.xml:410(title)
10792
msgid "Extra Repositories"
10793
msgstr ""
10794
10795
#: serverguide/C/package-management.xml:411(para)
10796
msgid ""
10797
"In addition to the officially supported package repositories available for "
10798
"Ubuntu, there exist additional community-maintained repositories which add "
10799
"thousands more potential packages for installation. Two of the most popular "
10800
"are the <emphasis>Universe</emphasis> and <emphasis>Multiverse</emphasis> "
10801
"repositories. These repositories are not officially supported by Ubuntu, but "
10802
"because they are maintained by the community they generally provide packages "
10803
"which are safe for use with your Ubuntu computer."
10804
msgstr ""
10805
10806
#: serverguide/C/package-management.xml:414(para)
10807
msgid ""
10808
"Packages in the <emphasis>Multiverse</emphasis> repository often have "
10809
"licensing issues that prevent them from being distributed with a free "
10810
"operating system, and they may be illegal in your locality."
10811
msgstr ""
10812
10813
#: serverguide/C/package-management.xml:416(para)
10814
msgid ""
10815
"Be advised that neither the <emphasis>Universe</emphasis> or "
10816
"<emphasis>Multiverse</emphasis> repositories contain officially supported "
10817
"packages. In particular, there may not be security updates for these "
10818
"packages."
10819
msgstr ""
10820
10821
#: serverguide/C/package-management.xml:420(para)
10822
msgid ""
10823
"Many other package sources are available, sometimes even offering only one "
10824
"package, as in the case of package sources provided by the developer of a "
10825
"single application. You should always be very careful and cautious when "
10826
"using non-standard package sources, however. Research the source and "
10827
"packages carefully before performing any installation, as some package "
10828
"sources and their packages could render your system unstable or non-"
10829
"functional in some respects."
10830
msgstr ""
10831
10832
#: serverguide/C/package-management.xml:423(para)
10833
msgid ""
10834
"By default, the <emphasis>Universe</emphasis> and "
10835
"<emphasis>Multiverse</emphasis> repositories are enabled but if you would "
10836
"like to disable them edit <filename>/etc/apt/sources.list</filename> and "
10837
"comment the following lines:"
10838
msgstr ""
10839
10840
#: serverguide/C/package-management.xml:430(programlisting)
10841
#, no-wrap
10842
msgid ""
10843
"\n"
10844
"deb http://archive.ubuntu.com/ubuntu maverick universe multiverse\n"
10845
"deb-src http://archive.ubuntu.com/ubuntu maverick universe multiverse\n"
10846
"\n"
10847
"deb http://us.archive.ubuntu.com/ubuntu/ maverick universe\n"
10848
"deb-src http://us.archive.ubuntu.com/ubuntu/ maverick universe\n"
10849
"deb http://us.archive.ubuntu.com/ubuntu/ maverick-updates universe\n"
10850
"deb-src http://us.archive.ubuntu.com/ubuntu/ maverick-updates universe\n"
10851
"\n"
10852
"deb http://us.archive.ubuntu.com/ubuntu/ maverick multiverse\n"
10853
"deb-src http://us.archive.ubuntu.com/ubuntu/ maverick multiverse\n"
10854
"deb http://us.archive.ubuntu.com/ubuntu/ maverick-updates multiverse\n"
10855
"deb-src http://us.archive.ubuntu.com/ubuntu/ maverick-updates multiverse\n"
10856
"\n"
10857
"deb http://security.ubuntu.com/ubuntu maverick-security universe\n"
10858
"deb-src http://security.ubuntu.com/ubuntu maverick-security universe\n"
10859
"deb http://security.ubuntu.com/ubuntu maverick-security multiverse\n"
10860
"deb-src http://security.ubuntu.com/ubuntu maverick-security multiverse\n"
10861
msgstr ""
10862
10863
#: serverguide/C/package-management.xml:456(para)
10864
msgid ""
10865
"Most of the material covered in this chapter is available in "
10866
"<application>man</application> pages, many of which are available online."
10867
msgstr ""
10868
10869
#: serverguide/C/package-management.xml:463(para)
10870
msgid ""
10871
"The <ulink "
10872
"url=\"https://help.ubuntu.com/community/InstallingSoftware\">InstallingSoftwa"
10873
"re</ulink> Ubuntu wiki page has more information."
10874
msgstr ""
10875
10876
#: serverguide/C/package-management.xml:468(para)
10877
msgid ""
10878
"For more <application>dpkg</application> details see the <ulink "
10879
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man1/dpkg.1.html\">dpkg"
10880
" man page</ulink>."
10881
msgstr ""
10882
10883
#: serverguide/C/package-management.xml:474(para)
10884
msgid ""
10885
"The <ulink url=\"http://www.debian.org/doc/manuals/apt-howto/\">APT "
10886
"HOWTO</ulink> and <ulink "
10887
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/apt-"
10888
"get.8.html\">apt-get man page</ulink> contain useful information regarding "
10889
"<application>apt-get</application> usage."
10890
msgstr ""
10891
10892
#: serverguide/C/package-management.xml:481(para)
10893
msgid ""
10894
"See the <ulink "
10895
"url=\"http://manpages.ubuntu.com/manpages/maverick/man8/aptitude.8.html\">apt"
10896
"itude man page</ulink> for more <application>aptitude</application> options."
10897
msgstr ""
10898
10899
#: serverguide/C/package-management.xml:487(para)
10900
msgid ""
10901
"The <ulink "
10902
"url=\"https://help.ubuntu.com/community/Repositories/Ubuntu\">Adding "
10903
"Repositories HOWTO (Ubuntu Wiki)</ulink> page contains more details on "
10904
"adding repositories."
10905
msgstr ""
10906
10907
#: serverguide/C/other-apps.xml:13(title)
10908
msgid "Other Useful Applications"
10909
msgstr ""
10910
10911
#: serverguide/C/other-apps.xml:15(para)
10912
msgid ""
10913
"There are many very useful applications developed by the Ubuntu Server Team, "
10914
"and others that are well integrated with Ubuntu Server Edition, that might "
10915
"not be well known. This chapter will showcase some useful applications that "
10916
"can make administering an Ubuntu server, or many Ubuntu servers, that much "
10917
"easier."
10918
msgstr ""
10919
10920
#: serverguide/C/other-apps.xml:23(title)
10921
msgid "pam_motd"
10922
msgstr ""
10923
10924
#: serverguide/C/other-apps.xml:25(para)
10925
msgid ""
10926
"When logging into an Ubuntu server you may have noticed the informative "
10927
"Message Of The Day (MOTD). This information is obtained and displayed using "
10928
"a couple of packages:"
10929
msgstr ""
10930
10931
#: serverguide/C/other-apps.xml:32(para)
10932
msgid ""
10933
"<emphasis>landscape-common:</emphasis> provides the core libraries of "
10934
"<application>landscape-client</application>, which can be used to manage "
10935
"systems using the web based <emphasis>Landscape</emphasis> application. The "
10936
"package includes the <application>/usr/bin/landscape-sysinfo</application> "
10937
"utility which is used to gather the information displayed in the MOTD."
10938
msgstr ""
10939
10940
#: serverguide/C/other-apps.xml:40(para)
10941
msgid ""
10942
"<emphasis>update-notifier-common:</emphasis> is used to automatically update "
10943
"the MOTD via <application>pam_motd</application> module."
10944
msgstr ""
10945
10946
#: serverguide/C/other-apps.xml:46(para)
10947
msgid ""
10948
"<application>pam_motd</application> executes the scripts in "
10949
"<filename>/etc/update-motd.d</filename> in order based on the number "
10950
"prepended to the script. The output of the scripts is written to "
10951
"<filename>/var/run/motd</filename>, keeping the numerical order, then "
10952
"concatenated with <filename>/etc/motd.tail</filename>."
10953
msgstr ""
10954
10955
#: serverguide/C/other-apps.xml:52(para)
10956
msgid ""
10957
"You can add your own dynamic information to the MOTD. For example, to add "
10958
"local weather information:"
10959
msgstr ""
10960
10961
#: serverguide/C/other-apps.xml:58(para)
10962
msgid "First, install the <application>weather-util</application> package:"
10963
msgstr ""
10964
10965
#: serverguide/C/other-apps.xml:63(command)
10966
msgid "sudo apt-get install weather-util"
10967
msgstr ""
10968
10969
#: serverguide/C/other-apps.xml:68(para)
10970
msgid ""
10971
"The <application>weather</application> utility uses METAR data from the "
10972
"National Oceanic and Atmospheric Administration and forecasts from the "
10973
"National Weather Service. In order to find local information you will need "
10974
"the 4-character ICAO location indicator. This can be determined by browsing "
10975
"to the <ulink url=\"http://www.weather.gov/tg/siteloc.shtml\">National "
10976
"Weather Service</ulink> site."
10977
msgstr ""
10978
10979
#: serverguide/C/other-apps.xml:75(para)
10980
msgid ""
10981
"Although the National Weather Service is a United States government agency "
10982
"there are weather stations available world wide. However, local weather "
10983
"information for all locations outside the U.S. may not be available."
10984
msgstr ""
10985
10986
#: serverguide/C/other-apps.xml:81(para)
10987
msgid ""
10988
"Create <filename>/usr/local/bin/local-weather</filename>, a simple shell "
10989
"script to use <application>weather</application> with your local ICAO "
10990
"indicator:"
10991
msgstr ""
10992
10993
#: serverguide/C/other-apps.xml:86(programlisting)
10994
#, no-wrap
10995
msgid ""
10996
"\n"
10997
"#!/bin/sh\n"
10998
"#\n"
10999
"#\n"
11000
"# Prints the local weather information for the MOTD.\n"
11001
"#\n"
11002
"#\n"
11003
"\n"
11004
"# Replace KINT with your local weather station.\n"
11005
"# Local stations can be found here: http://www.weather.gov/tg/siteloc.shtml\n"
11006
"\n"
11007
"echo\n"
11008
"weather -i KINT\n"
11009
"echo\n"
11010
"\n"
11011
msgstr ""
11012
11013
#: serverguide/C/other-apps.xml:104(para)
11014
msgid "Make the script executable:"
11015
msgstr ""
11016
11017
#: serverguide/C/other-apps.xml:109(command)
11018
msgid "sudo chmod 755 /usr/local/bin/local-weather"
11019
msgstr ""
11020
11021
#: serverguide/C/other-apps.xml:113(para)
11022
msgid ""
11023
"Next, create a symlink to <filename>/etc/update-motd.d/98-local-"
11024
"weather</filename>:"
11025
msgstr ""
11026
11027
#: serverguide/C/other-apps.xml:118(command)
11028
msgid ""
11029
"sudo ln -s /usr/local/bin/local-weather /etc/update-motd.d/98-local-weather"
11030
msgstr ""
11031
11032
#: serverguide/C/other-apps.xml:122(para)
11033
msgid "Finally, exit the server and re-login to view the new MOTD."
11034
msgstr ""
11035
11036
#: serverguide/C/other-apps.xml:128(para)
11037
msgid ""
11038
"You should now be greeted with some useful information, and some information "
11039
"about the local weather that may not be quite so useful. Hopefully the "
11040
"<application>local-weather</application> example demonstrates the "
11041
"flexibility of <application>pam_motd</application>."
11042
msgstr ""
11043
11044
#: serverguide/C/other-apps.xml:136(title)
11045
msgid "etckeeper"
11046
msgstr ""
11047
11048
#: serverguide/C/other-apps.xml:138(para)
11049
msgid ""
11050
"<application>etckeeper</application> allows the contents of <filename "
11051
"role=\"directory\">/etc</filename> be easily stored in Version Control "
11052
"System (VCS) repository. It hooks into <application>apt</application> to "
11053
"automatically commit changes to <filename>/etc</filename> when packages are "
11054
"installed or upgraded. Placing <filename>/etc</filename> under version "
11055
"control is considered an industry best practice, and the goal of "
11056
"<application>etckeeper</application> is to make this process as painless as "
11057
"possible."
11058
msgstr ""
11059
11060
#: serverguide/C/other-apps.xml:146(para)
11061
msgid ""
11062
"Install <application>etckeeper</application> by entering the following in a "
11063
"terminal:"
11064
msgstr ""
11065
11066
#: serverguide/C/other-apps.xml:151(command)
11067
msgid "sudo apt-get install etckeeper"
11068
msgstr ""
11069
11070
#: serverguide/C/other-apps.xml:154(para)
11071
msgid ""
11072
"The main configuration file, "
11073
"<filename>/etc/etckeeper/etckeeper.conf</filename>, is fairly simple. The "
11074
"main option is which VCS to use. By default "
11075
"<application>etckeeper</application> is configured to use "
11076
"<application>bzr</application> for version control. The repository is "
11077
"automatically initialized (and committed for the first time) during package "
11078
"installation. It is possible to undo this by entering the following command:"
11079
msgstr ""
11080
11081
#: serverguide/C/other-apps.xml:164(command)
11082
msgid "sudo etckeeper uninit"
11083
msgstr ""
11084
11085
#: serverguide/C/other-apps.xml:167(para)
11086
msgid ""
11087
"By default, etckeeper will commit uncommitted changes made to /etc daily. "
11088
"This can be disabled using the AVOID_DAILY_AUTOCOMMITS configuration option. "
11089
"It will also automatically commit changes before and after package "
11090
"installation. For a more precise tracking of changes, it is recommended to "
11091
"commit your changes manually, together with a commit message, using:"
11092
msgstr ""
11093
11094
#: serverguide/C/other-apps.xml:176(command)
11095
msgid "sudo etckeeper commit \"..Reason for configuration change..\""
11096
msgstr ""
11097
11098
#: serverguide/C/other-apps.xml:179(para)
11099
msgid ""
11100
"Using the VCS commands you can view log information about files in "
11101
"<filename>/etc</filename>:"
11102
msgstr ""
11103
11104
#: serverguide/C/other-apps.xml:184(command)
11105
msgid "sudo bzr log /etc/passwd"
11106
msgstr ""
11107
11108
#: serverguide/C/other-apps.xml:187(para)
11109
msgid ""
11110
"To demonstrate the integration with the package management system, install "
11111
"<application>postfix</application>:"
11112
msgstr ""
11113
11114
#: serverguide/C/other-apps.xml:192(command) serverguide/C/mail.xml:45(command)
11115
msgid "sudo apt-get install postfix"
11116
msgstr ""
11117
11118
#: serverguide/C/other-apps.xml:195(para)
11119
msgid ""
11120
"When the installation is finished, all the "
11121
"<application>postfix</application> configuration files should be committed "
11122
"to the repository:"
11123
msgstr ""
11124
11125
#: serverguide/C/other-apps.xml:201(computeroutput)
11126
#, no-wrap
11127
msgid ""
11128
"Committing to: /etc/\n"
11129
"added aliases.db\n"
11130
"modified group\n"
11131
"modified group-\n"
11132
"modified gshadow\n"
11133
"modified gshadow-\n"
11134
"modified passwd\n"
11135
"modified passwd-\n"
11136
"added postfix\n"
11137
"added resolvconf\n"
11138
"added rsyslog.d\n"
11139
"modified shadow\n"
11140
"modified shadow-\n"
11141
"added init.d/postfix\n"
11142
"added network/if-down.d/postfix\n"
11143
"added network/if-up.d/postfix\n"
11144
"added postfix/dynamicmaps.cf\n"
11145
"added postfix/main.cf\n"
11146
"added postfix/master.cf\n"
11147
"added postfix/post-install\n"
11148
"added postfix/postfix-files\n"
11149
"added postfix/postfix-script\n"
11150
"added postfix/sasl\n"
11151
"added ppp/ip-down.d\n"
11152
"added ppp/ip-down.d/postfix\n"
11153
"added ppp/ip-up.d/postfix\n"
11154
"added rc0.d/K20postfix\n"
11155
"added rc1.d/K20postfix\n"
11156
"added rc2.d/S20postfix\n"
11157
"added rc3.d/S20postfix\n"
11158
"added rc4.d/S20postfix\n"
11159
"added rc5.d/S20postfix\n"
11160
"added rc6.d/K20postfix\n"
11161
"added resolvconf/update-libc.d\n"
11162
"added resolvconf/update-libc.d/postfix\n"
11163
"added rsyslog.d/postfix.conf\n"
11164
"added ufw/applications.d/postfix\n"
11165
"Committed revision 2."
11166
msgstr ""
11167
11168
#: serverguide/C/other-apps.xml:241(para)
11169
msgid ""
11170
"For an example of how <application>etckeeper</application> tracks manual "
11171
"changes, add new a host to <filename>/etc/hosts</filename>. Using "
11172
"<application>bzr</application> you can see which files have been modified:"
11173
msgstr ""
11174
11175
#: serverguide/C/other-apps.xml:247(command)
11176
msgid "sudo bzr status /etc/"
11177
msgstr ""
11178
11179
#: serverguide/C/other-apps.xml:248(computeroutput)
11180
#, no-wrap
11181
msgid ""
11182
"modified:\n"
11183
" hosts"
11184
msgstr ""
11185
11186
#: serverguide/C/other-apps.xml:252(para)
11187
msgid "Now commit the changes:"
11188
msgstr ""
11189
11190
#: serverguide/C/other-apps.xml:257(command)
11191
msgid "sudo etckeeper commit \"new host\""
11192
msgstr ""
11193
11194
#: serverguide/C/other-apps.xml:260(para)
11195
msgid ""
11196
"For more information on <application>bzr</application> see <xref "
11197
"linkend=\"bazaar\"/>."
11198
msgstr ""
11199
11200
#: serverguide/C/other-apps.xml:266(title)
11201
msgid "Byobu"
11202
msgstr ""
11203
11204
#: serverguide/C/other-apps.xml:268(para)
11205
msgid ""
11206
"One of the most useful applications for any system administrator is "
11207
"<application>screen</application>. It allows the execution of multiple "
11208
"shells in one terminal. To make some of the advanced "
11209
"<application>screen</application> features more user friendly, and provide "
11210
"some useful information about the system, the "
11211
"<application>byobu</application> package was created."
11212
msgstr ""
11213
11214
#: serverguide/C/other-apps.xml:275(para)
11215
msgid ""
11216
"When executing <application>byobu</application> pressing the "
11217
"<emphasis>F9</emphasis> key will bring up the "
11218
"<application>Configuration</application> menu. This menu will allow you to:"
11219
msgstr ""
11220
11221
#: serverguide/C/other-apps.xml:281(para)
11222
msgid "View the Help menu"
11223
msgstr ""
11224
11225
#: serverguide/C/other-apps.xml:282(para)
11226
msgid "Change Byobu's background color"
11227
msgstr ""
11228
11229
#: serverguide/C/other-apps.xml:283(para)
11230
msgid "Change Byobu's foreground color"
11231
msgstr ""
11232
11233
#: serverguide/C/other-apps.xml:284(para)
11234
msgid "Toggle status notifications"
11235
msgstr ""
11236
11237
#: serverguide/C/other-apps.xml:285(para)
11238
msgid "Change the key binding set"
11239
msgstr ""
11240
11241
#: serverguide/C/other-apps.xml:286(para)
11242
msgid "Change the escape sequence"
11243
msgstr ""
11244
11245
#: serverguide/C/other-apps.xml:287(para)
11246
msgid "Create new windows"
11247
msgstr ""
11248
11249
#: serverguide/C/other-apps.xml:288(para)
11250
msgid "Manage the default windows"
11251
msgstr ""
11252
11253
#: serverguide/C/other-apps.xml:289(para)
11254
msgid "Byobu currently does not launch at login (toggle on)"
11255
msgstr ""
11256
11257
#: serverguide/C/other-apps.xml:292(para)
11258
msgid ""
11259
"The <emphasis>key bindings</emphasis> determine such things as the escape "
11260
"sequence, new window, change window, etc. There are two key binding sets to "
11261
"choose from <emphasis>f-keys</emphasis> and <emphasis>screen-escape-"
11262
"keys</emphasis>. If you wish to use the original key bindings choose the "
11263
"<emphasis>none</emphasis> set."
11264
msgstr ""
11265
11266
#: serverguide/C/other-apps.xml:298(para)
11267
msgid ""
11268
"<application>byobu</application> provides a menu which displays the Ubuntu "
11269
"release, processor information, memory information, and the time and date. "
11270
"The effect is similar to a desktop menu."
11271
msgstr ""
11272
11273
#: serverguide/C/other-apps.xml:303(para)
11274
msgid ""
11275
"Using the <emphasis>\"Byobu currently does not launch at login (toggle "
11276
"on)\"</emphasis> option will cause <application>byobu</application> to be "
11277
"executed any time a terminal is opened. Changes made to "
11278
"<application>byobu</application> are on a per user basis, and will not "
11279
"affect other users on the system."
11280
msgstr ""
11281
11282
#: serverguide/C/other-apps.xml:309(para)
11283
msgid ""
11284
"One difference when using byobu is the <emphasis>scrollback</emphasis> mode. "
11285
"Press the <emphasis>F7</emphasis> key to enter scrollback mode. Scrollback "
11286
"mode allows you to navigate past output using <emphasis>vi</emphasis> like "
11287
"commands. Here is a quick list of movement commands:"
11288
msgstr ""
11289
11290
#: serverguide/C/other-apps.xml:316(para)
11291
msgid "<emphasis>h</emphasis> - Move the cursor left by one character"
11292
msgstr ""
11293
11294
#: serverguide/C/other-apps.xml:317(para)
11295
msgid "<emphasis>j</emphasis> - Move the cursor down by one line"
11296
msgstr ""
11297
11298
#: serverguide/C/other-apps.xml:318(para)
11299
msgid "<emphasis>k</emphasis> - Move the cursor up by one line"
11300
msgstr ""
11301
11302
#: serverguide/C/other-apps.xml:319(para)
11303
msgid "<emphasis>l</emphasis> - Move the cursor right by one character"
11304
msgstr ""
11305
11306
#: serverguide/C/other-apps.xml:320(para)
11307
msgid "<emphasis>0</emphasis> - Move to the beginning of the current line"
11308
msgstr ""
11309
11310
#: serverguide/C/other-apps.xml:321(para)
11311
msgid "<emphasis>$</emphasis> - Move to the end of the current line"
11312
msgstr ""
11313
11314
#: serverguide/C/other-apps.xml:322(para)
11315
msgid ""
11316
"<emphasis>G</emphasis> - Moves to the specified line (defaults to the end of "
11317
"the buffer)"
11318
msgstr ""
11319
11320
#: serverguide/C/other-apps.xml:323(para)
11321
msgid "<emphasis>/</emphasis> - Search forward"
11322
msgstr ""
11323
11324
#: serverguide/C/other-apps.xml:324(para)
11325
msgid "<emphasis>?</emphasis> - Search backward"
11326
msgstr ""
11327
11328
#: serverguide/C/other-apps.xml:325(para)
11329
msgid ""
11330
"<emphasis>n</emphasis> - Moves to the next match, either forward or backword"
11331
msgstr ""
11332
11333
#: serverguide/C/other-apps.xml:334(para)
11334
msgid ""
11335
"See the <ulink "
11336
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man1/update-"
11337
"motd.1.html\">update-motd man page</ulink> for more options available to "
11338
"<application>update-motd</application>."
11339
msgstr ""
11340
11341
#: serverguide/C/other-apps.xml:340(para)
11342
msgid ""
11343
"The Debian Package of the Day <ulink "
11344
"url=\"http://debaday.debian.net/2007/10/04/weather-check-weather-conditions-"
11345
"and-forecasts-on-the-command-line/\">weather</ulink> article has more "
11346
"details about using the <application>weather</application>utility."
11347
msgstr ""
11348
11349
#: serverguide/C/other-apps.xml:347(para)
11350
msgid ""
11351
"See the <ulink "
11352
"url=\"http://kitenet.net/~joey/code/etckeeper/\">etckeeper</ulink> site for "
11353
"more details on using <application>etckeeper</application>."
11354
msgstr ""
11355
11356
#: serverguide/C/other-apps.xml:353(para)
11357
msgid ""
11358
"The <ulink url=\"https://help.ubuntu.com/community/etckeeper\">etckeeper "
11359
"Ubuntu Wiki</ulink> page."
11360
msgstr ""
11361
11362
#: serverguide/C/other-apps.xml:358(para)
11363
msgid ""
11364
"For the latest news and information about <application>bzr</application> see "
11365
"the <ulink url=\"http://bazaar-vcs.org/\">bzr</ulink> web site."
11366
msgstr ""
11367
11368
#: serverguide/C/other-apps.xml:363(para)
11369
msgid ""
11370
"For more information on <application>screen</application> see the <ulink "
11371
"url=\"http://www.gnu.org/software/screen/\">screen web site</ulink>."
11372
msgstr ""
11373
11374
#: serverguide/C/other-apps.xml:368(para)
11375
msgid ""
11376
"And the <ulink url=\"https://help.ubuntu.com/community/Screen\">Ubuntu Wiki "
11377
"screen</ulink> page."
11378
msgstr ""
11379
11380
#: serverguide/C/other-apps.xml:373(para)
11381
msgid ""
11382
"Also, see the <application>byobu</application><ulink "
11383
"url=\"https://launchpad.net/byobu\">project page</ulink> for more "
11384
"information."
11385
msgstr ""
11386
11387
#: serverguide/C/network-config.xml:14(para)
11388
msgid ""
11389
"Networks consist of two or more devices, such as computer systems, printers, "
11390
"and related equipment which are connected by either physical cabling or "
11391
"wireless links for the purpose of sharing and distributing information among "
11392
"the connected devices."
11393
msgstr ""
11394
11395
#: serverguide/C/network-config.xml:20(para)
11396
msgid ""
11397
"This section provides general and specific information pertaining to "
11398
"networking, including an overview of network concepts and detailed "
11399
"discussion of popular network protocols."
11400
msgstr ""
11401
11402
#: serverguide/C/network-config.xml:27(title)
11403
msgid "Network Configuration"
11404
msgstr ""
11405
11406
#: serverguide/C/network-config.xml:28(para)
11407
msgid ""
11408
"Ubuntu ships with a number of graphical utilities to configure your network "
11409
"devices. This document is geared toward server administrators and will focus "
11410
"on managing your network on the command line."
11411
msgstr ""
11412
11413
#: serverguide/C/network-config.xml:35(title)
11414
msgid "Ethernet Interfaces"
11415
msgstr ""
11416
11417
#: serverguide/C/network-config.xml:36(para)
11418
msgid ""
11419
"Ethernet interfaces are identified by the system using the naming convention "
11420
"of <emphasis role=\"italix\">ethX</emphasis>, where <emphasis "
11421
"role=\"italic\">X</emphasis> represents a numeric value. The first Ethernet "
11422
"interface is typically identified as <emphasis "
11423
"role=\"italic\">eth0</emphasis>, the second as <emphasis "
11424
"role=\"italic\">eth1</emphasis>, and all others should move up in numerical "
11425
"order."
11426
msgstr ""
11427
11428
#: serverguide/C/network-config.xml:46(title)
11429
msgid "Identify Ethernet Interfaces"
11430
msgstr ""
11431
11432
#: serverguide/C/network-config.xml:47(para)
11433
msgid ""
11434
"To quickly identify all available Ethernet interfaces, you can use the "
11435
"<application>ifconfig</application> command as shown below."
11436
msgstr ""
11437
11438
#: serverguide/C/network-config.xml:52(userinput)
11439
#, no-wrap
11440
msgid "ifconfig -a | grep eth"
11441
msgstr ""
11442
11443
#: serverguide/C/network-config.xml:51(screen)
11444
#, no-wrap
11445
msgid ""
11446
"\n"
11447
"<placeholder-1/>\n"
11448
"eth0 Link encap:Ethernet HWaddr 00:15:c5:4a:16:5a\n"
11449
msgstr ""
11450
11451
#: serverguide/C/network-config.xml:55(para)
11452
msgid ""
11453
"Another application that can help identify all network interfaces available "
11454
"to your system is the <application>lshw</application> command. In the "
11455
"example below, <application>lshw</application> shows a single Ethernet "
11456
"interface with the logical name of <emphasis role=\"italic\">eth0</emphasis> "
11457
"along with bus information, driver details and all supported capabilities."
11458
msgstr ""
11459
11460
#: serverguide/C/network-config.xml:62(userinput)
11461
#, no-wrap
11462
msgid "sudo lshw -class network"
11463
msgstr ""
11464
11465
#: serverguide/C/network-config.xml:61(screen)
11466
#, no-wrap
11467
msgid ""
11468
"\n"
11469
"<placeholder-1/>\n"
11470
" *-network\n"
11471
" description: Ethernet interface\n"
11472
" product: BCM4401-B0 100Base-TX\n"
11473
" vendor: Broadcom Corporation\n"
11474
" physical id: 0\n"
11475
" bus info: pci@0000:03:00.0\n"
11476
" logical name: eth0\n"
11477
" version: 02\n"
11478
" serial: 00:15:c5:4a:16:5a\n"
11479
" size: 10MB/s\n"
11480
" capacity: 100MB/s\n"
11481
" width: 32 bits\n"
11482
" clock: 33MHz\n"
11483
" capabilities: (snipped for brevity)\n"
11484
" configuration: (snipped for brevity)\n"
11485
" resources: irq:17 memory:ef9fe000-ef9fffff\n"
11486
msgstr ""
11487
11488
#: serverguide/C/network-config.xml:83(title)
11489
msgid "Ethernet Interface Logical Names"
11490
msgstr ""
11491
11492
#: serverguide/C/network-config.xml:84(para)
11493
msgid ""
11494
"Interface logical names are configured in the file "
11495
"<filename>/etc/udev/rules.d/70-persistent-net.rules.</filename> If you would "
11496
"like control which interface receives a particular logical name, find the "
11497
"line matching the interfaces physical MAC address and modify the value of "
11498
"<emphasis role=\"italic\">NAME=ethX</emphasis> to the desired logical name. "
11499
"Reboot the system to commit your changes."
11500
msgstr ""
11501
11502
#: serverguide/C/network-config.xml:92(programlisting)
11503
#, no-wrap
11504
msgid ""
11505
"\n"
11506
"SUBSYSTEM==\"net\", ACTION==\"add\", DRIVERS==\"?*\", "
11507
"ATTR{address}==\"00:15:c5:4a:16:5a\", ATTR{dev_id}==\"0x0\", "
11508
"ATTR{type}==\"1\", KERNEL==\"eth*\", NAME=\"eth0\"\n"
11509
"SUBSYSTEM==\"net\", ACTION==\"add\", DRIVERS==\"?*\", "
11510
"ATTR{address}==\"00:15:c5:4a:16:5b\", ATTR{dev_id}==\"0x0\", "
11511
"ATTR{type}==\"1\", KERNEL==\"eth*\", NAME=\"eth1\"\n"
11512
msgstr ""
11513
11514
#: serverguide/C/network-config.xml:99(title)
11515
msgid "Ethernet Interface Settings"
11516
msgstr ""
11517
11518
#: serverguide/C/network-config.xml:100(para)
11519
msgid ""
11520
"<application>ethtool</application> is a program that displays and changes "
11521
"Ethernet card settings such as auto-negotiation, port speed, duplex mode, "
11522
"and Wake-on-LAN. It is not installed by default, but is available for "
11523
"installation in the repositories."
11524
msgstr ""
11525
11526
#: serverguide/C/network-config.xml:106(userinput)
11527
#, no-wrap
11528
msgid "sudo apt-get install ethtool"
11529
msgstr ""
11530
11531
#: serverguide/C/network-config.xml:108(para)
11532
msgid ""
11533
"The following is an example of how to view supported features and configured "
11534
"settings of an Ethernet interface."
11535
msgstr ""
11536
11537
#: serverguide/C/network-config.xml:113(userinput)
11538
#, no-wrap
11539
msgid "sudo ethtool eth0"
11540
msgstr ""
11541
11542
#: serverguide/C/network-config.xml:112(screen)
11543
#, no-wrap
11544
msgid ""
11545
"\n"
11546
"<placeholder-1/>\n"
11547
"Settings for eth0:\n"
11548
" Supported ports: [ TP ]\n"
11549
" Supported link modes: 10baseT/Half 10baseT/Full \n"
11550
" 100baseT/Half 100baseT/Full \n"
11551
" 1000baseT/Half 1000baseT/Full \n"
11552
" Supports auto-negotiation: Yes\n"
11553
" Advertised link modes: 10baseT/Half 10baseT/Full \n"
11554
" 100baseT/Half 100baseT/Full \n"
11555
" 1000baseT/Half 1000baseT/Full \n"
11556
" Advertised auto-negotiation: Yes\n"
11557
" Speed: 1000Mb/s\n"
11558
" Duplex: Full\n"
11559
" Port: Twisted Pair\n"
11560
" PHYAD: 1\n"
11561
" Transceiver: internal\n"
11562
" Auto-negotiation: on\n"
11563
" Supports Wake-on: g\n"
11564
" Wake-on: d\n"
11565
" Current message level: 0x000000ff (255)\n"
11566
" Link detected: yes\n"
11567
msgstr ""
11568
11569
#: serverguide/C/network-config.xml:135(para)
11570
msgid ""
11571
"Changes made with the <application>ethtool</application> command are "
11572
"temporary and will be lost after a reboot. If you would like to retain "
11573
"settings, simply add the desired <application>ethtool</application> command "
11574
"to a <emphasis role=\"italic\">pre-up</emphasis> statement in the interface "
11575
"configuration file <filename>/etc/network/interfaces</filename>."
11576
msgstr ""
11577
11578
#: serverguide/C/network-config.xml:141(para)
11579
msgid ""
11580
"The following is an example of how the interface identified as <emphasis "
11581
"role=\"italic\">eth0</emphasis> could be permanently configured with a port "
11582
"speed of 1000Mb/s running in full duplex mode."
11583
msgstr ""
11584
11585
#: serverguide/C/network-config.xml:145(programlisting)
11586
#, no-wrap
11587
msgid ""
11588
"\n"
11589
"auto eth0\n"
11590
"iface eth0 inet static\n"
11591
"pre-up /usr/sbin/ethtool -s eth0 speed 1000 duplex full\n"
11592
msgstr ""
11593
11594
#: serverguide/C/network-config.xml:151(para)
11595
msgid ""
11596
"Although the example above shows the interface configured to use the "
11597
"<emphasis role=\"italic\">static</emphasis> method, it actually works with "
11598
"other methods as well, such as DHCP. The example is meant to demonstrate "
11599
"only proper placement of the <emphasis role=\"italic\">pre-up</emphasis> "
11600
"statement in relation to the rest of the interface configuration."
11601
msgstr ""
11602
11603
#: serverguide/C/network-config.xml:163(title)
11604
msgid "IP Addressing"
11605
msgstr ""
11606
11607
#: serverguide/C/network-config.xml:164(para)
11608
msgid ""
11609
"The following section describes the process of configuring your systems IP "
11610
"address and default gateway needed for communicating on a local area network "
11611
"and the Internet."
11612
msgstr ""
11613
11614
#: serverguide/C/network-config.xml:171(title)
11615
msgid "Temporary IP Address Assignment"
11616
msgstr ""
11617
11618
#: serverguide/C/network-config.xml:172(para)
11619
msgid ""
11620
"For temporary network configurations, you can use standard commands such as "
11621
"<application>ip</application>, <application>ifconfig</application> and "
11622
"<application>route</application>, which are also found on most other "
11623
"GNU/Linux operating systems. These commands allow you to configure settings "
11624
"which take effect immediately, however they are not persistent and will be "
11625
"lost after a reboot."
11626
msgstr ""
11627
11628
#: serverguide/C/network-config.xml:180(para)
11629
msgid ""
11630
"To temporarily configure an IP address, you can use the "
11631
"<application>ifconfig</application> command in the following manner. Just "
11632
"modify the IP address and subnet mask to match your network requirements."
11633
msgstr ""
11634
11635
#: serverguide/C/network-config.xml:186(userinput)
11636
#, no-wrap
11637
msgid "sudo ifconfig eth0 10.0.0.100 netmask 255.255.255.0"
11638
msgstr ""
11639
11640
#: serverguide/C/network-config.xml:188(para)
11641
msgid ""
11642
"To verify the IP address configuration of <application>eth0</application>, "
11643
"you can use the <application>ifconfig</application> command in the following "
11644
"manner."
11645
msgstr ""
11646
11647
#: serverguide/C/network-config.xml:193(userinput)
11648
#, no-wrap
11649
msgid "ifconfig eth0"
11650
msgstr ""
11651
11652
#: serverguide/C/network-config.xml:192(screen)
11653
#, no-wrap
11654
msgid ""
11655
"\n"
11656
"<placeholder-1/>\n"
11657
"eth0 Link encap:Ethernet HWaddr 00:15:c5:4a:16:5a \n"
11658
" inet addr:10.0.0.100 Bcast:10.0.0.255 Mask:255.255.255.0\n"
11659
" inet6 addr: fe80::215:c5ff:fe4a:165a/64 Scope:Link\n"
11660
" UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1\n"
11661
" RX packets:466475604 errors:0 dropped:0 overruns:0 frame:0\n"
11662
" TX packets:403172654 errors:0 dropped:0 overruns:0 carrier:0\n"
11663
" collisions:0 txqueuelen:1000 \n"
11664
" RX bytes:2574778386 (2.5 GB) TX bytes:1618367329 (1.6 GB)\n"
11665
" Interrupt:16 \n"
11666
msgstr ""
11667
11668
#: serverguide/C/network-config.xml:204(para)
11669
msgid ""
11670
"To configure a default gateway, you can use the "
11671
"<application>route</application> command in the following manner. Modify the "
11672
"default gateway address to match your network requirements."
11673
msgstr ""
11674
11675
#: serverguide/C/network-config.xml:210(userinput)
11676
#, no-wrap
11677
msgid "sudo route add default gw 10.0.0.1 eth0"
11678
msgstr ""
11679
11680
#: serverguide/C/network-config.xml:212(para)
11681
msgid ""
11682
"To verify your default gateway configuration, you can use the "
11683
"<application>route</application> command in the following manner."
11684
msgstr ""
11685
11686
#: serverguide/C/network-config.xml:217(userinput)
11687
#, no-wrap
11688
msgid "route -n"
11689
msgstr ""
11690
11691
#: serverguide/C/network-config.xml:216(screen)
11692
#, no-wrap
11693
msgid ""
11694
"\n"
11695
"<placeholder-1/>\n"
11696
"Kernel IP routing table\n"
11697
"Destination Gateway Genmask Flags Metric Ref Use "
11698
"Iface\n"
11699
"10.0.0.0 0.0.0.0 255.255.255.0 U 1 0 0 "
11700
"eth0\n"
11701
"0.0.0.0 10.0.0.1 0.0.0.0 UG 0 0 0 "
11702
"eth0\n"
11703
msgstr ""
11704
11705
#: serverguide/C/network-config.xml:223(para)
11706
msgid ""
11707
"If you require DNS for your temporary network configuration, you can add DNS "
11708
"server IP addresses in the file <filename>/etc/resolv.conf</filename>. The "
11709
"example below shows how to enter two DNS servers to "
11710
"<filename>/etc/resolv.conf</filename>, which should be changed to servers "
11711
"appropriate for your network. A more lengthy description of DNS client "
11712
"configuration is in a following section."
11713
msgstr ""
11714
11715
#: serverguide/C/network-config.xml:230(programlisting)
11716
#, no-wrap
11717
msgid ""
11718
"\n"
11719
"nameserver 8.8.8.8\n"
11720
"nameserver 8.8.4.4\n"
11721
msgstr ""
11722
11723
#: serverguide/C/network-config.xml:234(para)
11724
msgid ""
11725
"If you no longer need this configuration and wish to purge all IP "
11726
"configuration from an interface, you can use the "
11727
"<application>ip</application> command with the flush option as shown below."
11728
msgstr ""
11729
11730
#: serverguide/C/network-config.xml:240(userinput)
11731
#, no-wrap
11732
msgid "ip addr flush eth0"
11733
msgstr ""
11734
11735
#: serverguide/C/network-config.xml:243(para)
11736
msgid ""
11737
"Flushing the IP configuration using the <application>ip</application> "
11738
"command does not clear the contents of "
11739
"<filename>/etc/resolv.conf</filename>. You must remove or modify those "
11740
"entries manually."
11741
msgstr ""
11742
11743
#: serverguide/C/network-config.xml:251(title)
11744
msgid "Dynamic IP Address Assignment (DHCP Client)"
11745
msgstr ""
11746
11747
#: serverguide/C/network-config.xml:252(para)
11748
msgid ""
11749
"To configure your server to use DHCP for dynamic address assignment, add the "
11750
"<emphasis role=\"italic\">dhcp</emphasis> method to the inet address family "
11751
"statement for the appropriate interface in the file "
11752
"<filename>/etc/network/interfaces</filename>. The example below assumes you "
11753
"are configuring your first Ethernet interface identified as <emphasis "
11754
"role=\"italic\">eth0</emphasis>."
11755
msgstr ""
11756
11757
#: serverguide/C/network-config.xml:259(programlisting)
11758
#, no-wrap
11759
msgid ""
11760
"\n"
11761
"auto eth0\n"
11762
"iface eth0 inet dhcp\n"
11763
msgstr ""
11764
11765
#: serverguide/C/network-config.xml:263(para)
11766
msgid ""
11767
"By adding an interface configuration as shown above, you can manually enable "
11768
"the interface through the <application>ifup</application> command which "
11769
"initiates the DHCP process via <application>dhclient</application>."
11770
msgstr ""
11771
11772
#: serverguide/C/network-config.xml:269(userinput) serverguide/C/network-config.xml:304(userinput)
11773
#, no-wrap
11774
msgid "sudo ifup eth0"
11775
msgstr ""
11776
11777
#: serverguide/C/network-config.xml:271(para)
11778
msgid ""
11779
"To manually disable the interface, you can use the "
11780
"<application>ifdown</application> command, which in turn will initiate the "
11781
"DHCP release process and shut down the interface."
11782
msgstr ""
11783
11784
#: serverguide/C/network-config.xml:277(userinput) serverguide/C/network-config.xml:311(userinput)
11785
#, no-wrap
11786
msgid "sudo ifdown eth0"
11787
msgstr ""
11788
11789
#: serverguide/C/network-config.xml:282(title)
11790
msgid "Static IP Address Assignment"
11791
msgstr ""
11792
11793
#: serverguide/C/network-config.xml:283(para)
11794
msgid ""
11795
"To configure your system to use a static IP address assignment, add the "
11796
"<emphasis role=\"italic\">static</emphasis> method to the inet address "
11797
"family statement for the appropriate interface in the file "
11798
"<filename>/etc/network/interfaces</filename>. The example below assumes you "
11799
"are configuring your first Ethernet interface identified as <emphasis "
11800
"role=\"italic\">eth0</emphasis>. Change the <emphasis "
11801
"role=\"italic\">address</emphasis>, <emphasis "
11802
"role=\"italic\">netmask</emphasis>, and <emphasis "
11803
"role=\"italic\">gateway</emphasis> values to meet the requirements of your "
11804
"network."
11805
msgstr ""
11806
11807
#: serverguide/C/network-config.xml:292(programlisting)
11808
#, no-wrap
11809
msgid ""
11810
"\n"
11811
"auto eth0\n"
11812
"iface eth0 inet static\n"
11813
"address 10.0.0.100\n"
11814
"netmask 255.255.255.0\n"
11815
"gateway 10.0.0.1\n"
11816
msgstr ""
11817
11818
#: serverguide/C/network-config.xml:299(para)
11819
msgid ""
11820
"By adding an interface configuration as shown above, you can manually enable "
11821
"the interface through the <application>ifup</application> command."
11822
msgstr ""
11823
11824
#: serverguide/C/network-config.xml:306(para)
11825
msgid ""
11826
"To manually disable the interface, you can use the "
11827
"<application>ifdown</application> command."
11828
msgstr ""
11829
11830
#: serverguide/C/network-config.xml:316(title)
11831
msgid "Loopback Interface"
11832
msgstr ""
11833
11834
#: serverguide/C/network-config.xml:317(para)
11835
msgid ""
11836
"The loopback interface is identified by the system as <emphasis "
11837
"role=\"italic\">lo</emphasis> and has a default IP address of 127.0.0.1. It "
11838
"can be viewed using the ifconfig command."
11839
msgstr ""
11840
11841
#: serverguide/C/network-config.xml:322(userinput)
11842
#, no-wrap
11843
msgid "ifconfig lo"
11844
msgstr ""
11845
11846
#: serverguide/C/network-config.xml:321(screen)
11847
#, no-wrap
11848
msgid ""
11849
"\n"
11850
"<placeholder-1/>\n"
11851
"lo Link encap:Local Loopback \n"
11852
" inet addr:127.0.0.1 Mask:255.0.0.0\n"
11853
" inet6 addr: ::1/128 Scope:Host\n"
11854
" UP LOOPBACK RUNNING MTU:16436 Metric:1\n"
11855
" RX packets:2718 errors:0 dropped:0 overruns:0 frame:0\n"
11856
" TX packets:2718 errors:0 dropped:0 overruns:0 carrier:0\n"
11857
" collisions:0 txqueuelen:0 \n"
11858
" RX bytes:183308 (183.3 KB) TX bytes:183308 (183.3 KB)\n"
11859
msgstr ""
11860
11861
#: serverguide/C/network-config.xml:332(para)
11862
msgid ""
11863
"By default, there should be two lines in "
11864
"<filename>/etc/network/interfaces</filename> responsible for automatically "
11865
"configuring your loopback interface. It is recommended that you keep the "
11866
"default settings unless you have a specific purpose for changing them. An "
11867
"example of the two default lines are shown below."
11868
msgstr ""
11869
11870
#: serverguide/C/network-config.xml:338(programlisting)
11871
#, no-wrap
11872
msgid ""
11873
"\n"
11874
"auto lo\n"
11875
"iface lo inet loopback\n"
11876
msgstr ""
11877
11878
#: serverguide/C/network-config.xml:347(title)
11879
msgid "Name Resolution"
11880
msgstr ""
11881
11882
#: serverguide/C/network-config.xml:348(para)
11883
msgid ""
11884
"Name resolution as it relates to IP networking is the process of mapping IP "
11885
"addresses to hostnames, making it easier to identify resources on a network. "
11886
"The following section will explain how to properly configure your system for "
11887
"name resolution using DNS and static hostname records."
11888
msgstr ""
11889
11890
#: serverguide/C/network-config.xml:356(title)
11891
msgid "DNS Client Configuration"
11892
msgstr ""
11893
11894
#: serverguide/C/network-config.xml:357(para)
11895
msgid ""
11896
"To configure your system to use DNS for name resolution, add the IP "
11897
"addresses of the DNS servers that are appropriate for your network in the "
11898
"file <filename>/etc/resolv.conf</filename>. You can also add an optional DNS "
11899
"suffix search-lists to match your network domain names."
11900
msgstr ""
11901
11902
#: serverguide/C/network-config.xml:362(para)
11903
msgid ""
11904
"Below is an example of a typical configuration of "
11905
"<filename>/etc/resolv.conf</filename> for a server on the domain \"<emphasis "
11906
"role=\"italic\">example.com</emphasis>\" and using two public DNS servers."
11907
msgstr ""
11908
11909
#: serverguide/C/network-config.xml:367(programlisting)
11910
#, no-wrap
11911
msgid ""
11912
"\n"
11913
"search example.com\n"
11914
"nameserver 8.8.8.8\n"
11915
"nameserver 8.8.4.4\n"
11916
msgstr ""
11917
11918
#: serverguide/C/network-config.xml:372(para)
11919
msgid ""
11920
"The <emphasis role=\"italic\">search</emphasis> option can also be used with "
11921
"multiple domain names so that DNS queries will be appended in the order in "
11922
"which they are entered. For example, your network may have multiple sub-"
11923
"domains to search; a parent domain of <emphasis "
11924
"role=\"italic\">example.com</emphasis>, and two sub-domains, <emphasis "
11925
"role=\"italic\">sales.example.com</emphasis> and <emphasis "
11926
"role=\"italic\">dev.example.com</emphasis>."
11927
msgstr ""
11928
11929
#: serverguide/C/network-config.xml:380(para)
11930
msgid ""
11931
"If you have multiple domains you wish to search, your configuration might "
11932
"look like the following."
11933
msgstr ""
11934
11935
#: serverguide/C/network-config.xml:383(programlisting)
11936
#, no-wrap
11937
msgid ""
11938
"\n"
11939
"search example.com sales.example.com dev.example.com\n"
11940
"nameserver 8.8.8.8\n"
11941
"nameserver 8.8.4.4\n"
11942
msgstr ""
11943
11944
#: serverguide/C/network-config.xml:388(para)
11945
msgid ""
11946
"If you try to ping a host with the name of <emphasis "
11947
"role=\"italic\">server1</emphasis>, your system will automatically query DNS "
11948
"for its Fully Qualified Domain Name (FQDN) in the following order:"
11949
msgstr ""
11950
11951
#: serverguide/C/network-config.xml:394(para)
11952
msgid "server1<emphasis role=\"bold\">.example.com</emphasis>"
11953
msgstr ""
11954
11955
#: serverguide/C/network-config.xml:399(para)
11956
msgid "server1<emphasis role=\"bold\">.sales.example.com</emphasis>"
11957
msgstr ""
11958
11959
#: serverguide/C/network-config.xml:404(para)
11960
msgid "server1<emphasis role=\"bold\">.dev.example.com</emphasis>"
11961
msgstr ""
11962
11963
#: serverguide/C/network-config.xml:409(para)
11964
msgid ""
11965
"If no matches are found, the DNS server will provide a result of <emphasis "
11966
"role=\"italic\">notfound</emphasis> and the DNS query will fail."
11967
msgstr ""
11968
11969
#: serverguide/C/network-config.xml:416(title)
11970
msgid "Static Hostnames"
11971
msgstr ""
11972
11973
#: serverguide/C/network-config.xml:417(para)
11974
msgid ""
11975
"Static hostnames are locally defined hostname-to-IP mappings located in the "
11976
"file <filename>/etc/hosts</filename>. Entries in the "
11977
"<filename>hosts</filename> file will have precedence over DNS by default. "
11978
"This means that if your system tries to resolve a hostname and it matches an "
11979
"entry in /etc/hosts, it will not attempt to look up the record in DNS. In "
11980
"some configurations, especially when Internet access is not required, "
11981
"servers that communicate with a limited number of resources can be "
11982
"conveniently set to use static hostnames instead of DNS."
11983
msgstr ""
11984
11985
#: serverguide/C/network-config.xml:424(para)
11986
msgid ""
11987
"The following is an example of a <filename>hosts</filename> file where a "
11988
"number of local servers have been identified by simple hostnames, aliases "
11989
"and their equivalent Fully Qualified Domain Names (FQDN's)."
11990
msgstr ""
11991
11992
#: serverguide/C/network-config.xml:428(programlisting)
11993
#, no-wrap
11994
msgid ""
11995
"\n"
11996
"127.0.0.1\tlocalhost\n"
11997
"127.0.1.1\tubuntu-server\n"
11998
"10.0.0.11\tserver1 vpn server1.example.com\n"
11999
"10.0.0.12\tserver2 mail server2.example.com\n"
12000
"10.0.0.13\tserver3 www server3.example.com\n"
12001
"10.0.0.14\tserver4 file server4.example.com\n"
12002
msgstr ""
12003
12004
#: serverguide/C/network-config.xml:437(para)
12005
msgid ""
12006
"In the above example, notice that each of the servers have been given "
12007
"aliases in addition to their proper names and FQDN's. <emphasis "
12008
"role=\"italic\">Server1</emphasis> has been mapped to the name <emphasis "
12009
"role=\"italic\">vpn</emphasis>, <emphasis role=\"italic\">server2</emphasis> "
12010
"is referred to as <emphasis role=\"italic\">mail</emphasis>, <emphasis "
12011
"role=\"italic\">server3</emphasis> as <emphasis "
12012
"role=\"italic\">www</emphasis>, and <emphasis "
12013
"role=\"italic\">server4</emphasis> as <emphasis "
12014
"role=\"italic\">file</emphasis>."
12015
msgstr ""
12016
12017
#: serverguide/C/network-config.xml:449(title)
12018
msgid "Name Service Switch Configuration"
12019
msgstr ""
12020
12021
#: serverguide/C/network-config.xml:450(para)
12022
msgid ""
12023
"The order in which your system selects a method of resolving hostnames to IP "
12024
"addresses is controlled by the Name Service Switch (NSS) configuration file "
12025
"<filename>/etc/nsswitch.conf</filename>. As mentioned in the previous "
12026
"section, typically static hostnames defined in the systems "
12027
"<filename>/etc/hosts</filename> file have precedence over names resolved "
12028
"from DNS. The following is an example of the line responsible for this order "
12029
"of hostname lookups in the file <filename>/etc/nsswitch.conf</filename>."
12030
msgstr ""
12031
12032
#: serverguide/C/network-config.xml:458(programlisting)
12033
#, no-wrap
12034
msgid ""
12035
"\n"
12036
"hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4\n"
12037
msgstr ""
12038
12039
#: serverguide/C/network-config.xml:464(para)
12040
msgid ""
12041
"<emphasis role=\"bold\">files</emphasis> first tries to resolve static "
12042
"hostnames located in <filename>/etc/hosts</filename>."
12043
msgstr ""
12044
12045
#: serverguide/C/network-config.xml:470(para)
12046
msgid ""
12047
"<emphasis role=\"bold\">mdns4_minimal</emphasis> attempts to resolve the "
12048
"name using Multicast DNS."
12049
msgstr ""
12050
12051
#: serverguide/C/network-config.xml:475(para)
12052
msgid ""
12053
"<emphasis role=\"bold\">[NOTFOUND=return]</emphasis> means that any response "
12054
"of <emphasis role=\"italic\">notfound</emphasis> by the preceding <emphasis "
12055
"role=\"italic\">mdns4_minimal</emphasis> process should be treated as "
12056
"authoritative and that the system should not try to continue hunting for an "
12057
"answer."
12058
msgstr ""
12059
12060
#: serverguide/C/network-config.xml:483(para)
12061
msgid ""
12062
"<emphasis role=\"bold\">dns</emphasis> represents a legacy unicast DNS query."
12063
msgstr ""
12064
12065
#: serverguide/C/network-config.xml:488(para)
12066
msgid ""
12067
"<emphasis role=\"bold\">mdns4</emphasis> represents a Multicast DNS query."
12068
msgstr ""
12069
12070
#: serverguide/C/network-config.xml:494(para)
12071
msgid ""
12072
"To modify the order of the above mentioned name resolution methods, you can "
12073
"simply change the <emphasis role=\"italic\">hosts:</emphasis> string to the "
12074
"value of your choosing. For example, if you prefer to use legacy Unicast DNS "
12075
"versus Multicast DNS, you can change the string in "
12076
"<filename>/etc/nsswitch.conf</filename> as shown below."
12077
msgstr ""
12078
12079
#: serverguide/C/network-config.xml:501(programlisting)
12080
#, no-wrap
12081
msgid ""
12082
"\n"
12083
"hosts: files dns [NOTFOUND=return] mdns4_minimal mdns4\n"
12084
msgstr ""
12085
12086
#: serverguide/C/network-config.xml:508(title)
12087
msgid "Bridging"
12088
msgstr ""
12089
12090
#: serverguide/C/network-config.xml:510(para)
12091
msgid ""
12092
"Bridging multiple interfaces is a more advanced configuration, but is very "
12093
"useful in multiple scenarios. One scenario is setting up a bridge with "
12094
"multiple network interfaces, then using a firewall to filter traffic between "
12095
"two network segments. Another scenario is using bridge on a system with one "
12096
"interface to allow virtual machines direct access to the outside network. "
12097
"The following example covers the latter scenario."
12098
msgstr ""
12099
12100
#: serverguide/C/network-config.xml:517(para)
12101
msgid ""
12102
"Before configuring a bridge you will need to install the <application>bridge-"
12103
"utils</application> package. To install the package, in a terminal enter:"
12104
msgstr ""
12105
12106
#: serverguide/C/network-config.xml:523(command)
12107
msgid "sudo apt-get install bridge-utils"
12108
msgstr ""
12109
12110
#: serverguide/C/network-config.xml:526(para)
12111
msgid ""
12112
"Next, configure the bridge by editing "
12113
"<filename>/etc/network/interfaces</filename>:"
12114
msgstr ""
12115
12116
#: serverguide/C/network-config.xml:530(programlisting)
12117
#, no-wrap
12118
msgid ""
12119
"\n"
12120
"auto lo\n"
12121
"iface lo inet loopback\n"
12122
"\n"
12123
"auto br0\n"
12124
"iface br0 inet static\n"
12125
" address 192.168.0.10\n"
12126
" network 192.168.0.0\n"
12127
" netmask 255.255.255.0\n"
12128
" broadcast 192.168.0.255\n"
12129
" gateway 192.168.0.1\n"
12130
" bridge_ports eth0\n"
12131
" bridge_fd 9\n"
12132
" bridge_hello 2\n"
12133
" bridge_maxage 12\n"
12134
" bridge_stp off\n"
12135
msgstr ""
12136
12137
#: serverguide/C/network-config.xml:549(para)
12138
msgid "Enter the appropriate values for your physical interface and network."
12139
msgstr ""
12140
12141
#: serverguide/C/network-config.xml:554(para)
12142
msgid "Now restart networking to enable the bridge interface:"
12143
msgstr ""
12144
12145
#: serverguide/C/network-config.xml:561(para)
12146
msgid ""
12147
"The new bridge interface should now be up and running. The "
12148
"<application>brctl</application> provides useful information about the state "
12149
"of the bridge, controls which interfaces are part of the bridge, etc. See "
12150
"<command>man brctl</command> for more information."
12151
msgstr ""
12152
12153
#: serverguide/C/network-config.xml:577(para)
12154
msgid ""
12155
"The <ulink url=\"https://help.ubuntu.com/community/Network\">Ubuntu Wiki "
12156
"Network page</ulink> has links to articles covering more advanced network "
12157
"configuration."
12158
msgstr ""
12159
12160
#: serverguide/C/network-config.xml:583(para)
12161
msgid ""
12162
"The <ulink "
12163
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/interfaces.5.html"
12164
"\">interfaces man page</ulink> has details on more options for "
12165
"<filename>/etc/network/interfaces</filename>."
12166
msgstr ""
12167
12168
#: serverguide/C/network-config.xml:589(para)
12169
msgid ""
12170
"The <ulink "
12171
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/dhclient.8.html\">"
12172
"dhclient man page</ulink> has details on more options for configuring DHCP "
12173
"client settings."
12174
msgstr ""
12175
12176
#: serverguide/C/network-config.xml:595(para)
12177
msgid ""
12178
"For more information on DNS client configuration see the <ulink "
12179
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/resolver.5.html\">"
12180
"resolver man page</ulink>. Also, Chapter 6 of O'Reilly's <ulink "
12181
"url=\"http://oreilly.com/catalog/linag2/book/ch06.html\">Linux Network "
12182
"Administrator's Guide</ulink> is a good source of resolver and name service "
12183
"configuration information."
12184
msgstr ""
12185
12186
#: serverguide/C/network-config.xml:603(para)
12187
msgid ""
12188
"For more information on <emphasis>bridging</emphasis> see the <ulink "
12189
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/brctl.8.html\">brc"
12190
"tl man page</ulink> and the Linux Foundation's <ulink "
12191
"url=\"http://www.linuxfoundation.org/en/Net:Bridge\">Net:Bridge</ulink> page."
12192
msgstr ""
12193
12194
#: serverguide/C/network-config.xml:614(title)
12195
msgid "TCP/IP"
12196
msgstr ""
12197
12198
#: serverguide/C/network-config.xml:615(para)
12199
msgid ""
12200
"The Transmission Control Protocol and Internet Protocol (TCP/IP) is a "
12201
"standard set of protocols developed in the late 1970s by the Defense "
12202
"Advanced Research Projects Agency (DARPA) as a means of communication "
12203
"between different types of computers and computer networks. TCP/IP is the "
12204
"driving force of the Internet, and thus it is the most popular set of "
12205
"network protocols on Earth."
12206
msgstr ""
12207
12208
#: serverguide/C/network-config.xml:623(title)
12209
msgid "TCP/IP Introduction"
12210
msgstr ""
12211
12212
#: serverguide/C/network-config.xml:624(para)
12213
msgid ""
12214
"The two protocol components of TCP/IP deal with different aspects of "
12215
"computer networking. <emphasis>Internet Protocol</emphasis>, the \"IP\" of "
12216
"TCP/IP is a connectionless protocol which deals only with network packet "
12217
"routing using the <emphasis role=\"italics\">IP Datagram</emphasis> as the "
12218
"basic unit of networking information. The IP Datagram consists of a header "
12219
"followed by a message. The <emphasis> Transmission Control "
12220
"Protocol</emphasis> is the \"TCP\" of TCP/IP and enables network hosts to "
12221
"establish connections which may be used to exchange data streams. TCP also "
12222
"guarantees that the data between connections is delivered and that it "
12223
"arrives at one network host in the same order as sent from another network "
12224
"host."
12225
msgstr ""
12226
12227
#: serverguide/C/network-config.xml:637(title)
12228
msgid "TCP/IP Configuration"
12229
msgstr ""
12230
12231
#: serverguide/C/network-config.xml:638(para)
12232
msgid ""
12233
"The TCP/IP protocol configuration consists of several elements which must be "
12234
"set by editing the appropriate configuration files, or deploying solutions "
12235
"such as the Dynamic Host Configuration Protocol (DHCP) server which in turn, "
12236
"can be configured to provide the proper TCP/IP configuration settings to "
12237
"network clients automatically. These configuration values must be set "
12238
"correctly in order to facilitate the proper network operation of your Ubuntu "
12239
"system."
12240
msgstr ""
12241
12242
#: serverguide/C/network-config.xml:650(para)
12243
msgid ""
12244
"<emphasis role=\"bold\">IP address</emphasis> The IP address is a unique "
12245
"identifying string expressed as four decimal numbers ranging from zero (0) "
12246
"to two-hundred and fifty-five (255), separated by periods, with each of the "
12247
"four numbers representing eight (8) bits of the address for a total length "
12248
"of thirty-two (32) bits for the whole address. This format is called "
12249
"<emphasis>dotted quad notation</emphasis>."
12250
msgstr ""
12251
12252
#: serverguide/C/network-config.xml:660(para)
12253
msgid ""
12254
"<emphasis role=\"bold\">Netmask</emphasis> The Subnet Mask (or simply, "
12255
"<emphasis>netmask</emphasis>) is a local bit mask, or set of flags which "
12256
"separate the portions of an IP address significant to the network from the "
12257
"bits significant to the <emphasis>subnetwork</emphasis>. For example, in a "
12258
"Class C network, the standard netmask is 255.255.255.0 which masks the first "
12259
"three bytes of the IP address and allows the last byte of the IP address to "
12260
"remain available for specifying hosts on the subnetwork."
12261
msgstr ""
12262
12263
#: serverguide/C/network-config.xml:671(para)
12264
msgid ""
12265
"<emphasis role=\"bold\">Network Address</emphasis> The Network Address "
12266
"represents the bytes comprising the network portion of an IP address. For "
12267
"example, the host 12.128.1.2 in a Class A network would use 12.0.0.0 as the "
12268
"network address, where twelve (12) represents the first byte of the IP "
12269
"address, (the network part) and zeroes (0) in all of the remaining three "
12270
"bytes to represent the potential host values. A network host using the "
12271
"private IP address 192.168.1.100 would in turn use a Network Address of "
12272
"192.168.1.0, which specifies the first three bytes of the Class C 192.168.1 "
12273
"network and a zero (0) for all the possible hosts on the network."
12274
msgstr ""
12275
12276
#: serverguide/C/network-config.xml:684(para)
12277
msgid ""
12278
"<emphasis role=\"bold\">Broadcast Address</emphasis> The Broadcast Address "
12279
"is an IP address which allows network data to be sent simultaneously to all "
12280
"hosts on a given subnetwork rather than specifying a particular host. The "
12281
"standard general broadcast address for IP networks is 255.255.255.255, but "
12282
"this broadcast address cannot be used to send a broadcast message to every "
12283
"host on the Internet because routers block it. A more appropriate broadcast "
12284
"address is set to match a specific subnetwork. For example, on the private "
12285
"Class C IP network, 192.168.1.0, the broadcast address is 192.168.1.255. "
12286
"Broadcast messages are typically produced by network protocols such as the "
12287
"Address Resolution Protocol (ARP) and the Routing Information Protocol (RIP)."
12288
msgstr ""
12289
12290
#: serverguide/C/network-config.xml:697(para)
12291
msgid ""
12292
"<emphasis role=\"bold\">Gateway Address</emphasis> A Gateway Address is the "
12293
"IP address through which a particular network, or host on a network, may be "
12294
"reached. If one network host wishes to communicate with another network "
12295
"host, and that host is not located on the same network, then a "
12296
"<emphasis>gateway</emphasis> must be used. In many cases, the Gateway "
12297
"Address will be that of a router on the same network, which will in turn "
12298
"pass traffic on to other networks or hosts, such as Internet hosts. The "
12299
"value of the Gateway Address setting must be correct, or your system will "
12300
"not be able to reach any hosts beyond those on the same network."
12301
msgstr ""
12302
12303
#: serverguide/C/network-config.xml:708(para)
12304
msgid ""
12305
"<emphasis role=\"bold\">Nameserver Address</emphasis> Nameserver Addresses "
12306
"represent the IP addresses of Domain Name Service (DNS) systems, which "
12307
"resolve network hostnames into IP addresses. There are three levels of "
12308
"Nameserver Addresses, which may be specified in order of precedence: The "
12309
"<emphasis>Primary</emphasis> Nameserver, the <emphasis>Secondary</emphasis> "
12310
"Nameserver, and the <emphasis>Tertiary</emphasis> Nameserver. In order for "
12311
"your system to be able to resolve network hostnames into their corresponding "
12312
"IP addresses, you must specify valid Nameserver Addresses which you are "
12313
"authorized to use in your system's TCP/IP configuration. In many cases these "
12314
"addresses can and will be provided by your network service provider, but "
12315
"many free and publicly accessible nameservers are available for use, such as "
12316
"the Level3 (Verizon) servers with IP addresses from 4.2.2.1 to 4.2.2.6."
12317
msgstr ""
12318
12319
#: serverguide/C/network-config.xml:722(para)
12320
msgid ""
12321
"The IP address, Netmask, Network Address, Broadcast Address, and Gateway "
12322
"Address are typically specified via the appropriate directives in the file "
12323
"<filename>/etc/network/interfaces</filename>. The Nameserver Addresses are "
12324
"typically specified via <emphasis>nameserver</emphasis> directives in the "
12325
"file <filename>/etc/resolv.conf</filename>. For more information, view the "
12326
"system manual page for <filename>interfaces</filename> or "
12327
"<filename>resolv.conf</filename> respectively, with the following commands "
12328
"typed at a terminal prompt:"
12329
msgstr ""
12330
12331
#: serverguide/C/network-config.xml:729(para)
12332
msgid ""
12333
"Access the system manual page for <filename>interfaces</filename> with the "
12334
"following command:"
12335
msgstr ""
12336
12337
#: serverguide/C/network-config.xml:734(command)
12338
msgid "man interfaces"
12339
msgstr ""
12340
12341
#: serverguide/C/network-config.xml:737(para)
12342
msgid ""
12343
"Access the system manual page for <filename>resolv.conf</filename> with the "
12344
"following command:"
12345
msgstr ""
12346
12347
#: serverguide/C/network-config.xml:741(command)
12348
msgid "man resolv.conf"
12349
msgstr ""
12350
12351
#: serverguide/C/network-config.xml:646(para)
12352
msgid ""
12353
"The common configuration elements of TCP/IP and their purposes are as "
12354
"follows: <placeholder-1/>"
12355
msgstr ""
12356
12357
#: serverguide/C/network-config.xml:748(title)
12358
msgid "IP Routing"
12359
msgstr ""
12360
12361
#: serverguide/C/network-config.xml:749(para)
12362
msgid ""
12363
"IP routing is a means of specifying and discovering paths in a TCP/IP "
12364
"network along which network data may be sent. Routing uses a set of "
12365
"<emphasis>routing tables</emphasis> to direct the forwarding of network data "
12366
"packets from their source to the destination, often via many intermediary "
12367
"network nodes known as <emphasis>routers</emphasis>. There are two primary "
12368
"forms of IP routing: <emphasis>Static Routing</emphasis> and "
12369
"<emphasis>Dynamic Routing.</emphasis>"
12370
msgstr ""
12371
12372
#: serverguide/C/network-config.xml:758(para)
12373
msgid ""
12374
"Static routing involves manually adding IP routes to the system's routing "
12375
"table, and this is usually done by manipulating the routing table with the "
12376
"<application>route</application> command. Static routing enjoys many "
12377
"advantages over dynamic routing, such as simplicity of implementation on "
12378
"smaller networks, predictability (the routing table is always computed in "
12379
"advance, and thus the route is precisely the same each time it is used), and "
12380
"low overhead on other routers and network links due to the lack of a dynamic "
12381
"routing protocol. However, static routing does present some disadvantages as "
12382
"well. For example, static routing is limited to small networks and does not "
12383
"scale well. Static routing also fails completely to adapt to network outages "
12384
"and failures along the route due to the fixed nature of the route."
12385
msgstr ""
12386
12387
#: serverguide/C/network-config.xml:768(para)
12388
msgid ""
12389
"Dynamic routing depends on large networks with multiple possible IP routes "
12390
"from a source to a destination and makes use of special routing protocols, "
12391
"such as the Router Information Protocol (RIP), which handle the automatic "
12392
"adjustments in routing tables that make dynamic routing possible. Dynamic "
12393
"routing has several advantages over static routing, such as superior "
12394
"scalability and the ability to adapt to failures and outages along network "
12395
"routes. Additionally, there is less manual configuration of the routing "
12396
"tables, since routers learn from one another about their existence and "
12397
"available routes. This trait also eliminates the possibility of introducing "
12398
"mistakes in the routing tables via human error. Dynamic routing is not "
12399
"perfect, however, and presents disadvantages such as heightened complexity "
12400
"and additional network overhead from router communications, which does not "
12401
"immediately benefit the end users, but still consumes network bandwidth."
12402
msgstr ""
12403
12404
#: serverguide/C/network-config.xml:782(title)
12405
msgid "TCP and UDP"
12406
msgstr ""
12407
12408
#: serverguide/C/network-config.xml:783(para)
12409
msgid ""
12410
"TCP is a connection-based protocol, offering error correction and guaranteed "
12411
"delivery of data via what is known as <emphasis>flow control</emphasis>. "
12412
"Flow control determines when the flow of a data stream needs to be stopped, "
12413
"and previously sent data packets should to be re-sent due to problems such "
12414
"as <emphasis>collisions</emphasis>, for example, thus ensuring complete and "
12415
"accurate delivery of the data. TCP is typically used in the exchange of "
12416
"important information such as database transactions."
12417
msgstr ""
12418
12419
#: serverguide/C/network-config.xml:791(para)
12420
msgid ""
12421
"The User Datagram Protocol (UDP), on the other hand, is a "
12422
"<emphasis>connectionless</emphasis> protocol which seldom deals with the "
12423
"transmission of important data because it lacks flow control or any other "
12424
"method to ensure reliable delivery of the data. UDP is commonly used in such "
12425
"applications as audio and video streaming, where it is considerably faster "
12426
"than TCP due to the lack of error correction and flow control, and where the "
12427
"loss of a few packets is not generally catastrophic."
12428
msgstr ""
12429
12430
#: serverguide/C/network-config.xml:801(title)
12431
msgid "ICMP"
12432
msgstr ""
12433
12434
#: serverguide/C/network-config.xml:802(para)
12435
msgid ""
12436
"The Internet Control Messaging Protocol (ICMP) is an extension to the "
12437
"Internet Protocol (IP) as defined in the Request For Comments (RFC) #792 and "
12438
"supports network packets containing control, error, and informational "
12439
"messages. ICMP is used by such network applications as the "
12440
"<application>ping</application> utility, which can determine the "
12441
"availability of a network host or device. Examples of some error messages "
12442
"returned by ICMP which are useful to both network hosts and devices such as "
12443
"routers, include <emphasis>Destination Unreachable</emphasis> and "
12444
"<emphasis>Time Exceeded</emphasis>."
12445
msgstr ""
12446
12447
#: serverguide/C/network-config.xml:812(title)
12448
msgid "Daemons"
12449
msgstr ""
12450
12451
#: serverguide/C/network-config.xml:813(para)
12452
msgid ""
12453
"Daemons are special system applications which typically execute continuously "
12454
"in the background and await requests for the functions they provide from "
12455
"other applications. Many daemons are network-centric; that is, a large "
12456
"number of daemons executing in the background on an Ubuntu system may "
12457
"provide network-related functionality. Some examples of such network daemons "
12458
"include the <emphasis>Hyper Text Transport Protocol Daemon</emphasis> "
12459
"(httpd), which provides web server functionality; the <emphasis>Secure SHell "
12460
"Daemon</emphasis> (sshd), which provides secure remote login shell and file "
12461
"transfer capabilities; and the <emphasis>Internet Message Access Protocol "
12462
"Daemon</emphasis> (imapd), which provides E-Mail services."
12463
msgstr ""
12464
12465
#: serverguide/C/network-config.xml:828(para)
12466
msgid ""
12467
"There are man pages for <ulink "
12468
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man7/tcp.7.html\">TCP</"
12469
"ulink> and <ulink "
12470
"url=\"http://manpages.ubuntu.com/manpages/maverick/man7/ip.7.html\">IP</ulink"
12471
"> that contain more useful information."
12472
msgstr ""
12473
12474
#: serverguide/C/network-config.xml:834(para)
12475
msgid ""
12476
"Also, see the <ulink "
12477
"url=\"http://www.redbooks.ibm.com/abstracts/gg243376.html\">TCP/IP Tutorial "
12478
"and Technical Overview</ulink> IBM Redbook."
12479
msgstr ""
12480
12481
#: serverguide/C/network-config.xml:840(para)
12482
msgid ""
12483
"Another resource is O'Reilly's <ulink "
12484
"url=\"http://oreilly.com/catalog/9780596002978/\">TCP/IP Network "
12485
"Administration</ulink>."
12486
msgstr ""
12487
12488
#: serverguide/C/network-config.xml:849(title)
12489
msgid "Dynamic Host Configuration Protocol (DHCP)"
12490
msgstr ""
12491
12492
#: serverguide/C/network-config.xml:850(para)
12493
msgid ""
12494
"The Dynamic Host Configuration Protocol (DHCP) is a network service that "
12495
"enables host computers to be automatically assigned settings from a server "
12496
"as opposed to manually configuring each network host. Computers configured "
12497
"to be DHCP clients have no control over the settings they receive from the "
12498
"DHCP server, and the configuration is transparent to the computer's user."
12499
msgstr ""
12500
12501
#: serverguide/C/network-config.xml:857(para)
12502
msgid ""
12503
"The most common settings provided by a DHCP server to DHCP clients include:"
12504
msgstr ""
12505
12506
#: serverguide/C/network-config.xml:862(para)
12507
msgid "IP-Address and Netmask"
12508
msgstr ""
12509
12510
#: serverguide/C/network-config.xml:865(para)
12511
msgid "DNS"
12512
msgstr ""
12513
12514
#: serverguide/C/network-config.xml:868(para)
12515
msgid "WINS"
12516
msgstr ""
12517
12518
#: serverguide/C/network-config.xml:871(para)
12519
msgid ""
12520
"However, a DHCP server can also supply configuration properties such as:"
12521
msgstr ""
12522
12523
#: serverguide/C/network-config.xml:876(para)
12524
msgid "Host Name"
12525
msgstr ""
12526
12527
#: serverguide/C/network-config.xml:879(para)
12528
msgid "Domain Name"
12529
msgstr ""
12530
12531
#: serverguide/C/network-config.xml:882(para)
12532
msgid "Default Gateway"
12533
msgstr ""
12534
12535
#: serverguide/C/network-config.xml:885(para)
12536
msgid "Time Server"
12537
msgstr ""
12538
12539
#: serverguide/C/network-config.xml:888(para)
12540
msgid "Print Server"
12541
msgstr ""
12542
12543
#: serverguide/C/network-config.xml:891(para)
12544
msgid ""
12545
"The advantage of using DHCP is that changes to the network, for example a "
12546
"change in the address of the DNS server, need only be changed at the DHCP "
12547
"server, and all network hosts will be reconfigured the next time their DHCP "
12548
"clients poll the DHCP server. As an added advantage, it is also easier to "
12549
"integrate new computers into the network, as there is no need to check for "
12550
"the availability of an IP address. Conflicts in IP address allocation are "
12551
"also reduced."
12552
msgstr ""
12553
12554
#: serverguide/C/network-config.xml:899(para)
12555
msgid "A DHCP server can provide configuration settings using two methods:"
12556
msgstr ""
12557
12558
#: serverguide/C/network-config.xml:904(term)
12559
msgid "MAC Address"
12560
msgstr ""
12561
12562
#: serverguide/C/network-config.xml:906(para)
12563
msgid ""
12564
"This method entails using DHCP to identify the unique hardware address of "
12565
"each network card connected to the network and then continually supplying a "
12566
"constant configuration each time the DHCP client makes a request to the DHCP "
12567
"server using that network device."
12568
msgstr ""
12569
12570
#: serverguide/C/network-config.xml:915(term)
12571
msgid "Address Pool"
12572
msgstr ""
12573
12574
#: serverguide/C/network-config.xml:917(para)
12575
msgid ""
12576
"This method entails defining a pool (sometimes also called a range or scope) "
12577
"of IP addresses from which DHCP clients are supplied their configuration "
12578
"properties dynamically and on a \"first come, first served\" basis. When a "
12579
"DHCP client is no longer on the network for a specified period, the "
12580
"configuration is expired and released back to the address pool for use by "
12581
"other DHCP Clients."
12582
msgstr ""
12583
12584
#: serverguide/C/network-config.xml:928(para)
12585
msgid ""
12586
"Ubuntu is shipped with both DHCP server and client. The server is "
12587
"<application>dhcpd</application> (dynamic host configuration protocol "
12588
"daemon). The client provided with Ubuntu is "
12589
"<application>dhclient</application> and should be installed on all computers "
12590
"required to be automatically configured. Both programs are easy to install "
12591
"and configure and will be automatically started at system boot."
12592
msgstr ""
12593
12594
#: serverguide/C/network-config.xml:938(para)
12595
msgid ""
12596
"At a terminal prompt, enter the following command to install "
12597
"<application>dhcpd</application>:"
12598
msgstr ""
12599
12600
#: serverguide/C/network-config.xml:943(command)
12601
msgid "sudo apt-get install dhcp3-server"
12602
msgstr ""
12603
12604
#: serverguide/C/network-config.xml:945(para)
12605
msgid ""
12606
"You will probably need to change the default configuration by editing "
12607
"/etc/dhcp3/dhcpd.conf to suit your needs and particular configuration."
12608
msgstr ""
12609
12610
#: serverguide/C/network-config.xml:949(para)
12611
msgid ""
12612
"You also need to edit /etc/default/dhcp3-server to specify the interfaces "
12613
"dhcpd should listen to. By default it listens to eth0."
12614
msgstr ""
12615
12616
#: serverguide/C/network-config.xml:953(para)
12617
msgid ""
12618
"NOTE: dhcpd's messages are being sent to syslog. Look there for diagnostics "
12619
"messages."
12620
msgstr ""
12621
12622
#: serverguide/C/network-config.xml:960(para)
12623
msgid ""
12624
"The error message the installation ends with might be a little confusing, "
12625
"but the following steps will help you configure the service:"
12626
msgstr ""
12627
12628
#: serverguide/C/network-config.xml:964(para)
12629
msgid ""
12630
"Most commonly, what you want to do is assign an IP address randomly. This "
12631
"can be done with settings as follows:"
12632
msgstr ""
12633
12634
#: serverguide/C/network-config.xml:968(programlisting)
12635
#, no-wrap
12636
msgid ""
12637
"\n"
12638
"# Sample /etc/dhcpd.conf\n"
12639
"# (add your comments here) \n"
12640
"default-lease-time 600;\n"
12641
"max-lease-time 7200;\n"
12642
"option subnet-mask 255.255.255.0;\n"
12643
"option broadcast-address 192.168.1.255;\n"
12644
"option routers 192.168.1.254;\n"
12645
"option domain-name-servers 192.168.1.1, 192.168.1.2;\n"
12646
"option domain-name \"mydomain.example\";\n"
12647
"\n"
12648
"subnet 192.168.1.0 netmask 255.255.255.0 {\n"
12649
"range 192.168.1.10 192.168.1.100;\n"
12650
"range 192.168.1.150 192.168.1.200;\n"
12651
"} \n"
12652
msgstr ""
12653
12654
#: serverguide/C/network-config.xml:984(para)
12655
msgid ""
12656
"This will result in the DHCP server giving a client an IP address from the "
12657
"range 192.168.1.10-192.168.1.100 or 192.168.1.150-192.168.1.200. It will "
12658
"lease an IP address for 600 seconds if the client doesn't ask for a specific "
12659
"time frame. Otherwise the maximum (allowed) lease will be 7200 seconds. The "
12660
"server will also \"advise\" the client that it should use 255.255.255.0 as "
12661
"its subnet mask, 192.168.1.255 as its broadcast address, 192.168.1.254 as "
12662
"the router/gateway and 192.168.1.1 and 192.168.1.2 as its DNS servers."
12663
msgstr ""
12664
12665
#: serverguide/C/network-config.xml:993(para)
12666
msgid ""
12667
"If you need to specify a WINS server for your Windows clients, you will need "
12668
"to include the netbios-name-servers option, e.g."
12669
msgstr ""
12670
12671
#: serverguide/C/network-config.xml:997(programlisting)
12672
#, no-wrap
12673
msgid ""
12674
"\n"
12675
"option netbios-name-servers 192.168.1.1; \n"
12676
msgstr ""
12677
12678
#: serverguide/C/network-config.xml:1000(para)
12679
msgid ""
12680
"Dhcpd configuration settings are taken from the DHCP mini-HOWTO, which can "
12681
"be found <ulink "
12682
"url=\"http://www.tldp.org/HOWTO/DHCP/index.html\">here</ulink>."
12683
msgstr ""
12684
12685
#: serverguide/C/network-config.xml:1010(para)
12686
msgid ""
12687
"The <ulink url=\"https://help.ubuntu.com/community/dhcp3-server\">dhcp3-"
12688
"server Ubuntu Wiki</ulink> page has more information."
12689
msgstr ""
12690
12691
#: serverguide/C/network-config.xml:1015(para)
12692
msgid ""
12693
"For more <filename>/etc/dhcp3/dhcpd.conf</filename> options see the <ulink "
12694
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/dhcpd.conf.5.html"
12695
"\">dhcpd.conf man page</ulink>."
12696
msgstr ""
12697
12698
#: serverguide/C/network-config.xml:1021(para)
12699
msgid ""
12700
"Also see the <ulink url=\"http://www.dhcp-handbook.com/dhcp_faq.html\">DHCP "
12701
"FAQ</ulink>"
12702
msgstr ""
12703
12704
#: serverguide/C/network-config.xml:1031(title)
12705
msgid "Time Synchronisation with NTP"
12706
msgstr ""
12707
12708
#: serverguide/C/network-config.xml:1032(para)
12709
msgid ""
12710
"This page describes methods for keeping your computer's time accurate. This "
12711
"is useful for servers, but is not necessary (or desirable) for desktop "
12712
"machines."
12713
msgstr ""
12714
12715
#: serverguide/C/network-config.xml:1035(para)
12716
msgid ""
12717
"NTP is a TCP/IP protocol for synchronising time over a network. Basically a "
12718
"client requests the current time from a server, and uses it to set its own "
12719
"clock."
12720
msgstr ""
12721
12722
#: serverguide/C/network-config.xml:1038(para)
12723
msgid ""
12724
"Behind this simple description, there is a lot of complexity - there are "
12725
"tiers of NTP servers, with the tier one NTP servers connected to atomic "
12726
"clocks (often via GPS), and tier two and three servers spreading the load of "
12727
"actually handling requests across the Internet. Also the client software is "
12728
"a lot more complex than you might think - it has to factor out communication "
12729
"delays, and adjust the time in a way that does not upset all the other "
12730
"processes that run on the server. But luckily all that complexity is hidden "
12731
"from you!"
12732
msgstr ""
12733
12734
#: serverguide/C/network-config.xml:1041(para)
12735
msgid ""
12736
"Ubuntu has two ways of automatically setting your time: ntpdate and ntpd."
12737
msgstr ""
12738
12739
#: serverguide/C/network-config.xml:1046(title)
12740
msgid "ntpdate"
12741
msgstr ""
12742
12743
#: serverguide/C/network-config.xml:1047(para)
12744
msgid ""
12745
"Ubuntu comes with ntpdate as standard, and will run it once at boot time to "
12746
"set up your time according to Ubuntu's NTP server. However, a server's clock "
12747
"is likely to drift considerably between reboots, so it makes sense to "
12748
"correct the time occasionally. The easiest way to do this is to get cron to "
12749
"run ntpdate every day. With your favorite editor, as root, create a file "
12750
"<code>/etc/cron.daily/ntpdate</code> containing:"
12751
msgstr ""
12752
12753
#: serverguide/C/network-config.xml:1052(screen)
12754
#, no-wrap
12755
msgid "ntpdate ntp.ubuntu.com\n"
12756
msgstr ""
12757
12758
#: serverguide/C/network-config.xml:1054(para)
12759
msgid ""
12760
"The file <code>/etc/cron.daily/ntpdate</code> must also be executable."
12761
msgstr ""
12762
12763
#: serverguide/C/network-config.xml:1057(screen)
12764
#, no-wrap
12765
msgid "sudo chmod 755 /etc/cron.daily/ntpdate\n"
12766
msgstr ""
12767
12768
#: serverguide/C/network-config.xml:1061(title)
12769
msgid "ntpd"
12770
msgstr ""
12771
12772
#: serverguide/C/network-config.xml:1062(para)
12773
msgid ""
12774
"ntpdate is a bit of a blunt instrument - it can only adjust the time once a "
12775
"day, in one big correction. The ntp daemon ntpd is far more subtle. It "
12776
"calculates the drift of your system clock and continuously adjusts it, so "
12777
"there are no large corrections that could lead to inconsistent logs for "
12778
"instance. The cost is a little processing power and memory, but for a modern "
12779
"server this is negligible."
12780
msgstr ""
12781
12782
#: serverguide/C/network-config.xml:1065(para)
12783
msgid "To set up ntpd:"
12784
msgstr ""
12785
12786
#: serverguide/C/network-config.xml:1066(screen)
12787
#, no-wrap
12788
msgid "sudo apt-get install ntp\n"
12789
msgstr ""
12790
12791
#: serverguide/C/network-config.xml:1071(title)
12792
msgid "Changing Time Servers"
12793
msgstr ""
12794
12795
#: serverguide/C/network-config.xml:1072(para)
12796
msgid ""
12797
"In both cases above, your system will use Ubuntu's NTP server at "
12798
"<code>ntp.ubuntu.com</code> by default. This is OK, but you might want to "
12799
"use several servers to increase accuracy and resilience, and you may want to "
12800
"use time servers that are geographically closer to you. to do this for "
12801
"ntpdate, change the contents of <code>/etc/cron.daily/ntpdate</code> to:"
12802
msgstr ""
12803
12804
#: serverguide/C/network-config.xml:1079(screen)
12805
#, no-wrap
12806
msgid "ntpdate ntp.ubuntu.com pool.ntp.org \n"
12807
msgstr ""
12808
12809
#: serverguide/C/network-config.xml:1081(para)
12810
msgid ""
12811
"And for ntpd edit <code>/etc/ntp.conf</code> to include additional server "
12812
"lines:"
12813
msgstr ""
12814
12815
#: serverguide/C/network-config.xml:1086(screen)
12816
#, no-wrap
12817
msgid ""
12818
"server ntp.ubuntu.com\n"
12819
"server pool.ntp.org\n"
12820
msgstr ""
12821
12822
#: serverguide/C/network-config.xml:1089(para)
12823
msgid ""
12824
"You may notice <code>pool.ntp.org</code> in the examples above. This is a "
12825
"really good idea which uses round-robin DNS to return an NTP server from a "
12826
"pool, spreading the load between several different servers. Even better, "
12827
"they have pools for different regions - for instance, if you are in New "
12828
"Zealand, so you could use <code>nz.pool.ntp.org</code> instead of "
12829
"<code>pool.ntp.org</code> . Look at <ulink "
12830
"url=\"http://www.pool.ntp.org/\">http://www.pool.ntp.org/</ulink> for more "
12831
"details."
12832
msgstr ""
12833
12834
#: serverguide/C/network-config.xml:1100(para)
12835
msgid ""
12836
"You can also Google for NTP servers in your region, and add these to your "
12837
"configuration. To test that a server works, just type <code>sudo ntpdate "
12838
"ntp.server.name</code> and see what happens."
12839
msgstr ""
12840
12841
#: serverguide/C/network-config.xml:1111(para)
12842
msgid ""
12843
"See the <ulink url=\"https://help.ubuntu.com/community/UbuntuTime\">Ubuntu "
12844
"Time</ulink> wiki page for more information."
12845
msgstr ""
12846
12847
#: serverguide/C/network-config.xml:1117(ulink)
12848
msgid "NTP Support"
12849
msgstr ""
12850
12851
#: serverguide/C/network-config.xml:1122(ulink)
12852
msgid "The NTP FAQ and HOWTO"
12853
msgstr ""
12854
12855
#: serverguide/C/network-auth.xml:13(title)
12856
msgid "Network Authentication"
12857
msgstr ""
12858
12859
#: serverguide/C/network-auth.xml:15(para)
12860
msgid "This section explains various Network Authentication protocols."
12861
msgstr ""
12862
12863
#: serverguide/C/network-auth.xml:19(title)
12864
msgid "OpenLDAP Server"
12865
msgstr ""
12866
12867
#: serverguide/C/network-auth.xml:20(para)
12868
msgid ""
12869
"LDAP is an acronym for Lightweight Directory Access Protocol, it is a "
12870
"simplified version of the X.500 protocol. The directory setup in this "
12871
"section will be used for authentication. Nevertheless, LDAP can be used in "
12872
"numerous ways: authentication, shared directory (for mail clients), address "
12873
"book, etc."
12874
msgstr ""
12875
12876
#: serverguide/C/network-auth.xml:28(para)
12877
msgid ""
12878
"To describe LDAP quickly, all information is stored in a tree structure. "
12879
"With <application>OpenLDAP</application> you have freedom to determine the "
12880
"directory arborescence (the Directory Information Tree: the DIT) yourself. "
12881
"We will begin with a basic tree containing two nodes below the root:"
12882
msgstr ""
12883
12884
#: serverguide/C/network-auth.xml:37(para)
12885
msgid "\"People\" node where your users will be stored"
12886
msgstr ""
12887
12888
#: serverguide/C/network-auth.xml:40(para)
12889
msgid "\"Groups\" node where your groups will be stored"
12890
msgstr ""
12891
12892
#: serverguide/C/network-auth.xml:44(para)
12893
msgid ""
12894
"Before beginning, you should determine what the root of your LDAP directory "
12895
"will be. By default, your tree will be determined by your Fully Qualified "
12896
"Domain Name (FQDN). If your domain is example.com (which we will use in this "
12897
"example), your root node will be dc=example,dc=com."
12898
msgstr ""
12899
12900
#: serverguide/C/network-auth.xml:54(para)
12901
msgid ""
12902
"First, install the <application>OpenLDAP</application> server daemon "
12903
"<application>slapd</application> and <application>ldap-utils</application>, "
12904
"a package containing LDAP management utilities:"
12905
msgstr ""
12906
12907
#: serverguide/C/network-auth.xml:60(command)
12908
msgid "sudo apt-get install slapd ldap-utils"
12909
msgstr ""
12910
12911
#: serverguide/C/network-auth.xml:63(para)
12912
msgid ""
12913
"By default <application>slapd</application> is configured with minimal "
12914
"options needed to run the <application>slapd</application> daemon."
12915
msgstr ""
12916
12917
#: serverguide/C/network-auth.xml:68(para)
12918
msgid ""
12919
"The configuration example in the following sections will match the domain "
12920
"name of the server. For example, if the machine's Fully Qualified Domain "
12921
"Name (FQDN) is ldap.example.com, the default suffix will be "
12922
"<emphasis>dc=example,dc=com</emphasis>."
12923
msgstr ""
12924
12925
#: serverguide/C/network-auth.xml:76(title)
12926
msgid "Populating LDAP"
12927
msgstr ""
12928
12929
#: serverguide/C/network-auth.xml:78(para)
12930
msgid ""
12931
"<application>OpenLDAP</application> uses a separate directory which contains "
12932
"the <emphasis>cn=config</emphasis> Directory Information Tree (DIT). The "
12933
"<emphasis>cn=config</emphasis> DIT is used to dynamically configure the "
12934
"<application>slapd</application> daemon, allowing the modification of schema "
12935
"definitions, indexes, ACLs, etc without stopping the service."
12936
msgstr ""
12937
12938
#: serverguide/C/network-auth.xml:86(para)
12939
msgid ""
12940
"The backend <emphasis>cn=config</emphasis> directory has only a minimal "
12941
"configuration and will need additional configuration options in order to "
12942
"populate the frontend directory. The frontend will be populated with a "
12943
"\"classical\" scheme that will be compatible with address book applications "
12944
"and with Unix Posix accounts. Posix accounts will allow authentication to "
12945
"various applications, such as web applications, email Mail Transfer Agent "
12946
"(MTA) applications, etc."
12947
msgstr ""
12948
12949
#: serverguide/C/network-auth.xml:95(para)
12950
msgid ""
12951
"For external applications to authenticate using LDAP they will each need to "
12952
"be specifically configured to do so. Refer to the individual application "
12953
"documentation for details."
12954
msgstr ""
12955
12956
#: serverguide/C/network-auth.xml:103(para)
12957
msgid ""
12958
"Remember to change <emphasis>dc=example,dc=com</emphasis> in the following "
12959
"examples to match your LDAP configuration."
12960
msgstr ""
12961
12962
#: serverguide/C/network-auth.xml:108(para)
12963
msgid ""
12964
"First, some additional schema files need to be loaded. In a terminal enter:"
12965
msgstr ""
12966
12967
#: serverguide/C/network-auth.xml:113(command) serverguide/C/network-auth.xml:702(command)
12968
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif"
12969
msgstr ""
12970
12971
#: serverguide/C/network-auth.xml:114(command) serverguide/C/network-auth.xml:703(command)
12972
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif"
12973
msgstr ""
12974
12975
#: serverguide/C/network-auth.xml:115(command) serverguide/C/network-auth.xml:704(command)
12976
msgid ""
12977
"sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif"
12978
msgstr ""
12979
12980
#: serverguide/C/network-auth.xml:118(para)
12981
msgid ""
12982
"Next, copy the following example LDIF file, naming it "
12983
"<filename>backend.example.com.ldif</filename>, somewhere on your system:"
12984
msgstr ""
12985
12986
#: serverguide/C/network-auth.xml:123(programlisting)
12987
#, no-wrap
12988
msgid ""
12989
"\n"
12990
"# Load dynamic backend modules\n"
12991
"dn: cn=module,cn=config\n"
12992
"objectClass: olcModuleList\n"
12993
"cn: module\n"
12994
"olcModulepath: /usr/lib/ldap\n"
12995
"olcModuleload: back_hdb\n"
12996
"\n"
12997
"# Database settings\n"
12998
"dn: olcDatabase=hdb,cn=config\n"
12999
"objectClass: olcDatabaseConfig\n"
13000
"objectClass: olcHdbConfig\n"
13001
"olcDatabase: {1}hdb\n"
13002
"olcSuffix: dc=example,dc=com\n"
13003
"olcDbDirectory: /var/lib/ldap\n"
13004
"olcRootDN: cn=admin,dc=example,dc=com\n"
13005
"olcRootPW: secret\n"
13006
"olcDbConfig: set_cachesize 0 2097152 0\n"
13007
"olcDbConfig: set_lk_max_objects 1500\n"
13008
"olcDbConfig: set_lk_max_locks 1500\n"
13009
"olcDbConfig: set_lk_max_lockers 1500\n"
13010
"olcDbIndex: objectClass eq\n"
13011
"olcLastMod: TRUE\n"
13012
"olcDbCheckpoint: 512 30\n"
13013
"olcAccess: to attrs=userPassword by dn=\"cn=admin,dc=example,dc=com\" write "
13014
"by anonymous auth by self write by * none\n"
13015
"olcAccess: to attrs=shadowLastChange by self write by * read\n"
13016
"olcAccess: to dn.base=\"\" by * read\n"
13017
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read\n"
13018
"\n"
13019
msgstr ""
13020
13021
#: serverguide/C/network-auth.xml:155(para)
13022
msgid ""
13023
"Change <emphasis>olcRootPW: secret</emphasis> to a password of your choosing."
13024
msgstr ""
13025
13026
#: serverguide/C/network-auth.xml:160(para)
13027
msgid "Now add the LDIF to the directory:"
13028
msgstr ""
13029
13030
#: serverguide/C/network-auth.xml:165(command) serverguide/C/network-auth.xml:746(command)
13031
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f backend.example.com.ldif"
13032
msgstr ""
13033
13034
#: serverguide/C/network-auth.xml:168(para)
13035
msgid ""
13036
"The frontend directory is now ready to be populated. Create a "
13037
"<filename>frontend.example.com.ldif</filename> with the following contents:"
13038
msgstr ""
13039
13040
#: serverguide/C/network-auth.xml:173(programlisting)
13041
#, no-wrap
13042
msgid ""
13043
"\n"
13044
"# Create top-level object in domain\n"
13045
"dn: dc=example,dc=com\n"
13046
"objectClass: top\n"
13047
"objectClass: dcObject\n"
13048
"objectclass: organization\n"
13049
"o: Example Organization\n"
13050
"dc: Example\n"
13051
"description: LDAP Example \n"
13052
"\n"
13053
"# Admin user.\n"
13054
"dn: cn=admin,dc=example,dc=com\n"
13055
"objectClass: simpleSecurityObject\n"
13056
"objectClass: organizationalRole\n"
13057
"cn: admin\n"
13058
"description: LDAP administrator\n"
13059
"userPassword: secret\n"
13060
"\n"
13061
"dn: ou=people,dc=example,dc=com\n"
13062
"objectClass: organizationalUnit\n"
13063
"ou: people\n"
13064
"\n"
13065
"dn: ou=groups,dc=example,dc=com\n"
13066
"objectClass: organizationalUnit\n"
13067
"ou: groups\n"
13068
"\n"
13069
"dn: uid=john,ou=people,dc=example,dc=com\n"
13070
"objectClass: inetOrgPerson\n"
13071
"objectClass: posixAccount\n"
13072
"objectClass: shadowAccount\n"
13073
"uid: john\n"
13074
"sn: Doe\n"
13075
"givenName: John\n"
13076
"cn: John Doe\n"
13077
"displayName: John Doe\n"
13078
"uidNumber: 1000\n"
13079
"gidNumber: 10000\n"
13080
"userPassword: password\n"
13081
"gecos: John Doe\n"
13082
"loginShell: /bin/bash\n"
13083
"homeDirectory: /home/john\n"
13084
"shadowExpire: -1\n"
13085
"shadowFlag: 0\n"
13086
"shadowWarning: 7\n"
13087
"shadowMin: 8\n"
13088
"shadowMax: 999999\n"
13089
"shadowLastChange: 10877\n"
13090
"mail: john.doe@example.com\n"
13091
"postalCode: 31000\n"
13092
"l: Toulouse\n"
13093
"o: Example\n"
13094
"mobile: +33 (0)6 xx xx xx xx\n"
13095
"homePhone: +33 (0)5 xx xx xx xx\n"
13096
"title: System Administrator\n"
13097
"postalAddress: \n"
13098
"initials: JD\n"
13099
"\n"
13100
"dn: cn=example,ou=groups,dc=example,dc=com\n"
13101
"objectClass: posixGroup\n"
13102
"cn: example\n"
13103
"gidNumber: 10000\n"
13104
msgstr ""
13105
13106
#: serverguide/C/network-auth.xml:236(para)
13107
msgid ""
13108
"In this example the directory structure, a user, and a group have been "
13109
"setup. In other examples you might see the <emphasis>objectClass: "
13110
"top</emphasis> added in every entry, but that is the default behaviour so "
13111
"you do not have to add it explicitly."
13112
msgstr ""
13113
13114
#: serverguide/C/network-auth.xml:243(para)
13115
msgid "Add the entries to the LDAP directory:"
13116
msgstr ""
13117
13118
#: serverguide/C/network-auth.xml:249(command) serverguide/C/network-auth.xml:757(command)
13119
msgid ""
13120
"sudo ldapadd -x -D cn=admin,dc=example,dc=com -W -f frontend.example.com.ldif"
13121
msgstr ""
13122
13123
#: serverguide/C/network-auth.xml:252(para)
13124
msgid ""
13125
"We can check that the content has been correctly added with the "
13126
"<application>ldapsearch</application> utility. Execute a search of the LDAP "
13127
"directory:"
13128
msgstr ""
13129
13130
#: serverguide/C/network-auth.xml:258(command)
13131
msgid "ldapsearch -xLLL -b \"dc=example,dc=com\" uid=john sn givenName cn"
13132
msgstr ""
13133
13134
#: serverguide/C/network-auth.xml:259(computeroutput)
13135
#, no-wrap
13136
msgid ""
13137
"\n"
13138
"dn: uid=john,ou=people,dc=example,dc=com\n"
13139
"cn: John Doe\n"
13140
"sn: Doe\n"
13141
"givenName: John\n"
13142
msgstr ""
13143
13144
#: serverguide/C/network-auth.xml:267(para)
13145
msgid "Just a quick explanation:"
13146
msgstr ""
13147
13148
#: serverguide/C/network-auth.xml:273(para)
13149
msgid ""
13150
"<emphasis>-x:</emphasis> will not use SASL authentication method, which is "
13151
"the default."
13152
msgstr ""
13153
13154
#: serverguide/C/network-auth.xml:279(para)
13155
msgid "<emphasis>-LLL:</emphasis> disable printing LDIF schema information."
13156
msgstr ""
13157
13158
#: serverguide/C/network-auth.xml:287(title)
13159
msgid "Further Configuration"
13160
msgstr ""
13161
13162
#: serverguide/C/network-auth.xml:290(para)
13163
msgid ""
13164
"The <emphasis>cn=config</emphasis> tree can be manipulated using the "
13165
"utilities in the <application>ldap-utils</application> package. For example:"
13166
msgstr ""
13167
13168
#: serverguide/C/network-auth.xml:298(para)
13169
msgid ""
13170
"Use <application>ldapsearch</application> to view the tree, entering the "
13171
"admin password set during installation or reconfiguration:"
13172
msgstr ""
13173
13174
#: serverguide/C/network-auth.xml:304(command)
13175
msgid "sudo ldapsearch -LLL -Y EXTERNAL -H ldapi:/// -b cn=config dn"
13176
msgstr ""
13177
13178
#: serverguide/C/network-auth.xml:308(computeroutput)
13179
#, no-wrap
13180
msgid ""
13181
"\n"
13182
"SASL/EXTERNAL authentication started\n"
13183
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
13184
"SASL SSF: 0\n"
13185
"dn: cn=config\n"
13186
"\n"
13187
"dn: cn=module{0},cn=config\n"
13188
"\n"
13189
"dn: cn=schema,cn=config\n"
13190
"\n"
13191
"dn: cn={0}core,cn=schema,cn=config\n"
13192
"\n"
13193
"dn: cn={1}cosine,cn=schema,cn=config\n"
13194
"\n"
13195
"dn: cn={2}nis,cn=schema,cn=config\n"
13196
"\n"
13197
"dn: cn={3}inetorgperson,cn=schema,cn=config\n"
13198
"\n"
13199
"dn: olcDatabase={-1}frontend,cn=config\n"
13200
"\n"
13201
"dn: olcDatabase={0}config,cn=config\n"
13202
"\n"
13203
"dn: olcDatabase={1}hdb,cn=config\n"
13204
msgstr ""
13205
13206
#: serverguide/C/network-auth.xml:334(para)
13207
msgid ""
13208
"The output above is the current configuration options for the "
13209
"<emphasis>cn=config</emphasis> backend database. Your output may be vary."
13210
msgstr ""
13211
13212
#: serverguide/C/network-auth.xml:342(para)
13213
msgid ""
13214
"As an example of modifying the <emphasis>cn=config</emphasis> tree, add "
13215
"another attribute to the index list using "
13216
"<application>ldapmodify</application>:"
13217
msgstr ""
13218
13219
#: serverguide/C/network-auth.xml:348(command) serverguide/C/network-auth.xml:993(command) serverguide/C/network-auth.xml:1164(command) serverguide/C/network-auth.xml:1200(command)
13220
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:///"
13221
msgstr ""
13222
13223
#: serverguide/C/network-auth.xml:356(userinput)
13224
#, no-wrap
13225
msgid ""
13226
"dn: olcDatabase={1}hdb,cn=config\n"
13227
"add: olcDbIndex\n"
13228
"olcDbIndex: uidNumber eq"
13229
msgstr ""
13230
13231
#: serverguide/C/network-auth.xml:352(computeroutput)
13232
#, no-wrap
13233
msgid ""
13234
"\n"
13235
"SASL/EXTERNAL authentication started\n"
13236
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
13237
"SASL SSF: 0\n"
13238
"<placeholder-1/>\n"
13239
"\n"
13240
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
13241
msgstr ""
13242
13243
#: serverguide/C/network-auth.xml:364(para)
13244
msgid ""
13245
"Once the modification has completed, press <emphasis>Ctrl+D</emphasis> to "
13246
"exit the utility."
13247
msgstr ""
13248
13249
#: serverguide/C/network-auth.xml:371(para)
13250
msgid ""
13251
"<application>ldapmodify</application> can also read the changes from a file. "
13252
"Copy and paste the following into a file named "
13253
"<filename>uid_index.ldif</filename>:"
13254
msgstr ""
13255
13256
#: serverguide/C/network-auth.xml:376(programlisting)
13257
#, no-wrap
13258
msgid ""
13259
"\n"
13260
"dn: olcDatabase={1}hdb,cn=config\n"
13261
"add: olcDbIndex\n"
13262
"olcDbIndex: uid eq,pres,sub\n"
13263
msgstr ""
13264
13265
#: serverguide/C/network-auth.xml:382(para)
13266
msgid "Then execute <application>ldapmodify</application>:"
13267
msgstr ""
13268
13269
#: serverguide/C/network-auth.xml:387(command)
13270
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f uid_index.ldif"
13271
msgstr ""
13272
13273
#: serverguide/C/network-auth.xml:391(computeroutput)
13274
#, no-wrap
13275
msgid ""
13276
"\n"
13277
"SASL/EXTERNAL authentication started\n"
13278
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
13279
"SASL SSF: 0\n"
13280
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
13281
msgstr ""
13282
13283
#: serverguide/C/network-auth.xml:399(para)
13284
msgid "The file method is very useful for large changes."
13285
msgstr ""
13286
13287
#: serverguide/C/network-auth.xml:406(para)
13288
msgid ""
13289
"Adding additional <emphasis>schemas</emphasis> to "
13290
"<application>slapd</application> requires the schema to be converted to LDIF "
13291
"format. The <filename role=\"directory\">/etc/ldap/schema</filename> "
13292
"directory contains some schema files already converted to LDIF format as "
13293
"demonstrated in the previous section. Fortunately, the "
13294
"<application>slapd</application> program can be used to automate the "
13295
"conversion. The following example will add the "
13296
"<emphasis>dyngroup.schema</emphasis>:"
13297
msgstr ""
13298
13299
#: serverguide/C/network-auth.xml:416(para)
13300
msgid ""
13301
"First, create a conversion <filename>schema_convert.conf</filename> file "
13302
"containing the following lines:"
13303
msgstr ""
13304
13305
#: serverguide/C/network-auth.xml:421(programlisting)
13306
#, no-wrap
13307
msgid ""
13308
"\n"
13309
"include /etc/ldap/schema/core.schema\n"
13310
"include /etc/ldap/schema/collective.schema\n"
13311
"include /etc/ldap/schema/corba.schema\n"
13312
"include /etc/ldap/schema/cosine.schema\n"
13313
"include /etc/ldap/schema/duaconf.schema\n"
13314
"include /etc/ldap/schema/dyngroup.schema\n"
13315
"include /etc/ldap/schema/inetorgperson.schema\n"
13316
"include /etc/ldap/schema/java.schema\n"
13317
"include /etc/ldap/schema/misc.schema\n"
13318
"include /etc/ldap/schema/nis.schema\n"
13319
"include /etc/ldap/schema/openldap.schema\n"
13320
"include /etc/ldap/schema/ppolicy.schema\n"
13321
msgstr ""
13322
13323
#: serverguide/C/network-auth.xml:439(para) serverguide/C/network-auth.xml:1664(para)
13324
msgid "Next, create a temporary directory to hold the output:"
13325
msgstr ""
13326
13327
#: serverguide/C/network-auth.xml:444(command) serverguide/C/network-auth.xml:1669(command) serverguide/C/network-auth.xml:2705(command)
13328
msgid "mkdir /tmp/ldif_output"
13329
msgstr ""
13330
13331
#: serverguide/C/network-auth.xml:450(para)
13332
msgid ""
13333
"Now using <application>slapcat</application> convert the schema files to "
13334
"LDIF:"
13335
msgstr ""
13336
13337
#: serverguide/C/network-auth.xml:455(command)
13338
msgid ""
13339
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
13340
"\"cn={5}dyngroup,cn=schema,cn=config\" > /tmp/cn=dyngroup.ldif"
13341
msgstr ""
13342
13343
#: serverguide/C/network-auth.xml:458(para)
13344
msgid ""
13345
"Adjust the configuration file name and temporary directory names if yours "
13346
"are different. Also, it may be worthwhile to keep the "
13347
"<filename>ldif_output</filename> directory around in case you want to add "
13348
"additional schemas in the future."
13349
msgstr ""
13350
13351
#: serverguide/C/network-auth.xml:467(para)
13352
msgid ""
13353
"Edit the <filename>/tmp/cn\\=dyngroup.ldif</filename> file, changing the "
13354
"following attributes:"
13355
msgstr ""
13356
13357
#: serverguide/C/network-auth.xml:471(programlisting)
13358
#, no-wrap
13359
msgid ""
13360
"\n"
13361
"dn: cn=dyngroup,cn=schema,cn=config\n"
13362
"...\n"
13363
"cn: dyngroup\n"
13364
msgstr ""
13365
13366
#: serverguide/C/network-auth.xml:477(para) serverguide/C/network-auth.xml:1700(para)
13367
msgid "And remove the following lines from the bottom of the file:"
13368
msgstr ""
13369
13370
#: serverguide/C/network-auth.xml:481(programlisting)
13371
#, no-wrap
13372
msgid ""
13373
"\n"
13374
"structuralObjectClass: olcSchemaConfig\n"
13375
"entryUUID: 10dae0ea-0760-102d-80d3-f9366b7f7757\n"
13376
"creatorsName: cn=config\n"
13377
"createTimestamp: 20080826021140Z\n"
13378
"entryCSN: 20080826021140.791425Z#000000#000#000000\n"
13379
"modifiersName: cn=config\n"
13380
"modifyTimestamp: 20080826021140Z\n"
13381
msgstr ""
13382
13383
#: serverguide/C/network-auth.xml:492(para) serverguide/C/network-auth.xml:1715(para) serverguide/C/network-auth.xml:2751(para)
13384
msgid ""
13385
"The attribute values will vary, just be sure the attributes are removed."
13386
msgstr ""
13387
13388
#: serverguide/C/network-auth.xml:500(para) serverguide/C/network-auth.xml:1723(para)
13389
msgid ""
13390
"Finally, using the <application>ldapadd</application> utility, add the new "
13391
"schema to the directory:"
13392
msgstr ""
13393
13394
#: serverguide/C/network-auth.xml:506(command)
13395
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/cn\\=dyngroup.ldif"
13396
msgstr ""
13397
13398
#: serverguide/C/network-auth.xml:512(para)
13399
msgid ""
13400
"There should now be a <emphasis>dn: "
13401
"cn={4}dyngroup,cn=schema,cn=config</emphasis> entry in the cn=config tree."
13402
msgstr ""
13403
13404
#: serverguide/C/network-auth.xml:522(title)
13405
msgid "LDAP Replication"
13406
msgstr ""
13407
13408
#: serverguide/C/network-auth.xml:524(para)
13409
msgid ""
13410
"LDAP often quickly becomes a highly critical service to the network. "
13411
"Multiple systems will come to depend on LDAP for authentication, "
13412
"authorization, configuration, etc. It is a good idea to setup a redundant "
13413
"system through replication."
13414
msgstr ""
13415
13416
#: serverguide/C/network-auth.xml:530(para)
13417
msgid ""
13418
"Replication is achieved using the <emphasis>Syncrepl</emphasis> engine. "
13419
"Syncrepl allows the changes to be synced using a "
13420
"<emphasis>consumer</emphasis>, <emphasis>provider</emphasis> model. A "
13421
"provider sends directory changes to consumers."
13422
msgstr ""
13423
13424
#: serverguide/C/network-auth.xml:537(title)
13425
msgid "Provider Configuration"
13426
msgstr ""
13427
13428
#: serverguide/C/network-auth.xml:539(para)
13429
msgid ""
13430
"The following is an example of a <emphasis>Single-Master</emphasis> "
13431
"configuration. In this configuration one OpenLDAP server is configured as a "
13432
"<emphasis>provider</emphasis> and another as a <emphasis>consumer</emphasis>."
13433
msgstr ""
13434
13435
#: serverguide/C/network-auth.xml:547(para)
13436
msgid ""
13437
"First, configure the provider server. Copy the following to a file named "
13438
"<filename>provider_sync.ldif</filename>:"
13439
msgstr ""
13440
13441
#: serverguide/C/network-auth.xml:552(programlisting)
13442
#, no-wrap
13443
msgid ""
13444
"\n"
13445
"# Add indexes to the frontend db.\n"
13446
"dn: olcDatabase={1}hdb,cn=config\n"
13447
"changetype: modify\n"
13448
"add: olcDbIndex\n"
13449
"olcDbIndex: entryCSN eq\n"
13450
"-\n"
13451
"add: olcDbIndex\n"
13452
"olcDbIndex: entryUUID eq\n"
13453
"\n"
13454
"#Load the syncprov and accesslog modules.\n"
13455
"dn: cn=module{0},cn=config\n"
13456
"changetype: modify\n"
13457
"add: olcModuleLoad\n"
13458
"olcModuleLoad: syncprov\n"
13459
"-\n"
13460
"add: olcModuleLoad\n"
13461
"olcModuleLoad: accesslog\n"
13462
"\n"
13463
"# Accesslog database definitions\n"
13464
"dn: olcDatabase={2}hdb,cn=config\n"
13465
"objectClass: olcDatabaseConfig\n"
13466
"objectClass: olcHdbConfig\n"
13467
"olcDatabase: {2}hdb\n"
13468
"olcDbDirectory: /var/lib/ldap/accesslog\n"
13469
"olcSuffix: cn=accesslog\n"
13470
"olcRootDN: cn=admin,dc=example,dc=com\n"
13471
"olcDbIndex: default eq\n"
13472
"olcDbIndex: entryCSN,objectClass,reqEnd,reqResult,reqStart\n"
13473
"\n"
13474
"# Accesslog db syncprov.\n"
13475
"dn: olcOverlay=syncprov,olcDatabase={2}hdb,cn=config\n"
13476
"changetype: add\n"
13477
"objectClass: olcOverlayConfig\n"
13478
"objectClass: olcSyncProvConfig\n"
13479
"olcOverlay: syncprov\n"
13480
"olcSpNoPresent: TRUE\n"
13481
"olcSpReloadHint: TRUE\n"
13482
"\n"
13483
"# syncrepl Provider for primary db\n"
13484
"dn: olcOverlay=syncprov,olcDatabase={1}hdb,cn=config\n"
13485
"changetype: add\n"
13486
"objectClass: olcOverlayConfig\n"
13487
"objectClass: olcSyncProvConfig\n"
13488
"olcOverlay: syncprov\n"
13489
"olcSpNoPresent: TRUE\n"
13490
"\n"
13491
"# accesslog overlay definitions for primary db\n"
13492
"dn: olcOverlay=accesslog,olcDatabase={1}hdb,cn=config\n"
13493
"objectClass: olcOverlayConfig\n"
13494
"objectClass: olcAccessLogConfig\n"
13495
"olcOverlay: accesslog\n"
13496
"olcAccessLogDB: cn=accesslog\n"
13497
"olcAccessLogOps: writes\n"
13498
"olcAccessLogSuccess: TRUE\n"
13499
"# scan the accesslog DB every day, and purge entries older than 7 days\n"
13500
"olcAccessLogPurge: 07+00:00 01+00:00\n"
13501
msgstr ""
13502
13503
#: serverguide/C/network-auth.xml:614(para)
13504
msgid ""
13505
"The <application>AppArmor</application> profile for "
13506
"<application>slapd</application> will need to be adjusted for the accesslog "
13507
"database location. Edit <filename>/etc/apparmor.d/usr.sbin.slapd</filename> "
13508
"adding:"
13509
msgstr ""
13510
13511
#: serverguide/C/network-auth.xml:619(programlisting)
13512
#, no-wrap
13513
msgid ""
13514
"\n"
13515
" /var/lib/ldap/accesslog/ r,\n"
13516
" /var/lib/ldap/accesslog/** rwk,\n"
13517
msgstr ""
13518
13519
#: serverguide/C/network-auth.xml:624(para)
13520
msgid ""
13521
"Then create the directory, reload the <application>apparmor</application> "
13522
"profile, and copy the <filename>DB_CONFIG</filename> file:"
13523
msgstr ""
13524
13525
#: serverguide/C/network-auth.xml:630(command)
13526
msgid "sudo -u openldap mkdir /var/lib/ldap/accesslog"
13527
msgstr ""
13528
13529
#: serverguide/C/network-auth.xml:631(command)
13530
msgid "sudo -u openldap cp /var/lib/ldap/DB_CONFIG /var/lib/ldap/accesslog/"
13531
msgstr ""
13532
13533
#: serverguide/C/network-auth.xml:636(para)
13534
msgid ""
13535
"Using the <emphasis>-u openldap</emphasis> option with the "
13536
"<application>sudo</application> commands above removes the need to adjust "
13537
"permissions for the new directory later."
13538
msgstr ""
13539
13540
#: serverguide/C/network-auth.xml:645(para)
13541
msgid ""
13542
"Edit the file and change the <emphasis>olcRootDN</emphasis> to match your "
13543
"directory:"
13544
msgstr ""
13545
13546
#: serverguide/C/network-auth.xml:649(programlisting)
13547
#, no-wrap
13548
msgid ""
13549
"\n"
13550
"olcRootDN: cn=admin,dc=example,dc=com\n"
13551
msgstr ""
13552
13553
#: serverguide/C/network-auth.xml:657(para)
13554
msgid ""
13555
"Next, add the LDIF file using the <application>ldapadd</application> utility:"
13556
msgstr ""
13557
13558
#: serverguide/C/network-auth.xml:662(command)
13559
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f provider_sync.ldif"
13560
msgstr ""
13561
13562
#: serverguide/C/network-auth.xml:669(para)
13563
msgid "Restart <application>slapd</application>:"
13564
msgstr ""
13565
13566
#: serverguide/C/network-auth.xml:674(command) serverguide/C/network-auth.xml:1049(command) serverguide/C/network-auth.xml:1236(command)
13567
msgid "sudo /etc/init.d/slapd restart"
13568
msgstr ""
13569
13570
#: serverguide/C/network-auth.xml:680(para)
13571
msgid ""
13572
"The <emphasis>Provider</emphasis> server is now configured, and it is time "
13573
"to configure a <emphasis>Consumer</emphasis> server."
13574
msgstr ""
13575
13576
#: serverguide/C/network-auth.xml:687(title)
13577
msgid "Consumer Configuration"
13578
msgstr ""
13579
13580
#: serverguide/C/network-auth.xml:692(para)
13581
msgid ""
13582
"On the <emphasis>Consumer</emphasis> server configure it the same as the "
13583
"<emphasis>Provider</emphasis> except for the <emphasis>Syncrepl</emphasis> "
13584
"configuration steps."
13585
msgstr ""
13586
13587
#: serverguide/C/network-auth.xml:697(para)
13588
msgid "Add the additional schema files:"
13589
msgstr ""
13590
13591
#: serverguide/C/network-auth.xml:707(para)
13592
msgid ""
13593
"Also, create, or copy from the provider server, the "
13594
"<filename>backend.example.com.ldif</filename>"
13595
msgstr ""
13596
13597
#: serverguide/C/network-auth.xml:711(programlisting)
13598
#, no-wrap
13599
msgid ""
13600
"\n"
13601
"# Load dynamic backend modules\n"
13602
"dn: cn=module,cn=config\n"
13603
"objectClass: olcModuleList\n"
13604
"cn: module\n"
13605
"olcModulepath: /usr/lib/ldap\n"
13606
"olcModuleload: back_hdb\n"
13607
"\n"
13608
"# Database settings\n"
13609
"dn: olcDatabase=hdb,cn=config\n"
13610
"objectClass: olcDatabaseConfig\n"
13611
"objectClass: olcHdbConfig\n"
13612
"olcDatabase: {1}hdb\n"
13613
"olcSuffix: dc=example,dc=com\n"
13614
"olcDbDirectory: /var/lib/ldap\n"
13615
"olcRootDN: cn=admin,dc=example,dc=com\n"
13616
"olcRootPW: secret\n"
13617
"olcDbConfig: set_cachesize 0 2097152 0\n"
13618
"olcDbConfig: set_lk_max_objects 1500\n"
13619
"olcDbConfig: set_lk_max_locks 1500\n"
13620
"olcDbConfig: set_lk_max_lockers 1500\n"
13621
"olcDbIndex: objectClass eq\n"
13622
"olcLastMod: TRUE\n"
13623
"olcDbCheckpoint: 512 30\n"
13624
"olcAccess: to attrs=userPassword by dn=\"cn=admin,dc=example,dc=com\" write "
13625
"by anonymous auth by self write by * none\n"
13626
"olcAccess: to attrs=shadowLastChange by self write by * read\n"
13627
"olcAccess: to dn.base=\"\" by * read\n"
13628
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read\n"
13629
msgstr ""
13630
13631
#: serverguide/C/network-auth.xml:741(para)
13632
msgid "And add the LDIF by entering:"
13633
msgstr ""
13634
13635
#: serverguide/C/network-auth.xml:752(para)
13636
msgid ""
13637
"Do the same with the <filename>frontend.example.com.ldif</filename> file "
13638
"listed above, and add it:"
13639
msgstr ""
13640
13641
#: serverguide/C/network-auth.xml:760(para)
13642
msgid ""
13643
"The two severs should now have the same configuration except for the "
13644
"<emphasis>Syncrepl</emphasis> options."
13645
msgstr ""
13646
13647
#: serverguide/C/network-auth.xml:768(para)
13648
msgid ""
13649
"Now create a file named <filename>consumer_sync.ldif</filename> containing:"
13650
msgstr ""
13651
13652
#: serverguide/C/network-auth.xml:772(programlisting)
13653
#, no-wrap
13654
msgid ""
13655
"\n"
13656
"#Load the syncprov module.\n"
13657
"dn: cn=module{0},cn=config\n"
13658
"changetype: modify\n"
13659
"add: olcModuleLoad\n"
13660
"olcModuleLoad: syncprov\n"
13661
"\n"
13662
"# syncrepl specific indices\n"
13663
"dn: olcDatabase={1}hdb,cn=config\n"
13664
"changetype: modify\n"
13665
"add: olcDbIndex\n"
13666
"olcDbIndex: entryUUID eq\n"
13667
"-\n"
13668
"add: olcSyncRepl\n"
13669
"olcSyncRepl: rid=0 provider=ldap://ldap01.example.com bindmethod=simple "
13670
"binddn=\"cn=admin,dc=example,dc=com\" \n"
13671
" credentials=secret searchbase=\"dc=example,dc=com\" "
13672
"logbase=\"cn=accesslog\" \n"
13673
" logfilter=\"(&(objectClass=auditWriteObject)(reqResult=0))\" "
13674
"schemachecking=on \n"
13675
" type=refreshAndPersist retry=\"60 +\" syncdata=accesslog\n"
13676
"-\n"
13677
"add: olcUpdateRef\n"
13678
"olcUpdateRef: ldap://ldap01.example.com\n"
13679
msgstr ""
13680
13681
#: serverguide/C/network-auth.xml:795(para)
13682
msgid "You will probably want to change the following attributes:"
13683
msgstr ""
13684
13685
#: serverguide/C/network-auth.xml:800(para)
13686
msgid "<emphasis>ldap01.example.com</emphasis> to your server's hostname."
13687
msgstr ""
13688
13689
#: serverguide/C/network-auth.xml:801(emphasis)
13690
msgid "binddn"
13691
msgstr ""
13692
13693
#: serverguide/C/network-auth.xml:802(emphasis)
13694
msgid "credentials"
13695
msgstr ""
13696
13697
#: serverguide/C/network-auth.xml:803(emphasis)
13698
msgid "searchbase"
13699
msgstr ""
13700
13701
#: serverguide/C/network-auth.xml:804(emphasis)
13702
msgid "olcUpdateRef:"
13703
msgstr ""
13704
13705
#: serverguide/C/network-auth.xml:810(para)
13706
msgid "Add the LDIF file to the configuration tree:"
13707
msgstr ""
13708
13709
#: serverguide/C/network-auth.xml:815(command)
13710
msgid "sudo ldapadd -c -Y EXTERNAL -H ldapi:/// -f consumer_sync.ldif"
13711
msgstr ""
13712
13713
#: serverguide/C/network-auth.xml:821(para)
13714
msgid ""
13715
"The frontend database should now sync between servers. You can add "
13716
"additional servers using the steps above as the need arises."
13717
msgstr ""
13718
13719
#: serverguide/C/network-auth.xml:831(programlisting)
13720
#, no-wrap
13721
msgid "127.0.0.1\tldap01.example.com ldap01"
13722
msgstr ""
13723
13724
#: serverguide/C/network-auth.xml:827(para)
13725
msgid ""
13726
"The <application>slapd</application> daemon will send log information to "
13727
"<filename>/var/log/syslog</filename> by default. So if all does "
13728
"<emphasis>not</emphasis> go well check there for errors and other "
13729
"troubleshooting information. Also, be sure that each server knows it's Fully "
13730
"Qualified Domain Name (FQDN). This is configured in "
13731
"<filename>/etc/hosts</filename> with a line similar to: <placeholder-1/>."
13732
msgstr ""
13733
13734
#: serverguide/C/network-auth.xml:839(title)
13735
msgid "Setting up ACL"
13736
msgstr ""
13737
13738
#: serverguide/C/network-auth.xml:841(para)
13739
msgid ""
13740
"Authentication requires access to the password field, that should be not "
13741
"accessible by default. Also, in order for users to change their own "
13742
"password, using <command>passwd</command> or other utilities, "
13743
"<emphasis>shadowLastChange</emphasis> needs to be accessible once a user has "
13744
"authenticated."
13745
msgstr ""
13746
13747
#: serverguide/C/network-auth.xml:848(para)
13748
msgid ""
13749
"To view the Access Control List (ACL) for the <emphasis>cn=config</emphasis> "
13750
"tree, use the <application>ldapsearch</application> utility:"
13751
msgstr ""
13752
13753
#: serverguide/C/network-auth.xml:854(command)
13754
msgid ""
13755
"sudo ldapsearch -c -Y EXTERNAL -H ldapi:/// -LLL -b cn=config "
13756
"olcDatabase=config olcAccess"
13757
msgstr ""
13758
13759
#: serverguide/C/network-auth.xml:858(computeroutput)
13760
#, no-wrap
13761
msgid ""
13762
"SASL/EXTERNAL authentication started\n"
13763
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
13764
"SASL SSF: 0\n"
13765
"dn: olcDatabase={0}config,cn=config\n"
13766
"olcAccess: {0}to * by "
13767
"dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external\n"
13768
" ,cn=auth manage by * break\n"
13769
msgstr ""
13770
13771
#: serverguide/C/network-auth.xml:867(para)
13772
msgid "To see the ACL for the frontend tree enter:"
13773
msgstr ""
13774
13775
#: serverguide/C/network-auth.xml:872(command)
13776
msgid ""
13777
"sudo ldapsearch -c -Y EXTERNAL -H ldapi:/// -LLL -b cn=config "
13778
"olcDatabase={1}hdb olcAccess"
13779
msgstr ""
13780
13781
#: serverguide/C/network-auth.xml:878(title)
13782
msgid "TLS and SSL"
13783
msgstr ""
13784
13785
#: serverguide/C/network-auth.xml:880(para)
13786
msgid ""
13787
"When authenticating to an OpenLDAP server it is best to do so using an "
13788
"encrypted session. This can be accomplished using Transport Layer Security "
13789
"(TLS) and/or Secure Sockets Layer (SSL)."
13790
msgstr ""
13791
13792
#: serverguide/C/network-auth.xml:885(para)
13793
msgid ""
13794
"The first step in the process is to obtain or create a "
13795
"<emphasis>certificate</emphasis>. Because <application>slapd</application> "
13796
"is compiled using the <application>gnutls</application> library, the "
13797
"<application>certtool</application> utility will be used to create "
13798
"certificates."
13799
msgstr ""
13800
13801
#: serverguide/C/network-auth.xml:894(para)
13802
msgid ""
13803
"First, install <application>gnutls-bin</application> by entering the "
13804
"following in a terminal:"
13805
msgstr ""
13806
13807
#: serverguide/C/network-auth.xml:899(command)
13808
msgid "sudo apt-get install gnutls-bin"
13809
msgstr ""
13810
13811
#: serverguide/C/network-auth.xml:905(para)
13812
msgid ""
13813
"Next, create a private key for the <emphasis>Certificate "
13814
"Authority</emphasis> (CA):"
13815
msgstr ""
13816
13817
#: serverguide/C/network-auth.xml:910(command)
13818
msgid ""
13819
"sudo sh -c \"certtool --generate-privkey > /etc/ssl/private/cakey.pem\""
13820
msgstr ""
13821
13822
#: serverguide/C/network-auth.xml:916(para)
13823
msgid ""
13824
"Create a <filename>/etc/ssl/ca.info</filename> details file to self-sign the "
13825
"CA certificate containing:"
13826
msgstr ""
13827
13828
#: serverguide/C/network-auth.xml:920(programlisting)
13829
#, no-wrap
13830
msgid ""
13831
"\n"
13832
"cn = Example Company\n"
13833
"ca\n"
13834
"cert_signing_key\n"
13835
msgstr ""
13836
13837
#: serverguide/C/network-auth.xml:929(para)
13838
msgid "Now create the self-signed CA certificate:"
13839
msgstr ""
13840
13841
#: serverguide/C/network-auth.xml:934(command)
13842
msgid ""
13843
"sudo certtool --generate-self-signed --load-privkey "
13844
"/etc/ssl/private/cakey.pem \\ --template /etc/ssl/ca.info --outfile "
13845
"/etc/ssl/certs/cacert.pem"
13846
msgstr ""
13847
13848
#: serverguide/C/network-auth.xml:941(para)
13849
msgid "Make a private key for the server:"
13850
msgstr ""
13851
13852
#: serverguide/C/network-auth.xml:946(command)
13853
msgid ""
13854
"sudo sh -c \"certtool --generate-privkey > "
13855
"/etc/ssl/private/ldap01_slapd_key.pem\""
13856
msgstr ""
13857
13858
#: serverguide/C/network-auth.xml:950(para)
13859
msgid ""
13860
"Replace <emphasis>ldap01</emphasis> in the filename with your server's "
13861
"hostname. Naming the certificate and key for the host and service that will "
13862
"be using them will help keep filenames and paths straight."
13863
msgstr ""
13864
13865
#: serverguide/C/network-auth.xml:959(para)
13866
msgid ""
13867
"To sign the server's certificate with the CA, create the "
13868
"<filename>/etc/ssl/ldap01.info</filename> info file containing:"
13869
msgstr ""
13870
13871
#: serverguide/C/network-auth.xml:963(programlisting)
13872
#, no-wrap
13873
msgid ""
13874
"\n"
13875
"organization = Example Company\n"
13876
"cn = ldap01.example.com\n"
13877
"tls_www_server\n"
13878
"encryption_key\n"
13879
"signing_key\n"
13880
msgstr ""
13881
13882
#: serverguide/C/network-auth.xml:974(para)
13883
msgid "Create the server's certificate:"
13884
msgstr ""
13885
13886
#: serverguide/C/network-auth.xml:979(command)
13887
msgid ""
13888
"sudo certtool --generate-certificate --load-privkey /etc/ssl/private/x01-"
13889
"test_slapd_key.pem \\ --load-ca-certificate /etc/ssl/certs/cacert.pem --load-"
13890
"ca-privkey /etc/ssl/private/cakey.pem \\ --template /etc/ssl/x01-test.info --"
13891
"outfile /etc/ssl/certs/x01-test_slapd_cert.pem"
13892
msgstr ""
13893
13894
#: serverguide/C/network-auth.xml:987(para)
13895
msgid ""
13896
"Once you have a certificate, key, and CA cert installed, use "
13897
"<application>ldapmodify</application> to add the new configuration options:"
13898
msgstr ""
13899
13900
#: serverguide/C/network-auth.xml:998(userinput)
13901
#, no-wrap
13902
msgid ""
13903
"dn: cn=config\n"
13904
"add: olcTLSCACertificateFile\n"
13905
"olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem\n"
13906
"-\n"
13907
"add: olcTLSCertificateFile\n"
13908
"olcTLSCertificateFile: /etc/ssl/certs/ldap01_slapd_cert.pem\n"
13909
"-\n"
13910
"add: olcTLSCertificateKeyFile\n"
13911
"olcTLSCertificateKeyFile: /etc/ssl/private/ldap01_slapd_key.pem"
13912
msgstr ""
13913
13914
#: serverguide/C/network-auth.xml:997(computeroutput) serverguide/C/network-auth.xml:1168(computeroutput)
13915
#, no-wrap
13916
msgid ""
13917
"Enter LDAP Password:\n"
13918
"<placeholder-1/>\n"
13919
"\n"
13920
"modifying entry \"cn=config\"\n"
13921
msgstr ""
13922
13923
#: serverguide/C/network-auth.xml:1013(para)
13924
msgid ""
13925
"Adjust the <filename>ldap01_slapd_cert.pem</filename>, "
13926
"<filename>ldap01_slapd_key.pem</filename>, and "
13927
"<filename>cacert.pem</filename> names if yours are different."
13928
msgstr ""
13929
13930
#: serverguide/C/network-auth.xml:1019(para)
13931
msgid ""
13932
"Next, edit <filename>/etc/default/slapd</filename> uncomment the "
13933
"<emphasis>SLAPD_SERVICES</emphasis> option:"
13934
msgstr ""
13935
13936
#: serverguide/C/network-auth.xml:1023(programlisting)
13937
#, no-wrap
13938
msgid ""
13939
"\n"
13940
"SLAPD_SERVICES=\"ldap:/// ldapi:/// ldaps:///\"\n"
13941
msgstr ""
13942
13943
#: serverguide/C/network-auth.xml:1027(para)
13944
msgid ""
13945
"Now the <emphasis>openldap</emphasis> user needs access to the certificate:"
13946
msgstr ""
13947
13948
#: serverguide/C/network-auth.xml:1032(command)
13949
msgid "sudo adduser openldap ssl-cert"
13950
msgstr ""
13951
13952
#: serverguide/C/network-auth.xml:1033(command)
13953
msgid "sudo chgrp ssl-cert /etc/ssl/private/ldap01_slapd_key.pem"
13954
msgstr ""
13955
13956
#: serverguide/C/network-auth.xml:1034(command)
13957
msgid "sudo chmod g+r /etc/ssl/private/ldap01_slapd_key.pem"
13958
msgstr ""
13959
13960
#: serverguide/C/network-auth.xml:1038(para)
13961
msgid ""
13962
"If the <filename role=\"directory\">/etc/ssl/private</filename> and "
13963
"<filename>/etc/ssl/private/server.key</filename> have different permissions, "
13964
"adjust the commands appropriately."
13965
msgstr ""
13966
13967
#: serverguide/C/network-auth.xml:1044(para)
13968
msgid "Finally, restart <application>slapd</application>:"
13969
msgstr ""
13970
13971
#: serverguide/C/network-auth.xml:1052(para)
13972
msgid ""
13973
"The <application>slapd</application> daemon should now be listening for "
13974
"LDAPS connections and be able to use STARTTLS during authentication."
13975
msgstr ""
13976
13977
#: serverguide/C/network-auth.xml:1058(para)
13978
msgid ""
13979
"If you run into troubles with the server not starting, check the "
13980
"/var/log/syslog. If you see errors like main: TLS init def ctx failed: -1, "
13981
"it is likely there is a configuration problem. Check that the certificate is "
13982
"signed by the authority from in the files configured, and that the ssl-cert "
13983
"group has read permissions on the private key."
13984
msgstr ""
13985
13986
#: serverguide/C/network-auth.xml:1070(title)
13987
msgid "TLS Replication"
13988
msgstr ""
13989
13990
#: serverguide/C/network-auth.xml:1072(para)
13991
msgid ""
13992
"If you have setup <application>Syncrepl</application> between servers, it is "
13993
"prudent to encrypt the replication traffic using <emphasis>Transport Layer "
13994
"Security (TLS)</emphasis>. For details on setting up replication see <xref "
13995
"linkend=\"openldap-server-replication\"/>."
13996
msgstr ""
13997
13998
#: serverguide/C/network-auth.xml:1078(para)
13999
msgid ""
14000
"Assuming you have followed the above instructions and created a CA "
14001
"certificate and server certificate on the <emphasis>Provider</emphasis> "
14002
"server. Follow the following instructions to create a certificate and key "
14003
"for the <emphasis>Consumer</emphasis> server."
14004
msgstr ""
14005
14006
#: serverguide/C/network-auth.xml:1087(para)
14007
msgid "Create a new key for the Consumer server:"
14008
msgstr ""
14009
14010
#: serverguide/C/network-auth.xml:1092(command)
14011
msgid "mkdir ldap02-ssl"
14012
msgstr ""
14013
14014
#: serverguide/C/network-auth.xml:1093(command)
14015
msgid "cd ldap02-ssl"
14016
msgstr ""
14017
14018
#: serverguide/C/network-auth.xml:1094(command)
14019
msgid "certtool --generate-privkey > ldap02_slapd_key.pem"
14020
msgstr ""
14021
14022
#: serverguide/C/network-auth.xml:1098(para)
14023
msgid ""
14024
"Creating a new directory is not strictly necessary, but it will help keep "
14025
"things organized and make it easier to copy the files to the Consumer server."
14026
msgstr ""
14027
14028
#: serverguide/C/network-auth.xml:1107(para)
14029
msgid ""
14030
"Next, create an info file, <filename>ldap02.info</filename> for the Consumer "
14031
"server, changing the attributes to match your locality and server:"
14032
msgstr ""
14033
14034
#: serverguide/C/network-auth.xml:1112(programlisting)
14035
#, no-wrap
14036
msgid ""
14037
"\n"
14038
"country = US\n"
14039
"state = North Carolina\n"
14040
"locality = Winston-Salem\n"
14041
"organization = Example Company\n"
14042
"cn = ldap02.salem.edu\n"
14043
"tls_www_client\n"
14044
"encryption_key\n"
14045
"signing_key\n"
14046
msgstr ""
14047
14048
#: serverguide/C/network-auth.xml:1126(para)
14049
msgid "Create the certificate:"
14050
msgstr ""
14051
14052
#: serverguide/C/network-auth.xml:1131(command)
14053
msgid ""
14054
"sudo certtool --generate-certificate --load-privkey ldap02_slapd_key.pem \\ -"
14055
"-load-ca-certificate /etc/ssl/certs/cacert.pem --load-ca-privkey "
14056
"/etc/ssl/private/cakey.pem \\ --template ldap02.info --outfile "
14057
"ldap02_slapd_cert.pem"
14058
msgstr ""
14059
14060
#: serverguide/C/network-auth.xml:1139(para)
14061
msgid "Copy the <filename>cacert.pem</filename> to the directory:"
14062
msgstr ""
14063
14064
#: serverguide/C/network-auth.xml:1144(command)
14065
msgid "cp /etc/ssl/certs/cacert.pem ."
14066
msgstr ""
14067
14068
#: serverguide/C/network-auth.xml:1150(para)
14069
msgid ""
14070
"The only thing left is to copy the <filename>ldap02-ssl</filename> directory "
14071
"to the Consumer server, then copy <filename>ldap02_slapd_cert.pem</filename> "
14072
"and <filename>cacert.pem</filename> to <filename>/etc/ssl/certs</filename>, "
14073
"and copy <filename>ldap02_slapd_key.pem</filename> to "
14074
"<filename>/etc/ssl/private</filename>."
14075
msgstr ""
14076
14077
#: serverguide/C/network-auth.xml:1159(para)
14078
msgid ""
14079
"Once the files are in place adjust the <emphasis>cn=config</emphasis> tree "
14080
"by entering:"
14081
msgstr ""
14082
14083
#: serverguide/C/network-auth.xml:1169(userinput)
14084
#, no-wrap
14085
msgid ""
14086
"dn: cn=config\n"
14087
"add: olcTLSCACertificateFile\n"
14088
"olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem\n"
14089
"-\n"
14090
"add: olcTLSCertificateFile\n"
14091
"olcTLSCertificateFile: /etc/ssl/certs/ldap02_slapd_cert.pem\n"
14092
"-\n"
14093
"add: olcTLSCertificateKeyFile\n"
14094
"olcTLSCertificateKeyFile: /etc/ssl/private/ldap02_slapd_key.pem"
14095
msgstr ""
14096
14097
#: serverguide/C/network-auth.xml:1186(para)
14098
msgid ""
14099
"As with the Provider you can now edit "
14100
"<filename>/etc/default/slapd</filename> and add the "
14101
"<emphasis>ldaps:///</emphasis> parameter to the "
14102
"<emphasis>SLAPD_SERVICES</emphasis> option."
14103
msgstr ""
14104
14105
#: serverguide/C/network-auth.xml:1194(para)
14106
msgid ""
14107
"Now that <emphasis>TLS</emphasis> has been setup on each server, once again "
14108
"modify the <emphasis>Consumer</emphasis> server's "
14109
"<emphasis>cn=config</emphasis> tree by entering the following in a terminal:"
14110
msgstr ""
14111
14112
#: serverguide/C/network-auth.xml:1207(userinput)
14113
#, no-wrap
14114
msgid ""
14115
"\n"
14116
"dn: olcDatabase={1}hdb,cn=config\n"
14117
"replace: olcSyncrepl\n"
14118
"olcSyncrepl: {0}rid=0 provider=ldap://ldap01.example.com bindmethod=simple "
14119
"binddn=\"cn=ad\n"
14120
" min,dc=example,dc=com\" credentials=secret searchbase=\"dc=example,dc=com\" "
14121
"logbas\n"
14122
" e=\"cn=accesslog\" "
14123
"logfilter=\"(&(objectClass=auditWriteObject)(reqResult=0))\" s\n"
14124
" chemachecking=on type=refreshAndPersist retry=\"60 +\" syncdata=accesslog "
14125
"starttls=yes"
14126
msgstr ""
14127
14128
#: serverguide/C/network-auth.xml:1204(computeroutput)
14129
#, no-wrap
14130
msgid ""
14131
"SASL/EXTERNAL authentication started\n"
14132
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
14133
"SASL SSF: 0\n"
14134
"<placeholder-1/>\n"
14135
"\n"
14136
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
14137
msgstr ""
14138
14139
#: serverguide/C/network-auth.xml:1219(para)
14140
msgid ""
14141
"If the LDAP server hostname does not match the Fully Qualified Domain Name "
14142
"(FQDN) in the certificate, you may have to edit "
14143
"<filename>/etc/ldap/ldap.conf</filename> and add the following TLS options:"
14144
msgstr ""
14145
14146
#: serverguide/C/network-auth.xml:1224(programlisting)
14147
#, no-wrap
14148
msgid ""
14149
"\n"
14150
"TLS_CERT /etc/ssl/certs/ldap02_slapd_cert.pem\n"
14151
"TLS_KEY /etc/ssl/private/ldap02_slapd_key.pem\n"
14152
"TLS_CACERT /etc/ssl/certs/cacert.pem\n"
14153
msgstr ""
14154
14155
#: serverguide/C/network-auth.xml:1231(para)
14156
msgid ""
14157
"Finally, restart <application>slapd</application> on each of the servers:"
14158
msgstr ""
14159
14160
#: serverguide/C/network-auth.xml:1244(title)
14161
msgid "LDAP Authentication"
14162
msgstr ""
14163
14164
#: serverguide/C/network-auth.xml:1246(para)
14165
msgid ""
14166
"Once you have a working LDAP server, the <application>auth-client-"
14167
"config</application> and <application>libnss-ldap</application> packages "
14168
"take the pain out of configuring an Ubuntu client to authenticate using "
14169
"LDAP. To install the packages from, a terminal prompt enter:"
14170
msgstr ""
14171
14172
#: serverguide/C/network-auth.xml:1253(command)
14173
msgid "sudo apt-get install libnss-ldap"
14174
msgstr ""
14175
14176
#: serverguide/C/network-auth.xml:1256(para)
14177
msgid ""
14178
"During the install a menu dialog will ask you connection details about your "
14179
"LDAP server."
14180
msgstr ""
14181
14182
#: serverguide/C/network-auth.xml:1260(para)
14183
msgid ""
14184
"If you make a mistake when entering your information you can execute the "
14185
"dialog again using:"
14186
msgstr ""
14187
14188
#: serverguide/C/network-auth.xml:1265(command)
14189
msgid "sudo dpkg-reconfigure ldap-auth-config"
14190
msgstr ""
14191
14192
#: serverguide/C/network-auth.xml:1268(para)
14193
msgid ""
14194
"The results of the dialog can be seen in "
14195
"<filename>/etc/ldap.conf</filename>. If your server requires options not "
14196
"covered in the menu edit this file accordingly."
14197
msgstr ""
14198
14199
#: serverguide/C/network-auth.xml:1273(para)
14200
msgid ""
14201
"Now that <application>libnss-ldap</application> is configured enable the "
14202
"<application>auth-client-config</application> LDAP profile by entering:"
14203
msgstr ""
14204
14205
#: serverguide/C/network-auth.xml:1279(command)
14206
msgid "sudo auth-client-config -t nss -p lac_ldap"
14207
msgstr ""
14208
14209
#: serverguide/C/network-auth.xml:1284(para)
14210
msgid ""
14211
"<emphasis>-t:</emphasis> only modifies "
14212
"<filename>/etc/nsswitch.conf</filename>."
14213
msgstr ""
14214
14215
#: serverguide/C/network-auth.xml:1289(para)
14216
msgid "<emphasis>-p:</emphasis> name of the profile to enable, disable, etc."
14217
msgstr ""
14218
14219
#: serverguide/C/network-auth.xml:1294(para)
14220
msgid ""
14221
"<emphasis>lac_ldap:</emphasis> the <application>auth-client-"
14222
"config</application> profile that is part of the <application>ldap-auth-"
14223
"config</application> package."
14224
msgstr ""
14225
14226
#: serverguide/C/network-auth.xml:1301(para)
14227
msgid ""
14228
"Using the <application>pam-auth-update</application> utility, configure the "
14229
"system to use LDAP for authentication:"
14230
msgstr ""
14231
14232
#: serverguide/C/network-auth.xml:1306(command)
14233
msgid "sudo pam-auth-update"
14234
msgstr ""
14235
14236
#: serverguide/C/network-auth.xml:1309(para)
14237
msgid ""
14238
"From the <application>pam-auth-update</application> menu, choose LDAP and "
14239
"any other authentication mechanisms you need."
14240
msgstr ""
14241
14242
#: serverguide/C/network-auth.xml:1313(para)
14243
msgid ""
14244
"You should now be able to login using user credentials stored in the LDAP "
14245
"directory."
14246
msgstr ""
14247
14248
#: serverguide/C/network-auth.xml:1318(para)
14249
msgid ""
14250
"If you are going to use LDAP to store Samba users you will need to configure "
14251
"the server to authenticate using LDAP. See <xref linkend=\"samba-ldap\"/> "
14252
"for details."
14253
msgstr ""
14254
14255
#: serverguide/C/network-auth.xml:1326(title)
14256
msgid "User and Group Management"
14257
msgstr ""
14258
14259
#: serverguide/C/network-auth.xml:1328(para)
14260
msgid ""
14261
"The <application>ldap-utils</application> package comes with multiple "
14262
"utilities to manage the directory, but the long string of options needed, "
14263
"can make them a burden to use. The <application>ldapscripts</application> "
14264
"package contains configurable scripts to easily manage LDAP users and groups."
14265
msgstr ""
14266
14267
#: serverguide/C/network-auth.xml:1334(para)
14268
msgid "To install the package, from a terminal enter:"
14269
msgstr ""
14270
14271
#: serverguide/C/network-auth.xml:1339(command)
14272
msgid "sudo apt-get install ldapscripts"
14273
msgstr ""
14274
14275
#: serverguide/C/network-auth.xml:1342(para)
14276
msgid ""
14277
"Next, edit the config file "
14278
"<filename>/etc/ldapscripts/ldapscripts.conf</filename> uncommenting and "
14279
"changing the following to match your environment:"
14280
msgstr ""
14281
14282
#: serverguide/C/network-auth.xml:1347(programlisting)
14283
#, no-wrap
14284
msgid ""
14285
"\n"
14286
"SERVER=localhost\n"
14287
"BINDDN='cn=admin,dc=example,dc=com'\n"
14288
"BINDPWDFILE=\"/etc/ldapscripts/ldapscripts.passwd\"\n"
14289
"SUFFIX='dc=example,dc=com'\n"
14290
"GSUFFIX='ou=Groups'\n"
14291
"USUFFIX='ou=People'\n"
14292
"MSUFFIX='ou=Computers'\n"
14293
"GIDSTART=10000\n"
14294
"UIDSTART=10000\n"
14295
"MIDSTART=10000\n"
14296
msgstr ""
14297
14298
#: serverguide/C/network-auth.xml:1360(para)
14299
msgid ""
14300
"Now, create the <filename>ldapscripts.passwd</filename> file to allow "
14301
"authenticated access to the directory:"
14302
msgstr ""
14303
14304
#: serverguide/C/network-auth.xml:1365(command)
14305
msgid ""
14306
"sudo sh -c \"echo -n 'secret' > /etc/ldapscripts/ldapscripts.passwd\""
14307
msgstr ""
14308
14309
#: serverguide/C/network-auth.xml:1366(command)
14310
msgid "sudo chmod 400 /etc/ldapscripts/ldapscripts.passwd"
14311
msgstr ""
14312
14313
#: serverguide/C/network-auth.xml:1370(para)
14314
msgid ""
14315
"Replace <quote>secret</quote> with the actual password for your LDAP admin "
14316
"user."
14317
msgstr ""
14318
14319
#: serverguide/C/network-auth.xml:1375(para)
14320
msgid ""
14321
"The <application>ldapscripts</application> are now ready to help manage your "
14322
"directory. The following are some examples of how to use the scripts:"
14323
msgstr ""
14324
14325
#: serverguide/C/network-auth.xml:1382(para)
14326
msgid "Create a new user:"
14327
msgstr ""
14328
14329
#: serverguide/C/network-auth.xml:1386(command)
14330
msgid "sudo ldapadduser george example"
14331
msgstr ""
14332
14333
#: serverguide/C/network-auth.xml:1388(para)
14334
msgid ""
14335
"This will create a user with uid <emphasis role=\"italic\">george</emphasis> "
14336
"and set the user's primary group (gid) to <emphasis "
14337
"role=\"italic\">example</emphasis>"
14338
msgstr ""
14339
14340
#: serverguide/C/network-auth.xml:1394(para)
14341
msgid "Change a user's password:"
14342
msgstr ""
14343
14344
#: serverguide/C/network-auth.xml:1398(command)
14345
msgid "sudo ldapsetpasswd george"
14346
msgstr ""
14347
14348
#: serverguide/C/network-auth.xml:1399(computeroutput)
14349
#, no-wrap
14350
msgid "Changing password for user uid=george,ou=People,dc=example,dc=com"
14351
msgstr ""
14352
14353
#: serverguide/C/network-auth.xml:1400(userinput)
14354
#, no-wrap
14355
msgid "New Password: "
14356
msgstr ""
14357
14358
#: serverguide/C/network-auth.xml:1401(userinput)
14359
#, no-wrap
14360
msgid "New Password (verify): "
14361
msgstr ""
14362
14363
#: serverguide/C/network-auth.xml:1405(para)
14364
msgid "Delete a user:"
14365
msgstr ""
14366
14367
#: serverguide/C/network-auth.xml:1409(command)
14368
msgid "sudo ldapdeleteuser george"
14369
msgstr ""
14370
14371
#: serverguide/C/network-auth.xml:1414(para)
14372
msgid "Add a group:"
14373
msgstr ""
14374
14375
#: serverguide/C/network-auth.xml:1418(command)
14376
msgid "sudo ldapaddgroup qa"
14377
msgstr ""
14378
14379
#: serverguide/C/network-auth.xml:1422(para)
14380
msgid "Delete a group:"
14381
msgstr ""
14382
14383
#: serverguide/C/network-auth.xml:1426(command)
14384
msgid "sudo ldapdeletegroup qa"
14385
msgstr ""
14386
14387
#: serverguide/C/network-auth.xml:1430(para)
14388
msgid "Add a user to a group:"
14389
msgstr ""
14390
14391
#: serverguide/C/network-auth.xml:1434(command)
14392
msgid "sudo ldapaddusertogroup george qa"
14393
msgstr ""
14394
14395
#: serverguide/C/network-auth.xml:1436(para)
14396
msgid ""
14397
"You should now see a <emphasis>memberUid</emphasis> attribute for the "
14398
"<emphasis role=\"italic\">qa</emphasis> group with a value of <emphasis "
14399
"role=\"italic\">george</emphasis>."
14400
msgstr ""
14401
14402
#: serverguide/C/network-auth.xml:1442(para)
14403
msgid "Remove a user from a group:"
14404
msgstr ""
14405
14406
#: serverguide/C/network-auth.xml:1446(command)
14407
msgid "sudo ldapdeleteuserfromgroup george qa"
14408
msgstr ""
14409
14410
#: serverguide/C/network-auth.xml:1448(para)
14411
msgid ""
14412
"The <emphasis>memberUid</emphasis> attribute should now be removed from the "
14413
"<emphasis role=\"italic\">qa</emphasis> group."
14414
msgstr ""
14415
14416
#: serverguide/C/network-auth.xml:1454(para)
14417
msgid ""
14418
"The <application>ldapmodifyuser</application> script allows you to add, "
14419
"remove, or replace a user's attributes. The script uses the same syntax as "
14420
"the <application>ldapmodify</application> utility. For example:"
14421
msgstr ""
14422
14423
#: serverguide/C/network-auth.xml:1459(command)
14424
msgid "sudo ldapmodifyuser george"
14425
msgstr ""
14426
14427
#: serverguide/C/network-auth.xml:1460(computeroutput)
14428
#, no-wrap
14429
msgid ""
14430
"# About to modify the following entry :\n"
14431
"dn: uid=george,ou=People,dc=example,dc=com\n"
14432
"objectClass: account\n"
14433
"objectClass: posixAccount\n"
14434
"cn: george\n"
14435
"uid: george\n"
14436
"uidNumber: 1001\n"
14437
"gidNumber: 1001\n"
14438
"homeDirectory: /home/george\n"
14439
"loginShell: /bin/bash\n"
14440
"gecos: george\n"
14441
"description: User account\n"
14442
"userPassword:: e1NTSEF9eXFsTFcyWlhwWkF1eGUybVdFWHZKRzJVMjFTSG9vcHk=\n"
14443
"\n"
14444
"# Enter your modifications here, end with CTRL-D.\n"
14445
"dn: uid=george,ou=People,dc=example,dc=com"
14446
msgstr ""
14447
14448
#: serverguide/C/network-auth.xml:1476(userinput)
14449
#, no-wrap
14450
msgid ""
14451
"replace: gecos\n"
14452
"gecos: George Carlin"
14453
msgstr ""
14454
14455
#: serverguide/C/network-auth.xml:1479(para)
14456
msgid ""
14457
"The user's <emphasis>gecos</emphasis> should now be <quote>George "
14458
"Carlin</quote>."
14459
msgstr ""
14460
14461
#: serverguide/C/network-auth.xml:1484(para)
14462
msgid ""
14463
"Another great feature of <application>ldapscripts</application>, is the "
14464
"template system. Templates allow you to customize the attributes of user, "
14465
"group, and machine objectes. For example, to enable the "
14466
"<emphasis>user</emphasis> template edit "
14467
"<filename>/etc/ldapscripts/ldapscripts.conf</filename> changing:"
14468
msgstr ""
14469
14470
#: serverguide/C/network-auth.xml:1491(programlisting)
14471
#, no-wrap
14472
msgid ""
14473
"\n"
14474
"UTEMPLATE=\"/etc/ldapscripts/ldapadduser.template\"\n"
14475
msgstr ""
14476
14477
#: serverguide/C/network-auth.xml:1495(para)
14478
msgid ""
14479
"There are <emphasis role=\"italic\">sample</emphasis> templates in the "
14480
"<filename>/etc/ldapscripts</filename> directory. Copy or rename the "
14481
"<filename>ldapadduser.template.sample</filename> file to "
14482
"<filename>/etc/ldapscripts/ldapadduser.template</filename>:"
14483
msgstr ""
14484
14485
#: serverguide/C/network-auth.xml:1502(command)
14486
msgid ""
14487
"sudo cp /usr/share/doc/ldapscripts/examples/ldapadduser.template.sample "
14488
"/etc/ldapscripts/ldapadduser.template"
14489
msgstr ""
14490
14491
#: serverguide/C/network-auth.xml:1505(para)
14492
msgid ""
14493
"Edit the new template to add the desired attributes. The following will "
14494
"create new user's as with an <emphasis>objectClass</emphasis> of "
14495
"<emphasis>inetOrgPerson</emphasis>:"
14496
msgstr ""
14497
14498
#: serverguide/C/network-auth.xml:1510(programlisting)
14499
#, no-wrap
14500
msgid ""
14501
"\n"
14502
"dn: uid=<user>,<usuffix>,<suffix>\n"
14503
"objectClass: inetOrgPerson\n"
14504
"objectClass: posixAccount\n"
14505
"cn: <user>\n"
14506
"sn: <ask>\n"
14507
"uid: <user>\n"
14508
"uidNumber: <uid>\n"
14509
"gidNumber: <gid>\n"
14510
"homeDirectory: <home>\n"
14511
"loginShell: <shell>\n"
14512
"gecos: <user>\n"
14513
"description: User account\n"
14514
"title: Employee\n"
14515
msgstr ""
14516
14517
#: serverguide/C/network-auth.xml:1526(para)
14518
msgid ""
14519
"Notice the <emphasis><ask></emphasis> option used for the "
14520
"<emphasis>ssn</emphasis> value. Using <ask> will configure "
14521
"<application>ldapadduser</application> to prompt you for the attribute value "
14522
"during user creation."
14523
msgstr ""
14524
14525
#: serverguide/C/network-auth.xml:1534(para)
14526
msgid ""
14527
"There are more useful scripts in the package, to see a full list enter: "
14528
"<command>dpkg -L ldapscripts | grep bin</command>"
14529
msgstr ""
14530
14531
#: serverguide/C/network-auth.xml:1543(para)
14532
msgid ""
14533
"The <ulink url=\"https://help.ubuntu.com/community/OpenLDAPServer\">OpenLDAP "
14534
"Ubuntu Wiki</ulink> page has more details."
14535
msgstr ""
14536
14537
#: serverguide/C/network-auth.xml:1548(para)
14538
msgid ""
14539
"For more information see <ulink url=\"http://www.openldap.org/\">OpenLDAP "
14540
"Home Page</ulink>"
14541
msgstr ""
14542
14543
#: serverguide/C/network-auth.xml:1553(para)
14544
msgid ""
14545
"Though starting to show it's age, a great source for in depth LDAP "
14546
"information is O'Reilly's <ulink "
14547
"url=\"http://www.oreilly.com/catalog/ldapsa/\">LDAP System "
14548
"Administration</ulink>"
14549
msgstr ""
14550
14551
#: serverguide/C/network-auth.xml:1559(para)
14552
msgid ""
14553
"Packt's <ulink url=\"http://www.packtpub.com/OpenLDAP-Developers-Server-Open-"
14554
"Source-Linux/book\">Mastering OpenLDAP</ulink> is a great reference covering "
14555
"newer versions of OpenLDAP."
14556
msgstr ""
14557
14558
#: serverguide/C/network-auth.xml:1565(para)
14559
msgid ""
14560
"For more information on <application>auth-client-config</application> see "
14561
"the man page: <command>man auth-client-config</command>."
14562
msgstr ""
14563
14564
#: serverguide/C/network-auth.xml:1570(para)
14565
msgid ""
14566
"For more details regarding the <application>ldapscripts</application> "
14567
"package see the man pages: <command>man ldapscripts</command>, <command>man "
14568
"ldapadduser</command>, <command>man ldapaddgroup</command>, etc."
14569
msgstr ""
14570
14571
#: serverguide/C/network-auth.xml:1580(title)
14572
msgid "Samba and LDAP"
14573
msgstr ""
14574
14575
#: serverguide/C/network-auth.xml:1582(para)
14576
msgid ""
14577
"This section covers configuring Samba to use LDAP for user, group, and "
14578
"machine account information and authentication. The assumption is, you "
14579
"already have a working OpenLDAP directory installed and the server is "
14580
"configured to use it for authentication. See <xref linkend=\"openldap-"
14581
"server\"/> and <xref linkend=\"openldap-auth-config\"/> for details on "
14582
"setting up OpenLDAP. For more information on installing and configuring "
14583
"Samba see <xref linkend=\"windows-networking\"/>."
14584
msgstr ""
14585
14586
#: serverguide/C/network-auth.xml:1592(para)
14587
msgid ""
14588
"There are three packages needed when integrating Samba with LDAP. "
14589
"<application>samba</application>, <application>samba-doc</application>, and "
14590
"<application>smbldap-tools</application> packages . To install the packages, "
14591
"from a terminal enter:"
14592
msgstr ""
14593
14594
#: serverguide/C/network-auth.xml:1598(command)
14595
msgid "sudo apt-get install samba samba-doc smbldap-tools"
14596
msgstr ""
14597
14598
#: serverguide/C/network-auth.xml:1601(para)
14599
msgid ""
14600
"Strictly speaking the <application>smbldap-tools</application> package isn't "
14601
"needed, but unless you have another package or custom scripts, a method of "
14602
"managing users, groups, and computer accounts is needed."
14603
msgstr ""
14604
14605
#: serverguide/C/network-auth.xml:1608(title)
14606
msgid "OpenLDAP Configuration"
14607
msgstr ""
14608
14609
#: serverguide/C/network-auth.xml:1610(para)
14610
msgid ""
14611
"In order for Samba to use OpenLDAP as a <emphasis>passdb backend</emphasis>, "
14612
"the user objects in the directory will need additional attributes. This "
14613
"section assumes you want Samba to be configured as a Windows NT domain "
14614
"controller, and will add the necessary LDAP objects and attributes."
14615
msgstr ""
14616
14617
#: serverguide/C/network-auth.xml:1618(para)
14618
msgid ""
14619
"The Samba attributes are defined in the <filename>samba.schema</filename> "
14620
"file which is part of the <application>samba-doc</application> package. The "
14621
"schema file needs to be unzipped and copied to "
14622
"<filename>/etc/ldap/schema</filename>. From a terminal prompt enter:"
14623
msgstr ""
14624
14625
#: serverguide/C/network-auth.xml:1625(command)
14626
msgid ""
14627
"sudo cp /usr/share/doc/samba-doc/examples/LDAP/samba.schema.gz "
14628
"/etc/ldap/schema/"
14629
msgstr ""
14630
14631
#: serverguide/C/network-auth.xml:1626(command)
14632
msgid "sudo gzip -d /etc/ldap/schema/samba.schema.gz"
14633
msgstr ""
14634
14635
#: serverguide/C/network-auth.xml:1632(para)
14636
msgid ""
14637
"The <emphasis>samba</emphasis> schema needs to be added to the "
14638
"<emphasis>cn=config</emphasis> tree. The procedure to add a new schema to "
14639
"<application>slapd</application> is also detailed in <xref "
14640
"linkend=\"openldap-configuration\"/>."
14641
msgstr ""
14642
14643
#: serverguide/C/network-auth.xml:1640(para) serverguide/C/network-auth.xml:2676(para)
14644
msgid ""
14645
"First, create a configuration file named "
14646
"<filename>schema_convert.conf</filename>, or a similar descriptive name, "
14647
"containing the following lines:"
14648
msgstr ""
14649
14650
#: serverguide/C/network-auth.xml:1645(programlisting)
14651
#, no-wrap
14652
msgid ""
14653
"\n"
14654
"include /etc/ldap/schema/core.schema\n"
14655
"include /etc/ldap/schema/collective.schema\n"
14656
"include /etc/ldap/schema/corba.schema\n"
14657
"include /etc/ldap/schema/cosine.schema\n"
14658
"include /etc/ldap/schema/duaconf.schema\n"
14659
"include /etc/ldap/schema/dyngroup.schema\n"
14660
"include /etc/ldap/schema/inetorgperson.schema\n"
14661
"include /etc/ldap/schema/java.schema\n"
14662
"include /etc/ldap/schema/misc.schema\n"
14663
"include /etc/ldap/schema/nis.schema\n"
14664
"include /etc/ldap/schema/openldap.schema\n"
14665
"include /etc/ldap/schema/ppolicy.schema\n"
14666
"include /etc/ldap/schema/samba.schema\n"
14667
msgstr ""
14668
14669
#: serverguide/C/network-auth.xml:1675(para) serverguide/C/network-auth.xml:2711(para)
14670
msgid ""
14671
"Now use <application>slapcat</application> to convert the schema files:"
14672
msgstr ""
14673
14674
#: serverguide/C/network-auth.xml:1680(command)
14675
msgid ""
14676
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
14677
"\"cn={12}samba,cn=schema,cn=config\" > /tmp/cn=samba.ldif"
14678
msgstr ""
14679
14680
#: serverguide/C/network-auth.xml:1683(para) serverguide/C/network-auth.xml:2719(para)
14681
msgid ""
14682
"Change the above file and path names to match your own if they are different."
14683
msgstr ""
14684
14685
#: serverguide/C/network-auth.xml:1690(para)
14686
msgid ""
14687
"Edit the generated <filename>/tmp/cn\\=samba.ldif</filename> file, changing "
14688
"the following attributes:"
14689
msgstr ""
14690
14691
#: serverguide/C/network-auth.xml:1694(programlisting)
14692
#, no-wrap
14693
msgid ""
14694
"\n"
14695
"dn: cn=samba,cn=schema,cn=config\n"
14696
"...\n"
14697
"cn: samba\n"
14698
msgstr ""
14699
14700
#: serverguide/C/network-auth.xml:1704(programlisting)
14701
#, no-wrap
14702
msgid ""
14703
"\n"
14704
"structuralObjectClass: olcSchemaConfig\n"
14705
"entryUUID: b53b75ca-083f-102d-9fff-2f64fd123c95\n"
14706
"creatorsName: cn=config\n"
14707
"createTimestamp: 20080827045234Z\n"
14708
"entryCSN: 20080827045234.341425Z#000000#000#000000\n"
14709
"modifiersName: cn=config\n"
14710
"modifyTimestamp: 20080827045234Z\n"
14711
msgstr ""
14712
14713
#: serverguide/C/network-auth.xml:1729(command)
14714
msgid "ldapadd -x -D cn=admin,cn=config -W -f /tmp/cn\\=samba.ldif"
14715
msgstr ""
14716
14717
#: serverguide/C/network-auth.xml:1735(para)
14718
msgid ""
14719
"There should now be a <emphasis>dn: "
14720
"cn={X}misc,cn=schema,cn=config</emphasis>, where \"X\" is the next "
14721
"sequential schema, entry in the cn=config tree."
14722
msgstr ""
14723
14724
#: serverguide/C/network-auth.xml:1743(para)
14725
msgid ""
14726
"Copy and paste the following into a file named "
14727
"<filename>samba_indexes.ldif</filename>:"
14728
msgstr ""
14729
14730
#: serverguide/C/network-auth.xml:1747(programlisting)
14731
#, no-wrap
14732
msgid ""
14733
"\n"
14734
"dn: olcDatabase={1}hdb,cn=config\n"
14735
"changetype: modify\n"
14736
"add: olcDbIndex\n"
14737
"olcDbIndex: uidNumber eq\n"
14738
"olcDbIndex: gidNumber eq\n"
14739
"olcDbIndex: loginShell eq\n"
14740
"olcDbIndex: uid eq,pres,sub\n"
14741
"olcDbIndex: memberUid eq,pres,sub\n"
14742
"olcDbIndex: uniqueMember eq,pres\n"
14743
"olcDbIndex: sambaSID eq\n"
14744
"olcDbIndex: sambaPrimaryGroupSID eq\n"
14745
"olcDbIndex: sambaGroupType eq\n"
14746
"olcDbIndex: sambaSIDList eq\n"
14747
"olcDbIndex: sambaDomainName eq\n"
14748
"olcDbIndex: default sub\n"
14749
msgstr ""
14750
14751
#: serverguide/C/network-auth.xml:1765(para)
14752
msgid ""
14753
"Using the <application>ldapmodify</application> utility load the new indexes:"
14754
msgstr ""
14755
14756
#: serverguide/C/network-auth.xml:1770(command)
14757
msgid "ldapmodify -x -D cn=admin,cn=config -W -f samba_indexes.ldif"
14758
msgstr ""
14759
14760
#: serverguide/C/network-auth.xml:1772(para)
14761
msgid ""
14762
"If all went well you should see the new indexes using "
14763
"<application>ldapsearch</application>:"
14764
msgstr ""
14765
14766
#: serverguide/C/network-auth.xml:1777(command)
14767
msgid ""
14768
"ldapsearch -xLLL -D cn=admin,cn=config -x -b cn=config -W olcDatabase={1}hdb"
14769
msgstr ""
14770
14771
#: serverguide/C/network-auth.xml:1783(para)
14772
msgid ""
14773
"Next, configure the <application>smbldap-tools</application> package to "
14774
"match your environment. The package comes with a configuration script that "
14775
"will ask questions about the needed options. To run the script enter:"
14776
msgstr ""
14777
14778
#: serverguide/C/network-auth.xml:1789(command)
14779
msgid "sudo gzip -d /usr/share/doc/smbldap-tools/configure.pl.gz"
14780
msgstr ""
14781
14782
#: serverguide/C/network-auth.xml:1790(command)
14783
msgid "sudo perl /usr/share/doc/smbldap-tools/configure.pl"
14784
msgstr ""
14785
14786
#: serverguide/C/network-auth.xml:1793(para)
14787
msgid ""
14788
"Once you have answered the questions, there should be <filename>/etc/smbldap-"
14789
"tools/smbldap.conf</filename> and <filename>/etc/smbldap-"
14790
"tools/smbldap_bind.conf</filename> files. These files are generated by the "
14791
"configure script, so if you made any mistakes while executing the script it "
14792
"may be simpler to edit the file appropriately."
14793
msgstr ""
14794
14795
#: serverguide/C/network-auth.xml:1803(para)
14796
msgid ""
14797
"The <application>smbldap-populate</application> script will add the "
14798
"necessary users, groups, and LDAP objects required for Samba. It is a good "
14799
"idea to make a backup LDAP Data Interchange Format (LDIF) file with "
14800
"<application>slapcat</application> before executing the command:"
14801
msgstr ""
14802
14803
#: serverguide/C/network-auth.xml:1810(command)
14804
msgid "sudo slapcat -l backup.ldif"
14805
msgstr ""
14806
14807
#: serverguide/C/network-auth.xml:1816(para)
14808
msgid ""
14809
"Once you have a current backup execute <application>smbldap-"
14810
"populate</application> by entering:"
14811
msgstr ""
14812
14813
#: serverguide/C/network-auth.xml:1821(command)
14814
msgid "sudo smbldap-populate"
14815
msgstr ""
14816
14817
#: serverguide/C/network-auth.xml:1825(para)
14818
msgid ""
14819
"You can create an LDIF file containing the new Samba objects by executing "
14820
"<command>sudo smbldap-populate -e samba.ldif</command>. This allows you to "
14821
"look over the changes making sure everything is correct."
14822
msgstr ""
14823
14824
#: serverguide/C/network-auth.xml:1833(para)
14825
msgid ""
14826
"Your LDAP directory now has the necessary domain information to authenticate "
14827
"Samba users."
14828
msgstr ""
14829
14830
#: serverguide/C/network-auth.xml:1839(title)
14831
msgid "Samba Configuration"
14832
msgstr ""
14833
14834
#: serverguide/C/network-auth.xml:1841(para)
14835
msgid ""
14836
"There a multiple ways to configure Samba for details on some common "
14837
"configurations see <xref linkend=\"windows-networking\"/>. To configure "
14838
"Samba to use LDAP, edit the main Samba configuration file "
14839
"<filename>/etc/samba/smb.conf</filename> commenting the <emphasis>passdb "
14840
"backend</emphasis> option and adding the following:"
14841
msgstr ""
14842
14843
#: serverguide/C/network-auth.xml:1847(programlisting)
14844
#, no-wrap
14845
msgid ""
14846
"\n"
14847
"# passdb backend = tdbsam\n"
14848
"\n"
14849
"# LDAP Settings\n"
14850
" passdb backend = ldapsam:ldap://hostname\n"
14851
" ldap suffix = dc=example,dc=com\n"
14852
" ldap user suffix = ou=People\n"
14853
" ldap group suffix = ou=Groups\n"
14854
" ldap machine suffix = ou=Computers\n"
14855
" ldap idmap suffix = ou=Idmap\n"
14856
" ldap admin dn = cn=admin,dc=example,dc=com\n"
14857
" ldap ssl = start tls\n"
14858
" ldap passwd sync = yes\n"
14859
"...\n"
14860
" add machine script = sudo /usr/sbin/smbldap-useradd -t 0 -w \"%u\"\n"
14861
msgstr ""
14862
14863
#: serverguide/C/network-auth.xml:1864(para)
14864
msgid "Restart <application>samba</application> to enable the new settings:"
14865
msgstr ""
14866
14867
#: serverguide/C/network-auth.xml:1873(para)
14868
msgid ""
14869
"Now Samba needs to know the LDAP admin password. From a terminal prompt "
14870
"enter:"
14871
msgstr ""
14872
14873
#: serverguide/C/network-auth.xml:1878(command)
14874
msgid "sudo smbpasswd -w secret"
14875
msgstr ""
14876
14877
#: serverguide/C/network-auth.xml:1882(para)
14878
msgid ""
14879
"Replacing <emphasis role=\"italic\">secret</emphasis> with your LDAP admin "
14880
"password."
14881
msgstr ""
14882
14883
#: serverguide/C/network-auth.xml:1887(para)
14884
msgid ""
14885
"If you currently have users in LDAP, and you want them to authenticate using "
14886
"Samba, they will need some Samba attributes defined in the "
14887
"<filename>samba.schema</filename> file. Add the Samba attributes to existing "
14888
"users using the <application>smbpasswd</application> utility, replacing "
14889
"<emphasis role=\"italic\">username</emphasis> with an actual user:"
14890
msgstr ""
14891
14892
#: serverguide/C/network-auth.xml:1895(command)
14893
msgid "sudo smbpasswd -a username"
14894
msgstr ""
14895
14896
#: serverguide/C/network-auth.xml:1898(para)
14897
msgid "You will then be asked to enter the user's password."
14898
msgstr ""
14899
14900
#: serverguide/C/network-auth.xml:1902(para)
14901
msgid ""
14902
"To add new user, group, and machine accounts use the utilities from the "
14903
"<application>smbldap-tools</application> package. Here are some examples:"
14904
msgstr ""
14905
14906
#: serverguide/C/network-auth.xml:1909(para)
14907
msgid ""
14908
"To add a new user to LDAP with Samba attributes enter the following, "
14909
"replacing username with an actual username:"
14910
msgstr ""
14911
14912
#: serverguide/C/network-auth.xml:1913(command)
14913
msgid "sudo smbldap-useradd -a -P username"
14914
msgstr ""
14915
14916
#: serverguide/C/network-auth.xml:1915(para)
14917
msgid ""
14918
"The <emphasis>-a</emphasis> option adds the Samba attributes, and the "
14919
"<emphasis>-P</emphasis> options calls the <application>smbldap-"
14920
"passwd</application> utility after the user is created allowing you to enter "
14921
"a password for the user."
14922
msgstr ""
14923
14924
#: serverguide/C/network-auth.xml:1921(para)
14925
msgid "To remove a user from the directory enter:"
14926
msgstr ""
14927
14928
#: serverguide/C/network-auth.xml:1925(command)
14929
msgid "sudo smbldap-userdel username"
14930
msgstr ""
14931
14932
#: serverguide/C/network-auth.xml:1927(para)
14933
msgid ""
14934
"The <application>smbldap-userdel</application> utility also has a <emphasis>-"
14935
"r</emphasis> option to remove the user's home directory."
14936
msgstr ""
14937
14938
#: serverguide/C/network-auth.xml:1932(para)
14939
msgid ""
14940
"Use <application>smbldap-groupadd</application> to add a group, replacing "
14941
"groupname with an appropriate group:"
14942
msgstr ""
14943
14944
#: serverguide/C/network-auth.xml:1936(command)
14945
msgid "sudo smbldap-groupadd -a groupname"
14946
msgstr ""
14947
14948
#: serverguide/C/network-auth.xml:1938(para)
14949
msgid ""
14950
"Similar to <application>smbldap-useradd</application>, the <emphasis>-"
14951
"a</emphasis> adds the Samba attributes."
14952
msgstr ""
14953
14954
#: serverguide/C/network-auth.xml:1943(para)
14955
msgid ""
14956
"To add a user to a group use <application>smbldap-groupmod</application>:"
14957
msgstr ""
14958
14959
#: serverguide/C/network-auth.xml:1947(command)
14960
msgid "sudo smbldap-groupmod -m username groupname"
14961
msgstr ""
14962
14963
#: serverguide/C/network-auth.xml:1949(para)
14964
msgid ""
14965
"Be sure to replace <emphasis>username</emphasis> with a real user. Also, the "
14966
"<emphasis>-m</emphasis> option can add more than one user at a time by "
14967
"listing them in <emphasis>comma separated</emphasis> format."
14968
msgstr ""
14969
14970
#: serverguide/C/network-auth.xml:1955(para)
14971
msgid ""
14972
"<application>smbldap-groupmod</application> can also be used to remove a "
14973
"user from a group:"
14974
msgstr ""
14975
14976
#: serverguide/C/network-auth.xml:1959(command)
14977
msgid "sudo smbldap-groupmod -x username groupname"
14978
msgstr ""
14979
14980
#: serverguide/C/network-auth.xml:1963(para)
14981
msgid ""
14982
"Additionally, the <application>smbldap-useradd</application> utility can add "
14983
"Samba machine accounts:"
14984
msgstr ""
14985
14986
#: serverguide/C/network-auth.xml:1967(command)
14987
msgid "sudo smbldap-useradd -t 0 -w username"
14988
msgstr ""
14989
14990
#: serverguide/C/network-auth.xml:1969(para)
14991
msgid ""
14992
"Replace <emphasis>username</emphasis> with the name of the workstation. The "
14993
"<emphasis>-t 0</emphasis> option creates the machine account without a "
14994
"delay, while the <emphasis>-w</emphasis> option specifies the user as a "
14995
"machine account. Also, note the <emphasis>add machine script</emphasis> "
14996
"option in <filename>/etc/samba/smb.conf</filename> was changed to use "
14997
"<application>smbldap-useradd</application>."
14998
msgstr ""
14999
15000
#: serverguide/C/network-auth.xml:1978(para)
15001
msgid ""
15002
"There are more useful utilities and options in the <application>smbldap-"
15003
"tools</application> package. The man page for each utility provides more "
15004
"details."
15005
msgstr ""
15006
15007
#: serverguide/C/network-auth.xml:1989(para)
15008
msgid ""
15009
"There are multiple places where LDAP and Samba is documented in the <ulink "
15010
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba HOWTO "
15011
"Collection</ulink>."
15012
msgstr ""
15013
15014
#: serverguide/C/network-auth.xml:1995(para)
15015
msgid ""
15016
"Specifically see the <ulink url=\"http://samba.org/samba/docs/man/Samba-"
15017
"HOWTO-Collection/passdb.html\">passdb section</ulink>."
15018
msgstr ""
15019
15020
#: serverguide/C/network-auth.xml:2001(para)
15021
msgid ""
15022
"Another good site is <ulink url=\"http://download.gna.org/smbldap-"
15023
"tools/docs/samba-ldap-howto/\">Samba OpenLDAP HOWTO</ulink>."
15024
msgstr ""
15025
15026
#: serverguide/C/network-auth.xml:2007(para)
15027
msgid ""
15028
"Again, for more information on <application>smbldap-tools</application> see "
15029
"the man pages: <command>man smbldap-useradd</command>, <command>man smbldap-"
15030
"groupadd</command>, <command>man smbldap-populate</command>, etc."
15031
msgstr ""
15032
15033
#: serverguide/C/network-auth.xml:2014(para)
15034
msgid ""
15035
"Also, there is a list of <ulink "
15036
"url=\"https://help.ubuntu.com/community/Samba#samba-ldap\">Ubuntu "
15037
"wiki</ulink> articles with more information."
15038
msgstr ""
15039
15040
#: serverguide/C/network-auth.xml:2023(title)
15041
msgid "Kerberos"
15042
msgstr ""
15043
15044
#: serverguide/C/network-auth.xml:2025(para)
15045
msgid ""
15046
"<application>Kerberos</application> is a network authentication system based "
15047
"on the principal of a trusted third party. The other two parties being the "
15048
"user and the service the user wishes to authenticate to. Not all services "
15049
"and applications can use Kerberos, but for those that can, it brings the "
15050
"network environment one step closer to being Single Sign On (SSO)."
15051
msgstr ""
15052
15053
#: serverguide/C/network-auth.xml:2031(para)
15054
msgid ""
15055
"This section covers installation and configuration of a Kerberos server, and "
15056
"some example client configurations."
15057
msgstr ""
15058
15059
#: serverguide/C/network-auth.xml:2038(para)
15060
msgid ""
15061
"If you are new to Kerberos there are a few terms that are good to understand "
15062
"before setting up a Kerberos server. Most of the terms will relate to things "
15063
"you may be familiar with in other environments:"
15064
msgstr ""
15065
15066
#: serverguide/C/network-auth.xml:2045(para)
15067
msgid ""
15068
"<emphasis>Principal:</emphasis> any users, computers, and services provided "
15069
"by servers need to be defined as Kerberos Principals."
15070
msgstr ""
15071
15072
#: serverguide/C/network-auth.xml:2050(para)
15073
msgid ""
15074
"<emphasis>Instances:</emphasis> are used for service principals and special "
15075
"administrative principals."
15076
msgstr ""
15077
15078
#: serverguide/C/network-auth.xml:2055(para)
15079
msgid ""
15080
"<emphasis>Realms:</emphasis> the unique realm of control provided by the "
15081
"Kerberos installation. Usually the DNS domain converted to uppercase "
15082
"(EXAMPLE.COM)."
15083
msgstr ""
15084
15085
#: serverguide/C/network-auth.xml:2061(para)
15086
msgid ""
15087
"<emphasis>Key Distribution Center:</emphasis> (KDC) consist of three parts, "
15088
"a database of all principals, the authentication server, and the ticket "
15089
"granting server. For each realm there must be at least one KDC."
15090
msgstr ""
15091
15092
#: serverguide/C/network-auth.xml:2067(para)
15093
msgid ""
15094
"<emphasis>Ticket Granting Ticket:</emphasis> issued by the Authentication "
15095
"Server (AS), the Ticket Granting Ticket (TGT) is encrypted in the user's "
15096
"password which is known only to the user and the KDC."
15097
msgstr ""
15098
15099
#: serverguide/C/network-auth.xml:2073(para)
15100
msgid ""
15101
"<emphasis>Ticket Granting Server:</emphasis> (TGS) issues service tickets to "
15102
"clients upon request."
15103
msgstr ""
15104
15105
#: serverguide/C/network-auth.xml:2078(para)
15106
msgid ""
15107
"<emphasis>Tickets:</emphasis> confirm the identity of the two principals. "
15108
"One principal being a user and the other a service requested by the user. "
15109
"Tickets establish an encryption key used for secure communication during the "
15110
"authenticated session."
15111
msgstr ""
15112
15113
#: serverguide/C/network-auth.xml:2084(para)
15114
msgid ""
15115
"<emphasis>Keytab Files:</emphasis> are files extracted from the KDC "
15116
"principal database and contain the encryption key for a service or host."
15117
msgstr ""
15118
15119
#: serverguide/C/network-auth.xml:2091(para)
15120
msgid ""
15121
"To put the pieces together, a Realm has at least one KDC, preferably two for "
15122
"redundancy, which contains a database of Principals. When a user principal "
15123
"logs into a workstation, configured for Kerberos authentication, the KDC "
15124
"issues a Ticket Granting Ticket (TGT). If the user supplied credentials "
15125
"match, the user is authenticated and can then request tickets for Kerberized "
15126
"services from the Ticket Granting Server (TGS). The service tickets allow "
15127
"the user to authenticate to the service without entering another username "
15128
"and password."
15129
msgstr ""
15130
15131
#: serverguide/C/network-auth.xml:2100(title)
15132
msgid "Kerberos Server"
15133
msgstr ""
15134
15135
#: serverguide/C/network-auth.xml:2104(para)
15136
msgid ""
15137
"Before installing the Kerberos server a properly configured DNS server is "
15138
"needed for your domain. Since the Kerberos Realm by convention matches the "
15139
"domain name, this section uses the <emphasis>example.com</emphasis> domain "
15140
"configured in <xref linkend=\"dns-primarymaster-configuration\"/>."
15141
msgstr ""
15142
15143
#: serverguide/C/network-auth.xml:2110(para)
15144
msgid ""
15145
"Also, Kerberos is a time sensitive protocol. So if the local system time "
15146
"between a client machine and the server differs by more than five minutes "
15147
"(by default), the workstation will not be able to authenticate. To correct "
15148
"the problem all hosts should have their time synchronized using the "
15149
"<emphasis>Network Time Protocol (NTP)</emphasis>. For details on setting up "
15150
"NTP see <xref linkend=\"NTP\"/>."
15151
msgstr ""
15152
15153
#: serverguide/C/network-auth.xml:2117(para)
15154
msgid ""
15155
"The first step in installing a Kerberos Realm is to install the "
15156
"<application>krb5-kdc</application> and <application>krb5-admin-"
15157
"server</application> packages. From a terminal enter:"
15158
msgstr ""
15159
15160
#: serverguide/C/network-auth.xml:2123(command) serverguide/C/network-auth.xml:2298(command)
15161
msgid "sudo apt-get install krb5-kdc krb5-admin-server"
15162
msgstr ""
15163
15164
#: serverguide/C/network-auth.xml:2126(para)
15165
msgid ""
15166
"You will be asked at the end of the install to supply a name for the "
15167
"Kerberos and Admin servers, which may or may not be the same server, for the "
15168
"realm."
15169
msgstr ""
15170
15171
#: serverguide/C/network-auth.xml:2131(para)
15172
msgid ""
15173
"Next, create the new realm with the <application>kdb5_newrealm</application> "
15174
"utility:"
15175
msgstr ""
15176
15177
#: serverguide/C/network-auth.xml:2136(command)
15178
msgid "sudo krb5_newrealm"
15179
msgstr ""
15180
15181
#: serverguide/C/network-auth.xml:2143(para)
15182
msgid ""
15183
"The questions asked during installation are used to configure the "
15184
"<filename>/etc/krb5.conf</filename> file. If you need to adjust the Key "
15185
"Distribution Center (KDC) settings simply edit the file and restart the "
15186
"<application>krb5-kdc</application> daemon."
15187
msgstr ""
15188
15189
#: serverguide/C/network-auth.xml:2151(para)
15190
msgid ""
15191
"Now that the KDC running an admin user is needed. It is recommended to use a "
15192
"different username from your everyday username. Using the "
15193
"<application>kadmin.local</application> utility in a terminal prompt enter:"
15194
msgstr ""
15195
15196
#: serverguide/C/network-auth.xml:2157(command) serverguide/C/network-auth.xml:2953(command)
15197
msgid "sudo kadmin.local"
15198
msgstr ""
15199
15200
#: serverguide/C/network-auth.xml:2158(computeroutput)
15201
#, no-wrap
15202
msgid ""
15203
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
15204
"kadmin.local:"
15205
msgstr ""
15206
15207
#: serverguide/C/network-auth.xml:2159(userinput)
15208
#, no-wrap
15209
msgid " addprinc steve/admin"
15210
msgstr ""
15211
15212
#: serverguide/C/network-auth.xml:2160(computeroutput)
15213
#, no-wrap
15214
msgid ""
15215
"WARNING: no policy specified for steve/admin@EXAMPLE.COM; defaulting to no "
15216
"policy\n"
15217
"Enter password for principal \"steve/admin@EXAMPLE.COM\": \n"
15218
"Re-enter password for principal \"steve/admin@EXAMPLE.COM\": \n"
15219
"Principal \"steve/admin@EXAMPLE.COM\" created.\n"
15220
"kadmin.local:"
15221
msgstr ""
15222
15223
#: serverguide/C/network-auth.xml:2164(userinput)
15224
#, no-wrap
15225
msgid " quit"
15226
msgstr ""
15227
15228
#: serverguide/C/network-auth.xml:2167(para)
15229
msgid ""
15230
"In the above example <emphasis role=\"italic\">steve</emphasis> is the "
15231
"<emphasis>Principal</emphasis>, <emphasis role=\"italic\">/admin</emphasis> "
15232
"is an <emphasis>Instance</emphasis>, and <emphasis "
15233
"role=\"italic\">@EXAMPLE.COM</emphasis> signifies the realm. The <emphasis "
15234
"role=\"italic\">\"every day\"</emphasis> Principal would be "
15235
"<emphasis>steve@EXAMPLE.COM</emphasis>, and should have only normal user "
15236
"rights."
15237
msgstr ""
15238
15239
#: serverguide/C/network-auth.xml:2175(para)
15240
msgid ""
15241
"Replace <emphasis>EXAMPLE.COM</emphasis> and <emphasis>steve</emphasis> with "
15242
"your Realm and admin username."
15243
msgstr ""
15244
15245
#: serverguide/C/network-auth.xml:2183(para)
15246
msgid ""
15247
"Next, the new admin user needs to have the appropriate Access Control List "
15248
"(ACL) permissions. The permissions are configured in the "
15249
"<filename>/etc/krb5kdc/kadm5.acl</filename> file:"
15250
msgstr ""
15251
15252
#: serverguide/C/network-auth.xml:2188(programlisting)
15253
#, no-wrap
15254
msgid ""
15255
"\n"
15256
"steve/admin@EXAMPLE.COM *\n"
15257
msgstr ""
15258
15259
#: serverguide/C/network-auth.xml:2192(para)
15260
msgid ""
15261
"This entry grants <emphasis>steve/admin</emphasis> the ability to perform "
15262
"any operation on all principals in the realm."
15263
msgstr ""
15264
15265
#: serverguide/C/network-auth.xml:2199(para)
15266
msgid ""
15267
"Now restart the <application>krb5-admin-server</application> for the new ACL "
15268
"to take affect:"
15269
msgstr ""
15270
15271
#: serverguide/C/network-auth.xml:2204(command)
15272
msgid "sudo /etc/init.d/krb5-admin-server restart"
15273
msgstr ""
15274
15275
#: serverguide/C/network-auth.xml:2210(para)
15276
msgid ""
15277
"The new user principal can be tested using the <application>kinit "
15278
"utility</application>:"
15279
msgstr ""
15280
15281
#: serverguide/C/network-auth.xml:2215(command)
15282
msgid "kinit steve/admin"
15283
msgstr ""
15284
15285
#: serverguide/C/network-auth.xml:2216(computeroutput)
15286
#, no-wrap
15287
msgid "steve/admin@EXAMPLE.COM's Password:"
15288
msgstr ""
15289
15290
#: serverguide/C/network-auth.xml:2219(para)
15291
msgid ""
15292
"After entering the password, use the <application>klist</application> "
15293
"utility to view information about the Ticket Granting Ticket (TGT):"
15294
msgstr ""
15295
15296
#: serverguide/C/network-auth.xml:2225(command) serverguide/C/network-auth.xml:2560(command)
15297
msgid "klist"
15298
msgstr ""
15299
15300
#: serverguide/C/network-auth.xml:2226(computeroutput)
15301
#, no-wrap
15302
msgid ""
15303
"Credentials cache: FILE:/tmp/krb5cc_1000\n"
15304
" Principal: steve/admin@EXAMPLE.COM\n"
15305
"\n"
15306
" Issued Expires Principal\n"
15307
"Jul 13 17:53:34 Jul 14 03:53:34 krbtgt/EXAMPLE.COM@EXAMPLE.COM"
15308
msgstr ""
15309
15310
#: serverguide/C/network-auth.xml:2233(para)
15311
msgid ""
15312
"You may need to add an entry into the <filename>/etc/hosts</filename> for "
15313
"the KDC. For example:"
15314
msgstr ""
15315
15316
#: serverguide/C/network-auth.xml:2237(programlisting)
15317
#, no-wrap
15318
msgid ""
15319
"\n"
15320
"192.168.0.1 kdc01.example.com kdc01\n"
15321
msgstr ""
15322
15323
#: serverguide/C/network-auth.xml:2241(para)
15324
msgid ""
15325
"Replacing <emphasis>192.168.0.1</emphasis> with the IP address of your KDC."
15326
msgstr ""
15327
15328
#: serverguide/C/network-auth.xml:2248(para)
15329
msgid ""
15330
"In order for clients to determine the KDC for the Realm some DNS SRV records "
15331
"are needed. Add the following to "
15332
"<filename>/etc/named/db.example.com</filename>:"
15333
msgstr ""
15334
15335
#: serverguide/C/network-auth.xml:2253(programlisting)
15336
#, no-wrap
15337
msgid ""
15338
"\n"
15339
"_kerberos._udp.EXAMPLE.COM. IN SRV 1 0 88 kdc01.example.com.\n"
15340
"_kerberos._tcp.EXAMPLE.COM. IN SRV 1 0 88 kdc01.example.com.\n"
15341
"_kerberos._udp.EXAMPLE.COM. IN SRV 10 0 88 kdc02.example.com. \n"
15342
"_kerberos._tcp.EXAMPLE.COM. IN SRV 10 0 88 kdc02.example.com. \n"
15343
"_kerberos-adm._tcp.EXAMPLE.COM. IN SRV 1 0 749 kdc01.example.com.\n"
15344
"_kpasswd._udp.EXAMPLE.COM. IN SRV 1 0 464 kdc01.example.com.\n"
15345
msgstr ""
15346
15347
#: serverguide/C/network-auth.xml:2263(para)
15348
msgid ""
15349
"Replace <emphasis>EXAMPLE.COM</emphasis>, <emphasis>kdc01</emphasis>, and "
15350
"<emphasis>kdc02</emphasis> with your domain name, primary KDC, and secondary "
15351
"KDC."
15352
msgstr ""
15353
15354
#: serverguide/C/network-auth.xml:2269(para)
15355
msgid ""
15356
"See <xref linkend=\"dns\"/> for detailed instructions on setting up DNS."
15357
msgstr ""
15358
15359
#: serverguide/C/network-auth.xml:2276(para)
15360
msgid "Your new Kerberos Realm is now ready to authenticate clients."
15361
msgstr ""
15362
15363
#: serverguide/C/network-auth.xml:2283(title)
15364
msgid "Secondary KDC"
15365
msgstr ""
15366
15367
#: serverguide/C/network-auth.xml:2285(para)
15368
msgid ""
15369
"Once you have one Key Distribution Center (KDC) on your network, it is good "
15370
"practice to have a Secondary KDC in case the primary becomes unavailable."
15371
msgstr ""
15372
15373
#: serverguide/C/network-auth.xml:2293(para)
15374
msgid ""
15375
"First, install the packages, and when asked for the Kerberos and Admin "
15376
"server names enter the name of the Primary KDC:"
15377
msgstr ""
15378
15379
#: serverguide/C/network-auth.xml:2304(para)
15380
msgid ""
15381
"Once you have the packages installed, create the Secondary KDC's host "
15382
"principal. From a terminal prompt, enter:"
15383
msgstr ""
15384
15385
#: serverguide/C/network-auth.xml:2309(command)
15386
msgid "kadmin -q \"addprinc -randkey host/kdc02.example.com\""
15387
msgstr ""
15388
15389
#: serverguide/C/network-auth.xml:2313(para)
15390
msgid ""
15391
"After, issuing any <application>kadmin</application> commands you will be "
15392
"prompted for your <emphasis>username/admin@EXAMPLE.COM</emphasis> principal "
15393
"password."
15394
msgstr ""
15395
15396
#: serverguide/C/network-auth.xml:2322(para)
15397
msgid "Extract the <emphasis>keytab</emphasis> file:"
15398
msgstr ""
15399
15400
#: serverguide/C/network-auth.xml:2327(command)
15401
msgid "kadmin -q \"ktadd -k keytab.kdc02 host/kdc02.example.com\""
15402
msgstr ""
15403
15404
#: serverguide/C/network-auth.xml:2333(para)
15405
msgid ""
15406
"There should now be a <filename>keytab.kdc02</filename> in the current "
15407
"directory, move the file to <filename>/etc/krb5.keytab</filename>:"
15408
msgstr ""
15409
15410
#: serverguide/C/network-auth.xml:2339(command)
15411
msgid "sudo mv keytab.kdc02 /etc/krb5.keytab"
15412
msgstr ""
15413
15414
#: serverguide/C/network-auth.xml:2343(para)
15415
msgid ""
15416
"If the path to the <filename>keytab.kdc02</filename> file is different "
15417
"adjust accordingly."
15418
msgstr ""
15419
15420
#: serverguide/C/network-auth.xml:2348(para)
15421
msgid ""
15422
"Also, you can list the principals in a Keytab file, which can be useful when "
15423
"troubleshooting, using the <application>klist</application> utility:"
15424
msgstr ""
15425
15426
#: serverguide/C/network-auth.xml:2354(command)
15427
msgid "sudo klist -k /etc/krb5.keytab"
15428
msgstr ""
15429
15430
#: serverguide/C/network-auth.xml:2360(para)
15431
msgid ""
15432
"Next, there needs to be a <filename>kpropd.acl</filename> file on each KDC "
15433
"that lists all KDCs for the Realm. For example, on both primary and "
15434
"secondary KDC, create <filename>/etc/krb5kdc/kpropd.acl</filename>:"
15435
msgstr ""
15436
15437
#: serverguide/C/network-auth.xml:2365(programlisting)
15438
#, no-wrap
15439
msgid ""
15440
"\n"
15441
"host/kdc01.example.com@EXAMPLE.COM\n"
15442
"host/kdc02.example.com@EXAMPLE.COM\n"
15443
msgstr ""
15444
15445
#: serverguide/C/network-auth.xml:2373(para)
15446
msgid "Create an empty database on the <emphasis>Secondary KDC</emphasis>:"
15447
msgstr ""
15448
15449
#: serverguide/C/network-auth.xml:2378(command)
15450
msgid "sudo kdb5_util -s create"
15451
msgstr ""
15452
15453
#: serverguide/C/network-auth.xml:2384(para)
15454
msgid ""
15455
"Now start the <application>kpropd</application> daemon, which listens for "
15456
"connections from the <application>kprop</application> utility. "
15457
"<application>kprop</application> is used to transfer dump files:"
15458
msgstr ""
15459
15460
#: serverguide/C/network-auth.xml:2391(command)
15461
msgid "sudo kpropd -S"
15462
msgstr ""
15463
15464
#: serverguide/C/network-auth.xml:2397(para)
15465
msgid ""
15466
"From a terminal on the <emphasis>Primary KDC</emphasis>, create a dump file "
15467
"of the principal database:"
15468
msgstr ""
15469
15470
#: serverguide/C/network-auth.xml:2402(command)
15471
msgid "sudo kdb5_util dump /var/lib/krb5kdc/dump"
15472
msgstr ""
15473
15474
#: serverguide/C/network-auth.xml:2408(para)
15475
msgid ""
15476
"Extract the Primary KDC's <emphasis>keytab</emphasis> file and copy it to "
15477
"<filename>/etc/krb5.keytab</filename>:"
15478
msgstr ""
15479
15480
#: serverguide/C/network-auth.xml:2413(command)
15481
msgid "kadmin -q \"ktadd -k keytab.kdc01 host/kdc01.example.com\""
15482
msgstr ""
15483
15484
#: serverguide/C/network-auth.xml:2414(command)
15485
msgid "sudo mv keytab.kdc01 /etc/krb5.keytab"
15486
msgstr ""
15487
15488
#: serverguide/C/network-auth.xml:2418(para)
15489
msgid ""
15490
"Make sure there is a <emphasis>host</emphasis> for "
15491
"<emphasis>kdc01.example.com</emphasis> before extracting the Keytab."
15492
msgstr ""
15493
15494
#: serverguide/C/network-auth.xml:2426(para)
15495
msgid ""
15496
"Using the <application>kprop</application> utility push the database to the "
15497
"Secondary KDC:"
15498
msgstr ""
15499
15500
#: serverguide/C/network-auth.xml:2431(command)
15501
msgid "sudo kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com"
15502
msgstr ""
15503
15504
#: serverguide/C/network-auth.xml:2435(para)
15505
msgid ""
15506
"There should be a <emphasis>SUCCEEDED</emphasis> message if the propagation "
15507
"worked. If there is an error message check "
15508
"<filename>/var/log/syslog</filename> on the secondary KDC for more "
15509
"information."
15510
msgstr ""
15511
15512
#: serverguide/C/network-auth.xml:2441(para)
15513
msgid ""
15514
"You may also want to create a <application>cron</application> job to "
15515
"periodically update the database on the Secondary KDC. For example, the "
15516
"following will push the database every hour:"
15517
msgstr ""
15518
15519
#: serverguide/C/network-auth.xml:2446(programlisting)
15520
#, no-wrap
15521
msgid ""
15522
"\n"
15523
"# m h dom mon dow command\n"
15524
"0 * * * * /usr/sbin/kdb5_util dump /var/lib/krb5kdc/dump && "
15525
"/usr/sbin/kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com\n"
15526
msgstr ""
15527
15528
#: serverguide/C/network-auth.xml:2454(para)
15529
msgid ""
15530
"Back on the <emphasis>Secondary KDC</emphasis>, create a "
15531
"<emphasis>stash</emphasis> file to hold the Kerberos master key:"
15532
msgstr ""
15533
15534
#: serverguide/C/network-auth.xml:2460(command)
15535
msgid "sudo kdb5_util stash"
15536
msgstr ""
15537
15538
#: serverguide/C/network-auth.xml:2466(para)
15539
msgid ""
15540
"Finally, start the <application>krb5-kdc</application> daemon on the "
15541
"Secondary KDC:"
15542
msgstr ""
15543
15544
#: serverguide/C/network-auth.xml:2471(command) serverguide/C/network-auth.xml:3083(command)
15545
msgid "sudo /etc/init.d/krb5-kdc start"
15546
msgstr ""
15547
15548
#: serverguide/C/network-auth.xml:2477(para)
15549
msgid ""
15550
"The <emphasis>Secondary KDC</emphasis> should now be able to issue tickets "
15551
"for the Realm. You can test this by stopping the <application>krb5-"
15552
"kdc</application> daemon on the Primary KDC, then use "
15553
"<application>kinit</application> to request a ticket. If all goes well you "
15554
"should receive a ticket from the Secondary KDC."
15555
msgstr ""
15556
15557
#: serverguide/C/network-auth.xml:2485(title)
15558
msgid "Kerberos Linux Client"
15559
msgstr ""
15560
15561
#: serverguide/C/network-auth.xml:2487(para)
15562
msgid ""
15563
"This section covers configuring a Linux system as a "
15564
"<application>Kerberos</application> client. This will allow access to any "
15565
"kerberized services once a user has successfully logged into the system."
15566
msgstr ""
15567
15568
#: serverguide/C/network-auth.xml:2495(para)
15569
msgid ""
15570
"In order to authenticate to a Kerberos Realm, the <application>krb5-"
15571
"user</application> and <application>libpam-krb5</application> packages are "
15572
"needed, along with a few others that are not strictly necessary but make "
15573
"life easier. To install the packages enter the following in a terminal "
15574
"prompt:"
15575
msgstr ""
15576
15577
#: serverguide/C/network-auth.xml:2502(command)
15578
msgid ""
15579
"sudo apt-get install krb5-user libpam-krb5 libpam-ccreds auth-client-config"
15580
msgstr ""
15581
15582
#: serverguide/C/network-auth.xml:2505(para)
15583
msgid ""
15584
"The <application>auth-client-config</application> package allows simple "
15585
"configuration of PAM for authentication from multiple sources, and the "
15586
"<application>libpam-ccreds</application> will cache authentication "
15587
"credentials allowing you to login in case the Key Distribution Center (KDC) "
15588
"is unavailable. This package is also useful for laptops that may "
15589
"authenticate using Kerberos while on the corporate network, but will need to "
15590
"be accessed off the network as well."
15591
msgstr ""
15592
15593
#: serverguide/C/network-auth.xml:2516(para)
15594
msgid "To configure the client in a terminal enter:"
15595
msgstr ""
15596
15597
#: serverguide/C/network-auth.xml:2521(command)
15598
msgid "sudo dpkg-reconfigure krb5-config"
15599
msgstr ""
15600
15601
#: serverguide/C/network-auth.xml:2524(para)
15602
msgid ""
15603
"You will then be prompted to enter the name of the Kerberos Realm. Also, if "
15604
"you don't have DNS configured with Kerberos <emphasis>SRV</emphasis> "
15605
"records, the menu will prompt you for the hostname of the Key Distribution "
15606
"Center (KDC) and Realm Administration server."
15607
msgstr ""
15608
15609
#: serverguide/C/network-auth.xml:2530(para)
15610
msgid ""
15611
"The <application>dpkg-reconfigure</application> adds entries to the "
15612
"<filename>/etc/krb5.conf</filename> file for your Realm. You should have "
15613
"entries similar to the following:"
15614
msgstr ""
15615
15616
#: serverguide/C/network-auth.xml:2535(programlisting)
15617
#, no-wrap
15618
msgid ""
15619
"\n"
15620
"[libdefaults]\n"
15621
" default_realm = EXAMPLE.COM\n"
15622
"...\n"
15623
"[realms]\n"
15624
" EXAMPLE.COM = } \n"
15625
" kdc = 192.168.0.1 \n"
15626
" admin_server = 192.168.0.1\n"
15627
" }\n"
15628
msgstr ""
15629
15630
#: serverguide/C/network-auth.xml:2546(para)
15631
msgid ""
15632
"You can test the configuration by requesting a ticket using the "
15633
"<application>kinit</application> utility. For example:"
15634
msgstr ""
15635
15636
#: serverguide/C/network-auth.xml:2551(command)
15637
msgid "kinit steve@EXAMPLE.COM"
15638
msgstr ""
15639
15640
#: serverguide/C/network-auth.xml:2552(computeroutput)
15641
#, no-wrap
15642
msgid "Password for steve@EXAMPLE.COM:"
15643
msgstr ""
15644
15645
#: serverguide/C/network-auth.xml:2555(para)
15646
msgid ""
15647
"When a ticket has been granted, the details can be viewed using "
15648
"<application>klist</application>:"
15649
msgstr ""
15650
15651
#: serverguide/C/network-auth.xml:2561(computeroutput)
15652
#, no-wrap
15653
msgid ""
15654
"Ticket cache: FILE:/tmp/krb5cc_1000\n"
15655
"Default principal: steve@EXAMPLE.COM\n"
15656
"\n"
15657
"Valid starting Expires Service principal\n"
15658
"07/24/08 05:18:56 07/24/08 15:18:56 krbtgt/EXAMPLE.COM@EXAMPLE.COM\n"
15659
" renew until 07/25/08 05:18:57\n"
15660
"\n"
15661
"\n"
15662
"Kerberos 4 ticket cache: /tmp/tkt1000\n"
15663
"klist: You have no tickets cached"
15664
msgstr ""
15665
15666
#: serverguide/C/network-auth.xml:2573(para)
15667
msgid ""
15668
"Next, use the <application>auth-client-config</application> to configure the "
15669
"<application>libpam-krb5</application> module to request a ticket during "
15670
"login:"
15671
msgstr ""
15672
15673
#: serverguide/C/network-auth.xml:2579(command)
15674
msgid "sudo auth-client-config -a -p kerberos_example"
15675
msgstr ""
15676
15677
#: serverguide/C/network-auth.xml:2582(para)
15678
msgid ""
15679
"You will should now receive a ticket upon successful login authentication."
15680
msgstr ""
15681
15682
#: serverguide/C/network-auth.xml:2593(para)
15683
msgid ""
15684
"For more information on Kerberos see the <ulink "
15685
"url=\"http://web.mit.edu/Kerberos/\">MIT Kerberos</ulink> site."
15686
msgstr ""
15687
15688
#: serverguide/C/network-auth.xml:2598(para)
15689
msgid ""
15690
"The <ulink url=\"https://help.ubuntu.com/community/Kerberos\">Ubuntu Wiki "
15691
"Kerberos</ulink> page has more details."
15692
msgstr ""
15693
15694
#: serverguide/C/network-auth.xml:2603(para)
15695
msgid ""
15696
"O'Reilly's <ulink "
15697
"url=\"http://oreilly.com/catalog/9780596004033/\">Kerberos: The Definitive "
15698
"Guide</ulink> is a great reference when setting up Kerberos."
15699
msgstr ""
15700
15701
#: serverguide/C/network-auth.xml:2609(para)
15702
msgid ""
15703
"Also, feel free to stop by the <emphasis>#ubuntu-server</emphasis> IRC "
15704
"channel on <ulink url=\"http://freenode.net/\">Freenode</ulink> if you have "
15705
"Kerberos questions."
15706
msgstr ""
15707
15708
#: serverguide/C/network-auth.xml:2619(title)
15709
msgid "Kerberos and LDAP"
15710
msgstr ""
15711
15712
#: serverguide/C/network-auth.xml:2621(para)
15713
msgid ""
15714
"Replicating a Kerberos principal database between two servers can be "
15715
"complicated, and adds an additional user database to your network. "
15716
"Fortunately, MIT Kerberos can be configured to use an "
15717
"<application>LDAP</application> directory as a principal database. This "
15718
"section covers configuring a primary and secondary kerberos server to use "
15719
"<application>OpenLDAP</application> for the principal database."
15720
msgstr ""
15721
15722
#: serverguide/C/network-auth.xml:2629(title)
15723
msgid "Configuring OpenLDAP"
15724
msgstr ""
15725
15726
#: serverguide/C/network-auth.xml:2631(para)
15727
msgid ""
15728
"First, the necessary <emphasis>schema</emphasis> needs to be loaded on an "
15729
"<application>OpenLDAP</application> server that has network connectivity to "
15730
"the Primary and Secondary KDCs. The rest of this section assumes that you "
15731
"also have LDAP replication configured between at least two servers. For "
15732
"information on setting up OpenLDAP see <xref linkend=\"openldap-server\"/>."
15733
msgstr ""
15734
15735
#: serverguide/C/network-auth.xml:2638(para)
15736
msgid ""
15737
"It is also required to configure OpenLDAP for TLS and SSL connections, so "
15738
"that traffic between the KDC and LDAP server is encrypted. See <xref "
15739
"linkend=\"openldap-tls\"/> for details."
15740
msgstr ""
15741
15742
#: serverguide/C/network-auth.xml:2645(para)
15743
msgid ""
15744
"To load the schema into LDAP, on the LDAP server install the "
15745
"<application>krb5-kdc-ldap</application> package. From a terminal enter:"
15746
msgstr ""
15747
15748
#: serverguide/C/network-auth.xml:2651(command)
15749
msgid "sudo apt-get install krb5-kdc-ldap"
15750
msgstr ""
15751
15752
#: serverguide/C/network-auth.xml:2656(para)
15753
msgid "Next, extract the <filename>kerberos.schema.gz</filename> file:"
15754
msgstr ""
15755
15756
#: serverguide/C/network-auth.xml:2661(command)
15757
msgid "sudo gzip -d /usr/share/doc/krb5-kdc-ldap/kerberos.schema.gz"
15758
msgstr ""
15759
15760
#: serverguide/C/network-auth.xml:2662(command)
15761
msgid ""
15762
"sudo cp /usr/share/doc/krb5-kdc-ldap/kerberos.schema /etc/ldap/schema/"
15763
msgstr ""
15764
15765
#: serverguide/C/network-auth.xml:2668(para)
15766
msgid ""
15767
"The <emphasis>kerberos</emphasis> schema needs to be added to the "
15768
"<emphasis>cn=config</emphasis> tree. The procedure to add a new schema to "
15769
"<application>slapd</application> is also detailed in <xref "
15770
"linkend=\"openldap-configuration\"/>."
15771
msgstr ""
15772
15773
#: serverguide/C/network-auth.xml:2681(programlisting)
15774
#, no-wrap
15775
msgid ""
15776
"\n"
15777
"include /etc/ldap/schema/core.schema\n"
15778
"include /etc/ldap/schema/collective.schema\n"
15779
"include /etc/ldap/schema/corba.schema\n"
15780
"include /etc/ldap/schema/cosine.schema\n"
15781
"include /etc/ldap/schema/duaconf.schema\n"
15782
"include /etc/ldap/schema/dyngroup.schema\n"
15783
"include /etc/ldap/schema/inetorgperson.schema\n"
15784
"include /etc/ldap/schema/java.schema\n"
15785
"include /etc/ldap/schema/misc.schema\n"
15786
"include /etc/ldap/schema/nis.schema\n"
15787
"include /etc/ldap/schema/openldap.schema\n"
15788
"include /etc/ldap/schema/ppolicy.schema\n"
15789
"include /etc/ldap/schema/kerberos.schema\n"
15790
msgstr ""
15791
15792
#: serverguide/C/network-auth.xml:2701(para)
15793
msgid "Create a temporary directory to hold the LDIF files:"
15794
msgstr ""
15795
15796
#: serverguide/C/network-auth.xml:2716(command)
15797
msgid ""
15798
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
15799
"\"cn={12}kerberos,cn=schema,cn=config\" > /tmp/cn=kerberos.ldif"
15800
msgstr ""
15801
15802
#: serverguide/C/network-auth.xml:2726(para)
15803
msgid ""
15804
"Edit the generated <filename>/tmp/cn\\=kerberos.ldif</filename> file, "
15805
"changing the following attributes:"
15806
msgstr ""
15807
15808
#: serverguide/C/network-auth.xml:2730(programlisting)
15809
#, no-wrap
15810
msgid ""
15811
"\n"
15812
"dn: cn=kerberos,cn=schema,cn=config\n"
15813
"...\n"
15814
"cn: kerberos\n"
15815
msgstr ""
15816
15817
#: serverguide/C/network-auth.xml:2736(para)
15818
msgid "And remove the following lines from the end of the file:"
15819
msgstr ""
15820
15821
#: serverguide/C/network-auth.xml:2740(programlisting)
15822
#, no-wrap
15823
msgid ""
15824
"\n"
15825
"structuralObjectClass: olcSchemaConfig\n"
15826
"entryUUID: 18ccd010-746b-102d-9fbe-3760cca765dc\n"
15827
"creatorsName: cn=config\n"
15828
"createTimestamp: 20090111203515Z\n"
15829
"entryCSN: 20090111203515.326445Z#000000#000#000000\n"
15830
"modifiersName: cn=config\n"
15831
"modifyTimestamp: 20090111203515Z\n"
15832
msgstr ""
15833
15834
#: serverguide/C/network-auth.xml:2759(para)
15835
msgid "Load the new schema with <application>ldapadd</application>:"
15836
msgstr ""
15837
15838
#: serverguide/C/network-auth.xml:2764(command)
15839
msgid "ldapadd -x -D cn=admin,cn=config -W -f /tmp/cn\\=kerberos.ldif"
15840
msgstr ""
15841
15842
#: serverguide/C/network-auth.xml:2770(para)
15843
msgid ""
15844
"Add an index for the <emphasis>krb5principalname</emphasis> attribute:"
15845
msgstr ""
15846
15847
#: serverguide/C/network-auth.xml:2775(command) serverguide/C/network-auth.xml:2792(command)
15848
msgid "ldapmodify -x -D cn=admin,cn=config -W"
15849
msgstr ""
15850
15851
#: serverguide/C/network-auth.xml:2777(userinput)
15852
#, no-wrap
15853
msgid ""
15854
"dn: olcDatabase={1}hdb,cn=config\n"
15855
"add: olcDbIndex\n"
15856
"olcDbIndex: krbPrincipalName eq,pres,sub"
15857
msgstr ""
15858
15859
#: serverguide/C/network-auth.xml:2776(computeroutput)
15860
#, no-wrap
15861
msgid ""
15862
"Enter LDAP Password:\n"
15863
"<placeholder-1/>\n"
15864
"\n"
15865
"modifying entry \"olcDatabase={1}hdb,cn=config\""
15866
msgstr ""
15867
15868
#: serverguide/C/network-auth.xml:2787(para)
15869
msgid "Finally, update the Access Control Lists (ACL):"
15870
msgstr ""
15871
15872
#: serverguide/C/network-auth.xml:2794(userinput)
15873
#, no-wrap
15874
msgid ""
15875
"dn: olcDatabase={1}hdb,cn=config\n"
15876
"replace: olcAccess\n"
15877
"olcAccess: to attrs=userPassword,shadowLastChange,krbPrincipalKey by "
15878
"dn=\"cn=admin,dc=exampl\n"
15879
" e,dc=com\" write by anonymous auth by self write by * none\n"
15880
"-\n"
15881
"add: olcAccess\n"
15882
"olcAccess: to dn.base=\"\" by * read\n"
15883
"-\n"
15884
"add: olcAccess\n"
15885
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read"
15886
msgstr ""
15887
15888
#: serverguide/C/network-auth.xml:2793(computeroutput)
15889
#, no-wrap
15890
msgid ""
15891
"Enter LDAP Password: \n"
15892
"<placeholder-1/>\n"
15893
"\n"
15894
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
15895
msgstr ""
15896
15897
#: serverguide/C/network-auth.xml:2814(para)
15898
msgid ""
15899
"That's it, your LDAP directory is now ready to serve as a Kerberos principal "
15900
"database."
15901
msgstr ""
15902
15903
#: serverguide/C/network-auth.xml:2820(title)
15904
msgid "Primary KDC Configuration"
15905
msgstr ""
15906
15907
#: serverguide/C/network-auth.xml:2822(para)
15908
msgid ""
15909
"With <application>OpenLDAP</application> configured it is time to configure "
15910
"the KDC."
15911
msgstr ""
15912
15913
#: serverguide/C/network-auth.xml:2828(para)
15914
msgid "First, install the necessary packages, from a terminal enter:"
15915
msgstr ""
15916
15917
#: serverguide/C/network-auth.xml:2833(command) serverguide/C/network-auth.xml:2990(command)
15918
msgid "sudo apt-get install krb5-kdc krb5-admin-server krb5-kdc-ldap"
15919
msgstr ""
15920
15921
#: serverguide/C/network-auth.xml:2839(para)
15922
msgid ""
15923
"Now edit <filename>/etc/krb5.conf</filename> adding the following options to "
15924
"under the appropriate sections:"
15925
msgstr ""
15926
15927
#: serverguide/C/network-auth.xml:2843(programlisting)
15928
#, no-wrap
15929
msgid ""
15930
"\n"
15931
"[libdefaults]\n"
15932
" default_realm = EXAMPLE.COM\n"
15933
"\n"
15934
"...\n"
15935
"\n"
15936
"[realms]\n"
15937
" EXAMPLE.COM = {\n"
15938
" kdc = kdc01.example.com\n"
15939
" kdc = kdc02.example.com\n"
15940
" admin_server = kdc01.example.com\n"
15941
" admin_server = kdc02.example.com\n"
15942
" default_domain = example.com\n"
15943
" database_module = openldap_ldapconf\n"
15944
" }\n"
15945
"\n"
15946
"...\n"
15947
"\n"
15948
"[domain_realm]\n"
15949
" .example.com = EXAMPLE.COM\n"
15950
"\n"
15951
"\n"
15952
"...\n"
15953
"\n"
15954
"[dbdefaults]\n"
15955
" ldap_kerberos_container_dn = dc=example,dc=com\n"
15956
"\n"
15957
"[dbmodules]\n"
15958
" openldap_ldapconf = {\n"
15959
" db_library = kldap\n"
15960
" ldap_kdc_dn = \"cn=admin,dc=example,dc=com\"\n"
15961
"\n"
15962
" # this object needs to have read rights on\n"
15963
" # the realm container, principal container and realm sub-"
15964
"trees\n"
15965
" ldap_kadmind_dn = \"cn=admin,dc=example,dc=com\"\n"
15966
"\n"
15967
" # this object needs to have read and write rights on\n"
15968
" # the realm container, principal container and realm sub-"
15969
"trees\n"
15970
" ldap_service_password_file = /etc/krb5kdc/service.keyfile\n"
15971
" ldap_servers = ldaps://ldap01.example.com "
15972
"ldaps://ldap02.example.com\n"
15973
" ldap_conns_per_server = 5\n"
15974
" }\n"
15975
msgstr ""
15976
15977
#: serverguide/C/network-auth.xml:2888(para)
15978
msgid ""
15979
"Change <emphasis>example.com</emphasis>, "
15980
"<emphasis>dc=example,dc=com</emphasis>, "
15981
"<emphasis>cn=admin,dc=example,dc=com</emphasis>, and "
15982
"<emphasis>ldap01.example.com</emphasis> to the appropriate domain, LDAP "
15983
"object, and LDAP server for your network."
15984
msgstr ""
15985
15986
#: serverguide/C/network-auth.xml:2897(para)
15987
msgid ""
15988
"Next, use the <application>kdb5_ldap_util</application> utility to create "
15989
"the realm:"
15990
msgstr ""
15991
15992
#: serverguide/C/network-auth.xml:2902(command)
15993
msgid ""
15994
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com create -subtrees "
15995
"dc=example,dc=com -r EXAMPLE.COM -s -H ldap://ldap01.example.com"
15996
msgstr ""
15997
15998
#: serverguide/C/network-auth.xml:2908(para)
15999
msgid ""
16000
"Create a stash of the password used to bind to the LDAP server. This "
16001
"password is used by the <emphasis>ldap_kdc_dn</emphasis> and "
16002
"<emphasis>ldap_kadmin_dn</emphasis> options in "
16003
"<filename>/etc/krb5.conf</filename>:"
16004
msgstr ""
16005
16006
#: serverguide/C/network-auth.xml:2914(command) serverguide/C/network-auth.xml:3052(command)
16007
msgid ""
16008
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com stashsrvpw -f "
16009
"/etc/krb5kdc/service.keyfile cn=admin,dc=example,dc=com"
16010
msgstr ""
16011
16012
#: serverguide/C/network-auth.xml:2920(para)
16013
msgid "Copy the CA certificate from the LDAP server:"
16014
msgstr ""
16015
16016
#: serverguide/C/network-auth.xml:2925(command)
16017
msgid "scp ldap01:/etc/ssl/certs/cacert.pem ."
16018
msgstr ""
16019
16020
#: serverguide/C/network-auth.xml:2926(command)
16021
msgid "sudo cp cacert.pem /etc/ssl/certs"
16022
msgstr ""
16023
16024
#: serverguide/C/network-auth.xml:2929(para)
16025
msgid ""
16026
"And edit <filename>/etc/ldap/ldap.conf</filename> to use the certificate:"
16027
msgstr ""
16028
16029
#: serverguide/C/network-auth.xml:2933(programlisting)
16030
#, no-wrap
16031
msgid ""
16032
"\n"
16033
"TLS_CACERT /etc/ssl/certs/cacert.pem\n"
16034
msgstr ""
16035
16036
#: serverguide/C/network-auth.xml:2938(para)
16037
msgid ""
16038
"The certificate will also need to be copied to the Secondary KDC, to allow "
16039
"the connection to the LDAP servers using LDAPS."
16040
msgstr ""
16041
16042
#: serverguide/C/network-auth.xml:2947(para)
16043
msgid ""
16044
"You can now add Kerberos principals to the LDAP database, and they will be "
16045
"copied to any other LDAP servers configured for replication. To add a "
16046
"principal using the <application>kadmin.local</application> utility enter:"
16047
msgstr ""
16048
16049
#: serverguide/C/network-auth.xml:2955(userinput)
16050
#, no-wrap
16051
msgid "addprinc -x dn=\"uid=steve,ou=people,dc=example,dc=com\" steve"
16052
msgstr ""
16053
16054
#: serverguide/C/network-auth.xml:2954(computeroutput)
16055
#, no-wrap
16056
msgid ""
16057
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
16058
"kadmin.local: <placeholder-1/>\n"
16059
"WARNING: no policy specified for steve@EXAMPLE.COM; defaulting to no policy\n"
16060
"Enter password for principal \"steve@EXAMPLE.COM\": \n"
16061
"Re-enter password for principal \"steve@EXAMPLE.COM\": \n"
16062
"Principal \"steve@EXAMPLE.COM\" created."
16063
msgstr ""
16064
16065
#: serverguide/C/network-auth.xml:2962(para)
16066
msgid ""
16067
"There should now be krbPrincipalName, krbPrincipalKey, krbLastPwdChange, and "
16068
"krbExtraData attributes added to the "
16069
"<emphasis>uid=steve,ou=people,dc=example,dc=com</emphasis> user object. Use "
16070
"the <application>kinit</application> and <application>klist</application> "
16071
"utilities to test that the user is indeed issued a ticket."
16072
msgstr ""
16073
16074
#: serverguide/C/network-auth.xml:2969(para)
16075
msgid ""
16076
"If the user object is already created the <emphasis>-x dn=\"...\"</emphasis> "
16077
"option is needed to add the Kerberos attributes. Otherwise a new "
16078
"<emphasis>principal</emphasis> object will be created in the realm subtree."
16079
msgstr ""
16080
16081
#: serverguide/C/network-auth.xml:2977(title)
16082
msgid "Secondary KDC Configuration"
16083
msgstr ""
16084
16085
#: serverguide/C/network-auth.xml:2979(para)
16086
msgid ""
16087
"Configuring a Secondary KDC using the LDAP backend is similar to configuring "
16088
"one using the normal Kerberos database."
16089
msgstr ""
16090
16091
#: serverguide/C/network-auth.xml:2985(para)
16092
msgid "First, install the necessary packages. In a terminal enter:"
16093
msgstr ""
16094
16095
#: serverguide/C/network-auth.xml:2996(para)
16096
msgid ""
16097
"Next, edit <filename>/etc/krb5.conf</filename> to use the LDAP backend:"
16098
msgstr ""
16099
16100
#: serverguide/C/network-auth.xml:3000(programlisting)
16101
#, no-wrap
16102
msgid ""
16103
"\n"
16104
"[libdefaults]\n"
16105
" default_realm = EXAMPLE.COM\n"
16106
"\n"
16107
"...\n"
16108
"\n"
16109
"[realms]\n"
16110
" EXAMPLE.COM = {\n"
16111
" kdc = kdc01.example.com\n"
16112
" kdc = kdc02.example.com\n"
16113
" admin_server = kdc01.example.com\n"
16114
" admin_server = kdc02.example.com\n"
16115
" default_domain = example.com\n"
16116
" database_module = openldap_ldapconf\n"
16117
" }\n"
16118
"\n"
16119
"...\n"
16120
"\n"
16121
"[domain_realm]\n"
16122
" .example.com = EXAMPLE.COM\n"
16123
"\n"
16124
"...\n"
16125
"\n"
16126
"[dbdefaults]\n"
16127
" ldap_kerberos_container_dn = dc=example,dc=com\n"
16128
"\n"
16129
"[dbmodules]\n"
16130
" openldap_ldapconf = {\n"
16131
" db_library = kldap\n"
16132
" ldap_kdc_dn = \"cn=admin,dc=example,dc=com\"\n"
16133
"\n"
16134
" # this object needs to have read rights on\n"
16135
" # the realm container, principal container and realm sub-"
16136
"trees\n"
16137
" ldap_kadmind_dn = \"cn=admin,dc=example,dc=com\"\n"
16138
"\n"
16139
" # this object needs to have read and write rights on\n"
16140
" # the realm container, principal container and realm sub-"
16141
"trees\n"
16142
" ldap_service_password_file = /etc/krb5kdc/service.keyfile\n"
16143
" ldap_servers = ldaps://ldap01.example.com "
16144
"ldaps://ldap02.example.com\n"
16145
" ldap_conns_per_server = 5\n"
16146
" }\n"
16147
msgstr ""
16148
16149
#: serverguide/C/network-auth.xml:3047(para)
16150
msgid "Create the stash for the LDAP bind password:"
16151
msgstr ""
16152
16153
#: serverguide/C/network-auth.xml:3058(para)
16154
msgid ""
16155
"Now, on the <emphasis>Primary KDC</emphasis> copy the "
16156
"<filename>/etc/krb5kdc/.k5.EXAMPLE.COM</filename><emphasis>Master "
16157
"Key</emphasis> stash to the Secondary KDC. Be sure to copy the file over an "
16158
"encrypted connection such as <application>scp</application>, or on physical "
16159
"media."
16160
msgstr ""
16161
16162
#: serverguide/C/network-auth.xml:3065(command)
16163
msgid "sudo scp /etc/krb5kdc/.k5.EXAMPLE.COM steve@kdc02.example.com:~"
16164
msgstr ""
16165
16166
#: serverguide/C/network-auth.xml:3066(command)
16167
msgid "sudo mv .k5.EXAMPLE.COM /etc/krb5kdc/"
16168
msgstr ""
16169
16170
#: serverguide/C/network-auth.xml:3070(para)
16171
msgid ""
16172
"Again, replace <emphasis>EXAMPLE.COM</emphasis> with your actual realm."
16173
msgstr ""
16174
16175
#: serverguide/C/network-auth.xml:3078(para)
16176
msgid "Finally, start the <application>krb5-kdc</application> daemon:"
16177
msgstr ""
16178
16179
#: serverguide/C/network-auth.xml:3089(para)
16180
msgid ""
16181
"You now have redundant KDCs on your network, and with redundant LDAP servers "
16182
"you should be able to continue to authenticate users if one LDAP server, one "
16183
"Kerberos server, or one LDAP and one Kerberos server become unavailable."
16184
msgstr ""
16185
16186
#: serverguide/C/network-auth.xml:3101(para)
16187
msgid ""
16188
"The <ulink url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
16189
"admin.html#Configuring-Kerberos-with-OpenLDAP-back_002dend\"> Kerberos Admin "
16190
"Guide</ulink> has some additional details."
16191
msgstr ""
16192
16193
#: serverguide/C/network-auth.xml:3107(para)
16194
msgid ""
16195
"For more information on <application>kdb5_ldap_util</application> see <ulink "
16196
"url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
16197
"admin.html#Global-Operations-on-the-Kerberos-LDAP-Database\"> Section "
16198
"5.6</ulink> and the <ulink "
16199
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/kdb5_ldap_util.8.h"
16200
"tml\">kdb5_ldap_util man page</ulink>."
16201
msgstr ""
16202
16203
#: serverguide/C/network-auth.xml:3115(para)
16204
msgid ""
16205
"Another useful link is the <ulink "
16206
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/krb5.conf.5.html\""
16207
">krb5.conf man page</ulink>."
16208
msgstr ""
16209
16210
#: serverguide/C/network-auth.xml:3120(para)
16211
msgid ""
16212
"Also, see the <ulink "
16213
"url=\"https://help.ubuntu.com/community/Kerberos#kerberos-ldap\">Kerberos "
16214
"and LDAP</ulink> Ubuntu wiki page."
16215
msgstr ""
16216
16217
#: serverguide/C/monitoring.xml:13(title)
16218
msgid "Monitoring"
16219
msgstr ""
16220
16221
#: serverguide/C/monitoring.xml:17(para)
16222
msgid ""
16223
"The monitoring of essential servers and services is an important part of "
16224
"system administration. Most network services are monitored for performance, "
16225
"availability, or both. This section will cover installation and "
16226
"configuration of <application>Nagios</application> for availability "
16227
"monitoring, and <application>Munin</application> for performance monitoring."
16228
msgstr ""
16229
16230
#: serverguide/C/monitoring.xml:24(para)
16231
msgid ""
16232
"The examples in this section will use two servers with hostnames "
16233
"<emphasis>server01</emphasis> and <emphasis>server02</emphasis>. "
16234
"<emphasis>Server01</emphasis> will be configured with "
16235
"<application>Nagios</application> to monitor services on itself and "
16236
"<emphasis>server02</emphasis>. Server01 will also be setup with the "
16237
"<application>munin</application> package to gather information from the "
16238
"network. Using the <application>munin-node</application> package, "
16239
"<emphasis>server02</emphasis> will be configured to send information to "
16240
"<emphasis>server01</emphasis>."
16241
msgstr ""
16242
16243
#: serverguide/C/monitoring.xml:33(para)
16244
msgid ""
16245
"Hopefully these simple examples will allow you to monitor additional servers "
16246
"and services on your network."
16247
msgstr ""
16248
16249
#: serverguide/C/monitoring.xml:39(title)
16250
msgid "Nagios"
16251
msgstr ""
16252
16253
#: serverguide/C/monitoring.xml:44(para)
16254
msgid ""
16255
"First, on <emphasis>server01</emphasis> install the "
16256
"<application>nagios</application> package. In a terminal enter:"
16257
msgstr ""
16258
16259
#: serverguide/C/monitoring.xml:50(command)
16260
msgid "sudo apt-get install nagios3 nagios-nrpe-plugin"
16261
msgstr ""
16262
16263
#: serverguide/C/monitoring.xml:53(para)
16264
msgid ""
16265
"You will be asked to enter a password for the "
16266
"<emphasis>nagiosadmin</emphasis> user. The user's credentials are stored in "
16267
"<filename>/etc/nagios3/htpasswd.users</filename>. To change the "
16268
"<emphasis>nagiosadmin</emphasis> password, or add additional users to the "
16269
"Nagios CGI scripts, use the <application>htpasswd</application> that is part "
16270
"of the <application>apache2-utils</application> package."
16271
msgstr ""
16272
16273
#: serverguide/C/monitoring.xml:60(para)
16274
msgid ""
16275
"For example, to change the password for the <emphasis>nagiosadmin</emphasis> "
16276
"user enter:"
16277
msgstr ""
16278
16279
#: serverguide/C/monitoring.xml:65(command)
16280
msgid "sudo htpasswd /etc/nagios3/htpasswd.users nagiosadmin"
16281
msgstr ""
16282
16283
#: serverguide/C/monitoring.xml:68(para)
16284
msgid "To add a user:"
16285
msgstr ""
16286
16287
#: serverguide/C/monitoring.xml:73(command)
16288
msgid "sudo htpasswd /etc/nagios3/htpasswd.users steve"
16289
msgstr ""
16290
16291
#: serverguide/C/monitoring.xml:76(para)
16292
msgid ""
16293
"Next, on <emphasis>server02</emphasis> install the <application>nagios-nrpe-"
16294
"server</application> package. From a terminal on server02 enter:"
16295
msgstr ""
16296
16297
#: serverguide/C/monitoring.xml:82(command)
16298
msgid "sudo apt-get install nagios-nrpe-server"
16299
msgstr ""
16300
16301
#: serverguide/C/monitoring.xml:86(para)
16302
msgid ""
16303
"<application>NRPE</application> allows you to execute local checks on remote "
16304
"hosts. There are other ways of accomplishing this through other Nagios "
16305
"plugins as well as other checks."
16306
msgstr ""
16307
16308
#: serverguide/C/monitoring.xml:94(title)
16309
msgid "Configuration Overview"
16310
msgstr ""
16311
16312
#: serverguide/C/monitoring.xml:96(para)
16313
msgid ""
16314
"There are a couple of directories containing "
16315
"<application>Nagios</application> configuration and check files."
16316
msgstr ""
16317
16318
#: serverguide/C/monitoring.xml:102(para)
16319
msgid ""
16320
"<filename>/etc/nagios3</filename>: contains configuration files for the "
16321
"operation of the <application>nagios</application> daemon, CGI files, hosts, "
16322
"etc."
16323
msgstr ""
16324
16325
#: serverguide/C/monitoring.xml:108(para)
16326
msgid ""
16327
"<filename>/etc/nagios-plugins</filename>: houses configuration files for the "
16328
"service checks."
16329
msgstr ""
16330
16331
#: serverguide/C/monitoring.xml:113(para)
16332
msgid ""
16333
"<filename>/etc/nagios</filename>: on the remote host contains the "
16334
"<application>nagios-nrpe-server</application> configuration files."
16335
msgstr ""
16336
16337
#: serverguide/C/monitoring.xml:118(para)
16338
msgid ""
16339
"<filename>/usr/lib/nagios/plugins/</filename>: where the check binaries are "
16340
"stored. To see the options of a check use the <emphasis>-h</emphasis> option."
16341
msgstr ""
16342
16343
#: serverguide/C/monitoring.xml:123(para)
16344
msgid "For example: <command>/usr/lib/nagios/plugins/check_dhcp -h</command>"
16345
msgstr ""
16346
16347
#: serverguide/C/monitoring.xml:129(para)
16348
msgid ""
16349
"There are a plethora of checks <application>Nagios</application> can be "
16350
"configured to execute for any given host. For this example Nagios will be "
16351
"configured to check disk space, DNS, and a MySQL hostgroup. The DNS check "
16352
"will be on <emphasis>server02</emphasis>, and the MySQL hostgroup will "
16353
"include both <emphasis>server01</emphasis> and <emphasis>server02</emphasis>."
16354
msgstr ""
16355
16356
#: serverguide/C/monitoring.xml:136(para)
16357
msgid ""
16358
"See <xref linkend=\"httpd\"/> for details on setting up Apache, <xref "
16359
"linkend=\"dns\"/> for DNS, and <xref linkend=\"mysql\"/> for MySQL."
16360
msgstr ""
16361
16362
#: serverguide/C/monitoring.xml:141(para)
16363
msgid ""
16364
"Additionally, there are some terms that once explained will hopefully make "
16365
"understanding Nagios configuration easier:"
16366
msgstr ""
16367
16368
#: serverguide/C/monitoring.xml:147(para)
16369
msgid ""
16370
"<emphasis>Host</emphasis>: a server, workstation, network device, etc that "
16371
"is being monitored."
16372
msgstr ""
16373
16374
#: serverguide/C/monitoring.xml:152(para)
16375
msgid ""
16376
"<emphasis>Host Group</emphasis>: a group of similar hosts. For example, you "
16377
"could group all web servers, file server, etc."
16378
msgstr ""
16379
16380
#: serverguide/C/monitoring.xml:157(para)
16381
msgid ""
16382
"<emphasis>Service</emphasis>: the service being monitored on the host. Such "
16383
"as HTTP, DNS, NFS, etc."
16384
msgstr ""
16385
16386
#: serverguide/C/monitoring.xml:162(para)
16387
msgid ""
16388
"<emphasis>Service Group</emphasis>: allows you to group multiple services "
16389
"together. This is useful for grouping multiple HTTP for example."
16390
msgstr ""
16391
16392
#: serverguide/C/monitoring.xml:168(para)
16393
msgid ""
16394
"<emphasis>Contact</emphasis>: person to be notified when an event takes "
16395
"place. Nagios can be configured to send emails, SMS messages, etc."
16396
msgstr ""
16397
16398
#: serverguide/C/monitoring.xml:174(para)
16399
msgid ""
16400
"By default Nagios is configured to check HTTP, disk space, SSH, current "
16401
"users, processes, and load on the <emphasis>localhost</emphasis>. Nagios "
16402
"will also <application>ping</application> check the "
16403
"<emphasis>gateway</emphasis>."
16404
msgstr ""
16405
16406
#: serverguide/C/monitoring.xml:179(para)
16407
msgid ""
16408
"Large Nagios installations can be quite complex to configure. It is usually "
16409
"best to start small, one or two hosts, get things configured the way you "
16410
"like then expand."
16411
msgstr ""
16412
16413
#: serverguide/C/monitoring.xml:194(para)
16414
msgid ""
16415
"First, create a <emphasis>host</emphasis> configuration file for "
16416
"<emphasis>server02</emphasis>. In a terminal enter:"
16417
msgstr ""
16418
16419
#: serverguide/C/monitoring.xml:199(command)
16420
msgid ""
16421
"sudo cp /etc/nagios3/conf.d/localhost_nagios2.cfg "
16422
"/etc/nagios3/conf.d/server02.cfg"
16423
msgstr ""
16424
16425
#: serverguide/C/monitoring.xml:203(para)
16426
msgid ""
16427
"In the above and following command examples, replace "
16428
"<emphasis>\"server01\"</emphasis>, "
16429
"<emphasis>\"server02\"</emphasis><emphasis>172.18.100.100</emphasis>, and "
16430
"<emphasis>172.18.100.101</emphasis> with the host names and IP addresses of "
16431
"your servers."
16432
msgstr ""
16433
16434
#: serverguide/C/monitoring.xml:212(para)
16435
msgid "Next, edit <filename>/etc/nagios3/conf.d/server02.cfg</filename>:"
16436
msgstr ""
16437
16438
#: serverguide/C/monitoring.xml:216(programlisting)
16439
#, no-wrap
16440
msgid ""
16441
"\n"
16442
"define host{\n"
16443
" use generic-host ; Name of host "
16444
"template to use\n"
16445
" host_name server02\n"
16446
" alias Server 02\n"
16447
" address 172.18.100.101\n"
16448
"}\n"
16449
"\n"
16450
"# check DNS service.\n"
16451
"define service {\n"
16452
" use generic-service\n"
16453
" host_name server02\n"
16454
" service_description DNS\n"
16455
" check_command check_dns!172.18.100.101\n"
16456
"}\n"
16457
msgstr ""
16458
16459
#: serverguide/C/monitoring.xml:236(para)
16460
msgid ""
16461
"Restart the <application>nagios</application> daemon to enable the new "
16462
"configuration:"
16463
msgstr ""
16464
16465
#: serverguide/C/monitoring.xml:241(command) serverguide/C/monitoring.xml:308(command) serverguide/C/monitoring.xml:375(command)
16466
msgid "sudo /etc/init.d/nagios3 restart"
16467
msgstr ""
16468
16469
#: serverguide/C/monitoring.xml:251(para)
16470
msgid ""
16471
"Now add a service definition for the MySQL check by adding the following to "
16472
"<filename>/etc/nagios3/conf.d/services_nagios2.cfg</filename>:"
16473
msgstr ""
16474
16475
#: serverguide/C/monitoring.xml:255(programlisting)
16476
#, no-wrap
16477
msgid ""
16478
"\n"
16479
"# check MySQL servers.\n"
16480
"define service {\n"
16481
" hostgroup_name mysql-servers\n"
16482
" service_description MySQL\n"
16483
" check_command "
16484
"check_mysql_cmdlinecred!nagios!secret!$HOSTADDRESS\n"
16485
" use generic-service\n"
16486
" notification_interval 0 ; set > 0 if you want to be "
16487
"renotified\n"
16488
"}\n"
16489
msgstr ""
16490
16491
#: serverguide/C/monitoring.xml:269(para)
16492
msgid ""
16493
"A <emphasis>mysql-servers</emphasis> hostgroup now needs to be defined. Edit "
16494
"<filename>/etc/nagios3/conf.d/hostgroups_nagios2.cfg</filename> adding:"
16495
msgstr ""
16496
16497
#: serverguide/C/monitoring.xml:274(programlisting)
16498
#, no-wrap
16499
msgid ""
16500
"\n"
16501
"# MySQL hostgroup.\n"
16502
"define hostgroup {\n"
16503
" hostgroup_name mysql-servers\n"
16504
" alias MySQL servers\n"
16505
" members localhost, server02\n"
16506
" }\n"
16507
msgstr ""
16508
16509
#: serverguide/C/monitoring.xml:286(para)
16510
msgid ""
16511
"The Nagios check needs to authenticate to MySQL. To add a "
16512
"<emphasis>nagios</emphasis> user to MySQL enter:"
16513
msgstr ""
16514
16515
#: serverguide/C/monitoring.xml:291(command)
16516
msgid "mysql -u root -p -e \"create user nagios identified by 'secret';\""
16517
msgstr ""
16518
16519
#: serverguide/C/monitoring.xml:295(para)
16520
msgid ""
16521
"The <emphasis>nagios</emphasis> user will need to be added all hosts in the "
16522
"<emphasis>mysql-servers</emphasis> hostgroup."
16523
msgstr ""
16524
16525
#: serverguide/C/monitoring.xml:303(para)
16526
msgid ""
16527
"Restart <application>nagios</application> to start checking the MySQL "
16528
"servers."
16529
msgstr ""
16530
16531
#: serverguide/C/monitoring.xml:318(para)
16532
msgid ""
16533
"Lastly configure NRPE to check the disk space on "
16534
"<emphasis>server02</emphasis>."
16535
msgstr ""
16536
16537
#: serverguide/C/monitoring.xml:322(para)
16538
msgid ""
16539
"On <emphasis>server01</emphasis> add the service check to "
16540
"<filename>/etc/nagios3/conf.d/server02.cfg</filename>:"
16541
msgstr ""
16542
16543
#: serverguide/C/monitoring.xml:327(programlisting)
16544
#, no-wrap
16545
msgid ""
16546
"\n"
16547
"# NRPE disk check.\n"
16548
"define service {\n"
16549
" use generic-service\n"
16550
" host_name server02\n"
16551
" service_description nrpe-disk\n"
16552
" check_command "
16553
"check_nrpe_1arg!check_all_disks!172.18.100.101\n"
16554
"}\n"
16555
msgstr ""
16556
16557
#: serverguide/C/monitoring.xml:340(para)
16558
msgid ""
16559
"Now on <emphasis>server02</emphasis> edit "
16560
"<filename>/etc/nagios/nrpe.cfg</filename> changing:"
16561
msgstr ""
16562
16563
#: serverguide/C/monitoring.xml:344(programlisting)
16564
#, no-wrap
16565
msgid ""
16566
"\n"
16567
"allowed_hosts=172.18.100.100\n"
16568
msgstr ""
16569
16570
#: serverguide/C/monitoring.xml:348(para)
16571
msgid "And below in the command definition area add:"
16572
msgstr ""
16573
16574
#: serverguide/C/monitoring.xml:352(programlisting)
16575
#, no-wrap
16576
msgid ""
16577
"\n"
16578
"command[check_all_disks]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -"
16579
"e\n"
16580
msgstr ""
16581
16582
#: serverguide/C/monitoring.xml:359(para)
16583
msgid "Finally, restart <application>nagios-nrpe-server</application>:"
16584
msgstr ""
16585
16586
#: serverguide/C/monitoring.xml:364(command)
16587
msgid "sudo /etc/init.d/nagios-nrpe-server restart"
16588
msgstr ""
16589
16590
#: serverguide/C/monitoring.xml:370(para)
16591
msgid ""
16592
"Also, on <emphasis>server01</emphasis> restart "
16593
"<application>nagios</application>:"
16594
msgstr ""
16595
16596
#: serverguide/C/monitoring.xml:383(para)
16597
msgid ""
16598
"You should now be able to see the host and service checks in the Nagios CGI "
16599
"files. To access them point a browser to http://server01/nagios3. You will "
16600
"then be prompted for the <emphasis>nagiosadmin</emphasis> username and "
16601
"password."
16602
msgstr ""
16603
16604
#: serverguide/C/monitoring.xml:393(para)
16605
msgid ""
16606
"This section has just scratched the surface of Nagios' features. The "
16607
"<application>nagios-plugins-extra</application> and <application>nagios-snmp-"
16608
"plugins</application> contain many more service checks."
16609
msgstr ""
16610
16611
#: serverguide/C/monitoring.xml:400(para)
16612
msgid ""
16613
"For more information see <ulink "
16614
"url=\"http://www.nagios.org/\">Nagios</ulink> website."
16615
msgstr ""
16616
16617
#: serverguide/C/monitoring.xml:405(para)
16618
msgid ""
16619
"Specifically the <ulink "
16620
"url=\"http://nagios.sourceforge.net/docs/3_0/\">Online Documentation</ulink> "
16621
"site."
16622
msgstr ""
16623
16624
#: serverguide/C/monitoring.xml:410(para)
16625
msgid ""
16626
"There is also a list of <ulink "
16627
"url=\"http://www.nagios.org/propaganda/books/\">books</ulink> related to "
16628
"Nagios and network monitoring:"
16629
msgstr ""
16630
16631
#: serverguide/C/monitoring.xml:416(para)
16632
msgid ""
16633
"The <ulink url=\"https://help.ubuntu.com/community/Nagios\">Nagios Ubuntu "
16634
"Wiki</ulink> page also has more details."
16635
msgstr ""
16636
16637
#: serverguide/C/monitoring.xml:425(title)
16638
msgid "Munin"
16639
msgstr ""
16640
16641
#: serverguide/C/monitoring.xml:430(para)
16642
msgid ""
16643
"Before installing <application>Munin</application> on "
16644
"<emphasis>server01</emphasis><application>apache2</application> will need to "
16645
"be installed. The default configuration is fine for running a "
16646
"<application>munin</application> server. For more information see <xref "
16647
"linkend=\"httpd\"/>."
16648
msgstr ""
16649
16650
#: serverguide/C/monitoring.xml:436(para)
16651
msgid ""
16652
"First, on <emphasis>server01</emphasis> install "
16653
"<application>munin</application>. In a terminal enter:"
16654
msgstr ""
16655
16656
#: serverguide/C/monitoring.xml:441(command)
16657
msgid "sudo apt-get install munin"
16658
msgstr ""
16659
16660
#: serverguide/C/monitoring.xml:444(para)
16661
msgid ""
16662
"Now on <emphasis>server02</emphasis> install the <application>munin-"
16663
"node</application> package:"
16664
msgstr ""
16665
16666
#: serverguide/C/monitoring.xml:449(command)
16667
msgid "sudo apt-get install munin-node"
16668
msgstr ""
16669
16670
#: serverguide/C/monitoring.xml:456(para)
16671
msgid ""
16672
"On <emphasis>server01</emphasis> edit the "
16673
"<filename>/etc/munin/munin.conf</filename> adding the IP address for "
16674
"<emphasis>server02</emphasis>:"
16675
msgstr ""
16676
16677
#: serverguide/C/monitoring.xml:461(programlisting)
16678
#, no-wrap
16679
msgid ""
16680
"\n"
16681
"## First our \"normal\" host.\n"
16682
"[server02]\n"
16683
" address 172.18.100.101\n"
16684
msgstr ""
16685
16686
#: serverguide/C/monitoring.xml:468(para)
16687
msgid ""
16688
"Replace <emphasis>server02</emphasis> and "
16689
"<emphasis>172.18.100.101</emphasis> with the actual hostname and IP address "
16690
"for your server."
16691
msgstr ""
16692
16693
#: serverguide/C/monitoring.xml:474(para)
16694
msgid ""
16695
"Next, configure <application>munin-node</application> on "
16696
"<emphasis>server02</emphasis>. Edit <filename>/etc/munin/munin-"
16697
"node.conf</filename> to allow access by <emphasis>server01</emphasis>:"
16698
msgstr ""
16699
16700
#: serverguide/C/monitoring.xml:479(programlisting)
16701
#, no-wrap
16702
msgid ""
16703
"\n"
16704
"allow ^172\\.18\\.100\\.100$\n"
16705
msgstr ""
16706
16707
#: serverguide/C/monitoring.xml:484(para)
16708
msgid ""
16709
"Replace <emphasis>^172\\.18\\.100\\.100$</emphasis> with IP address for your "
16710
"<application>munin</application> server."
16711
msgstr ""
16712
16713
#: serverguide/C/monitoring.xml:489(para)
16714
msgid ""
16715
"Now restart <application>munin-node</application> on "
16716
"<emphasis>server02</emphasis> for the changes to take effect:"
16717
msgstr ""
16718
16719
#: serverguide/C/monitoring.xml:494(command)
16720
msgid "sudo /etc/init.d/munin-node restart"
16721
msgstr ""
16722
16723
#: serverguide/C/monitoring.xml:497(para)
16724
msgid ""
16725
"Finally, in a browser go to <emphasis>http://server01/munin</emphasis>, and "
16726
"you should see links to nice graphs displaying information from the standard "
16727
"<emphasis>munin-plugins</emphasis> for disk, network, processes, and system."
16728
msgstr ""
16729
16730
#: serverguide/C/monitoring.xml:503(para)
16731
msgid ""
16732
"Since this is a new install it may take some time for the graphs to display "
16733
"anything useful."
16734
msgstr ""
16735
16736
#: serverguide/C/monitoring.xml:510(title)
16737
msgid "Additional Plugins"
16738
msgstr ""
16739
16740
#: serverguide/C/monitoring.xml:512(para)
16741
msgid ""
16742
"The <application>munin-plugins-extra</application> package contains "
16743
"performance checks additional services such as DNS, DHCP, Samba, etc. To "
16744
"install the package, from a terminal enter:"
16745
msgstr ""
16746
16747
#: serverguide/C/monitoring.xml:518(command)
16748
msgid "sudo apt-get install munin-plugins-extra"
16749
msgstr ""
16750
16751
#: serverguide/C/monitoring.xml:521(para)
16752
msgid "Be sure to install the package on both the server and node machines."
16753
msgstr ""
16754
16755
#: serverguide/C/monitoring.xml:531(para)
16756
msgid ""
16757
"See the <ulink url=\"http://munin.projects.linpro.no/\">Munin</ulink> "
16758
"website for more details."
16759
msgstr ""
16760
16761
#: serverguide/C/monitoring.xml:536(para)
16762
msgid ""
16763
"Specifically the <ulink "
16764
"url=\"http://munin.projects.linpro.no/wiki/Documentation\">Munin "
16765
"Documentation</ulink> page includes information on additional plugins, "
16766
"writing plugins, etc."
16767
msgstr ""
16768
16769
#: serverguide/C/monitoring.xml:542(para)
16770
msgid ""
16771
"Also, there is a book in German by Open Source Press: <ulink "
16772
"url=\"https://www.opensourcepress.de/index.php?26&backPID=178&tt_prod"
16773
"ucts=152\">Munin Graphisches Netzwerk- und System-Monitoring</ulink>."
16774
msgstr ""
16775
16776
#: serverguide/C/monitoring.xml:548(para)
16777
msgid ""
16778
"Another resource is the <ulink "
16779
"url=\"https://help.ubuntu.com/community/Munin\">Munin Ubuntu Wiki</ulink> "
16780
"page."
16781
msgstr ""
16782
16783
#: serverguide/C/mail.xml:13(title)
16784
msgid "Email Services"
16785
msgstr ""
16786
16787
#: serverguide/C/mail.xml:14(para)
16788
msgid ""
16789
"The process of getting an email from one person to another over a network or "
16790
"the Internet involves many systems working together. Each of these systems "
16791
"must be correctly configured for the process to work. The sender uses a "
16792
"<emphasis>Mail User Agent</emphasis> (MUA), or email client, to send the "
16793
"message through one or more <emphasis>Mail Transfer Agents</emphasis> (MTA), "
16794
"the last of which will hand it off to a <emphasis>Mail Delivery "
16795
"Agent</emphasis> (MDA) for delivery to the recipient's mailbox, from which "
16796
"it will be retrieved by the recipient's email client, usually via a POP3 or "
16797
"IMAP server."
16798
msgstr ""
16799
16800
#: serverguide/C/mail.xml:24(title) serverguide/C/mail.xml:832(application) serverguide/C/mail.xml:866(title) serverguide/C/mail.xml:944(title) serverguide/C/mail.xml:1510(title)
16801
msgid "Postfix"
16802
msgstr ""
16803
16804
#: serverguide/C/mail.xml:25(para)
16805
msgid ""
16806
"<application>Postfix</application> is the default Mail Transfer Agent (MTA) "
16807
"in Ubuntu. It attempts to be fast and easy to administer and secure. It is "
16808
"compatible with the MTA <application>sendmail</application>. This section "
16809
"explains how to install and configure <application>postfix</application>. It "
16810
"also explains how to set it up as an SMTP server using a secure connection "
16811
"(for sending emails securely)."
16812
msgstr ""
16813
16814
#: serverguide/C/mail.xml:34(para)
16815
msgid ""
16816
"This guide does not cover setting up Postfix <emphasis>Virtual "
16817
"Domains</emphasis>, for information on Virtual Domains and other advanced "
16818
"configurations see <xref linkend=\"postfix-references\"/>."
16819
msgstr ""
16820
16821
#: serverguide/C/mail.xml:41(para)
16822
msgid ""
16823
"To install <application>postfix</application> run the following command:"
16824
msgstr ""
16825
16826
#: serverguide/C/mail.xml:47(para)
16827
msgid ""
16828
"Simply press return when the installation process asks questions, the "
16829
"configuration will be done in greater detail in the next stage."
16830
msgstr ""
16831
16832
#: serverguide/C/mail.xml:52(title)
16833
msgid "Basic Configuration"
16834
msgstr ""
16835
16836
#: serverguide/C/mail.xml:53(para)
16837
msgid ""
16838
"To configure <application>postfix</application>, run the following command:"
16839
msgstr ""
16840
16841
#: serverguide/C/mail.xml:57(command)
16842
msgid "sudo dpkg-reconfigure postfix"
16843
msgstr ""
16844
16845
#: serverguide/C/mail.xml:63(para)
16846
msgid "Internet Site"
16847
msgstr ""
16848
16849
#: serverguide/C/mail.xml:64(para)
16850
msgid "mail.example.com"
16851
msgstr ""
16852
16853
#: serverguide/C/mail.xml:65(para)
16854
msgid "steve"
16855
msgstr ""
16856
16857
#: serverguide/C/mail.xml:66(para)
16858
msgid "mail.example.com, localhost.localdomain, localhost"
16859
msgstr ""
16860
16861
#: serverguide/C/mail.xml:67(para)
16862
msgid "No"
16863
msgstr ""
16864
16865
#: serverguide/C/mail.xml:68(para)
16866
msgid "127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.0.0/24"
16867
msgstr ""
16868
16869
#: serverguide/C/mail.xml:69(para)
16870
msgid "0"
16871
msgstr ""
16872
16873
#: serverguide/C/mail.xml:70(para)
16874
msgid "+"
16875
msgstr ""
16876
16877
#: serverguide/C/mail.xml:71(para)
16878
msgid "all"
16879
msgstr ""
16880
16881
#: serverguide/C/mail.xml:59(para)
16882
msgid ""
16883
"The user interface will be displayed. On each screen, select the following "
16884
"values: <placeholder-1/>"
16885
msgstr ""
16886
16887
#: serverguide/C/mail.xml:75(para)
16888
msgid ""
16889
"Replace mail.example.com with the domain for which you'll accept email, "
16890
"192.168.0.0/24 with the actual network and class range of your mail server, "
16891
"and steve with the appropriate username."
16892
msgstr ""
16893
16894
#: serverguide/C/mail.xml:81(para)
16895
msgid ""
16896
"Now is a good time to decide which mailbox format you want to use. By "
16897
"default Postfix will use <emphasis role=\"strong\">mbox</emphasis> for the "
16898
"mailbox format. Rather than editing the configuration file directly, you can "
16899
"use the <command>postconf</command> command to configure all "
16900
"<application>postfix</application> parameters. The configuration parameters "
16901
"will be stored in <filename>/etc/postfix/main.cf</filename> file. Later if "
16902
"you wish to re-configure a particular parameter, you can either run the "
16903
"command or change it manually in the file."
16904
msgstr ""
16905
16906
#: serverguide/C/mail.xml:92(para)
16907
msgid ""
16908
"To configure the mailbox format for <emphasis "
16909
"role=\"strong\">Maildir:</emphasis>"
16910
msgstr ""
16911
16912
#: serverguide/C/mail.xml:97(command)
16913
msgid "sudo postconf -e 'home_mailbox = Maildir/'"
16914
msgstr ""
16915
16916
#: serverguide/C/mail.xml:100(para)
16917
msgid ""
16918
"This will place new mail in /home/<emphasis "
16919
"role=\"italic\">username</emphasis>/Maildir so you will need to configure "
16920
"your Mail Delivery Agent (MDA) to use the same path."
16921
msgstr ""
16922
16923
#: serverguide/C/mail.xml:108(title) serverguide/C/mail.xml:556(title)
16924
msgid "SMTP Authentication"
16925
msgstr ""
16926
16927
#: serverguide/C/mail.xml:110(para)
16928
msgid ""
16929
"SMTP-AUTH allows a client to identify itself through an authentication "
16930
"mechanism (SASL). Transport Layer Security (TLS) should be used to encrypt "
16931
"the authentication process. Once authenticated the SMTP server will allow "
16932
"the client to relay mail."
16933
msgstr ""
16934
16935
#: serverguide/C/mail.xml:117(para)
16936
msgid "Configure Postfix for SMTP-AUTH using SASL (Dovecot SASL):"
16937
msgstr ""
16938
16939
#: serverguide/C/mail.xml:120(screen)
16940
#, no-wrap
16941
msgid ""
16942
"\n"
16943
"sudo postconf -e 'smtpd_sasl_type = dovecot'\n"
16944
"sudo postconf -e 'smtpd_sasl_path = private/auth-client'\n"
16945
"sudo postconf -e 'smtpd_sasl_local_domain ='\n"
16946
"sudo postconf -e 'smtpd_sasl_security_options = noanonymous'\n"
16947
"sudo postconf -e 'broken_sasl_auth_clients = yes'\n"
16948
"sudo postconf -e 'smtpd_sasl_auth_enable = yes'\n"
16949
"sudo postconf -e 'smtpd_recipient_restrictions = "
16950
"permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'\n"
16951
"sudo postconf -e 'inet_interfaces = all'\n"
16952
msgstr ""
16953
16954
#: serverguide/C/mail.xml:131(para)
16955
msgid ""
16956
"The <emphasis>smtpd_sasl_path</emphasis> configuration is a path relative to "
16957
"the Postfix queue directory."
16958
msgstr ""
16959
16960
#: serverguide/C/mail.xml:137(para)
16961
msgid ""
16962
"Next, obtain a digital certificate for TLS. See <xref linkend=\"certificates-"
16963
"and-security\"/> for details. This example also uses a Certificate Authority "
16964
"(CA). For information on generating a CA certificate see <xref "
16965
"linkend=\"certificate-authority\"/>."
16966
msgstr ""
16967
16968
#: serverguide/C/mail.xml:143(para)
16969
msgid ""
16970
"You can get the digital certificate from a certificate authority. But unlike "
16971
"web clients, SMTP clients rarely complain about \"self-signed "
16972
"certificates\", so alternatively, you can create the certificate yourself. "
16973
"Refer to <xref linkend=\"creating-a-self-signed-certificate\"/> for more "
16974
"details."
16975
msgstr ""
16976
16977
#: serverguide/C/mail.xml:155(para)
16978
msgid ""
16979
"Once you have a certificate, configure Postfix to provide TLS encryption for "
16980
"both incoming and outgoing mail:"
16981
msgstr ""
16982
16983
#: serverguide/C/mail.xml:158(screen)
16984
#, no-wrap
16985
msgid ""
16986
"\n"
16987
"sudo postconf -e 'smtpd_tls_auth_only = no'\n"
16988
"sudo postconf -e 'smtp_use_tls = yes'\n"
16989
"sudo postconf -e 'smtpd_use_tls = yes'\n"
16990
"sudo postconf -e 'smtp_tls_note_starttls_offer = yes'\n"
16991
"sudo postconf -e 'smtpd_tls_key_file = /etc/ssl/private/server.key'\n"
16992
"sudo postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/server.crt'\n"
16993
"sudo postconf -e 'smtpd_tls_loglevel = 1'\n"
16994
"sudo postconf -e 'smtpd_tls_received_header = yes'\n"
16995
"sudo postconf -e 'smtpd_tls_session_cache_timeout = 3600s'\n"
16996
"sudo postconf -e 'tls_random_source = dev:/dev/urandom'\n"
16997
"sudo postconf -e 'myhostname = mail.example.com'\n"
16998
msgstr ""
16999
17000
#: serverguide/C/mail.xml:173(para)
17001
msgid ""
17002
"If you are using your own <emphasis>Certificate Authority</emphasis> to sign "
17003
"the certificate enter:"
17004
msgstr ""
17005
17006
#: serverguide/C/mail.xml:177(command)
17007
msgid "sudo postconf -e 'smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem'"
17008
msgstr ""
17009
17010
#: serverguide/C/mail.xml:180(para)
17011
msgid ""
17012
"Again, for more details about certificates see <xref linkend=\"certificates-"
17013
"and-security\"/>."
17014
msgstr ""
17015
17016
#: serverguide/C/mail.xml:186(para)
17017
msgid ""
17018
"After running all the commands, <application>Postfix</application> is "
17019
"configured for SMTP-AUTH and a self-signed certificate has been created for "
17020
"TLS encryption."
17021
msgstr ""
17022
17023
#: serverguide/C/mail.xml:191(para)
17024
msgid ""
17025
"Now, the file <filename>/etc/postfix/main.cf</filename> should look like "
17026
"<ulink url=\"../sample/postfix_configuration\">this</ulink>."
17027
msgstr ""
17028
17029
#: serverguide/C/mail.xml:195(para)
17030
msgid ""
17031
"The postfix initial configuration is complete. Run the following command to "
17032
"restart the postfix daemon:"
17033
msgstr ""
17034
17035
#: serverguide/C/mail.xml:201(command) serverguide/C/mail.xml:315(command) serverguide/C/mail.xml:378(command) serverguide/C/mail.xml:984(command) serverguide/C/mail.xml:1561(command)
17036
msgid "sudo /etc/init.d/postfix restart"
17037
msgstr ""
17038
17039
#: serverguide/C/mail.xml:204(para)
17040
msgid ""
17041
"<application>Postfix</application> supports SMTP-AUTH as defined in <ulink "
17042
"url=\"ftp://ftp.isi.edu/in-notes/rfc2554.txt\">RFC2554</ulink>. It is based "
17043
"on <ulink url=\"ftp://ftp.isi.edu/in-notes/rfc2222.txt\">SASL</ulink>. "
17044
"However it is still necessary to set up SASL authentication before you can "
17045
"use SMTP-AUTH."
17046
msgstr ""
17047
17048
#: serverguide/C/mail.xml:214(title) serverguide/C/mail.xml:609(title)
17049
msgid "Configuring SASL"
17050
msgstr ""
17051
17052
#: serverguide/C/mail.xml:215(para)
17053
msgid ""
17054
"Postfix supports two SASL implementations Cyrus SASL and Dovecot SASL. To "
17055
"enable Dovecot SASL the <application>dovecot-common</application> package "
17056
"will need to be installed. From a terminal prompt enter the following:"
17057
msgstr ""
17058
17059
#: serverguide/C/mail.xml:221(command)
17060
msgid "sudo apt-get install dovecot-common"
17061
msgstr ""
17062
17063
#: serverguide/C/mail.xml:223(para)
17064
msgid ""
17065
"Next you will need to edit <filename>/etc/dovecot/dovecot.conf</filename>. "
17066
"In the <emphasis>auth default</emphasis> section uncomment the "
17067
"<emphasis>socket listen</emphasis> option and change the following:"
17068
msgstr ""
17069
17070
#: serverguide/C/mail.xml:227(programlisting)
17071
#, no-wrap
17072
msgid ""
17073
"\n"
17074
" socket listen {\n"
17075
" #master {\n"
17076
" # Master socket provides access to userdb information. It's typically\n"
17077
" # used to give Dovecot's local delivery agent access to userdb so it\n"
17078
" # can find mailbox locations.\n"
17079
" #path = /var/run/dovecot/auth-master\n"
17080
" #mode = 0600\n"
17081
" # Default user/group is the one who started dovecot-auth (root)\n"
17082
" #user = \n"
17083
" #group = \n"
17084
" #}\n"
17085
" client {\n"
17086
" # The client socket is generally safe to export to everyone. Typical "
17087
"use\n"
17088
" # is to export it to your SMTP server so it can do SMTP AUTH lookups\n"
17089
" # using it.\n"
17090
" path = /var/spool/postfix/private/auth-client\n"
17091
" mode = 0660\n"
17092
" user = postfix\n"
17093
" group = postfix\n"
17094
" }\n"
17095
" }\n"
17096
msgstr ""
17097
17098
#: serverguide/C/mail.xml:251(para)
17099
msgid ""
17100
"In order to let <application>Outlook</application> clients use SMTPAUTH, in "
17101
"the <emphasis>auth default</emphasis> section of /etc/dovecot/dovecot.conf "
17102
"add <emphasis>\"login\"</emphasis>:"
17103
msgstr ""
17104
17105
#: serverguide/C/mail.xml:256(programlisting)
17106
#, no-wrap
17107
msgid ""
17108
"\n"
17109
" mechanisms = plain login\n"
17110
msgstr ""
17111
17112
#: serverguide/C/mail.xml:260(para)
17113
msgid ""
17114
"Once you have <application>Dovecot</application> configured restart it with:"
17115
msgstr ""
17116
17117
#: serverguide/C/mail.xml:264(command) serverguide/C/mail.xml:735(command)
17118
msgid "sudo /etc/init.d/dovecot restart"
17119
msgstr ""
17120
17121
#: serverguide/C/mail.xml:269(title)
17122
msgid "Postfix-Dovecot"
17123
msgstr ""
17124
17125
#: serverguide/C/mail.xml:271(para)
17126
msgid ""
17127
"Another option for configuring <application>Postfix</application> for SMTP-"
17128
"AUTH is using the <application>dovecot-postfix</application> package. This "
17129
"package will install <application>Dovecot</application> and configure "
17130
"<application>Postfix</application> to use it for both SASL authentication "
17131
"and as a Mail Delivery Agent (MDA). The package also configures "
17132
"<application>Dovecot</application> for IMAP, IMAPS, POP3, and POP3S."
17133
msgstr ""
17134
17135
#: serverguide/C/mail.xml:280(para)
17136
msgid ""
17137
"You may or may not want to run IMAP, IMAPS, POP3, or POP3S on your mail "
17138
"server. For example, if you are configuring your server to be a mail "
17139
"gateway, spam/virus filter, etc. If this is the case it may be easier to use "
17140
"the above commands to configure Postfix for SMTPAUTH."
17141
msgstr ""
17142
17143
#: serverguide/C/mail.xml:287(para)
17144
msgid "To install the package, from a terminal prompt enter:"
17145
msgstr ""
17146
17147
#: serverguide/C/mail.xml:292(command)
17148
msgid "sudo apt-get install dovecot-postfix"
17149
msgstr ""
17150
17151
#: serverguide/C/mail.xml:295(para)
17152
msgid ""
17153
"You should now have a working mail server, but there are a few options that "
17154
"you may wish to further customize. For example, the package uses the "
17155
"certificate and key from the <application>ssl-cert</application> package, "
17156
"and in a production environment you should use a certificate and key "
17157
"generated for the host. See <xref linkend=\"certificates-and-security\"/> "
17158
"for more details."
17159
msgstr ""
17160
17161
#: serverguide/C/mail.xml:301(para)
17162
msgid ""
17163
"Once you have a customized certificate and key for the host, change the "
17164
"following options in <filename>/etc/postfix/main.cf</filename>:"
17165
msgstr ""
17166
17167
#: serverguide/C/mail.xml:305(programlisting)
17168
#, no-wrap
17169
msgid ""
17170
"\n"
17171
"smtpd_tls_cert_file = /etc/ssl/certs/ssl-mail.pem\n"
17172
"smtpd_tls_key_file = /etc/ssl/private/ssl-mail.key\n"
17173
msgstr ""
17174
17175
#: serverguide/C/mail.xml:310(para)
17176
msgid "Then restart Postfix:"
17177
msgstr ""
17178
17179
#: serverguide/C/mail.xml:321(para)
17180
msgid ""
17181
"SMTP-AUTH configuration is complete. Now it is time to test the setup."
17182
msgstr ""
17183
17184
#: serverguide/C/mail.xml:324(para)
17185
msgid "To see if SMTP-AUTH and TLS work properly, run the following command:"
17186
msgstr ""
17187
17188
#: serverguide/C/mail.xml:329(command)
17189
msgid "telnet mail.example.com 25"
17190
msgstr ""
17191
17192
#: serverguide/C/mail.xml:331(para)
17193
msgid ""
17194
"After you have established the connection to the postfix mail server, type:"
17195
msgstr ""
17196
17197
#: serverguide/C/mail.xml:335(screen)
17198
#, no-wrap
17199
msgid ""
17200
"\n"
17201
"ehlo mail.example.com\n"
17202
msgstr ""
17203
17204
#: serverguide/C/mail.xml:338(para)
17205
msgid ""
17206
"If you see the following lines among others, then everything is working "
17207
"perfectly. Type <command>quit</command> to exit."
17208
msgstr ""
17209
17210
#: serverguide/C/mail.xml:342(programlisting)
17211
#, no-wrap
17212
msgid ""
17213
"\n"
17214
"250-STARTTLS\n"
17215
"250-AUTH LOGIN PLAIN\n"
17216
"250-AUTH=LOGIN PLAIN\n"
17217
"250 8BITMIME\n"
17218
msgstr ""
17219
17220
#: serverguide/C/mail.xml:352(para)
17221
msgid ""
17222
"This section introduces some common ways to determine the cause if problems "
17223
"arise."
17224
msgstr ""
17225
17226
#: serverguide/C/mail.xml:356(title)
17227
msgid "Escaping chroot"
17228
msgstr ""
17229
17230
#: serverguide/C/mail.xml:357(para)
17231
msgid ""
17232
"The Ubuntu <application>postfix</application> package will by default "
17233
"install into a <emphasis>chroot</emphasis> environment for security reasons. "
17234
"This can add greater complexity when troubleshooting problems."
17235
msgstr ""
17236
17237
#: serverguide/C/mail.xml:361(para)
17238
msgid ""
17239
"To turn off the chroot operation locate for the following line in the "
17240
"<filename>/etc/postfix/master.cf</filename> configuration file:"
17241
msgstr ""
17242
17243
#: serverguide/C/mail.xml:365(screen)
17244
#, no-wrap
17245
msgid ""
17246
"\n"
17247
"smtp inet n - - - - smtpd\n"
17248
msgstr ""
17249
17250
#: serverguide/C/mail.xml:368(para)
17251
msgid "and modify it as follows:"
17252
msgstr ""
17253
17254
#: serverguide/C/mail.xml:371(screen)
17255
#, no-wrap
17256
msgid ""
17257
"\n"
17258
"smtp inet n - n - - smtpd\n"
17259
msgstr ""
17260
17261
#: serverguide/C/mail.xml:374(para)
17262
msgid ""
17263
"You will then need to restart Postfix to use the new configuration. From a "
17264
"terminal prompt enter:"
17265
msgstr ""
17266
17267
#: serverguide/C/mail.xml:382(title)
17268
msgid "Log Files"
17269
msgstr ""
17270
17271
#: serverguide/C/mail.xml:383(para)
17272
msgid ""
17273
"<application>Postfix</application> sends all log messages to "
17274
"<filename>/var/log/mail.log</filename>. However error and warning messages "
17275
"can sometimes get lost in the normal log output so they are also logged to "
17276
"<filename>/var/log/mail.err</filename> and "
17277
"<filename>/var/log/mail.warn</filename> respectively."
17278
msgstr ""
17279
17280
#: serverguide/C/mail.xml:388(para)
17281
msgid ""
17282
"To see messages entered into the logs in real time you can use the "
17283
"<application>tail -f</application> command:"
17284
msgstr ""
17285
17286
#: serverguide/C/mail.xml:393(command)
17287
msgid "tail -f /var/log/mail.err"
17288
msgstr ""
17289
17290
#: serverguide/C/mail.xml:395(para)
17291
msgid ""
17292
"The amount of detail that is recorded in the logs can be increased. Below "
17293
"are some configuration options for increasing the log level for some of the "
17294
"areas covered above."
17295
msgstr ""
17296
17297
#: serverguide/C/mail.xml:401(para)
17298
msgid ""
17299
"To increase <emphasis>TLS</emphasis> activity logging set the "
17300
"<emphasis>smtpd_tls_loglevel</emphasis> option to a value from 1 to 4."
17301
msgstr ""
17302
17303
#: serverguide/C/mail.xml:405(command)
17304
msgid "sudo postconf -e 'smtpd_tls_loglevel = 4'"
17305
msgstr ""
17306
17307
#: serverguide/C/mail.xml:409(para)
17308
msgid ""
17309
"If you are having trouble sending or receiving mail from a specific domain "
17310
"you can add the domain to the <emphasis>debug_peer_list</emphasis> parameter."
17311
msgstr ""
17312
17313
#: serverguide/C/mail.xml:414(command)
17314
msgid "sudo postconf -e 'debug_peer_list = problem.domain'"
17315
msgstr ""
17316
17317
#: serverguide/C/mail.xml:418(para)
17318
msgid ""
17319
"You can increase the verbosity of any <application>Postfix</application> "
17320
"daemon process by editing the <filename>/etc/postfix/master.cf</filename> "
17321
"and adding a <emphasis>-v</emphasis> after the entry. For example edit the "
17322
"<emphasis>smtp</emphasis> entry:"
17323
msgstr ""
17324
17325
#: serverguide/C/mail.xml:422(programlisting)
17326
#, no-wrap
17327
msgid ""
17328
"\n"
17329
"smtp unix - - - - - smtp -v\n"
17330
msgstr ""
17331
17332
#: serverguide/C/mail.xml:428(para)
17333
msgid ""
17334
"It is important to note that after making one of the logging changes above "
17335
"the <application>Postfix</application> process will need to be reloaded in "
17336
"order to recognize the new configuration: <command>sudo /etc/init.d/postfix "
17337
"reload</command>"
17338
msgstr ""
17339
17340
#: serverguide/C/mail.xml:435(para)
17341
msgid ""
17342
"To increase the amount of information logged when troubleshooting "
17343
"<emphasis>SASL</emphasis> issues you can set the following options in "
17344
"<filename>/etc/dovecot/dovecot.conf</filename>"
17345
msgstr ""
17346
17347
#: serverguide/C/mail.xml:439(programlisting)
17348
#, no-wrap
17349
msgid ""
17350
"\n"
17351
"auth_debug=yes\n"
17352
"auth_debug_passwords=yes\n"
17353
msgstr ""
17354
17355
#: serverguide/C/mail.xml:446(para)
17356
msgid ""
17357
"Just like <application>Postfix</application> if you change a "
17358
"<application>Dovecot</application> configuration the process will need to be "
17359
"reloaded: <command>sudo /etc/init.d/dovecot reload</command>."
17360
msgstr ""
17361
17362
#: serverguide/C/mail.xml:452(para)
17363
msgid ""
17364
"Some of the options above can drastically increase the amount of information "
17365
"sent to the log files. Remember to return the log level back to normal after "
17366
"you have corrected the problem. Then reload the appropriate daemon for the "
17367
"new configuration to take affect."
17368
msgstr ""
17369
17370
#: serverguide/C/mail.xml:460(para)
17371
msgid ""
17372
"Administering a <application>Postfix</application> server can be a very "
17373
"complicated task. At some point you may need to turn to the Ubuntu community "
17374
"for more experienced help."
17375
msgstr ""
17376
17377
#: serverguide/C/mail.xml:464(para)
17378
msgid ""
17379
"A great place to ask for <application>Postfix</application> assistance, and "
17380
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
17381
"server</emphasis> IRC channel on <ulink "
17382
"url=\"http://freenode.net\">freenode</ulink>. You can also post a message to "
17383
"one of the <ulink "
17384
"url=\"http://www.ubuntu.com/support/community/webforums\">Web Forums</ulink>."
17385
msgstr ""
17386
17387
#: serverguide/C/mail.xml:469(para)
17388
msgid ""
17389
"For in depth <application>Postfix</application> information Ubuntu "
17390
"developers highly recommend: <ulink url=\"http://www.postfix-book.com/\">The "
17391
"Book of Postfix</ulink>."
17392
msgstr ""
17393
17394
#: serverguide/C/mail.xml:473(para)
17395
msgid ""
17396
"Finally, the <ulink "
17397
"url=\"http://www.postfix.org/documentation.html\">Postfix</ulink> website "
17398
"also has great documentation on all the different configuration options "
17399
"available."
17400
msgstr ""
17401
17402
#: serverguide/C/mail.xml:477(para)
17403
msgid ""
17404
"Also, the <ulink url=\"https://help.ubuntu.com/community/Postfix\">Ubuntu "
17405
"Wiki Postifx</ulink> page has more information."
17406
msgstr ""
17407
17408
#: serverguide/C/mail.xml:485(title) serverguide/C/mail.xml:872(title) serverguide/C/mail.xml:988(title)
17409
msgid "Exim4"
17410
msgstr ""
17411
17412
#: serverguide/C/mail.xml:486(para)
17413
msgid ""
17414
"<application>Exim4</application> is another Message Transfer Agent (MTA) "
17415
"developed at the University of Cambridge for use on Unix systems connected "
17416
"to the Internet. Exim can be installed in place of "
17417
"<application>sendmail</application>, although the configuration of "
17418
"<application>exim</application> is quite different to that of "
17419
"<application>sendmail</application>."
17420
msgstr ""
17421
17422
#: serverguide/C/mail.xml:497(para)
17423
msgid ""
17424
"To install <application>exim4</application>, run the following command: "
17425
"<screen>\n"
17426
"<command>sudo apt-get install exim4</command>\n"
17427
"</screen>"
17428
msgstr ""
17429
17430
#: serverguide/C/mail.xml:506(para)
17431
msgid ""
17432
"To configure <application>Exim4</application>, run the following command:"
17433
msgstr ""
17434
17435
#: serverguide/C/mail.xml:510(command)
17436
msgid "sudo dpkg-reconfigure exim4-config"
17437
msgstr ""
17438
17439
#: serverguide/C/mail.xml:512(para)
17440
msgid ""
17441
"The user interface will be displayed. The user interface lets you configure "
17442
"many parameters. For example, In <application>Exim4</application> the "
17443
"configuration files are split among multiple files. If you wish to have them "
17444
"in one file you can configure accordingly in this user interface."
17445
msgstr ""
17446
17447
#: serverguide/C/mail.xml:520(para)
17448
msgid ""
17449
"All the parameters you configure in the user interface are stored in "
17450
"<filename>/etc/exim4/update-exim4.conf.conf</filename> file. If you wish to "
17451
"re-configure, either you re-run the configuration wizard or manually edit "
17452
"this file using your favorite editor. Once you configure, you can run the "
17453
"following command to generate the master configuration file:"
17454
msgstr ""
17455
17456
#: serverguide/C/mail.xml:531(command) serverguide/C/mail.xml:604(command)
17457
msgid "sudo update-exim4.conf"
17458
msgstr ""
17459
17460
#: serverguide/C/mail.xml:533(para)
17461
msgid ""
17462
"The master configuration file, is generated and it is stored in "
17463
"<filename>/var/lib/exim4/config.autogenerated</filename>."
17464
msgstr ""
17465
17466
#: serverguide/C/mail.xml:539(para)
17467
msgid ""
17468
"At any time, you should not edit the master configuration file, "
17469
"<filename>/var/lib/exim4/config.autogenerated</filename> manually. It is "
17470
"updated automatically every time you run <command>update-exim4.conf</command>"
17471
msgstr ""
17472
17473
#: serverguide/C/mail.xml:547(para)
17474
msgid ""
17475
"You can run the following command to start <application>Exim4</application> "
17476
"daemon."
17477
msgstr ""
17478
17479
#: serverguide/C/mail.xml:552(command) serverguide/C/mail.xml:994(command)
17480
msgid "sudo /etc/init.d/exim4 start"
17481
msgstr ""
17482
17483
#: serverguide/C/mail.xml:557(para)
17484
msgid ""
17485
"This section covers configuring Exim4 to use SMTP-AUTH with TLS and SASL."
17486
msgstr ""
17487
17488
#: serverguide/C/mail.xml:560(para)
17489
msgid ""
17490
"The first step is to create a certificate for use with TLS. Enter the "
17491
"following into a terminal prompt:"
17492
msgstr ""
17493
17494
#: serverguide/C/mail.xml:564(command)
17495
msgid "sudo /usr/share/doc/exim4-base/examples/exim-gencert"
17496
msgstr ""
17497
17498
#: serverguide/C/mail.xml:566(para)
17499
msgid ""
17500
"Now Exim4 needs to be configured for TLS by editing "
17501
"<filename>/etc/exim4/conf.d/main/03_exim4-config_tlsoptions</filename> add "
17502
"the following:"
17503
msgstr ""
17504
17505
#: serverguide/C/mail.xml:570(programlisting)
17506
#, no-wrap
17507
msgid ""
17508
"\n"
17509
"MAIN_TLS_ENABLE = yes\n"
17510
msgstr ""
17511
17512
#: serverguide/C/mail.xml:573(para)
17513
msgid ""
17514
"Next you need to configure <application>Exim4</application> to use the "
17515
"<application>saslauthd</application> for authentication. Edit "
17516
"<filename>/etc/exim4/conf.d/auth/30_exim4-config_examples</filename> and "
17517
"uncomment the <emphasis>plain_saslauthd_server</emphasis> and "
17518
"<emphasis>login_saslauthd_server</emphasis> sections:"
17519
msgstr ""
17520
17521
#: serverguide/C/mail.xml:578(programlisting)
17522
#, no-wrap
17523
msgid ""
17524
"\n"
17525
" plain_saslauthd_server:\n"
17526
" driver = plaintext\n"
17527
" public_name = PLAIN\n"
17528
" server_condition = ${if saslauthd{{$auth2}{$auth3}}{1}{0}}\n"
17529
" server_set_id = $auth2\n"
17530
" server_prompts = :\n"
17531
" .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS\n"
17532
" server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}\n"
17533
" .endif\n"
17534
"#\n"
17535
" login_saslauthd_server:\n"
17536
" driver = plaintext\n"
17537
" public_name = LOGIN\n"
17538
" server_prompts = \"Username:: : Password::\"\n"
17539
" # don't send system passwords over unencrypted connections\n"
17540
" server_condition = ${if saslauthd{{$auth1}{$auth2}}{1}{0}}\n"
17541
" server_set_id = $auth1\n"
17542
" .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS\n"
17543
" server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}\n"
17544
" .endif\n"
17545
msgstr ""
17546
17547
#: serverguide/C/mail.xml:600(para)
17548
msgid "Finally, update the Exim4 configuration and restart the service:"
17549
msgstr ""
17550
17551
#: serverguide/C/mail.xml:605(command)
17552
msgid "sudo /etc/init.d/exim4 restart"
17553
msgstr ""
17554
17555
#: serverguide/C/mail.xml:610(para)
17556
msgid ""
17557
"This section provides details on configuring the saslauthd to provide "
17558
"authentication for <application>Exim4</application>."
17559
msgstr ""
17560
17561
#: serverguide/C/mail.xml:613(para)
17562
msgid ""
17563
"The first step is to install the sasl2-bin package. From a terminal prompt "
17564
"enter the following:"
17565
msgstr ""
17566
17567
#: serverguide/C/mail.xml:617(command)
17568
msgid "sudo apt-get install sasl2-bin"
17569
msgstr ""
17570
17571
#: serverguide/C/mail.xml:619(para)
17572
msgid ""
17573
"To configure saslauthd edit the /etc/default/saslauthd configuration file "
17574
"and set START=no to:"
17575
msgstr ""
17576
17577
#: serverguide/C/mail.xml:622(programlisting)
17578
#, no-wrap
17579
msgid ""
17580
"\n"
17581
"START=yes\n"
17582
msgstr ""
17583
17584
#: serverguide/C/mail.xml:625(para)
17585
msgid ""
17586
"Next the <emphasis>Debian-exim</emphasis> user needs to be part of the "
17587
"<emphasis>sasl</emphasis> group in order for Exim4 to use the saslauthd "
17588
"service:"
17589
msgstr ""
17590
17591
#: serverguide/C/mail.xml:630(command)
17592
msgid "sudo adduser Debian-exim sasl"
17593
msgstr ""
17594
17595
#: serverguide/C/mail.xml:632(para)
17596
msgid "Now start the <application>saslauthd</application> service:"
17597
msgstr ""
17598
17599
#: serverguide/C/mail.xml:636(command)
17600
msgid "sudo /etc/init.d/saslauthd start"
17601
msgstr ""
17602
17603
#: serverguide/C/mail.xml:638(para)
17604
msgid ""
17605
"<application>Exim4</application> is now configured with SMTP-AUTH using TLS "
17606
"and SASL authentication."
17607
msgstr ""
17608
17609
#: serverguide/C/mail.xml:647(para)
17610
msgid ""
17611
"See <ulink url=\"http://www.exim.org/\">exim.org</ulink> for more "
17612
"information."
17613
msgstr ""
17614
17615
#: serverguide/C/mail.xml:652(para)
17616
msgid ""
17617
"There is also an <ulink url=\"http://www.uit.co.uk/content/exim-smtp-mail-"
17618
"server\">Exim4 Book</ulink> available."
17619
msgstr ""
17620
17621
#: serverguide/C/mail.xml:657(para)
17622
msgid ""
17623
"Another resource is the <ulink "
17624
"url=\"https://help.ubuntu.com/community/Exim4\">Exim4 Ubuntu Wiki </ulink> "
17625
"page."
17626
msgstr ""
17627
17628
#: serverguide/C/mail.xml:666(title)
17629
msgid "Dovecot Server"
17630
msgstr ""
17631
17632
#: serverguide/C/mail.xml:667(para)
17633
msgid ""
17634
"<application>Dovecot</application> is a Mail Delivery Agent, written with "
17635
"security primarily in mind. It supports the major mailbox formats: mbox or "
17636
"Maildir. This section explain how to set it up as an imap or pop3 server."
17637
msgstr ""
17638
17639
#: serverguide/C/mail.xml:675(para)
17640
msgid ""
17641
"To install <application>dovecot</application>, run the following command in "
17642
"the command prompt:"
17643
msgstr ""
17644
17645
#: serverguide/C/mail.xml:680(command)
17646
msgid "sudo apt-get install dovecot-imapd dovecot-pop3d"
17647
msgstr ""
17648
17649
#: serverguide/C/mail.xml:685(para)
17650
msgid ""
17651
"To configure <application>dovecot</application>, you can edit the file "
17652
"<filename>/etc/dovecot/dovecot.conf</filename>. You can choose the protocol "
17653
"you use. It could be pop3, pop3s (pop3 secure), imap and imaps (imap "
17654
"secure). A description of these protocols is beyond the scope of this guide. "
17655
"For further information, refer to the Wikipedia articles on <ulink "
17656
"url=\"http://en.wikipedia.org/wiki/POP3\">POP3</ulink> and <ulink "
17657
"url=\"http://en.wikipedia.org/wiki/Internet_Message_Access_Protocol\">IMAP</u"
17658
"link>."
17659
msgstr ""
17660
17661
#: serverguide/C/mail.xml:695(para)
17662
msgid ""
17663
"IMAPS and POP3S are more secure that the simple IMAP and POP3 because they "
17664
"use SSL encryption to connect. Once you have chosen the protocol, amend the "
17665
"following line in the file <filename>/etc/dovecot/dovecot.conf</filename>:"
17666
msgstr ""
17667
17668
#: serverguide/C/mail.xml:701(programlisting)
17669
#, no-wrap
17670
msgid ""
17671
"\n"
17672
"protocols = pop3 pop3s imap imaps\n"
17673
msgstr ""
17674
17675
#: serverguide/C/mail.xml:704(para)
17676
msgid ""
17677
"Next, choose the mailbox you would like to use. "
17678
"<application>Dovecot</application> supports <emphasis "
17679
"role=\"strong\">maildir</emphasis> and <emphasis "
17680
"role=\"strong\">mbox</emphasis> formats. These are the most commonly used "
17681
"mailbox formats. They both have their own benefits and are discussed on "
17682
"<ulink url=\"http://wiki.dovecot.org/MailboxFormat\">the Dovecot web "
17683
"site</ulink>."
17684
msgstr ""
17685
17686
#: serverguide/C/mail.xml:712(para)
17687
msgid ""
17688
"Once you have chosen your mailbox type, edit the file "
17689
"<filename>/etc/dovecot/dovecot.conf</filename> and change the following line:"
17690
msgstr ""
17691
17692
#: serverguide/C/mail.xml:717(programlisting)
17693
#, no-wrap
17694
msgid ""
17695
"\n"
17696
"mail_location = maildir:~/Maildir # (for maildir)\n"
17697
"or\n"
17698
"mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u # (for mbox)\n"
17699
msgstr ""
17700
17701
#: serverguide/C/mail.xml:723(para)
17702
msgid ""
17703
"You should configure your Mail Transport Agent (MTA) to transfer the "
17704
"incoming mail to this type of mailbox if it is different from the one you "
17705
"have configured."
17706
msgstr ""
17707
17708
#: serverguide/C/mail.xml:729(para)
17709
msgid ""
17710
"Once you have configured dovecot, restart the "
17711
"<application>dovecot</application> daemon in order to test your setup:"
17712
msgstr ""
17713
17714
#: serverguide/C/mail.xml:738(para)
17715
msgid ""
17716
"If you have enabled imap, or pop3, you can also try to log in with the "
17717
"commands <command>telnet localhost pop3</command> or <command>telnet "
17718
"localhost imap2</command>. If you see something like the following, the "
17719
"installation has been successful:"
17720
msgstr ""
17721
17722
#: serverguide/C/mail.xml:745(programlisting)
17723
#, no-wrap
17724
msgid ""
17725
"\n"
17726
"bhuvan@rainbow:~$ telnet localhost pop3\n"
17727
"Trying 127.0.0.1...\n"
17728
"Connected to localhost.localdomain.\n"
17729
"Escape character is '^]'.\n"
17730
"+OK Dovecot ready.\n"
17731
msgstr ""
17732
17733
#: serverguide/C/mail.xml:754(title)
17734
msgid "Dovecot SSL Configuration"
17735
msgstr ""
17736
17737
#: serverguide/C/mail.xml:755(para)
17738
msgid ""
17739
"To configure <application>dovecot</application> to use SSL, you can edit the "
17740
"file <filename>/etc/dovecot/dovecot.conf</filename> and amend following "
17741
"lines:"
17742
msgstr ""
17743
17744
#: serverguide/C/mail.xml:760(programlisting)
17745
#, no-wrap
17746
msgid ""
17747
"\n"
17748
"ssl_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem\n"
17749
"ssl_key_file = /etc/ssl/private/ssl-cert-snakeoil.key\n"
17750
"ssl_disable = no\n"
17751
"disable_plaintext_auth = no\n"
17752
msgstr ""
17753
17754
#: serverguide/C/mail.xml:766(para)
17755
msgid ""
17756
"You can get the SSL certificate from a Certificate Issuing Authority or you "
17757
"can create self signed SSL certificate. The latter is a good option for "
17758
"email, because SMTP clients rarely complain about \"self-signed "
17759
"certificates\". Please refer to <xref linkend=\"certificates-and-"
17760
"security\"/> for details about how to create self signed SSL certificate. "
17761
"Once you create the certificate, you will have a key file and a certificate "
17762
"file. Please copy them to the location pointed in the "
17763
"<filename>/etc/dovecot/dovecot.conf</filename> configuration file."
17764
msgstr ""
17765
17766
#: serverguide/C/mail.xml:781(title)
17767
msgid "Firewall Configuration for an Email Server"
17768
msgstr ""
17769
17770
#: serverguide/C/mail.xml:787(para)
17771
msgid "IMAP - 143"
17772
msgstr ""
17773
17774
#: serverguide/C/mail.xml:788(para)
17775
msgid "IMAPS - 993"
17776
msgstr ""
17777
17778
#: serverguide/C/mail.xml:789(para)
17779
msgid "POP3 - 110"
17780
msgstr ""
17781
17782
#: serverguide/C/mail.xml:790(para)
17783
msgid "POP3S - 995"
17784
msgstr ""
17785
17786
#: serverguide/C/mail.xml:782(para)
17787
msgid ""
17788
"To access your mail server from another computer, you must configure your "
17789
"firewall to allow connections to the server on the necessary ports. "
17790
"<placeholder-1/>"
17791
msgstr ""
17792
17793
#: serverguide/C/mail.xml:799(para)
17794
msgid ""
17795
"See the <ulink url=\"http://www.dovecot.org/\">Dovecot website</ulink> for "
17796
"more information."
17797
msgstr ""
17798
17799
#: serverguide/C/mail.xml:804(para)
17800
msgid ""
17801
"Also, the <ulink url=\"https://help.ubuntu.com/community/Dovecot\">Dovecot "
17802
"Ubuntu Wiki</ulink> page has more details."
17803
msgstr ""
17804
17805
#: serverguide/C/mail.xml:813(title) serverguide/C/mail.xml:890(title) serverguide/C/mail.xml:1113(title)
17806
msgid "Mailman"
17807
msgstr ""
17808
17809
#: serverguide/C/mail.xml:814(para)
17810
msgid ""
17811
"Mailman is an open source program for managing electronic mail discussions "
17812
"and e-newsletter lists. Many open source mailing lists (including all the "
17813
"<ulink url=\"http://lists.ubuntu.com\">Ubuntu mailing lists</ulink>) use "
17814
"Mailman as their mailing list software. It is powerful and easy to install "
17815
"and maintain."
17816
msgstr ""
17817
17818
#: serverguide/C/mail.xml:824(para)
17819
msgid ""
17820
"Mailman provides a web interface for the administrators and users, using an "
17821
"external mail server to send and receive emails. It works perfectly with the "
17822
"following mail servers:"
17823
msgstr ""
17824
17825
#: serverguide/C/mail.xml:835(application)
17826
msgid "Exim"
17827
msgstr ""
17828
17829
#: serverguide/C/mail.xml:838(application)
17830
msgid "Sendmail"
17831
msgstr ""
17832
17833
#: serverguide/C/mail.xml:841(application)
17834
msgid "Qmail"
17835
msgstr ""
17836
17837
#: serverguide/C/mail.xml:846(para)
17838
msgid ""
17839
"We will see how to install and configure Mailman with, the Apache web "
17840
"server, and either the Postfix or Exim mail server. If you wish to install "
17841
"Mailman with a different mail server, please refer to the references section."
17842
msgstr ""
17843
17844
#: serverguide/C/mail.xml:853(para)
17845
msgid ""
17846
"You only need to install one mail server and "
17847
"<application>Postfix</application> is the default Ubuntu Mail Transfer Agent."
17848
msgstr ""
17849
17850
#: serverguide/C/mail.xml:858(title) serverguide/C/mail.xml:917(title)
17851
msgid "Apache2"
17852
msgstr ""
17853
17854
#: serverguide/C/mail.xml:859(para)
17855
msgid ""
17856
"To install apache2 you refer to <ulink url=\"./web-servers.xml#http-"
17857
"installation\">HTTPD Installation</ulink> section for details."
17858
msgstr ""
17859
17860
#: serverguide/C/mail.xml:867(para)
17861
msgid ""
17862
"For instructions on installing and configuring Postfix refer to <xref "
17863
"linkend=\"postfix\"/>"
17864
msgstr ""
17865
17866
#: serverguide/C/mail.xml:873(para)
17867
msgid "To install Exim4 refer to <xref linkend=\"exim4\"/>."
17868
msgstr ""
17869
17870
#: serverguide/C/mail.xml:884(application)
17871
msgid "dc_use_split_config='true'"
17872
msgstr ""
17873
17874
#: serverguide/C/mail.xml:876(para)
17875
msgid ""
17876
"Once exim4 is installed, the configuration files are stored in the "
17877
"<filename>/etc/exim4</filename> directory. In Ubuntu, by default, the exim4 "
17878
"configuration files are split across different files. You can change this "
17879
"behavior by changing the following variable in the "
17880
"<filename>/etc/exim4/update-exim4.conf</filename> file: <placeholder-1/>"
17881
msgstr ""
17882
17883
#: serverguide/C/mail.xml:891(para)
17884
msgid ""
17885
"To install <application>Mailman</application>, run following command at a "
17886
"terminal prompt:"
17887
msgstr ""
17888
17889
#: serverguide/C/mail.xml:895(command)
17890
msgid "sudo apt-get install mailman"
17891
msgstr ""
17892
17893
#: serverguide/C/mail.xml:897(para)
17894
msgid ""
17895
"It copies the installation files in "
17896
"<application>/var/lib/mailman</application> directory. It installs the CGI "
17897
"scripts in <application>/usr/lib/cgi-bin/mailman</application> directory. It "
17898
"creates <emphasis>list</emphasis> linux user. It creates the "
17899
"<emphasis>list</emphasis> linux group. The mailman process will be owned by "
17900
"this user."
17901
msgstr ""
17902
17903
#: serverguide/C/mail.xml:909(para)
17904
msgid ""
17905
"This section assumes you have successfully installed "
17906
"<application>mailman</application>, <application>apache2</application>, and "
17907
"<application>postfix</application> or <application>exim4</application>. Now "
17908
"you just need to configure them."
17909
msgstr ""
17910
17911
#: serverguide/C/mail.xml:918(para)
17912
msgid ""
17913
"An example Apache configuration file comes with "
17914
"<application>Mailman</application> and is placed in "
17915
"<filename>/etc/mailman/apache.conf</filename>. In order for Apache to use "
17916
"the config file it needs to be copied to <filename>/etc/apache2/sites-"
17917
"available</filename>:"
17918
msgstr ""
17919
17920
#: serverguide/C/mail.xml:924(command)
17921
msgid ""
17922
"sudo cp /etc/mailman/apache.conf /etc/apache2/sites-available/mailman.conf"
17923
msgstr ""
17924
17925
#: serverguide/C/mail.xml:926(para)
17926
msgid ""
17927
"This will setup a new Apache <emphasis>VirtualHost</emphasis> for the "
17928
"Mailman administration site. Now enable the new configuration and restart "
17929
"Apache:"
17930
msgstr ""
17931
17932
#: serverguide/C/mail.xml:931(command)
17933
msgid "sudo a2ensite mailman.conf"
17934
msgstr ""
17935
17936
#: serverguide/C/mail.xml:934(para)
17937
msgid ""
17938
"Mailman uses apache2 to render its CGI scripts. The mailman CGI scripts are "
17939
"installed in the <application>/usr/lib/cgi-bin/mailman</application> "
17940
"directory. So, the mailman url will be http://hostname/cgi-bin/mailman/. You "
17941
"can make changes to the <filename>/etc/apache2/sites-"
17942
"available/mailman.conf</filename> file if you wish to change this behavior."
17943
msgstr ""
17944
17945
#: serverguide/C/mail.xml:945(para)
17946
msgid ""
17947
"For <application>Postfix</application> integration, we will associate the "
17948
"domain lists.example.com with the mailing lists. Please replace "
17949
"<emphasis>lists.example.com</emphasis> with the domain of your choosing."
17950
msgstr ""
17951
17952
#: serverguide/C/mail.xml:949(para)
17953
msgid ""
17954
"You can use the postconf command to add the necessary configuration to "
17955
"<filename>/etc/postfix/main.cf</filename>:"
17956
msgstr ""
17957
17958
#: serverguide/C/mail.xml:953(command)
17959
msgid "sudo postconf -e 'relay_domains = lists.example.com'"
17960
msgstr ""
17961
17962
#: serverguide/C/mail.xml:954(command)
17963
msgid "sudo postconf -e 'transport_maps = hash:/etc/postfix/transport'"
17964
msgstr ""
17965
17966
#: serverguide/C/mail.xml:955(command)
17967
msgid "sudo postconf -e 'mailman_destination_recipient_limit = 1'"
17968
msgstr ""
17969
17970
#: serverguide/C/mail.xml:957(para)
17971
msgid ""
17972
"In <filename>/etc/postfix/master.cf</filename> double check that you have "
17973
"the following transport:"
17974
msgstr ""
17975
17976
#: serverguide/C/mail.xml:960(programlisting)
17977
#, no-wrap
17978
msgid ""
17979
"\n"
17980
"mailman unix - n n - - pipe\n"
17981
" flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py\n"
17982
" ${nexthop} ${user}\n"
17983
msgstr ""
17984
17985
#: serverguide/C/mail.xml:965(para)
17986
msgid ""
17987
"It calls the <emphasis>postfix-to-mailman.py</emphasis> script when a mail "
17988
"is delivered to a list."
17989
msgstr ""
17990
17991
#: serverguide/C/mail.xml:968(para)
17992
msgid ""
17993
"Associate the domain lists.example.com to the Mailman transport with the "
17994
"transport map. Edit the file <filename>/etc/postfix/transport</filename>:"
17995
msgstr ""
17996
17997
#: serverguide/C/mail.xml:971(programlisting)
17998
#, no-wrap
17999
msgid ""
18000
"\n"
18001
"lists.example.com mailman:\n"
18002
msgstr ""
18003
18004
#: serverguide/C/mail.xml:974(para)
18005
msgid ""
18006
"Now have <application>Postfix</application> build the transport map by "
18007
"entering the following from a terminal prompt:"
18008
msgstr ""
18009
18010
#: serverguide/C/mail.xml:978(command)
18011
msgid "sudo postmap -v /etc/postfix/transport"
18012
msgstr ""
18013
18014
#: serverguide/C/mail.xml:980(para)
18015
msgid "Then restart Postfix to enable the new configurations:"
18016
msgstr ""
18017
18018
#: serverguide/C/mail.xml:989(para)
18019
msgid ""
18020
"Once Exim4 is installed, you can start the Exim server using the following "
18021
"command from a terminal prompt:"
18022
msgstr ""
18023
18024
#: serverguide/C/mail.xml:1005(para) serverguide/C/mail.xml:1020(title)
18025
msgid "Main"
18026
msgstr ""
18027
18028
#: serverguide/C/mail.xml:1008(para) serverguide/C/mail.xml:1060(title)
18029
msgid "Transport"
18030
msgstr ""
18031
18032
#: serverguide/C/mail.xml:1011(para) serverguide/C/mail.xml:1083(title)
18033
msgid "Router"
18034
msgstr ""
18035
18036
#: serverguide/C/mail.xml:996(para)
18037
msgid ""
18038
"In order to make mailman work with Exim4, you need to configure Exim4. As "
18039
"mentioned earlier, by default, Exim4 uses multiple configuration files of "
18040
"different types. For details, please refer to the <ulink "
18041
"url=\"http://www.exim.org\">Exim</ulink> web site. To run mailman, we should "
18042
"add new a configuration file to the following configuration types: "
18043
"<placeholder-1/> Exim creates a master configuration file by sorting all "
18044
"these mini configuration files. So, the order of these configuration files "
18045
"is very important."
18046
msgstr ""
18047
18048
#: serverguide/C/mail.xml:1027(programlisting)
18049
#, no-wrap
18050
msgid ""
18051
"\n"
18052
"# start\n"
18053
"# Home dir for your Mailman installation -- aka Mailman's prefix\n"
18054
"# directory.\n"
18055
"# On Ubuntu this should be \"/var/lib/mailman\"\n"
18056
"# This is normally the same as ~mailman\n"
18057
"MM_HOME=/var/lib/mailman\n"
18058
"#\n"
18059
"# User and group for Mailman, should match your --with-mail-gid\n"
18060
"# switch to Mailman's configure script. Value is normally \"mailman\"\n"
18061
"MM_UID=list\n"
18062
"MM_GID=list\n"
18063
"#\n"
18064
"# Domains that your lists are in - colon separated list\n"
18065
"# you may wish to add these into local_domains as well\n"
18066
"domainlist mm_domains=hostname.com\n"
18067
"#\n"
18068
"# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n"
18069
"#\n"
18070
"# These values are derived from the ones above and should not need\n"
18071
"# editing unless you have munged your mailman installation\n"
18072
"#\n"
18073
"# The path of the Mailman mail wrapper script\n"
18074
"MM_WRAP=MM_HOME/mail/mailman\n"
18075
"#\n"
18076
"# The path of the list config file (used as a required file when\n"
18077
"# verifying list addresses)\n"
18078
"MM_LISTCHK=MM_HOME/lists/${lc::$local_part}/config.pck\n"
18079
"# end\n"
18080
msgstr ""
18081
18082
#: serverguide/C/mail.xml:1021(para)
18083
msgid ""
18084
"All the configuration files belonging to the main type are stored in the "
18085
"<filename>/etc/exim4/conf.d/main/</filename> directory. You can add the "
18086
"following content to a new file, named <filename>04_exim4-"
18087
"config_mailman</filename>: <placeholder-1/>"
18088
msgstr ""
18089
18090
#: serverguide/C/mail.xml:1067(programlisting)
18091
#, no-wrap
18092
msgid ""
18093
"\n"
18094
" mailman_transport:\n"
18095
" driver = pipe\n"
18096
" command = MM_WRAP \\\n"
18097
" '${if def:local_part_suffix \\\n"
18098
" {${sg{$local_part_suffix}{-(\\\\w+)(\\\\+.*)?}{\\$1}}} "
18099
"\\\n"
18100
" {post}}' \\\n"
18101
" $local_part\n"
18102
" current_directory = MM_HOME\n"
18103
" home_directory = MM_HOME\n"
18104
" user = MM_UID\n"
18105
" group = MM_GID\n"
18106
msgstr ""
18107
18108
#: serverguide/C/mail.xml:1061(para)
18109
msgid ""
18110
"All the configuration files belonging to transport type are stored in the "
18111
"<filename>/etc/exim4/conf.d/transport/</filename> directory. You can add the "
18112
"following content to a new file named <filename> 40_exim4-"
18113
"config_mailman</filename>: <placeholder-1/>"
18114
msgstr ""
18115
18116
#: serverguide/C/mail.xml:1088(programlisting)
18117
#, no-wrap
18118
msgid ""
18119
"\n"
18120
" mailman_router:\n"
18121
" driver = accept\n"
18122
" require_files = MM_HOME/lists/$local_part/config.pck\n"
18123
" local_part_suffix_optional\n"
18124
" local_part_suffix = -bounces : -bounces+* : \\\n"
18125
" -confirm+* : -join : -leave : \\\n"
18126
" -owner : -request : -admin\n"
18127
" transport = mailman_transport\n"
18128
msgstr ""
18129
18130
#: serverguide/C/mail.xml:1084(para)
18131
msgid ""
18132
"All the configuration files belonging to router type are stored in the "
18133
"<filename>/etc/exim4/conf.d/router/</filename> directory. You can add the "
18134
"following content in to a new file named <filename>101_exim4-"
18135
"config_mailman</filename>: <placeholder-1/>"
18136
msgstr ""
18137
18138
#: serverguide/C/mail.xml:1101(para)
18139
msgid ""
18140
"The order of main and transport configuration files can be in any order. "
18141
"But, the order of router configuration files must be the same. This "
18142
"particular file must appear before the <application>200_exim4-"
18143
"config_primary</application> file. These two configuration files contain "
18144
"same type of information. The first file takes the precedence. For more "
18145
"details, please refer to the references section."
18146
msgstr ""
18147
18148
#: serverguide/C/mail.xml:1114(para)
18149
msgid ""
18150
"Once mailman is installed, you can run it using the following command:"
18151
msgstr ""
18152
18153
#: serverguide/C/mail.xml:1118(command)
18154
msgid "sudo /etc/init.d/mailman start"
18155
msgstr ""
18156
18157
#: serverguide/C/mail.xml:1120(para)
18158
msgid ""
18159
"Once mailman is installed, you should create the default mailing list. Run "
18160
"the following command to create the mailing list:"
18161
msgstr ""
18162
18163
#: serverguide/C/mail.xml:1126(command)
18164
msgid "sudo /usr/sbin/newlist mailman"
18165
msgstr ""
18166
18167
#: serverguide/C/mail.xml:1129(programlisting)
18168
#, no-wrap
18169
msgid ""
18170
"\n"
18171
" Enter the email address of the person running the list: bhuvan at "
18172
"ubuntu.com\n"
18173
" Initial mailman password:\n"
18174
" To finish creating your mailing list, you must edit your "
18175
"<filename>/etc/aliases</filename> (or\n"
18176
" equivalent) file by adding the following lines, and possibly running the\n"
18177
" `newaliases' program:\n"
18178
"\n"
18179
" ## mailman mailing list\n"
18180
" mailman: \"|/var/lib/mailman/mail/mailman post mailman\"\n"
18181
" mailman-admin: \"|/var/lib/mailman/mail/mailman admin mailman\"\n"
18182
" mailman-bounces: \"|/var/lib/mailman/mail/mailman bounces mailman\"\n"
18183
" mailman-confirm: \"|/var/lib/mailman/mail/mailman confirm mailman\"\n"
18184
" mailman-join: \"|/var/lib/mailman/mail/mailman join mailman\"\n"
18185
" mailman-leave: \"|/var/lib/mailman/mail/mailman leave mailman\"\n"
18186
" mailman-owner: \"|/var/lib/mailman/mail/mailman owner mailman\"\n"
18187
" mailman-request: \"|/var/lib/mailman/mail/mailman request mailman\"\n"
18188
" mailman-subscribe: \"|/var/lib/mailman/mail/mailman subscribe "
18189
"mailman\"\n"
18190
" mailman-unsubscribe: \"|/var/lib/mailman/mail/mailman unsubscribe "
18191
"mailman\"\n"
18192
"\n"
18193
" Hit enter to notify mailman owner...\n"
18194
"\n"
18195
" # \n"
18196
msgstr ""
18197
18198
#: serverguide/C/mail.xml:1152(para)
18199
msgid ""
18200
"We have configured either Postfix or Exim4 to recognize all emails from "
18201
"mailman. So, it is not mandatory to make any new entries in "
18202
"<filename>/etc/aliases</filename>. If you have made any changes to the "
18203
"configuration files, please ensure that you restart those services before "
18204
"continuing to next section."
18205
msgstr ""
18206
18207
#: serverguide/C/mail.xml:1160(para)
18208
msgid ""
18209
"The Exim4 does not use the above aliases to forward mails to Mailman, as it "
18210
"uses a <emphasis>discover</emphasis> approach. To suppress the aliases while "
18211
"creating the list, you can add <emphasis>MTA=None</emphasis> line in Mailman "
18212
"configuration file, <filename>/etc/mailman/mm_cfg.py</filename>."
18213
msgstr ""
18214
18215
#: serverguide/C/mail.xml:1171(title)
18216
msgid "Administration"
18217
msgstr ""
18218
18219
#: serverguide/C/mail.xml:1172(para)
18220
msgid ""
18221
"We assume you have a default installation. The mailman cgi scripts are still "
18222
"in the <application>/usr/lib/cgi-bin/mailman/</application> directory. "
18223
"Mailman provides a web based administration facility. To access this page, "
18224
"point your browser to the following url:"
18225
msgstr ""
18226
18227
#: serverguide/C/mail.xml:1180(para)
18228
msgid "http://hostname/cgi-bin/mailman/admin"
18229
msgstr ""
18230
18231
#: serverguide/C/mail.xml:1184(para)
18232
msgid ""
18233
"The default mailing list, <emphasis>mailman</emphasis>, will appear in this "
18234
"screen. If you click the mailing list name, it will ask for your "
18235
"authentication password. If you enter the correct password, you will be able "
18236
"to change administrative settings of this mailing list. You can create a new "
18237
"mailing list using the command line utility "
18238
"(<command>/usr/sbin/newlist</command>). Alternatively, you can create a new "
18239
"mailing list using the web interface."
18240
msgstr ""
18241
18242
#: serverguide/C/mail.xml:1197(title)
18243
msgid "Users"
18244
msgstr ""
18245
18246
#: serverguide/C/mail.xml:1198(para)
18247
msgid ""
18248
"Mailman provides a web based interface for users. To access this page, point "
18249
"your browser to the following url:"
18250
msgstr ""
18251
18252
#: serverguide/C/mail.xml:1203(para)
18253
msgid "http://hostname/cgi-bin/mailman/listinfo"
18254
msgstr ""
18255
18256
#: serverguide/C/mail.xml:1207(para)
18257
msgid ""
18258
"The default mailing list, <emphasis>mailman</emphasis>, will appear in this "
18259
"screen. If you click the mailing list name, it will display the subscription "
18260
"form. You can enter your email address, name (optional), and password to "
18261
"subscribe. An email invitation will be sent to you. You can follow the "
18262
"instructions in the email to subscribe."
18263
msgstr ""
18264
18265
#: serverguide/C/mail.xml:1219(ulink)
18266
msgid "GNU Mailman - Installation Manual"
18267
msgstr ""
18268
18269
#: serverguide/C/mail.xml:1223(ulink)
18270
msgid "HOWTO - Using Exim 4 and Mailman 2.1 together"
18271
msgstr ""
18272
18273
#: serverguide/C/mail.xml:1226(para)
18274
msgid ""
18275
"Also, see the <ulink "
18276
"url=\"https://help.ubuntu.com/community/Mailman\">Mailman Ubuntu "
18277
"Wiki</ulink> page."
18278
msgstr ""
18279
18280
#: serverguide/C/mail.xml:1232(title)
18281
msgid "Mail Filtering"
18282
msgstr ""
18283
18284
#: serverguide/C/mail.xml:1233(para)
18285
msgid ""
18286
"One of the largest issues with email today is the problem of Unsolicited "
18287
"Bulk Email (UBE). Also known as SPAM, such messages may also carry viruses "
18288
"and other forms of malware. According to some reports these messages make up "
18289
"the bulk of all email traffic on the Internet."
18290
msgstr ""
18291
18292
#: serverguide/C/mail.xml:1238(para)
18293
msgid ""
18294
"This section will cover integrating <application>Amavisd-new</application>, "
18295
"<application>Spamassassin</application>, and "
18296
"<application>ClamAV</application> with the "
18297
"<application>Postfix</application> Mail Transport Agent (MTA). "
18298
"<application>Postfix</application> can also check email validity by passing "
18299
"it through external content filters. These filters can sometimes determine "
18300
"if a message is spam without needing to process it with more resource "
18301
"intensive applications. Two common filters are "
18302
"<application>opendkim</application> and <application>python-policyd-"
18303
"spf</application>."
18304
msgstr ""
18305
18306
#: serverguide/C/mail.xml:1248(para)
18307
msgid ""
18308
"<application>Amavisd-new</application> is a wrapper program that can call "
18309
"any number of content filtering programs for spam detection, antivirus, etc."
18310
msgstr ""
18311
18312
#: serverguide/C/mail.xml:1254(para)
18313
msgid ""
18314
"<application>Spamassassin</application> uses a variety of mechanisms to "
18315
"filter email based on the message content."
18316
msgstr ""
18317
18318
#: serverguide/C/mail.xml:1259(para)
18319
msgid ""
18320
"<application>ClamAV</application> is an open source antivirus application."
18321
msgstr ""
18322
18323
#: serverguide/C/mail.xml:1264(para)
18324
msgid ""
18325
"<application>opendkim</application> implements a Sendmail Mail Filter "
18326
"(Milter) for the DomainKeys Identified Mail (DKIM) standard."
18327
msgstr ""
18328
18329
#: serverguide/C/mail.xml:1270(para)
18330
msgid ""
18331
"<application>python-policyd-spf</application> enables Sender Policy "
18332
"Framework (SPF) checking with <application>Postfix</application>."
18333
msgstr ""
18334
18335
#: serverguide/C/mail.xml:1275(para)
18336
msgid "This is how the pieces fit together:"
18337
msgstr ""
18338
18339
#: serverguide/C/mail.xml:1280(para)
18340
msgid "An email message is accepted by <application>Postfix</application>."
18341
msgstr ""
18342
18343
#: serverguide/C/mail.xml:1285(para)
18344
msgid ""
18345
"The message is passed through any external filters "
18346
"<application>opendkim</application> and <application>python-policyd-"
18347
"spf</application> in this case."
18348
msgstr ""
18349
18350
#: serverguide/C/mail.xml:1291(para)
18351
msgid "<application>Amavisd-new</application> then processes the message."
18352
msgstr ""
18353
18354
#: serverguide/C/mail.xml:1296(para)
18355
msgid ""
18356
"<application>ClamAV</application> is used to scan the message. If the "
18357
"message contains a virus <application>Postfix</application> will reject the "
18358
"message."
18359
msgstr ""
18360
18361
#: serverguide/C/mail.xml:1302(para)
18362
msgid ""
18363
"Clean messages will then be analyzed by "
18364
"<application>Spamassassin</application> to find out if the message is spam. "
18365
"<application>Spamassassin</application> will then add X-Header lines "
18366
"allowing <application>Amavisd-new</application> to further manipulate the "
18367
"message."
18368
msgstr ""
18369
18370
#: serverguide/C/mail.xml:1309(para)
18371
msgid ""
18372
"For example, if a message has a Spam score of over fifty the message could "
18373
"be automatically dropped from the queue without the recipient ever having to "
18374
"be bothered. Another, way to handle flagged messages is to deliver them to "
18375
"the Mail User Agent (MUA) allowing the user to deal with the message as they "
18376
"see fit."
18377
msgstr ""
18378
18379
#: serverguide/C/mail.xml:1316(para)
18380
msgid ""
18381
"See <xref linkend=\"postfix\"/> for instructions on installing and "
18382
"configuring Postfix."
18383
msgstr ""
18384
18385
#: serverguide/C/mail.xml:1319(para)
18386
msgid ""
18387
"To install the rest of the applications enter the following from a terminal "
18388
"prompt:"
18389
msgstr ""
18390
18391
#: serverguide/C/mail.xml:1323(command)
18392
msgid "sudo apt-get install amavisd-new spamassassin clamav-daemon"
18393
msgstr ""
18394
18395
#: serverguide/C/mail.xml:1324(command)
18396
msgid "sudo apt-get install opendkim python-policyd-spf"
18397
msgstr ""
18398
18399
#: serverguide/C/mail.xml:1326(para)
18400
msgid ""
18401
"There are some optional packages that integrate with "
18402
"<application>Spamassassin</application> for better spam detection:"
18403
msgstr ""
18404
18405
#: serverguide/C/mail.xml:1330(command)
18406
msgid "sudo apt-get install pyzor razor"
18407
msgstr ""
18408
18409
#: serverguide/C/mail.xml:1332(para)
18410
msgid ""
18411
"Along with the main filtering applications compression utilities are needed "
18412
"to process some email attachments:"
18413
msgstr ""
18414
18415
#: serverguide/C/mail.xml:1336(command)
18416
msgid ""
18417
"sudo apt-get install arj cabextract cpio lha nomarch pax rar unrar unzip zip"
18418
msgstr ""
18419
18420
#: serverguide/C/mail.xml:1339(para)
18421
msgid ""
18422
"If some packages are not found, check that the "
18423
"<emphasis>multiverse</emphasis> repository is enabled in "
18424
"<filename>/etc/apt/sources.list</filename>"
18425
msgstr ""
18426
18427
#: serverguide/C/mail.xml:1340(para)
18428
msgid ""
18429
"If you make changes to the file, be sure to run <command>sudo apt-get "
18430
"update</command> before trying to install again."
18431
msgstr ""
18432
18433
#: serverguide/C/mail.xml:1345(para)
18434
msgid "Now configure everything to work together and filter email."
18435
msgstr ""
18436
18437
#: serverguide/C/mail.xml:1349(title)
18438
msgid "ClamAV"
18439
msgstr ""
18440
18441
#: serverguide/C/mail.xml:1350(para)
18442
msgid ""
18443
"The default behaviour of <application>ClamAV</application> will fit our "
18444
"needs. For more ClamAV configuration options, check the configuration files "
18445
"in <filename>/etc/clamav</filename>."
18446
msgstr ""
18447
18448
#: serverguide/C/mail.xml:1355(para)
18449
msgid ""
18450
"Add the <emphasis>clamav</emphasis> user to the <emphasis>amavis</emphasis> "
18451
"group in order for <application>Amavisd-new</application> to have the "
18452
"appropriate access to scan files:"
18453
msgstr ""
18454
18455
#: serverguide/C/mail.xml:1360(command)
18456
msgid "sudo adduser clamav amavis"
18457
msgstr ""
18458
18459
#: serverguide/C/mail.xml:1364(title)
18460
msgid "Spamassassin"
18461
msgstr ""
18462
18463
#: serverguide/C/mail.xml:1365(para)
18464
msgid ""
18465
"Spamassassin automatically detects optional components and will use them if "
18466
"they are present. This means that there is no need to configure "
18467
"<application>pyzor</application> and <application>razor</application>."
18468
msgstr ""
18469
18470
#: serverguide/C/mail.xml:1369(para)
18471
msgid ""
18472
"Edit <filename>/etc/default/spamassassin</filename> to activate the "
18473
"<application>Spamassassin</application> daemon. Change "
18474
"<emphasis>ENABLED=0</emphasis> to:"
18475
msgstr ""
18476
18477
#: serverguide/C/mail.xml:1373(programlisting)
18478
#, no-wrap
18479
msgid ""
18480
"\n"
18481
"ENABLED=1\n"
18482
msgstr ""
18483
18484
#: serverguide/C/mail.xml:1376(para)
18485
msgid "Now start the daemon:"
18486
msgstr ""
18487
18488
#: serverguide/C/mail.xml:1380(command)
18489
msgid "sudo /etc/init.d/spamassassin start"
18490
msgstr ""
18491
18492
#: serverguide/C/mail.xml:1384(title)
18493
msgid "Amavisd-new"
18494
msgstr ""
18495
18496
#: serverguide/C/mail.xml:1385(para)
18497
msgid ""
18498
"First activate spam and antivirus detection in <application>Amavisd-"
18499
"new</application> by editing <filename>/etc/amavis/conf.d/15-"
18500
"content_filter_mode</filename>:"
18501
msgstr ""
18502
18503
#: serverguide/C/mail.xml:1389(programlisting)
18504
#, no-wrap
18505
msgid ""
18506
"\n"
18507
"use strict;\n"
18508
"\n"
18509
"# You can modify this file to re-enable SPAM checking through spamassassin\n"
18510
"# and to re-enable antivirus checking.\n"
18511
"\n"
18512
"#\n"
18513
"# Default antivirus checking mode\n"
18514
"# Uncomment the two lines below to enable it\n"
18515
"#\n"
18516
"\n"
18517
"@bypass_virus_checks_maps = (\n"
18518
" \\%bypass_virus_checks, \\@bypass_virus_checks_acl, \\"
18519
"$bypass_virus_checks_re);\n"
18520
"\n"
18521
"\n"
18522
"#\n"
18523
"# Default SPAM checking mode\n"
18524
"# Uncomment the two lines below to enable it\n"
18525
"#\n"
18526
"\n"
18527
"@bypass_spam_checks_maps = (\n"
18528
" \\%bypass_spam_checks, \\@bypass_spam_checks_acl, \\"
18529
"$bypass_spam_checks_re);\n"
18530
"\n"
18531
"1; # insure a defined return\n"
18532
msgstr ""
18533
18534
#: serverguide/C/mail.xml:1414(para)
18535
msgid ""
18536
"Bouncing spam can be a bad idea as the return address is often faked. "
18537
"Consider editing <filename>/etc/amavis/conf.d/20-debian_defaults</filename> "
18538
"to set <emphasis>$final_spam_destiny</emphasis> to D_DISCARD rather than "
18539
"D_BOUNCE, as follows:"
18540
msgstr ""
18541
18542
#: serverguide/C/mail.xml:1420(programlisting)
18543
#, no-wrap
18544
msgid ""
18545
"\n"
18546
"$final_spam_destiny = D_DISCARD;\n"
18547
msgstr ""
18548
18549
#: serverguide/C/mail.xml:1424(para)
18550
msgid ""
18551
"Additionally, you may want to adjust the following options to flag more "
18552
"messages as spam:"
18553
msgstr ""
18554
18555
#: serverguide/C/mail.xml:1428(programlisting)
18556
#, no-wrap
18557
msgid ""
18558
"\n"
18559
"$sa_tag_level_deflt = -999; # add spam info headers if at, or above that "
18560
"level\n"
18561
"$sa_tag2_level_deflt = 6.0; # add 'spam detected' headers at that level\n"
18562
"$sa_kill_level_deflt = 21.0; # triggers spam evasive actions\n"
18563
"$sa_dsn_cutoff_level = 4; # spam level beyond which a DSN is not sent\n"
18564
msgstr ""
18565
18566
#: serverguide/C/mail.xml:1435(para)
18567
msgid ""
18568
"If the server's <emphasis>hostname</emphasis> is different from the domain's "
18569
"MX record you may need to manually set the <emphasis>$myhostname</emphasis> "
18570
"option. Also, if the server receives mail for multiple domains the "
18571
"<emphasis>@local_domains_acl</emphasis> option will need to be customized. "
18572
"Edit the <filename>/etc/amavis/conf.d/50-user</filename> file:"
18573
msgstr ""
18574
18575
#: serverguide/C/mail.xml:1442(programlisting)
18576
#, no-wrap
18577
msgid ""
18578
"\n"
18579
"$myhostname = 'mail.example.com';\n"
18580
"@local_domains_acl = ( \"example.com\", \"example.org\" );\n"
18581
msgstr ""
18582
18583
#: serverguide/C/mail.xml:1447(para)
18584
msgid ""
18585
"After configuration <application>Amavisd-new</application> needs to be "
18586
"restarted:"
18587
msgstr ""
18588
18589
#: serverguide/C/mail.xml:1451(command) serverguide/C/mail.xml:1497(command)
18590
msgid "sudo /etc/init.d/amavis restart"
18591
msgstr ""
18592
18593
#: serverguide/C/mail.xml:1454(title)
18594
msgid "DKIM Whitelist"
18595
msgstr ""
18596
18597
#: serverguide/C/mail.xml:1456(para)
18598
msgid ""
18599
"<application>Amavisd-new</application> can be configured to automatically "
18600
"<emphasis>Whitelist</emphasis> addresses from domains with valid Domain "
18601
"Keys. There are some pre-configured domains in the "
18602
"<filename>/etc/amavis/conf.d/40-policy_banks</filename>."
18603
msgstr ""
18604
18605
#: serverguide/C/mail.xml:1462(para)
18606
msgid "There are multiple ways to configure the Whitelist for a domain:"
18607
msgstr ""
18608
18609
#: serverguide/C/mail.xml:1468(para)
18610
msgid ""
18611
"<emphasis>'example.com' => 'WHITELIST',</emphasis>: will whitelist any "
18612
"address from the \"example.com\" domain."
18613
msgstr ""
18614
18615
#: serverguide/C/mail.xml:1473(para)
18616
msgid ""
18617
"<emphasis>'.example.com' => 'WHITELIST',</emphasis>: will whitelist any "
18618
"address from any <emphasis>subdomains</emphasis> of \"example.com\" that "
18619
"have a valid signature."
18620
msgstr ""
18621
18622
#: serverguide/C/mail.xml:1479(para)
18623
msgid ""
18624
"<emphasis>'.example.com/@example.com' => 'WHITELIST',</emphasis>: will "
18625
"whitelist subdomains of \"example.com\" that use the signature of <emphasis "
18626
"role=\"italic\">example.com</emphasis> the parent domain."
18627
msgstr ""
18628
18629
#: serverguide/C/mail.xml:1485(para)
18630
msgid ""
18631
"<emphasis>'./@example.com' => 'WHITELIST',</emphasis>: adds addresses "
18632
"that have a valid signature from \"example.com\". This is usually used for "
18633
"discussion groups that sign their messages."
18634
msgstr ""
18635
18636
#: serverguide/C/mail.xml:1492(para)
18637
msgid ""
18638
"A domain can also have multiple Whitelist configurations. After, editing the "
18639
"file restart <application>amaisd-new</application>:"
18640
msgstr ""
18641
18642
#: serverguide/C/mail.xml:1501(para)
18643
msgid ""
18644
"In this context, once a domain has been added to the Whitelist the message "
18645
"will not receive any anti-virus or spam filtering. This may or may not be "
18646
"the intended behavior you wish for a domain."
18647
msgstr ""
18648
18649
#: serverguide/C/mail.xml:1511(para)
18650
msgid ""
18651
"For <application>Postfix</application> integration, enter the following from "
18652
"a terminal prompt:"
18653
msgstr ""
18654
18655
#: serverguide/C/mail.xml:1515(command)
18656
msgid "sudo postconf -e 'content_filter = smtp-amavis:[127.0.0.1]:10024'"
18657
msgstr ""
18658
18659
#: serverguide/C/mail.xml:1517(para)
18660
msgid ""
18661
"Next edit <filename>/etc/postfix/master.cf</filename> and add the following "
18662
"to the end of the file:"
18663
msgstr ""
18664
18665
#: serverguide/C/mail.xml:1520(programlisting)
18666
#, no-wrap
18667
msgid ""
18668
"\n"
18669
"smtp-amavis unix - - - - 2 smtp\n"
18670
" -o smtp_data_done_timeout=1200\n"
18671
" -o smtp_send_xforward_command=yes\n"
18672
" -o disable_dns_lookups=yes\n"
18673
" -o max_use=20\n"
18674
"\n"
18675
"127.0.0.1:10025 inet n - - - - smtpd\n"
18676
" -o content_filter=\n"
18677
" -o local_recipient_maps=\n"
18678
" -o relay_recipient_maps=\n"
18679
" -o smtpd_restriction_classes=\n"
18680
" -o smtpd_delay_reject=no\n"
18681
" -o smtpd_client_restrictions=permit_mynetworks,reject\n"
18682
" -o smtpd_helo_restrictions=\n"
18683
" -o smtpd_sender_restrictions=\n"
18684
" -o smtpd_recipient_restrictions=permit_mynetworks,reject\n"
18685
" -o smtpd_data_restrictions=reject_unauth_pipelining\n"
18686
" -o smtpd_end_of_data_restrictions=\n"
18687
" -o mynetworks=127.0.0.0/8\n"
18688
" -o smtpd_error_sleep_time=0\n"
18689
" -o smtpd_soft_error_limit=1001\n"
18690
" -o smtpd_hard_error_limit=1000\n"
18691
" -o smtpd_client_connection_count_limit=0\n"
18692
" -o smtpd_client_connection_rate_limit=0\n"
18693
" -o "
18694
"receive_override_options=no_header_body_checks,no_unknown_recipient_checks\n"
18695
msgstr ""
18696
18697
#: serverguide/C/mail.xml:1547(para)
18698
msgid ""
18699
"Also add the following two lines immediately below the "
18700
"<emphasis>\"pickup\"</emphasis> transport service:"
18701
msgstr ""
18702
18703
#: serverguide/C/mail.xml:1550(programlisting)
18704
#, no-wrap
18705
msgid ""
18706
"\n"
18707
" -o content_filter=\n"
18708
" -o receive_override_options=no_header_body_checks\n"
18709
msgstr ""
18710
18711
#: serverguide/C/mail.xml:1554(para)
18712
msgid ""
18713
"This will prevent messages that are generated to report on spam from being "
18714
"classified as spam."
18715
msgstr ""
18716
18717
#: serverguide/C/mail.xml:1557(para)
18718
msgid "Now restart <application>Postfix</application>:"
18719
msgstr ""
18720
18721
#: serverguide/C/mail.xml:1563(para)
18722
msgid "Content filtering with spam and virus detection is now enabled."
18723
msgstr ""
18724
18725
#: serverguide/C/mail.xml:1569(title)
18726
msgid "Amavisd-new and Spamassassin"
18727
msgstr ""
18728
18729
#: serverguide/C/mail.xml:1571(para)
18730
msgid ""
18731
"When integrating <application>Amavisd-new</application> with "
18732
"<application>Spamassassin</application>, if you choose to disable the bayes "
18733
"filtering by editing <filename>/etc/spamassassin/local.cf</filename> and use "
18734
"<application>cron</application> to update the nightly rules, the result can "
18735
"cause a situation where a large amount of error messages are sent to the "
18736
"<emphasis>amavis</emphasis> user via the amavisd-new "
18737
"<application>cron</application> job."
18738
msgstr ""
18739
18740
#: serverguide/C/mail.xml:1578(para)
18741
msgid "There are several ways to handle this situation:"
18742
msgstr ""
18743
18744
#: serverguide/C/mail.xml:1584(para)
18745
msgid "Configure your MDA to filter messages you do not wish to see."
18746
msgstr ""
18747
18748
#: serverguide/C/mail.xml:1589(para)
18749
msgid ""
18750
"Change <filename>/usr/sbin/amavisd-new-cronjob</filename> to check for "
18751
"<emphasis>use_bayes 0</emphasis>. For example, edit "
18752
"<filename>/usr/sbin/amavisd-new-cronjob</filename> and add the following to "
18753
"the top before the <emphasis>test</emphasis> statements:"
18754
msgstr ""
18755
18756
#: serverguide/C/mail.xml:1593(programlisting)
18757
#, no-wrap
18758
msgid ""
18759
"\n"
18760
"egrep -q \"^[ \\t]*use_bayes[ \\t]*0\" /etc/spamassassin/local.cf && "
18761
"exit 0\n"
18762
msgstr ""
18763
18764
#: serverguide/C/mail.xml:1603(para)
18765
msgid ""
18766
"First, test that the <application>Amavisd-new</application> SMTP is "
18767
"listening:"
18768
msgstr ""
18769
18770
#: serverguide/C/mail.xml:1606(programlisting)
18771
#, no-wrap
18772
msgid ""
18773
"\n"
18774
"telnet localhost 10024\n"
18775
"Trying 127.0.0.1...\n"
18776
"Connected to localhost.\n"
18777
"Escape character is '^]'.\n"
18778
"220 [127.0.0.1] ESMTP amavisd-new service ready\n"
18779
"^]\n"
18780
msgstr ""
18781
18782
#: serverguide/C/mail.xml:1614(para)
18783
msgid ""
18784
"In the Header of messages that go through the content filter you should see:"
18785
msgstr ""
18786
18787
#: serverguide/C/mail.xml:1617(programlisting)
18788
#, no-wrap
18789
msgid ""
18790
"\n"
18791
"X-Spam-Level: \n"
18792
"X-Virus-Scanned: Debian amavisd-new at example.com\n"
18793
"X-Spam-Status: No, hits=-2.3 tagged_above=-1000.0 required=5.0 tests=AWL, "
18794
"BAYES_00\n"
18795
"X-Spam-Level: \n"
18796
msgstr ""
18797
18798
#: serverguide/C/mail.xml:1624(para)
18799
msgid ""
18800
"Your output will vary, but the important thing is that there are <emphasis>X-"
18801
"Virus-Scanned</emphasis> and <emphasis>X-Spam-Status</emphasis> entries."
18802
msgstr ""
18803
18804
#: serverguide/C/mail.xml:1632(para)
18805
msgid ""
18806
"The best way to figure out why something is going wrong is to check the log "
18807
"files."
18808
msgstr ""
18809
18810
#: serverguide/C/mail.xml:1637(para)
18811
msgid ""
18812
"For instructions on <application>Postfix</application> logging see the <xref "
18813
"linkend=\"postfix-troubleshooting\"/> section."
18814
msgstr ""
18815
18816
#: serverguide/C/mail.xml:1643(para)
18817
msgid ""
18818
"<application>Amavisd-new</application> uses "
18819
"<application>Syslog</application> to send messages to "
18820
"<filename>/var/log/mail.log</filename>. The amount of detail can be "
18821
"increased by adding the <emphasis>$log_level</emphasis> option to "
18822
"<filename>/etc/amavis/conf.d/50-user</filename>, and setting the value from "
18823
"1 to 5."
18824
msgstr ""
18825
18826
#: serverguide/C/mail.xml:1648(programlisting)
18827
#, no-wrap
18828
msgid ""
18829
"\n"
18830
"$log_level = 2;\n"
18831
msgstr ""
18832
18833
#: serverguide/C/mail.xml:1652(para)
18834
msgid ""
18835
"When the <application>Amavisd-new</application> log output is increased "
18836
"<application>Spamassassin</application> log output is also increased."
18837
msgstr ""
18838
18839
#: serverguide/C/mail.xml:1659(para)
18840
msgid ""
18841
"The <application>ClamAV</application> log level can be increased by editing "
18842
"<filename>/etc/clamav/clamd.conf</filename> and setting the following option:"
18843
msgstr ""
18844
18845
#: serverguide/C/mail.xml:1663(programlisting)
18846
#, no-wrap
18847
msgid ""
18848
"\n"
18849
"LogVerbose true\n"
18850
msgstr ""
18851
18852
#: serverguide/C/mail.xml:1666(para)
18853
msgid ""
18854
"By default <application>ClamAV</application> will send log messages to "
18855
"<filename>/var/log/clamav/clamav.log</filename>."
18856
msgstr ""
18857
18858
#: serverguide/C/mail.xml:1672(para)
18859
msgid ""
18860
"After changing an applications log settings remember to restart the service "
18861
"for the new settings to take affect. Also, once the issue you are "
18862
"troubleshooting is resolved it is a good idea to change the log settings "
18863
"back to normal."
18864
msgstr ""
18865
18866
#: serverguide/C/mail.xml:1680(para)
18867
msgid "For more information on filtering mail see the following links:"
18868
msgstr ""
18869
18870
#: serverguide/C/mail.xml:1686(ulink)
18871
msgid "Amavisd-new Documentation"
18872
msgstr ""
18873
18874
#: serverguide/C/mail.xml:1690(para)
18875
msgid ""
18876
"<ulink url=\"http://www.clamav.org/doc/latest/html/\">ClamAV "
18877
"Documentation</ulink> and <ulink "
18878
"url=\"http://wiki.clamav.net/Main/WebHome\">ClamAV Wiki</ulink>"
18879
msgstr ""
18880
18881
#: serverguide/C/mail.xml:1697(ulink)
18882
msgid "Spamassassin Wiki"
18883
msgstr ""
18884
18885
#: serverguide/C/mail.xml:1702(ulink)
18886
msgid "Pyzor Homepage"
18887
msgstr ""
18888
18889
#: serverguide/C/mail.xml:1707(ulink)
18890
msgid "Razor Homepage"
18891
msgstr ""
18892
18893
#: serverguide/C/mail.xml:1712(ulink)
18894
msgid "DKIM.org"
18895
msgstr ""
18896
18897
#: serverguide/C/mail.xml:1717(ulink)
18898
msgid "Postfix Amavis New"
18899
msgstr ""
18900
18901
#: serverguide/C/mail.xml:1721(para)
18902
msgid ""
18903
"Also, feel free to ask questions in the <emphasis>#ubuntu-server</emphasis> "
18904
"IRC channel on <ulink url=\"http://freenode.net\">freenode</ulink>."
18905
msgstr ""
18906
18907
#: serverguide/C/lamp-applications.xml:13(title)
18908
msgid "LAMP Applications"
18909
msgstr ""
18910
18911
#: serverguide/C/lamp-applications.xml:19(para)
18912
msgid ""
18913
"LAMP installations (Linux + Apache + MySQL + PHP) are a popular setup for "
18914
"Ubuntu servers. There is a plethora of Open Source applications written "
18915
"using the LAMP application stack. Some popular LAMP applications are Wiki's, "
18916
"Content Management Systems, and Management Software such as phpMyAdmin."
18917
msgstr ""
18918
18919
#: serverguide/C/lamp-applications.xml:26(para)
18920
msgid ""
18921
"One advantage of LAMP is the substantial flexibility for different database, "
18922
"web server, and scripting languages. Popular substitutes for MySQL include "
18923
"Posgresql and SQLite. Python, Perl, and Ruby are also frequently used "
18924
"instead of PHP."
18925
msgstr ""
18926
18927
#: serverguide/C/lamp-applications.xml:32(para)
18928
msgid ""
18929
"The traditional way to install most <emphasis>LAMP</emphasis> applications "
18930
"is:"
18931
msgstr ""
18932
18933
#: serverguide/C/lamp-applications.xml:38(para)
18934
msgid "Download an archive containing the application source files."
18935
msgstr ""
18936
18937
#: serverguide/C/lamp-applications.xml:43(para)
18938
msgid ""
18939
"Unpack the archive, usually in a directory accessible to a web server."
18940
msgstr ""
18941
18942
#: serverguide/C/lamp-applications.xml:48(para)
18943
msgid ""
18944
"Depending on where the source was extracted, configure a web server to serve "
18945
"the files."
18946
msgstr ""
18947
18948
#: serverguide/C/lamp-applications.xml:53(para)
18949
msgid "Configure the application to connect to the database."
18950
msgstr ""
18951
18952
#: serverguide/C/lamp-applications.xml:58(para)
18953
msgid ""
18954
"Run a script, or browse to a page of the application, to install the "
18955
"database needed by the application."
18956
msgstr ""
18957
18958
#: serverguide/C/lamp-applications.xml:63(para)
18959
msgid ""
18960
"Once the steps above, or similar steps, are completed you are ready to begin "
18961
"using the application."
18962
msgstr ""
18963
18964
#: serverguide/C/lamp-applications.xml:69(para)
18965
msgid ""
18966
"A disadvantage of using this approach is that the application files are not "
18967
"placed in the file system in a standard way, which can cause confusion as to "
18968
"where the application is installed. Another larger disadvantage is updating "
18969
"the application. When a new version is released, the same process used to "
18970
"install the application is needed to apply updates."
18971
msgstr ""
18972
18973
#: serverguide/C/lamp-applications.xml:76(para)
18974
msgid ""
18975
"Fortunately, a number of <emphasis>LAMP</emphasis> applications are already "
18976
"packaged for Ubuntu, and are available for installation in the same way as "
18977
"non-LAMP applications. Depending on the application some extra configuration "
18978
"and setup steps may be needed, however."
18979
msgstr ""
18980
18981
#: serverguide/C/lamp-applications.xml:82(para)
18982
msgid ""
18983
"This section covers howto install and configure the Wiki applications "
18984
"<application>MoinMoin</application>, <application>MediaWiki</application>, "
18985
"and the MySQL management application <application>phpMyAdmin</application>."
18986
msgstr ""
18987
18988
#: serverguide/C/lamp-applications.xml:88(para)
18989
msgid ""
18990
"A Wiki is a website that allows the visitors to easily add, remove and "
18991
"modify available content easily. The ease of interaction and operation makes "
18992
"Wiki an effective tool for mass collaborative authoring. The term Wiki is "
18993
"also referred to the collaborative software."
18994
msgstr ""
18995
18996
#: serverguide/C/lamp-applications.xml:100(title)
18997
msgid "Moin Moin"
18998
msgstr ""
18999
19000
#: serverguide/C/lamp-applications.xml:102(para)
19001
msgid ""
19002
"MoinMoin is a Wiki engine implemented in Python, based on the PikiPiki Wiki "
19003
"engine, and licensed under the GNU GPL."
19004
msgstr ""
19005
19006
#: serverguide/C/lamp-applications.xml:110(para)
19007
msgid ""
19008
"To install <application>MoinMoin</application>, run the following command in "
19009
"the command prompt:"
19010
msgstr ""
19011
19012
#: serverguide/C/lamp-applications.xml:116(command)
19013
msgid "sudo apt-get install python-moinmoin"
19014
msgstr ""
19015
19016
#: serverguide/C/lamp-applications.xml:119(para)
19017
msgid ""
19018
"You should also install <application>apache2</application> web server. For "
19019
"installing <application>apache2</application> web server, please refer to "
19020
"<xref linkend=\"http-installation\"/> sub-section in <xref "
19021
"linkend=\"httpd\"/> section."
19022
msgstr ""
19023
19024
#: serverguide/C/lamp-applications.xml:130(para)
19025
msgid ""
19026
"For configuring your first Wiki application, please run the following set of "
19027
"commands. Let us assume that you are creating a Wiki named "
19028
"<emphasis>mywiki</emphasis>:"
19029
msgstr ""
19030
19031
#: serverguide/C/lamp-applications.xml:137(command)
19032
msgid "cd /usr/share/moin"
19033
msgstr ""
19034
19035
#: serverguide/C/lamp-applications.xml:138(command)
19036
msgid "sudo mkdir mywiki"
19037
msgstr ""
19038
19039
#: serverguide/C/lamp-applications.xml:139(command)
19040
msgid "sudo cp -R data mywiki"
19041
msgstr ""
19042
19043
#: serverguide/C/lamp-applications.xml:140(command)
19044
msgid "sudo cp -R underlay mywiki"
19045
msgstr ""
19046
19047
#: serverguide/C/lamp-applications.xml:141(command)
19048
msgid "sudo cp server/moin.cgi mywiki"
19049
msgstr ""
19050
19051
#: serverguide/C/lamp-applications.xml:142(command)
19052
msgid "sudo chown -R www-data.www-data mywiki"
19053
msgstr ""
19054
19055
#: serverguide/C/lamp-applications.xml:143(command)
19056
msgid "sudo chmod -R ug+rwX mywiki"
19057
msgstr ""
19058
19059
#: serverguide/C/lamp-applications.xml:144(command)
19060
msgid "sudo chmod -R o-rwx mywiki"
19061
msgstr ""
19062
19063
#: serverguide/C/lamp-applications.xml:147(para)
19064
msgid ""
19065
"Now you should configure <application>MoinMoin</application> to find your "
19066
"new Wiki <emphasis>mywiki</emphasis>. To configure "
19067
"<application>MoinMoin</application>, open "
19068
"<filename>/etc/moin/mywiki.py</filename> file and change the following line:"
19069
msgstr ""
19070
19071
#: serverguide/C/lamp-applications.xml:155(programlisting)
19072
#, no-wrap
19073
msgid "data_dir = '/org/mywiki/data'"
19074
msgstr ""
19075
19076
#: serverguide/C/lamp-applications.xml:157(para)
19077
msgid "to"
19078
msgstr ""
19079
19080
#: serverguide/C/lamp-applications.xml:161(programlisting)
19081
#, no-wrap
19082
msgid "data_dir = '/usr/share/moin/mywiki/data'"
19083
msgstr ""
19084
19085
#: serverguide/C/lamp-applications.xml:163(para)
19086
msgid ""
19087
"Also, below the <emphasis>data_dir</emphasis> option add the "
19088
"<emphasis>data_underlay_dir</emphasis>:"
19089
msgstr ""
19090
19091
#: serverguide/C/lamp-applications.xml:167(programlisting)
19092
#, no-wrap
19093
msgid ""
19094
"\n"
19095
"data_underlay_dir='/usr/share/moin/mywiki/underlay'\n"
19096
msgstr ""
19097
19098
#: serverguide/C/lamp-applications.xml:172(para)
19099
msgid ""
19100
"If the <filename>/etc/moin/mywiki.py</filename> file does not exists, you "
19101
"should copy <filename>/etc/moin/moinmaster.py</filename> file to "
19102
"<filename>/etc/moin/mywiki.py</filename> file and do the above mentioned "
19103
"change."
19104
msgstr ""
19105
19106
#: serverguide/C/lamp-applications.xml:181(para)
19107
msgid ""
19108
"If you have named your Wiki as <emphasis>my_wiki_name</emphasis> you should "
19109
"insert a line <quote>(\"my_wiki_name\", r\".*\")</quote> in "
19110
"<filename>/etc/moin/farmconfig.py</filename> file after the line "
19111
"<quote>(\"mywiki\", r\".*\")</quote>."
19112
msgstr ""
19113
19114
#: serverguide/C/lamp-applications.xml:189(para)
19115
msgid ""
19116
"Once you have configured <application>MoinMoin</application> to find your "
19117
"first Wiki application <emphasis>mywiki</emphasis>, you should configure "
19118
"<application>apache2</application> and make it ready for your Wiki "
19119
"application."
19120
msgstr ""
19121
19122
#: serverguide/C/lamp-applications.xml:196(para)
19123
msgid ""
19124
"You should add the following lines in <filename>/etc/apache2/sites-"
19125
"available/default</filename> file inside the <quote><VirtualHost "
19126
"*></quote> tag:"
19127
msgstr ""
19128
19129
#: serverguide/C/lamp-applications.xml:202(programlisting)
19130
#, no-wrap
19131
msgid ""
19132
"\n"
19133
"### moin\n"
19134
" ScriptAlias /mywiki \"/usr/share/moin/mywiki/moin.cgi\"\n"
19135
" alias /moin_static184 \"/usr/share/moin/htdocs\"\n"
19136
" <Directory /usr/share/moin/htdocs>\n"
19137
" Order allow,deny\n"
19138
" allow from all\n"
19139
" </Directory>\n"
19140
"### end moin\n"
19141
msgstr ""
19142
19143
#: serverguide/C/lamp-applications.xml:214(para)
19144
msgid ""
19145
"Adjust the <emphasis>\"moin_static184\"</emphasis> in the "
19146
"<emphasis>alias</emphasis> line above, to the "
19147
"<application>moinmoin</application> version installed."
19148
msgstr ""
19149
19150
#: serverguide/C/lamp-applications.xml:220(para)
19151
msgid ""
19152
"Once you configure the <application>apache2</application> web server and "
19153
"make it ready for your Wiki application, you should restart it. You can run "
19154
"the following command to restart the <application>apache2</application> web "
19155
"server:"
19156
msgstr ""
19157
19158
#: serverguide/C/lamp-applications.xml:233(title)
19159
msgid "Verification"
19160
msgstr ""
19161
19162
#: serverguide/C/lamp-applications.xml:235(para)
19163
msgid ""
19164
"You can verify the Wiki application and see if it works by pointing your web "
19165
"browser to the following URL:"
19166
msgstr ""
19167
19168
#: serverguide/C/lamp-applications.xml:239(programlisting)
19169
#, no-wrap
19170
msgid ""
19171
"\n"
19172
"http://localhost/mywiki\n"
19173
msgstr ""
19174
19175
#: serverguide/C/lamp-applications.xml:243(para)
19176
msgid ""
19177
"You can also run the test command by pointing your web browser to the "
19178
"following URL:"
19179
msgstr ""
19180
19181
#: serverguide/C/lamp-applications.xml:248(programlisting)
19182
#, no-wrap
19183
msgid ""
19184
"\n"
19185
"http://localhost/mywiki?action=test\n"
19186
msgstr ""
19187
19188
#: serverguide/C/lamp-applications.xml:252(para)
19189
msgid ""
19190
"For more details, please refer to the <ulink "
19191
"url=\"http://moinmo.in/\">MoinMoin</ulink> web site."
19192
msgstr ""
19193
19194
#: serverguide/C/lamp-applications.xml:263(para)
19195
msgid ""
19196
"For more information see the <ulink url=\"http://moinmo.in/\">moinmoin "
19197
"Wiki</ulink>."
19198
msgstr ""
19199
19200
#: serverguide/C/lamp-applications.xml:268(para)
19201
msgid ""
19202
"Also, see the <ulink "
19203
"url=\"https://help.ubuntu.com/community/MoinMoin\">Ubuntu Wiki "
19204
"MoinMoin</ulink> page."
19205
msgstr ""
19206
19207
#: serverguide/C/lamp-applications.xml:277(title)
19208
msgid "MediaWiki"
19209
msgstr ""
19210
19211
#: serverguide/C/lamp-applications.xml:279(para)
19212
msgid ""
19213
"MediaWiki is an web based Wiki software written in the PHP language. It can "
19214
"either use <application>MySQL</application> or "
19215
"<application>PostgreSQL</application> Database Management System."
19216
msgstr ""
19217
19218
#: serverguide/C/lamp-applications.xml:289(para)
19219
msgid ""
19220
"Before installing <application>MediaWiki</application> you should also "
19221
"install <application>Apache2</application>, the "
19222
"<application>PHP5</application> scripting language and Database a Management "
19223
"System. <application>MySQL</application> or "
19224
"<application>PostgreSQL</application> are the most common, choose one "
19225
"depending on your need. Please refer to those sections in this manual for "
19226
"installation instructions."
19227
msgstr ""
19228
19229
#: serverguide/C/lamp-applications.xml:297(para)
19230
msgid ""
19231
"To install <application>MediaWiki</application>, run the following command "
19232
"in the command prompt:"
19233
msgstr ""
19234
19235
#: serverguide/C/lamp-applications.xml:303(command)
19236
msgid "sudo apt-get install mediawiki php5-gd"
19237
msgstr ""
19238
19239
#: serverguide/C/lamp-applications.xml:306(para)
19240
msgid ""
19241
"For additional <application>MediaWiki</application> functionality see the "
19242
"<application>mediawiki-extensions</application> package."
19243
msgstr ""
19244
19245
#: serverguide/C/lamp-applications.xml:316(para)
19246
msgid ""
19247
"The Apache configuration file <filename>mediawiki.conf</filename> for "
19248
"MediaWiki is installed in <filename>/etc/apache2/conf.d/</filename> "
19249
"directory. You should uncomment the following line in this file to access "
19250
"MediaWiki application."
19251
msgstr ""
19252
19253
#: serverguide/C/lamp-applications.xml:324(screen)
19254
#, no-wrap
19255
msgid ""
19256
"\n"
19257
"# Alias /mediawiki /var/lib/mediawiki\n"
19258
msgstr ""
19259
19260
#: serverguide/C/lamp-applications.xml:328(para)
19261
msgid ""
19262
"After you uncomment the above line, restart Apache server and access "
19263
"MediaWiki using the following url:"
19264
msgstr ""
19265
19266
#: serverguide/C/lamp-applications.xml:333(programlisting)
19267
#, no-wrap
19268
msgid ""
19269
"\n"
19270
"http://localhost/mediawiki/config/index.php\n"
19271
msgstr ""
19272
19273
#: serverguide/C/lamp-applications.xml:338(para)
19274
msgid ""
19275
"Please read the <quote>Checking environment...</quote> section in this page. "
19276
"You should be able to fix many issues by carefully reading this section."
19277
msgstr ""
19278
19279
#: serverguide/C/lamp-applications.xml:345(para)
19280
msgid ""
19281
"Once the configuration is complete, you should copy the "
19282
"<filename>LocalSettings.php</filename> file to "
19283
"<filename>/etc/mediawiki</filename> directory:"
19284
msgstr ""
19285
19286
#: serverguide/C/lamp-applications.xml:352(command)
19287
msgid "sudo mv /var/lib/mediawiki/config/LocalSettings.php /etc/mediawiki/"
19288
msgstr ""
19289
19290
#: serverguide/C/lamp-applications.xml:355(para)
19291
msgid ""
19292
"You may also want to edit "
19293
"<filename>/etc/mediawiki/LocalSettings.php</filename> adjusting:"
19294
msgstr ""
19295
19296
#: serverguide/C/lamp-applications.xml:360(programlisting)
19297
#, no-wrap
19298
msgid ""
19299
"\n"
19300
"ini_set( 'memory_limit', '64M' );\n"
19301
msgstr ""
19302
19303
#: serverguide/C/lamp-applications.xml:367(title)
19304
msgid "Extensions"
19305
msgstr ""
19306
19307
#: serverguide/C/lamp-applications.xml:368(para)
19308
msgid ""
19309
"The extensions add new features and enhancements for the MediaWiki "
19310
"application. The extensions give wiki administrators and end users the "
19311
"ability to customize MediaWiki to their requirements."
19312
msgstr ""
19313
19314
#: serverguide/C/lamp-applications.xml:374(para)
19315
msgid ""
19316
"You can download MediaWiki extensions as an archive file or checkout from "
19317
"the Subversion repository. You should copy it to "
19318
"<filename>/var/lib/mediawiki/extensions</filename> directory. You should "
19319
"also add the following line at the end of file: "
19320
"<filename>/etc/mediawiki/LocalSettings.php</filename>."
19321
msgstr ""
19322
19323
#: serverguide/C/lamp-applications.xml:382(programlisting)
19324
#, no-wrap
19325
msgid ""
19326
"\n"
19327
"require_once \"$IP/extensions/ExtentionName/ExtentionName.php\";\n"
19328
msgstr ""
19329
19330
#: serverguide/C/lamp-applications.xml:392(para)
19331
msgid ""
19332
"For more details, please refer to the <ulink "
19333
"url=\"http://www.mediawiki.org\">MediaWiki</ulink> web site."
19334
msgstr ""
19335
19336
#: serverguide/C/lamp-applications.xml:398(para)
19337
msgid ""
19338
"The <ulink url=\"http://www.packtpub.com/Mediawiki/book\">MediaWiki "
19339
"Administrators’ Tutorial Guide</ulink> contains a wealth of information for "
19340
"new MediaWiki administrators."
19341
msgstr ""
19342
19343
#: serverguide/C/lamp-applications.xml:404(para)
19344
msgid ""
19345
"Also, the <ulink url=\"https://help.ubuntu.com/community/MediaWiki\">Ubuntu "
19346
"Wiki MediaWiki</ulink> page is a good resource."
19347
msgstr ""
19348
19349
#: serverguide/C/lamp-applications.xml:414(title)
19350
msgid "phpMyAdmin"
19351
msgstr ""
19352
19353
#: serverguide/C/lamp-applications.xml:416(para)
19354
msgid ""
19355
"<application>phpMyAdmin</application> is a LAMP application specifically "
19356
"written for administering <application>MySQL</application> servers. Written "
19357
"in <application>PHP</application>, and accessed through a web browser, "
19358
"phpMyAdmin provides a graphical interface for database administration tasks."
19359
msgstr ""
19360
19361
#: serverguide/C/lamp-applications.xml:425(para)
19362
msgid ""
19363
"Before installing <application>phpMyAdmin</application> you will need access "
19364
"to a <application>MySQL</application> database either on the same host as "
19365
"that phpMyAdmin is installed on, or on a host accessible over the network. "
19366
"For more information see <xref linkend=\"mysql\"/>. From a terminal prompt "
19367
"enter:"
19368
msgstr ""
19369
19370
#: serverguide/C/lamp-applications.xml:432(command)
19371
msgid "sudo apt-get install phpmyadmin"
19372
msgstr ""
19373
19374
#: serverguide/C/lamp-applications.xml:435(para)
19375
msgid ""
19376
"At the prompt choose which web server to be configured for "
19377
"<application>phpMyAdmin</application>. The rest of this section will use "
19378
"<application>Apache2</application> for the web server."
19379
msgstr ""
19380
19381
#: serverguide/C/lamp-applications.xml:440(para)
19382
msgid ""
19383
"In a browser go to <emphasis>http://servername/phpmyadmin</emphasis>, "
19384
"replacing <emphasis role=\"italic\">serveranme</emphasis> with the server's "
19385
"actual hostname. At the login, page enter <emphasis>root</emphasis> for the "
19386
"<emphasis>username</emphasis>, or another <application>MySQL</application> "
19387
"user if you any setup, and enter the <application>MySQL</application> user's "
19388
"password."
19389
msgstr ""
19390
19391
#: serverguide/C/lamp-applications.xml:447(para)
19392
msgid ""
19393
"Once logged in you can reset the <emphasis>root</emphasis> password if "
19394
"needed, create users, create/destroy databases and tables, etc."
19395
msgstr ""
19396
19397
#: serverguide/C/lamp-applications.xml:455(para)
19398
msgid ""
19399
"The configuration files for <application>phpMyAdmin</application> are "
19400
"located in <filename>/etc/phpmyadmin</filename>. The main configuration file "
19401
"is <filename>/etc/phpmyadmin/config.inc.php</filename>. This file contains "
19402
"configuration options that apply globally to "
19403
"<application>phpMyAdmin</application>."
19404
msgstr ""
19405
19406
#: serverguide/C/lamp-applications.xml:461(para)
19407
msgid ""
19408
"To use <application>phpMyAdmin</application> to administer a MySQL database "
19409
"hosted on another server, adjust the following in "
19410
"<filename>/etc/phpmyadmin/config.inc.php</filename>:"
19411
msgstr ""
19412
19413
#: serverguide/C/lamp-applications.xml:466(programlisting)
19414
#, no-wrap
19415
msgid ""
19416
"\n"
19417
"$cfg['Servers'][$i]['host'] = 'db_server';\n"
19418
msgstr ""
19419
19420
#: serverguide/C/lamp-applications.xml:471(para)
19421
msgid ""
19422
"Replace <emphasis role=\"italic\">db_server</emphasis> with the actual "
19423
"remote database server name or IP address. Also, be sure that the "
19424
"<application>phpMyAdmin</application> host has permissions to access the "
19425
"remote database."
19426
msgstr ""
19427
19428
#: serverguide/C/lamp-applications.xml:477(para)
19429
msgid ""
19430
"Once configured, log out of <application>phpMyAdmin</application> and back "
19431
"in, and you should be accessing the new server."
19432
msgstr ""
19433
19434
#: serverguide/C/lamp-applications.xml:481(para)
19435
msgid ""
19436
"The <filename>config.header.inc.php</filename> and "
19437
"<filename>config.footer.inc.php</filename> files are used to add a HTML "
19438
"header and footer to <application>phpMyAdmin</application>."
19439
msgstr ""
19440
19441
#: serverguide/C/lamp-applications.xml:486(para)
19442
msgid ""
19443
"Another important configuration file is "
19444
"<filename>/etc/phpmyadmin/apache.conf</filename>, this file is symlinked to "
19445
"<filename>/etc/apache2/conf.d/phpmyadmin.conf</filename>, and is used to "
19446
"configure <application>Apache2</application> to serve the "
19447
"<application>phpMyAdmin</application> site. The file contains directives for "
19448
"loading <application>PHP</application>, directory permissions, etc. For more "
19449
"information on configuring <application>Apache2</application> see <xref "
19450
"linkend=\"httpd\"/>."
19451
msgstr ""
19452
19453
#: serverguide/C/lamp-applications.xml:500(para)
19454
msgid ""
19455
"The <application>phpMyAdmin</application> documentation comes installed with "
19456
"the package and can be accessed from the <emphasis>phpMyAdmin "
19457
"Documentation</emphasis> link (a question mark with a box around it) under "
19458
"the phpMyAdmin logo. The official docs can also be access on the <ulink "
19459
"url=\"http://www.phpmyadmin.net/home_page/docs.php\">phpMyAdmin</ulink> site."
19460
msgstr ""
19461
19462
#: serverguide/C/lamp-applications.xml:507(para)
19463
msgid ""
19464
"Also, <ulink url=\"http://www.packtpub.com/phpmyadmin-3rd-"
19465
"edition/book\">Mastering phpMyAdmin</ulink> is a great resource."
19466
msgstr ""
19467
19468
#: serverguide/C/lamp-applications.xml:512(para)
19469
msgid ""
19470
"A third resource is the <ulink "
19471
"url=\"https://help.ubuntu.com/community/phpMyAdmin\">phpMyAdmin Ubuntu "
19472
"Wiki</ulink> page."
19473
msgstr ""
19474
19475
#: serverguide/C/introduction.xml:14(para)
19476
msgid "Welcome to the <emphasis>Ubuntu Server Guide</emphasis>!"
19477
msgstr ""
19478
19479
#: serverguide/C/introduction.xml:15(para)
19480
msgid ""
19481
"Here you can find information on how to install and configure various server "
19482
"applications. It is a step-by-step, task-oriented guide for configuring and "
19483
"customizing your system."
19484
msgstr ""
19485
19486
#: serverguide/C/introduction.xml:19(para)
19487
msgid ""
19488
"This guide assumes you have a basic understanding of your Ubuntu system. "
19489
"Some installation details are covered in <xref linkend=\"installation\"/>, "
19490
"but if you need detailed instructions installing Ubuntu please refer to the "
19491
"<ulink url=\"https://help.ubuntu.com/10.04/installation-guide/\">Ubuntu "
19492
"Installation Guide</ulink>."
19493
msgstr ""
19494
19495
#: serverguide/C/introduction.xml:25(para)
19496
msgid ""
19497
"A HTML version of the manual is available online at <ulink "
19498
"url=\"http://help.ubuntu.com\">the Ubuntu Documentation website</ulink>. The "
19499
"HTML files are also available in the <application>ubuntu-"
19500
"serverguide</application> package. See <xref linkend=\"package-"
19501
"management\"/> for details on installing packages."
19502
msgstr ""
19503
19504
#: serverguide/C/introduction.xml:32(para)
19505
msgid ""
19506
"If you choose to install the <application>ubuntu-serverguide</application> "
19507
"you can view this document from a console by:"
19508
msgstr ""
19509
19510
#: serverguide/C/introduction.xml:36(command)
19511
msgid "w3m /usr/share/ubuntu-serverguide/html/C/index.html"
19512
msgstr ""
19513
19514
#: serverguide/C/introduction.xml:39(para)
19515
msgid ""
19516
"If you are using a localized version of Ubuntu, replace "
19517
"<emphasis>C</emphasis> with your language localization (e.g. "
19518
"<emphasis>en_GB</emphasis>)."
19519
msgstr ""
19520
19521
#: serverguide/C/introduction.xml:53(title)
19522
msgid "Support"
19523
msgstr ""
19524
19525
#: serverguide/C/introduction.xml:55(para)
19526
msgid ""
19527
"There are a couple of different ways that Ubuntu Server Edition is "
19528
"supported, commercial support and community support. The main commercial "
19529
"support (and development funding) is available from Canonical Ltd. They "
19530
"supply reasonably priced support contracts on a per desktop or per server "
19531
"basis. For more information see the <ulink "
19532
"url=\"http://www.canonical.com/services/support\">Canonical Services</ulink> "
19533
"page."
19534
msgstr ""
19535
19536
#: serverguide/C/introduction.xml:62(para)
19537
msgid ""
19538
"Community support is also provided by dedicated individuals, and companies, "
19539
"that wish to make Ubuntu the best distribution possible. Support is provided "
19540
"through multiple mailing lists, IRC channels, forums, blogs, wikis, etc. The "
19541
"large amount of information available can be overwhelming, but a good search "
19542
"engine query can usually provide an answer to your questions. See the <ulink "
19543
"url=\"http://www.ubuntu.com/support\">Ubuntu Support</ulink> page for more "
19544
"information."
19545
msgstr ""
19546
19547
#: serverguide/C/installation.xml:14(para)
19548
msgid ""
19549
"This chapter provides a quick overview of installing Ubuntu 10.10 Server "
19550
"Edition. For more detailed instructions, please refer to the <ulink "
19551
"url=\"https://help.ubuntu.com/10.04/installation-guide/\">Ubuntu "
19552
"Installation Guide</ulink>."
19553
msgstr ""
19554
19555
#: serverguide/C/installation.xml:19(title)
19556
msgid "Preparing to Install"
19557
msgstr ""
19558
19559
#: serverguide/C/installation.xml:20(para)
19560
msgid ""
19561
"This section explains various aspects to consider before starting the "
19562
"installation."
19563
msgstr ""
19564
19565
#: serverguide/C/installation.xml:24(title)
19566
msgid "System Requirements"
19567
msgstr ""
19568
19569
#: serverguide/C/installation.xml:25(para)
19570
msgid ""
19571
"Ubuntu 10.10 Server Edition supports two (2) major architectures: Intel x86 "
19572
"and AMD64. The table below lists recommended hardware specifications. "
19573
"Depending on your needs, you might manage with less than this. However, most "
19574
"users risk being frustrated if they ignore these suggestions."
19575
msgstr ""
19576
19577
#: serverguide/C/installation.xml:27(title)
19578
msgid "Recommended Minimum Requirements"
19579
msgstr ""
19580
19581
#: serverguide/C/installation.xml:35(para)
19582
msgid "Install Type"
19583
msgstr ""
19584
19585
#: serverguide/C/installation.xml:36(para)
19586
msgid "RAM"
19587
msgstr ""
19588
19589
#: serverguide/C/installation.xml:37(para)
19590
msgid "Hard Drive Space"
19591
msgstr ""
19592
19593
#: serverguide/C/installation.xml:40(para)
19594
msgid "Base System"
19595
msgstr ""
19596
19597
#: serverguide/C/installation.xml:41(para)
19598
msgid "All Tasks Installed"
19599
msgstr ""
19600
19601
#: serverguide/C/installation.xml:46(para)
19602
msgid "Server"
19603
msgstr ""
19604
19605
#: serverguide/C/installation.xml:47(para)
19606
msgid "128 megabytes"
19607
msgstr ""
19608
19609
#: serverguide/C/installation.xml:48(para)
19610
msgid "500 megabytes"
19611
msgstr ""
19612
19613
#: serverguide/C/installation.xml:49(para)
19614
msgid "1 gigabyte"
19615
msgstr ""
19616
19617
#: serverguide/C/installation.xml:54(para)
19618
msgid ""
19619
"The Server Edition provides a common base for all sorts of server "
19620
"applications. It is a minimalist design providing a platform for the desired "
19621
"services, such as file/print services, web hosting, email hosting, etc."
19622
msgstr ""
19623
19624
#: serverguide/C/installation.xml:60(para)
19625
msgid ""
19626
"The requirements for UEC are slightly different for Front End requirements "
19627
"see <xref linkend=\"uec-frontend-requirements\"/> and for UEC Node "
19628
"requirements see <xref linkend=\"uec-node-requirements\"/>."
19629
msgstr ""
19630
19631
#: serverguide/C/installation.xml:68(title)
19632
msgid "Server and Desktop Differences"
19633
msgstr ""
19634
19635
#: serverguide/C/installation.xml:69(para)
19636
msgid ""
19637
"There are a few differences between the <emphasis>Ubuntu Server "
19638
"Edition</emphasis> and the <emphasis>Ubuntu Desktop Edition</emphasis>. It "
19639
"should be noted that both editions use the same "
19640
"<application>apt</application> repositories. Making it just as easy to "
19641
"install a <emphasis role=\"italic\">server</emphasis> application on the "
19642
"Desktop Edition as it is on the Server Edition."
19643
msgstr ""
19644
19645
#: serverguide/C/installation.xml:75(para)
19646
msgid ""
19647
"The differences between the two editions are the lack of an X window "
19648
"environment in the Server Edition, the installation process, and different "
19649
"Kernel options."
19650
msgstr ""
19651
19652
#: serverguide/C/installation.xml:82(title)
19653
msgid "Kernel Differences:"
19654
msgstr ""
19655
19656
#: serverguide/C/installation.xml:85(para)
19657
msgid ""
19658
"The Server Edition uses the <emphasis>Deadline</emphasis> I/O scheduler "
19659
"instead of the <emphasis>CFQ</emphasis> scheduler used by the Desktop "
19660
"Edition."
19661
msgstr ""
19662
19663
#: serverguide/C/installation.xml:91(para)
19664
msgid "<emphasis>Preemption</emphasis> is turned off in the Server Edition."
19665
msgstr ""
19666
19667
#: serverguide/C/installation.xml:96(para)
19668
msgid ""
19669
"The timer interrupt is 100 Hz in the Server Edition and 250 Hz in the "
19670
"Desktop Edition."
19671
msgstr ""
19672
19673
#: serverguide/C/installation.xml:102(para)
19674
msgid ""
19675
"When running a 64-bit version of Ubuntu on 64-bit processors you are not "
19676
"limited by memory addressing space."
19677
msgstr ""
19678
19679
#: serverguide/C/installation.xml:107(para)
19680
msgid ""
19681
"To see all kernel configuration options you can look through "
19682
"<filename>/boot/config-&linux-kernel-version;-server</filename>. Also, "
19683
"<ulink url=\"http://www.kroah.com/lkn/\">Linux Kernel in a Nutshell</ulink> "
19684
"is a great resource on the options available."
19685
msgstr ""
19686
19687
#: serverguide/C/installation.xml:116(title)
19688
msgid "Backing Up"
19689
msgstr ""
19690
19691
#: serverguide/C/installation.xml:119(para)
19692
msgid ""
19693
"Before installing <application>Ubuntu Server Edition</application> you "
19694
"should make sure all data on the system is backed up. See <xref "
19695
"linkend=\"backups\"/> for backup options."
19696
msgstr ""
19697
19698
#: serverguide/C/installation.xml:123(para)
19699
msgid ""
19700
"If this is not the first time an operating system has been installed on your "
19701
"computer, it is likely you will need to re-partition your disk to make room "
19702
"for Ubuntu."
19703
msgstr ""
19704
19705
#: serverguide/C/installation.xml:127(para)
19706
msgid ""
19707
"Any time you partition your disk, you should be prepared to lose everything "
19708
"on the disk should you make a mistake or something goes wrong during "
19709
"partitioning. The programs used in installation are quite reliable, most "
19710
"have seen years of use, but they also perform destructive actions."
19711
msgstr ""
19712
19713
#: serverguide/C/installation.xml:139(title)
19714
msgid "Installing from CD"
19715
msgstr ""
19716
19717
#: serverguide/C/installation.xml:140(para)
19718
msgid ""
19719
"The basic steps to install Ubuntu Server Edition from CD are the same for "
19720
"installing any operating system from CD. Unlike the <emphasis>Desktop "
19721
"Edition</emphasis> the <emphasis>Server Edition</emphasis> does not include "
19722
"a graphical installation program. Instead the Server Edition uses a console "
19723
"menu based process."
19724
msgstr ""
19725
19726
#: serverguide/C/installation.xml:147(para)
19727
msgid ""
19728
"First, download and burn the appropriate ISO file from the <ulink "
19729
"url=\"http://www.ubuntu.com/getubuntu/download\"> Ubuntu web site</ulink>."
19730
msgstr ""
19731
19732
#: serverguide/C/installation.xml:153(para)
19733
msgid "Boot the system from the CD-ROM drive."
19734
msgstr ""
19735
19736
#: serverguide/C/installation.xml:158(para)
19737
msgid ""
19738
"At the boot prompt you will be asked to select the language. Afterwards the "
19739
"installation process begins by asking for your keyboard layout."
19740
msgstr ""
19741
19742
#: serverguide/C/installation.xml:164(para)
19743
msgid ""
19744
"From the main boot menu there are some additional options to install Ubuntu "
19745
"Server Edition. You can install a basic Ubuntu Server, or install Ubuntu "
19746
"Server as part of a <emphasis>Ubuntu Enterprise Cloud</emphasis>. For more "
19747
"information on UEC see <xref linkend=\"uec\"/>. The rest of this section "
19748
"will cover the basic Ubuntu Server install."
19749
msgstr ""
19750
19751
#: serverguide/C/installation.xml:172(para)
19752
msgid ""
19753
"The installer then discovers your hardware configuration, and configures the "
19754
"network settings using DHCP. If you do not wish to use DHCP at the next "
19755
"screen choose \"Go Back\", and you have the option to \"Configure the "
19756
"network manually\"."
19757
msgstr ""
19758
19759
#: serverguide/C/installation.xml:179(para)
19760
msgid "Next, the installer asks for the system's hostname and Time Zone."
19761
msgstr ""
19762
19763
#: serverguide/C/installation.xml:184(para)
19764
msgid ""
19765
"You can then choose from several options to configure the hard drive layout. "
19766
"For advanced disk options see <xref linkend=\"advanced-installation\"/>."
19767
msgstr ""
19768
19769
#: serverguide/C/installation.xml:190(para)
19770
msgid "The Ubuntu base system is then installed."
19771
msgstr ""
19772
19773
#: serverguide/C/installation.xml:195(para)
19774
msgid ""
19775
"A new user is setup, this user will have <emphasis>root</emphasis> access "
19776
"through the <application>sudo</application> utility."
19777
msgstr ""
19778
19779
#: serverguide/C/installation.xml:201(para)
19780
msgid ""
19781
"After the user is setup, you will be asked to encrypt your <filename "
19782
"role=\"directory\">home</filename> directory."
19783
msgstr ""
19784
19785
#: serverguide/C/installation.xml:207(para)
19786
msgid ""
19787
"The next step in the installation process is to decide how you want to "
19788
"update the system. There are three options:"
19789
msgstr ""
19790
19791
#: serverguide/C/installation.xml:213(para)
19792
msgid ""
19793
"<emphasis>No automatic updates</emphasis>: this requires an administrator to "
19794
"log into the machine and manually install updates."
19795
msgstr ""
19796
19797
#: serverguide/C/installation.xml:219(para)
19798
msgid ""
19799
"<emphasis>Install security updates Automatically</emphasis>: will install "
19800
"the <application>unattended-upgrades</application> package, which will "
19801
"install security updates without the intervention of an administrator. For "
19802
"more details see <xref linkend=\"automatic-updates\"/>."
19803
msgstr ""
19804
19805
#: serverguide/C/installation.xml:226(para)
19806
msgid ""
19807
"<emphasis>Manage the system with Landscape</emphasis>: Landscape is a paid "
19808
"service provided by Canonical to help manage your Ubuntu machines. See the "
19809
"<ulink url=\"http://www.canonical.com/projects/landscape\">Landscape</ulink> "
19810
"site for details."
19811
msgstr ""
19812
19813
#: serverguide/C/installation.xml:235(para)
19814
msgid ""
19815
"You now have the option to install, or not install, several package tasks. "
19816
"See <xref linkend=\"install-tasks\"/> for details. Also, there is an option "
19817
"to launch <application>aptitude</application> to choose specific packages to "
19818
"install. For more information see <xref linkend=\"aptitude\"/>."
19819
msgstr ""
19820
19821
#: serverguide/C/installation.xml:243(para)
19822
msgid "Finally, the last step before rebooting is to set the clock to UTC."
19823
msgstr ""
19824
19825
#: serverguide/C/installation.xml:249(para)
19826
msgid ""
19827
"If at any point during installation you are not satisfied by the default "
19828
"setting, use the \"Go Back\" function at any prompt to be brought to a "
19829
"detailed installation menu that will allow you to modify the default "
19830
"settings."
19831
msgstr ""
19832
19833
#: serverguide/C/installation.xml:254(para)
19834
msgid ""
19835
"At some point during the installation process you may want to read the help "
19836
"screen provided by the installation system. To do this, press F1."
19837
msgstr ""
19838
19839
#: serverguide/C/installation.xml:259(para)
19840
msgid ""
19841
"Once again, for detailed instructions see the <ulink "
19842
"url=\"https://help.ubuntu.com/10.04/installation-guide/\"> Ubuntu "
19843
"Installation Guide</ulink>."
19844
msgstr ""
19845
19846
#: serverguide/C/installation.xml:265(title)
19847
msgid "Package Tasks"
19848
msgstr ""
19849
19850
#: serverguide/C/installation.xml:266(para)
19851
msgid ""
19852
"During the Server Edition installation you have the option of installing "
19853
"additional packages from the CD. The packages are grouped by the type of "
19854
"service they provide."
19855
msgstr ""
19856
19857
#: serverguide/C/installation.xml:272(para)
19858
msgid "Cloud computing: Walrus storage service"
19859
msgstr ""
19860
19861
#: serverguide/C/installation.xml:277(para)
19862
msgid "Cloud computing: all-in-one cluster"
19863
msgstr ""
19864
19865
#: serverguide/C/installation.xml:282(para)
19866
msgid "Cloud computing: Cluster controller"
19867
msgstr ""
19868
19869
#: serverguide/C/installation.xml:287(para)
19870
msgid "Cloud computing: Node controller"
19871
msgstr ""
19872
19873
#: serverguide/C/installation.xml:292(para)
19874
msgid "Cloud computing: Storage controller"
19875
msgstr ""
19876
19877
#: serverguide/C/installation.xml:297(para)
19878
msgid "Cloud computing: top-level cloud controller"
19879
msgstr ""
19880
19881
#: serverguide/C/installation.xml:302(para)
19882
msgid "DNS server: Selects the BIND DNS server and its documentation."
19883
msgstr ""
19884
19885
#: serverguide/C/installation.xml:307(para)
19886
msgid "LAMP server: Selects a ready-made Linux/Apache/MySQL/PHP server."
19887
msgstr ""
19888
19889
#: serverguide/C/installation.xml:312(para)
19890
msgid ""
19891
"Mail server: This task selects a variety of package useful for a general "
19892
"purpose mail server system."
19893
msgstr ""
19894
19895
#: serverguide/C/installation.xml:317(para)
19896
msgid "OpenSSH server: Selects packages needed for an OpenSSH server."
19897
msgstr ""
19898
19899
#: serverguide/C/installation.xml:322(para)
19900
msgid ""
19901
"PostgreSQL database: This task selects client and server packages for the "
19902
"PostgreSQL database."
19903
msgstr ""
19904
19905
#: serverguide/C/installation.xml:327(para)
19906
msgid "Print server: This task sets up your system to be a print server."
19907
msgstr ""
19908
19909
#: serverguide/C/installation.xml:332(para)
19910
msgid ""
19911
"Samba File server: This task sets up your system to be a Samba file server, "
19912
"which is especially suitable in networks with both Windows and Linux systems."
19913
msgstr ""
19914
19915
#: serverguide/C/installation.xml:338(para)
19916
msgid ""
19917
"Tomcat server: Installs the Apache Tomcat and needed dependencies Java, gcj, "
19918
"etc."
19919
msgstr ""
19920
19921
#: serverguide/C/installation.xml:343(para)
19922
msgid ""
19923
"Virtual machine host: Includes packages needed to run KVM virtual machines."
19924
msgstr ""
19925
19926
#: serverguide/C/installation.xml:348(para)
19927
msgid ""
19928
"Manually select packages: Executes <application>apptitude</application> "
19929
"allowing you to individually select packages."
19930
msgstr ""
19931
19932
#: serverguide/C/installation.xml:353(para)
19933
msgid ""
19934
"Installing the package groups is accomplished using the "
19935
"<application>tasksel</application> utility. One of the important difference "
19936
"between Ubuntu (or Debian) and other GNU/Linux distribution is that, when "
19937
"installed, a package is also configured to reasonable defaults, eventually "
19938
"prompting you for additional required information. Likewise, when installing "
19939
"a task, the packages are not only installed, but also configured to provided "
19940
"a fully integrated service."
19941
msgstr ""
19942
19943
#: serverguide/C/installation.xml:360(para)
19944
msgid ""
19945
"For more information on the <emphasis>Cloud Computing</emphasis> tasks see "
19946
"<xref linkend=\"uec\"/>."
19947
msgstr ""
19948
19949
#: serverguide/C/installation.xml:363(para)
19950
msgid ""
19951
"Once the installation process has finished you can view a list of available "
19952
"tasks by entering the following from a terminal prompt:"
19953
msgstr ""
19954
19955
#: serverguide/C/installation.xml:368(command)
19956
msgid "tasksel --list-tasks"
19957
msgstr ""
19958
19959
#: serverguide/C/installation.xml:371(para)
19960
msgid ""
19961
"The output will list tasks from other Ubuntu based distributions such as "
19962
"Kubuntu and Edubuntu. Note that you can also invoke the "
19963
"<command>tasksel</command> command by itself, which will bring up a menu of "
19964
"the different tasks available."
19965
msgstr ""
19966
19967
#: serverguide/C/installation.xml:377(para)
19968
msgid ""
19969
"You can view a list of which packages are installed with each task using the "
19970
"<emphasis>--task-packages</emphasis> option. For example, to list the "
19971
"packages installed with the <emphasis>DNS Server</emphasis> task enter the "
19972
"following:"
19973
msgstr ""
19974
19975
#: serverguide/C/installation.xml:382(command)
19976
msgid "tasksel --task-packages dns-server"
19977
msgstr ""
19978
19979
#: serverguide/C/installation.xml:384(para)
19980
msgid "The output of the command should list:"
19981
msgstr ""
19982
19983
#: serverguide/C/installation.xml:387(programlisting)
19984
#, no-wrap
19985
msgid ""
19986
"\n"
19987
"bind9-doc \n"
19988
"bind9utils \n"
19989
"bind9\n"
19990
msgstr ""
19991
19992
#: serverguide/C/installation.xml:392(para)
19993
msgid ""
19994
"Also, if you did not install one of the tasks during the installation "
19995
"process, but for example you decide to make your new LAMP server a DNS "
19996
"server as well. Simply insert the installation CD and from a terminal:"
19997
msgstr ""
19998
19999
#: serverguide/C/installation.xml:397(command)
20000
msgid "sudo tasksel install dns-server"
20001
msgstr ""
20002
20003
#: serverguide/C/installation.xml:402(title)
20004
msgid "Upgrading"
20005
msgstr ""
20006
20007
#: serverguide/C/installation.xml:403(para)
20008
msgid ""
20009
"There are several ways to upgrade from one Ubuntu release to another. This "
20010
"section gives an overview of the recommended upgrade method."
20011
msgstr ""
20012
20013
#: serverguide/C/installation.xml:407(title) serverguide/C/installation.xml:422(command)
20014
msgid "do-release-upgrade"
20015
msgstr ""
20016
20017
#: serverguide/C/installation.xml:408(para)
20018
msgid ""
20019
"The recommended way to upgrade a Server Edition installation is to use the "
20020
"<application>do-release-upgrade</application> utility. Part of the "
20021
"<emphasis>update-manager-core</emphasis> package, it does not have any "
20022
"graphical dependencies and is installed by default."
20023
msgstr ""
20024
20025
#: serverguide/C/installation.xml:413(para)
20026
msgid ""
20027
"Debian based systems can also be upgraded by using <command>apt-get dist-"
20028
"upgrade</command>. However, using <application>do-release-"
20029
"upgrade</application> is recommended because it has the ability to handle "
20030
"system configuration changes sometimes needed between releases."
20031
msgstr ""
20032
20033
#: serverguide/C/installation.xml:418(para)
20034
msgid "To upgrade to a newer release, from a terminal prompt enter:"
20035
msgstr ""
20036
20037
#: serverguide/C/installation.xml:424(para)
20038
msgid ""
20039
"It is also possible to use <application>do-release-upgrade</application> to "
20040
"upgrade to a development version of Ubuntu. To accomplish this use the "
20041
"<emphasis>-d</emphasis> switch:"
20042
msgstr ""
20043
20044
#: serverguide/C/installation.xml:429(command)
20045
msgid "do-release-upgrade -d"
20046
msgstr ""
20047
20048
#: serverguide/C/installation.xml:432(para)
20049
msgid ""
20050
"Upgrading to a development release is <emphasis>not</emphasis> recommended "
20051
"for production environments."
20052
msgstr ""
20053
20054
#: serverguide/C/installation.xml:439(title)
20055
msgid "Advanced Installation"
20056
msgstr ""
20057
20058
#: serverguide/C/installation.xml:442(title)
20059
msgid "Software RAID"
20060
msgstr ""
20061
20062
#: serverguide/C/installation.xml:444(para)
20063
msgid ""
20064
"RAID is a method of configuring multiple hard drives to act as one, reducing "
20065
"the probability of catastrophic data loss in case of drive failure. RAID is "
20066
"implemented in either software (where the operating system knows about both "
20067
"drives and actively maintains both of them) or hardware (where a special "
20068
"controller makes the OS think there's only one drive and maintains the "
20069
"drives 'invisibly')."
20070
msgstr ""
20071
20072
#: serverguide/C/installation.xml:451(para)
20073
msgid ""
20074
"The RAID software included with current versions of Linux (and Ubuntu) is "
20075
"based on the <application>'mdadm'</application> driver and works very well, "
20076
"better even than many so-called 'hardware' RAID controllers. This section "
20077
"will guide you through installing Ubuntu Server Edition using two RAID1 "
20078
"partitions on two physical hard drives, one for <emphasis>/</emphasis> and "
20079
"another for <emphasis>swap</emphasis>."
20080
msgstr ""
20081
20082
#: serverguide/C/installation.xml:461(para) serverguide/C/installation.xml:975(para)
20083
msgid ""
20084
"Follow the installation steps until you get to the <emphasis>Partition "
20085
"disks</emphasis> step, then:"
20086
msgstr ""
20087
20088
#: serverguide/C/installation.xml:468(para)
20089
msgid "Select <emphasis>Manual</emphasis> as the partition method."
20090
msgstr ""
20091
20092
#: serverguide/C/installation.xml:475(para)
20093
msgid ""
20094
"Select the first hard drive, and agree to <emphasis>\"Create a new empty "
20095
"partition table on this device?\"</emphasis>."
20096
msgstr ""
20097
20098
#: serverguide/C/installation.xml:479(para)
20099
msgid ""
20100
"Repeat this step for each drive you wish to be part of the RAID array."
20101
msgstr ""
20102
20103
#: serverguide/C/installation.xml:486(para)
20104
msgid ""
20105
"Select the <emphasis>\"FREE SPACE\"</emphasis> on the first drive then "
20106
"select <emphasis>\"Create a new partition\"</emphasis>."
20107
msgstr ""
20108
20109
#: serverguide/C/installation.xml:493(para)
20110
msgid ""
20111
"Next, select the <emphasis>Size</emphasis> of the partition. This partition "
20112
"will be the <emphasis>swap</emphasis> partition, and a general rule for swap "
20113
"size is twice that of RAM. Enter the partition size, then choose "
20114
"<emphasis>Primary</emphasis>, then <emphasis>Beginning</emphasis>."
20115
msgstr ""
20116
20117
#: serverguide/C/installation.xml:502(para)
20118
msgid ""
20119
"Select the <emphasis>\"Use as:\"</emphasis> line at the top. By default this "
20120
"is <emphasis role=\"italic\">\"Ext4 journaling file system\"</emphasis>, "
20121
"change that to <emphasis>\"physical volume for RAID\"</emphasis> then "
20122
"<emphasis>\"Done setting up partition\"</emphasis>."
20123
msgstr ""
20124
20125
#: serverguide/C/installation.xml:511(para)
20126
msgid ""
20127
"For the <emphasis>/</emphasis> partition once again select <emphasis>\"Free "
20128
"Space\"</emphasis> on the first drive then <emphasis>\"Create a new "
20129
"partition\"</emphasis>."
20130
msgstr ""
20131
20132
#: serverguide/C/installation.xml:519(para)
20133
msgid ""
20134
"Use the rest of the free space on the drive and choose "
20135
"<emphasis>Continue</emphasis>, then <emphasis>Primary</emphasis>."
20136
msgstr ""
20137
20138
#: serverguide/C/installation.xml:526(para)
20139
msgid ""
20140
"As with the swap partition, select the <emphasis>\"Use as:\"</emphasis> line "
20141
"at the top, changing it to <emphasis>\"physical volume for "
20142
"RAID\"</emphasis>. Also select the <emphasis>\"Bootable flag:\"</emphasis> "
20143
"line to change the value to <emphasis>\"on\"</emphasis>. Then choose "
20144
"<emphasis>\"Done setting up partition\"</emphasis>."
20145
msgstr ""
20146
20147
#: serverguide/C/installation.xml:536(para)
20148
msgid "Repeat steps three through eight for the other disk and partitions."
20149
msgstr ""
20150
20151
#: serverguide/C/installation.xml:545(title)
20152
msgid "RAID Configuration"
20153
msgstr ""
20154
20155
#: serverguide/C/installation.xml:547(para)
20156
msgid "With the partitions setup the arrays are ready to be configured:"
20157
msgstr ""
20158
20159
#: serverguide/C/installation.xml:554(para)
20160
msgid ""
20161
"Back in the main \"Partition Disks\" page, select <emphasis>\"Configure "
20162
"Software RAID\"</emphasis> at the top."
20163
msgstr ""
20164
20165
#: serverguide/C/installation.xml:561(para)
20166
msgid "Select <emphasis>\"yes\"</emphasis> to write the changes to disk."
20167
msgstr ""
20168
20169
#: serverguide/C/installation.xml:568(para)
20170
msgid "Choose <emphasis>\"Create MD device\"</emphasis>."
20171
msgstr ""
20172
20173
#: serverguide/C/installation.xml:575(para)
20174
msgid ""
20175
"For this example, select <emphasis>\"RAID1\"</emphasis>, but if you are "
20176
"using a different setup choose the appropriate type (RAID0 RAID1 RAID5)."
20177
msgstr ""
20178
20179
#: serverguide/C/installation.xml:581(para)
20180
msgid ""
20181
"In order to use <emphasis>RAID5</emphasis> you need at least "
20182
"<emphasis>three</emphasis> drives. Using RAID0 or RAID1 only "
20183
"<emphasis>two</emphasis> drives are required."
20184
msgstr ""
20185
20186
#: serverguide/C/installation.xml:590(para)
20187
msgid ""
20188
"Enter the number of active devices <emphasis>\"2\"</emphasis>, or the amount "
20189
"of hard drives you have, for the array. Then select "
20190
"<emphasis>\"Continue\"</emphasis>."
20191
msgstr ""
20192
20193
#: serverguide/C/installation.xml:598(para)
20194
msgid ""
20195
"Next, enter the number of spare devices <emphasis>\"0\"</emphasis> by "
20196
"default, then choose <emphasis>\"Continue\"</emphasis>."
20197
msgstr ""
20198
20199
#: serverguide/C/installation.xml:605(para)
20200
msgid ""
20201
"Choose which partitions to use. Generally they will be sda1, sdb1, sdc1, "
20202
"etc. The numbers will usually match and the different letters correspond to "
20203
"different hard drives."
20204
msgstr ""
20205
20206
#: serverguide/C/installation.xml:610(para)
20207
msgid ""
20208
"For the <emphasis>swap</emphasis> partition choose <emphasis>sda1</emphasis> "
20209
"and <emphasis>sdb1</emphasis>. Select <emphasis>\"Continue\"</emphasis> to "
20210
"go to the next step."
20211
msgstr ""
20212
20213
#: serverguide/C/installation.xml:618(para)
20214
msgid ""
20215
"Repeat steps <emphasis>three</emphasis> through <emphasis>seven</emphasis> "
20216
"for the <emphasis>/</emphasis> partition choosing <emphasis>sda2</emphasis> "
20217
"and <emphasis>sdb2</emphasis>."
20218
msgstr ""
20219
20220
#: serverguide/C/installation.xml:626(para)
20221
msgid "Once done select <emphasis>\"Finish\"</emphasis>."
20222
msgstr ""
20223
20224
#: serverguide/C/installation.xml:636(title)
20225
msgid "Formatting"
20226
msgstr ""
20227
20228
#: serverguide/C/installation.xml:638(para)
20229
msgid ""
20230
"There should now be a list of hard drives and RAID devices. The next step is "
20231
"to format and set the mount point for the RAID devices. Treat the RAID "
20232
"device as a local hard drive, format and mount accordingly."
20233
msgstr ""
20234
20235
#: serverguide/C/installation.xml:646(para)
20236
msgid ""
20237
"Select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
20238
"#0\"</emphasis> partition."
20239
msgstr ""
20240
20241
#: serverguide/C/installation.xml:653(para)
20242
msgid ""
20243
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"swap "
20244
"area\"</emphasis>, then <emphasis>\"Done setting up partition\"</emphasis>."
20245
msgstr ""
20246
20247
#: serverguide/C/installation.xml:661(para)
20248
msgid ""
20249
"Next, select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
20250
"#1\"</emphasis> partition."
20251
msgstr ""
20252
20253
#: serverguide/C/installation.xml:668(para)
20254
msgid ""
20255
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"Ext4 "
20256
"journaling file system\"</emphasis>."
20257
msgstr ""
20258
20259
#: serverguide/C/installation.xml:675(para)
20260
msgid ""
20261
"Then select the <emphasis>\"Mount point\"</emphasis> and choose "
20262
"<emphasis>\"/ - the root file system\"</emphasis>. Change any of the other "
20263
"options as appropriate, then select <emphasis>\"Done setting up "
20264
"partition\"</emphasis>."
20265
msgstr ""
20266
20267
#: serverguide/C/installation.xml:683(para)
20268
msgid ""
20269
"Finally, select <emphasis>\"Finish partitioning and write changes to "
20270
"disk\"</emphasis>."
20271
msgstr ""
20272
20273
#: serverguide/C/installation.xml:690(para)
20274
msgid ""
20275
"If you choose to place the root partition on a RAID array, the installer "
20276
"will then ask if you would like to boot in a <emphasis>degraded</emphasis> "
20277
"state. See <xref linkend=\"raid-degraded\"/> for further details."
20278
msgstr ""
20279
20280
#: serverguide/C/installation.xml:695(para)
20281
msgid "The installation process will then continue normally."
20282
msgstr ""
20283
20284
#: serverguide/C/installation.xml:701(title)
20285
msgid "Degraded RAID"
20286
msgstr ""
20287
20288
#: serverguide/C/installation.xml:703(para)
20289
msgid ""
20290
"At some point in the life of the computer a disk failure event may occur. "
20291
"When this happens, using Software RAID, the operating system will place the "
20292
"array into what is known as a <emphasis>degraded</emphasis> state."
20293
msgstr ""
20294
20295
#: serverguide/C/installation.xml:708(para)
20296
msgid ""
20297
"If the array has become degraded, due to the chance of data corruption, by "
20298
"default Ubuntu Server Edition will boot to <emphasis>initramfs</emphasis> "
20299
"after thirty seconds. Once the initramfs has booted there is a fifteen "
20300
"second prompt giving you the option to go ahead and boot the system, or "
20301
"attempt manual recover. Booting to the initramfs prompt may or may not be "
20302
"the desired behavior, especially if the machine is in a remote location. "
20303
"Booting to a degraded array can be configured several ways:"
20304
msgstr ""
20305
20306
#: serverguide/C/installation.xml:719(para)
20307
msgid ""
20308
"The <application>dpkg-reconfigure</application> utility can be used to "
20309
"configure the default behavior, and during the process you will be queried "
20310
"about additional settings related to the array. Such as monitoring, email "
20311
"alerts, etc. To reconfigure <application>mdadm</application> enter the "
20312
"following:"
20313
msgstr ""
20314
20315
#: serverguide/C/installation.xml:726(command)
20316
msgid "sudo dpkg-reconfigure mdadm"
20317
msgstr ""
20318
20319
#: serverguide/C/installation.xml:732(para)
20320
msgid ""
20321
"The <command>dpkg-reconfigure mdadm</command> process will change the "
20322
"<filename>/etc/initramfs-tools/conf.d/mdadm</filename> configuration file. "
20323
"The file has the advantage of being able to pre-configure the system's "
20324
"behavior, and can also be manually edited:"
20325
msgstr ""
20326
20327
#: serverguide/C/installation.xml:738(programlisting)
20328
#, no-wrap
20329
msgid ""
20330
"\n"
20331
"BOOT_DEGRADED=true\n"
20332
msgstr ""
20333
20334
#: serverguide/C/installation.xml:743(para)
20335
msgid "The configuration file can be overridden by using a Kernel argument."
20336
msgstr ""
20337
20338
#: serverguide/C/installation.xml:751(para)
20339
msgid ""
20340
"Using a Kernel argument will allow the system to boot to a degraded array as "
20341
"well:"
20342
msgstr ""
20343
20344
#: serverguide/C/installation.xml:757(para)
20345
msgid ""
20346
"When the server is booting press <keycap>Shift</keycap> to open the "
20347
"<application>Grub</application> menu."
20348
msgstr ""
20349
20350
#: serverguide/C/installation.xml:762(para)
20351
msgid "Press <keycap>e</keycap> to edit your kernel command options."
20352
msgstr ""
20353
20354
#: serverguide/C/installation.xml:767(para)
20355
msgid "Press the <keycap>down</keycap> arrow to highlight the kernel line."
20356
msgstr ""
20357
20358
#: serverguide/C/installation.xml:772(para)
20359
msgid ""
20360
"Add <emphasis>\"bootdegraded=true\"</emphasis> (without the quotes) to the "
20361
"end of the line."
20362
msgstr ""
20363
20364
#: serverguide/C/installation.xml:777(para)
20365
msgid ""
20366
"Press <keycombo><keycap>Ctrl</keycap><keycap>x</keycap></keycombo> to boot "
20367
"the system."
20368
msgstr ""
20369
20370
#: serverguide/C/installation.xml:786(para)
20371
msgid ""
20372
"Once the system has booted you can either repair the array see <xref "
20373
"linkend=\"raid-maintenance\"/> for details, or copy important data to "
20374
"another machine due to major hardware failure."
20375
msgstr ""
20376
20377
#: serverguide/C/installation.xml:793(title)
20378
msgid "RAID Maintenance"
20379
msgstr ""
20380
20381
#: serverguide/C/installation.xml:795(para)
20382
msgid ""
20383
"The <application>mdadm</application> utility can be used to view the status "
20384
"of an array, add disks to an array, remove disks, etc:"
20385
msgstr ""
20386
20387
#: serverguide/C/installation.xml:802(para)
20388
msgid "To view the status of an array, from a terminal prompt enter:"
20389
msgstr ""
20390
20391
#: serverguide/C/installation.xml:806(command)
20392
msgid "sudo mdadm -D /dev/md0"
20393
msgstr ""
20394
20395
#: serverguide/C/installation.xml:809(para)
20396
msgid ""
20397
"The <emphasis>-D</emphasis> tells <application>mdadm</application> to "
20398
"display <emphasis>detailed</emphasis> information about the "
20399
"<filename>/dev/md0</filename> device. Replace <filename>/dev/md0</filename> "
20400
"with the appropriate RAID device."
20401
msgstr ""
20402
20403
#: serverguide/C/installation.xml:815(para)
20404
msgid "To view the status of a disk in an array:"
20405
msgstr ""
20406
20407
#: serverguide/C/installation.xml:819(command)
20408
msgid "sudo mdadm -E /dev/sda1"
20409
msgstr ""
20410
20411
#: serverguide/C/installation.xml:821(para)
20412
msgid ""
20413
"The output if very similar to the <command>mdadm -D</command> command, "
20414
"adjust <filename>/dev/sda1</filename> for each disk."
20415
msgstr ""
20416
20417
#: serverguide/C/installation.xml:826(para)
20418
msgid "If a disk fails and needs to be removed from an array enter:"
20419
msgstr ""
20420
20421
#: serverguide/C/installation.xml:830(command)
20422
msgid "sudo mdadm --remove /dev/md0 /dev/sda1"
20423
msgstr ""
20424
20425
#: serverguide/C/installation.xml:832(para)
20426
msgid ""
20427
"Change <filename>/dev/md0</filename> and <filename>/dev/sda1</filename> to "
20428
"the appropriate RAID device and disk."
20429
msgstr ""
20430
20431
#: serverguide/C/installation.xml:837(para)
20432
msgid "Similarly, to add a new disk:"
20433
msgstr ""
20434
20435
#: serverguide/C/installation.xml:841(command)
20436
msgid "sudo mdadm --add /dev/md0 /dev/sda1"
20437
msgstr ""
20438
20439
#: serverguide/C/installation.xml:846(para)
20440
msgid ""
20441
"Sometimes a disk can change to a <emphasis>faulty</emphasis> state even "
20442
"though there is nothing physically wrong with the drive. It is usually "
20443
"worthwhile to remove the drive from the array then re-add it. This will "
20444
"cause the drive to re-sync with the array. If the drive will not sync with "
20445
"the array, it is a good indication of hardware failure."
20446
msgstr ""
20447
20448
#: serverguide/C/installation.xml:852(para)
20449
msgid ""
20450
"The <filename>/proc/mdstat</filename> file also contains useful information "
20451
"about the system's RAID devices:"
20452
msgstr ""
20453
20454
#: serverguide/C/installation.xml:857(command)
20455
msgid "cat /proc/mdstat"
20456
msgstr ""
20457
20458
#: serverguide/C/installation.xml:858(computeroutput)
20459
#, no-wrap
20460
msgid ""
20461
"Personalities : [linear] [multipath] [raid0] [raid1] [raid6] [raid5] [raid4] "
20462
"[raid10] \n"
20463
"md0 : active raid1 sda1[0] sdb1[1]\n"
20464
" 10016384 blocks [2/2] [UU]\n"
20465
" \n"
20466
"unused devices: <none>"
20467
msgstr ""
20468
20469
#: serverguide/C/installation.xml:865(para)
20470
msgid ""
20471
"The following command is great for watching the status of a syncing drive:"
20472
msgstr ""
20473
20474
#: serverguide/C/installation.xml:870(command)
20475
msgid "watch -n1 cat /proc/mdstat"
20476
msgstr ""
20477
20478
#: serverguide/C/installation.xml:873(para)
20479
msgid ""
20480
"Press <emphasis>Ctrl+c</emphasis> to stop the "
20481
"<application>watch</application> command."
20482
msgstr ""
20483
20484
#: serverguide/C/installation.xml:877(para)
20485
msgid ""
20486
"If you do need to replace a faulty drive, after the drive has been replaced "
20487
"and synced, <application>grub</application> will need to be installed. To "
20488
"install <application>grub</application> on the new drive, enter the "
20489
"following:"
20490
msgstr ""
20491
20492
#: serverguide/C/installation.xml:883(command)
20493
msgid "sudo grub-install /dev/md0"
20494
msgstr ""
20495
20496
#: serverguide/C/installation.xml:886(para)
20497
msgid ""
20498
"Replace <filename>/dev/md0</filename> with the appropriate array device name."
20499
msgstr ""
20500
20501
#: serverguide/C/installation.xml:894(para)
20502
msgid ""
20503
"The topic of RAID arrays is a complex one due to the plethora of ways RAID "
20504
"can be configured. Please see the following links for more information:"
20505
msgstr ""
20506
20507
#: serverguide/C/installation.xml:901(para)
20508
msgid ""
20509
"<ulink url=\"https://help.ubuntu.com/community/Installation#raid\">Ubuntu "
20510
"Wiki Articles on RAID</ulink>."
20511
msgstr ""
20512
20513
#: serverguide/C/installation.xml:907(ulink)
20514
msgid "Software RAID HOWTO"
20515
msgstr ""
20516
20517
#: serverguide/C/installation.xml:912(ulink)
20518
msgid "Managing RAID on Linux"
20519
msgstr ""
20520
20521
#: serverguide/C/installation.xml:919(title)
20522
msgid "Logical Volume Manager (LVM)"
20523
msgstr ""
20524
20525
#: serverguide/C/installation.xml:921(para)
20526
msgid ""
20527
"Logical Volume Manger, or <emphasis>LVM</emphasis>, allows administrators to "
20528
"create <emphasis>logical</emphasis> volumes out of one or multiple physical "
20529
"hard disks. LVM volumes can be created on both software RAID partitions and "
20530
"standard partitions residing on a single disk. Volumes can also be extended, "
20531
"giving greater flexibility to systems as requirements change."
20532
msgstr ""
20533
20534
#: serverguide/C/installation.xml:930(para)
20535
msgid ""
20536
"A side effect of LVM's power and flexibility is a greater degree of "
20537
"complication. Before diving into the LVM installation process, it is best to "
20538
"get familiar with some terms."
20539
msgstr ""
20540
20541
#: serverguide/C/installation.xml:937(para)
20542
msgid ""
20543
"<emphasis>Volume Group (VG):</emphasis> contains one or several Logical "
20544
"Volumes (LV)."
20545
msgstr ""
20546
20547
#: serverguide/C/installation.xml:942(para)
20548
msgid ""
20549
"<emphasis>Logical Volume (LV):</emphasis> is similar to a partition in a non-"
20550
"LVM system. Multiple Physical Volumes (PV) can make up one LV, on top of "
20551
"which resides the actual EXT3, XFS, JFS, etc filesystem."
20552
msgstr ""
20553
20554
#: serverguide/C/installation.xml:948(para)
20555
msgid ""
20556
"<emphasis>Physical Volume (PV):</emphasis> physical hard disk or software "
20557
"RAID partition. The Volume Group can be extended by adding more PVs."
20558
msgstr ""
20559
20560
#: serverguide/C/installation.xml:959(para)
20561
msgid ""
20562
"As an example this section covers installing Ubuntu Server Edition with "
20563
"<filename role=\"directory\">/srv</filename> mounted on a LVM volume. During "
20564
"the initial install only one Physical Volume (PV) will be part of the Volume "
20565
"Group (VG). Another PV will be added after install to demonstrate how a VG "
20566
"can be extended."
20567
msgstr ""
20568
20569
#: serverguide/C/installation.xml:965(para)
20570
msgid ""
20571
"There are several installation options for LVM, <emphasis>\"Guided - use the "
20572
"entire disk and setup LVM\"</emphasis> which will also allow you to assign a "
20573
"portion of the available space to LVM, <emphasis>\"Guided - use entire and "
20574
"setup encrypted LVM\"</emphasis>, or <emphasis>Manually</emphasis> setup the "
20575
"partitions and configure LVM. At this time the only way to configure a "
20576
"system with both LVM and standard partitions, during installation, is to use "
20577
"the Manual approach."
20578
msgstr ""
20579
20580
#: serverguide/C/installation.xml:982(para)
20581
msgid ""
20582
"At the <emphasis>\"Partition Disks</emphasis> screen choose "
20583
"<emphasis>\"Manual\"</emphasis>."
20584
msgstr ""
20585
20586
#: serverguide/C/installation.xml:989(para)
20587
msgid ""
20588
"Select the hard disk and on the next screen choose \"yes\" to "
20589
"<emphasis>\"Create a new empty partition table on this device\"</emphasis>."
20590
msgstr ""
20591
20592
#: serverguide/C/installation.xml:996(para)
20593
msgid ""
20594
"Next, create standard <emphasis>/boot</emphasis>, <emphasis>swap</emphasis>, "
20595
"and <emphasis>/</emphasis> partitions with whichever filesystem you prefer."
20596
msgstr ""
20597
20598
#: serverguide/C/installation.xml:1004(para)
20599
msgid ""
20600
"For the LVM <emphasis>/srv</emphasis>, create a new "
20601
"<emphasis>Logical</emphasis> partition. Then change <emphasis>\"Use "
20602
"as\"</emphasis> to <emphasis>\"physical volume for LVM\"</emphasis> then "
20603
"<emphasis>\"Done setting up the partition\"</emphasis>."
20604
msgstr ""
20605
20606
#: serverguide/C/installation.xml:1012(para)
20607
msgid ""
20608
"Now select <emphasis>\"Configure the Logical Volume Manager\"</emphasis> at "
20609
"the top, and choose <emphasis>\"Yes\"</emphasis> to write the changes to "
20610
"disk."
20611
msgstr ""
20612
20613
#: serverguide/C/installation.xml:1020(para)
20614
msgid ""
20615
"For the <emphasis>\"LVM configuration action\"</emphasis> on the next "
20616
"screen, choose <emphasis>\"Create volume group\"</emphasis>. Enter a name "
20617
"for the VG such as <emphasis>vg01</emphasis>, or something more descriptive. "
20618
"After entering a name, select the partition configured for LVM, and choose "
20619
"<emphasis>\"Continue\"</emphasis>."
20620
msgstr ""
20621
20622
#: serverguide/C/installation.xml:1029(para)
20623
msgid ""
20624
"Back at the <emphasis>\"LVM configuration action\"</emphasis> screen, select "
20625
"<emphasis>\"Create logical volume\"</emphasis>. Select the newly created "
20626
"volume group, and enter a name for the new LV, for example "
20627
"<emphasis>srv</emphasis> since that is the intended mount point. Then choose "
20628
"a size, which may be the full partition because it can always be extended "
20629
"later. Choose <emphasis>\"Finish\"</emphasis> and you should be back at the "
20630
"main <emphasis>\"Partition Disks\"</emphasis> screen."
20631
msgstr ""
20632
20633
#: serverguide/C/installation.xml:1039(para)
20634
msgid ""
20635
"Now add a filesystem to the new LVM. Select the partition under "
20636
"<emphasis>\"LVM VG vg01, LV srv\"</emphasis>, or whatever name you have "
20637
"chosen, the choose <emphasis>Use as</emphasis>. Setup a file system as "
20638
"normal selecting <emphasis>/srv</emphasis> as the mount point. Once done, "
20639
"select <emphasis>\"Done setting up the partition\"</emphasis>."
20640
msgstr ""
20641
20642
#: serverguide/C/installation.xml:1048(para)
20643
msgid ""
20644
"Finally, select <emphasis>\"Finish partitioning and write changes to "
20645
"disk\"</emphasis>. Then confirm the changes and continue with the rest of "
20646
"the installation."
20647
msgstr ""
20648
20649
#: serverguide/C/installation.xml:1056(para)
20650
msgid "There are some useful utilities to view information about LVM:"
20651
msgstr ""
20652
20653
#: serverguide/C/installation.xml:1061(para)
20654
msgid ""
20655
"<emphasis>vgdisplay:</emphasis> shows information about Volume Groups."
20656
msgstr ""
20657
20658
#: serverguide/C/installation.xml:1062(para)
20659
msgid ""
20660
"<emphasis>lvdisplay:</emphasis> has information about Logical Volumes."
20661
msgstr ""
20662
20663
#: serverguide/C/installation.xml:1063(para)
20664
msgid ""
20665
"<emphasis>pvdisplay:</emphasis> similarly displays information about "
20666
"Physical Volumes."
20667
msgstr ""
20668
20669
#: serverguide/C/installation.xml:1068(title)
20670
msgid "Extending Volume Groups"
20671
msgstr ""
20672
20673
#: serverguide/C/installation.xml:1070(para)
20674
msgid ""
20675
"Continuing with <emphasis>srv</emphasis> as an LVM volume example, this "
20676
"section covers adding a second hard disk, creating a Physical Volume (PV), "
20677
"adding it to the volume group (VG), extending the logical volume <filename "
20678
"role=\"directory\">srv</filename> and finally extending the filesystem. This "
20679
"example assumes a second hard disk has been added to the system. This hard "
20680
"disk will be named <filename>/dev/sdb</filename> in our example. BEWARE: "
20681
"make sure you don't already have an existing <filename>/dev/sdb</filename> "
20682
"before issuing the commands below. You could lose some data if you issue "
20683
"those commands on a non-empty disk. In our example we will use the entire "
20684
"disk as a physical volume (you could choose to create partitions and use "
20685
"them as different physical volumes)"
20686
msgstr ""
20687
20688
#: serverguide/C/installation.xml:1082(para)
20689
msgid "First, create the physical volume, in a terminal execute:"
20690
msgstr ""
20691
20692
#: serverguide/C/installation.xml:1087(command)
20693
msgid "sudo pvcreate /dev/sdb"
20694
msgstr ""
20695
20696
#: serverguide/C/installation.xml:1093(para)
20697
msgid "Now extend the Volume Group (VG):"
20698
msgstr ""
20699
20700
#: serverguide/C/installation.xml:1098(command)
20701
msgid "sudo vgextend vg01 /dev/sdb"
20702
msgstr ""
20703
20704
#: serverguide/C/installation.xml:1104(para)
20705
msgid ""
20706
"Use <application>vgdisplay</application> to find out the free physical "
20707
"extents - Free PE / size (the size you can allocate). We will assume a free "
20708
"size of 511 PE (equivalent to 2GB with a PE size of 4MB) and we will use the "
20709
"whole free space available. Use your own PE and/or free space."
20710
msgstr ""
20711
20712
#: serverguide/C/installation.xml:1110(para)
20713
msgid ""
20714
"The Logical Volume (LV) can now be extended by different methods, we will "
20715
"only see how to use the PE to extend the LV:"
20716
msgstr ""
20717
20718
#: serverguide/C/installation.xml:1115(command)
20719
msgid "sudo lvextend /dev/vg01/srv -l +511"
20720
msgstr ""
20721
20722
#: serverguide/C/installation.xml:1118(para)
20723
msgid ""
20724
"The <emphasis>-l</emphasis> option allows the LV to be extended using PE. "
20725
"The <emphasis>-L</emphasis> option allows the LV to be extended using Meg, "
20726
"Gig, Tera, etc bytes."
20727
msgstr ""
20728
20729
#: serverguide/C/installation.xml:1126(para)
20730
msgid ""
20731
"Even though you are supposed to be able to <emphasis>expand</emphasis> an "
20732
"ext3 or ext4 filesystem without unmounting it first, it may be a good "
20733
"practice to unmount it anyway and check the filesystem, so that you don't "
20734
"mess up the day you want to reduce a logical volume (in that case unmounting "
20735
"first is compulsory)."
20736
msgstr ""
20737
20738
#: serverguide/C/installation.xml:1132(para)
20739
msgid ""
20740
"The following commands are for an <emphasis>EXT3</emphasis> or "
20741
"<emphasis>EXT4</emphasis> filesystem. If you are using another filesystem "
20742
"there may be other utilities available."
20743
msgstr ""
20744
20745
#: serverguide/C/installation.xml:1139(command)
20746
msgid "sudo e2fsck -f /dev/vg01/srv"
20747
msgstr ""
20748
20749
#: serverguide/C/installation.xml:1142(para)
20750
msgid ""
20751
"The <emphasis>-f</emphasis> option of <application>e2fsck</application> "
20752
"forces checking even if the system seems clean."
20753
msgstr ""
20754
20755
#: serverguide/C/installation.xml:1149(para)
20756
msgid "Finally, resize the filesystem:"
20757
msgstr ""
20758
20759
#: serverguide/C/installation.xml:1154(command)
20760
msgid "sudo resize2fs /dev/vg01/srv"
20761
msgstr ""
20762
20763
#: serverguide/C/installation.xml:1160(para)
20764
msgid "Now mount the partition and check its size."
20765
msgstr ""
20766
20767
#: serverguide/C/installation.xml:1165(command)
20768
msgid "mount /dev/vg01/srv /srv && df -h /srv"
20769
msgstr ""
20770
20771
#: serverguide/C/installation.xml:1177(para)
20772
msgid ""
20773
"See the <ulink "
20774
"url=\"https://help.ubuntu.com/community/Installation#lvm\">Ubuntu Wiki LVM "
20775
"Articles</ulink>."
20776
msgstr ""
20777
20778
#: serverguide/C/installation.xml:1182(para)
20779
msgid ""
20780
"See the <ulink url=\"http://tldp.org/HOWTO/LVM-HOWTO/index.html\">LVM "
20781
"HOWTO</ulink> for more information."
20782
msgstr ""
20783
20784
#: serverguide/C/installation.xml:1187(para)
20785
msgid ""
20786
"Another good article is <ulink "
20787
"url=\"http://www.linuxdevcenter.com/pub/a/linux/2006/04/27/managing-disk-"
20788
"space-with-lvm.html\">Managing Disk Space with LVM</ulink> on O'Reilly's "
20789
"linuxdevcenter.com site."
20790
msgstr ""
20791
20792
#: serverguide/C/installation.xml:1194(para)
20793
msgid ""
20794
"For more information on <application>fdisk</application> see the <ulink "
20795
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/fdisk.8.html\">fdi"
20796
"sk man page</ulink>."
20797
msgstr ""
20798
20799
#: serverguide/C/file-server.xml:13(title)
20800
msgid "File Servers"
20801
msgstr ""
20802
20803
#: serverguide/C/file-server.xml:15(para)
20804
msgid ""
20805
"If you have more than one computer on a single network. At some point you "
20806
"will probably need to share files between them. In this section we cover "
20807
"installing and configuring FTP, NFS, and CUPS."
20808
msgstr ""
20809
20810
#: serverguide/C/file-server.xml:22(title)
20811
msgid "FTP Server"
20812
msgstr ""
20813
20814
#: serverguide/C/file-server.xml:24(para)
20815
msgid ""
20816
"File Transfer Protocol (FTP) is a TCP protocol for uploading and downloading "
20817
"files between computers. FTP works on a client/server model. The server "
20818
"component is called an <emphasis>FTP daemon</emphasis>. It continuously "
20819
"listens for FTP requests from remote clients. When a request is received, it "
20820
"manages the login and sets up the connection. For the duration of the "
20821
"session it executes any of commands sent by the FTP client."
20822
msgstr ""
20823
20824
#: serverguide/C/file-server.xml:33(para)
20825
msgid "Access to an FTP server can be managed in two ways:"
20826
msgstr ""
20827
20828
#: serverguide/C/file-server.xml:37(para)
20829
msgid "Anonymous"
20830
msgstr ""
20831
20832
#: serverguide/C/file-server.xml:40(para)
20833
msgid "Authenticated"
20834
msgstr ""
20835
20836
#: serverguide/C/file-server.xml:43(para)
20837
msgid ""
20838
"In the Anonymous mode, remote clients can access the FTP server by using the "
20839
"default user account called \"anonymous\" or \"ftp\" and sending an email "
20840
"address as the password. In the Authenticated mode a user must have an "
20841
"account and a password. User access to the FTP server directories and files "
20842
"is dependent on the permissions defined for the account used at login. As a "
20843
"general rule, the FTP daemon will hide the root directory of the FTP server "
20844
"and change it to the FTP Home directory. This hides the rest of the file "
20845
"system from remote sessions."
20846
msgstr ""
20847
20848
#: serverguide/C/file-server.xml:55(title)
20849
msgid "vsftpd - FTP Server Installation"
20850
msgstr ""
20851
20852
#: serverguide/C/file-server.xml:57(para)
20853
msgid ""
20854
"vsftpd is an FTP daemon available in Ubuntu. It is easy to install, set up, "
20855
"and maintain. To install <application>vsftpd</application> you can run the "
20856
"following command:"
20857
msgstr ""
20858
20859
#: serverguide/C/file-server.xml:65(command)
20860
msgid "sudo apt-get install vsftpd"
20861
msgstr ""
20862
20863
#: serverguide/C/file-server.xml:71(title)
20864
msgid "Anonymous FTP Configuration"
20865
msgstr ""
20866
20867
#: serverguide/C/file-server.xml:73(para)
20868
msgid ""
20869
"By default <application>vsftpd</application> is configured to only allow "
20870
"anonymous download. During installation a <emphasis>ftp</emphasis> user is "
20871
"created with a home directory of <filename>/home/ftp</filename>. This is the "
20872
"default FTP directory."
20873
msgstr ""
20874
20875
#: serverguide/C/file-server.xml:80(para)
20876
msgid ""
20877
"If you wish to change this location, to <filename>/srv/ftp</filename> for "
20878
"example, simply create a directory in another location and change the "
20879
"<emphasis>ftp</emphasis> user's home directory:"
20880
msgstr ""
20881
20882
#: serverguide/C/file-server.xml:87(command)
20883
msgid "sudo mkdir /srv/ftp"
20884
msgstr ""
20885
20886
#: serverguide/C/file-server.xml:88(command)
20887
msgid "sudo usermod -d /srv/ftp ftp"
20888
msgstr ""
20889
20890
#: serverguide/C/file-server.xml:91(para)
20891
msgid "After making the change restart <application>vsftpd</application>:"
20892
msgstr ""
20893
20894
#: serverguide/C/file-server.xml:96(command) serverguide/C/file-server.xml:124(command) serverguide/C/file-server.xml:189(command) serverguide/C/file-server.xml:237(command)
20895
msgid "sudo /etc/init.d/vsftpd restart"
20896
msgstr ""
20897
20898
#: serverguide/C/file-server.xml:99(para)
20899
msgid ""
20900
"Finally, copy any files and directories you would like to make available "
20901
"through anonymous FTP to <filename>/srv/ftp</filename>."
20902
msgstr ""
20903
20904
#: serverguide/C/file-server.xml:106(title)
20905
msgid "User Authenticated FTP Configuration"
20906
msgstr ""
20907
20908
#: serverguide/C/file-server.xml:108(para)
20909
msgid ""
20910
"To configure <application>vsftpd</application> to authenticate system users "
20911
"and allow them to upload files edit <filename>/etc/vsftpd.conf</filename>:"
20912
msgstr ""
20913
20914
#: serverguide/C/file-server.xml:114(programlisting)
20915
#, no-wrap
20916
msgid ""
20917
"\n"
20918
"local_enable=YES\n"
20919
"write_enable=YES\n"
20920
msgstr ""
20921
20922
#: serverguide/C/file-server.xml:119(para)
20923
msgid "Now restart <application>vsftpd</application>:"
20924
msgstr ""
20925
20926
#: serverguide/C/file-server.xml:127(para)
20927
msgid ""
20928
"Now when system users login to FTP they will start in their "
20929
"<emphasis>home</emphasis> directories where they can download, upload, "
20930
"create directories, etc."
20931
msgstr ""
20932
20933
#: serverguide/C/file-server.xml:133(para)
20934
msgid ""
20935
"Similarly, by default, the anonymous users are not allowed to upload files "
20936
"to FTP server. To change this setting, you should uncomment the following "
20937
"line, and restart <application>vsftpd</application>:"
20938
msgstr ""
20939
20940
#: serverguide/C/file-server.xml:140(programlisting)
20941
#, no-wrap
20942
msgid ""
20943
"\n"
20944
"anon_upload_enable=YES\n"
20945
msgstr ""
20946
20947
#: serverguide/C/file-server.xml:145(para)
20948
msgid ""
20949
"Enabling anonymous FTP upload can be an extreme security risk. It is best to "
20950
"not enable anonymous upload on servers accessed directly from the Internet."
20951
msgstr ""
20952
20953
#: serverguide/C/file-server.xml:151(para)
20954
msgid ""
20955
"The configuration file consists of many configuration parameters. The "
20956
"information about each parameter is available in the configuration file. "
20957
"Alternatively, you can refer to the man page, <command>man 5 "
20958
"vsftpd.conf</command> for details of each parameter."
20959
msgstr ""
20960
20961
#: serverguide/C/file-server.xml:162(title)
20962
msgid "Securing FTP"
20963
msgstr ""
20964
20965
#: serverguide/C/file-server.xml:164(para)
20966
msgid ""
20967
"There are options in <filename>/etc/vsftpd.conf</filename> to help make "
20968
"<application>vsftpd</application> more secure. For example users can be "
20969
"limited to their home directories by uncommenting:"
20970
msgstr ""
20971
20972
#: serverguide/C/file-server.xml:170(programlisting)
20973
#, no-wrap
20974
msgid ""
20975
"\n"
20976
"chroot_local_user=YES\n"
20977
msgstr ""
20978
20979
#: serverguide/C/file-server.xml:174(para)
20980
msgid ""
20981
"You can also limit a specific list of users to just their home directories:"
20982
msgstr ""
20983
20984
#: serverguide/C/file-server.xml:178(programlisting)
20985
#, no-wrap
20986
msgid ""
20987
"\n"
20988
"chroot_list_enable=YES\n"
20989
"chroot_list_file=/etc/vsftpd.chroot_list\n"
20990
msgstr ""
20991
20992
#: serverguide/C/file-server.xml:183(para)
20993
msgid ""
20994
"After uncommenting the above options, create a "
20995
"<filename>/etc/vsftpd.chroot_list</filename> containing a list of users one "
20996
"per line. Then restart <application>vsftpd</application>:"
20997
msgstr ""
20998
20999
#: serverguide/C/file-server.xml:192(para)
21000
msgid ""
21001
"Also, the <filename>/etc/ftpusers</filename> file is a list of users that "
21002
"are <emphasis>disallowed</emphasis> FTP access. The default list includes "
21003
"root, daemon, nobody, etc. To disable FTP access for additional users simply "
21004
"add them to the list."
21005
msgstr ""
21006
21007
#: serverguide/C/file-server.xml:199(para)
21008
msgid ""
21009
"FTP can also be encrypted using <emphasis>FTPS</emphasis>. Different from "
21010
"<emphasis>SFTP</emphasis>, <emphasis>FTPS</emphasis> is FTP over Secure "
21011
"Socket Layer (SSL). <emphasis>SFTP</emphasis> is a FTP like session over an "
21012
"encrypted <emphasis>SSH</emphasis> connection. A major difference is that "
21013
"users of SFTP need to have a <emphasis>shell</emphasis> account on the "
21014
"system, instead of a <emphasis>nologin</emphasis> shell. Providing all users "
21015
"with a shell may not be ideal for some environments, such as a shared web "
21016
"host."
21017
msgstr ""
21018
21019
#: serverguide/C/file-server.xml:208(para)
21020
msgid ""
21021
"To configure <emphasis>FTPS</emphasis>, edit "
21022
"<filename>/etc/vsftpd.conf</filename> and at the bottom add:"
21023
msgstr ""
21024
21025
#: serverguide/C/file-server.xml:212(programlisting)
21026
#, no-wrap
21027
msgid ""
21028
"\n"
21029
"ssl_enable=Yes\n"
21030
msgstr ""
21031
21032
#: serverguide/C/file-server.xml:216(para)
21033
msgid "Also, notice the certificate and key related options:"
21034
msgstr ""
21035
21036
#: serverguide/C/file-server.xml:220(programlisting)
21037
#, no-wrap
21038
msgid ""
21039
"\n"
21040
"rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem\n"
21041
"rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key\n"
21042
msgstr ""
21043
21044
#: serverguide/C/file-server.xml:225(para)
21045
msgid ""
21046
"By default these options are set the certificate and key provided by the "
21047
"<application>ssl-cert</application> package. In a production environment "
21048
"these should be replaced with a certificate and key generated for the "
21049
"specific host. For more information on certificates see <xref "
21050
"linkend=\"certificates-and-security\"/>."
21051
msgstr ""
21052
21053
#: serverguide/C/file-server.xml:231(para)
21054
msgid ""
21055
"Now restart <application>vsftpd</application>, and non-anonymous users will "
21056
"be forced to use <emphasis>FTPS</emphasis>:"
21057
msgstr ""
21058
21059
#: serverguide/C/file-server.xml:240(para)
21060
msgid ""
21061
"To allow users with a shell of <filename>/usr/sbin/nologin</filename> access "
21062
"to FTP, but have no shell access, edit <filename>/etc/shells</filename> "
21063
"adding the <emphasis>nologin</emphasis> shell:"
21064
msgstr ""
21065
21066
#: serverguide/C/file-server.xml:245(programlisting)
21067
#, no-wrap
21068
msgid ""
21069
"\n"
21070
"# /etc/shells: valid login shells\n"
21071
"/bin/csh\n"
21072
"/bin/sh\n"
21073
"/usr/bin/es\n"
21074
"/usr/bin/ksh\n"
21075
"/bin/ksh\n"
21076
"/usr/bin/rc\n"
21077
"/usr/bin/tcsh\n"
21078
"/bin/tcsh\n"
21079
"/usr/bin/esh\n"
21080
"/bin/dash\n"
21081
"/bin/bash\n"
21082
"/bin/rbash\n"
21083
"/usr/bin/screen\n"
21084
"/usr/sbin/nologin\n"
21085
msgstr ""
21086
21087
#: serverguide/C/file-server.xml:263(para)
21088
msgid ""
21089
"This is necessary because, by default <application>vsftpd</application> uses "
21090
"PAM for authentication, and the <filename>/etc/pam.d/vsftpd</filename> "
21091
"configuration file contains:"
21092
msgstr ""
21093
21094
#: serverguide/C/file-server.xml:268(programlisting)
21095
#, no-wrap
21096
msgid ""
21097
"\n"
21098
"auth required pam_shells.so\n"
21099
msgstr ""
21100
21101
#: serverguide/C/file-server.xml:272(para)
21102
msgid ""
21103
"The <emphasis>shells</emphasis> PAM module restricts access to shells listed "
21104
"in the <filename>/etc/shells</filename> file."
21105
msgstr ""
21106
21107
#: serverguide/C/file-server.xml:277(para)
21108
msgid ""
21109
"Most popular FTP clients can be configured connect using FTPS. The "
21110
"<application>lftp</application> command line FTP client has the ability to "
21111
"use FTPS as well."
21112
msgstr ""
21113
21114
#: serverguide/C/file-server.xml:288(para)
21115
msgid ""
21116
"See the <ulink url=\"http://vsftpd.beasts.org/vsftpd_conf.html\">vsftpd "
21117
"website</ulink> for more information."
21118
msgstr ""
21119
21120
#: serverguide/C/file-server.xml:293(para)
21121
msgid ""
21122
"For detailed <filename>/etc/vsftpd.conf</filename> options see the <ulink "
21123
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/vsftpd.conf.5.html"
21124
"\">vsftpd.conf man page</ulink>."
21125
msgstr ""
21126
21127
#: serverguide/C/file-server.xml:299(para)
21128
msgid ""
21129
"The CodeGurus article <ulink "
21130
"url=\"http://www.codeguru.com/csharp/.net/net_general/internet/article.php/c1"
21131
"4329\"> FTPS vs. SFTP: What to Choose</ulink> has useful information "
21132
"contrasting FTPS and SFTP."
21133
msgstr ""
21134
21135
#: serverguide/C/file-server.xml:305(para)
21136
msgid ""
21137
"Also, for more information see the <ulink "
21138
"url=\"https://help.ubuntu.com/community/vsftpd\">Ubuntu Wiki vsftpd</ulink> "
21139
"page."
21140
msgstr ""
21141
21142
#: serverguide/C/file-server.xml:315(title)
21143
msgid "Network File System (NFS)"
21144
msgstr ""
21145
21146
#: serverguide/C/file-server.xml:316(para)
21147
msgid ""
21148
"NFS allows a system to share directories and files with others over a "
21149
"network. By using NFS, users and programs can access files on remote systems "
21150
"almost as if they were local files."
21151
msgstr ""
21152
21153
#: serverguide/C/file-server.xml:322(para)
21154
msgid "Some of the most notable benefits that NFS can provide are:"
21155
msgstr ""
21156
21157
#: serverguide/C/file-server.xml:328(para)
21158
msgid ""
21159
"Local workstations use less disk space because commonly used data can be "
21160
"stored on a single machine and still remain accessible to others over the "
21161
"network."
21162
msgstr ""
21163
21164
#: serverguide/C/file-server.xml:333(para)
21165
msgid ""
21166
"There is no need for users to have separate home directories on every "
21167
"network machine. Home directories could be set up on the NFS server and made "
21168
"available throughout the network."
21169
msgstr ""
21170
21171
#: serverguide/C/file-server.xml:339(para)
21172
msgid ""
21173
"Storage devices such as floppy disks, CDROM drives, and USB Thumb drives can "
21174
"be used by other machines on the network. This may reduce the number of "
21175
"removable media drives throughout the network."
21176
msgstr ""
21177
21178
#: serverguide/C/file-server.xml:349(para)
21179
msgid ""
21180
"At a terminal prompt enter the following command to install the NFS Server:"
21181
msgstr ""
21182
21183
#: serverguide/C/file-server.xml:355(command)
21184
msgid "sudo apt-get install nfs-kernel-server"
21185
msgstr ""
21186
21187
#: serverguide/C/file-server.xml:361(para)
21188
msgid ""
21189
"You can configure the directories to be exported by adding them to the "
21190
"<filename>/etc/exports</filename> file. For example:"
21191
msgstr ""
21192
21193
#: serverguide/C/file-server.xml:366(screen)
21194
#, no-wrap
21195
msgid ""
21196
"\n"
21197
"/ubuntu *(ro,sync,no_root_squash)\n"
21198
"/home *(rw,sync,no_root_squash)\n"
21199
msgstr ""
21200
21201
#: serverguide/C/file-server.xml:372(para)
21202
msgid ""
21203
"You can replace * with one of the hostname formats. Make the hostname "
21204
"declaration as specific as possible so unwanted systems cannot access the "
21205
"NFS mount."
21206
msgstr ""
21207
21208
#: serverguide/C/file-server.xml:378(para)
21209
msgid ""
21210
"To start the NFS server, you can run the following command at a terminal "
21211
"prompt:"
21212
msgstr ""
21213
21214
#: serverguide/C/file-server.xml:383(command)
21215
msgid "sudo /etc/init.d/nfs-kernel-server start"
21216
msgstr ""
21217
21218
#: serverguide/C/file-server.xml:388(title)
21219
msgid "NFS Client Configuration"
21220
msgstr ""
21221
21222
#: serverguide/C/file-server.xml:389(para)
21223
msgid ""
21224
"Use the <application>mount</application> command to mount a shared NFS "
21225
"directory from another machine, by typing a command line similar to the "
21226
"following at a terminal prompt:"
21227
msgstr ""
21228
21229
#: serverguide/C/file-server.xml:395(command)
21230
msgid "sudo mount example.hostname.com:/ubuntu /local/ubuntu"
21231
msgstr ""
21232
21233
#: serverguide/C/file-server.xml:399(para)
21234
msgid ""
21235
"The mount point directory <filename>/local/ubuntu</filename> must exist. "
21236
"There should be no files or subdirectories in the "
21237
"<filename>/local/ubuntu</filename> directory."
21238
msgstr ""
21239
21240
#: serverguide/C/file-server.xml:406(para)
21241
msgid ""
21242
"An alternate way to mount an NFS share from another machine is to add a line "
21243
"to the <filename>/etc/fstab</filename> file. The line must state the "
21244
"hostname of the NFS server, the directory on the server being exported, and "
21245
"the directory on the local machine where the NFS share is to be mounted."
21246
msgstr ""
21247
21248
#: serverguide/C/file-server.xml:414(para)
21249
msgid ""
21250
"The general syntax for the line in <filename>/etc/fstab</filename> file is "
21251
"as follows:"
21252
msgstr ""
21253
21254
#: serverguide/C/file-server.xml:420(programlisting)
21255
#, no-wrap
21256
msgid ""
21257
"\n"
21258
"example.hostname.com:/ubuntu /local/ubuntu nfs "
21259
"rsize=8192,wsize=8192,timeo=14,intr\n"
21260
msgstr ""
21261
21262
#: serverguide/C/file-server.xml:424(para)
21263
msgid ""
21264
"If you have trouble mounting an NFS share, make sure the <application>nfs-"
21265
"common</application> package is installed on your client. To install "
21266
"<application>nfs-common</application> enter the following command at the "
21267
"terminal prompt: <screen>\n"
21268
"<command>sudo apt-get install nfs-common</command>\n"
21269
"</screen>"
21270
msgstr ""
21271
21272
#: serverguide/C/file-server.xml:437(ulink)
21273
msgid "Linux NFS faq"
21274
msgstr ""
21275
21276
#: serverguide/C/file-server.xml:439(ulink)
21277
msgid "Ubuntu Wiki NFS Howto"
21278
msgstr ""
21279
21280
#: serverguide/C/file-server.xml:445(title)
21281
msgid "CUPS - Print Server"
21282
msgstr ""
21283
21284
#: serverguide/C/file-server.xml:446(para)
21285
msgid ""
21286
"The primary mechanism for Ubuntu printing and print services is the "
21287
"<emphasis role=\"bold\">Common UNIX Printing System</emphasis> (CUPS). This "
21288
"printing system is a freely available, portable printing layer which has "
21289
"become the new standard for printing in most Linux distributions."
21290
msgstr ""
21291
21292
#: serverguide/C/file-server.xml:453(para)
21293
msgid ""
21294
"CUPS manages print jobs and queues and provides network printing using the "
21295
"standard Internet Printing Protocol (IPP), while offering support for a very "
21296
"large range of printers, from dot-matrix to laser and many in between. CUPS "
21297
"also supports PostScript Printer Description (PPD) and auto-detection of "
21298
"network printers, and features a simple web-based configuration and "
21299
"administration tool."
21300
msgstr ""
21301
21302
#: serverguide/C/file-server.xml:463(para)
21303
msgid ""
21304
"To install CUPS on your Ubuntu computer, simply use "
21305
"<application>sudo</application> with the <application>apt-get</application> "
21306
"command and give the packages to install as the first parameter. A complete "
21307
"CUPS install has many package dependencies, but they may all be specified on "
21308
"the same command line. Enter the following at a terminal prompt to install "
21309
"CUPS:"
21310
msgstr ""
21311
21312
#: serverguide/C/file-server.xml:468(command)
21313
msgid "sudo apt-get install cups"
21314
msgstr ""
21315
21316
#: serverguide/C/file-server.xml:471(para)
21317
msgid ""
21318
"Upon authenticating with your user password, the packages should be "
21319
"downloaded and installed without error. Upon the conclusion of installation, "
21320
"the CUPS server will be started automatically."
21321
msgstr ""
21322
21323
#: serverguide/C/file-server.xml:476(para)
21324
msgid ""
21325
"For troubleshooting purposes, you can access CUPS server errors via the "
21326
"error log file at: <filename>/var/log/cups/error_log</filename>. If the "
21327
"error log does not show enough information to troubleshoot any problems you "
21328
"encounter, the verbosity of the CUPS log can be increased by changing the "
21329
"<emphasis role=\"bold\">LogLevel</emphasis> directive in the configuration "
21330
"file (discussed below) to \"debug\" or even \"debug2\", which logs "
21331
"everything, from the default of \"info\". If you make this change, remember "
21332
"to change it back once you've solved your problem, to prevent the log file "
21333
"from becoming overly large."
21334
msgstr ""
21335
21336
#: serverguide/C/file-server.xml:489(para)
21337
msgid ""
21338
"The Common UNIX Printing System server's behavior is configured through the "
21339
"directives contained in the file <filename>/etc/cups/cupsd.conf</filename>. "
21340
"The CUPS configuration file follows the same syntax as the primary "
21341
"configuration file for the Apache HTTP server, so users familiar with "
21342
"editing Apache's configuration file should feel at ease when editing the "
21343
"CUPS configuration file. Some examples of settings you may wish to change "
21344
"initially will be presented here."
21345
msgstr ""
21346
21347
#: serverguide/C/file-server.xml:499(para)
21348
msgid ""
21349
"Prior to editing the configuration file, you should make a copy of the "
21350
"original file and protect it from writing, so you will have the original "
21351
"settings as a reference, and to reuse as necessary."
21352
msgstr ""
21353
21354
#: serverguide/C/file-server.xml:503(para)
21355
msgid ""
21356
"Copy the <filename>/etc/cups/cupsd.conf</filename> file and protect it from "
21357
"writing with the following commands, issued at a terminal prompt:"
21358
msgstr ""
21359
21360
#: serverguide/C/file-server.xml:509(command)
21361
msgid "sudo cp /etc/cups/cupsd.conf /etc/cups/cupsd.conf.original"
21362
msgstr ""
21363
21364
#: serverguide/C/file-server.xml:510(command)
21365
msgid "sudo chmod a-w /etc/cups/cupsd.conf.original"
21366
msgstr ""
21367
21368
#: serverguide/C/file-server.xml:515(para)
21369
msgid ""
21370
"<emphasis role=\"bold\">ServerAdmin</emphasis>: To configure the email "
21371
"address of the designated administrator of the CUPS server, simply edit the "
21372
"<filename>/etc/cups/cupsd.conf</filename> configuration file with your "
21373
"preferred text editor, and add or modify the <emphasis "
21374
"role=\"italics\">ServerAdmin</emphasis> line accordingly. For example, if "
21375
"you are the Administrator for the CUPS server, and your e-mail address is "
21376
"'bjoy@somebigco.com', then you would modify the ServerAdmin line to appear "
21377
"as such:"
21378
msgstr ""
21379
21380
#: serverguide/C/file-server.xml:526(screen)
21381
#, no-wrap
21382
msgid ""
21383
"\n"
21384
"ServerAdmin bjoy@somebigco.com\n"
21385
msgstr ""
21386
21387
#: serverguide/C/file-server.xml:532(para)
21388
msgid ""
21389
"<emphasis role=\"bold\">Listen</emphasis>: By default on Ubuntu, the CUPS "
21390
"server installation listens only on the loopback interface at IP address "
21391
"<emphasis>127.0.0.1</emphasis>. In order to instruct the CUPS server to "
21392
"listen on an actual network adapter's IP address, you must specify either a "
21393
"hostname, the IP address, or optionally, an IP address/port pairing via the "
21394
"addition of a Listen directive. For example, if your CUPS server resides on "
21395
"a local network at the IP address <emphasis "
21396
"role=\"italics\">192.168.10.250</emphasis> and you'd like to make it "
21397
"accessible to the other systems on this subnetwork, you would edit the "
21398
"<filename>/etc/cups/cupsd.conf</filename> and add a Listen directive, as "
21399
"such:"
21400
msgstr ""
21401
21402
#: serverguide/C/file-server.xml:546(screen)
21403
#, no-wrap
21404
msgid ""
21405
"\n"
21406
"Listen 127.0.0.1:631 # existing loopback Listen\n"
21407
"Listen /var/run/cups/cups.sock # existing socket Listen\n"
21408
"Listen 192.168.10.250:631 # Listen on the LAN interface, Port 631 "
21409
"(IPP)\n"
21410
msgstr ""
21411
21412
#: serverguide/C/file-server.xml:552(para)
21413
msgid ""
21414
"In the example above, you may comment out or remove the reference to the "
21415
"Loopback address (127.0.0.1) if you do not wish <application>cupsd "
21416
"</application> to listen on that interface, but would rather have it only "
21417
"listen on the Ethernet interfaces of the Local Area Network (LAN). To enable "
21418
"listening for all network interfaces for which a certain hostname is bound, "
21419
"including the Loopback, you could create a Listen entry for the hostname "
21420
"<emphasis>socrates</emphasis> as such:"
21421
msgstr ""
21422
21423
#: serverguide/C/file-server.xml:562(screen)
21424
#, no-wrap
21425
msgid ""
21426
"\n"
21427
"Listen socrates:631 # Listen on all interfaces for the hostname 'socrates'\n"
21428
msgstr ""
21429
21430
#: serverguide/C/file-server.xml:566(para)
21431
msgid ""
21432
"or by omitting the Listen directive and using <emphasis>Port</emphasis> "
21433
"instead, as in:"
21434
msgstr ""
21435
21436
#: serverguide/C/file-server.xml:568(screen)
21437
#, no-wrap
21438
msgid ""
21439
"\n"
21440
"Port 631 # Listen on port 631 on all interfaces\n"
21441
msgstr ""
21442
21443
#: serverguide/C/file-server.xml:575(para)
21444
msgid ""
21445
"For more examples of configuration directives in the CUPS server "
21446
"configuration file, view the associated system manual page by entering the "
21447
"following command at a terminal prompt:"
21448
msgstr ""
21449
21450
#: serverguide/C/file-server.xml:582(command)
21451
msgid "man cupsd.conf"
21452
msgstr ""
21453
21454
#: serverguide/C/file-server.xml:586(para)
21455
msgid ""
21456
"Whenever you make changes to the <filename>/etc/cups/cupsd.conf</filename> "
21457
"configuration file, you'll need to restart the CUPS server by typing the "
21458
"following command at a terminal prompt:"
21459
msgstr ""
21460
21461
#: serverguide/C/file-server.xml:592(command)
21462
msgid "sudo /etc/init.d/cups restart"
21463
msgstr ""
21464
21465
#: serverguide/C/file-server.xml:598(title)
21466
msgid "Web Interface"
21467
msgstr ""
21468
21469
#: serverguide/C/file-server.xml:600(para)
21470
msgid ""
21471
"CUPS can be configured and monitored using a web interface, which by default "
21472
"is available at <ulink "
21473
"url=\"http://localhost:631/admin\">http://localhost:631/admin</ulink>. The "
21474
"web interface can be used to perform all printer management tasks."
21475
msgstr ""
21476
21477
#: serverguide/C/file-server.xml:604(para)
21478
msgid ""
21479
"In order to perform administrative tasks via the web interface, you must "
21480
"either have the root account enabled on your server, or authenticate as a "
21481
"user in the <emphasis role=\"italic\">lpadmin</emphasis> group. For security "
21482
"reasons, CUPS won't authenticate a user that doesn't have a password."
21483
msgstr ""
21484
21485
#: serverguide/C/file-server.xml:607(para)
21486
msgid ""
21487
"To add a user to the <emphasis role=\"italic\">lpadmin</emphasis> group, run "
21488
"at the terminal prompt: <screen>\n"
21489
"<command>sudo usermod -aG lpadmin username</command>\n"
21490
"</screen>"
21491
msgstr ""
21492
21493
#: serverguide/C/file-server.xml:613(para)
21494
msgid ""
21495
"Further documentation is available in the <emphasis "
21496
"role=\"italic\">Documentation/Help</emphasis> tab of the web interface."
21497
msgstr ""
21498
21499
#: serverguide/C/file-server.xml:621(ulink)
21500
msgid "CUPS Website"
21501
msgstr ""
21502
21503
#: serverguide/C/file-server.xml:624(ulink)
21504
msgid "Ubuntu Wiki CUPS page"
21505
msgstr ""
21506
21507
#: serverguide/C/dns.xml:13(title)
21508
msgid "Domain Name Service (DNS)"
21509
msgstr ""
21510
21511
#: serverguide/C/dns.xml:14(para)
21512
msgid ""
21513
"Domain Name Service (DNS) is an Internet service that maps IP addresses and "
21514
"fully qualified domain names (FQDN) to one another. In this way, DNS "
21515
"alleviates the need to remember IP addresses. Computers that run DNS are "
21516
"called <emphasis>name servers</emphasis>. Ubuntu ships with "
21517
"<application>BIND</application> (Berkley Internet Naming Daemon), the most "
21518
"common program used for maintaining a name server on Linux."
21519
msgstr ""
21520
21521
#: serverguide/C/dns.xml:24(para)
21522
msgid ""
21523
"At a terminal prompt, enter the following command to install "
21524
"<application>dns</application>:"
21525
msgstr ""
21526
21527
#: serverguide/C/dns.xml:28(command)
21528
msgid "sudo apt-get install bind9"
21529
msgstr ""
21530
21531
#: serverguide/C/dns.xml:30(para)
21532
msgid ""
21533
"A very useful package for testing and troubleshooting DNS issues is the "
21534
"dnsutils package. To install <application>dnsutils</application> enter the "
21535
"following:"
21536
msgstr ""
21537
21538
#: serverguide/C/dns.xml:35(command)
21539
msgid "sudo apt-get install dnsutils"
21540
msgstr ""
21541
21542
#: serverguide/C/dns.xml:40(para)
21543
msgid ""
21544
"There are many ways to configure <application>BIND9</application>. Some of "
21545
"the most common configurations are a caching nameserver, primary master, and "
21546
"as a secondary master."
21547
msgstr ""
21548
21549
#: serverguide/C/dns.xml:46(para)
21550
msgid ""
21551
"When configured as a caching nameserver BIND9 will find the answer to name "
21552
"queries and remember the answer when the domain is queried again."
21553
msgstr ""
21554
21555
#: serverguide/C/dns.xml:52(para)
21556
msgid ""
21557
"As a primary master server BIND9 reads the data for a zone from a file on "
21558
"it's host and is authoritative for that zone."
21559
msgstr ""
21560
21561
#: serverguide/C/dns.xml:57(para)
21562
msgid ""
21563
"In a secondary master configuration BIND9 gets the zone data from another "
21564
"nameserver authoritative for the zone."
21565
msgstr ""
21566
21567
#: serverguide/C/dns.xml:65(para)
21568
msgid ""
21569
"The DNS configuration files are stored in the <filename>/etc/bind</filename> "
21570
"directory. The primary configuration file is "
21571
"<filename>/etc/bind/named.conf</filename>."
21572
msgstr ""
21573
21574
#: serverguide/C/dns.xml:72(para)
21575
msgid ""
21576
"The <emphasis>include</emphasis> line specifies the filename which contains "
21577
"the DNS options. The <emphasis>directory</emphasis> line in the "
21578
"<filename>/etc/bind/named.conf.options</filename> file tells DNS where to "
21579
"look for files. All files BIND uses will be relative to this directory."
21580
msgstr ""
21581
21582
#: serverguide/C/dns.xml:80(para)
21583
msgid ""
21584
"The file named <filename>/etc/bind/db.root</filename> describes the root "
21585
"nameservers in the world. The servers change over time, so the "
21586
"<filename>/etc/bind/db.root</filename> file must be maintained now and then. "
21587
"This is usually done as updates to the <application>bind9</application> "
21588
"package. The <emphasis>zone</emphasis> section defines a master server, and "
21589
"it is stored in a file mentioned in the <emphasis>file</emphasis> option."
21590
msgstr ""
21591
21592
#: serverguide/C/dns.xml:90(para)
21593
msgid ""
21594
"It is possible to configure the same server to be a caching name server, "
21595
"primary master, and secondary master. A server can be the Start of Authority "
21596
"(SOA) for one zone, while providing secondary service for another zone. All "
21597
"the while providing caching services for hosts on the local LAN."
21598
msgstr ""
21599
21600
#: serverguide/C/dns.xml:98(title)
21601
msgid "Caching Nameserver"
21602
msgstr ""
21603
21604
#: serverguide/C/dns.xml:99(para)
21605
msgid ""
21606
"The default configuration is setup to act as a caching server. All that is "
21607
"required is simply adding the IP Addresses of your ISP's DNS servers. Simply "
21608
"uncomment and edit the following in "
21609
"<filename>/etc/bind/named.conf.options</filename>:"
21610
msgstr ""
21611
21612
#: serverguide/C/dns.xml:103(programlisting)
21613
#, no-wrap
21614
msgid ""
21615
"\n"
21616
"forwarders {\n"
21617
" 1.2.3.4;\n"
21618
" 5.6.7.8;\n"
21619
" };\n"
21620
msgstr ""
21621
21622
#: serverguide/C/dns.xml:110(para)
21623
msgid ""
21624
"Replace <emphasis>1.2.3.4</emphasis> and <emphasis>5.6.7.8</emphasis> with "
21625
"the IP Adresses of actual nameservers."
21626
msgstr ""
21627
21628
#: serverguide/C/dns.xml:114(para)
21629
msgid ""
21630
"Now restart the DNS server, to enable the new configuration. From a terminal "
21631
"prompt:"
21632
msgstr ""
21633
21634
#: serverguide/C/dns.xml:118(command) serverguide/C/dns.xml:194(command) serverguide/C/dns.xml:253(command) serverguide/C/dns.xml:312(command) serverguide/C/dns.xml:561(command)
21635
msgid "sudo /etc/init.d/bind9 restart"
21636
msgstr ""
21637
21638
#: serverguide/C/dns.xml:120(para)
21639
msgid ""
21640
"See <xref linkend=\"dns-testing-dig\"/> for information on testing a caching "
21641
"DNS server."
21642
msgstr ""
21643
21644
#: serverguide/C/dns.xml:125(title)
21645
msgid "Primary Master"
21646
msgstr ""
21647
21648
#: serverguide/C/dns.xml:126(para)
21649
msgid ""
21650
"In this section <application>BIND9</application> will be configured as the "
21651
"Primary Master for the domain <emphasis>example.com</emphasis>. Simply "
21652
"replace <emphasis role=\"italic\">example.com</emphasis> with your FQDN "
21653
"(Fully Qualified Domain Name)."
21654
msgstr ""
21655
21656
#: serverguide/C/dns.xml:132(title)
21657
msgid "Forward Zone File"
21658
msgstr ""
21659
21660
#: serverguide/C/dns.xml:133(para)
21661
msgid ""
21662
"To add a DNS zone to BIND9, turning BIND9 into a Primary Master server, the "
21663
"first step is to edit <filename>/etc/bind/named.conf.local</filename>:"
21664
msgstr ""
21665
21666
#: serverguide/C/dns.xml:137(programlisting)
21667
#, no-wrap
21668
msgid ""
21669
"\n"
21670
"zone \"example.com\" {\n"
21671
"\ttype master;\n"
21672
" file \"/etc/bind/db.example.com\";\n"
21673
"};\n"
21674
msgstr ""
21675
21676
#: serverguide/C/dns.xml:143(para)
21677
msgid ""
21678
"Now use an existing zone file as a template to create the "
21679
"<filename>/etc/bind/db.example.com</filename> file:"
21680
msgstr ""
21681
21682
#: serverguide/C/dns.xml:147(command)
21683
msgid "sudo cp /etc/bind/db.local /etc/bind/db.example.com"
21684
msgstr ""
21685
21686
#: serverguide/C/dns.xml:149(para)
21687
msgid ""
21688
"Edit the new zone file <filename>/etc/bind/db.example.com</filename> change "
21689
"<emphasis>localhost.</emphasis> to the FQDN of your server, leaving the "
21690
"additional \".\" at the end. Change <emphasis>127.0.0.1</emphasis> to the "
21691
"nameserver's IP Address and <emphasis>root.localhost</emphasis> to a valid "
21692
"email address, but with a \".\" instead of the usual \"@\" symbol, again "
21693
"leaving the \".\" at the end."
21694
msgstr ""
21695
21696
#: serverguide/C/dns.xml:155(para)
21697
msgid ""
21698
"Also, create an <emphasis>A record</emphasis> for <emphasis "
21699
"role=\"italic\">ns.example.com</emphasis>. The name server in this example:"
21700
msgstr ""
21701
21702
#: serverguide/C/dns.xml:159(programlisting)
21703
#, no-wrap
21704
msgid ""
21705
"\n"
21706
";\n"
21707
"; BIND data file for local loopback interface\n"
21708
";\n"
21709
"$TTL 604800\n"
21710
"@ IN SOA ns.example.com. root.example.com. (\n"
21711
" 2 ; Serial\n"
21712
" 604800 ; Refresh\n"
21713
" 86400 ; Retry\n"
21714
" 2419200 ; Expire\n"
21715
" 604800 ) ; Negative Cache TTL\n"
21716
";\n"
21717
"@ IN NS ns.example.com.\n"
21718
"@ IN A 127.0.0.1\n"
21719
"@ IN AAAA ::1\n"
21720
"ns IN A 192.168.1.10\n"
21721
msgstr ""
21722
21723
#: serverguide/C/dns.xml:176(para)
21724
msgid ""
21725
"You must increment the <emphasis>Serial Number</emphasis> every time you "
21726
"make changes to the zone file. If you make multiple changes before "
21727
"restarting BIND9, simply increment the Serial once."
21728
msgstr ""
21729
21730
#: serverguide/C/dns.xml:180(para)
21731
msgid ""
21732
"Now, you can add DNS records to the bottom of the zone file. See <xref "
21733
"linkend=\"dns-record-types\"/> for details."
21734
msgstr ""
21735
21736
#: serverguide/C/dns.xml:184(para)
21737
msgid ""
21738
"Many admins like to use the last date edited as the serial of a zone, such "
21739
"as <emphasis>2007010100</emphasis> which is yyyymmddss (where "
21740
"<emphasis>ss</emphasis> is the Serial Number)"
21741
msgstr ""
21742
21743
#: serverguide/C/dns.xml:189(para)
21744
msgid ""
21745
"Once you have made a change to the zone file "
21746
"<application>BIND9</application> will need to be restarted for the changes "
21747
"to take effect:"
21748
msgstr ""
21749
21750
#: serverguide/C/dns.xml:198(title)
21751
msgid "Reverse Zone File"
21752
msgstr ""
21753
21754
#: serverguide/C/dns.xml:199(para)
21755
msgid ""
21756
"Now that the zone is setup and resolving names to IP Adresses a "
21757
"<emphasis>Reverse zone</emphasis> is also required. A Reverse zone allows "
21758
"DNS to resolve an address to a name."
21759
msgstr ""
21760
21761
#: serverguide/C/dns.xml:203(para)
21762
msgid "Edit /etc/bind/named.conf.local and add the following:"
21763
msgstr ""
21764
21765
#: serverguide/C/dns.xml:206(programlisting)
21766
#, no-wrap
21767
msgid ""
21768
"\n"
21769
"zone \"1.168.192.in-addr.arpa\" {\n"
21770
" type master;\n"
21771
" notify no;\n"
21772
" file \"/etc/bind/db.192\";\n"
21773
"};\n"
21774
msgstr ""
21775
21776
#: serverguide/C/dns.xml:214(para)
21777
msgid ""
21778
"Replace <emphasis>1.168.192</emphasis> with the first three octets of "
21779
"whatever network you are using. Also, name the zone file "
21780
"<filename>/etc/bind/db.192</filename> appropriately. It should match the "
21781
"first octet of your network."
21782
msgstr ""
21783
21784
#: serverguide/C/dns.xml:219(para)
21785
msgid "Now create the <filename>/etc/bind/db.192</filename> file:"
21786
msgstr ""
21787
21788
#: serverguide/C/dns.xml:223(command)
21789
msgid "sudo cp /etc/bind/db.127 /etc/bind/db.192"
21790
msgstr ""
21791
21792
#: serverguide/C/dns.xml:225(para)
21793
msgid ""
21794
"Next edit <filename>/etc/bind/db.192</filename> changing the basically the "
21795
"same options as <filename>/etc/bind/db.example.com</filename>:"
21796
msgstr ""
21797
21798
#: serverguide/C/dns.xml:229(programlisting)
21799
#, no-wrap
21800
msgid ""
21801
"\n"
21802
";\n"
21803
"; BIND reverse data file for local loopback interface\n"
21804
";\n"
21805
"$TTL 604800\n"
21806
"@ IN SOA ns.example.com. root.example.com. (\n"
21807
" 2 ; Serial\n"
21808
" 604800 ; Refresh\n"
21809
" 86400 ; Retry\n"
21810
" 2419200 ; Expire\n"
21811
" 604800 ) ; Negative Cache TTL\n"
21812
";\n"
21813
"@ IN NS ns.\n"
21814
"10 IN PTR ns.example.com.\n"
21815
msgstr ""
21816
21817
#: serverguide/C/dns.xml:244(para)
21818
msgid ""
21819
"The <emphasis>Serial Number</emphasis> in the Reverse zone needs to be "
21820
"incremented on each change as well. For each <emphasis>A record</emphasis> "
21821
"you configure in <filename>/etc/bind/db.example.com</filename> you need to "
21822
"create a <emphasis>PTR record</emphasis> in "
21823
"<filename>/etc/bind/db.192</filename>."
21824
msgstr ""
21825
21826
#: serverguide/C/dns.xml:249(para)
21827
msgid ""
21828
"After creating the reverse zone file restart "
21829
"<application>BIND9</application>:"
21830
msgstr ""
21831
21832
#: serverguide/C/dns.xml:258(title)
21833
msgid "Secondary Master"
21834
msgstr ""
21835
21836
#: serverguide/C/dns.xml:259(para)
21837
msgid ""
21838
"Once a <emphasis>Primary Master</emphasis> has been configured a "
21839
"<emphasis>Secondary Master</emphasis> is needed in order to maintain the "
21840
"availability of the domain should the Primary become unavailable."
21841
msgstr ""
21842
21843
#: serverguide/C/dns.xml:263(para)
21844
msgid ""
21845
"First, on the Primary Master server, the zone transfer needs to be allowed. "
21846
"Add the <emphasis>allow-transfer</emphasis> option to the example Forward "
21847
"and Reverse zone definitions in "
21848
"<filename>/etc/bind/named.conf.local</filename>:"
21849
msgstr ""
21850
21851
#: serverguide/C/dns.xml:267(programlisting)
21852
#, no-wrap
21853
msgid ""
21854
"\n"
21855
"zone \"example.com\" {\n"
21856
" type master;\n"
21857
"\tfile \"/etc/bind/db.example.com\";\n"
21858
" allow-transfer { 192.168.1.11; };\n"
21859
"};\n"
21860
"\n"
21861
"zone \"1.168.192.in-addr.arpa\" {\n"
21862
" type master;\n"
21863
" notify no;\n"
21864
" file \"/etc/bind/db.192\";\n"
21865
"\tallow-transfer { 192.168.1.11; };\n"
21866
"};\n"
21867
msgstr ""
21868
21869
#: serverguide/C/dns.xml:282(para)
21870
msgid ""
21871
"Replace <emphasis>192.168.1.11</emphasis> with the IP Address of your "
21872
"Secondary nameserver."
21873
msgstr ""
21874
21875
#: serverguide/C/dns.xml:286(para)
21876
msgid ""
21877
"Next, on the Secondary Master, install the <application>bind9</application> "
21878
"package the same way as on the Primary. Then edit the "
21879
"<filename>/etc/bind/named.conf.local</filename> and add the following "
21880
"declarations for the Forward and Reverse zones:"
21881
msgstr ""
21882
21883
#: serverguide/C/dns.xml:290(programlisting)
21884
#, no-wrap
21885
msgid ""
21886
"\n"
21887
"zone \"example.com\" {\n"
21888
"\ttype slave;\n"
21889
" file \"/var/cache/bind/db.example.com\";\n"
21890
" masters { 192.168.1.10; };\n"
21891
"}; \n"
21892
" \n"
21893
"zone \"1.168.192.in-addr.arpa\" {\n"
21894
"\ttype slave;\n"
21895
" file \"/var/cache/bind/db.192\";\n"
21896
" masters { 192.168.1.10; };\n"
21897
"};\n"
21898
msgstr ""
21899
21900
#: serverguide/C/dns.xml:304(para)
21901
msgid ""
21902
"Replace <emphasis>192.168.1.10</emphasis> with the IP Address of your "
21903
"Primary nameserver."
21904
msgstr ""
21905
21906
#: serverguide/C/dns.xml:308(para)
21907
msgid "Restart <application>BIND9</application> on the Secondary Master:"
21908
msgstr ""
21909
21910
#: serverguide/C/dns.xml:314(para)
21911
msgid ""
21912
"In <filename>/var/log/syslog</filename> you should see something similar to:"
21913
msgstr ""
21914
21915
#: serverguide/C/dns.xml:317(programlisting)
21916
#, no-wrap
21917
msgid ""
21918
"\n"
21919
"slave zone \"example.com\" (IN) loaded (serial 6)\n"
21920
"slave zone \"100.18.172.in-addr.arpa\" (IN) loaded (serial 3)\n"
21921
msgstr ""
21922
21923
#: serverguide/C/dns.xml:322(para)
21924
msgid ""
21925
"Note: A zone is only transferred if the <emphasis>Serial Number</emphasis> "
21926
"on the Primary is larger than the one on the Secondary."
21927
msgstr ""
21928
21929
#: serverguide/C/dns.xml:328(para)
21930
msgid ""
21931
"The default directory for non-authoritative zone files is "
21932
"<filename>/var/cache/bind/</filename>. This directory is also configured in "
21933
"<application>AppArmor</application> to allow the "
21934
"<application>named</application> daemon to write to it. For more information "
21935
"on AppArmor see <xref linkend=\"apparmor\"/>."
21936
msgstr ""
21937
21938
#: serverguide/C/dns.xml:339(para)
21939
msgid ""
21940
"This section covers ways to help determine the cause when problems happen "
21941
"with DNS and <application>BIND9</application>."
21942
msgstr ""
21943
21944
#: serverguide/C/dns.xml:345(title)
21945
msgid "resolv.conf"
21946
msgstr ""
21947
21948
#: serverguide/C/dns.xml:346(para)
21949
msgid ""
21950
"The first step in testing <application>BIND9</application> is to add the "
21951
"nameserver's IP Address to a hosts resolver. The Primary nameserver should "
21952
"be configured as well as another host to double check things. Simply edit "
21953
"<filename>/etc/resolv.conf</filename> and add the following:"
21954
msgstr ""
21955
21956
#: serverguide/C/dns.xml:351(programlisting)
21957
#, no-wrap
21958
msgid ""
21959
"\n"
21960
"nameserver\t192.168.1.10\n"
21961
"nameserver\t192.168.1.11\n"
21962
msgstr ""
21963
21964
#: serverguide/C/dns.xml:356(para)
21965
msgid ""
21966
"You should also add the IP Address of the Secondary nameserver in case the "
21967
"Primary becomes unavailable."
21968
msgstr ""
21969
21970
#: serverguide/C/dns.xml:362(title)
21971
msgid "dig"
21972
msgstr ""
21973
21974
#: serverguide/C/dns.xml:363(para)
21975
msgid ""
21976
"If you installed the <application>dnsutils</application> package you can "
21977
"test your setup using the DNS lookup utility <application>dig</application>:"
21978
msgstr ""
21979
21980
#: serverguide/C/dns.xml:369(para)
21981
msgid ""
21982
"After installing <application>BIND9</application> use "
21983
"<application>dig</application> against the loopback interface to make sure "
21984
"it is listening on port 53. From a terminal prompt:"
21985
msgstr ""
21986
21987
#: serverguide/C/dns.xml:374(command)
21988
msgid "dig -x 127.0.0.1"
21989
msgstr ""
21990
21991
#: serverguide/C/dns.xml:376(para)
21992
msgid "You should see lines similar to the following in the command output:"
21993
msgstr ""
21994
21995
#: serverguide/C/dns.xml:379(programlisting)
21996
#, no-wrap
21997
msgid ""
21998
"\n"
21999
";; Query time: 1 msec\n"
22000
";; SERVER: 192.168.1.10#53(192.168.1.10)\n"
22001
msgstr ""
22002
22003
#: serverguide/C/dns.xml:385(para)
22004
msgid ""
22005
"If you have configured <application>BIND9</application> as a "
22006
"<emphasis>Caching</emphasis> nameserver \"dig\" an outside domain to check "
22007
"the query time:"
22008
msgstr ""
22009
22010
#: serverguide/C/dns.xml:390(command)
22011
msgid "dig ubuntu.com"
22012
msgstr ""
22013
22014
#: serverguide/C/dns.xml:392(para)
22015
msgid "Note the query time toward the end of the command output:"
22016
msgstr ""
22017
22018
#: serverguide/C/dns.xml:395(programlisting)
22019
#, no-wrap
22020
msgid ""
22021
"\n"
22022
";; Query time: 49 msec\n"
22023
msgstr ""
22024
22025
#: serverguide/C/dns.xml:398(para)
22026
msgid "After a second dig there should be improvement:"
22027
msgstr ""
22028
22029
#: serverguide/C/dns.xml:401(programlisting)
22030
#, no-wrap
22031
msgid ""
22032
"\n"
22033
";; Query time: 1 msec\n"
22034
msgstr ""
22035
22036
#: serverguide/C/dns.xml:408(title)
22037
msgid "ping"
22038
msgstr ""
22039
22040
#: serverguide/C/dns.xml:410(para)
22041
msgid ""
22042
"Now to demonstrate how applications make use of DNS to resolve a host name "
22043
"use the <application>ping</application> utility to send an ICMP echo "
22044
"request. From a terminal prompt enter:"
22045
msgstr ""
22046
22047
#: serverguide/C/dns.xml:416(command)
22048
msgid "ping example.com"
22049
msgstr ""
22050
22051
#: serverguide/C/dns.xml:418(para)
22052
msgid ""
22053
"This tests if the nameserver can resolve the name "
22054
"<emphasis>ns.example.com</emphasis> to an IP Address. The command output "
22055
"should resemble:"
22056
msgstr ""
22057
22058
#: serverguide/C/dns.xml:422(programlisting)
22059
#, no-wrap
22060
msgid ""
22061
"\n"
22062
"PING ns.example.com (192.168.1.10) 56(84) bytes of data.\n"
22063
"64 bytes from 192.168.1.10: icmp_seq=1 ttl=64 time=0.800 ms\n"
22064
"64 bytes from 192.168.1.10: icmp_seq=2 ttl=64 time=0.813 ms\n"
22065
msgstr ""
22066
22067
#: serverguide/C/dns.xml:429(title)
22068
msgid "named-checkzone"
22069
msgstr ""
22070
22071
#: serverguide/C/dns.xml:430(para)
22072
msgid ""
22073
"A great way to test your zone files is by using the <application>named-"
22074
"checkzone</application> utility installed with the "
22075
"<application>bind9</application> package. This utility allows you to make "
22076
"sure the configuration is correct before restarting "
22077
"<application>BIND9</application> and making the changes live."
22078
msgstr ""
22079
22080
#: serverguide/C/dns.xml:437(para)
22081
msgid ""
22082
"To test our example Forward zone file enter the following from a command "
22083
"prompt:"
22084
msgstr ""
22085
22086
#: serverguide/C/dns.xml:441(command)
22087
msgid "named-checkzone example.com /etc/bind/db.example.com"
22088
msgstr ""
22089
22090
#: serverguide/C/dns.xml:443(para)
22091
msgid ""
22092
"If everything is configured correctly you should see output similar to:"
22093
msgstr ""
22094
22095
#: serverguide/C/dns.xml:446(programlisting)
22096
#, no-wrap
22097
msgid ""
22098
"\n"
22099
"zone example.com/IN: loaded serial 6\n"
22100
"OK\n"
22101
msgstr ""
22102
22103
#: serverguide/C/dns.xml:452(para)
22104
msgid "Similarly, to test the Reverse zone file enter the following:"
22105
msgstr ""
22106
22107
#: serverguide/C/dns.xml:456(command)
22108
msgid "named-checkzone example.com /etc/bind/db.192"
22109
msgstr ""
22110
22111
#: serverguide/C/dns.xml:458(para)
22112
msgid "The output should be similar to:"
22113
msgstr ""
22114
22115
#: serverguide/C/dns.xml:461(programlisting)
22116
#, no-wrap
22117
msgid ""
22118
"\n"
22119
"zone example.com/IN: loaded serial 3\n"
22120
"OK\n"
22121
msgstr ""
22122
22123
#: serverguide/C/dns.xml:468(para)
22124
msgid ""
22125
"The <emphasis>Serial Number</emphasis> of your zone file will probably be "
22126
"different."
22127
msgstr ""
22128
22129
#: serverguide/C/dns.xml:475(title)
22130
msgid "Logging"
22131
msgstr ""
22132
22133
#: serverguide/C/dns.xml:476(para)
22134
msgid ""
22135
"<application>BIND9</application> has a wide variety of logging configuration "
22136
"options available. There are two main options. The "
22137
"<emphasis>channel</emphasis> option configures where logs go, and the "
22138
"<emphasis>category</emphasis> option determines what information to log."
22139
msgstr ""
22140
22141
#: serverguide/C/dns.xml:480(para)
22142
msgid "If no logging option is configured the default option is:"
22143
msgstr ""
22144
22145
#: serverguide/C/dns.xml:483(programlisting)
22146
#, no-wrap
22147
msgid ""
22148
"\n"
22149
"logging {\n"
22150
" category default { default_syslog; default_debug; };\n"
22151
" category unmatched { null; };\n"
22152
"};\n"
22153
msgstr ""
22154
22155
#: serverguide/C/dns.xml:489(para)
22156
msgid ""
22157
"This section covers configuring <application>BIND9</application> to send "
22158
"<emphasis>debug</emphasis> messages related to DNS queries to a separate "
22159
"file."
22160
msgstr ""
22161
22162
#: serverguide/C/dns.xml:494(para)
22163
msgid ""
22164
"First, we need to configure a channel to specify which file to send the "
22165
"messages to. Edit <filename>/etc/bind/named.conf.local</filename> and add "
22166
"the following:"
22167
msgstr ""
22168
22169
#: serverguide/C/dns.xml:498(programlisting)
22170
#, no-wrap
22171
msgid ""
22172
"\n"
22173
"logging {\n"
22174
" channel query.log { \n"
22175
" file \"/var/log/query.log\";\n"
22176
" severity debug 3; \n"
22177
" }; \n"
22178
"};\n"
22179
msgstr ""
22180
22181
#: serverguide/C/dns.xml:508(para)
22182
msgid "Next, configure a category to send all DNS queries to the query file:"
22183
msgstr ""
22184
22185
#: serverguide/C/dns.xml:511(programlisting)
22186
#, no-wrap
22187
msgid ""
22188
"\n"
22189
"logging {\n"
22190
" channel query.log { \n"
22191
" file \"/var/log/query.log\"; \n"
22192
" severity debug 3; \n"
22193
" }; \n"
22194
" <emphasis>category queries { query.log; };</emphasis> \n"
22195
"};\n"
22196
msgstr ""
22197
22198
#: serverguide/C/dns.xml:523(para)
22199
msgid ""
22200
"Note: the <emphasis>debug</emphasis> option can be set from 1 to 3. If a "
22201
"level isn't specified level 1 is the default."
22202
msgstr ""
22203
22204
#: serverguide/C/dns.xml:529(para)
22205
msgid ""
22206
"Since the <emphasis>named daemon</emphasis> runs as the "
22207
"<emphasis>bind</emphasis> user the <filename>/var/log/query.log</filename> "
22208
"file must be created and the ownership changed:"
22209
msgstr ""
22210
22211
#: serverguide/C/dns.xml:534(command)
22212
msgid "sudo touch /var/log/query.log"
22213
msgstr ""
22214
22215
#: serverguide/C/dns.xml:535(command)
22216
msgid "sudo chown bind /var/log/query.log"
22217
msgstr ""
22218
22219
#: serverguide/C/dns.xml:539(para)
22220
msgid ""
22221
"Before <application>named</application> daemon can write to the new log file "
22222
"the <application>AppArmor</application> profile must be updated. First, edit "
22223
"<filename>/etc/apparmor.d/usr.sbin.named</filename> and add:"
22224
msgstr ""
22225
22226
#: serverguide/C/dns.xml:543(programlisting)
22227
#, no-wrap
22228
msgid ""
22229
"\n"
22230
"/var/log/query.log w,\n"
22231
msgstr ""
22232
22233
#: serverguide/C/dns.xml:546(para)
22234
msgid "Next, reload the profile:"
22235
msgstr ""
22236
22237
#: serverguide/C/dns.xml:550(command)
22238
msgid "cat /etc/apparmor.d/usr.sbin.named | sudo apparmor_parser -r"
22239
msgstr ""
22240
22241
#: serverguide/C/dns.xml:552(para)
22242
msgid ""
22243
"For more information on <application>AppArmor</application> see <xref "
22244
"linkend=\"apparmor\"/>"
22245
msgstr ""
22246
22247
#: serverguide/C/dns.xml:557(para)
22248
msgid ""
22249
"Now restart <application>BIND9</application> for the changes to take effect:"
22250
msgstr ""
22251
22252
#: serverguide/C/dns.xml:565(para)
22253
msgid ""
22254
"You should see the file <filename>/var/log/query.log</filename> fill with "
22255
"query information. This is a simple example of the "
22256
"<application>BIND9</application> logging options. For coverage of advanced "
22257
"options see <xref linkend=\"dns-more-info\"/>."
22258
msgstr ""
22259
22260
#: serverguide/C/dns.xml:574(title)
22261
msgid "Common Record Types"
22262
msgstr ""
22263
22264
#: serverguide/C/dns.xml:575(para)
22265
msgid "This section covers some of the most common DNS record types."
22266
msgstr ""
22267
22268
#: serverguide/C/dns.xml:580(para)
22269
msgid ""
22270
"<emphasis>A</emphasis> record: This record maps an IP Address to a hostname."
22271
msgstr ""
22272
22273
#: serverguide/C/dns.xml:583(programlisting)
22274
#, no-wrap
22275
msgid ""
22276
"\n"
22277
"www IN A 192.168.1.12\n"
22278
msgstr ""
22279
22280
#: serverguide/C/dns.xml:588(para)
22281
msgid ""
22282
"<emphasis>CNAME</emphasis> record: Used to create an alias to an existing A "
22283
"record. You cannot create a CNAME record pointing to another CNAME record."
22284
msgstr ""
22285
22286
#: serverguide/C/dns.xml:591(programlisting)
22287
#, no-wrap
22288
msgid ""
22289
"\n"
22290
"web IN CNAME www\n"
22291
msgstr ""
22292
22293
#: serverguide/C/dns.xml:596(para)
22294
msgid ""
22295
"<emphasis>MX</emphasis> record: Used to define where email should be sent "
22296
"to. Must point to an A record, not a CNAME."
22297
msgstr ""
22298
22299
#: serverguide/C/dns.xml:599(programlisting)
22300
#, no-wrap
22301
msgid ""
22302
"\n"
22303
" IN MX 1 mail.example.com.\n"
22304
"mail IN A 192.168.1.13\n"
22305
msgstr ""
22306
22307
#: serverguide/C/dns.xml:605(para)
22308
msgid ""
22309
"<emphasis>NS</emphasis> record: Used to define which servers serve copies of "
22310
"a zone. It must point to an A record, not a CNAME. This is where Primary and "
22311
"Secondary servers are defined."
22312
msgstr ""
22313
22314
#: serverguide/C/dns.xml:609(programlisting)
22315
#, no-wrap
22316
msgid ""
22317
"\n"
22318
" IN NS ns.example.com.\n"
22319
"\tIN NS ns2.example.com.\n"
22320
"ns IN A 192.168.1.10\n"
22321
"ns2\tIN A\t 192.168.1.11\n"
22322
msgstr ""
22323
22324
#: serverguide/C/dns.xml:622(para)
22325
msgid ""
22326
"The <ulink url=\"http://www.tldp.org/HOWTO/DNS-HOWTO.html\">DNS "
22327
"HOWTO</ulink> explains more advanced options for configuring BIND9."
22328
msgstr ""
22329
22330
#: serverguide/C/dns.xml:627(para)
22331
msgid ""
22332
"For in depth coverage of <emphasis>DNS</emphasis> and "
22333
"<application>BIND9</application> see <ulink "
22334
"url=\"http://www.bind9.net/\">Bind9.net</ulink>."
22335
msgstr ""
22336
22337
#: serverguide/C/dns.xml:632(para)
22338
msgid ""
22339
"<ulink url=\"http://www.oreilly.com/catalog/dns5/index.html\">DNS and "
22340
"BIND</ulink> is a popular book now in it's fifth edition."
22341
msgstr ""
22342
22343
#: serverguide/C/dns.xml:637(para)
22344
msgid ""
22345
"A great place to ask for <application>BIND9</application> assistance, and "
22346
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
22347
"server</emphasis> IRC channel on <ulink "
22348
"url=\"http://freenode.net\">freenode</ulink>."
22349
msgstr ""
22350
22351
#: serverguide/C/dns.xml:643(para)
22352
msgid ""
22353
"Also, see the <ulink "
22354
"url=\"https://help.ubuntu.com/community/BIND9ServerHowto\">BIND9 Server "
22355
"HOWTO</ulink> in the Ubuntu Wiki."
22356
msgstr ""
22357
22358
#: serverguide/C/databases.xml:13(title)
22359
msgid "Databases"
22360
msgstr ""
22361
22362
#: serverguide/C/databases.xml:14(para)
22363
msgid "Ubuntu provides two popular database servers. They are:"
22364
msgstr ""
22365
22366
#: serverguide/C/databases.xml:22(application) serverguide/C/databases.xml:157(title)
22367
msgid "PostgreSQL"
22368
msgstr ""
22369
22370
#: serverguide/C/databases.xml:25(para)
22371
msgid ""
22372
"They are available in the main repository. This section explains how to "
22373
"install and configure these database servers."
22374
msgstr ""
22375
22376
#: serverguide/C/databases.xml:32(para)
22377
msgid ""
22378
"MySQL is a fast, multi-threaded, multi-user, and robust SQL database server. "
22379
"It is intended for mission-critical, heavy-load production systems as well "
22380
"as for embedding into mass-deployed software."
22381
msgstr ""
22382
22383
#: serverguide/C/databases.xml:41(para)
22384
msgid "To install MySQL, run the following command from a terminal prompt:"
22385
msgstr ""
22386
22387
#: serverguide/C/databases.xml:46(command)
22388
msgid "sudo apt-get install mysql-server"
22389
msgstr ""
22390
22391
#: serverguide/C/databases.xml:48(para)
22392
msgid ""
22393
"During the installation process you will be prompted to enter a password for "
22394
"the <application>MySQL</application> root user."
22395
msgstr ""
22396
22397
#: serverguide/C/databases.xml:53(para)
22398
msgid ""
22399
"Once the installation is complete, the MySQL server should be started "
22400
"automatically. You can run the following command from a terminal prompt to "
22401
"check whether the MySQL server is running:"
22402
msgstr ""
22403
22404
#: serverguide/C/databases.xml:61(command)
22405
msgid "sudo netstat -tap | grep mysql"
22406
msgstr ""
22407
22408
#: serverguide/C/databases.xml:70(programlisting)
22409
#, no-wrap
22410
msgid ""
22411
"\n"
22412
"tcp 0 0 localhost:mysql *:* LISTEN "
22413
" 2556/mysqld\n"
22414
msgstr ""
22415
22416
#: serverguide/C/databases.xml:74(para)
22417
msgid ""
22418
"If the server is not running correctly, you can type the following command "
22419
"to start it:"
22420
msgstr ""
22421
22422
#: serverguide/C/databases.xml:79(command) serverguide/C/databases.xml:104(command)
22423
msgid "sudo /etc/init.d/mysql restart"
22424
msgstr ""
22425
22426
#: serverguide/C/databases.xml:85(para)
22427
msgid ""
22428
"You can edit the <filename>/etc/mysql/my.cnf</filename> file to configure "
22429
"the basic settings -- log file, port number, etc. For example, to configure "
22430
"<application>MySQL</application> to listen for connections from network "
22431
"hosts, change the <emphasis>bind-address</emphasis> directive to the "
22432
"server's IP address:"
22433
msgstr ""
22434
22435
#: serverguide/C/databases.xml:91(programlisting)
22436
#, no-wrap
22437
msgid ""
22438
"\n"
22439
"bind-address = 192.168.0.5\n"
22440
msgstr ""
22441
22442
#: serverguide/C/databases.xml:95(para)
22443
msgid "Replace 192.168.0.5 with the appropriate address."
22444
msgstr ""
22445
22446
#: serverguide/C/databases.xml:99(para)
22447
msgid ""
22448
"After making a change to <filename>/etc/mysql/my.cnf</filename> the "
22449
"<application>mysql</application> daemon will need to be restarted:"
22450
msgstr ""
22451
22452
#: serverguide/C/databases.xml:107(para)
22453
msgid ""
22454
"If you would like to change the "
22455
"<application>MySQL</application><emphasis>root</emphasis> password, in a "
22456
"terminal enter:"
22457
msgstr ""
22458
22459
#: serverguide/C/databases.xml:113(command)
22460
msgid "sudo dpkg-reconfigure mysql-server-5.1"
22461
msgstr ""
22462
22463
#: serverguide/C/databases.xml:116(para)
22464
msgid ""
22465
"The <application>mysql</application> daemon will be stopped, and you will be "
22466
"prompted to enter a new password."
22467
msgstr ""
22468
22469
#: serverguide/C/databases.xml:125(para)
22470
msgid ""
22471
"See the <ulink url=\"http://www.mysql.com/\">MySQL Home Page</ulink> for "
22472
"more information."
22473
msgstr ""
22474
22475
#: serverguide/C/databases.xml:130(para)
22476
msgid ""
22477
"The <emphasis>MySQL Handbook</emphasis> is also available in the "
22478
"<application>mysql-doc-5.0</application> package. To install the package "
22479
"enter the following in a terminal:"
22480
msgstr ""
22481
22482
#: serverguide/C/databases.xml:135(command)
22483
msgid "sudo apt-get install mysql-doc-5.0"
22484
msgstr ""
22485
22486
#: serverguide/C/databases.xml:137(para)
22487
msgid ""
22488
"The documentation is in HTML format, to view them enter "
22489
"<command>file:///usr/share/doc/mysql-doc-5.0/refman-5.0-en.html-"
22490
"chapter/index.html</command> in your browser's address bar."
22491
msgstr ""
22492
22493
#: serverguide/C/databases.xml:143(para) serverguide/C/databases.xml:290(para)
22494
msgid ""
22495
"For general SQL information see <ulink "
22496
"url=\"http://www.informit.com/store/product.aspx?isbn=0768664128\">Using SQL "
22497
"Special Edition</ulink> by Rafe Colburn."
22498
msgstr ""
22499
22500
#: serverguide/C/databases.xml:149(para)
22501
msgid ""
22502
"The <ulink url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache "
22503
"MySQL PHP Ubuntu Wiki</ulink> page also has useful information."
22504
msgstr ""
22505
22506
#: serverguide/C/databases.xml:158(para)
22507
msgid ""
22508
"PostgreSQL is an object-relational database system that has the features of "
22509
"traditional commercial database systems with enhancements to be found in "
22510
"next-generation DBMS systems."
22511
msgstr ""
22512
22513
#: serverguide/C/databases.xml:165(para)
22514
msgid ""
22515
"To install PostgreSQL, run the following command in the command prompt:"
22516
msgstr ""
22517
22518
#: serverguide/C/databases.xml:172(command)
22519
msgid "sudo apt-get install postgresql"
22520
msgstr ""
22521
22522
#: serverguide/C/databases.xml:176(para)
22523
msgid ""
22524
"Once the installation is complete, you should configure the PostgreSQL "
22525
"server based on your needs, although the default configuration is viable."
22526
msgstr ""
22527
22528
#: serverguide/C/databases.xml:184(para)
22529
msgid ""
22530
"By default, connection via TCP/IP is disabled. PostgreSQL supports multiple "
22531
"client authentication methods. By default, IDENT authentication method is "
22532
"used for <application>postgres</application> and local users. Please refer "
22533
"<ulink url=\"http://www.postgresql.org/docs/8.4/static/admin.html\"> the "
22534
"PostgreSQL Administrator's Guide</ulink>."
22535
msgstr ""
22536
22537
#: serverguide/C/databases.xml:191(para)
22538
msgid ""
22539
"The following discussion assumes that you wish to enable TCP/IP connections "
22540
"and use the MD5 method for client authentication. PostgreSQL configuration "
22541
"files are stored in the "
22542
"<filename>/etc/postgresql/<version>/main</filename> directory. For "
22543
"example, if you install PostgreSQL 8.4, the configuration files are stored "
22544
"in the <filename>/etc/postgresql/8.4/main</filename> directory."
22545
msgstr ""
22546
22547
#: serverguide/C/databases.xml:201(para)
22548
msgid ""
22549
"To configure <emphasis>ident</emphasis> authentication, add entries to the "
22550
"<filename>/etc/postgresql/8.4/main/pg_ident.conf</filename> file."
22551
msgstr ""
22552
22553
#: serverguide/C/databases.xml:208(para)
22554
msgid ""
22555
"To enable TCP/IP connections, edit the file "
22556
"<filename>/etc/postgresql/8.4/main/postgresql.conf</filename>"
22557
msgstr ""
22558
22559
#: serverguide/C/databases.xml:210(para)
22560
msgid ""
22561
"Locate the line <emphasis>#listen_addresses = 'localhost'</emphasis> and "
22562
"change it to:"
22563
msgstr ""
22564
22565
#: serverguide/C/databases.xml:213(programlisting)
22566
#, no-wrap
22567
msgid ""
22568
"\n"
22569
"listen_addresses = 'localhost'\n"
22570
msgstr ""
22571
22572
#: serverguide/C/databases.xml:217(para)
22573
msgid ""
22574
"To allow other computers to connect to your "
22575
"<application>PostgreSQL</application> server replace 'localhost' with the "
22576
"<emphasis>IP Address</emphasis> of your server."
22577
msgstr ""
22578
22579
#: serverguide/C/databases.xml:222(para)
22580
msgid ""
22581
"You may also edit all other parameters, if you know what you are doing! For "
22582
"details, refer to the configuration file or to the PostgreSQL documentation."
22583
msgstr ""
22584
22585
#: serverguide/C/databases.xml:227(para)
22586
msgid ""
22587
"Now that we can connect to our <application>PostgreSQL</application> server, "
22588
"the next step is to set a password for the <emphasis>postgres</emphasis> "
22589
"user. Run the following command at a terminal prompt to connect to the "
22590
"default PostgreSQL template database:"
22591
msgstr ""
22592
22593
#: serverguide/C/databases.xml:234(command)
22594
msgid "sudo -u postgres psql template1"
22595
msgstr ""
22596
22597
#: serverguide/C/databases.xml:236(para)
22598
msgid ""
22599
"The above command connects to PostgreSQL database "
22600
"<emphasis>template1</emphasis> as user <emphasis>postgres</emphasis>. Once "
22601
"you connect to the PostgreSQL server, you will be at a SQL prompt. You can "
22602
"run the following SQL command at the <application>psql</application> prompt "
22603
"to configure the password for the user <emphasis "
22604
"role=\"italics\">postgres</emphasis>."
22605
msgstr ""
22606
22607
#: serverguide/C/databases.xml:244(command)
22608
msgid "ALTER USER postgres with encrypted password 'your_password';"
22609
msgstr ""
22610
22611
#: serverguide/C/databases.xml:246(para)
22612
msgid ""
22613
"After configuring the password, edit the file "
22614
"<filename>/etc/postgresql/8.4/main/pg_hba.conf</filename> to use "
22615
"<emphasis>MD5</emphasis> authentication with the "
22616
"<emphasis>postgres</emphasis> user:"
22617
msgstr ""
22618
22619
#: serverguide/C/databases.xml:252(programlisting)
22620
#, no-wrap
22621
msgid ""
22622
"\n"
22623
"local all postgres md5\n"
22624
msgstr ""
22625
22626
#: serverguide/C/databases.xml:256(para)
22627
msgid ""
22628
"Finally, you should restart the <application>PostgreSQL</application> "
22629
"service to initialize the new configuration. From a terminal prompt enter "
22630
"the following to restart <application>PostgreSQL</application>:"
22631
msgstr ""
22632
22633
#: serverguide/C/databases.xml:262(command)
22634
msgid "sudo /etc/init.d/postgresql-8.4 restart"
22635
msgstr ""
22636
22637
#: serverguide/C/databases.xml:265(para)
22638
msgid ""
22639
"The above configuration is not complete by any means. Please refer <ulink "
22640
"url=\"http://www.postgresql.org/docs/8.4/static/admin.html\"> the PostgreSQL "
22641
"Administrator's Guide</ulink> to configure more parameters."
22642
msgstr ""
22643
22644
#: serverguide/C/databases.xml:276(para)
22645
msgid ""
22646
"As mentioned above the <ulink "
22647
"url=\"http://www.postgresql.org/docs/8.4/static/admin.html\">Administrator's "
22648
"Guide</ulink> is an excellent resource. The guide is also available in the "
22649
"<application>postgresql-doc-8.4</application> package. Execute the following "
22650
"in a terminal to install the package:"
22651
msgstr ""
22652
22653
#: serverguide/C/databases.xml:282(command)
22654
msgid "sudo apt-get install postgresql-doc-8.4"
22655
msgstr ""
22656
22657
#: serverguide/C/databases.xml:284(para)
22658
msgid ""
22659
"To view the guide enter <command>file:///usr/share/doc/postgresql-doc-"
22660
"8.4/html/index.html</command> into the address bar of your browser."
22661
msgstr ""
22662
22663
#: serverguide/C/databases.xml:296(para)
22664
msgid ""
22665
"Also, see the <ulink "
22666
"url=\"https://help.ubuntu.com/community/PostgreSQL\">PostgreSQL Ubuntu "
22667
"Wiki</ulink> page for more information."
22668
msgstr ""
22669
22670
#: serverguide/C/clustering.xml:13(title)
22671
msgid "Clustering"
22672
msgstr ""
22673
22674
#: serverguide/C/clustering.xml:16(title)
22675
msgid "DRBD"
22676
msgstr ""
22677
22678
#: serverguide/C/clustering.xml:18(para)
22679
msgid ""
22680
"Distributed Replicated Block Device (DRBD) mirrors block devices between "
22681
"multiple hosts. The replication is transparent to other applications on the "
22682
"host systems. Any block device hard disks, partitions, RAID devices, logical "
22683
"volumes, etc can be mirrored."
22684
msgstr ""
22685
22686
#: serverguide/C/clustering.xml:24(para)
22687
msgid ""
22688
"To get started using <application>drbd</application>, first install the "
22689
"necessary packages. From a terminal enter:"
22690
msgstr ""
22691
22692
#: serverguide/C/clustering.xml:29(command)
22693
msgid "sudo apt-get install drbd8-utils"
22694
msgstr ""
22695
22696
#: serverguide/C/clustering.xml:33(para)
22697
msgid ""
22698
"If you are using the <emphasis>virtual kernel</emphasis> as part of a "
22699
"virtual machine you will need to manually compile the "
22700
"<application>drbd</application> module. It may be easier to install the "
22701
"<application>linux-server</application> package inside the virtual machine."
22702
msgstr ""
22703
22704
#: serverguide/C/clustering.xml:40(para)
22705
msgid ""
22706
"This section covers setting up a <application>drbd</application> to "
22707
"replicate a separate <filename>/srv</filename> partition, with an "
22708
"<application>ext3</application> filesystem between two hosts. The partition "
22709
"size is not particularly relevant, but both partitions need to be the same "
22710
"size."
22711
msgstr ""
22712
22713
#: serverguide/C/clustering.xml:49(para)
22714
msgid ""
22715
"The two hosts in this example will be called <emphasis>drbd01</emphasis> and "
22716
"<emphasis>drbd02</emphasis>. They will need to have name resolution "
22717
"configured either through DNS or the <filename>/etc/hosts</filename> file. "
22718
"See <xref linkend=\"dns\"/> for details."
22719
msgstr ""
22720
22721
#: serverguide/C/clustering.xml:57(para)
22722
msgid ""
22723
"To configure <application>drbd</application>, on the first host edit "
22724
"<filename>/etc/drbd.conf</filename>:"
22725
msgstr ""
22726
22727
#: serverguide/C/clustering.xml:61(programlisting)
22728
#, no-wrap
22729
msgid ""
22730
"\n"
22731
"global { usage-count no; }\n"
22732
"common { syncer { rate 100M; } }\n"
22733
"resource r0 {\n"
22734
" protocol C;\n"
22735
" startup {\n"
22736
" wfc-timeout 15;\n"
22737
" degr-wfc-timeout 60;\n"
22738
" }\n"
22739
" net {\n"
22740
" cram-hmac-alg sha1;\n"
22741
" shared-secret \"secret\";\n"
22742
" }\n"
22743
" on drbd01 {\n"
22744
" device /dev/drbd0;\n"
22745
" disk /dev/sdb1;\n"
22746
" address 192.168.0.1:7788;\n"
22747
" meta-disk internal;\n"
22748
" }\n"
22749
" on drbd02 {\n"
22750
" device /dev/drbd0;\n"
22751
" disk /dev/sdb1;\n"
22752
" address 192.168.0.2:7788;\n"
22753
" meta-disk internal;\n"
22754
" }\n"
22755
"} \n"
22756
msgstr ""
22757
22758
#: serverguide/C/clustering.xml:90(para)
22759
msgid ""
22760
"There are many other options in <filename>/etc/drbd.conf</filename>, but for "
22761
"this example their default values are fine."
22762
msgstr ""
22763
22764
#: serverguide/C/clustering.xml:98(para)
22765
msgid "Now copy <filename>/etc/drbd.conf</filename> to the second host:"
22766
msgstr ""
22767
22768
#: serverguide/C/clustering.xml:103(command)
22769
msgid "scp /etc/drbd.conf drbd02:~"
22770
msgstr ""
22771
22772
#: serverguide/C/clustering.xml:109(para)
22773
msgid ""
22774
"And, on <emphasis>drbd02</emphasis> move the file to "
22775
"<filename>/etc</filename>:"
22776
msgstr ""
22777
22778
#: serverguide/C/clustering.xml:114(command)
22779
msgid "sudo mv drbd.conf /etc/"
22780
msgstr ""
22781
22782
#: serverguide/C/clustering.xml:120(para)
22783
msgid ""
22784
"Next, on both hosts, start the <application>drbd</application> daemon:"
22785
msgstr ""
22786
22787
#: serverguide/C/clustering.xml:125(command)
22788
msgid "sudo /etc/init.d/drbd start"
22789
msgstr ""
22790
22791
#: serverguide/C/clustering.xml:131(para)
22792
msgid ""
22793
"Now using the <application>drbdadm</application> utility initialize the meta "
22794
"data storage. On each server execute:"
22795
msgstr ""
22796
22797
#: serverguide/C/clustering.xml:137(command)
22798
msgid "sudo drbdadm create-md r0"
22799
msgstr ""
22800
22801
#: serverguide/C/clustering.xml:143(para)
22802
msgid ""
22803
"On the <emphasis>drbd01</emphasis>, or whichever host you wish to be the "
22804
"primary, enter the following:"
22805
msgstr ""
22806
22807
#: serverguide/C/clustering.xml:148(command)
22808
msgid "sudo drbdadm -- --overwrite-data-of-peer primary all"
22809
msgstr ""
22810
22811
#: serverguide/C/clustering.xml:154(para)
22812
msgid ""
22813
"After executing the above command, the data will start syncing with the "
22814
"secondary host. To watch the progress, on <emphasis>drbd02</emphasis> enter "
22815
"the following:"
22816
msgstr ""
22817
22818
#: serverguide/C/clustering.xml:160(command)
22819
msgid "watch -n1 cat /proc/drbd"
22820
msgstr ""
22821
22822
#: serverguide/C/clustering.xml:163(para)
22823
msgid "To stop watching the output press <emphasis>Ctrl+c</emphasis>."
22824
msgstr ""
22825
22826
#: serverguide/C/clustering.xml:170(para)
22827
msgid ""
22828
"Finally, add a filesystem to <filename>/dev/drbd0</filename> and mount it:"
22829
msgstr ""
22830
22831
#: serverguide/C/clustering.xml:175(command)
22832
msgid "sudo mkfs.ext3 /dev/drbd0"
22833
msgstr ""
22834
22835
#: serverguide/C/clustering.xml:176(command) serverguide/C/clustering.xml:224(command)
22836
msgid "sudo mount /dev/drbd0 /srv"
22837
msgstr ""
22838
22839
#: serverguide/C/clustering.xml:186(para)
22840
msgid ""
22841
"To test that the data is actually syncing between the hosts copy some files "
22842
"on the <emphasis>drbd01</emphasis>, the primary, to "
22843
"<filename>/srv</filename>:"
22844
msgstr ""
22845
22846
#: serverguide/C/clustering.xml:195(para)
22847
msgid "Next, unmount <filename>/srv</filename>:"
22848
msgstr ""
22849
22850
#: serverguide/C/clustering.xml:203(para)
22851
msgid ""
22852
"<emphasis>Demote</emphasis> the <emphasis>primary</emphasis> server to the "
22853
"<emphasis>secondary</emphasis> role:"
22854
msgstr ""
22855
22856
#: serverguide/C/clustering.xml:208(command)
22857
msgid "sudo drbdadm secondary r0"
22858
msgstr ""
22859
22860
#: serverguide/C/clustering.xml:211(para)
22861
msgid ""
22862
"Now on the <emphasis>secondary</emphasis> server "
22863
"<emphasis>promote</emphasis> it to the <emphasis>primary</emphasis> role:"
22864
msgstr ""
22865
22866
#: serverguide/C/clustering.xml:216(command)
22867
msgid "sudo drbdadm primary r0"
22868
msgstr ""
22869
22870
#: serverguide/C/clustering.xml:219(para)
22871
msgid "Lastly, mount the partition:"
22872
msgstr ""
22873
22874
#: serverguide/C/clustering.xml:227(para)
22875
msgid ""
22876
"Using <emphasis>ls</emphasis> you should see "
22877
"<filename>/srv/default</filename> copied from the former "
22878
"<emphasis>primary</emphasis> host <emphasis>drbd01</emphasis>."
22879
msgstr ""
22880
22881
#: serverguide/C/clustering.xml:238(para)
22882
msgid ""
22883
"For more information on <application>DRBD</application> see the <ulink "
22884
"url=\"http://www.drbd.org/\">DRBD web site</ulink>."
22885
msgstr ""
22886
22887
#: serverguide/C/clustering.xml:243(para)
22888
msgid ""
22889
"The <ulink "
22890
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/drbd.conf.5.html\""
22891
">drbd.conf man page</ulink> contains details on the options not covered in "
22892
"this guide."
22893
msgstr ""
22894
22895
#: serverguide/C/clustering.xml:249(para)
22896
msgid ""
22897
"Also, see the <ulink "
22898
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/drbdadm.8.html\">d"
22899
"rbdadm man page</ulink>."
22900
msgstr ""
22901
22902
#: serverguide/C/clustering.xml:254(para)
22903
msgid ""
22904
"The <ulink url=\"https://help.ubuntu.com/community/DRBD\">DRBD Ubuntu "
22905
"Wiki</ulink> page also has more information."
22906
msgstr ""
22907
22908
#: serverguide/C/chat.xml:13(title)
22909
msgid "Chat Applications"
22910
msgstr ""
22911
22912
#: serverguide/C/chat.xml:19(para)
22913
msgid ""
22914
"In this section, we will discuss how to install and configure a IRC server, "
22915
"<application>ircd-irc2</application>. We will also discuss how to install "
22916
"and configure Jabber, an instance messaging server."
22917
msgstr ""
22918
22919
#: serverguide/C/chat.xml:28(title)
22920
msgid "IRC Server"
22921
msgstr ""
22922
22923
#: serverguide/C/chat.xml:30(para)
22924
msgid ""
22925
"The Ubuntu repository has many Internet Relay Chat servers. This section "
22926
"explains how to install and configure the original IRC server "
22927
"<application>ircd-irc2</application>."
22928
msgstr ""
22929
22930
#: serverguide/C/chat.xml:39(para)
22931
msgid ""
22932
"To install <application>ircd-irc2</application>, run the following command "
22933
"in the command prompt:"
22934
msgstr ""
22935
22936
#: serverguide/C/chat.xml:45(command)
22937
msgid "sudo apt-get install ircd-irc2"
22938
msgstr ""
22939
22940
#: serverguide/C/chat.xml:48(para)
22941
msgid ""
22942
"The configuration files are stored in <filename>/etc/ircd</filename> "
22943
"directory. The documents are available in <filename>/usr/share/doc/ircd-"
22944
"irc2</filename> directory."
22945
msgstr ""
22946
22947
#: serverguide/C/chat.xml:59(para)
22948
msgid ""
22949
"The IRC settings can be done in the configuration file "
22950
"<filename>/etc/ircd/ircd.conf</filename>. You can set the IRC host name in "
22951
"this file by editing the following line:"
22952
msgstr ""
22953
22954
#: serverguide/C/chat.xml:64(programlisting)
22955
#, no-wrap
22956
msgid ""
22957
"\n"
22958
"M:irc.localhost::Debian ircd default configuration::000A\n"
22959
msgstr ""
22960
22961
#: serverguide/C/chat.xml:68(para)
22962
msgid ""
22963
"Please make sure you add DNS aliases for the IRC host name. For instance, if "
22964
"you set irc.livecipher.com as IRC host name, please make sure "
22965
"irc.livecipher.com is resolvable in your Domain Name Server. The IRC host "
22966
"name should not be same as the host name."
22967
msgstr ""
22968
22969
#: serverguide/C/chat.xml:75(para)
22970
msgid ""
22971
"The IRC admin details can be configured by editing the following line:"
22972
msgstr ""
22973
22974
#: serverguide/C/chat.xml:80(programlisting)
22975
#, no-wrap
22976
msgid ""
22977
"\n"
22978
"A:Organization, IRC dept.:Daemon <ircd@example.irc.org>:Client "
22979
"Server::IRCnet:\n"
22980
msgstr ""
22981
22982
#: serverguide/C/chat.xml:84(para)
22983
msgid ""
22984
"You should add specific lines to configure the list of IRC ports to listen "
22985
"on, to configure Operator credentials, to configure client authentication, "
22986
"etc. For details, please refer to the example configuration file "
22987
"<filename>/usr/share/doc/ircd-irc2/ircd.conf.example.gz</filename>."
22988
msgstr ""
22989
22990
#: serverguide/C/chat.xml:92(para)
22991
msgid ""
22992
"The IRC banner to be displayed in the IRC client, when the user connects to "
22993
"the server can be set in <filename>/etc/ircd/ircd.motd</filename> file."
22994
msgstr ""
22995
22996
#: serverguide/C/chat.xml:97(para)
22997
msgid ""
22998
"After making necessary changes to the configuration file, you can restart "
22999
"the IRC server using following command:"
23000
msgstr ""
23001
23002
#: serverguide/C/chat.xml:101(programlisting)
23003
#, no-wrap
23004
msgid ""
23005
"\n"
23006
"sudo /etc/init.d/ircd-irc2 restart\n"
23007
msgstr ""
23008
23009
#: serverguide/C/chat.xml:109(para)
23010
msgid ""
23011
"You may also be interested to take a look at other IRC servers available in "
23012
"Ubuntu Repository. It includes, <application>ircd-ircu</application> and "
23013
"<application>ircd-hybrid</application>."
23014
msgstr ""
23015
23016
#: serverguide/C/chat.xml:117(para)
23017
msgid ""
23018
"Refer to <ulink url=\"http://www.irc.org/tech_docs/ircnet/faq.html\">IRCD "
23019
"FAQ</ulink> for more details about the IRC Server."
23020
msgstr ""
23021
23022
#: serverguide/C/chat.xml:124(para)
23023
msgid ""
23024
"Also, the <ulink url=\"https://help.ubuntu.com/community/ircd\">Ubuntu Wiki "
23025
"IRCD</ulink> page has more information."
23026
msgstr ""
23027
23028
#: serverguide/C/chat.xml:132(title)
23029
msgid "Jabber Instant Messaging Server"
23030
msgstr ""
23031
23032
#: serverguide/C/chat.xml:134(para)
23033
msgid ""
23034
"<emphasis>Jabber</emphasis> a popular instant message protocol is based on "
23035
"XMPP, an open standard for instant messaging, and used by many popular "
23036
"applications. This section covers setting up a <emphasis>Jabberd "
23037
"2</emphasis> server on a local LAN. This configuration can also be adapted "
23038
"to providing messaging services to users over the Internet."
23039
msgstr ""
23040
23041
#: serverguide/C/chat.xml:143(para)
23042
msgid "To install <application>jabberd2</application>, in a terminal enter:"
23043
msgstr ""
23044
23045
#: serverguide/C/chat.xml:148(command)
23046
msgid "sudo apt-get install jabberd2"
23047
msgstr ""
23048
23049
#: serverguide/C/chat.xml:155(para)
23050
msgid ""
23051
"A couple of XML configuration files will be used to configure "
23052
"<application>jabberd2</application> for <emphasis>Berkely DB</emphasis> user "
23053
"authentication. This is a very simple form of authentication. However, "
23054
"<application>jabberd2</application> can be configured to use LDAP, MySQL, "
23055
"Postgresql, etc for for user authentication."
23056
msgstr ""
23057
23058
#: serverguide/C/chat.xml:162(para)
23059
msgid "First, edit <filename>/etc/jabberd2/sm.xml</filename> changing:"
23060
msgstr ""
23061
23062
#: serverguide/C/chat.xml:166(programlisting)
23063
#, no-wrap
23064
msgid ""
23065
"\n"
23066
" <id>jabber.example.com</id>\n"
23067
msgstr ""
23068
23069
#: serverguide/C/chat.xml:171(para)
23070
msgid ""
23071
"Replace <emphasis>jabber.example.com</emphasis> with the hostname, or other "
23072
"id, of your server."
23073
msgstr ""
23074
23075
#: serverguide/C/chat.xml:176(para)
23076
msgid "Now in the <storage> section change the <driver> to:"
23077
msgstr ""
23078
23079
#: serverguide/C/chat.xml:180(programlisting)
23080
#, no-wrap
23081
msgid ""
23082
"\n"
23083
" <driver>db</driver>\n"
23084
msgstr ""
23085
23086
#: serverguide/C/chat.xml:184(para)
23087
msgid ""
23088
"Next, edit <filename>/etc/jabberd2/c2s.xml</filename> in the "
23089
"<emphasis><local></emphasis> section change:"
23090
msgstr ""
23091
23092
#: serverguide/C/chat.xml:188(programlisting)
23093
#, no-wrap
23094
msgid ""
23095
"\n"
23096
" <id>jabber.example.com</id>\n"
23097
msgstr ""
23098
23099
#: serverguide/C/chat.xml:192(para)
23100
msgid ""
23101
"And in the <authreg> section adjust the <module> section to:"
23102
msgstr ""
23103
23104
#: serverguide/C/chat.xml:196(programlisting)
23105
#, no-wrap
23106
msgid ""
23107
"\n"
23108
" <module>db</module>\n"
23109
msgstr ""
23110
23111
#: serverguide/C/chat.xml:200(para)
23112
msgid ""
23113
"Finally, restart <application>jabberd2</application> to enable the new "
23114
"settings:"
23115
msgstr ""
23116
23117
#: serverguide/C/chat.xml:205(command)
23118
msgid "sudo /etc/init.d/jabberd2 restart"
23119
msgstr ""
23120
23121
#: serverguide/C/chat.xml:208(para)
23122
msgid ""
23123
"You should now be able to connect to the server using a Jabber client like "
23124
"<application>Pidgin</application> for example."
23125
msgstr ""
23126
23127
#: serverguide/C/chat.xml:213(para)
23128
msgid ""
23129
"The advantage of using Berkeley DB for user data is that after being "
23130
"configured no additional maintenance is required. If you need more control "
23131
"over user accounts and credentials another authentication method is "
23132
"recommended."
23133
msgstr ""
23134
23135
#: serverguide/C/chat.xml:225(para)
23136
msgid ""
23137
"The <ulink url=\"http://codex.xiaoka.com/wiki/jabberd2:start\">Jabberd2 Web "
23138
"Site</ulink> contains more details on configuring "
23139
"<application>Jabberd2</application>."
23140
msgstr ""
23141
23142
#: serverguide/C/chat.xml:231(para)
23143
msgid ""
23144
"For more authentication options see the <ulink "
23145
"url=\"http://jabberd2.xiaoka.com/wiki/InstallGuide\">Jabberd2 Install "
23146
"Guide</ulink>."
23147
msgstr ""
23148
23149
#: serverguide/C/chat.xml:236(para)
23150
msgid ""
23151
"Also, the <ulink "
23152
"url=\"https://help.ubuntu.com/community/SettingUpJabberServer\">Setting Up "
23153
"Jabber Server Ubuntu Wiki</ulink> page has more information."
23154
msgstr ""
23155
23156
#: serverguide/C/backups.xml:13(title)
23157
msgid "Backups"
23158
msgstr ""
23159
23160
#: serverguide/C/backups.xml:14(para)
23161
msgid ""
23162
"There are many ways to backup an Ubuntu installation. The most important "
23163
"thing about backups is to develop a <emphasis>backup plan</emphasis> "
23164
"consisting of what to backup, where to back it up to, and how to restore it."
23165
msgstr ""
23166
23167
#: serverguide/C/backups.xml:18(para)
23168
msgid ""
23169
"The following sections discuss various ways of accomplishing these tasks."
23170
msgstr ""
23171
23172
#: serverguide/C/backups.xml:22(title)
23173
msgid "Shell Scripts"
23174
msgstr ""
23175
23176
#: serverguide/C/backups.xml:23(para)
23177
msgid ""
23178
"One of the simplest ways to backup a system is using a <emphasis>shell "
23179
"script</emphasis>. For example, a script can be used to configure which "
23180
"directories to backup, and use those directories as arguments to the "
23181
"<application>tar</application> utility creating an archive file. The archive "
23182
"file can then be moved or copied to another location. The archive can also "
23183
"be created on a remote file system such as an <emphasis>NFS</emphasis> mount."
23184
msgstr ""
23185
23186
#: serverguide/C/backups.xml:29(para)
23187
msgid ""
23188
"The <application>tar</application> utility creates one archive file out of "
23189
"many files or directories. <application>tar</application> can also filter "
23190
"the files through compression utilities reducing the size of the archive "
23191
"file."
23192
msgstr ""
23193
23194
#: serverguide/C/backups.xml:35(title)
23195
msgid "Simple Shell Script"
23196
msgstr ""
23197
23198
#: serverguide/C/backups.xml:36(para)
23199
msgid ""
23200
"The following shell script uses <application>tar</application> to create an "
23201
"archive file on a remotely mounted NFS file system. The archive filename is "
23202
"determined using additional command line utilities."
23203
msgstr ""
23204
23205
#: serverguide/C/backups.xml:40(programlisting)
23206
#, no-wrap
23207
msgid ""
23208
"\n"
23209
"#!/bin/sh\n"
23210
"####################################\n"
23211
"#\n"
23212
"# Backup to NFS mount script.\n"
23213
"#\n"
23214
"####################################\n"
23215
"\n"
23216
"# What to backup. \n"
23217
"backup_files=\"/home /var/spool/mail /etc /root /boot /opt\"\n"
23218
"\n"
23219
"# Where to backup to.\n"
23220
"dest=\"/mnt/backup\"\n"
23221
"\n"
23222
"# Create archive filename.\n"
23223
"day=$(date +%A)\n"
23224
"hostname=$(hostname -s)\n"
23225
"archive_file=\"$hostname-$day.tgz\"\n"
23226
"\n"
23227
"# Print start status message.\n"
23228
"echo \"Backing up $backup_files to $dest/$archive_file\"\n"
23229
"date\n"
23230
"echo\n"
23231
"\n"
23232
"# Backup the files using tar.\n"
23233
"tar czf $dest/$archive_file $backup_files\n"
23234
"\n"
23235
"# Print end status message.\n"
23236
"echo\n"
23237
"echo \"Backup finished\"\n"
23238
"date\n"
23239
"\n"
23240
"# Long listing of files in $dest to check file sizes.\n"
23241
"ls -lh $dest\n"
23242
msgstr ""
23243
23244
#: serverguide/C/backups.xml:77(para)
23245
msgid ""
23246
"<emphasis>$backup_files:</emphasis> a variable listing which directories you "
23247
"would like to backup. The list should be customized to fit your needs."
23248
msgstr ""
23249
23250
#: serverguide/C/backups.xml:83(para)
23251
msgid ""
23252
"<emphasis>$day:</emphasis> a variable holding the day of the week (Monday, "
23253
"Tuesday, Wednesday, etc). This is used to create an archive file for each "
23254
"day of the week, giving a backup history of seven days. There are other ways "
23255
"to accomplish this including other ways using the "
23256
"<application>date</application> utility."
23257
msgstr ""
23258
23259
#: serverguide/C/backups.xml:90(para)
23260
msgid ""
23261
"<emphasis>$hostname:</emphasis> variable containing the "
23262
"<emphasis>short</emphasis> hostname of the system. Using the hostname in the "
23263
"archive filename gives you the option of placing daily archive files from "
23264
"multiple systems in the same directory."
23265
msgstr ""
23266
23267
#: serverguide/C/backups.xml:97(para)
23268
msgid "<emphasis>$archive_file:</emphasis> the full archive filename."
23269
msgstr ""
23270
23271
#: serverguide/C/backups.xml:102(para)
23272
msgid ""
23273
"<emphasis>$dest:</emphasis> destination of the archive file. The directory "
23274
"needs to be created and in this case <emphasis>mounted</emphasis> before "
23275
"executing the backup script. See <xref linkend=\"network-file-system\"/> for "
23276
"details using <emphasis>NFS</emphasis>."
23277
msgstr ""
23278
23279
#: serverguide/C/backups.xml:109(para)
23280
msgid ""
23281
"<emphasis>status messages:</emphasis> optional messages printed to the "
23282
"console using the <application>echo</application> utility."
23283
msgstr ""
23284
23285
#: serverguide/C/backups.xml:115(para)
23286
msgid ""
23287
"<emphasis>tar czf $dest/$archive_file $backup_files:</emphasis> the "
23288
"<application>tar</application> command used to create the archive file."
23289
msgstr ""
23290
23291
#: serverguide/C/backups.xml:121(para)
23292
msgid "<emphasis>c:</emphasis> creates an archive."
23293
msgstr ""
23294
23295
#: serverguide/C/backups.xml:126(para)
23296
msgid ""
23297
"<emphasis>z:</emphasis> filter the archive through the "
23298
"<application>gzip</application> utility compressing the archive."
23299
msgstr ""
23300
23301
#: serverguide/C/backups.xml:131(para)
23302
msgid ""
23303
"<emphasis>f:</emphasis> use archive file. Otherwise the "
23304
"<application>tar</application> output will be sent to STDOUT."
23305
msgstr ""
23306
23307
#: serverguide/C/backups.xml:138(para)
23308
msgid ""
23309
"<emphasis>ls -lh $dest:</emphasis> optional statement prints a <emphasis>-"
23310
"l</emphasis> long listing in <emphasis>-h</emphasis> human readable format "
23311
"of the destination directory. This is useful for a quick file size check of "
23312
"the archive file. This check should not replace testing the archive file."
23313
msgstr ""
23314
23315
#: serverguide/C/backups.xml:145(para)
23316
msgid ""
23317
"This is a simple example of a backup shell script. There are large amount of "
23318
"options that can be included in a backup script. See <xref linkend=\"backup-"
23319
"shellscript-references\"/> for links to resources providing more in depth "
23320
"shell scripting information."
23321
msgstr ""
23322
23323
#: serverguide/C/backups.xml:152(title)
23324
msgid "Executing the Script"
23325
msgstr ""
23326
23327
#: serverguide/C/backups.xml:154(title)
23328
msgid "Executing from a Terminal"
23329
msgstr ""
23330
23331
#: serverguide/C/backups.xml:155(para)
23332
msgid ""
23333
"The simplest way of executing the above backup script is to copy and paste "
23334
"the contents into a file. <filename>backup.sh</filename> for example. Then "
23335
"from a terminal prompt:"
23336
msgstr ""
23337
23338
#: serverguide/C/backups.xml:160(command)
23339
msgid "sudo bash backup.sh"
23340
msgstr ""
23341
23342
#: serverguide/C/backups.xml:162(para)
23343
msgid ""
23344
"This is a great way to test the script to make sure everything works as "
23345
"expected."
23346
msgstr ""
23347
23348
#: serverguide/C/backups.xml:167(title)
23349
msgid "Executing with cron"
23350
msgstr ""
23351
23352
#: serverguide/C/backups.xml:168(para)
23353
msgid ""
23354
"The <application>cron</application> utility can be used to automate the "
23355
"script execution. The <application>cron</application> daemon allows the "
23356
"execution of scripts, or commands, at a specified time and date."
23357
msgstr ""
23358
23359
#: serverguide/C/backups.xml:172(para)
23360
msgid ""
23361
"<application>cron</application> is configured through entries in a "
23362
"<filename>crontab</filename> file. <filename>crontab</filename> files are "
23363
"separated into fields:"
23364
msgstr ""
23365
23366
#: serverguide/C/backups.xml:176(programlisting)
23367
#, no-wrap
23368
msgid ""
23369
"\n"
23370
"# m h dom mon dow command\n"
23371
msgstr ""
23372
23373
#: serverguide/C/backups.xml:181(para)
23374
msgid ""
23375
"<emphasis>m:</emphasis> minute the command executes on between 0 and 59."
23376
msgstr ""
23377
23378
#: serverguide/C/backups.xml:186(para)
23379
msgid ""
23380
"<emphasis>h:</emphasis> hour the command executes on between 0 and 23."
23381
msgstr ""
23382
23383
#: serverguide/C/backups.xml:191(para)
23384
msgid "<emphasis>dom:</emphasis> day of month the command executes on."
23385
msgstr ""
23386
23387
#: serverguide/C/backups.xml:196(para)
23388
msgid ""
23389
"<emphasis>mon:</emphasis> the month the command executes on between 1 and 12."
23390
msgstr ""
23391
23392
#: serverguide/C/backups.xml:201(para)
23393
msgid ""
23394
"<emphasis>dow:</emphasis> the day of the week the command executes on "
23395
"between 0 and 7. Sunday may be specified by using 0 or 7, both values are "
23396
"valid."
23397
msgstr ""
23398
23399
#: serverguide/C/backups.xml:206(para)
23400
msgid "<emphasis>command:</emphasis> the command to execute."
23401
msgstr ""
23402
23403
#: serverguide/C/backups.xml:211(para)
23404
msgid ""
23405
"To add or change entries in a <filename>crontab</filename> file the "
23406
"<application>crontab -e</application> command should be used. Also, the "
23407
"contents of a <filename>crontab</filename> file can be viewed using the "
23408
"<application>crontab -l</application> command."
23409
msgstr ""
23410
23411
#: serverguide/C/backups.xml:215(para)
23412
msgid ""
23413
"To execute the <application>backup.sh</application> script listed above "
23414
"using <application>cron</application>. Enter the following from a terminal "
23415
"prompt:"
23416
msgstr ""
23417
23418
#: serverguide/C/backups.xml:220(command)
23419
msgid "sudo crontab -e"
23420
msgstr ""
23421
23422
#: serverguide/C/backups.xml:223(para)
23423
msgid ""
23424
"Using <application>sudo</application> with the <application>crontab -"
23425
"e</application> command edits the <emphasis>root</emphasis> user's crontab. "
23426
"This is necessary if you are backing up directories only the root user has "
23427
"access to."
23428
msgstr ""
23429
23430
#: serverguide/C/backups.xml:228(para)
23431
msgid "Add the following entry to the <filename>crontab</filename> file:"
23432
msgstr ""
23433
23434
#: serverguide/C/backups.xml:231(programlisting)
23435
#, no-wrap
23436
msgid ""
23437
"\n"
23438
"# m h dom mon dow command\n"
23439
"0 0 * * * bash /usr/local/bin/backup.sh\n"
23440
msgstr ""
23441
23442
#: serverguide/C/backups.xml:235(para)
23443
msgid ""
23444
"The <application>backup.sh</application> script will now be executed every "
23445
"day at 12:00 am."
23446
msgstr ""
23447
23448
#: serverguide/C/backups.xml:239(para)
23449
msgid ""
23450
"The <application>backup.sh</application> script will need to be copied to "
23451
"the <filename>/usr/local/bin/</filename> directory in order for this entry "
23452
"to execute properly. The script can reside anywhere on the file system "
23453
"simply change the script path appropriately."
23454
msgstr ""
23455
23456
#: serverguide/C/backups.xml:244(para)
23457
msgid ""
23458
"For more in depth <application>crontab</application> options see <xref "
23459
"linkend=\"backup-shellscript-references\"/>."
23460
msgstr ""
23461
23462
#: serverguide/C/backups.xml:250(title)
23463
msgid "Restoring from the Archive"
23464
msgstr ""
23465
23466
#: serverguide/C/backups.xml:251(para)
23467
msgid ""
23468
"Once an archive has been created it is important to test the archive. The "
23469
"archive can be tested by listing the files it contains, but the best test is "
23470
"to <emphasis>restore</emphasis> a file from the archive."
23471
msgstr ""
23472
23473
#: serverguide/C/backups.xml:257(para)
23474
msgid "To see a listing of the archive contents. From a terminal prompt:"
23475
msgstr ""
23476
23477
#: serverguide/C/backups.xml:261(command)
23478
msgid "tar -tzvf /mnt/backup/host-Monday.tgz"
23479
msgstr ""
23480
23481
#: serverguide/C/backups.xml:265(para)
23482
msgid "To restore a file from the archive to a different directory enter:"
23483
msgstr ""
23484
23485
#: serverguide/C/backups.xml:269(command)
23486
msgid "tar -xzvf /mnt/backup/host-Monday.tgz -C /tmp etc/hosts"
23487
msgstr ""
23488
23489
#: serverguide/C/backups.xml:271(para)
23490
msgid ""
23491
"The <emphasis>-C</emphasis> option to <application>tar</application> "
23492
"redirects the extracted files to the specified directory. The above example "
23493
"will extract the <filename>/etc/hosts</filename> file to "
23494
"<filename>/tmp/etc/hosts</filename>. <application>tar</application> "
23495
"recreates the directory structure that it contains."
23496
msgstr ""
23497
23498
#: serverguide/C/backups.xml:276(para)
23499
msgid ""
23500
"Also, notice the leading <emphasis>\"/\"</emphasis> is left off the path of "
23501
"the file to restore."
23502
msgstr ""
23503
23504
#: serverguide/C/backups.xml:281(para)
23505
msgid "To restore all files in the archive enter the following:"
23506
msgstr ""
23507
23508
#: serverguide/C/backups.xml:285(command)
23509
msgid "cd /"
23510
msgstr ""
23511
23512
#: serverguide/C/backups.xml:286(command)
23513
msgid "sudo tar -xzvf /mnt/backup/host-Monday.tgz"
23514
msgstr ""
23515
23516
#: serverguide/C/backups.xml:291(para)
23517
msgid "This will overwrite the files currently on the file system."
23518
msgstr ""
23519
23520
#: serverguide/C/backups.xml:300(para)
23521
msgid ""
23522
"For more information on shell scripting see the <ulink "
23523
"url=\"http://tldp.org/LDP/abs/html/\">Advanced Bash-Scripting Guide</ulink>"
23524
msgstr ""
23525
23526
#: serverguide/C/backups.xml:305(para)
23527
msgid ""
23528
"The book <ulink url=\"http://safari.samspublishing.com/0672323583\">Teach "
23529
"Yourself Shell Programming in 24 Hours</ulink> is available online and a "
23530
"great resource for shell scripting."
23531
msgstr ""
23532
23533
#: serverguide/C/backups.xml:311(para)
23534
msgid ""
23535
"The <ulink url=\"https://help.ubuntu.com/community/CronHowto\">CronHowto "
23536
"Wiki Page</ulink> contains details on advanced "
23537
"<application>cron</application> options."
23538
msgstr ""
23539
23540
#: serverguide/C/backups.xml:318(para)
23541
msgid ""
23542
"See the <ulink url=\"http://www.gnu.org/software/tar/manual/index.html\">GNU "
23543
"tar Manual</ulink> for more <application>tar</application> options."
23544
msgstr ""
23545
23546
#: serverguide/C/backups.xml:324(para)
23547
msgid ""
23548
"The Wikipedia <ulink "
23549
"url=\"http://en.wikipedia.org/wiki/Backup_rotation_scheme\">Backup Rotation "
23550
"Scheme</ulink> article contains information on other backup rotation schemes."
23551
msgstr ""
23552
23553
#: serverguide/C/backups.xml:330(para)
23554
msgid ""
23555
"The shell script uses <application>tar</application> to create the archive, "
23556
"but there many other command line utilities that can be used. For example:"
23557
msgstr ""
23558
23559
#: serverguide/C/backups.xml:336(para)
23560
msgid ""
23561
"<ulink url=\"http://www.gnu.org/software/cpio/\">cpio</ulink>: used to copy "
23562
"files to and from archives."
23563
msgstr ""
23564
23565
#: serverguide/C/backups.xml:341(para)
23566
msgid ""
23567
"<ulink url=\"http://www.gnu.org/software/coreutils/\">dd</ulink>: part of "
23568
"the <application>coreutils</application> package. A low level utility that "
23569
"can copy data from one format to another"
23570
msgstr ""
23571
23572
#: serverguide/C/backups.xml:347(para)
23573
msgid ""
23574
"<ulink url=\"http://www.rsnapshot.org/\">rsnapshot</ulink>: a file system "
23575
"snap shot utility used to create copies of an entire file system."
23576
msgstr ""
23577
23578
#: serverguide/C/backups.xml:358(title)
23579
msgid "Archive Rotation"
23580
msgstr ""
23581
23582
#: serverguide/C/backups.xml:359(para)
23583
msgid ""
23584
"The shell script in section <xref linkend=\"backup-shellscripts\"/> only "
23585
"allows for seven different archives. For a server whose data doesn't change "
23586
"often this may be enough. If the server has a large amount of data a more "
23587
"robust rotation scheme should be used."
23588
msgstr ""
23589
23590
#: serverguide/C/backups.xml:365(title)
23591
msgid "Rotating NFS Archives"
23592
msgstr ""
23593
23594
#: serverguide/C/backups.xml:366(para)
23595
msgid ""
23596
"In this section the shell script will be slightly modified to implement a "
23597
"grandfather-father-son rotation scheme (monthly-weekly-daily):"
23598
msgstr ""
23599
23600
#: serverguide/C/backups.xml:372(para)
23601
msgid ""
23602
"The rotation will do a <emphasis>daily</emphasis> backup Sunday through "
23603
"Friday."
23604
msgstr ""
23605
23606
#: serverguide/C/backups.xml:377(para)
23607
msgid ""
23608
"On Saturday a <emphasis>weekly</emphasis> backup is done giving you four "
23609
"weekly backups a month."
23610
msgstr ""
23611
23612
#: serverguide/C/backups.xml:382(para)
23613
msgid ""
23614
"The <emphasis>monthly</emphasis> backup is done on the first of the month "
23615
"rotating two monthly backups based on if the month is odd or even."
23616
msgstr ""
23617
23618
#: serverguide/C/backups.xml:388(para)
23619
msgid "Here is the new script:"
23620
msgstr ""
23621
23622
#: serverguide/C/backups.xml:391(programlisting)
23623
#, no-wrap
23624
msgid ""
23625
"\n"
23626
"#!/bin/bash\n"
23627
"####################################\n"
23628
"#\n"
23629
"# Backup to NFS mount script with\n"
23630
"# grandfather-father-son rotation.\n"
23631
"#\n"
23632
"####################################\n"
23633
"\n"
23634
"# What to backup. \n"
23635
"backup_files=\"/home /var/spool/mail /etc /root /boot /opt\"\n"
23636
"\n"
23637
"# Where to backup to.\n"
23638
"dest=\"/mnt/backup\"\n"
23639
"\n"
23640
"# Setup variables for the archive filename.\n"
23641
"day=$(date +%A)\n"
23642
"hostname=$(hostname -s)\n"
23643
"\n"
23644
"# Find which week of the month 1-4 it is.\n"
23645
"day_num=$(date +%d)\n"
23646
"if (( $day_num <= 7 )); then\n"
23647
" week_file=\"$hostname-week1.tgz\"\n"
23648
"elif (( $day_num > 7 && $day_num <= 14 )); then\n"
23649
" week_file=\"$hostname-week2.tgz\"\n"
23650
"elif (( $day_num > 14 && $day_num <= 21 )); then\n"
23651
" week_file=\"$hostname-week3.tgz\"\n"
23652
"elif (( $day_num > 21 && $day_num < 32 )); then\n"
23653
" week_file=\"$hostname-week4.tgz\"\n"
23654
"fi\n"
23655
"\n"
23656
"# Find if the Month is odd or even.\n"
23657
"month_num=$(date +%m)\n"
23658
"month=$(expr $month_num % 2)\n"
23659
"if [ $month -eq 0 ]; then\n"
23660
" month_file=\"$hostname-month2.tgz\"\n"
23661
"else\n"
23662
" month_file=\"$hostname-month1.tgz\"\n"
23663
"fi\n"
23664
"\n"
23665
"# Create archive filename.\n"
23666
"if [ $day_num == 1 ]; then\n"
23667
"\tarchive_file=$month_file\n"
23668
"elif [ $day != \"Saturday\" ]; then\n"
23669
" archive_file=\"$hostname-$day.tgz\"\n"
23670
"else \n"
23671
"\tarchive_file=$week_file\n"
23672
"fi\n"
23673
"\n"
23674
"# Print start status message.\n"
23675
"echo \"Backing up $backup_files to $dest/$archive_file\"\n"
23676
"date\n"
23677
"echo\n"
23678
"\n"
23679
"# Backup the files using tar.\n"
23680
"tar czf $dest/$archive_file $backup_files\n"
23681
"\n"
23682
"# Print end status message.\n"
23683
"echo\n"
23684
"echo \"Backup finished\"\n"
23685
"date\n"
23686
"\n"
23687
"# Long listing of files in $dest to check file sizes.\n"
23688
"ls -lh $dest/\n"
23689
msgstr ""
23690
23691
#: serverguide/C/backups.xml:456(para)
23692
msgid ""
23693
"The script can be executed using the same methods as in <xref "
23694
"linkend=\"backup-executing-shellscript\"/>."
23695
msgstr ""
23696
23697
#: serverguide/C/backups.xml:459(para)
23698
msgid ""
23699
"It is good practice to take backup media off site in case of a disaster. In "
23700
"the shell script example the backup media is another server providing an NFS "
23701
"share. In all likelihood taking the NFS server to another location would not "
23702
"be practical. Depending upon connection speeds it may be an option to copy "
23703
"the archive file over a WAN link to a server in another location."
23704
msgstr ""
23705
23706
#: serverguide/C/backups.xml:465(para)
23707
msgid ""
23708
"Another option is to copy the archive file to an external hard drive which "
23709
"can then be taken off site. Since the price of external hard drives continue "
23710
"to decrease it may be cost-effective to use two drives for each archive "
23711
"level. This would allow you to have one external drive attached to the "
23712
"backup server and one in another location."
23713
msgstr ""
23714
23715
#: serverguide/C/backups.xml:472(title)
23716
msgid "Tape Drives"
23717
msgstr ""
23718
23719
#: serverguide/C/backups.xml:473(para)
23720
msgid ""
23721
"A tape drive attached to the server can be used instead of a NFS share. "
23722
"Using a tape drive simplifies archive rotation, and taking the media off "
23723
"site as well."
23724
msgstr ""
23725
23726
#: serverguide/C/backups.xml:477(para)
23727
msgid ""
23728
"When using a tape drive the filename portions of the script aren't needed "
23729
"because the date is sent directly to the tape device. Some commands to "
23730
"manipulate the tape are needed. This is accomplished using "
23731
"<application>mt</application>, a magnetic tape control utility part of the "
23732
"<application>cpio</application> package."
23733
msgstr ""
23734
23735
#: serverguide/C/backups.xml:482(para)
23736
msgid "Here is the shell script modified to use a tape drive:"
23737
msgstr ""
23738
23739
#: serverguide/C/backups.xml:485(programlisting)
23740
#, no-wrap
23741
msgid ""
23742
"\n"
23743
"#!/bin/bash\n"
23744
"####################################\n"
23745
"#\n"
23746
"# Backup to tape drive script.\n"
23747
"#\n"
23748
"####################################\n"
23749
"\n"
23750
"# What to backup. \n"
23751
"backup_files=\"/home /var/spool/mail /etc /root /boot /opt\"\n"
23752
"\n"
23753
"# Where to backup to.\n"
23754
"dest=\"/dev/st0\"\n"
23755
"\n"
23756
"# Print start status message.\n"
23757
"echo \"Backing up $backup_files to $dest\"\n"
23758
"date\n"
23759
"echo\n"
23760
"\n"
23761
"# Make sure the tape is rewound.\n"
23762
"mt -f $dest rewind\n"
23763
"\n"
23764
"# Backup the files using tar.\n"
23765
"tar czf $dest $backup_files\n"
23766
"\n"
23767
"# Rewind and eject the tape.\n"
23768
"mt -f $dest rewoffl\n"
23769
"\n"
23770
"# Print end status message.\n"
23771
"echo\n"
23772
"echo \"Backup finished\"\n"
23773
"date\n"
23774
msgstr ""
23775
23776
#: serverguide/C/backups.xml:519(para)
23777
msgid ""
23778
"The default device name for a SCSI tape drive is "
23779
"<filename>/dev/st0</filename>. Use the appropriate device path for your "
23780
"system."
23781
msgstr ""
23782
23783
#: serverguide/C/backups.xml:524(para)
23784
msgid ""
23785
"Restoring from a tape drive is basically the same as restoring from a file. "
23786
"Simply rewind the tape and use the device path instead of a file path. For "
23787
"example to restore the <filename>/etc/hosts</filename> file to "
23788
"<filename>/tmp/etc/hosts</filename>:"
23789
msgstr ""
23790
23791
#: serverguide/C/backups.xml:529(command)
23792
msgid "mt -f /dev/st0 rewind"
23793
msgstr ""
23794
23795
#: serverguide/C/backups.xml:530(command)
23796
msgid "tar -xzf /dev/st0 -C /tmp etc/hosts"
23797
msgstr ""
23798
23799
#: serverguide/C/backups.xml:535(title)
23800
msgid "Bacula"
23801
msgstr ""
23802
23803
#: serverguide/C/backups.xml:536(para)
23804
msgid ""
23805
"<application>Bacula</application> is a backup program enabling you to "
23806
"backup, restore, and verify data across your network. There are Bacula "
23807
"clients for Linux, Windows, and Mac OS X. Making it a cross platform network "
23808
"wide solution."
23809
msgstr ""
23810
23811
#: serverguide/C/backups.xml:542(para)
23812
msgid ""
23813
"<application>Bacula</application> is made up of several components and "
23814
"services used to manage which files to backup and where to back them up to:"
23815
msgstr ""
23816
23817
#: serverguide/C/backups.xml:548(para)
23818
msgid ""
23819
"<application>Bacula Director:</application> a service that controls all "
23820
"backup, restore, verify, and archive operations."
23821
msgstr ""
23822
23823
#: serverguide/C/backups.xml:553(para)
23824
msgid ""
23825
"<application>Bacula Console:</application> an application allowing "
23826
"communication with the Director. There are three versions of the Console:"
23827
msgstr ""
23828
23829
#: serverguide/C/backups.xml:558(para)
23830
msgid "Text based command line version."
23831
msgstr ""
23832
23833
#: serverguide/C/backups.xml:559(para)
23834
msgid "Gnome based GTK+ Graphical User Interface (GUI) interface."
23835
msgstr ""
23836
23837
#: serverguide/C/backups.xml:560(para)
23838
msgid "wxWidgets GUI interface."
23839
msgstr ""
23840
23841
#: serverguide/C/backups.xml:564(para)
23842
msgid ""
23843
"<application>Bacula File:</application> also known as the "
23844
"<application>Bacula Client</application> program. This application is "
23845
"installed on machines to be backed up, and is responsible for the data "
23846
"requested by the Director."
23847
msgstr ""
23848
23849
#: serverguide/C/backups.xml:570(para)
23850
msgid ""
23851
"<application>Bacula Storage:</application> the programs that perform the "
23852
"storage and recovery of data to the physical media."
23853
msgstr ""
23854
23855
#: serverguide/C/backups.xml:575(para)
23856
msgid ""
23857
"<application>Bacula Catalog:</application> is responsible for maintaining "
23858
"the file indexes and volume databases for all files backed up, enabling "
23859
"quick location and restoration of archived files. The Catalog supports three "
23860
"different databases MySQL, PostgreSQL, and SQLite."
23861
msgstr ""
23862
23863
#: serverguide/C/backups.xml:581(para)
23864
msgid ""
23865
"<application>Bacula Monitor:</application> allows the monitoring of the "
23866
"Director, File daemons, and Storage daemons. Currently the Monitor is only "
23867
"available as a GTK+ GUI application."
23868
msgstr ""
23869
23870
#: serverguide/C/backups.xml:587(para)
23871
msgid ""
23872
"These services and applications can be run on multiple servers and clients, "
23873
"or they can be installed on one machine if backing up a single disk or "
23874
"volume."
23875
msgstr ""
23876
23877
#: serverguide/C/backups.xml:594(para)
23878
msgid ""
23879
"There are multiple packages containing the different "
23880
"<application>Bacula</application> components. To install Bacula, from a "
23881
"terminal prompt enter:"
23882
msgstr ""
23883
23884
#: serverguide/C/backups.xml:599(command)
23885
msgid "sudo apt-get install bacula"
23886
msgstr ""
23887
23888
#: serverguide/C/backups.xml:601(para)
23889
msgid ""
23890
"By default installing the <application>bacula</application> package will use "
23891
"a <application>MySQL</application> database for the Catalog. If you want to "
23892
"use SQLite or PostgreSQL, for the Catalog, install <application>bacula-"
23893
"director-sqlite3</application> or <application>bacula-director-"
23894
"pgsql</application> respectively."
23895
msgstr ""
23896
23897
#: serverguide/C/backups.xml:607(para)
23898
msgid ""
23899
"During the install process you will be asked to supply credentials for the "
23900
"database <emphasis>administrator</emphasis> and the "
23901
"<emphasis>bacula</emphasis> database <emphasis>owner</emphasis>. The "
23902
"database administrator will need to have the appropriate rights to create a "
23903
"database, see <xref linkend=\"mysql\"/> for more information."
23904
msgstr ""
23905
23906
#: serverguide/C/backups.xml:617(para)
23907
msgid ""
23908
"<application>Bacula</application> configuration files are formatted based on "
23909
"<emphasis>resources</emphasis> comprising of <emphasis>directives</emphasis> "
23910
"surrounded by <quote>{}</quote> braces. Each Bacula component has an "
23911
"individual file in the <filename role=\"directory\">/etc/bacula</filename> "
23912
"directory."
23913
msgstr ""
23914
23915
#: serverguide/C/backups.xml:622(para)
23916
msgid ""
23917
"The various <application>Bacula</application> components must authorize "
23918
"themselves to each other. This is accomplished using the "
23919
"<emphasis>password</emphasis> directive. For example, the "
23920
"<emphasis>Storage</emphasis> resource password in the "
23921
"<filename>/etc/bacula/bacula-dir.conf</filename> file must match the "
23922
"<emphasis>Director</emphasis> resource password in "
23923
"<filename>/etc/bacula/bacula-sd.conf</filename>."
23924
msgstr ""
23925
23926
#: serverguide/C/backups.xml:628(para)
23927
msgid ""
23928
"By default the backup job named <emphasis>Client1</emphasis> is configured "
23929
"to archive the <application>Bacula</application> Catalog. If you plan on "
23930
"using the server to backup more than one client you should change the name "
23931
"of this job to something more descriptive. To change the name edit "
23932
"<filename>/etc/bacula/bacula-dir.conf</filename>:"
23933
msgstr ""
23934
23935
#: serverguide/C/backups.xml:633(programlisting)
23936
#, no-wrap
23937
msgid ""
23938
"\n"
23939
"#\n"
23940
"# Define the main nightly save backup job\n"
23941
"# By default, this job will back up to disk in \n"
23942
"Job {\n"
23943
" Name = \"BackupServer\"\n"
23944
" JobDefs = \"DefaultJob\"\n"
23945
" Write Bootstrap = \"/var/lib/bacula/Client1.bsr\"\n"
23946
"}\n"
23947
msgstr ""
23948
23949
#: serverguide/C/backups.xml:644(para)
23950
msgid ""
23951
"The example above changes the job name to <emphasis>BackupServer</emphasis> "
23952
"matching the machine's host name. Replace <quote>BackupServer</quote> with "
23953
"your appropriate hostname, or other descriptive name."
23954
msgstr ""
23955
23956
#: serverguide/C/backups.xml:649(para)
23957
msgid ""
23958
"The <emphasis>Console</emphasis> can be used to query the "
23959
"<emphasis>Director</emphasis> about jobs, but to use the Console with a "
23960
"<emphasis>non-root</emphasis> user, the user needs to be in the "
23961
"<emphasis>bacula</emphasis> group. To add a user to the bacula group enter "
23962
"the following from a terminal:"
23963
msgstr ""
23964
23965
#: serverguide/C/backups.xml:655(command)
23966
msgid "sudo adduser $username bacula"
23967
msgstr ""
23968
23969
#: serverguide/C/backups.xml:658(para)
23970
msgid ""
23971
"Replace <emphasis>$username</emphasis> with the actual username. Also, if "
23972
"you are adding the current user to the group you should log out and back in "
23973
"for the new permissions to take effect."
23974
msgstr ""
23975
23976
#: serverguide/C/backups.xml:665(title)
23977
msgid "Localhost Backup"
23978
msgstr ""
23979
23980
#: serverguide/C/backups.xml:666(para)
23981
msgid ""
23982
"This section describes how to backup specified directories on a single host "
23983
"to a local tape drive."
23984
msgstr ""
23985
23986
#: serverguide/C/backups.xml:671(para)
23987
msgid ""
23988
"First, the <emphasis>Storage</emphasis> device needs to be configured. Edit "
23989
"<filename>/etc/bacula/bacula-sd.conf</filename> add:"
23990
msgstr ""
23991
23992
#: serverguide/C/backups.xml:674(programlisting)
23993
#, no-wrap
23994
msgid ""
23995
"\n"
23996
"Device {\n"
23997
" Name = \"Tape Drive\"\n"
23998
" Device Type = tape\n"
23999
" Media Type = DDS-4\n"
24000
" Archive Device = /dev/st0\n"
24001
" Hardware end of medium = No;\n"
24002
" AutomaticMount = yes; # when device opened, read it\n"
24003
" AlwaysOpen = Yes;\n"
24004
" RemovableMedia = yes;\n"
24005
" RandomAccess = no;\n"
24006
" Alert Command = \"sh -c 'tapeinfo -f %c | grep TapeAlert'\"\n"
24007
"}\n"
24008
msgstr ""
24009
24010
#: serverguide/C/backups.xml:688(para)
24011
msgid ""
24012
"The example is for a <emphasis>DDS-4</emphasis> tape drive. Adjust the Media "
24013
"Type and Archive Device to match your hardware."
24014
msgstr ""
24015
24016
#: serverguide/C/backups.xml:691(para)
24017
msgid "You could also uncomment one of the other examples in the file."
24018
msgstr ""
24019
24020
#: serverguide/C/backups.xml:696(para)
24021
msgid ""
24022
"After editing <filename>/etc/bacula/bacula-sd.conf</filename> the "
24023
"<application>Storage</application> daemon will need to be restarted:"
24024
msgstr ""
24025
24026
#: serverguide/C/backups.xml:701(command)
24027
msgid "sudo /etc/init.d/bacula-sd restart"
24028
msgstr ""
24029
24030
#: serverguide/C/backups.xml:705(para)
24031
msgid ""
24032
"Now add a <emphasis>Storage</emphasis> resource in "
24033
"<filename>/etc/bacula/bacula-dir.conf</filename> to use the new Device:"
24034
msgstr ""
24035
24036
#: serverguide/C/backups.xml:708(programlisting)
24037
#, no-wrap
24038
msgid ""
24039
"\n"
24040
"# Definition of \"Tape Drive\" storage device\n"
24041
"Storage {\n"
24042
" Name = TapeDrive\n"
24043
" # Do not use \"localhost\" here \n"
24044
" Address = backupserver # N.B. Use a fully qualified name "
24045
"here\n"
24046
" SDPort = 9103\n"
24047
" Password = \"Cv70F6pf1t6pBopT4vQOnigDrR0v3LT3Cgkiyj\"\n"
24048
" Device = \"Tape Drive\"\n"
24049
" Media Type = tape\n"
24050
"}\n"
24051
msgstr ""
24052
24053
#: serverguide/C/backups.xml:720(para)
24054
msgid ""
24055
"The <emphasis>Address</emphasis> directive needs to be the Fully Qualified "
24056
"Domain Name (FQDN) of the server. Change <emphasis>backupserver</emphasis> "
24057
"to the actual host name."
24058
msgstr ""
24059
24060
#: serverguide/C/backups.xml:724(para)
24061
msgid ""
24062
"Also, make sure the <emphasis>Password</emphasis> directive matches the "
24063
"password string in <filename>/etc/bacula/bacula-sd.conf</filename>."
24064
msgstr ""
24065
24066
#: serverguide/C/backups.xml:730(para)
24067
msgid ""
24068
"Create a new <emphasis>FileSet</emphasis>, which will determine what "
24069
"directories to backup, by adding:"
24070
msgstr ""
24071
24072
#: serverguide/C/backups.xml:733(programlisting)
24073
#, no-wrap
24074
msgid ""
24075
"\n"
24076
"# LocalhostBacup FileSet.\n"
24077
"FileSet {\n"
24078
" Name = \"LocalhostFiles\"\n"
24079
" Include {\n"
24080
" Options {\n"
24081
" signature = MD5\n"
24082
" compression=GZIP\n"
24083
" }\n"
24084
" File = /etc\n"
24085
" File = /home\n"
24086
" }\n"
24087
"}\n"
24088
msgstr ""
24089
24090
#: serverguide/C/backups.xml:747(para)
24091
msgid ""
24092
"This <emphasis>FileSet</emphasis> will backup the <filename "
24093
"role=\"directory\">/etc</filename> and <filename "
24094
"role=\"directory\">/home</filename> directories. The "
24095
"<emphasis>Options</emphasis> resource directives configure the FileSet to "
24096
"create a MD5 signature for each file backed up, and to compress the files "
24097
"using GZIP."
24098
msgstr ""
24099
24100
#: serverguide/C/backups.xml:754(para)
24101
msgid "Next, create a new <emphasis>Schedule</emphasis> for the backup job:"
24102
msgstr ""
24103
24104
#: serverguide/C/backups.xml:757(programlisting)
24105
#, no-wrap
24106
msgid ""
24107
"\n"
24108
"# LocalhostBackup Schedule -- Daily.\n"
24109
"Schedule {\n"
24110
" Name = \"LocalhostDaily\"\n"
24111
" Run = Full daily at 00:01\n"
24112
"}\n"
24113
msgstr ""
24114
24115
#: serverguide/C/backups.xml:764(para)
24116
msgid ""
24117
"The job will run every day at 00:01 or 12:01 am. There are many other "
24118
"scheduling options available."
24119
msgstr ""
24120
24121
#: serverguide/C/backups.xml:769(para)
24122
msgid "Finally create the <emphasis>Job</emphasis>:"
24123
msgstr ""
24124
24125
#: serverguide/C/backups.xml:772(programlisting)
24126
#, no-wrap
24127
msgid ""
24128
"\n"
24129
"# Localhost backup.\n"
24130
"Job {\n"
24131
" Name = \"LocalhostBackup\"\n"
24132
" JobDefs = \"DefaultJob\"\n"
24133
" Enabled = yes\n"
24134
" Level = Full\n"
24135
" FileSet = \"LocalhostFiles\"\n"
24136
" Schedule = \"LocalhostDaily\"\n"
24137
" Storage = TapeDrive\n"
24138
" Write Bootstrap = \"/var/lib/bacula/LocalhostBackup.bsr\"\n"
24139
"} \n"
24140
msgstr ""
24141
24142
#: serverguide/C/backups.xml:785(para)
24143
msgid ""
24144
"The job will do a <emphasis>Full</emphasis> backup every day to the tape "
24145
"drive."
24146
msgstr ""
24147
24148
#: serverguide/C/backups.xml:790(para)
24149
msgid ""
24150
"Each tape used will need to have a <emphasis>Label</emphasis>. If the "
24151
"current tape does not have a label <application>Bacula</application> will "
24152
"send an email letting you know. To label a tape using the "
24153
"<application>Console</application> enter the following from a terminal:"
24154
msgstr ""
24155
24156
#: serverguide/C/backups.xml:796(command)
24157
msgid "bconsole"
24158
msgstr ""
24159
24160
#: serverguide/C/backups.xml:800(para)
24161
msgid "At the Bacula Console prompt enter:"
24162
msgstr ""
24163
24164
#: serverguide/C/backups.xml:804(command)
24165
msgid "label"
24166
msgstr ""
24167
24168
#: serverguide/C/backups.xml:808(para)
24169
msgid ""
24170
"You will then be prompted for the <emphasis>Storage</emphasis> resource:"
24171
msgstr ""
24172
24173
#: serverguide/C/backups.xml:818(userinput)
24174
#, no-wrap
24175
msgid "2"
24176
msgstr ""
24177
24178
#: serverguide/C/backups.xml:812(computeroutput)
24179
#, no-wrap
24180
msgid ""
24181
"\n"
24182
"Automatically selected Catalog: MyCatalog\n"
24183
"Using Catalog \"MyCatalog\"\n"
24184
"The defined Storage resources are:\n"
24185
" 1: File\n"
24186
" 2: TapeDrive\n"
24187
"Select Storage resource (1-2):<placeholder-1/>\n"
24188
msgstr ""
24189
24190
#: serverguide/C/backups.xml:823(para)
24191
msgid "Enter the new <emphasis>Volume</emphasis> name:"
24192
msgstr ""
24193
24194
#: serverguide/C/backups.xml:828(userinput)
24195
#, no-wrap
24196
msgid "Sunday"
24197
msgstr ""
24198
24199
#: serverguide/C/backups.xml:827(computeroutput)
24200
#, no-wrap
24201
msgid ""
24202
"\n"
24203
"Enter new Volume name: <placeholder-1/>\n"
24204
"Defined Pools:\n"
24205
" 1: Default\n"
24206
" 2: Scratch"
24207
msgstr ""
24208
24209
#: serverguide/C/backups.xml:833(para)
24210
msgid "Replace <emphasis>Sunday</emphasis> with the desired label."
24211
msgstr ""
24212
24213
#: serverguide/C/backups.xml:838(para)
24214
msgid "Now, select the <emphasis>Pool</emphasis>:"
24215
msgstr ""
24216
24217
#: serverguide/C/backups.xml:843(userinput)
24218
#, no-wrap
24219
msgid "1"
24220
msgstr ""
24221
24222
#: serverguide/C/backups.xml:842(computeroutput)
24223
#, no-wrap
24224
msgid ""
24225
"\n"
24226
"Select the Pool (1-2): <placeholder-1/>\n"
24227
"Connecting to Storage daemon TapeDrive at backupserver:9103 ...\n"
24228
"Sending label command for Volume \"Sunday\" Slot 0 ...\n"
24229
msgstr ""
24230
24231
#: serverguide/C/backups.xml:850(para)
24232
msgid ""
24233
"Congratulations, you have now configured <emphasis>Bacula</emphasis> to "
24234
"backup the localhost to an attached tape drive."
24235
msgstr ""
24236
24237
#: serverguide/C/backups.xml:858(para)
24238
msgid ""
24239
"For more <emphasis>Bacula</emphasis> configuration options refer to the "
24240
"<ulink url=\"http://www.bacula.org/en/rel-manual/index.html\">Bacula User's "
24241
"Manual</ulink>"
24242
msgstr ""
24243
24244
#: serverguide/C/backups.xml:864(para)
24245
msgid ""
24246
"The <ulink url=\"http://www.bacula.org/\">Bacula Home Page</ulink> contains "
24247
"the latest Bacula news and developments."
24248
msgstr ""
24249
24250
#: serverguide/C/backups.xml:869(para)
24251
msgid ""
24252
"Also, see the <ulink url=\"https://help.ubuntu.com/community/Bacula\">Bacula "
24253
"Ubuntu Wiki</ulink> page."
24254
msgstr ""
24255
24256
#. Put one translator per line, in the form of NAME <EMAIL>, YEAR1, YEAR2
24257
#: serverguide/C/backups.xml:0(None)
24258
msgid "translator-credits"
24259
msgstr ""
24260
"Launchpad Contributions:\n"
24261
" maxim(Feng Liu) https://launchpad.net/~feng.liu"
24262
24263
#~ msgid "sudo /etc/init.d/samba restart"
24264
#~ msgstr "sudo /etc/init.d/samba restart"
Loggerhead is a web-based interface for Breezy
Version: 2.0.1